Privacy Policy


• Collection of your personal data
• Use of the data we collect
• Information that we share
• International transfers
• Information retention period
• Social media
• Your rights
• Links to third party sites and services
• Security and protecting your personal data
• Cookies
• Contact us

PRIVACY POLICY – DUOLAB UK

The entity responsible for processing your personal data under the conditions described in this privacy policy is Duolab UK Ltd, the registered office of which is at Capital House, 25 Chapel Street, London, United Kingdom, NW1 5DH (collectively referred to as "Duolab", "we", "us" or "our").

This privacy policy applies to the data that we collect when you use our website, www.duolab.com (our “Website”) and our application (our “App”) (together referred to as our “Sites”). This privacy policy describes the types of personal data that we collect from you and explains how we use, disclose, share and transfer the said data, as well as the choices available to you regarding our use of the said data. It also describes the measures that we take in order to protect the security of this data, and how you can contact us regarding our personal data protection practices. Please carefully read this privacy policy.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us by phone on 0800 358 0648, by email at info@duolab.com or by post at Capital House, 25 Chapel Street, London, United Kingdom, NW1 5DH.

We ask you to regularly review this privacy policy in order to remain up-to-date with any modifications to this policy, notably any that relate to the collection and purposes for the processing of your personal data.
________________________________________
COLLECTION OF YOUR PERSONAL DATA

Personal data, means any information about an individual from which that person can be identified or which relates to an identifiable person. It does not include data where the identity has been removed (anonymous data).

We use different methods to collect your personal data including:

• Direct interactions: you may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. Including when you:
o create an account with us;
o take a “selfie” photograph via our App or in our stores or concessions or otherwise provide us with your photograph;
o fill out a skin diagnosis questionnaire;
o register and take part in our events;
o register as a member and/or join our loyalty programme;
o make a purchase online;
o participate in a competition, draw, contest or promotional game;
o participate in a survey; or
o subscribe to our mailing list.
• Information collected through your use of our Sites: we will automatically collect information when you use our Sites, please see the Cookies section below for more details.
• Publicly available sources: we may collect your data from publically available sources, including publicly available content on social media platforms.
• Third parties: we work closely with other organisations who may provide us with your personal data, including:
o analytics providers such as, Google Analytics;
o advertising networks such as Google Ads, Bing Advertising, Facebook Ads (which includes Facebook, Instagram and WhatsApp)
o emailing platforms such as Klaviyo
o search information providers;
o technical, payment and delivery services; and
o data brokers or aggregators.

We may link and/or combine the personal data regarding you that we collect from the various devices that you use.

The types of personal data that we may collect include the following:

• Registration data: your name, mailing address, e-mail address, mobile telephone number or other number;
• Account data: your usernames, passwords and preferred language;
• Profile data: your date of birth, gender, race, ethnic origin, information about your health or biometric data, your beauty profile (such as skin and hair types), photographs, videos and other comments that you provide;
• Questionnaire data: data you provide when answering the skin diagnosis questionnaire.
• Purchase data: your purchase and returns history;
• Transaction data: payment card details, delivery address and invoicing address;
• Customer service data: surveys and comments collected by the customer service department and data exchanged with our customer service team;
• Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences;
• Technical data: your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Sites;
• Usage data: information about how you use our Sites, products and services and access our content; and
• Any other data that you may provide to us from time to time.

Aggregated Data

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
________________________________________
USE OF THE DATA WE COLLECT

We will only use your personal data when the law allows us to. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Why do we process your data? How do we use your data for these purposes? What are the legal bases for the processing?
To contact you with updates about the Duolab brand, the launch of Duolab and with more information about how you may become a Duolab brand ambassador We use your personal data, including your e-mail address, in order to contact you with updates about the Duolab brand, the launch of Duolab and with more information about how you may become a Duolab brand ambassador. We obtain your consent before processing your data for this purpose.
To create, register and manage your account We use your personal data, including your e-mail address and username, in order to create, register and manage your account, for example by providing you with a password when you ask us for one, and by verifying your identity when necessary. We use this data for this purpose in order to fulfil our legal obligations.

