Privacy policy

PERSONAL DATA

JOSEPH DUCLOS CONFIDENTIALITY POLICY

13/07/2021

1. General statement

    We take your privacy very seriously and hereby pledge to protect it. In our opinion it is essential for you to easily find out which personal data we collect and use, and understand your related rights.

    This Confidentiality Policy (hereby referred to as the “Confidentiality Policy”) explains our policies and practices as to how we collect, use and disclose the personal data that we collect on our digital platforms, in our shops and during our events.

    We recommend reading this Confidentiality Policy carefully, since it contains important information pertaining to your personal data.

    This Confidentiality Policy has been designed to help you find the section you are interested in easily.

    Click here to print out our entire Confidentiality Policy. You may also request a copy of our Confidentiality Policy in any one² of our shops.

    Please feel free to contact us if you have any questions or remarks regarding this Confidentiality Policy (see the “How to contact us” section below).


    2. About us

        The terms “JOSEPH DUCLOS”, “we” and “our” hereby designate JOSEPH DUCLOS as the entity responsible for processing your personal data, unless otherwise specified in this Confidentiality Policy.

        - Manufacture JD is a société par actions simplifiée with capital of 100,000 euros, whose head office is located at 7 rue Léo Delibes 75116 Paris, France, registered at the Paris Trade and Companies Register under the number.

        You can find our contact details in the “How to contact us” section below.


        3.The personal data we collect and how we collect it

          Personal data is defined as information pertaining to an identified or identifiable physical person. It may include for example the name, address and gender of said person.

          We may collect personal data directly from you (for example when you buy a product in a shop) or indirectly (for example from your electronic devices as you interact with our websites, electronic forms or mobile applications)


          3.1. Data you supply directly

              You may supply data:

              • when you set up an account, whether online or in our shops;

              • when you subscribe to our newsletter;

              • when you use our digital platforms;

              • when you buy products or services on our digital platforms or in our shops;

              • when you visit our shops;

              • when you participate in one of our events

              Depending on what you provide, said information may include:

              • your identity (including your first and last names, gender, image and nationality);

              • your contact details (including your mailing address, e-mail and telephone numbers);

              • your marital status (including your title);

              • your purchases and repairs (including your purchasing record and order details);

              • your preferences (including your size);

              • some payment data (including billing information, type or means of payment, credit or debit number);

              • other information provided when filling in forms or contacting us (including your comments or other correspondence, which may include health data pertaining to possible side effects of our cosmetics).


              We shall inform you when your information is needed to process your request, answer any questions or supply products and services. Failure to impart this information may delay or prevent us from processing your request, answering your questions and providing products or services.

              We strive to ensure that the personal data we keep is accurate at all times. We thus encourage you to update your data should any changes occur. We may also ask you to update your data occasionally.


              We recommend that you only provide the data requested or needed to fulfil your request, excluding sensitive data pertaining to race, ethnic origin, political opinions, religious or philosophical beliefs, and data pertaining to health, sex life or sexual orientation.


              3.2 Data collected indirectly

                  We may collect data when you use our digital platforms, particularly your IP address or other browsing data (including your browser, operating system and device model), via cookies or similar technology placed on your device. Some cookies are needed for our digital platforms to work properly and other are used for analysis, which help us customise our services better and improve your digital experience. For more information on cookies and to find out how to modify your preferences, please read our .


                  We may also collect personal data from third parties, in particular if your spouse contacts us on your behalf, or if your friends supply your contact details in order to invite you to events likely to be of interest to you.

                  If you supply someone else’s personal data, you must ensure that you have the right to disclose said data and that we may collect, use and disclose said data for the purposes mentioned in this Confidentiality Policy, without us having to take any other measures required by legislation governing data protection. You must for example ensure that the person in question is aware of the various topics covered in this Confidentiality Policy. The person must also give the consent as specified in this Confidentiality Policy regarding the way we process their personal data.


                  3.3. Minimum age

                    We hereby remind you that we do not collect, neither directly nor indirectly, the personal data of people under the age of 16, without prejudice to any applicable local laws setting a different minimum age. We thus ask you to refrain from supplying the personal data of people who fail to meet this criterion.



                    4. Why we collect your personal data and how we use it

                      We collect and use your personal data based on one or several of the following legal bases:

                      • we have obtained your prior consent (for example when you subscribe to our newsletter). NB: regarding this particular legal base, you have the right to revoke your consent at all times (see below “Your rights regarding your personal data”);

                      • processing is necessary for the purposes of a contract between Joseph Duclos and yourself (for example when you make a purchase);

                      • we have a legitimate interest in processing and this legitimate interest is not overruled by your interests, basic rights or freedom (for example to prevent fraud via your means of payment);

                      • we must process your personal data in order to comply with current legislation and regulations.

