What does this privacy notice cover?
Oriflame have set forth this Privacy Notice to explain to you how we collect and use information from Prospect and Customers who have communicated, made contact or interacted with Oriflame and Brand Partner both in connection with online and offline products and services offered by Oriflame (please refer to Oriflame products and services' definition stated in Terms & Conditions for Customers for more details).
This privacy notice describes the Company's and Brand Partner's processing of your personal data and applies to data collected from you in response to posts and links shared via social media channels or otherwise and when you enquire to get more information on our products and services or further interact with Oriflame and the Oriflame Brand Partner.
This privacy notice is addressed to individuals aged 16 and above and children should not disclose any information through the linked form(s). To learn more about protecting children's privacy online and conditions applicable to child's consent in relation to information society services please visit https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm
You may be able to access other Oriflame and non-Oriflame related websites through the links offered from our sites from time to time. There might be different privacy policies applied to those websites and we recommend to review them prior to use or submitting any information.
References in this notice to the Company, we or us shall mean [insert company name and registered address].
References in this notice to a Brand Partner shall mean a brand partner (1) to whom you have provided your personal data for further contact purposes in relation to Oriflame products and/ or services or (2) whose communication (e.g. social media post, message, sms, email etc.) has been shared or made available for you and who will have access to your personal data in accordance with this privacy notice.
References in this notice to a Site(s) shall mean any Oriflame websites, mobile websites and applications where this privacy notice is posted including applications we make available on third-party sites or platforms.
For the purposes of applicable data protection law (including the General Data Protection Regulation 2016/ 679 (the "GDPR")), each of the Company and the Brand Partner are independent data controllers of your personal data and the Company is not responsible for the use of your personal data by the Brand Partners.
What personal data is collected?
The following categories of personal data will be collected about you in connection with this privacy notice:
1. Personal data collected from you: Depending on how you interact with Oriflame, the Company and/ or the Brand Partner collect the following data from you when you complete a form on the Site, place an online order for Oriflame samples, use other services offered by Oriflame via the Site (e.g. watch videos, tutorials, etc.) or otherwise communicate with the Company and/ or the Brand Partner (for example when calling or chatting with us):
- name*
- surname *
- phone number
- email address*
- delivery address*
The fields above which are marked with a (*) are mandatory fields – if you do not provide such personal data, the Brand Partner will not be able to effectively respond to your requests and the Company will not be able to fulfil the applicable purposes which are described below in this privacy notice. For example, if you do not provide your product delivery address, we may not be able to deliver your order to you.
2. Personal data collected about you:- The Company processes personal data related to your history of orders, shipment and delivery completion, for example, the items you have ordered, your product preferences, and information related to your Brand Partner reference and it shares some/ all of this data with the Brand Partner for the purposes of managing of their network.
- The company and the Brand Partner process personal data related to your communication and interaction with us, for example history of messaging with you, content of chats and emails sent to you.
- Further, with regard to each of your interaction with Oriflame and/ or the Brand Partner with the use of links provided to you by a Brand Partner, the Company will automatically collect the following data:
- technical information, gathered automatically when you use the Sites including the device-specific information, mobile network information, your mobile device number, ID number, IP address or other identifier, browser information, time-zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit to the Site, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to contact the Brand Partner; and
- information obtained from cookies, pixels, mobile software development kits (SDK), and related technologies that the Company or a third-party service provider places on the Sites – see below for more information.
- The Company processes personal and personally identifiable data necessary to analyse the effectiveness of the communication with you, for example number of opened links or emails, click-through rates, websites visited through shared links or products purchased.
How is your personal data used, and what is the legal basis for this use?
The Company and the Brand Partner each process the above personal data as independent data controllers. Each independently processes your personal data for the following purposes:
1. Company Processing
- Contractual Necessity:
- To provide services and products (as referred in Terms & Conditions for Customers) to you. This will include arranging the delivery or other provision of products, delivery tracking, providing customer services and communicating with you; As part of this Oriflame will use your personal or personally identifiable data to enable its vendors and contractors to provide and assist Oriflame in marketing and provision of such services and products to Oriflame, Brand Partners or Visitors.
- Legitimate Interests: As required by it to pursue its own legitimate interests, in particular:
- as required to respond to your inquiries, present you a solicited offer and satisfy your interest in Oriflame products or services. This will include providing relevant information on products, services or current Oriflame promotions and special offers both online and offline.