We use this data in order to fulfil the contractual obligations existing between us and you.
To provide you with a skin diagnosis and recommend the best products for you based on this We use your personal data, including “selfie” photographs taken via our App, in store or otherwise and answers to your skin diagnosis questionnaire, in order to provide you with a skin diagnosis and recommend the best products and services suited to your needs. When you visit our stores or concessions and use our skin diagnosis tool, we may email you the results of the diagnosis to recommend you the most suitable products. We use this data in order to fulfil the contractual obligations existing between us and you.

In some circumstances, on the bases of your specific consent.
To process orders, including payments, made via our Website We use data, including transaction data and registration data in order to process purchases of goods or services from us. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.
To deliver your order to you and process any returns We use your personal data, including your transaction data, to deliver your orders to you and process any returns you make. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.
To manage your customer opinions, comments, complaints and enquiries We use your personal data, including your e-mail address and username, to manage the opinions, comments, complaints and enquiries that you publish regarding our products. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.

If we do not have a contract with you, this processing is necessary so as to meet the legitimate interests of Duolab, namely better communicating with you and improving the quality of our products and services.
To communicate with you and answer any queries that you might have We use your personal data, including your contact details, in order to communicate with you and to respond to your queries. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.

If we do not have a contract with you, this processing is necessary so as to meet the legitimate interests of Duolab, namely our interest in communicating with you to resolve your queries.
To market, assess and improve our products and services (including developing new products and services, analysing our customer database, performing data analyses, accounting and auditing) We combine personal data, such as data provided by our customer service team, to assess and improve the products and services that we offer to you. This processing is necessary for the legitimate interests of Duolab in ensuring that we are able to continue to improve our products and services and provide high quality products and services.
To send promotional offers and other communications and information that we believe may be useful to you by means of e-mails, postal letters, telephone messages, SMS and push notifications. We use personal data, including contact details, information on purchases and your beauty profile, in order to provide you with communications that may be of interest to you. We obtain your consent before any processing of your data for these purposes.
With regard to postal correspondence, this processing is necessary for the legitimate interests of Duolab.
To develop and carry out targeted marketing campaigns as well as behavioural advertising, including by means of displays on third party applications installed on your device We use personal data, including contact details, information on purchases and your beauty profile, in order to provide you with communications that may be of interest to you. This processing is necessary for the legitimate interests of Duolab in ensuring that we provide you with relevant information about our products and services.
In some circumstances, on the bases of your specific consent.
To manage your participation in promotions, competitions, special events (such as contests, games, random draws, offers, surveys and market studies) and your participation in our loyalty programme We use your personal data to manage your participation in various promotions or special events, as well as the loyalty programme. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you (when you accept the terms of the contests, games or random draws, and when you accept the conditions for using the loyalty programme).

This processing is necessary for the legitimate interests of Duolab, namely in order to better prepare and carry out offers, surveys and market studies.
To document your preferences and habits regarding our products and services We use your personal data, including your interest in our products and your experience with them, in order to understand how you make the most of our products and services. This processing is necessary for the legitimate interests of Duolab, namely to know our customers better and provide you with the best service.
To analyse surveys or statistics in order to improve our Sites and our services We use your personal data, including customer service data, surveys and comments from the customer service department and data exchanged with our customer service team, in order to improve our Sites and our services. This processing is necessary for the legitimate interests of Duolab, namely to know our customers better and provide you with the best service.
To fulfil our obligations resulting from contracts or agreements existing between us and you We use your personal data so as to better meet your expectations, resulting from contracts or agreements existing between us and you. We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.
To ensure that the content of our Sites, our pages on social networks and our e-mail messages are presented in the most efficient possible manner for you, and to customise your experience by providing you with information and products that suit your needs We use personal data, notably related to your online activity, your browser and your operating system, to ensure that our Sites is properly displayed on your computer. This processing is necessary for the legitimate interests of Duolab, namely providing you with access to our Sites while improving your experience when you visit.
In some circumstances, on the bases of your specific consent.
To personalise our Sites and our advertising We compile data notably relative to the web pages that you view, in order to provide you with personalised advertising content. This processing is necessary for the legitimate interests of Duolab, namely in order to
make our Sites more attractive and relevant to you and to improve its content.
In some circumstances, on the bases of your specific consent.
To manage our Sites, including for security purposes, and combat fraud We use personal data, including data collected by cookies, in order to update and enhance our Sites and to combat fraud over the internet. This processing is necessary for the legitimate interests of Duolab, namely in managing, maintaining and improving our Sites such as to prevent fraud and combat any risk of fraud, while also ensuring the security of our Sites during your visits.
To conduct research and analysis of the efficiency of our marketing and advertising efforts We use personal data, including data that we may obtain from suppliers of external services, in order to understand the efficiency of our communication efforts. This processing is necessary for the legitimate interests of Duolab, namely in analysing the efficiency of our communication efforts so as to provide you with a more pleasant user experience that better meets your expectations.
To analyse how and how often you visit our Sites We use personal data, including data collected by cookies, to better understand how you use our Sites. This processing is necessary for the legitimate interests of Duolab, namely to analyse
your visits to our Sites to improve your experience during your future visits.
In some circumstances, on the bases of your specific consent.
To target the advertising and messages that we send to you, via third party advertising networks, including search engines such as Google, and social media such as Facebook We use data from social networks and third party networks that notably relate to demographic means linked to areas of interest and context as well as your online activities, in an isolated or combined manner. After compiling this data with other information that we have provided to them, you will receive advertising messages suited to your interests. This processing is necessary for the legitimate interests of Duolab, namely so as to know you better and to provide you with a more pleasant user experience that better meets your expectations.
In some circumstances, on the bases of your specific consent.

