Privacy policy
We respect your concerns regarding privacy
and we place great importance on our relationship with you.
The Privacy and Cookies Policy, accessible from
every page of Galénic’s website (at this address: https://galenic.com/blogs/infos/politique-de-confidentialite) provides further details on:
The contact details for Galénic, responsible for processing your personal data
Personal data in connection with your use of Galénic’s
website (the "Website") is collected by Galénic Cosmetics Laboratory
("Galénic"), a société par
actions simplifiée [simplified joint-stock company] with a share capital of
EUR 20,010,000, the registered office of which is located at 3, rue du Colonel
Moll, 75017 Paris, listed on the Register of Trade and Companies of Paris under
number Paris B 889 310 108. Galénic is a Yatsen group company.
You can
also send your questions about personal data using the contact form available here
or by contacting the following email address: contact@galenic.com.
The purposes for collecting your personal data
The Company
processes your personal data, so that you can:
(i) place online orders for the Galénic products
available on the Website
(ii) create your account so you can reuse your
data, benefit from loyalty schemes and receive promotional material
(iii) leave comments on our products
(iv) receive the Galénic newsletter
(v) browse the Galénic Website or our social network
pages
(vi) receive personalised advertising on our
Website, on third-party websites or on the social networks, according to your
prior acceptance of cookies, or according to the profiles established on our
Website
(vii) receive marketing material and information
by email, whether personalised or not, depending on the user profiles on our
Website (age, gender, skin type, requests for cosmetic advice)
(viii) contact our customer service department
(ix) interact with our social network pages (Facebook,
Youtube and Instagram)
Galénic also processes your personal data in
order to:
(x) Generate usage statistics for our Website
and our products, as well as for audits relating to safety, compliance, and the
existence of Galénic
(xi) Provide you with personalised advertising
on other third-party websites when you have previously interacted with Galénic,
depending on these interactions and your profile
(xii) Assess the performance of our advertising
and marketing communications and our interactions with you
(xiii) Fight against and prevent fraud, ensure
the security of the Website and your data
(xiv) Fulfil our legal obligations, including
for the purposes of pharmacovigilance
(xv) Improve our Website, our products and services,
our communication with you
(xvi)
Manage and transfer Galénic assets
(xvii) Manage pre-litigation and litigation
cases
The data categories we collect regarding visitors to our Website and our
customers
The
personal data collected on our Website is as follows:
- Data related to orders and their fulfilment: surname,
first name, email address, physical address, delivery address if different, mobile
telephone number
- Data used to create the account: email address
and password / surname, first name
- Customer emails completed for the purposes of
receiving the newsletter
- Customer opinions on the Products ordered or
on their Website experience
- Payment data (bank card: Master Card, Visa or
American Express) and the IP address used when paying for ordered products
- Browsing data for the Galénic Website, data
relating to baskets, orders, searches for Galénic products
- Technical data relating to the browser and the
terminal you use, IP address, connection time and date, browsing data regarding
Website entry, Website exit and Website consultation
- Cookies in accordance with the settings on the
cookie consent tool
The legal basis applicable to each purpose and the data retention period
The following table provides the details for the personal legal bases which Galénic uses to justify the processing of the aforementioned data, as well as how long such data is retained by Galénic. These legal bases are determined by the European General Data Protection Regulation (“GDPR”).
