Privacy policy
We respect your concerns regarding privacy and we place great importance on our relationship with you.
The Privacy and Cookies Policy, accessible from every page of Galénic’s website (at this address: https://galenic.com/policies/privacy-policy) provides further details on:
The contact details for Galénic, responsible for processing your personal data
Personal data in connection with your use of Galénic’s website (the "Website") is collected by Galénic Cosmetics Laboratory ("Galénic"), a société par actions simplifiée [simplified joint-stock company] with a share capital of EUR 20,010,000, the registered office of which is located at 3, rue du Colonel Moll, 75017 Paris, listed on the Register of Trade and Companies of Paris under number Paris B 889 310 108. Galénic is a Yatsen group company.
You can also send your questions about personal data using the contact form available here or by contacting the following email address: contact@galenic.com.
The purposes for collecting your personal data
The Company processes your personal data, so that you can:
(i) place online orders for the Galénic products available on the Website
(ii) create your account so you can reuse your data, benefit from loyalty schemes and receive promotional material
(iii) leave comments on our products
(iv) receive the Galénic newsletter
(v) browse the Galénic Website or our social network pages
(vi) receive personalised advertising on our Website, on third-party websites or on the social networks, according to your prior acceptance of cookies, or according to the profiles established on our Website
(vii) receive marketing material and information by email, whether personalised or not, depending on the user profiles on our Website (age, gender, skin type, requests for cosmetic advice)
(viii) contact our customer service department
(ix) interact with our social network pages (Facebook, Youtube and Instagram)
Galénic also processes your personal data in order to:
(x) Generate usage statistics for our Website and our products, as well as for audits relating to safety, compliance, and the existence of Galénic
(xi) Provide you with personalised advertising on other third-party websites when you have previously interacted with Galénic, depending on these interactions and your profile
(xii) Assess the performance of our advertising and marketing communications and our interactions with you
(xiii) Fight against and prevent fraud, ensure the security of the Website and your data
(xiv) Fulfil our legal obligations, including for the purposes of pharmacovigilance
(xv) Improve our Website, our products and services, our communication with you
(xvi) Manage and transfer Galénic assets
(xvii) Manage pre-litigation and litigation cases
The data categories we collect regarding visitors to our Website and our customers
The personal data collected on our Website is as follows:
- Data related to orders and their fulfilment: surname, first name, email address, physical address, delivery address if different, mobile telephone number
- Data used to create the account: email address and password / surname, first name
- Customer emails completed for the purposes of receiving the newsletter
- Customer opinions on the Products ordered or on their Website experience
- Payment data (bank card: Master Card, Visa or American Express) and the IP address used when paying for ordered products
- Browsing data for the Galénic Website, data relating to baskets, orders, searches for Galénic products
- Technical data relating to the browser and the terminal you use, IP address, connection time and date, browsing data regarding Website entry, Website exit and Website consultation
- Cookies in accordance with the settings on the cookie consent tool
The legal basis applicable to each purpose and the data retention period
The following table provides the details for the personal legal bases which Galénic uses to justify the processing of the aforementioned data, as well as how long such data is retained by Galénic. These legal bases are determined by the European General Data Protection Regulation (“GDPR”).