                      Depending on the context, we may use your personal data to:

                      • supply products or services you have ordered;

                      • carry out checks to identify you and check your identity;

                      • correspond with you, with your prior consent (see the “Communications” section);

                      • supply after-sales services and manage refunds;

                      • manage your refund requests;

                      • answer your questions, suggestions and requests, in particular requests to exercise your rights;

                      • manage claims and disputes;

                      • manage events you have signed up for and/or participated in;

                      • detect, prevent and fight fraudulent and illegal activity, including to protect your transactions from fraud via your means of payment, act against infringement and the resale of our products in violation of our General Terms & Conditions and/or our retail network;

                      • protect you, the employees and other people in our shops as well as our property;

                      • manage stock for some types of rare product in order to better distribute our products;

                      • monitor and improve our digital platforms;

                      • carry out statistical analyses, in particular to adapt our product and service offer (including the anonymous use of nationality);

                      • improve our products and services;

                      • comply with our legal obligations, which includes providing information to regulatory organisations when required by law, in particular to comply with our legal obligations in terms of cosmetovigilance, prevention and fight against fraud, money laundering and the terrorist financing.

                      5. Communications (newsletters, invitations etc.)

                          With your prior express consent (generally obtained by ticking a specific box on a form), Joseph Duclos you send you information pertaining to offers, services, products and events.

                          We count on your consent to process the personal data you supply for this purpose. Consequently, if you no longer wish to receive said information, you may retract your consent at all times (see below “Your rights regarding your personal data”).

                          We may ask you to confirm or update your communication preferences if you ask us to provide other products and/or services in the future, or in the event of modifications in legislation, regulations or our corporate structure.


                          6. Duration of record-keeping regarding your personal data

                            Your personal data is kept on file for as long as necessary given the purposes for which it was collected, to comply with legal and regulatory obligations and to establish, exercise or defend legal rights.

                            In order to determine the most appropriate record-keeping times for your personal data, we have specifically factored in the quantity, nature and degree of sensitivity of your personal data, the reasons for collecting your personal data, the service you deserve and expect from us and applicable legal requirements. For example:

                            • Prospects (potential clients): your data is kept on file for three years starting on the date of your latest interaction with us, then deleted or filed in compliance with legal record-keeping obligations;

                            • Clients: your data is kept on file throughout the duration of our business relationship and for ten years, then deleted or filed in compliance with legal record-keeping obligations;
                            • Cookies used on digital platforms: they are stored for up to 13 months starting from the date they were installed on your device.

                            7. How we disclose and transfer your personal data

                              We may disclose your personal data only to the parties designated below and for the following reasons:

                              • We disclose your personal data to Joseph Duclos employees who need to access your personal data and have been duly authorised to process them for the above mentioned purposes and have undertaken to maintain confidentiality.
                              • We may be required to disclose your personal data to Joseph Duclos departments in charge of customer relations, retail sales, e-commerce, communication, legal matters, finance, internal audits, IT management and security, for the purposes mentioned in this Confidentiality Policy. It may be a matter of supplying products and services you have ordered, improve available services and, with your consent, send you marketing literature pertaining to offers, services, products and events (for this purpose, you may revoke your consent at all times. Please see the “Your rights regarding your personal data” section below). As part of the fight against fraud via your means of payment, your personal data is communicated to Joseph Duclos in order to process your order and fight against attempts at fraud via online means of payment. In the context of our legitimate interest in the fight against fraud via means of payment, Joseph Duclos may, as the entity responsible for processing data, transmit your financial data to an external service provider with a fraud detection tool in order to authenticate a payment. Said service provider is bound by an obligation to preserve confidentiality.
                              • We may also be required to communicate personal data to third parties acting on behalf of Joseph Duclos and approved by Joseph Duclos. This processing is covered by our prior instructions mentioned in a binding contract which complies with the requirements of applicable legislation. Said disclosure happens for various motifs, in particular:
                                • IT development and assistance;

                                • Hosting and conducting market and economic research and marketing and advertising campaigns;

                                • Checking your information, authenticating payments and processing orders and payments to third parties who provide credit reports, payment services or execution of orders;

                                • Delivery services etc.

                                These service providers agree to comply with confidentiality and are not authorised to use your personal data for any other purpose. We also require them to apply appropriate security measures to protect your personal data.

                                Some of these service providers are located outside your country, and to be precise outside the EU. We have taken measures to ensure that all personal data is protected adequately and transferred legally, including outside the EU. When we transfer personal data outside the EU to a country which has not been designated by the European Commission as having sufficient protection for personal data, the transfers are governed by an agreement stipulating the obligations required by the EU for the transfer of personal data outside the EU, in particular standard contractual clauses approved by the European Commission, or as part of other appropriate guarantees.

