Data management

PREAMBLE

We know that you care about your personal data and how it is used. We want you to trust IEVA Group, which uses your personal data very carefully. This Privacy Policy will help you understand what personal data we collect, why we collect it and what we do with it.

As you read our Privacy Policy, please keep in mind that it applies to IEVA Group, as defined below.

Please, take a moment to read our privacy practices and let us know if you have any questions by sending us an email at communication@ievagroup.com.

We have tried to keep this Policy as simple as possible, but if you are not familiar with some terms, such as Cookies, IP Addresses, and Browsers, we suggest you read about these key terms first.

You have the right to object to certain uses of your personal data, including the use of your personal data for direct marketing purposes. Discover your rights and how you can exercise them here.

WHO IS IN CHARGE OF COLLECTING DATA?

Any personal data provided to or collected by IEVA Group is controlled by IEVA Group 87 Rue Réaumur 75002 Paris, FRANCE (the data processor).

This Privacy Policy applies to personal data collected by IEVA Group relating to the services and products we offer.

This Privacy Policy also applies to IEVA Group’s marketing content, including offers and advertisements for IEVA Group’s products and services, which we (or a service provider acting on our behalf) send to you on third-party websites, platforms, and applications based on your site usage information. Generally, these third-party websites have their own Privacy Policy and Terms and Conditions. We encourage you to read them before using those websites.

WHAT PERSONAL DATA DO WE COLLECT?

Personal data means any information that can be used to directly or indirectly identify a specific individual. This definition includes personal data collected offline, through our Customer Engagement Centre, direct marketing campaigns, sweepstakes, contests, and online, through our websites, applications, and brand pages on third-party platforms and applications accessed or used through third-party platforms.

We may collect personal data from a variety of sources, including:
Personal data you provide directly.
Personal data we collect automatically.

You may be asked to provide your personal data when you are in contact with us. The above-mentioned data processors may share this personal data with each other and use it in compliance with this Privacy Policy. We may also combine it with other information to improve our products, services, content, and advertising.

You are not required to provide IEVA Group with the personal data we request, but if you choose not to do so, we may not be able to provide you with our products or services or with high-quality service or respond to any queries you may have. We use the collected data to improve the services and functions of IEVA Group.

2.1. HOW DO WE COLLECT YOUR PERSONAL DATA?

Personal data you provide directly. We collect data about how you use our services and products, such as the types of content you view or are interested in or the frequency and duration of your activities. We also collect personal data you provide us when you sign up for a marketing newsletter, complete a survey or sign up to buy our products. In doing so, we may ask for personal data, such as your name, gender, date of birth, address, email address, telephone number, or credit card details. Some IEVA Group brands may collect “special category data” about you with your explicit consent. For more information on the special category data we collect and how we use it, please refer to the relevant section below.
Personal data we collect automatically. We also receive and store certain types of personal data whenever you interact with us online or on our applications. For example, we use cookies and tracking technologies (for further details, see our privacy key terms here) to obtain personal data when your web browser accesses our websites or advertisements and other content provided by or on behalf of IEVA Group on other websites. Your personal data is also collected when you search, buy, post, participate in a contest or questionnaire or communicate with our customer service teams. Examples of the types of personal data we collect include IP address (for further details, see our privacy key terms here), device ID, location data, computer and connection information such as browser type and version, time zone setting, browser plug-in types and versions, type and version of the phone’s operating system on which applications have been installed, operating system, and purchase history – which IEVA Group sometimes aggregates with similar information from other consumers. When you browse IEVA Group’s websites, we may also use software tools to measure and collect session information, including page response time, download errors, time spent to visit certain pages, page interaction information, and methods used to browse away from the page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.
Personal data we collect from other sources. We collect personal data from other sources, including our trusted partnerships with third parties, and where we operate IEVA Group’s accounts on third-party platforms: for example, when you use the “like” functionality on Facebook or the +1 functionality on Google+. In addition, we receive information about you and other visitors’ interactions with our advertising to measure whether our advertising is relevant and successful. We also collect information about you and your activities from a third party when you jointly offer services or products, or from third-party data enhancement providers who may provide IEVA Group with information about the personal data we hold.

2.2. HOW DO WE PROTECT CHILDREN’S PRIVACY?

We understand the importance of taking extra precautions to protect the privacy and safety of children using IEVA Group’s products and services.

