PRIVACY POLICY
NAOS SOUTH AFRICA PROPRIETARY LIMITED - BIODERMA
Just like your skin, respect for your privacy is one of our priorities. When you visit our website or purchase our products, you may send us personal information, directly or indirectly. Your personal information is precious; it is part of your privacy.
Bioderma (Naos South Africa) therefore undertakes to collect and process your personal information in a transparent, fair and lawful manner.
We invite you to carefully read this Privacy Policy (hereinafter the "Policy"). Here you will find all the information about the personal information we collect, how we use it, how long we retain it, how we protect it, what rights you have, etc.
Our Policy may be updated or modified, depending on the evolution of our services, tools and regulations. As the changes take effect immediately, we invite you to consult it regularly.
1. Which personal information is covered by the Policy?
This Policy applies to all personal information that you communicate to us or that we collect, directly or indirectly, in particular when you browse our website https://www.bioderma.co.za (hereinafter the " Website") or on the occasion of the purchase of Bioderma (Naos South Africa) products.
Personal information is information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person. This includes, for example, your name, e-mail address, phone number, but also information on your consumption habits, your skin type, etc.
2. What is the legal basis for our processing of personal information?
The processing of personal information that we carry out as part of our activities may have several legal bases:
- Consent: where you have freely given us clear consent to process your personal information.
- Legitimate interests: we need to collect your personal information to get to know you better in order to offer you personalised offers and services, ensure the security of our Website and improve our content, with the aim of protecting both of our legitimate interests.
- The execution of a contract: the collection of your information when it is necessary to carry out actions for the conclusion or performance of a contract to which you are party and/or when you subscribe to one of our online services (e.g. participation in a promotional offer, etc.).
3. For what purpose do we collect your personal information?
We collect your personal information for legitimate and specified purposes. Thus, we collect and process your personal information, in particular to:
- offer you services and offers on our Website;
- improve the operation and content of our Website and our services, in order to better meet your needs and requests;
- ensure the security of our Website and our services;
- get to know you better and segment our consumer databases, according to your needs, to send you personalised information, advice and offers;
- answer your questions and provide you with personalised advice, particularly in the context of our consumer service, through the contact form on our Website, social networks, telephone, etc.;
- collect your opinion on our products and services;
- carry out audience analysis and statistical studies, for example in order to know and measure the number of visits to our Website, the activity and path of Internet users on our Website, the effectiveness of our promotional offers, etc.;
- manage cosmetovigilance (management of declarations related to the adverse effects of our products, carrying out studies and work on the safety of use of our products, carrying out and monitoring corrective actions taken if necessary);
- carry out satisfaction surveys on our products and services;
- perform product tests;
- conduct contests;
- carry out targeted communications (we analyse the personal information that you have communicated to us in order to assess your personal preferences, needs and or interests, and thus display and or offer you suitable content);
- send you information about our products, services and activities, including by post, or by email and or SMS / MMS, if you have consented;
- perform targeted advertising on social networks, search engines, etc.;
- manage and animate our consumer, customer and prospect databases, in particular by offering you services intended to get to know you better in order to provide you with personalised advice and offers, responding to your areas of interest; and
- detect fraudulent behavior and manage disputes.
4. What and when is personal information collected and for how long is it kept?
The personal information we collect, can be collected either:
- directly from you, for example, when you complete our forms on our Website; or
- indirectly, for example, via our partners (e.g. advertising management, essential enrichment, etc.).
The table below tells you when your personal information is collected, what information is collected, as well as their retention periods:
Time of collection
Categories of information collected
Retention period
Legal basis
You browse our Website
We collect:
- Your technical data for connection and navigation (e.g. your IP address, information about your browser, information about your device, pages visited, duration of your visit, etc.)
For more information, see our Cookie Policy.
13 months from the date of collection during your navigation.
Legitimate interest /
Consent
You subscribe to our newsletter
We collect:
- Your identification information as provided by you (e.g. surname, first name, postal address, e-mail address, etc.);
- The information you agree to communicate to us (which may contain information relating to your health, skin colour, habits of consumption, etc.);
5 years from the date of collection or last contact from you.
