Privacy policy

1. INTRODUCTION

WAAM takes the utmost care to protect the personal data it collects, and considers the protection of personal data to be of fundamental importance to the operation of its business. The personal data we collect is protected and processed with the utmost care, in compliance with the regulations in force and in application of the provisions of Law No. 78-17 of January 6, 1978 on data processing, data files and individual liberties and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "RGPD").

This privacy policy is intended for people outside our organization with whom we interact, including visitors to our website https://waamcosmetics.com/en/ (hereinafter referred to as the "Site"), our prospects, our customers, our partners or candidates (together, "you").

As part of our commitment to protecting your personal data in a transparent manner, we would like to inform you:

• Categories of personal data collected and processed by WAAM ;
• How and for what purposes WAAM collects and processes your personal data ;
• The legal basis for processing your personal data ;
• Categories of recipients of your personal data ;
• Your rights and our obligations in relation to such processing.

2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?/h6>

The company responsible for processing your personal data is DIECE, a Société par Actions Simplifiée (SAS) registered in the Evry Trade and Companies Register under number 533 846 143, whose registered office is located at 23 Avenue du Garigliano, Bâtiment 6, 91600 Savigny-sur-Orge (hereinafter referred to as "WAAM" or "we", "us" or "our").

3. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSES ?

WAAM only collects and processes personal data about you for which it has a legal basis. Legal grounds include your consent (where you have given your consent to the processing of your data), the performance of a contract (where the processing of data is necessary for the performance of the contract entered into between WAAM and yourself), compliance with a legal obligation, and WAAM's "legitimate interests".

As data controller, WAAM collects and processes the following data for the purposes detailed below:

• Newsletter registration, loyalty program, promotional offer management:
  - Identification data: marital status, surname, first name.
  - Contact details: email address.
• Customer relations, accounts receivable and order management :
  - Identification data: marital status, surname, first name, date of birth (optional).
  - Contact data: e-mail address, postal address, telephone number.
  - Order data: payment data, billing data, delivery data (address, incident, date, etc.).
• Website management and audience measurement:
  - IP address, browser type, language, operating system, device information (including application and device identifiers), referring web page, pages visited, location and other information collected by Cookies (depending on the permissions you have granted us).
• Management of unsolicited applications and recruitment :
  - Identification data: civil status, surname, first name, age/date of birth.
  - Contact data: e-mail address, postal address, telephone number.
  - Data relating to the application: position held, level of experience, field of activity, professional background and all personal data appearing on the CV, cover letter or any other document to which WAAM may have access in connection with the application.
• Management of requests received via the contact form :
  - Identification data: marital status, surname, first name.
  - Contact details: email address.
  - Subject of your request, content of your message.
• Cosmetovigilance :
  - Data identifying the person exposed to the adverse event: data enabling the person to be identified indirectly (age, sex, skin type, etc.), unless the person exposed to the adverse event is also the person reporting it. In this case, direct notification of the adverse event by the person exposed lifts the secrecy of his or her identity.
  - Identification and contact details of the person reporting the adverse reaction: surname, first name, email address, postal address, telephone number, healthcare professional's specialty (if applicable).
  - Cosmetovigilance data: data relating to the identification of the product concerned by the adverse reaction report (product type, batch number, etc.), health data (nature of the adverse reaction(s), treatments administered, history, risk factors, skin type (sensitive/non-sensitive), information relating to the use of the product concerned).

The mandatory or optional nature of the data you provide is indicated at the time of collection.

4. TO WHICH CATEGORIES OF RECIPIENTS WILL YOUR DATA BE TRANSMITTED ?

WAAM guarantees the confidentiality of your personal data. The personal data we collect is intended for us in our capacity as data controller. It may be communicated to the categories of recipients listed below for the purposes set out in this privacy policy. These operations are carried out on the basis of instruments that comply with the applicable regulations and are capable of ensuring the protection of your personal data and respect for your privacy.

