PREAMBLE

We understand that you care about your personal data and how it is used. You can trust IEVA Group, which is committed to using it with the greatest care. This Privacy Policy explains what type of personal data we collect, why we do so, and how we use it.

When reading this Privacy Policy, please note that it applies to IEVA Group, as defined below.

Please take time to familiarize yourself with our privacy practices and feel free to send us your questions by email at communication@ievagroup.com.

We have tried to keep this Policy as simple as possible, but if you do not clearly understand terms such as CookiesIP AddressesApplications and Browsers, please first learn more about these key terms.

You have the right to object to certain uses of your personal data, including the use of your personal data for direct marketing purposes. You can see what your rights are and how to exercise them here.

1. WHO IS RESPONSIBLE FOR COLLECTION?

All personal data provided to or collected by IEVA Group is controlled by IEVA Group, 87 rue Réaumur – 75002 – Paris, France (the data controller(s)).

This Privacy Policy applies to personal data collected by IEVA Group in connection with the services and products we offer.

This Privacy Policy also applies to IEVA Group content, including offers and advertisements for IEVA Group brands’ products and services, which we (or a service provider acting on our behalf) may send you on third-party websites, platforms and applications based on your site usage information. In general, these third-party sites have their own Privacy Policies and Terms and Conditions. We encourage you to review them before using such websites.

2. WHAT PERSONAL DATA DO WE COLLECT?

“Personal data” means any information that can be used to identify a particular person directly or indirectly.

We may collect personal information from different sources, including:

  • personal information you provide to us directly, and
  • personal information we collect automatically.

You may be asked to provide your personal data when you contact us. The data controllers may share this personal data between themselves and use it in accordance with this Privacy Policy. We may also combine it with other information to improve our products, services and content.

You are not required to provide IEVA Group with the personal data we request, but if you choose not to, we may not be able to provide you with our products and services, a high quality of service, or respond to your requests. We use the information collected to improve the services and features of IEVA Group applications.

2.1. HOW WE COLLECT YOUR PERSONAL DATA

Personal information you provide directly.
We collect data about how you use our services and products, such as the types of content you view or are interested in, and the frequency and duration of your activities. We also collect personal data you provide when you sign up for a newsletter, complete a survey, or create an account to use our applications or purchase our products. In doing so, we may ask for information such as your name, gender, date of birth, address, email address, phone number, or bank details. Certain IEVA Group brands may collect special categories of personal data about you with your explicit consent. To learn more about the special categories of data we collect and how we use them, please refer to the relevant section below.

Personal information we collect automatically.
We also receive and store certain types of personal information whenever you interact with us online or on our applications. For example, we use cookies and tracking technologies (to learn more, see our key terms here) to obtain personal information when your web browser accesses our websites or advertisements and other content provided by or on behalf of IEVA Group on other websites. Your personal information is also collected when you search, purchase, post, enter a contest or questionnaire, or communicate with our customer service teams. The types of personal information collected may include an IP address, a device ID, location data, and computer and connection information such as browser type and version, time zone setting, browser plug-in types and versions, operating system type and version of the phone on which the applications were installed, operating system, and purchase history that IEVA Group sometimes aggregates with similar information from other consumers. When you browse IEVA Group websites and applications, we may also use software tools to measure and collect session information, including page response times, download errors, length of visits on certain pages, page interaction and the methods used to browse away from the page. We may also collect technical information that helps us identify your device for diagnostic purposes and fraud prevention.

Personal information we collect from other sources.
We collect personal information from other sources, including trusted third-party partnerships and where we have IEVA Group accounts on third-party platforms—for example when you use the “like” feature on Facebook. In addition, we receive information about you and other visitors’ interactions with our advertisements to measure whether our ads are relevant and effective. We also collect information about you and your activities from a third party when you jointly offer services or products, or from third-party data enrichment providers who may provide IEVA Group with information about personal data we hold.

2.2. HOW DO WE PROTECT CHILDREN’S PRIVACY?

We understand the importance of taking extra precautions to protect the privacy and security of children using IEVA Group products and services.

IEVA Group websites and applications are designed for adults and intended to be used by adults. For example, confirmation of your age may be required to use an application.

We may sometimes use your personal information to perform age checks and enforce age limits.

