Privacy policy

Paris on September 11, 2024

Table of contents

Privacy Policy. 1

Introduction. 1

1. Data Processor. 2

2. Collected data. 2

4. Data usage. 3

5. Data Sharing. 3

6. Data security. 5

7. User rights. 6

8. Data Retention Period. 7

9. Transfer of Personal Data 9

10. Changes to the Privacy Policy. 9

11. Contact 10

Introduction

BeautyDecoded SAS, publisher of the Beauty Decoded mobile application, is committed to protecting the privacy and personal data of its users. This privacy policy explains what information we collect, how we use, share and protect it, in accordance with the General Data Protection Regulation (GDPR).

The purpose of this data collection is to provide an optimal and personalized user experience, by offering you cosmetic product recommendations adapted to your skin type and specific needs, as well as by continuously improving our services.

1. Data Processor

The party responsible for processing personal data collected via the Beauty Decoded application is :

BeautyDecoded SAS

OCP Business Center 4

66 avenue des Champs-Élysées

75008 Paris

France

Email : support@beautydecoded.com

BeautyDecoded SAS has appointed a Data Protection Officer (DPO) to oversee compliance with the RGPD and answer any questions relating to personal data :

Name of DPO: [Sylvain David]

DPO email: dpo@beautydecoded.com

 

2. Collected data

When using the application, we collect the following personal data:

  • Registration information Name, first name, email address, password.
  • Profile data Skin type (dry, normal, combination or oily), skin sensitivity (sensitive or resistant), skin problems (imperfections, wrinkles, skin spots, redness), profile photo.
  • Contact information Address, telephone number (for competitions).
  • Connection data IP address, browser type, connection data.

4. Use of Data

The data collected is used for :

  • Personalize cosmetic product recommendations according to your skin type and skin problems.
  • Provide and enhance application services, including artificial intelligence features and personalized routines.
  • Manage and organize contests, including communication with winners and delivery of prizes.
  • Send promotional communications and promotional codes via affiliated partners (with your prior consent).
  • Ensuring security and preventing fraud.

5. Data Sharing

Your personal data may be shared with :

  • Business partners In the context of contests and affiliations, for the dispatch of products and promotional codes. For example, necessary information may be shared with marques partners offering products in contests or with affiliate platforms to provide discounts and special offers.
  • Service providers We use a number of service providers to help us provide, improve and secure our application. These service providers act as subcontractors and process your personal data according to our instructions and on our behalf. Here are some specific examples:
    • Hosting services We use Firebase, a Google platform, to host and manage the application. Firebase processes data in accordance with Google's strict security standards.
    • Payment services Payment information is processed by secure third-party service providers, such as Stripe or PayPal, who ensure secure transaction processing.
    • Analysis tools We use analytics tools such as Google Analytics to understand how users interact with our application and improve their experience. These tools collect data such as IP addresses, browser types and connection data.
  • Subcontractors We may also share your data with other subcontractors for specific services such as customer support, marketing services or technical maintenance services. All our subcontractors are bound by strict confidentiality obligations and will only process your data to the extent necessary to provide their services.
  • Competent authorities If required by law or to protect our legal rights, we may disclose your personal data to the appropriate authorities. This may include situations where we need to respond to legal requests, court orders or legal process, or to protect our rights, property or safety, as well as those of our users or the public.

By sharing your data with these third parties, we ensure that they comply with strict data protection standards and only use your information to the extent necessary to provide their services. If you have any questions concerning the sharing of your personal data, or would like to obtain a complete list of our subcontractors, please contact us at the following e-mail address: support@beautydecoded.com.

6. Data security

BeautyDecoded SAS is committed to guaranteeing the security and confidentiality of personal data collected and processed via its application. We implement technical and organizational security measures adapted to the level of data sensitivity, in accordance with the requirements of the General Data Protection Regulation (GDPR).