Thus, for the purposes set out above, WAAM may share your personal data with third parties, but only in the following cases:

• WAAM may use service providers, agents or suppliers to provide technical services. These third parties must at all times guarantee high levels of security with respect to your personal data and are bound, where applicable, by a legal agreement under which they are required to maintain the confidentiality and security of your personal data, and to process it solely in accordance with WAAM's instructions ;
  
  WAAM does not transfer your data outside the European Economic Area (EEA). However, should this occur, WAAM will put in place contractual mechanisms and binding legal processes to legally transfer personal data beyond the borders of the EEA zone and secure these data flows ;
• WAAM may bring your personal data to the attention of certain of its employees, who are also subject to an obligation of confidentiality, and only for the purposes mentioned above ;
• In the event of a merger or acquisition of WAAM, in whole or in part, by another company, or if WAAM were to sell or transfer all or part of its business, the acquirer would have access to information collected by WAAM, including personal data, subject to applicable laws. Similarly, personal data may be transferred in the event of corporate restructuring, insolvency proceedings or any similar event, if permitted by and in accordance with applicable law ;
• WAAM may also disclose your personal data when legally obliged to do so to legally authorized authorities in order to meet its legal, regulatory or contractual obligations, in particular its cosmetovigilance obligations to the French National Agency for the Safety of Medicines and Health Products (ANSM).

In all cases, WAAM will make its best efforts to ensure the confidentiality and security of personal data processed during their transmission to the aforementioned entities.

5. HOW LONG DO WE KEEP YOUR DATA ?

The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. The length of time we retain personal data varies and is determined by various criteria, including :

• the purpose for which we use it: WAAM must retain data for the period necessary to fulfil the purpose of the processing; and
• legal obligations: legislation or regulation may set a minimum period for which we must retain personal data.

We organize our data retention policy according to these criteria and will be happy to answer any questions you may have.

Furthermore, your data will be kept until you request its deletion. In the event of a deletion request, all your data will be definitively deleted within thirty (30) days of your request, insofar as such deletion is authorized by the regulations in force.

6. WHAT RIGHTS DO YOU HAVE TO YOUR DATA ?

Your right to information - This privacy policy informs you of the identity of the data controller, the purposes and legal bases for which your data is processed, how long your data is kept and the recipients or categories of recipients with whom your personal data is shared, as well as your rights. If we decide to process data for purposes other than those indicated, you will be provided with all the information relating to these new purposes.

Your right to access and rectify your data - You have the right to access your personal data held by us. You can also ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.

Your right to erasure of your data - You may ask us to delete your personal data in the cases defined by law.

Your right to limit the processing of your data - You may request the restriction of the processing of your personal data in the cases provided for by law.

Your right to object to the processing of your data - You have the right to object to the processing of your personal data for reasons relating to your particular situation. However, the exercise of this right will not be possible where there are legitimate and compelling reasons for the processing of your data under the law or regulations, and in particular, for example, in the context of compliance with our obligations in terms of cosmetovigilance or for the establishment, exercise or defense of legal claims.

Your right to data portability - You have the right to the portability of your personal data where permitted by law. As such, you can ask us to transfer your data to another organization or to communicate them to you.

Your right to withdraw your consent - Where the processing of data by us is based on your consent, you may withdraw it at any time. We will then cease to process your personal data without affecting any previous operations for which you have given your consent.

Your right to appeal - You have the right to lodge a complaint with the CNIL or any other supervisory authority.

Your right to define post-mortem directives - You have the possibility of defining directives concerning the conservation, deletion and communication of your personal data after your death, with a trusted, certified third party responsible for ensuring that the wishes of the deceased are respected in accordance with the requirements of the applicable legal framework.

All consumers have the option of registering free of charge on the "opposition to cold calling" list BLOCTEL :
In accordance with article L.223-2 of the French Consumer Code aimed at regulating telephone canvassing and combating fraudulent calls, any professional reserves the right to canvass a consumer registered on the telephone canvassing opposition list when solicitations are made in connection with the performance of a current contract and are related to the subject matter of said contract, including when the purpose is to offer the consumer products or services related to or complementary to the subject matter of the current contract or likely to improve its performance or quality."

How to exercise your rights - All the rights listed above can be exercised at the following email address contact@waamcosmetics.com

7. HOW WE PROTECT YOUR PERSONAL DATA

We take every precaution to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorized third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards, to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store, and the current state of technology.