3. HOW DO WE USE YOUR DATA?

We collect, process and disclose your personal information only for specific and limited purposes. For example: to process your payments, access and handle complaints, develop and improve our products, services, communication methods and the functionality of our websites and mobile applications; to provide personalized products, communications, advice and recommendations; targeted advertising; and product recommendations.

We also create profiles by analyzing your online browsing information, searches and purchasing behavior and linking them to the personal data you provided directly, as well as your interactions with our brand communications, by creating segments (groups with certain shared characteristics) and placing your personal information into one or more segments.

In addition, IEVA Group processes your personal information using automated processes. An automated decision is a decision made solely by automated means where no human is involved in the decision-making process regarding your personal information.

We collect, process and disclose your personal information for the following purposes:

  • to process your payments if you purchase our products, inform you about your order status, handle your information requests and inquiries, and access and manage complaints;
  • to process and respond to your information requests or contact you to answer your questions and/or requests;
  • to develop and improve our products, services, communication methods and the functionality of our websites and applications;
  • in connection with contests or promotions you participate in;
  • to send you information and manage your registration and/or subscription to our newsletter or other communications;
  • to manage our day-to-day business needs relating to your participation in contests, sweepstakes, promotional activities, or your inquiries;
  • to authenticate the identity of individuals contacting us by phone, electronically or otherwise;
  • for internal training and quality assurance;
  • to understand and assess consumers’ interests, intentions and needs for change, improve our websites and applications, our existing products and services and/or develop new products and services; and
  • to provide personalized products, advice, recommendations, or more generally personalized services, communications and targeted advertising.

When we collect and use your personal data for the purposes described above or for other reasons, we will inform you before or at the time of collection.

Where required, we will ask for your consent to process your personal information. If you have given consent for processing activities, you have the right to withdraw it at any time.

In some cases, we rely on legitimate interest to process your personal data. For example, legitimate interest may apply when you join a loyalty program of one of our brands and we use the collected personal data to conduct data analysis in order to improve our products and services. This legal basis will only be used where necessary to achieve a legitimate interest (for example, to enable contract performance or optimize a service) and where it does not override your rights as an individual. We will not rely on this legal basis if there is a less intrusive way to process your personal data. We also ensure that if we use legitimate interest as the basis for processing your personal data, we will keep a record of it and you will have the right to request this information.

3.1. PROFILING

IEVA Group uses your personal data to create profiles. We create profiles by analyzing your online browsing information, searches and purchasing behavior, and your interactions with our brand communications by creating segments (groups with certain shared characteristics) and placing your personal information into one or more segments.

These segments are used by IEVA Group to personalize the website and our communications to you (e.g., showing content relevant to you when you visit IEVA Group brand websites or in a newsletter sent to you), and to display appropriate offers and advertisements from IEVA Group brands and via third-party sites. Segments may also be used for third-party campaigns on IEVA Group brand sites. IEVA Group profiles your data when you have given your consent to do so, for example by accepting cookies in your web browser or subscribing to marketing newsletters from one of our brands.

You may withdraw your consent at any time to prevent this use of your personal data by referring to the cookie management section of our Cookie Notice or by unsubscribing from email use if you are already identified on one of our sites or subscribed to marketing newsletters.

By way of example, with your consent, IEVA Group collects data from:

  • the web pages you visit and how you interact with our content;
  • our advertising banners displayed on social media platforms and other publisher websites;
  • online forms or questionnaires you complete and send us about your interests;
  • forms or questionnaires you complete on our applications.

We also track products you purchase when you click one of our advertising banners and then buy a product or service from our selected distribution partners.

If you have asked to receive information from us by email, SMS or push notification, we track when you open, read or click content to understand what interests you, allowing us to provide content more likely to meet your expectations.

We use this data to profile your preferences and dislikes. For example, if we see that you regularly view specific products from IEVA Group brands on their websites or apps and you have chosen to receive emails, we may inform you about new products and beauty routines available on the website or app, or adapt our content by suggesting items that may be of strong interest to you.

Based on these profiles, we may show you advertisements that we believe you will like and want to see because you view content created by us or by our publisher network with whom we run promotions. Sometimes, with your consent, we may use your current location to provide you with advertisements related in part to promotions or events taking place nearby and that we believe may interest you.

We may also use information you provided to selected third parties and consented to share—such as your age, gender, life stage, lifestyle and broader interests—to identify people with similar interests who may be interested in the same advertisements.

