Last update: March 2021
WAAM takes the utmost care to protect the personal data it collects, and considers the protection of personal data to be of fundamental importance to the operation of its business. The personal data we collect is protected and processed with the utmost care, in compliance with the regulations in force and in application of the provisions of Law No. 78-17 of January 6, 1978 on data processing, data files and individual liberties and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "RGPD").
As part of our commitment to protecting your personal data in a transparent manner, we would like to inform you:
- Categories of personal data collected and processed by WAAM ;
- How and for what purposes WAAM collects and processes your personal data ;
- The legal basis for processing your personal data ;
- Categories of recipients of your personal data ;
- Your rights and our obligations in relation to such processing.
2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?/h6>
The company responsible for processing your personal data is DIECE, a Société par Actions Simplifiée (SAS) registered in the Evry Trade and Companies Register under number 533 846 143, whose registered office is located at 23 Avenue du Garigliano, Bâtiment 6, 91600 Savigny-sur-Orge (hereinafter referred to as "WAAM" or "we", "us" or "our").
3. WHAT PERSONAL DATA DO WE PROCESS AND FOR WHAT PURPOSES ?
WAAM only collects and processes personal data about you for which it has a legal basis. Legal grounds include your consent (where you have given your consent to the processing of your data), the performance of a contract (where the processing of data is necessary for the performance of the contract entered into between WAAM and yourself), compliance with a legal obligation, and WAAM's "legitimate interests".
As data controller, WAAM collects and processes the following data for the purposes detailed below:
- Newsletter registration, loyalty program, promotional offer management:
- Identification data: marital status, surname, first name.
- Contact details: email address.
- Customer relations, accounts receivable and order management :
- Identification data: marital status, surname, first name, date of birth (optional).
- Contact data: e-mail address, postal address, telephone number.
- Order data: payment data, billing data, delivery data (address, incident, date, etc.).
- Website management and audience measurement:
- IP address, browser type, language, operating system, device information (including application and device identifiers), referring web page, pages visited, location and other information collected by Cookies (depending on the permissions you have granted us).
- Management of unsolicited applications and recruitment :
- Identification data: civil status, surname, first name, age/date of birth.
- Contact data: e-mail address, postal address, telephone number.
- Data relating to the application: position held, level of experience, field of activity, professional background and all personal data appearing on the CV, cover letter or any other document to which WAAM may have access in connection with the application.
- Management of requests received via the contact form :
- Identification data: civil status, surname, first name.
- Contact details: email address.
- Subject of your request, content of your message.
- Cosmetovigilance :
- Data identifying the person exposed to the adverse event: data enabling the person to be identified indirectly (age, sex, skin type, etc.), unless the person exposed to the adverse event is also the person reporting it. In this case, direct notification of the adverse event by the person exposed lifts the secrecy of his or her identity.
- Identification and contact details of the person reporting the adverse reaction: surname, first name, email address, postal address, telephone number, healthcare professional's specialty (if applicable).
- Cosmetovigilance data: data relating to the identification of the product concerned by the adverse reaction report (product type, batch number, etc.), health data (nature of the adverse reaction(s), treatments administered, history, risk factors, skin type (sensitive/non-sensitive), information relating to the use of the product concerned).
The mandatory or optional nature of the data you provide is indicated at the time of collection.
4. TO WHICH CATEGORIES OF RECIPIENTS WILL YOUR DATA BE TRANSMITTED ?
Thus, for the purposes set out above, WAAM may share your personal data with third parties, but only in the following cases:
- WAAM may use service providers, agents or suppliers to provide technical services. These third parties must at all times guarantee high levels of security with respect to your personal data and are bound, where applicable, by a legal agreement under which they are required to maintain the confidentiality and security of your personal data, and to process it solely in accordance with WAAM's instructions ;
WAAM does not transfer your data outside the European Economic Area (EEA). However, should this occur, WAAM will put in place contractual mechanisms and binding legal processes to legally transfer personal data beyond the borders of the EEA zone and secure these data flows ;
- WAAM may bring your personal data to the attention of certain of its employees, who are also subject to an obligation of confidentiality, and only for the purposes mentioned above ;
- In the event of a merger or acquisition of WAAM, in whole or in part, by another company, or if WAAM were to sell or transfer all or part of its business, the acquirer would have access to information collected by WAAM, including personal data, subject to applicable laws. Similarly, personal data may be transferred in the event of corporate restructuring, insolvency proceedings or any similar event, if permitted by and in accordance with applicable law ;
- WAAM may also disclose your personal data when legally obliged to do so to legally authorized authorities in order to meet its legal, regulatory or contractual obligations, in particular its cosmetovigilance obligations to the French National Agency for the Safety of Medicines and Health Products (ANSM).
In all cases, WAAM will make its best efforts to ensure the confidentiality and security of personal data processed during their transmission to the aforementioned entities.