IEVA Group’s websites are designed for and intended to be used by adults only. For example, you are required to confirm your age in order to use the application.

Sometimes, we use your personal information to verify your age and enforce any age limits.

FOR WHAT PURPOSE DO WE USE YOUR DATA?

We collect, process, and disclose your personal data only for specific and limited purposes. For example, to process your payments, assess and handle any complaints, develop and improve our products, services, communication methods, and the functionality of our websites and applications, provide personalized products and communications, targeted advertising, as well as product recommendations.

We also create profiles by analyzing information about your online browsing, searches, buying behavior, and your interactions with our brand communications by building segments (creating groups that have certain common characteristics) and by placing your personal data in one or more segments.

Additionally, IEVA Group processes your personal data also using automated means. An automated decision is a decision that is made solely by automatic means, where no humans are involved in the decision-making process related to your personal data.

We collect, process, and disclose your personal data for the following purposes:

To process your payments if you purchase our products, to provide you with your order status, deal with your inquiries and requests, assess and handle any complaints.
To process and answer your inquiries or to contact you to answer your questions and/or requests.
To develop and improve our products, services, communication methods, and the functionality of our websites and applications.
For contests or promotions you participate in.
To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications.
To manage our everyday business needs regarding your participation in our contests, sweepstakes, or promotional activities or requests.
To authenticate the identity of individuals contacting us by telephone, electronic means, or otherwise.
For internal training and quality assurance purposes.
To understand and assess consumers’ interests, wishes, and needs for change, to improve our websites and applications, our current products and services, and/or to develop new ones.
To provide personalized products, advice, recommendations, or, more generally, made-to-measure services, communications, and targeted advertising.

When we collect and use your personal data for the purposes mentioned above or other reasons, we will inform you before or at the time of collection.

If necessary, we will ask for your consent to process your personal data. If you have given your consent for processing activities, you have the right to withdraw your consent at any time.

In some cases, we rely on legitimate interest for processing your personal data. For example, a legitimate interest may exist when you sign up for a loyalty program with one of our brands, and we use the personal data collected to conduct data analyses to improve our products or services. This will only be used whether it is necessary to achieve a legitimate interest, for example, to allow the performance of a contract or to optimize services, but it does not override your rights as an individual. This legal basis will only be relied upon where there is no less intrusive way to process your personal data. We assure you that if we use legitimate interest as a reason for processing your personal data, we will keep a record of it, and you will have the right to request this information.

3.1. PROFILING

IEVA Group uses your personal data to build profiles. We create profiles by analyzing information about your online browsing, searches, buying behavior, and your interactions with our brand communications by building segments (creating groups that have certain common characteristics) and by placing your personal data in one or more segments.

These segments are used by IEVA Group to personalize the website and our communications meant for you (such as showing relevant content to you when you visit our site or in a newsletter intended for you), and to display relevant offers and advertisements from IEVA Group on the IEVA Group’s website, and via third-party websites. The segments can also be used for third-party campaigns on the IEVA Group’s website. IEVA Group profiles your data when you have provided us with the consent to do so, for example, accepting the setting of cookies on your online browser or signing up for email newsletters from one of our brands.

You can withdraw your consent to prevent your personal data from being used this way at any time by referring to the section relating to how to manage cookies in our Cookie Policy or by unsubscribing from the mailing list if you have already logged in to one of our websites or signed up to any marketing newsletters.

By way of example:

With your consent, IEVA Group collects data from:

The websites you visit and the way you interact with our content.
The digital advertising banner that we display on social networking platforms and other publishers’ websites.
Forms or questionnaires you fill out online and send to us about your interests.
Forms or questionnaires you fill out online and send to us about your interests.

We also track the products you buy when you click on one of our advertisement banners and then purchase something from our selected retail partners.

If you have asked to receive emails, SMS, or push notifications, we track you as soon as you open, read, or click on the content to see what you are interested in so that we can provide you with more content we think you are more likely to enjoy.

We use this data to profile your likes and dislikes. For instance, if we realize that you regularly view specific IEVA Group’s products on our website http://www.ieva.io or via our IEVA application, and you have chosen to receive emails from us, we might keep you updated on the new beauty products and routines uploaded on the site or in the application, or we may adapt our web content by displaying what we think you will be most interested in.

Based on this profile information, we may also provide you with advertisements that we think you will like and want to see as you view content from us or from our network of publishers with whom we advertise. Sometimes, with your consent, we may use your current location to display advertisements that are partially related to promotions or events taking place nearby that we think you might be interested in.