3.2. AUTOMATED DECISION-MAKING

In some cases, IEVA Group processes your personal data using automated processes. An automated decision is a decision made solely by automated means where no human is involved in the decision-making process regarding your personal information.

For example:

  • IEVA Group brands use automated email scenarios that generate email campaigns based on your browsing behavior, purchasing habits and birthday.

We will not make decisions based solely on automated decision-making that have a significant impact on you. Otherwise, we will inform you and provide clear information about our decision to rely on automated processing and our legal basis for doing so. For example, IEVA Group processes your personal data by automated means only when necessary to enter into or perform a contract with you or where you have given your explicit consent.

You have the right not to be subject to a decision based solely on automated processing if the decision produces legal effects concerning you or significantly affects you. In particular, you have the right:

  • to obtain human intervention,
  • to express your point of view,
  • to obtain an explanation of the decision after assessment,
  • to challenge the decision.

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

As a global company, IEVA Group may share your personal information internally and with selected third parties. For example, we may share your personal information with third-party service providers, other third parties, and in the event of business transfers or legal disclosure.

As a global company, IEVA Group may share your personal information internally and with selected third parties in the following circumstances:

Third-party service providers.
To fulfill your requests, respond to your information requests, process your orders, accept coupons, provide samples, enable you to participate in lotteries, provide other features, services and materials on our sites, we share your personal data with third-party service providers that perform functions on our behalf. These include companies that host or operate IEVA Group websites or applications, process payments, analyze data, provide customer service, postal or delivery services, as well as advertisers or other third parties that administer or participate in our promotions. They have access to the personal information needed to perform their functions but may not use it for other purposes. They must also process this personal information in accordance with this Privacy Policy and applicable data protection laws and regulations.

Other third parties.
Your personal data may also be used by us or shared with advertisers, advertising agencies, ad networks, ad servers, social networks, analytics research companies or other third parties in connection with marketing, promotion, data enrichment and other offers, as well as product information.

Business transfers.
Your personal data may be used by us or shared with data controllers for internal purposes, mainly business and operational needs. As our business develops, we may sell or buy assets, subsidiaries or business units. In such transactions, personal data is generally one of the transferred business assets, but it remains subject to the commitments made in any pre-existing Privacy Policy (unless you consent otherwise). If another entity acquires us, our companies, or all or part of our assets, or assets related to IEVA websites and applications, your personal data will be disclosed to that entity as part of due diligence and transferred to that entity as a transferred asset. In addition, if bankruptcy or reorganization proceedings are initiated by or against us, such personal data may be considered an asset and may therefore be sold or transferred to third parties.

Legal disclosure.
We may transfer and disclose your personal data to third parties:

  • to comply with a legal obligation;
  • when we believe in good faith that the law requires it;
  • at the request of government authorities conducting an investigation;
  • to verify or enforce our “Terms of Use” or other applicable policies;
  • to detect and protect against fraud or any technical or security vulnerability;
  • in order to respond to an emergency;
  • to protect the rights, property, safety or security of third parties, visitors to IEVA Group websites, and users of IEVA Group applications.

4.1. INTERNATIONAL DATA TRANSFERS

IEVA Group shares personal data internally or with third parties for the purposes described in this Privacy Policy. IEVA Group will only transfer personal data collected in the European Economic Area (EEA) to foreign countries in situations such as:

  • following your instructions;
  • complying with a legal obligation;
  • working with our agents and advertisers who help us operate our business and services.

If we need to transfer personal data outside the EEA, IEVA Group will ensure it is protected in the same way as within the EEA. We will use one of the following safeguards:

  • transfer to a non-EEA country whose privacy legislation provides an adequate level of protection comparable to an EEA country;
  • put in place a contract with the foreign third party requiring it to protect personal data to the same standards as the EEA;
  • transfer personal data to organizations that are part of specific cross-border data transfer agreements with the European Union (e.g., the Privacy Shield framework, which sets privacy standards for data transferred from EU countries to the United States).

5. HOW DO WE PROTECT YOUR PERSONAL DATA?

IEVA Group takes the security of your personal data very seriously. We strive to protect your personal data against misuse, interference, loss, unauthorized access, modification or disclosure.

Our measures include implementing appropriate access controls, investing in the latest information security capabilities to protect the IT environments we operate, and ensuring that we encrypt, pseudonymize and anonymize personal data where possible.

