PERSONAL DATA PROTECTION POLICY
The Company pays particular attention to protecting the personal data that you provide or that it collects.
The Company undertakes every effort to ensure the highest degree of protection of your personal data in accordance with current regulations, particularly the Data Protection Act 2018 and Regulation (EU) 2016/679 of 27 April 2016. SISLEY reserves the right to modify this Personal Data Protection Policy at any time without notice.
This document gives you a better understanding of how the Company protects your personal data.
We invite you to read this document before submitting your personal data.
1. THE CONTROLLER’S IDENTITY
The controller is the company SISLEY UK Ltd., a company incorporated and registered in England and Wales with company number 03499639 whose registered office is at 33 Foley Street, 5th Floor, London, W1W 7TL United Kingdom and with VAT registration number 719 0994 06 (hereinafter the “Company”).
2. WHAT PERSONAL DATA IS COLLECTED AND WHEN?
All information enabling you to be directly or indirectly identified is "personal data".
More specifically, the Company may collect, save, process, transfer, and use personal data relating to:
- Your identity (title, first and last name, address, telephone and/or mobile number, email address, date of birth, internal processing code enabling the customer to be identified).
- Managing orders and monitoring commercial relations (placing orders, subscribed service, billing, shipping, payment methods, fraud prevention, product returns, refunds, claims, after-sales service for purchased products, purchasing and services history, loyalty program, correspondence and after-sales service, exchanges and comments from existing and potential customers).
- Initiatives aimed at loyalty, finding potential customers, conducting studies, surveys, product tests and promotions.
- The contribution of people who submit their opinions on products, services, or content.
- The organisation and handling of contests, sweepstakes, and all promotional initiatives (participation date, answers given during the contests and type of prizes offered).
- Technical information (language, IP address) or browsing information linked to the device.
The Company may collect your personal data especially when:
- You visit the website www.neurae.com/en-GB (hereinafter the "Site");
- You subscribe to the Company's newsletters.
- You create your account on the Site.
- You place an order on the Site and answer customer satisfaction surveys.
- You write to the Company by mail, email, chat, or when you call. This correspondence may be kept by the Company to better monitor the relationship with you and improve its services.
- You give your opinion on products, services, or content.
- You participate in special initiatives (contests, sweepstakes).
- You share content on social networks such as Instagram, Facebook, Pinterest or Twitter using the hashtag #neurae or other hashtags that the Company’s offers.
How is the content you share on social networks handled using the hashtags we offer?
You can choose to use the hashtags we offer to tag your content on social networks such as Instagram, Facebook, Pinterest or Twitter. By using these hashtags, you acknowledge and consent that your content may appear on our Website and be used to link to our products or services. We remind you that the information you make public on social networks can be viewed, used and saved by other people around the world, and in particular in countries that do not have legislation guaranteeing adequate protection of your personal information, as defined in your country of residence. We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the terms and conditions of those social networks. We invite you to read them and refer to them regularly.
If you no longer want any of your content to appear on our Website, please remove them from the social network, stop using one of our hashtags or exercise your right to erasure in accordance to article 9 in cases where the Company is able to remove it.
When collecting personal data, the mandatory or optional nature of the data is indicated by an asterisk or other means.
3. WHAT ARE THE PURPOSES?
In general, your personal data helps the Company customise and continually improve your shopping experience on the Site. It is particularly intended for:
- Managing and tracking orders (lawful basis: contract), where applicable prevention, detection and management of fraud or unpaid debts (lawful basis: legitimate interests of the Company ).
- Managing and monitoring commercial relations (lawful basis: contract).
- Managing customer opinions on purchased products, services, and content (lawful basis: legitimate interests of the Company).
- Managing and monitoring customer accounts (lawful basis: contract).
- Managing the Company’s SMS or Newsletter subscriptions (lawful basis: consent).