Purpose for processing the data |
Data concerned |
Applicable legal basis |
Retention period |
Ordering products and fulfilling the order (including customer support relations, payment management, the sending of information regarding the products and the sending of marketing suggestions for similar products, satisfaction surveys by email) |
Surname, first name, email address, billing and delivery addresses |
Fulfilment of contract |
5 years for the fulfilment of the order, including customer support relations with regard to orders |
Creating an account (including the sending of a satisfaction questionnaire by email, loyalty schemes, competition suggestions) |
Surname, first name, email address, date of birth |
Consent |
Until you close your account, or 3 years after the last time you used your account (made an order, clicked on one of our emails) |
Leaving comments |
Surname, first name, email, IP address |
Legal obligation |
Retention of surnames, first names and email whilst the comment is accessible; IP address, date and time are retained for one year from the comment being made available online |
Newsletter |
|
Consent |
Until you cancel your subscription to the newsletter |
Browsing the Galénic Website (with or without creating an account) Browsing the Galénic pages on social networks (Instagram, Facebook or Youtube) |
IP address whilst browsing our Website, date and time, time spent browsing our Website, pages and products consulted or searched for, basket, the last website you visited before opening our Website unless you created an account, data regarding your browser or the type of terminal (computer, mobile, tablet) from which you are browsing. Some information is collected using cookies, further to your consent, in accordance with specific information via the cookie consent tool. Statistical data sent by the social network being used |
Consent for cookies (excluding cookies required for the operation of the Website, basket, session cookies) or legitimate interest (website security or statistics) |
Maximum retention period of 13 months for cookies, 6 months for rejecting cookies, |
Personalised promotional emails as the case may be depending on the information from your account |
|
Consent |
Until you withdraw your consent |
Personalised advertising on the Galénic Website or on third-party websites in terms of advertisements to Galénic’s benefit |
Account data or |
Consent |
Until you withdraw your consent for cookies, or until your account on the Galénic Website is deleted or your account on the social network being used is deleted |
Communicating with customer services via the contact form |
Surname, first name, email |
Consent |
For 3 years from the last interaction with customer services |
Creating user and customer profiles, statistics and usage analysis for our products and our websites |
Order data, account creation and usage data, data relating to your interaction with customer support, usage data regarding the Website, our products, our newsletter, our satisfaction surveys |
Legitimate interest, unless your fundamental interests and rights prevail |
For the aforementioned retention periods, and beyond after data anonymisation |
Fighting against fraud |
Payment data held by our service providers, browsing data |
Legitimate interest, unless your fundamental interests and rights prevail |
13 months from the date the bank card was debited, 15 months if a deferred debit card is used |
Fulfilling our legal obligations (invoicing, accounting, cosmetovigilance, security audits, compliance audits, fulfilling your requests for the right to access, rectify or delete your data, and to object to commercial canvassing) |
Payment data, invoices, technical data, requests and responses relating to exercising GDPR rights, incident notifications with respect to cosmetovigilance obligations |
Legal obligation |
Retention of invoices for 5 years for orders of less than €120, 10 years for orders of over €120. |
Improving our products and services, including in terms of pharmacovigilance |
Satisfaction surveys, customer support relations, user and customer profiles, notifications of adverse effects |
For the aforementioned retention periods, and beyond after data anonymisation. |
|
Audits related to company existence |
All aforementioned data |
Legitimate interest, unless your fundamental interests and rights prevail |
For the aforementioned retention periods, and beyond after data anonymisation |
Managing pre-litigation and litigation cases |
For the aforementioned retention periods, and/or 5 years from the end of the pre-litigation and litigation case |
||
Interaction with our social network pages (Facebook, Instagram and Youtube) |
Your social network profile, any comments, interactions with the Galénic page/account |
Fulfilment of contract as a joint controller with the relevant social network |
For the retention periods defined by the social networks you are using |
Our customers’ rights regarding our use of their personal data, including how customers can exercise these rights and how they can contact us
In compliance with the French Data Protection Act of 6 January1978 amended and with European Regulation No. 2016/679 of 27 April 2016 (GDPR), you have the following rights for all data concerning you:
· The right to update your data,
· The right to delete your data,
· The right to access your data,
· The right to object to the processing of your data, to profiling,
· The right to request data portability,
. The right to restrict the processing of your personal data,
· The right to withdraw your permission for your contact details being used to send offers and promotions via email,
. The right to withdraw your consent for cookies being stored and read on your terminal,
· The right to define what will happen to your personal data after your death, and specifically to decide whether or not to send your data to a third party of your choosing
You can exercise your rights using the contact form available here:
https://galenic.com/pages/contact
Galénic may first ask for proof of identity.