We may also use information you have provided to selected third parties and agreed to be shared, like your age, gender, stage of life, lifestyle, and other interests, to identify people who may have similar interests to you and may be interested in similar advertising.

3.2. AUTOMATED DECISION-MAKING

In some instances, IEVA Group processes your personal data using automated means. An automated decision is a decision made solely by automatic means, where no humans are involved in the decision-making process related to your personal data.

For example:

IEVA Group uses automated emailing scenarios generating automated email campaigns based on your browsing behavior, purchase habits, birthday.

We will not make decisions based solely on automated decision-making that have a significant impact on you. If we do, we will notify you and provide you with clear information about our decision to rely on automated processing to make our decision and our legal basis for doing so. For example, IEVA Group processes your personal data using automated means only if it is necessary for entering into or performing a contract with you or when you have given your explicit consent.

You have the right not to be subject to a decision based solely on automated processing and which has legal or other significant effects on you. In particular, you have the right: To obtain human intervention. To express your point of view. To get an explanation of the decision taken after an assessment. To challenge such a decision.

To obtain human intervention.
To express your point of view.
To get an explanation of the decision taken after an assessment.
To challenge such a decision.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

As a global business, IEVA Group may share your personal data internally and with selected third parties. For example, we may share your personal data with third-party service providers, other third parties, as well as in case of business transfers or legal disclosure.

As a global business, IEVA Group may share your personal data internally and with selected third parties in the following circumstances:

Third-party service providers. We share your personal data with third-party service providers that perform functions on our behalf, to fulfill your requests, respond to your inquiries, process your orders, accept coupons, provide you with samples, enable you to participate in sweepstakes or offer other features, services, and materials available on our websites. These service providers are companies that host or operate IEVA Group’s websites, process payments, analyze data, provide customer service, postal or delivery services, and sponsors or other third parties that participate in or administer our promotions. They have access to personal data needed to perform their functions but may not use it for other purposes. Furthermore, they must process this personal data as per this Privacy Policy and in compliance with applicable data protection laws and regulations.
Other third parties. We may also use your personal data or share it with our sponsors, advertisers, advertising networks, advertising servers, social media networks, and analytics companies or other third parties related to marketing, promotion, data enhancement and other offers, as well as product information.
As part of a business transfer. We may use your personal data or share it with data controllers for internal reasons, primarily for business and operational purposes. As part of our business development, we may sell or purchase assets, subsidiaries, or business units. In such transactions, your personal data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless you consent otherwise). If another entity acquires us, our businesses, or substantially all or part of our assets, or assets related to IEVA Group’s websites and application, your personal data will be disclosed to such entity as part of the due diligence process and will be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such personal data will be considered one of our assets, and as such, they may be sold or transferred to third parties.
Legal disclosure. We may transfer and disclose your personal data to third parties:
To comply with a legal obligation.
When we believe in good faith that law requires it.
At the request of governmental authorities conducting an investigation.
To audit or enforce our Terms of Use or other applicable policies.
To detect and protect against fraud or any technical or security vulnerabilities.
To respond to an emergency.
To protect the rights, property, safety, or security of third parties, visitors to IEVA Group’s website, IEVA’s mobile application, IEVA Group or the public.

4.1. INTERNATIONAL DATA TRANSFERS

IEVA Group shares personal data internally or with third parties for purposes described in this Privacy Policy. IEVA Group will only transfer personal data collected in the European Economic Area (EEA) to foreign countries for the following purposes:

Following your instructions.
Complying with a legal obligation.
Working with our agents and advisers to help run our business and services.
If we need to transfer personal data outside the EEA, IEVA Group will make sure that it is protected in the same way as it would be in the EEA. We will use one of the following safeguards:
Transfer to a non-EEA Country whose privacy legislation ensures an adequate level of protection of personal data as in an EEA country.
Make a contract with the foreign third party requiring them to protect personal data to the same standards as the EEA.
Transfer personal data to organizations that are part of specific agreements on cross-border data transfers with the European Union (e.g., Privacy Shield, a framework that sets privacy standards for data transferred from European Union countries to the United States).

HOW DO WE PROTECT YOUR PERSONAL DATA?

IEVA Group takes the security of your personal data very seriously. We endeavor to protect your personal data from misuse, interference, loss, unauthorized access, modification, or disclosure.

