This website www.matrixhaircare.co.uk is owned and run by L’Oréal (U.K.) Limited (“L’Oréal” or “We”).
OUR PRIVACY PROMISE
1) We respect your privacy and your choices.
2) We make sure that privacy and security are embedded in everything we do.
3) We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
4) We will never sell your personal data.
5) We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.
6) We are committed to being open and transparent about how we use your personal data.
7) We will not use your personal data in ways that we have not told you about.
8) We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.
For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.
Note that all of the information set out below may not apply to you. We have explained below an overview of all possible situations in which we could interact together, and one or more of these may apply to you depending on how you have interacted with us For example, if you have not provided us with a photo for your account, then these details will not apply to you. Similarly, if you have not created a Professional Account, then that information will not apply to you.
Please note that you must be at least 13 years old or older to use our services, or older where the terms for a specific service require this.
WHO WE ARE
L’Oréal (UK) Limited is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.
Please see the “Contact Us” section for our contact details.
L’Oréal represents several different brands and products. For more information on L’Oréal, and the brands it represents, please see http://www.loreal.co.uk/.
L’Oréal is part of the L’Oréal Group, which operates in 140 countries around the world. For details on the L’Oréal Group, please see http://www.loreal.com/group.
WHAT IS PERSONAL DATA?
“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT?
You, the consumer, are our priority. You drive what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy.
At L’Oréal, our ambition is to build relationships based on transparency and mutual trust.
We know that many of you love interacting with us and because of this, there are many ways that you might share your personal data with us, and ways that we might collect it.
How do we collect or receive your personal data?
We might collect or receive personal data from you via our websites, forms, apps, devices, L’Oréal products or brand pages on social media or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores), sometimes we collect it (e.g. using cookies to understand how you use our websites and apps) or sometimes we receive your personal data from other third parties, including other L’Oréal Group entities (e.g. when you mention L’Oréal products or services on non-L’Oréal pages (e.g. social media platforms) or smart devices (e.g. voice assistant platform providers)).
In the paragraphs below, we explain:
1) In what context is your personal data collected? This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.
2) What personal data may we hold about you? This column explains what types of personal data we may collect when you take part in a particular activity.
3) How and why we use it? This column explains what we do with your personal data, and the purposes for collecting and using it.
4) What is our legal basis for using your personal data? Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data.
The legal basis for the processing of your personal data can be:
The section below sets out which legal basis we rely on when processing your personal data for each context.
When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:
If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.
In which context is your personal data collected?
Where your personal data are collected during the creation or management of an account on L’Oréal websites/apps, through a social media login or in store.
Where your personal data are collected when you subscribe to receive our marketing communications.
Where your personal data are collected during the purchase process made on L’Oréal website/apps, in store or on voice assistant platforms.
Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse L’Oréal website/apps or on third-party website/apps where we have cookies.
For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app.
*cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oréal Group’s websites.
Data related to your use of our websites, including:
You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.
Please note that we only track your navigation on the website/app (e.g., mouse movements) to ensure our websites/apps function properly, for troubleshooting, and to improve user experience, as explained above. We do so in a way that does not identify you and use encryption mechanisms to ensure that the personal data provided on the website/app is always masked and never recorded.
Where your personal data are collected from your activity on social media platforms.
For more information on how your personal data may be shared with Facebook and Google, please see the respective sections under “We may disclose your personal data to our partners” below.
We may get information you publicly post on social media platforms and use it to better understand how consumers view our products/services and interact with us. For example, we may use public posts to identify beauty trends. Where possible, we do this in way that we are unable to directly identify you.
We may also collect your personal data when you mention us on social media platforms. The personal data we collect may include:
If we want to re-use any content you post on social media platforms, we will always ask your permission first (see ‘User Generated Content’ below).
Where your personal data are collected during a competition, game, contest, promotional offer, sample request, survey etc.
Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites/apps/social media platforms, or accept our re-use of any content you posted on social media platforms.
Where your personal data are collected as part of your use of our websites/apps and/or devices (for example when you provide your personal data when completing online forms or trying on our products virtually via our apps).
Where your personal data are collected when you ask questions relating to our brands, our products and their use, or your purchases, account or rights.
Where your personal data are collected when you visit a store.
Automated Decision Making
Automated decision making means the ability to make decisions using technology, without human involvement.
We may use automated decision making techniques for the purposes of securing transactions placed through our websites/apps and/or devices against fraud. In addition, we may use a third party provider’s solution to protect our systems, assets etc. against fraud.
The method of fraud detection is based on a number of different data prediction and data intelligence techniques that may change over time, to keep up with technological advancement. These may include, for example, simple comparisons, or association, clustering, prediction and outlier detections using intelligent agents, data fusion and data mining techniques. This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person. In all cases, we take all reasonable precautions and safeguards to limit access to your data.
As a result of automatic fraud detection, you may: (i) experience a delay in the processing of your order/request whilst we review your transaction; and/or (ii) be limited or excluded from using a service if a risk of fraud is identified.
You have the right to access the information on which we base our decision. Please see “Your Rights and Choices” section below.