- to communicate with you (such as but not limited to informing you about the delivery status, order reminders, prompts);
- to ensure the effective management of the Brand Partner's networks (including enabling you to connect with the Brand Partner)
- to invite you to take part in market research or studies;
- to help it monitor, improve, administer and protect its products, content, services and Sites, both online and offline;
- to market its products effectively by personalising its Sites or its products and services for you, and to enable you to participate in interactive features of its Sites
- to send you marketing communication via post;
- to investigate and handle any complaints received from you about its Sites or its products and services;
- to monitor Sites and IT systems to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law; and
- to measure or understand the effectiveness of advertising it serves to you and others, and to deliver relevant advertising to you (including performance of consumer satisfaction and similar studies).
- Legal Compliance: To ensure compliance with applicable laws and the protection of the Company's legitimate business interests and legal rights, including, but not limited to, use in connection with accounting, billing, legal claims, compliance, regulatory, tax and investigative purposes (including disclosure of such information in connection with legal process or litigation).
- Consent: To use various enhancing tools, products or services offered by the Company, we may ask you for a specific consent.
- Direct Marketing: Subject to the following, the Company will use your personal data to send you marketing communication when you express - via a submitted Online Form - your interest to be contacted and get more information in relation to the Company's products and services. Direct marketing communications may be provided to you by email, sms and other instant messaging technologies. You will be able to withdraw consent to direct marketing at any time by following the instructions in the communication itself.
2. Your Brand Partner's Processing
- Contractual Necessity:
- to provide services and products requested by you (for example to complete delivery of products ordered by you) . This will include arranging the delivery or other provision of products, delivery tracking, providing customer services and communicating with you;
- Legitimate Interests: As required, to pursue his/ her legitimate interests, in particular:
- as required to respond to your inquiries, present you a solicited offer and satisfy your interest in Oriflame products or services. This will include providing relevant information on products, services or current Oriflame promotions and special offers both online and offline and otherwise to communicate with you.
- to ensure the effective management of the Brand Partner's networks (including, enabling you to connect with the Brand Partner);
- to respond to any of your comments or complaints you may send;
- to analyse sales performance (including the compiling of internal reports); and to enable Brand Partner's settlements with the Company
- to invite you to attend meetings or other events organised by a Brand Partner.
- Legal Compliance: To ensure compliance with applicable laws and the protection of your Brand Partner's legitimate business interests and legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation).
- Direct Marketing from a Brand Partner: Subject to the following, a Brand Partner will send you marketing communication when you express - via a submitted Online Form - your interest to be contacted and get more information in relation to the Company's products and services. Direct marketing communications may be provided to you by email, sms and other instant messaging technologies. You can object to receiving direct marketing from a Brand Partner at any time when you receive the communication by clicking on the relevant link or directly contacting a Brand Partner. The Brand Partner will be the data controller of your personal data for the purposes described above and will identify themselves and provide contact details when they contact you.
3. Automated decision-making and profiling
We do not use fully automated decision-making in order to provide our products or services to you. We do, however, process your data on a partially automated basis with the aim of evaluating certain characteristics of yours (profiling). We use profiling to provide you with tailored information and advise you regarding our products. This enables us to target appropriate communications and advertisements at you like recommending products and services that we think might be suitable for you.
Who will your personal data be shared with, and where?
The Company will share your personal data with:- Other Oriflame group companies, in particular with Oriflame Cosmetics AB, PO Box 1095, SE-101 39 Stockholm, Sweden; Oriflame Kosmetik Vertriebs GmbH, Hegau Tower, Maggistraße 5, 78224 Singen Hohentwiel, Germany; Oriflame Poland Sp. z o.o., ul. Wołoska 22, 02-675 Warsaw, Poland; Oriflame Software s.r.o., Ladova 389/10, Hejčín, 779 00 Olomouc, Czech Republic for group level analytics.
- Government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of its own legitimate interests in compliance with applicable laws; and
- Third party service providers and group companies, who will process it on behalf of the Company or the Brand Partner for the purposes above. Such third parties include, but are not limited to, providers of lead management, sampling and customer management Sites, couriers for delivery of your orders, customer service operations and marketing providers etc;
- Brand Partners if required for the purposes above or based on your contractual need to do so.
- In the event that the business is sold or integrated with another business, your personal data will be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business.
Where will your data be sent?
The Company intends to transfer (including store) your personal data to countries outside of [insert country name] and outside the European Economic Area (the "EEA") (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway) which may not provide the same level of protection as [insert country name] and those countries within the EEA, in particular: to India, the United States of America and Switzerland.