Our measures include implementing appropriate access controls, investing in the latest Information Security Capabilities to protect the IT environments we operate, and ensuring we encrypt, pseudonymize, and anonymize personal data if possible.

Access to your personal data is only permitted among our employees and agents on a need-to-know basis and is subject to strict contractual confidentiality obligations when data is processed by third parties.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will keep your personal data for as long as necessary to fulfill the purpose for which it was collected. For example, when you purchase one of our products online, we keep the data related to your purchase so we can perform the specific contract you have entered, and we keep it for a period that allows us to handle or respond to any complaints, queries or concerns relating to the purchase.

We may also keep your data to continue to improve your experience with us and ensure that you receive any loyalty rewards to which you are entitled.

We keep the identifiable data we collect directly for targeting purposes for as little time as possible, after which we take steps to delete it permanently.

We will actively review the personal data we hold and delete it securely or, in some cases, anonymize it when there is no longer a legal, business, or consumer need for it to be retained.

WHAT ARE YOUR RIGHTS?

Your rights concern the way your personal data is processed. You can exercise these rights at any time. Below is an overview of these rights and what this means for you. You can exercise your rights by sending an email to communication@ievagroup.com.

The right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights. Therefore, we give you such information in this Policy.
The right of access and to rectification. You have the right to access, correct, or update your personal data at any time. We understand how this is important, so if you want to exercise your rights, please contact us.
The right to data portability. The right to data portability is limited to the data you have provided us with. This means it can be given, copied, or transmitted by email under certain circumstances.
The right to be forgotten. Under certain circumstances, you have the right to request that we delete your data. If you wish to delete the data we hold about you, please let us know, and we will take reasonable steps to fulfill your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will delete, destroy, or permanently anonymize it.
The right to restrict processing. Under certain circumstances, you have the right to restrict the processing of your personal data.
The right to object. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing purposes (i.e., receiving emails from us notifying you or being contacted with varying potential opportunities).
The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with any local Supervisory Authority about how we process your personal data.
The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e., we rely on consent as a legal basis for processing your personal data), you have the right to withdraw it at any time (but if you do so, it does not mean that our use of your personal data with your consent at this stage is unlawful). You can withdraw your consent to the processing of your personal data at any time by contacting us with the details provided below.
Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing and which has legal or other significant effects on you. In particular, you have the right:
To obtain human intervention.
To express your point of view.
To get an explanation of the decision taken after an assessment.
To challenge such a decision.

For further information and advice about your rights, please refer to the data protection authority in your country.

HOW TO CONTACT IEVA GROUP?

If you have any questions or concerns about IEVA Group’s Privacy Policy or data processing or if you would like to make a complaint about a possible violation of local privacy laws, please send an email to communication@ievagroup.com.

When we receive a privacy question or an access request, we have a special team that sorts the contacts and seeks to address the specific concern or requests for information you bring to our attention. If your issue is more complex, you may seek further details. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant Supervisory Authority in your country. If you ask us, we will make sure to provide you with information about relevant ways to claim that may apply to your case.

HOW DO WE KEEP THIS PRIVACY POLICY UP TO DATE?

We will update this Privacy Policy when necessary to reflect customer feedback and changes in our products and services. When we post changes to this statement, we will revise the “last updated” date at the top of this document. If the changes are substantial, we will provide a more prominent Privacy Policy (including, for certain services, email notification of Privacy Policy changes). We will also archive previous versions of this Privacy Policy to let you review them.

We will not reduce your rights under this Privacy Policy without your consent.

ADDITIONAL PRIVACY TERMS OR POLICIES

In addition to this Privacy Policy, there may be specific campaigns or promotions regulated by additional privacy terms or policies. We encourage you to read these additional privacy terms or policies before participating in any such campaigns or promotions, as you will be required to comply with them if you participate. Any additional privacy terms or policies will be made prominently available to you.

DEFINITION OF KEY TERMS

IP address: An IP address, or simply an “IP,” is a unique address that identifies a device on the Internet or a local network.
It allows a system to be recognized by other systems connected via the Internet protocol.
Cookie: A cookie is a small amount of data generated by a website and saved by your web browser.
SMS: Stands for “Short Message Service.” SMS is used to send text messages to mobile phones.
Push notification: A push notification is a message that pops up on a mobile device. Push notifications look like SMS text messages and mobile alerts, but they only reach users who have installed your application.