Here are the specific measures we have put in place:

Safety measures

  1. Data encryption All personal data is encrypted during transmission and storage to ensure confidentiality and integrity.
  2. Access Control Access to personal data is strictly limited to authorized persons, in particular BeautyDecoded SAS employees and service providers who require access in the course of their duties. Such access is controlled by authentication systems and access management policies.
  3. Monitoring and Audits Security: Regular security audits are carried out to evaluate and continually improve our practices. In addition, a monitoring system is in place to detect and prevent any attempt at unauthorized access or data breach.
  4. Staff training All employees with access to personal data receive regular training in data security and confidentiality best practices.
  5. Backups and Business Continuity Planning Backups: Regular data backups are carried out to guarantee availability in the event of technical failure. A business continuity and recovery plan is in place to ensure rapid restoration of services in the event of an incident.
  6. Incident Management In the event of a data breach, BeautyDecoded SAS undertakes to inform the users concerned within the timeframe required by regulations, and to take all necessary measures to limit the impact.

These measures are designed to protect your personal data against any form of loss, alteration, disclosure or unauthorized access.

If you have any questions or concerns about the security of your personal data, please contact us at the following email address: support@beautydecoded.com.

7. User rights

In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of access You can request access to the personal data we hold about you.
  • Right of rectification You can request the correction of inaccurate or incomplete personal data.
  • Right to erasure You can request the deletion of your personal data, subject to certain conditions.
  • Right to restrict processing You can request the restriction of the processing of your personal data in certain cases.
  • Right to object You may object to the processing of your personal data for legitimate reasons.
  • Right to data portability You can request to receive your personal data in a structured, commonly used and machine-readable format.

Procedure for exercising your rights

To exercise these rights, requests must be made by the persons concerned or their duly authorized representative. All requests must be accompanied by the proof of identity required to verify the applicant's identity (for example, a copy of identity card or passport).

To exercise these rights, please contact us at the following email address: support@beautydecoded.com.

We undertake to respond to all requests within 30 days of receipt of the request and the necessary supporting documents. If your request takes longer to process, we will inform you of the status and estimated time for resolution.

8. Data retention period

We keep your personal data only for as long as is necessary to achieve the purposes for which it was collected, or to comply with legal obligations.

The following table illustrates the various processing purposes, the types of data concerned and the corresponding retention periods:

Purpose of ProcessingData typesShelf lifeLegal basis
Registration and account managementRegistration information (last name, first name, email address, password)As long as the account is active + 3 yearsContract performance
Personalized recommendationsProfile data (skin type, skin problems, cosmetic preferences)As long as the account is active + 3 yearsLegitimate interest
Communication and marketingEmail address, communication preferencesUntil you unsubscribe from the newsletterLegitimate interest
Participation in competitionsContact information (address, phone number)Competition duration + 6 monthsLegitimate interest
Service analysis and improvementConnection data (IP address, browser type, connection data)1 yearLegitimate interest
Payment and subscription managementPayment information, transaction history10 years (legal obligation)Contract performance, Legal obligation
Security and fraud preventionAll relevant dataAs long as the account is active + 3 yearsLegitimate interest
Compliance with legal obligationsAll necessary dataApplicable legal retention period  Legal obligation  

If you have any questions about how long we keep your personal data, or if you wish to exercise your rights, please contact us at the following e-mail address: support@beautydecoded.com.

9. Transfer of Personal Data

  1. Transfer to third countries or international organizations :
    • BeautyDecoded SAS does not transfer your personal data to third countries (outside the European Economic Area) or to international organizations. All our hosts, partners and service providers are located within the European Union.
  2. Appropriate warranties :
    • In the absence of transfers to third countries or international organizations, all personal data is processed and stored in member countries of the European Union, thus ensuring an adequate level of protection in accordance with EU data protection laws.

If you have any questions about the protection of your personal data or wish to exercise your rights, please contact us at the following e-mail address: support@beautydecoded.com.

10. Changes to the Privacy Policy

BeautyDecoded SAS reserves the right to modify this privacy policy at any time. Any modification will be communicated to users by a notification within the application and by email.

If you do not accept the changes, you must stop using the application and you can delete your account at any time.

If you have any questions or concerns about changes to this privacy policy, please contact us at support@beautydecoded.com.

11. Contact

If you have any questions or concerns about this privacy policy or the processing of your personal data, please contact us at the following email address: support@beautydecoded.com.

The ordinary

Paula's choice

Typology

Drunk elephant