                                To obtain a description of the appropriate protective measures, you may send us your request using the information in the “How to contact us” section below.

                                • We may be required by compulsory provisions of applicable legislation or as part of legal proceedings or any other legal request, to disclose your personal data to the authorities or third parties.

                                • We may also disclose or process your personal data in compliance with applicable legislation to defend our legitimate interests (for example as part of civil or criminal proceedings). We may for example disclose said personal data if necessary to identify, contact or take legal action against a physical person or legal entity who has allegedly failed to comply with our General Terms & Conditions of Sale and Use, or who may disturb other users of our digital platforms or cause them injury.
                                • In the event that Joseph Duclos, or all or part of Joseph Duclos’ assets, is acquired by a third party, your personal data may be included in the assets transferred.

                                8. How we protect your personal data

                                  All your personal data is strictly confidential and shall not be accessible except when necessary, only by duly-authorised Joseph Duclos staff and the independent service providers acting on our behalf as part of appropriate technical security and organisational measures.

                                  We have also set up procedures to process all alleged violations of data security. We will inform you, as well as all competent supervisory authorities, in the event of alleged violations of data security, when required by legislation.

                                  We also require that people we send your personal data to comply with all preceding clauses. Unfortunately, data transmission over Internet is not fully secure. We thus cannot guarantee the security of your personal data that you send us over Internet. Said transmission is conducted at your own risk. You hereby acknowledge and agree that we decline all liability in the event of non-authorised use, distribution, damage or destruction of your data, unless legislation requires us to assume such liability. Once we have received your personal data, we shall apply the above-mentioned security measures.



                                  9.Your rights regarding your personal data

                                    In compliance with legislation applicable to data protection, you may at all times request access, rectification, deleting and portability of your personal data, or restrict or oppose processing. A summary of these rights is specified below:

                                    • Your right of access: the right to receive a copy of your personal data.
                                    • Your right of rectification: the right to ask us to rectify any errors in your data or to complete it.
                                    • Your right to be forgotten: the right to ask us to delete your personal data, in certain situations.
                                    • Your right to restrict processing: the right to ask us to restrict the processing of your personal data, in some circumstances, for example if you dispute data accuracy.
                                    • Your right to data portability: the right to receive the personal data you have supplied, in a well-structured, commonly used format, and legible by machines, and/or transmit these data to third parties, in some situations.

                                    Your right to oppose the processing: the right of opposition:

                                    • at all times during the processing of your personal data for direct marketing purposes;

                                    • in some other situations, our ongoing processing of your personal data, for example the processing conducted on the basis of our legitimate interests.

                                    When the processing of your personal data is based on your consent, you may at all times decide to retract it. Retracting said consent shall not affect the processing of your personal data based on other legal bases, such as executing your orders and keeping records of your data on file in compliance with applicable legislation.

                                    If you no longer wish to receive our advertising and promotional information, we hereby remind you that you may revoke your consent to direct marketing at all times directly using the unsubscribe link included in each electronic advertisement we send you. If you do so, we shall quickly update our databases and take all reasonable measures to respond to your request as soon as possible. We may however continue to contact you as necessary in connection with any product or service ordered.


                                    You also have the right to file a complaint with your local data protection authority in the event of alleged violation of the data protection rules applicable to you.

                                    To exercise any of these rights, please contact us using the contact details below (see “How to contact us”).

                                    Please note that if you exercise any of the above-mentioned rights, you will be asked to let us know which right you wish to exercise and supply some information (copy of your ID card, passport or other legally recognised form of ID) in order to identify you, process your request and protect you from fraudulent requests from third parties.


                                    10. How to contact us

                                      If you have any questions in general or about your account, revoking your consent or seeking redress, please contact our Customer Care Department:

                                      • By email: contact@josephduclos.com
                                      • By post: Joseph Duclos, 7 rue Léo Delibes 75016 Paris, France
                                      • On the website, in the “Contact” section

                                      For questions pertaining specifically to advertising e-mails, we hereby remind you that you may at all times unsubscribe directly by clicking on the unsubscribe link in all advertising e-mails we send you.

                                      If you have any questions or concerns pertaining to our Confidentiality Policy or data processing, you may contact the group’s Data Protection Officer at the following address: contact@josephduclos.com

                                      11. Amendments to this Confidentiality Policy

                                        This Confidentiality Policy reflects our current practices and may be amended and updated occasionally. When we publish changes to this Confidentiality Policy, we amend the “Effective date” at the top of the document to indicate when the changes became effective.

                                        Should we make substantial amendments to this Confidentiality Policy, we shall inform you by way of a amendment notice at the beginning of this Confidentiality Policy and on the home page of the “josephduclos.com” website.