You can also contact the Galénic Data Protection Officer at the following email address: dpo@galenic.com
In the absence of a satisfactory response, you can also make an enquiry on the CNIL (French National Commission for Data Protection) website: www.cnil.fr or make a complaint to this supervisory authority at the following address: CNIL - 3 Place de Fontenoy, 75007 Paris.
The people and service providers who have access to your data
- In-house recipients. Access to your personal data is strictly limited to Galénic employees, authorised by virtue of their duties and subject to abiding by the applicable regulations in terms of personal data protection, namely (i) customer services (ii) the invoicing department and (iii) technical support, in the event that it is necessary to access your personal data during upgrades or corrective maintenance. Your data may be sent to Galénic’s management, for processing pre-litigation and litigation cases and for the purposes of pharmacovigilance obligations. Specifically, it may be sent to the Chairman of Galénic Cosmetics Laboratory SAS and Yatsen Global PTE LTD, a company for which the registered office is located in Singapore. The standard contractual clauses of the European Commission dated 4 June 2021 are there to govern personal data protection in such a way that complies with GDPR rules with respect to this communication. For the purposes of pharmacovigilance obligations, the data will be pseudonymised.
b) Galénic service providers. The data collected will be sent to our service providers who are contractually responsible for ensuring that the Website and its functions are working correctly, including in terms of processing your orders and requests, namely:
The service provider for customer services,
● The service provider for customer management,
● The service provider for satisfaction surveys,
● The service provider for managing and running the social networks,
● The service provider for hosting,
● The service provider for cloud services,
● The service provider for email services,
● The technical service providers,
● Our payment service provider, in compliance with the PCI DSS standard,
● The service provider for analysing user behaviour,
● The social networks on which Galénic has created a dedicated page or account,
● The logistical carriers,
● The accountants, auditors and legal counsels,
● The Ministry of Health, for reporting cosmetovigilance incidents,
● The buyers of any assets and/or business assets if Galénic’s assets or business assets are sold
The precautions we take to ensure information security
Galénic implements all the technical and organisational means to ensure the security and privacy of your personal data, so as to prevent any attack on its integrity, to prevent its disclosure, or jeopardise its availability.
The transfer of data abroad
Your personal data is processed by Galénic in France, but also in countries where personal data protection is deemed sufficient by the European Union, such as Canada.
Galénic sends some of your personal data to service providers outside of the European Union (United States, Singapore, China). In which case, Galénic goes by the standard Contractual Clauses decreed by the European Commission, or by the binding corporate rules validated by a supervisory authority, such as the CNIL (French National Commission for Data Protection). Galénic applies the relevant guarantees, and where necessary, additional security measures.
The use of cookies
Cookies are files that may be stored on your terminal (computer, mobile) then read by Galénic or third parties, when visiting the Website thanks to your browser software. The list of cookies and their purpose is shown in the cookie consent tool, as well as on every page of the Website. This consent management tool allows you to withdraw your consent for cookies being stored and read.
Galénic uses the cookies required for the operation of the Website and for product orders: this includes technical cookies for authentication purposes, session identification cookies and shopping basket cookies. If you delete them, your Website experience may be disrupted.
You can deactivate/delete the non-obligatory cookies that have been stored by using the settings for each browser opened on your terminals (computer, smartphone, tablet, etc.)
Your consent is required for the storage and reading of cookies that are not fundamental to the operation of the service: this includes statistical cookies, advertising cookies and functional cookies. You can set the consent tool so that the storage of such cookies is rejected.