Purpose for processing the data |
Data concerned |
Applicable legal basis |
Retention period |
Ordering products and fulfilling the order (including customer support relations, payment management, the sending of information regarding the products and the sending of marketing suggestions for similar products, satisfaction surveys by email) |
Surname, first name, email address, billing and delivery addresses |
Fulfilment of contract |
5 years for the fulfilment of the order, including customer support relations with regard to orders |
Creating an account (including the sending of a satisfaction questionnaire by email, loyalty schemes, competition suggestions) |
Surname, first name, email address, date of birth |
Consent |
Until you close your account, or 3 years after the last time you used your account (made an order, clicked on one of our emails) |
Leaving comments |
Surname, first name, email, IP address |
Legal obligation |
Retention of surnames, first names and email whilst the comment is accessible; IP address, date and time are retained for one year from the comment being made available online |
Newsletter |
Consent |
Until you cancel your subscription to the newsletter |
|
Browsing the Galénic Website (with or without creating an account) Browsing the Galénic pages on social networks (Instagram, Facebook or Youtube) |
IP address whilst browsing our Website, date and time, time spent browsing our Website, pages and products consulted or searched for, basket, the last website you visited before opening our Website unless you created an account, data regarding your browser or the type of terminal (computer, mobile, tablet) from which you are browsing. Some information is collected using cookies, further to your consent, in accordance with specific information via the cookie consent tool. Statistical data sent by the social network being used |
Consent for cookies (excluding cookies required for the operation of the Website, basket, session cookies) or legitimate interest (website security or statistics) |
Maximum retention period of 13 months for cookies,
6 months for rejecting cookies, |
Personalised promotional emails as the case may be depending on the information from your account |
Consent |
Until you withdraw your consent |
|
Personalised advertising on the Galénic Website or on third-party websites in terms of advertisements to Galénic’s benefit |
Account data or |
Consent |
Until you withdraw your consent for cookies, or until your account on the Galénic Website is deleted or your account on the social network being used is deleted |
Communicating with customer services via the contact form |
Surname, first name, email |
Consent |
For 3 years from the last interaction with customer services |
Creating user and customer profiles, statistics and usage analysis for our products and our websites |
Order data, account creation and usage data, data relating to your interaction with customer support, usage data regarding the Website, our products, our newsletter, our satisfaction surveys |
Legitimate interest, unless your fundamental interests and rights prevail |
For the aforementioned retention periods, and beyond after data anonymisation |
Fighting against fraud |
Payment data held by our service providers, browsing data |
Legitimate interest, unless your fundamental interests and rights prevail |
13 months from the date the bank card was debited, 15 months if a deferred debit card is used |
Fulfilling our legal obligations (invoicing, accounting, cosmetovigilance, security audits, compliance audits, fulfilling your requests for the right to access, rectify or delete your data, and to object to commercial canvassing) |
Payment data, invoices, technical data, requests and responses relating to exercising GDPR rights, incident notifications with respect to cosmetovigilance obligations |
Legal obligation |
Retention of invoices for 5 years for orders
of less than €120, 10 years for orders of over €120. |
Improving our products and services, including in terms of pharmacovigilance |
Satisfaction surveys, customer support relations, user and customer profiles, notifications of adverse effects |
For the aforementioned retention periods, and beyond after data anonymisation. |
|
Audits related to company existence |
All aforementioned data |
Legitimate interest, unless your fundamental interests and rights prevail |
For the aforementioned retention periods, and beyond after data anonymisation |
Managing pre-litigation and litigation cases |
For the aforementioned retention periods, and/or 5 years from the end of the pre-litigation and litigation case |
||
Interaction with our social network pages (Facebook, Instagram and Youtube) |
Your social network profile, any comments, interactions with the Galénic page/account |
Fulfilment of contract as a joint controller with the relevant social network |
For the retention periods defined by the social networks you are using |
Our customers’ rights regarding our use of their personal data, including how customers can exercise these rights and how they can contact us
In
compliance with the French Data Protection Act of 6 January1978 amended and
with European Regulation No. 2016/679 of 27 April 2016 (GDPR), you have the
following rights for all data concerning you:
· The right to update your data,
· The right to delete your data,
· The right to access your data,
· The right to object to the processing of your
data, to profiling,
· The right to request data portability,
. The right to restrict the processing of your
personal data,
· The right to withdraw your permission for your
contact details being used to send offers and promotions via email,
. The right to withdraw your consent for cookies
being stored and read on your terminal,
· The right to define what will happen to your
personal data after your death, and specifically to decide whether or not to
send your data to a third party of your choosing
You can exercise your rights using the contact
form available here:
https://galenic.com/pages/1
Galénic may first ask for proof of identity.