5. HOW LONG DO WE KEEP YOUR DATA ?
The retention periods we apply to your personal data are limited and proportionate to the purposes for which they were collected. The length of time we retain personal data varies and is determined by various criteria, including :
- the purpose for which we use it: WAAM must retain data for the period necessary to fulfil the purpose of the processing; and
- legal obligations: legislation or regulation may set a minimum period for which we must retain personal data.
We organize our data retention policy according to these criteria and will be happy to answer any questions you may have.
Furthermore, your data will be kept until you request its deletion. In the event of a deletion request, all your data will be definitively deleted within thirty (30) days of your request, insofar as such deletion is authorized by the regulations in force.
6. WHAT RIGHTS DO YOU HAVE TO YOUR DATA ?
Your right to access and rectify your data - You have the right to access your personal data held by us. You can also ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.
Your right to erasure of your data - You may ask us to delete your personal data in the cases defined by law.
Your right to limit the processing of your data - You may request the restriction of the processing of your personal data in the cases provided for by law.
Your right to object to the processing of your data - You have the right to object to the processing of your personal data for reasons relating to your particular situation. However, the exercise of this right will not be possible where there are legitimate and compelling reasons for the processing of your data under the law or regulations, and in particular, for example, in the context of compliance with our obligations in terms of cosmetovigilance or for the establishment, exercise or defense of legal claims.
Your right to data portability - You have the right to the portability of your personal data where permitted by law. As such, you can ask us to transfer your data to another organization or to communicate them to you.
Your right to withdraw your consent - Where the processing of data by us is based on your consent, you may withdraw it at any time. We will then cease to process your personal data without affecting any previous operations for which you have given your consent.
Your right to appeal - You have the right to lodge a complaint with the CNIL or any other supervisory authority.
Your right to define post-mortem directives - You have the possibility of defining directives concerning the conservation, deletion and communication of your personal data after your death, with a trusted, certified third party responsible for ensuring that the wishes of the deceased are respected in accordance with the requirements of the applicable legal framework.
How to exercise your rights - All the rights listed above can be exercised at the following email address firstname.lastname@example.org
7. HOW WE PROTECT YOUR PERSONAL DATA
We take every precaution to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorized third parties. We follow generally accepted standards, including the use of appropriate administrative, physical and technical safeguards, to protect the personal data submitted to us and implement adequate technical and operational security measures. These measures take into account the sensitivity of the personal data we collect, process and store, and the current state of technology.
In addition, we require our service providers and subcontractors who may have access to personal data to implement appropriate technical and organizational security measures with respect to such data.
In addition, WAAM employees who may have access to your personal data by virtue of their duties are subject to the strictest confidentiality in this respect.
However, while we endeavour to use reasonably acceptable means to protect your personal data, we cannot guarantee its absolute security or confidentiality, but we guarantee to use all reasonable endeavours to prevent any misuse or loss.
When the Cookies we use process your personal data, this processing is carried out in accordance with the regulations applicable to the protection of personal data.
8.2 WHAT TYPES OF COOKIES DO WE USE ?
The Site uses different types of Cookies which require your consent before the Cookie is installed on your terminal, with the exception of technical Cookies. Below is a list of the different types of Cookies we use on our Site.
a. Technical cookies
Technical Cookies are necessary for the proper functioning of our Site and the use of its functionalities. Without these Cookies, our Site would not function as efficiently as we would like, and we might not be able to make the Site available to you, or to provide certain functions or services requested. These include, for example, cookies that enable us to keep track of the choices made by users regarding the deposit of cookies, cookies used for authentication with a service, including those designed to ensure the security of the authentication mechanism, or cookies used to keep track of the contents of a shopping cart on a merchant site, or to invoice the user for the product(s) and/or service(s) purchased. Your consent is not required for their storage.
b. Preference cookies
We also use Preference Cookies which enable our Site to remember your choices (such as your username, language or country) for personalization purposes. These Cookies are exempt from consent.
c. Analysis cookies
d. Advertising cookies / Third-party cookies
Below is a detailed list of the different types of Cookies present on the Site:
|Cookie name||Cookie category (Functional, Analysis, Advertising)||Goals||Shelf life|
|Google Analytics||Analysis||Trend analysis|
|Facebook Pixel||Advertising||Targeted advertising||180 days|
|Google Ads||Advertising||Targeted advertising|
8.3 HOW LONG ARE COOKIES STORED ?
Cookies are subject to a maximum retention period of thirteen (13) months after their initial installation on the user's terminal, as required by applicable law.
8.4 HOW TO CONTROL COOKIES ON OUR WEBSITE ?
When you enter the Site, a management interface informs you of the presence of Cookies and invites you to indicate your choices and accept / refuse each category of Cookies. Cookies are deposited only if you accept them, with the exception of functional cookies required for the operation of the Site.
You can also manage, deactivate and authorize cookies by configuring your browser settings.
9. ANY QUESTIONS ?