Special Category Personal Data

Special Category Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.

We will process your Special Category Personal Data where we are legally able to do so. Most commonly this will be where you have given us your explicit consent or where it is needed in relation to legal claims.

________________________________________
INFORMATION THAT WE SHARE

We do not disclose the personal data that we collect regarding you, except in the following cases:
• within the L’Occitane group worldwide, meaning with our subsidiaries and the company that ultimately controls us (“L’Occitane Group”);
• with service providers that provide services in our name or that help us with the maintenance and/or improvement of our Sites, the management of our loyalty programme, as well as with the distribution, improvement and/or marketing of the products and services that we offer to you, including the entities that process orders and provide the web hosting, information storage, suppliers of e-mail services, marketing services including direct marketing, research and analysis services as well as tag management services such as Google Analytics and Adobe Analytics. For more information on these analysis services and regarding your rights, please visit the Sites: Google Analytics: click here and Adobe Analytics: click here;
• with our professional advisers including lawyers, bankers, auditors and insurers;
• if we are required to do so by the law, or when bringing or defending a legal claim;
• with the police authorities, representatives of the government or other parties in response to a legal decision, judicial procedure or writ of summons;
• when we consider that this disclosure is necessary or appropriate in order to prevent physical damage or a financial loss or fraud possibly affecting you or us; to prevent or report illegal activity; to protect the property rights of any person, or the security of any person, including our own, or in application of our Terms and Conditions or of any other agreement between us;
• as part of the sale or a merger of all or part of our company and its assets to a third party, or as part of a business reorganisation or restructuring (including dissolution or liquidation). If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy; and
• when you provide your consent for this in another manner, or ask us to share your information with third parties.
We may share aggregated information that does not identify you and/or anonymous information, for our own commercial purposes or those of our partners, which notably includes the number of visitors to our Sites and the number of clicks on our advertising and/or e-mails.
________________________________________
INTERNATIONAL TRANSFERS

Your personal data collected by us may be transferred, stored and processed in any country or territory in which one or more subsidiaries of our group or a service-providing third party, agent or business partner is located, including other countries of the European Economic Area (EEA), Switzerland and the United States for the aforesaid purposes. Your personal data may also be processed by personnel members outside of the EEA.

When we transfer your information to a country outside of the EEA, we take one of the following measures in order to ensure the security of your personal data:
• ensuring an adequacy decision has been made by the European Commission in respect of the country to which we are transferring your personal data;
• for transfers of personal data to the United States, only transferring to organisations certified under the EU-US Privacy Shield self-certification mechanism; or
• we have put in place Standard Contractual Clauses approved by the European Commission which give personal data the same protection it has in Europe.
________________________________________
INFORMATION RETENTION PERIOD

Unless indicated otherwise, we will store your personal data for the time strictly needed in order to carry out the aforementioned purposes, in accordance with the applicable law. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some cases, we are required to retain data in order to fulfil our legal and administrative obligations. When we have no further need of the information, it is deleted from our systems or anonymised.
________________________________________
SOCIAL MEDIA