Access to your personal data is authorized only for our employees and agents on a need-to-know basis and is subject to strict contractual confidentiality obligations where data is processed by third parties.

6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data for as long as necessary to fulfill the purpose for which it was collected. For example, when you buy a product from us online, we keep data related to your purchase to perform the specific contract you entered into; afterwards, we retain personal data for a period that enables us to process or respond to complaints, information requests or concerns regarding the purchase.

Your data may also be retained so that we can continue improving your experience with us and ensure you receive loyalty rewards to which you are entitled.

We keep identifiable data that we collect directly for targeting purposes for a strictly limited period, after which we take steps to permanently delete it.

We actively review personal data in our possession and securely delete it, or anonymize it in certain cases, when it is no longer necessary to retain it for legal, business or consumer purposes.

7. WHAT ARE YOUR RIGHTS?

Your rights relate to how your personal data is processed. You may exercise these rights at any time. Below is an overview of these rights and what they mean for you. You can exercise your rights by emailing contact@ieva.io.

  • Right to information. You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights. Therefore, we provide the information in this Privacy Policy.
  • Right of access and rectification. You have the right to access, correct or update your personal data at any time. We understand its importance; if you wish to exercise these rights, please contact us.
  • Right to data portability. This right is limited to the personal data you provided to us. This means it can be provided, copied or transmitted electronically in certain circumstances.
  • Right to erasure (right to be forgotten). You have the right to request deletion of your data in certain circumstances. If you wish to delete your personal data held by us, please let us know and we will take reasonable steps to respond in accordance with legal requirements. If the personal data collected is no longer necessary and we are not legally required to keep it, we will ensure it is deleted, destroyed or permanently anonymized.
  • Right to restrict processing. You have the right to restrict the processing of your personal data in certain circumstances.
  • Right to object. You have the right to object to certain types of processing in certain cases, in particular processing for direct marketing purposes (i.e., receiving emails from us notifying you or being contacted with different options).
  • Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with your local supervisory authority about how we process your personal data.
  • Right to withdraw consent. If you have given consent for us to process your personal data for any purpose (where consent is our legal basis), you have the right to withdraw your consent at any time (this does not mean that our use of your personal data with your consent up to that point was unlawful). You can withdraw your consent at any time by contacting us with the details below.
  • Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing if the decision produces legal effects concerning you or significantly affects you. In particular, you have the right:
    • to obtain human intervention,
    • to express your point of view,
    • to obtain an explanation of the decision after assessment,
    • to challenge the decision.

You can obtain further information and advice about your rights from your country’s data protection regulator.

8. HOW TO CONTACT IEVA GROUP?

If you have questions or concerns about this Privacy Policy or IEVA Group’s data processing, or if you wish to lodge a complaint about a possible violation of local privacy laws, contact us by email at communication@ievagroup.com.

When we receive a privacy question or an access request, we provide a dedicated team that triages contacts and seeks to address the specific concerns or information requests you raise. If your matter is more significant, you may seek additional information. All serious contacts receive a response. If you are not satisfied with the response, you may refer the matter to the relevant supervisory authority in your country. If you request it, we will provide information about relevant remedies that may apply to your case.

9. HOW DO WE UPDATE THIS PRIVACY POLICY?

Updates to this Privacy Policy may incorporate customer feedback and changes to our products and services. When we make changes to this statement, we will revise the “last updated” date at the top of this document. If changes are significant, we will provide a more prominent notice (including, for certain services, email notification of changes). We will also archive previous versions of this Privacy Policy so you can review them.

Under this Privacy Policy, we will not reduce your rights without your consent.

10. ADDITIONAL PRIVACY TERMS OR POLICIES

In addition to this Privacy Policy, we may run specific campaigns or promotions governed by additional privacy terms or policies. We encourage you to review these additional terms or policies before participating, as you will be required to comply with them if you participate. Any additional privacy terms or policies will be prominently highlighted.

11. DEFINITION OF KEY TERMS

IP Address: An IP address is a unique address that identifies a device on the Internet or on a local network. It enables one system to be recognized by another system connected via the Internet.

Cookie: A cookie is a small amount of data generated by a website and stored by your web browser.

SMS: Means “Short Message Service.” SMS is used to send text messages to mobile phones.

Push notification: A push notification is a message that appears on a device. A push notification looks like an SMS text message or a mobile alert, but is only sent to users who have installed your application.