When we send or display personalised communications or content, we may use a technique known as “profiling” (or “insights”). This means any form of automated processing of personal data to evaluate certain personal aspects about an individual, in particular to analyse or predict aspects concerning their personal preferences, interests, economic situation, reliability, behaviour, location, or movements.
This means that we may collect personal data about you in the different scenarios mentioned in the section above, and use this data to analyse, evaluate, or predict your personal preferences, interests, behaviour and/or location.
Based on our analysis, we may send or display communications and/or content specifically tailored to your interests and/or needs.
We ensure that we have an appropriate legal basis to process your personal data when conducting profiling activities (e.g., consent). You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.
Who may access your Personal data?
First, we want to be clear that we do not sell your personal data.
We may share your personal data within L’Oréal
L’Oréal represents several different brands and products. For more information on L’Oréal, and the brands it represents, please see http://www.loreal.co.uk/.
Your personal data may be accessed within L’Oréal. Where appropriate, we may share your personal data between our brands to harmonise and update the information you share with us, to tailor our communications based on your preferences, and to run analytics and perform statistics. Where you have opted in to receive communications from all L’Oréal brands, rather than one or two specific brands, your personal data may also be shared within L’Oréal.
We may share your personal data within the L’Oréal Group.
Your personal data may be accessed by the L’Oréal Group. This means that we may share your personal data across the L’Oréal Group, which includes our ultimate parent company and its subsidiaries. Access will always be controlled on a need-to-know basis, and only provided where it is necessary to provide you with requested services or to allow us to perform any necessary or legitimate functions.
We may also share your personal data in a pseudonymised way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.
Where permitted, we may also share some of your personal data, including data collected through cookies, between brands to harmonise and update information you share with us, to perform statistics based on your characteristics and to tailor our communications to you.
We may share your personal data for marketing purposes with third parties or L’Oréal Group entities.
Your personal data may also be processed on our behalf by our trusted third party suppliers.
We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with will keep your personal data secure. For example, we may entrust services that require the processing of your personal data to:
The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; and (v) use appropriate suppliers.
We may also disclose your personal data to third parties:
We may disclose your personal data to our partners:
Information that Facebook collects and shares with us
Where we Store your Personal data
The personal data that we collect from you may be transferred to, accessed from, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
For further information, please contact us as per the “Contact” section below.
How Long Do We Keep Your Personal data
We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.
To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:
In particular, we retain certain personal data for the following periods:
When we no longer need to use your personal data, it is removed from our systems and records, or anonymised so that you can no longer be identified from it.
Is Your Personal data Secure?
We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.
We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As no transmission of information via the internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site although. Any transmission is therefore at your own risk.
Links to Third Party Sites and Social Login
Our websites/apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you share any personal data with these websites.
Social Media and User Generated Content
Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.
Your Rights and Choices
L’Oréal respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:
The right to be informed
The right of access
What does this mean? You have the right to access any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing such access but only where permitted by law (e.g. where your request is manifestly unfounded or excessive).
The right to rectification
What does this mean? You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data via your “My Account” function.
The right to erasure/right to be forgotten
What does this mean? In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.
The right to object to direct marketing, including profiling
What does this mean? You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking on the “unsubscribe” link in any email or communication we send you or follow any other opt-out instructions communicated to you. In circumstances where you have the right to object to profiling you should contact us using the details below.
The right to withdraw consent at any time for and personal data processing based on consent
What does this mean? You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this does not affect the lawfulness of our processing before your withdrawal. Please see the section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent.
The right to object to processing based on legitimate interests
What does this mean? You may object at any time to our processing of your personal data when such processing is based on our legitimate interests. Please see the section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on legitimate interests.
The right not to be subject to a decision based solely on automated decision-making which produces legal effects or similarly significant effects
What does this mean? You may have the right not to be subject to such type of automated decision-making about you, unless: (i) you gave us your explicit consent to use your personal data to make our decision; (ii) we are allowed by law to make our decision; or (iii) our automated decision was necessary to enable us to enter into a contract with you.
The right to lodge a complaint with a supervisory authority
What does this mean? You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority as we will always seek to resolve your complaint in the first instance.
The right to data portability
What does this mean? You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. Please see the section “what personal data do we collect from you and how do we use it” specifically the column “What is our legal basis for processing your personal data?” to see where/when our processing is based on consent or the performance of a contract.
The right to restriction
What does this mean? This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further. It applies in the following limited circumstances set out in the General Data Protection Regulation:
The right to turn on/off cookies
What does this mean? The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust it by changing the settings of your browser or, where available, by using the tools on our websites.
Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites.
If you wish to manage your preferences regarding the cookies which are set by our websites, please use the tool available on the particular website (if applicable), or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following links:
How can I exercise these rights?
For more information, or to request any of the rights noted above, please contact us on the details set out below.
Note that we may require proof of your identity and full details of your request, before we process any request(s).
If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at [email protected] or by writing to us at:
Data Protection Officer
L’Oréal (UK) Limited
255 Hammersmith Road
If you would like to get in touch with our Data Protection Officer, please contact us at [email protected].