Please note that any content posted on our social platforms can be seen by the public. You should therefore be vigilant with regard to posting certain personal data on these platforms, such as any financial data, your address or any health problems. We cannot be held liable for actions taken by other persons if you post personal data on one of our social network platforms.
________________________________________
YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

• Request access to your personal data.
• Request any incomplete or inaccurate personal data that we hold about you to be completed or corrected.
• Request erasure of your personal data, where certain grounds have been established.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) providing that we do not have a compelling legitimate ground to continue to process it for that purpose.
• Object to processing where we are processing your personal data for direct marketing purposes.
• Request restriction of processing of your personal data, under certain conditions.
• Request the transfer of your personal data to you or to a third party, in certain circumstances.
• Where we are relying on consent to process your personal data, withdraw consent at any time.

You can exercise these rights by contacting us by e-mail or by postal letter at the addresses shown in the “Contact us” section below.

Updating your account details and marketing preferences

You can correct, update and delete the information in your online account as well as change your marketing preferences at any time, by signing in to your account and looking under “My Account”, or by contacting us using the details shown in the “Contact us” section below.

You can also change your marketing preferences and withdraw your consent for receiving direct marketing communications from us, at any time, by following the “Unsubscribe” link or the withdrawal instructions provided in our communications.

It can take a few days to process your unsubscribe request, and it is possible that you may continue receiving promotional or marketing e-mails or postal letters during this time. Please note, if you unsubscribe from receiving direct marketing messages this does not prevent us from providing you with other types of non-promotional messages, such as e-mail confirmations of transactions.


________________________________________
LINKS TO THIRD PARTY SITES AND SERVICES

Our Sites may provide links to other sites, applications and services other than the ones provided by Duolab, and that may be operated by third party companies. Please note that we are not responsible for the processing of your personal data by these third party sites, even if we provide a link to these sites. These companies may have their own personal data protection policies, and we strongly recommend that you read and examine them. Our products and services can also be offered to you through third party platforms or other third party channels. We decline any liability regarding the personal data protection practices of the sites, applications or services that are not provided by Duolab.

________________________________________
SECURITY AND PROTECTING YOUR PERSONAL DATA

We undertake to implement appropriate technical and organisational measures in order to protect your personal data against accidental or involuntary destruction, accidental loss, alteration, or any unauthorised disclosure, access or usage.

All transactions made on our Website are protected by Secure Sockets Layer (SSL) and Secure Data Encryption using a 1024-bit process to encode all personal data. This sophisticated encryption process ensures that prying eyes are unable to decode your personal data when it travels from your computer to ours, and from our computer to the bank's. Also, all credit card payments are processed in real-time for your security and immediate peace of mind.

You can tell whether your browser is in secure mode by looking for the padlock icon in the bottom corner of your screen or at the end of the address bar of your browser window.

Our Website uses security measures which protect any personal data that is stored on our servers and systems from unauthorised access or use.

However, as no data transmissions over the internet can be guaranteed to be 100% secure, we cannot take responsibility for any unauthorised access or loss of personal data that is beyond our reasonable control.

________________________________________
COOKIES
For more information about the cookies we use, please see the COOKIES part below.
________________________________________
CONTACT US

If you would like for us to update the information that we have regarding you or your preferences, notably if you wish to be removed from our distribution lists, to withdraw your consent, to object to the processing of your data, or if you have questions regarding the protection of your personal data, please contact us by phone on 0800 358 0648, by email at info@duolab.com or send a letter to the following address:

Duolab UK Ltd
Capital House
25 Chapel Street
London
United Kingdom
NW1 5DH

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Last updated: 10 February 2020

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

Strictly Necessary Cookies
These cookies are essential to make our platform work. They enable you to move around the platform and use its features. Without these cookies, services that are necessary for you to be able to use our platform such as accessing secure areas cannot be provided.

Functionality Cookies
These cookies allow us to remember choices you make and tailor our platform to provide enhanced features and content to you. For example, these cookies can be used to remember your user name, language choice or country selection, they can also be used to remember changes you've made to text size, font and other parts of pages that you can customise.

Analytical cookies
These allow us to see how our site is working, if there are any problems loading certain pages, recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Marketing cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can control the cookies set by changing your preferences when you visit our website. Cookies can also be controlled by your web browser settings. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies you may not be able to access all or parts of our website.