- Conducting initiatives aimed at loyalty (lawful basis: contract), finding potential customers, promotions (lawful basis: consent) and customising various communications (digital, email, paper, sms) from the Company (lawful basis: legitimate interests of the Company).
- Conducting telemarketing campaigns (lawful basis: legitimate interests of the Company).
- Compiling sales statistics (lawful basis: legitimate interests of the Company).
- Managing the Company’s masterclasses (lawful basis: consent).
4. HOW LONG IS THE DATA KEPT?
In general, the Company keeps your personal data for a period of time that enables it to comply with all legal obligations in accordance with the provisions in force or for a period that does not exceed the duration of its commercial management or however long the purposes defined by the Company require.
So:
- Data establishing proof of a right or a contract or that is kept under a legal obligation is stored in accordance with the applicable provisions.
- Bank details are deleted once the transaction is completed or stored as evidence in accordance with the applicable provisions, unless you consent to use the "Saved payment cards" option to save your banking data in a secure, encrypted manner. In any case, the security code of your credit card is never kept.
- The data relating to your identity documents is kept for one year with regard to the right to access, rectification, restriction of processing, erasure, data portability or to object.
The Company is an international group headquartered in France and, for operational and technical reasons, we draw your attention to the fact that your data is stored for a period of three years from the last contact/purchase unless you object or request it be deleted.
At the end of this three-year period, we may contact you again to find out if you wish to continue receiving commercial offers. If you do not give an explicit, affirmative answer, your data will either be deleted, rendered anonymous, or archived in accordance with the applicable provisions
5. WHO ARE THE RECIPIENTS OF THE DATA?
Your data may be sent to c.f.e.b. SISLEY (France) and service providers that are selected for their expertise and on behalf of the Company to achieve the purposes it defines such as payment, delivery, marketing, or IT service providers
It may sometimes be passed on to the Company’s 's partners for purposes for example in the context of its use of social networks.
Under no circumstances does the Company sell your personal data to anyone.
In the context of a request from the authorities, SISLEY may be required to transmit your personal data in accordance with the regulations in force.
6. WHAT IS THE LEVEL OF CONFIDENTIALITY AND DATA SECURITY?
In accordance with best practices on the date hereof, the Company implements all the appropriate technical and organisational measures with regard to the nature of the data and the risks that its processing entails in order to preserve the highest security and the strictest confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorised third parties.
These measures may include but are not limited to: limited access to data, contractual terms when using service providers, security measures such as secure access, antivirus software, authentication process, firewalls.
Despite all of the confidentiality and security measures implemented by the Company , we draw your attention to the fact that communications via the internet are never totally secure. The Company therefore assumes no liability in case of a communication failure or any other case of unforeseen circumstances
7. WHAT PROTECTION IS THERE WHEN TRANSFERRING DATA OUTSIDE THE EUROPEAN UNION?
Your data may be transmitted to countries outside the European Union that do not have an adequate level of data protection for the purposes defined by the Company.
Before your data is transmitted to these countries, the Company will take all possible steps to obtain the necessary guarantees so your data is protected.
8. WHAT IS THE COOKIE POLICY?
To find out more about our cookie policy, please visit our cookie section: https://www.neurae.com/en-GB/use-of-cookies.
9. WHAT ARE YOUR RIGHTS?
In accordance with the regulation on personal data protection (particularly the Data Protection Act 2018 and Regulation (EU) 2016/679 of 27th April 2016), you have a right to access, to rectification, to erasure, to data portability, to restriction or to object to the processing of your personal data, and inform us of your instructions regarding the fate of your data after your death, by sending:
- An email through the "Contact us" section of the Site.
- A letter with a photocopy of your ID to the following address: SISLEY UK Ltd., 33 Foley Street, 5th Floor, London, W1W 7TL United Kingdom
You also have the right to file a claim withWhere the processing is based on your consent, you also have the right to withdraw this consent at any time without prejudicing the lawfulness of the processing based on this consent made before its withdrawal.
You also have the right to a complaint with the competent supervisory authority.