STELLA by Stella McCartney pays particular attention to the processing, confidentiality and safety of your personal data.
STELLA by Stella McCartney, a skincare company with headquarters located at 24/32 rue Jean Goujon – 75008 Paris – France, registered in the Paris city trade and companies register under no. 842 426 785 is the data controller of personal data collected on the website www.stellamccartneybeauty.com/us, in the sense of regulations applying to personal data, in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter the "GDPR").
I. What is personal data?
Personal data is any information about an identified physical person or a physical person that may be directly or indirectly identified via an identification number or one or more elements particular to them, such as their last name, first name, date of birth, customer number, order number, photo, etc.
II. When can we collect your personal data?
We can collect your personal data when you:
- Create a customer account on our website;
- Order goods from our website;
- Agree to receive personalized marketing communications from us by email, telephone, SMS or post, depending on your selection;
- Answer surveys or satisfaction questionnaires based on your customer experience;
- Your publications/ mentions of our products on social networks;
- Interact with our Maison via its official page on social networks or when we suggest re-use of content that you have published on a social network;
- Contact our customer service;
- Send requests for information to our Maison;
- Take part in an event we organise;
- Browse on the Internet using cookies or similar technology or when you click on advertisements for our products.
Visitors to the www.stellamccartneybeauty.com/us website who browse our products, information and offers may choose to do so without identifying themselves, as well as for point-of-sale searches and social networking.
III. What personal data might we collect?
(i) As part of the services we provide, we may need to collect certain data directly from you using electronic forms on our website for a range of purposes (see IV for a list of processing purposes) which are limited to those that are relevant and appropriate for that interaction.
Information we might collect includes:
- Your identity
- Your contact details (e.g. email address)
- Your personal preferences in relation to the products we market or to our website (language);
- Information relating to your orders, their tracking and your purchase invoices;
- Information you may provide for our customer service;
- Specific health data if you notify us of any undesirable side-effects concerning any of our products;
- Your bank details if you place an order via our website;
- our publications/mentions relating to our products on social networks.
Personal data essential to STELLA by Stella McCartney is marked with an asterisk on all personal data collection forms on our website, in electronic form at some of our counters and stores, as well as off-line in paper form. If you do not fill in these compulsory fields, STELLA by Stella McCartney will probably be unable to respond to your request and/or provide you with the requested services. Other information is optional and enables us to get to know you better and improve our communications and services with respect to you.
During your purchase journey, you will be able to choose between i) logging into your existing STELLA by Stella McCartney account, ii) creating a new account, or iii) paying as a Guest. This last purchasing experience is thus summarized as follows. Payment for purchases as a Guest refers to the possibility for any STELLA by Stella McCartney customer or prospect to make a purchase in our online store without logging into an account. Your information is collected for the process of payment and delivery of items or for STELLA Stella McCartney in order to comply with applicable laws. Your information may also be used for analytical purposes by STELLA by Stella McCartney and for communication purposes via its preferred channel (for example: sending a general newsletter relating to the news of our Maison by email for which you have the right to object). For more information on these purposes, please go to the section "For what purpose is your personal data collected and used?".
(ii) We may also collect certain data generated by your purchases of products or services, online, particularly information regarding the amount and type of your purchases.
We invite you to ensure that your data is regularly updated, either by modifying it directly on our sites or by informing us in writing of any modification by referring to the dedicated section " X" : What are your rights and how can you exercise them? ".
IV. For what purpose is your personal data collected and used?
STELLA by Stella McCartney processes your data to:
- Enable you to create a customer account on our website;
- Manage your access to your customer account on the Internet;
- Process and manage your online orders and their delivery;
- Secure online transactions, prevent fraud, payment incidents and manage debt collection (see our Terms & Conditions for more details) ;
- Manage customer relations with respect to any requests for information or complaints you may send us via our website, customer service or social network pages;
- Trace and manage any alerts you may send us as part of our cosmetic vigilance obligations;
- Manage and optimise your customer experience by improving our knowledge of our customers;
- Propose appropriate, tailored services, particularly when we enhance our products and services;
- Conduct statistical analyses to develop management, measuring and reporting tools in order to adjust and improve our sales, marketing and product manufacturing;
- Carry out audience analysis or statistics;
- To analyse our brand performance on social networks in order to produce statistical analysis (market research, brand influence and campaign analysis).
- Promote our Maison;
- Manage your participation in the events for which you register;
- Send a generic newsletter: you have the right to object if you no longer wish to receive it;
- Subject to your free, specific, informed and unambiguous consent: to send you personalised information according to the communication preferences you have indicated to us in your profile if you have a customer account, otherwise you have the possibility to contact us, see section "XI". What are your rights and how to exercise them" and use third party services to personalise your profile.
In the latter interaction, when we send personalised communications or content, we may use so-called profiling techniques. For the sake of transparency within this Policy, profiling is defined as any form of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements concerning the preferences, interests, behaviour, location of that natural person. In these circumstances, you have the right to withdraw your consent.