In addition, we require our service providers and subcontractors who may have access to personal data to implement appropriate technical and organizational security measures with respect to such data.

In addition, WAAM employees who may have access to your personal data by virtue of their duties are subject to the strictest confidentiality in this respect.

However, while we endeavour to use reasonably acceptable means to protect your personal data, we cannot guarantee its absolute security or confidentiality, but we guarantee to use all reasonable endeavours to prevent any misuse or loss.

8. COOKIES

Subject to your consent when required by law, the Site uses cookies, tracers and similar technologies (hereinafter referred to as "Cookies"). Cookies are small text files stored on the hard disk of your terminal (computer, tablet, cell phone) when you consult an online service. Cookies perform a number of functions, including enabling you to navigate between pages more efficiently, remembering your preferences and displaying advertisements.

8.1 WHY DO WE USE COOKIES ?

We use Cookies to facilitate and improve navigation on the Site (for example, by remembering user preference settings) and to tailor our Site to your interests and needs. Cookies may also be used to help speed up your future visits and experiences on our Site (for example, by storing your login details).

We also use Cookies to collect anonymous, aggregate statistics, which enable us to understand how users use our Site and to improve its structure and content.

When the Cookies we use process your personal data, this processing is carried out in accordance with the regulations applicable to the protection of personal data.

8.2 WHAT TYPES OF COOKIES DO WE USE ?

The Site uses different types of Cookies which require your consent before the Cookie is installed on your terminal, with the exception of technical Cookies. Below is a list of the different types of Cookies we use on our Site.

a. Technical cookies

Technical Cookies are necessary for the proper functioning of our Site and the use of its functionalities. Without these Cookies, our Site would not function as efficiently as we would like, and we may not be able to make the Site available to you, or provide certain functions or services you request. These include, for example, cookies that enable us to keep track of the choices made by users regarding the deposit of cookies, cookies used for authentication with a service, including those designed to ensure the security of the authentication mechanism, or cookies used to keep track of the contents of a shopping cart on a merchant site, or to invoice the user for the product(s) and/or service(s) purchased. Your consent is not required for their storage.

b. Preference cookies

We also use Preference Cookies which enable our Site to remember your choices (such as your username, language or country) for personalization purposes. These Cookies are exempt from consent.

c. Analysis cookies

Our website may also use cookies for analysis and audience measurement (e.g. Google Analytics). These Cookies collect information about how you use and navigate our Site. By way of example, these Cookies keep track of the most frequently visited pages, referring/exit pages, time stamps and browsing paths. We use this information to analyze trends, manage the Site or track users' browsing patterns on our Site.

d. Advertising cookies / Third-party cookies

Cookies may be deposited on your browser, with your consent, by our partners acting as data processors with a view to offering their services. These third parties place Cookies on your device when you consult our Site, notably for targeted advertising purposes or when certain modules and functionalities, such as social networking buttons, are integrated on our Site. You will find more information about these Cookies in the privacy policy of these third parties.

Below is a detailed list of the different types of Cookies present on the Site:

8.3 HOW LONG ARE COOKIES STORED ?

Cookies are subject to a maximum retention period of thirteen (13) months after their initial installation on the user's terminal, as required by applicable law.

8.4 HOW TO CONTROL COOKIES ON OUR WEBSITE ?

When you enter the Site, a management interface informs you of the presence of Cookies and invites you to indicate your choices and accept / refuse each category of Cookies. Cookies are deposited only if you accept them, with the exception of functional cookies required for the operation of the Site.

You can also manage, deactivate and authorize cookies by configuring your browser settings.

9. ANY QUESTIONS ?

If you have any questions about this privacy policy or our personal data protection and/or cookie management practices, please contact us by sending an e-mail to the address indicated in point 6.

10. UPDATE

We reserve the right to modify this policy to reflect changes in various regulations and practices. Any changes we make to our policy will be published directly on the dedicated page of our Website. If we make any changes to this privacy policy that materially affect the way we process your personal data, we will contact you by any means of communication to inform you.