List of cookies
- Functional cookies required for the operation of Galénic’s Website issued by our service provider Shopify: https://www.shopify.fr/legal/cookies
Name |
Purpose |
Retention period |
ab |
Used in connection with accessing the administrator interface. |
2 years |
_secure_session_id |
Used in connection with browsing an online shop. |
24 hours |
_shopify_country |
Used in connection with payment. |
Session |
_shopify_m |
Used in connection with managing customer privacy settings |
1 year |
_shopify_tm |
Used in connection with managing customer privacy settings. |
30 minutes |
_shopify_tw |
Used in connection with managing customer privacy settings. |
2 weeks |
_storefront_u |
Used in connection with updating customer account information. |
1 minute |
_tracking_consent |
Tracking preferences. |
1 year |
c |
Used in connection with payment. |
1 year |
panier |
Used in connection with the shopping basket. |
2 weeks |
cart_currency |
Used in connection with the shopping basket. |
2 weeks |
cart_sig |
Used in connection with payment. |
2 weeks |
cart_ts |
Used in connection with payment. |
2 weeks |
cart_ver |
Used in connection with the shopping basket. |
2 weeks |
paiement |
Used in connection with payment. |
4 weeks |
checkout_token |
Used in connection with payment. |
1 year |
dynamic_checkout_shown_on_ |
Used in connection with payment. |
30 minutes |
hide_shopify_pay_for_checkout |
Used in connection with payment. |
Session |
keep_alive |
Used in connection with locating buyers |
2 weeks |
master_device_id |
Used in connection with merchant login details |
2 years |
previous_step |
Used in connection with payment. |
1 year |
remember_me |
Used in connection with payment. |
1 year |
secure_customer_sig |
Used in connection with customer login details. |
20 years |
shopify_pay |
Used in connection with payment. |
1 year |
shopify_pay_redirect |
Used in connection with payment. |
30 minutes |
storefront_digest |
Used in connection with customer login details. |
2 years |
tracked_start_checkout |
Used in connection with payment. |
1 year |
_checkout_queue_checkout_token |
Used in connection with payment. |
|
_checkout_queue_token |
Used in connection with payment. |
|
cookieconsent_preferences_disabled |
Used to record the consent of the user for the use of cookies when the Website is displayed. |
1 year |
- Statistical cookies issued by our service providers Shopify and Google:
https://policies.google.com/technologies/cookies#types-of-cookies
https://www.shopify.fr/legal/cookies
Name |
Purpose |
Retention period |
_landing_page |
Track landing pages (Shopify) |
2 weeks |
_orig_referrer |
Track landing pages (Shopify) |
2 weeks |
_s |
Analyses of data supplied by Shopify. |
30 minutes |
_shopify_d |
Analyses of data supplied by Shopify. |
Session |
_shopify_s |
Analyses of data supplied by Shopify. |
30 minutes |
_shopify_sa_p |
Analyses of data supplied by Shopify in connection with marketing and referrals. |
30 minutes |
_shopify_sa_t |
Analyses of data supplied by Shopify in connection with marketing and referrals. |
30 minutes |
_shopify_y |
Analyses of data supplied by Shopify. |
1 year |
_y |
Analyses of data supplied by Shopify. |
1 year |
_shopify_evids |
Analyses of Shopify data. |
Session |
_ga |
Google statistical analyses |
2 years |
_gid |
Google statistical analyses |
2 years |
IDE |
DoubleClick cookies in connection with targeted marketing |
13 months |
_gcl_au |
Used to measure the conversion rate for visits to our Website after viewing advertisements on Google |
3 months |
__kla_id |
Click analyses on emails sent by Klaviyo on our Website |
2 years |
KL_FORMS_MODAL |
Analysis of Newsletter subscription by Klaviyo |
2 years |
This policy is applicable to natural persons who visit the Galénic Website, subscribe to the newsletter, order Galénic products, or create an account on the Galénic Website. You must be an adult and must not be legally incompetent. When you create an account on our Website, you must create a password, and ensure this is kept private. This password must be strong and include uppercase letters, lowercase letters, numbers and special characters. If you realise that your account has been used by a third party, you must inform Galénic of this immediately.
This privacy policy may be updated, refer to the number and version date.
Each update will be notified on the Website.
Version No. 1.0, 1 September 2021