V. What legal grounds legitimise the processing of your data?
STELLA by Stella McCartney processes your personal information:
- To perform the contract agreed between yourself and STELLA by Stella McCartney, to manage your access to your customer account, and to process and track your orders;
- Our legitimate interest: for example, to improve our products and services, to defend ourselves, to secure our tools or to refine our customer knowledge through our third party partners' tools and in particular to:
- to define the personalised profile of our customers based on their interests and to provide them with relevant offers of our brand on other websites;
- identify audiences similar to our target audience (in order to deliver our offers to audiences of people with similar profiles to our customers).
- When you have given your consent for the processing of your data, especially for the purposes of managing our personalized sales prospection, and of your browsing data via cookies, etc.
- Within the framework of compliance with our legal obligations, particularly fiscal obligations (conserving purchase invoices) and cosmetic vigilance with regard to Regulation (EU) 1223/2009 of 30 November 2009 on cosmetic products.
VI. Who are the recipients of your personal data?
Your personal data is processed by the personnel of STELLA by Stella McCartney. We ensure that only authorised persons within STELLA Stella McCartney have access to your personal data when this is necessary for the purpose of managing our commercial relations or meeting our legal obligations.
We may also disclose your personal data, if possible in a format that does not allow direct identification, to:
- Other STELLA by Stella McCartney subsidiaries in Europe or abroad;
- Other entities of the LVMH Group, with some of these entities acting as data processors;
- Subcontractors, such as:
- site hosting and maintenance service providers and the providers of our electronic personal data collection solutions at counters and in stores;
- payment service providers, such as our trusted provider Adyen NV. You can find out more about how our provider may use and process your personal information at https://www.adyen.com/policies-and-disclaimer/privacy-policy ;
- fraud prevention and control providers, such as our trusted provider, Forter, who helps us prevent online fraud. Our provider may, as a data controller, use and process your personal information in accordance with applicable privacy and data protection laws. You can find out more about how our provider may use and process your personal information at https://www.forter.com/privacy-policy/payment service providers;
- anti-fraud service providers;
- logistic service providers;
- marketing solution service providers;
- customer service providers;
- service providers for managing cosmetic vigilance alerts;
- event organisation service providers;
- Third parties, including the LVMH Group, who wish to learn about your preferences and patterns of use of our programs and services in order to improve their visibility, accessibility and performance;
- Third parties wishing to know your interests so that they can build up similar audiences and target prospects corresponding to your profile. In the context of this specific processing, these partners may re-use the personal data made available to them to carry out autonomous and distinct targeting for commercial prospecting purposes, for which they are responsible, and are responsible for their legal and regulatory obligations.
- Please note that in the context of re-use, these partners act as data controllers. You should therefore refer to their own privacy policies. We illustrate some examples in the table below:
- Third parties in the event of a change of control or a change of status or company name for legal reasons;
- You may also choose to disclose your personal data to our partners, advertisers and affiliates by following a link to and from their websites. Please note that these websites have their own privacy policies;
- We may also offer you the opportunity to use your social network login details. Please note that in this case you share your profile information with us. The personal data shared depends on the configuration of the social network platform. Please note that these social networks have their own privacy policies.
Lastly,STELLA by Stella McCartneymay need to share your personal data with third parties to meet its legal, regulatory or treaty obligations, or to respond to requests from authorised legal authorities.
VII. How do we ensure the protection and confidentiality of your data?
The security measures we have in place are evaluated and updated to meet new threats and challenges, as well as new legal requirements in the countries where we operate.
We require our partners and group companies to maintain a similar level of protection for your personal data as we do. We take reasonable precautions to ensure the confidentiality and security of your data. We prevent your data from being distorted, damaged, destroyed or accessed by unauthorised third parties.
Your bank details are not transmitted unencrypted on the servers of STELLA by Stella McCartney.. Payments are made via a secure payment platform, supplemented by control measures, in order to guarantee the security of purchases made on [URL of the websiteww.stellamccartneybeauty.com/us] and to fight against fraud.
The details of your payment card communicated at the time of your order are never accessible in clear text on the network: they are encrypted using the SSL (Secure Socket Layer) protocol.
VIII. Data transfers abroad
Because STELLA by Stella McCartney operates in many countries around the world and in order to provide you with a personalisedpersonalized service worldwide, some of your data may be collected, accessed or stored outside your country of residence.
You should be aware that data protection and security requirements differ from place to place and may not provide the same level of protection as in your home country.
You are informed that your data may be transferred for the purposes mentioned above to companies located in countries outside the USA which have a lower level of data protection than the USA. Prior to the transfer outside the USA, STELLA by Stella McCartney will take all necessary measures and guarantees to secure such transfers.
Data may also be processed by staff operating outside the USA who work for us or for one of our service providers.
IX. How long do we keep your data?
The legal retention periods defined by STELLA by Stella McCartney comply with the recommendations of the Personal Data Authority of your country and/or the legal obligations to which STELLA by Stella McCartneyis subject.