Where this is the case, and where the transfer is to a Company affiliate or vendor in a country that is not subject to an adequacy decision by the EU Commission, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 46 (2) of the GDPR). If you have any questions about the standard contractual clauses and / or would like to obtain a copy of them, please contact the Company's data protection officer at privacy@oriflame.com.
Cookies, Mobile SDK's & Analytics Tools
The Company may also collect personal data or non-personally identifiable information from you regarding your usage of our services or any interaction with us via the Sites. We do so to understand how visitors engage with our Sites. This may include collecting information on pages viewed, time spent using certain services, information collected through cookies or mobile SDK's and other information.
Cookies & Mobile SDK's (software development kits) are small files placed by a website or a mobile application on your mobile device or a computer's hard drive to distinguish you from other users. This helps us to provide you with a high quality experience when you interact with us through the linked forms, posts or any other shared information with the use of instant messaging technologies, and also allows us to improve the Sites used. We use cookies and mobile SDK's to analyze the flow of information; facilitate and enhance communication and interaction with the Sites, customize the services, content and advertising; measure promotional effectiveness; and promote trust and safety.
For detailed information, please read Oriflame Cookie Notice here.
We offer certain services that are available only through the use of cookies or mobile SDK's. Users are always free to decline cookies and mobile SDK's, although doing so may interfere with their use of the website or a mobile application.
The Company uses third-party data analytics (Google Analytics) to monitor performance of the Sites, personalize the content and optimize the Sites. This means that when you visit our Site your browser automatically sends certain information to Google. You will find the details on how the Google technology collects and processes data following this link https://www.google.com/policies/privacy/partners/.
Your rights
You are entitled to ask the Company and the Brand Partner:
- For a copy of your personal data (in a commonly used electronic form, if you make such a request electronically);
- To correct your personal data (if it is inaccurate, incomplete or not up-to-date);
- To 'port' your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
- To erase your personal data; or
- To restrict its processing (i.e. processing will temporarily stop (save to the extent that personal data will continue to be stored)).
You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where the Company and/ or the Brand Partner has asked for your consent to process your data, you are entitled to withdraw this consent.
These rights are limited in some situations – for example, where the Company and/ or the Brand Partner can demonstrate that it has a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
Where the Company and/ or the Brand Partner requires your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then the Company and/ or the Brand Partner will not be able to manage its contractual relationship with you, or to meet obligations placed on them. Above, we have described which data fields you are obliged to provide.
The Company and the Brand Partner hope that can satisfy any queries you may have about the way they process your personal data. If you have any concerns about how your personal data is processed, you can contact:
- the Company's data protection officer at privacy@oriflame.com. You may also contact us at the following address: [insert registered address].
- The Brand Partner using the contact details provided in each communication you receive from the Brand Partner.
If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority in the country of your habitual residence, place of work or of an alleged infringement of the data protection law.
How long your data will be retained?
The Company and the Brand Partner will keep your personal or personally identifiable data for as long as necessary to perform the purposes set out in this privacy notice, as may be required by law such as for tax and accounting purposes, or as otherwise communicated to you. Laws may require the Company and the Brand Partner to each hold certain personal data for specific periods. In other cases, the Company and the Brand Partner will each retain data for an appropriate period after any relationship with you ends to protect itself from legal claims or to administer its business.
Prospect Customers Data Retention Periods
Personal data provided via a website or mobile website Form | For a period not exceeding 1 year from the date of submitting the Form |
Orders, order delivery & tracking reports | Duration of relationship with Oriflame and for a period not exceeding 1 year |
Information related to your orders including: history of orders, analysis of preferences, satisfaction surveys | Duration of relationship with Oriflame and for a period not exceeding [2] years following the last order. |
Communications with Oriflame, (including chats, telephone recordings, SMS's and any other Customer Services; ). | For a period not exceeding [2] years from the date of the communication. |
Information related to providing you with direct marketing including monitoring effectiveness of marketing communication with you. | Duration of relationship with Oriflame, until you object to receiving marketing communication but not longer than 1 year following the last order. |
Cookies and/ or personal data collected via cookies or similar technologies | According to Cookie policy up to 2 years after your visit to our Site. |
Data necessary to resolve claims, data subject requests and any other disputable issues. | For as long as necessary to resolve the issue and according to legal regulations. |
Data processed based on your consent. | Until the consent is withdrawn. |
Data processed based on the Company's legitimate interest. | Until you do not object for such processing. |
Changes to this privacy notice
Any changes we may make to the privacy notice in the future will be posted by publishing a new version of this privacy notice with a new effective date The amendments will also be available at our premises.