Consent
You write via our social networking pages
We collect:
- Identification information as provided by you (surname, first name, etc.);
- Your profile on social networks;
- The content of your messages (which may include information relating to your health, skin colour, consumption habits, etc.).
3 years from the date of collection or last contact from you.
Legitimate interest /
Consent
You contact our Consumers Service or our advisers by email, phone, mail
Depending on your request and the channel, we collect:
- Your identification information as provided by you (e.g. surname, first name, postal address, e-mail address, etc.);
- The information you agree to communicate to us (which may contain information relating to your health, skin colour, habits of consumption, etc.);
3 years from the collection or last contact from you.
Legitimate interest /
Consent
You participate in a game or contest
We collect:
- Your identification details as provided by you (e.g. surname, first name, postal address, email address, nickname, phone number, etc.).
Time required to manage the game.
Completing a contract
You participate in a product test or a satisfaction survey
The information we collect depends on the purpose of the survey or test.
We can collect including:
- Your identification information (name, surname, age, etc.);
- Information relating to your health (e.g. pathology related to your skin);
- Your family situation,
- Information relating to your skin colour (e.g. phototype), etc.
Duration required to complete the test or survey and to interpret the results.
Consent /
Legitimate interest
You declare a case of Cosmetovigilance
We collect:
- Your identification information (e.g. surname, first name, postal address, e-mail address, etc.);
- The reason and the content of our exchanges;
- Information relating to your health or your skin colour, if you decide or agree to communicate them to us;
- Bank or financial information (e.g. IBAN in case of refund, etc.).
Duration required by law.
Legal obligation
During each collection, certain personal information must be provided in order to benefit from the services offered. The other sets of personal information, while not mandatory, allow us to know you better, for example to offer you adapted offers.
We respect the principle of data minimisation. We take reasonable steps to ensure that the personal information is updated for the purposes for which it was collected (if necessary), so that it does not become obsolete.
We define the retention period of your personal information according to the duration necessary to achieve the purposes for which the personal information was collected. As soon as reasonably practicable after these purposes are met, we destroy, delete or de-identify your personal information, except in certain cases where we are required by law to keep it. In these cases, your personal information is archived under the conditions provided by law.
5. How do we collect personal information from minors?
Our Website is not directed at minors, thus, we do not knowingly collect personal information from persons under the age of eighteen. However, our Website is accessible to anyone, major or minor.
As a safeguard, the additional prior consent of the holder of parental authority or competent person is required for persons under the age of eighteen who subscribe to our services or who provide us with personal information concerning them.
6. The case of third-party websites
On our Website, you can connect via your social network profiles, click on links to our social networking pages, etc.
Social networks (Facebook, Instagram, Twitter, YouTube, etc.) may collect personal information about you. You will find below the links to the privacy policies of these main social networks. To ensure the security of your personal information, we invite you to consult the privacy policy of these websites.
• Facebook: https://en-gb.facebook.com/privacy/explanation/
• Instagram: https://en-gb.facebook.com/help/instagram/155833707900388
• Twitter: https://twitter.com/en/privacy
• YouTube: https://policies.google.com/privacy?hl=en-GB&gl=zz
You also have the option to publish content on our pages. We remind you that any content transmitted via our pages is accessible to the public. Concerned about the protection of your privacy, we invite you to be vigilant when you communicate your personal information on social networks. We are not responsible for the use that may be made by third parties of your personal information that you have communicated publicly.
We remind you that we may collect the content you publish on our pages, to know you better and to segment our consumer databases.
7. Cookie management
We may be required to deposit and use cookies when browsing our Website, in particular to improve our content and the operation of our services.
As part of the protection of your privacy, we invite you to consult our Cookie Policy [(insert link to Cookie Policy)] to obtain information on these cookies and set their operation.
8. Who are the recipients of your personal information?
We may be required to transmit your personal information to the following companies, structures and or persons involved in the fulfilment of the purposes described in paragraph 3 above:
- Employees of NAOS Group companies who need to process the personal information collected for the purposes explained above;
- Our subcontractors and service providers, for example to send you commercial solicitations when you have consented, to host our consumer databases, etc.;
- Google, to measure the audience on our Website; and
- Social networks, to know your activity on our pages, your consumption habits etc.