You can also contact the Galénic Data Protection
Officer at the following email address: dpo@galenic.com
In the absence of a satisfactory response, you
can also make an enquiry on the CNIL (French National Commission for Data
Protection) website: www.cnil.fr or make a complaint to this supervisory
authority at the following address: CNIL - 3 Place de Fontenoy, 75007 Paris.
The people and service providers who have access to your data
a)
In-house recipients. Access to your personal data is
strictly limited to Galénic employees, authorised by virtue of their duties and
subject to abiding by the applicable regulations in terms of personal data
protection, namely (i) customer services (ii) the invoicing department and (iii)
technical support, in the event that it is necessary to access your personal
data during upgrades or corrective maintenance. Your data may be sent to
Galénic’s management, for processing pre-litigation and litigation cases and
for the purposes of pharmacovigilance obligations. Specifically, it may be sent
to the Chairman of Galénic Cosmetics Laboratory SAS and Yatsen Global PTE LTD, a
company for which the registered office is located in Singapore. The standard
contractual clauses of the European Commission dated 4 June 2021 are there to
govern personal data protection in such a way that complies with GDPR rules
with respect to this communication. For the purposes of pharmacovigilance
obligations, the data will be pseudonymised.
b) Galénic service providers. The data
collected will be sent to our service providers who are contractually
responsible for ensuring that the Website and its functions are working
correctly, including in terms of processing your orders and requests, namely:
● The service
provider for customer services,
● The service
provider for customer management,
● The service
provider for satisfaction surveys,
● The service
provider for managing and running the social networks,
● The service
provider for hosting,
● The service
provider for cloud services,
● The service
provider for email services,
● The
technical service providers,
● Our payment
service provider, in compliance with the PCI DSS standard,
● The service
provider for analysing user behaviour,
● The social
networks on which Galénic has
created a dedicated page or account,
● The
logistical carriers,
● The
accountants, auditors and legal counsels,
● The
Ministry of Health, for reporting cosmetovigilance incidents,
● The buyers of any assets and/or business assets if
Galénic’s assets or business assets are sold
The precautions we take to ensure information security
Galénic implements all the technical and organisational means to ensure the security and privacy of your personal data, so as to prevent any attack on its integrity, to prevent its disclosure, or jeopardise its availability.
The transfer of data abroad
Your
personal data is processed by Galénic in France, but also in countries where
personal data protection is deemed sufficient by the European Union, such as Canada.
Galénic sends some of your personal data to
service providers outside of the European Union (United States, Singapore, China).
In which case, Galénic goes by the standard Contractual Clauses decreed by the
European Commission, or by the binding corporate rules validated by a
supervisory authority, such as the CNIL (French National Commission for Data
Protection). Galénic applies the relevant guarantees, and where necessary, additional
security measures.
The use of cookies
Cookies
are files that may be stored on your terminal (computer, mobile) then read by Galénic
or third parties, when visiting the Website thanks to your browser software. The
list of cookies and their purpose is shown in the cookie consent tool, as well
as on every page of the Website. This consent management tool allows you to
withdraw your consent for cookies being stored and read.
Galénic uses the cookies required for the
operation of the Website and for product orders: this includes technical cookies
for authentication purposes, session identification cookies and shopping basket
cookies. If you delete them, your Website experience may be disrupted.
You can deactivate/delete the non-obligatory cookies
that have been stored by using the settings for each browser opened on your
terminals (computer, smartphone, tablet, etc.)
Your consent is required for the storage and
reading of cookies that are not fundamental to the operation of the service: this
includes statistical cookies, advertising cookies and functional cookies. You
can set the consent tool so that the storage of such cookies is rejected.