We keep your personal data only for as long as is necessary to fulfil the purpose for which it was collected, to meet your needs, or to comply with our legal obligations.
In general, your personal data is kept in our database:
- Data subject: Regular customer (i.e.: having a Customer profile)
- Duration: 5 years from the date of the first purchase or account creation
- Specificity: This period will be renewed each time you interact with STELLA by Stella McCartney (for example a purchase or an update of your profile) or your consent to continue to interact at the end of this period
- Data subject: Prospect (i.e. never purchased products from STELLA by Stella McCartney but registered for our communications)
- Duration: 3 years from the date of data collection
- Specificity: This period will be renewed each time you interact with STELLA by Stella McCartney (e.g. participation in an event) or your consent to continue to interact at the end of this period
- Data subject: Client ‘Guest’ (i.e. not having a Client account)
- Duration: 5 years from the date of first purchase
- Specificity: This period will be renewed each time you interact with STELLA by Stella McCartney (e.g. a purchase)
- Data subject: customer care (i.e.: complaints or information)
- Duration: duration of the processing of the request plus 5 years. For exercises of rights, under GDPR, the request is kept during its treatment plus 6 years
- Data subject: cosmetovigilance
- Duration: duration of the processing of the request plus 10 years in archive
- Data subject: Privileged interlocutors (e.g. agents, stylists, journalist, celebrity managers, artists) in relation to Maison STELLA by Stella McCartney Public Relations services
- Duration: 10 years from the date of your first contact
- Specificity: This period will be renewed each time you interact with STELLA by Stella McCartney(for example a request for information on the STELLA by Stella McCartney)
If cookies are placed on your computer, we keep them for a maximum of 6 months.
When we no longer need to use your personal data, it is deleted from our systems and our registers or made anonymous so that it can no longer be identified, subject to retention for archival purposes. claims and litigation management as well as to meet our legal and / or regulatory obligations and / or to respond to requests from authorities authorized to make the request.
X. What are your rights and how can you exercise them?
In particular, the GDPR provides the following rights:
- Right to information: you have the right to obtain clear, transparent and understandable information about how we use your personal data and about your rights. You will find all of this information in this policy
- Right of access: you have the right to access the personal data that STELLA by Stella McCartney holds about you
- Right of rectification: you have the right to have your personal data rectified if it is inaccurate or obsolete and / or to supplement it if it is incomplete
- Right to erasure / right to be forgotten: you have the right to have your data erased or deleted. However, this right may be limited by a legal reason or our legitimate interest in keeping your personal data
- Right of opposition: you can at any time request to no longer receive our communications relating to our offers, news and events. You can in particular use the hypertext link provided for this purpose in each email or communication that we send to you. You can also request to receive non-personalized communications about our products and services
- Right to withdraw consent at any time for data processing based on consent: you can withdraw your consent relating to our processing of your data when this processing is based on consent
- Right to data portability: you have the right to move, copy or transfer data from our database to another. This right only applies to the data you have provided, and provided that the processing is based on a contract or your consent and carried out using automated processes
These rights can be exercised directly with STELLA by Stella McCartney by e-mail to firstname.lastname@example.org or by post to 24/32 rue Jean Goujon – 75008 Paris – France.
You also have the right to contact STELLA by Stella McCartney the data protection authority of your country to lodge a complaint against the data protection and privacy practices of STELLA by Stella McCartney. We can find the contacts of authorities in Europe that you can find and contact on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_fr
STELLA by Stella McCartney does not ‘sell’ personal information as that term is defined under the California Consumer Privacy Act of 2018 (CCPA). As an added assurance to California residents who entrust their personal data to us, they may also sign up for a Do Not Sell My Information Log that we maintain. California Civil Code Section 1798.83 permits our visitors who are California residents to request information pertaining to the personal information that we hold about them, as well as the right to request a copy of their information, and the right to request deletion of their information. There are certain exceptions and limitations that apply. Please click hereto view our CCPA Privacy Notice, which includes additional information as well as links to exercise those rights.
As also described in the CCPA Privacy Notice, California residents can also exercise these rights directly by emailing us at email@example.com and include “CCPA Rights” in the reference line, or by reaching out to us using the contact information listed in the Contact Us section below.
For California residents, see our complete California Consumer Privacy Act of 2018 (CCPA) Privacy Notice here
STELLA by Stella McCartney does not ‘sell’ personal information as defined under Nevada’s consumer privacy law (SB 220). As an added assurance to individuals who entrust their personal data to us, they may sign up for a Do Not Sell My Information Log that we maintain. To do so, please email us at us firstname.lastname@example.org, and include the reference line “Nevada Do Not Sell”. We may contact you for additional information in order to process your request.
XI. Contact details of the Data Protection Officer (DPO)
For all questions relating to the collection and processing of your data by STELLA by Stella McCartney you can contact the STELLA by Stella McCartney Data Protection Officer at email@example.com