We select subcontractors, service providers and suppliers who provide sufficient safeguards to ensure the protection, security and privacy of your personal information, including the implementation of appropriate technical and organisational measures that meet the requirements of the law. They are only allowed to process your personal information according to our instructions.
Your personal information may also be communicated to the administrative or judicial authorities at their request, as well as to third parties or authorised recipients to comply with a legal obligation or for the exercise of legitimate interests.
9. How do we ensure the security of your personal information?
We undertake to use reasonable means to ensure that your personal information is sufficiently protected, taking into account the sensitive nature of certain information collected. We use a variety of technologies and procedures to ensure that your personal information is treated in a manner that protects it against unauthorised loss, destruction, alteration, disclosure, or access, whether unlawfully or accidentally. In the event of a security compromise, where there are reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, we will notify you in writing as soon as reasonably possible, to the extent required.
We implement measures that respect the principles of protection from the design stage and, by default, the personal information processed. As such, we are able to use information anonymisation techniques whenever possible and or necessary.
We demand an equivalent level of security from our subcontractors. For example, we or our subcontractors store your personal information on computer servers located in controlled locations and whose access is limited.
10. Where do we store your personal information?
The personal information that we collect from you may be transferred to, and stored in South Africa and may also be transferred to and stored in a destination outside the jurisdiction in which you are primarily located, namely the European Union. It may also be accessed and processed by staff operating outside your jurisdiction and who work for us or for one of our service providers.
We will take all steps reasonably necessary to ensure that your personal information is secured and treated in accordance with this Policy and applicable data protection laws by the party receiving your personal information outside your jurisdiction, so that your personal information is afforded an adequate level of protection.
10. How can you exercise your rights?
In accordance with the laws in force, you have the right to:
- access information concerning you;
- correct your information;
- request the destruction or deletion of your personal information for legitimate reasons;
- object to the processing of your personal information for legitimate reasons; and
- lodge a complaint with the Information Regulator by email to complaints.IR@justice.gov.za, or by post to the following address:
33 Hoofd Street, Forum III, 3rd Floor Braampark (P.O. Box 31533), Braamfontein, Johannesburg, 2017.
Under applicable law in South Africa, in certain circumstances, you also have the right to object to the processing of your personal information in the prescribed manner, on reasonable grounds relating to your particular situation, unless legislation provides for such processing. You also have the right to object to the processing of your personal information for the purposes of direct marketing.
You may exercise these rights at any time by email, via our contact form (https://www.bioderma.co.za/contact-us?you_are=private_individual) or by post to the following address:
NAOS SOUTH AFRICA PROPRIETARY LIMITED
Unit 5, Ridgeview Office Park, 248 Kent Avenue, Ferndale, Randburg 2194, South Africa
Please note - any request for access to records held by us must in the prescribed form in accordance with the Promotion of Access to Information Act, 2000 (https://www.justice.gov.za/forms/form_paia.htm). Similarly, objections to the processing of personal information, or requests for correction, deletion or destruction of personal information, must be made in the prescribed forms as published in the regulations to the Protection of Personal Information Act, 2013 (https://www.justice.gov.za/legislation/notices/2018/20181214-gg42110-rg10897-gon1383-POPIregister.pdf). We will endeavor to reply to you within one month of receiving your request or objection.
We reserve the right not to respond to requests that are manifestly unfounded in accordance with South African or European regulations. The person concerned will be informed of any refusal formulated by us.
For more information, please consult the following link:
11. How to contact the Information Officer?
We have appointed an Information Officer who can be reached at the following address: info-bioderma@za.naos.com, or by post at the following address:
NAOS SOUTH AFRICA PROPRIETARY LIMITED
Unit 5, Ridgeview Office Park, 248 Kent Avenue, Ferndale, Randburg 2194, South Africa
The Information Officer is available to provide any necessary information regarding the Policy.