List of cookies
- Functional cookies required for the operation of Galénic’s Website issued by our service provider Shopify: https://www.shopify.fr/legal/cookies
Name |
Purpose |
Retention period |
ab |
Used in connection with accessing the administrator interface. |
2 years |
_secure_session_id |
Used in connection with browsing an online shop. |
24 hours |
_shopify_country |
Used in connection with payment. |
Session |
_shopify_m |
Used in connection with managing customer privacy settings |
1 year |
_shopify_tm |
Used in connection with managing customer privacy settings. |
30 minutes |
_shopify_tw |
Used in connection with managing customer privacy settings. |
2 weeks |
_storefront_u |
Used in connection with updating customer account information. |
1 minute |
_tracking_consent |
Tracking preferences. |
1 year |
c |
Used in connection with payment. |
1 year |
panier |
Used in connection with the shopping basket. |
2 weeks |
cart_currency |
Used in connection with the shopping basket. |
2 weeks |
cart_sig |
Used in connection with payment. |
2 weeks |
cart_ts |
Used in connection with payment. |
2 weeks |
cart_ver |
Used in connection with the shopping basket. |
2 weeks |
paiement |
Used in connection with payment. |
4 weeks |
checkout_token |
Used in connection with payment. |
1 year |
dynamic_checkout_shown_on_ |
Used in connection with payment. |
30 minutes |
hide_shopify_pay_for_checkout |
Used in connection with payment. |
Session |
keep_alive |
Used in connection with locating buyers |
2 weeks |
master_device_id |
Used in connection with merchant login details |
2 years |
previous_step |
Used in connection with payment. |
1 year |
remember_me |
Used in connection with payment. |
1 year |
secure_customer_sig |
Used in connection with customer login details. |
20 years |
shopify_pay |
Used in connection with payment. |
1 year |
shopify_pay_redirect |
Used in connection with payment. |
30 minutes |
storefront_digest |
Used in connection with customer login details. |
2 years |
tracked_start_checkout |
Used in connection with payment. |
1 year |
_checkout_queue_checkout_token |
Used in connection with payment. |
|
_checkout_queue_token |
Used in connection with payment. |
|
cookieconsent_preferences_disabled |
Used to record the consent of the user for the use of cookies when the Website is displayed. |
1 year |
-
Statistical cookies issued by our service providers Shopify and Google:
https://policies.google.com/technologies/cookies#types-of-cookies
https://www.shopify.fr/legal/cookies
Name |
Purpose |
Retention period |
_landing_page |
Track landing pages (Shopify) |
2 weeks |
_orig_referrer |
Track landing pages (Shopify) |
2 weeks |
_s |
Analyses of data supplied by Shopify. |
30 minutes |
_shopify_d |
Analyses of data supplied by Shopify. |
Session |
_shopify_s |
Analyses of data supplied by Shopify. |
30 minutes |
_shopify_sa_p |
Analyses of data supplied by Shopify in connection with marketing and referrals. |
30 minutes |
_shopify_sa_t |
Analyses of data supplied by Shopify in connection with marketing and referrals. |
30 minutes |
_shopify_y |
Analyses of data supplied by Shopify. |
1 year |
_y |
Analyses of data supplied by Shopify. |
1 year |
_shopify_evids |
Analyses of Shopify data. |
Session |
_ga |
Google statistical analyses |
2 years |
_gid |
Google statistical analyses |
2 years |
IDE |
DoubleClick cookies in connection with targeted marketing |
13 months |
_gcl_au |
Used to measure the conversion rate for visits to our Website after viewing advertisements on Google |
3 months |
__kla_id |
Click analyses on emails sent by Klaviyo on our Website |
2 years |
KL_FORMS_MODAL |
Analysis of Newsletter subscription by Klaviyo |
2 years |
This policy is applicable to natural persons who visit the Galénic Website, subscribe to the newsletter, order Galénic products, or create an account on the Galénic Website. You must be an adult and must not be legally incompetent. When you create an account on our Website, you must create a password, and ensure this is kept private. This password must be strong and include uppercase letters, lowercase letters, numbers and special characters. If you realise that your account has been used by a third party, you must inform Galénic of this immediately.
This privacy policy may be updated, refer to the
number and version date.
Each update will be notified on the Website.
Version No. 1.0, 1 September 2021
