Main content

Privacy & Security

L’OREAL (THAILAND) LIMITED

PRIVACY POLICY

 

L’Oréal’s ambition is to be an exemplary corporate citizen to help make the world a more beautiful place. We place great value on honesty and clarity, and we are committed to building a strong and lasting relationship with you based on trust and mutual benefit. Part of this commitment means safeguarding and respecting your privacy and your choices. Respecting your privacy is essential to us. This is why we set out “Our Privacy Promise” and our full Privacy Policy below.

 

This Privacy Policy covers how we use personal data shared with us by our customers operating in a business capacity, for example salons, pharmacists, retailers, or any other stakeholders such as influencers.

 

OUR PRIVACY PROMISE

 

1)     We respect your privacy and your choices.

2)     We make sure that privacy and security are embedded in everything we do.

3)     We will not send you marketing communications unless you have asked us to. You can change your mind at any time.

4)     We will not sell your personal data.

5)     We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.

6)     We are committed to being open and transparent about how we use your personal data.

7)     We will not use your personal data in ways that we have not told you about.

8)     We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

 

For more information about our privacy practices, below we set out what types of personal data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.

Note that all of the information set out below may not apply to you. We have explained below an overview of all possible situations in which we could interact together, and one or more of these may apply to you depending on how you have interacted with us. For example, if you have not provided us with a photo for your account, then these details will not apply to you.

When you share personal data with us or when we collect personal data about you, we will use it in line with this Privacy Policy. Please read this information carefully. If you have any questions or concerns about your personal data, please contact our Data Protection Officer at THDPO@loreal.com

WHO WE ARE?

 

is a part of the L’Oréal Thailand Ltd. (“L’Oréal”, “our”, “us”, or “we”) brand portfolio. L’Oréal operates in 140 countries around the world and represents several different brands and products. For details on the L’Oréal Group, please see http://www.loreal.com/group

L’Oréal Thailand is responsible for the personal data that you share with us. When we say “L’Oréal”, “us”, “our” or “we”, this is who we are referring to. L’Oréal is the “data controller” for the purposes of applicable data protection laws.

 

L’OREAL THAILAND LIMITED

No. 179 Bangkok City Tower, 6th, 8th, 9th and 21st Floor, South Sathorn Road,

Tungmahamek, Sathorn Bangkok 10120 Thailand  

https://www.loreal.com/th-th/thailand/

WHAT IS PERSONAL DATA?

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, user generated content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.

 

This Privacy Policy covers all personal data about you that is collected and used by L'Oréal.

WHAT PERSONAL DATA DO WE COLLECT FROM YOU?

 The categories of your “Personal Data” that we collect, use or disclose (collectively “process” or “processing”), subject to the applicable law, including but not limited to: -

  • Personal details:  Name and last name, gender, date of birth, marital status, personal identification number, passport number, other identification number issued by the government including Personal Data that is present on the document issued by the government, corporate documents issued by authorities (in case vendor/business partner is juristic person), tax identification number, nationality, photograph appeared on identification card, passport or driving license, signatures, information the Company received from the questions where you can identify your identity (e.g., password, answer in resetting the password, PINs, biometric data for a facial and voice recognition, photograph, CCTV image/footage;
  • Financial details: The details of your bank account, billing address, credit card numbers and cardholder’s name and details;
  • Contact details: Address, telephone number, email address and social media profile details;
  • Electronic data: IP addresses, cookies, activity logs, online identifiers, unique device identifiers and geolocation data
  • Sensitive personal data:
  • Religious; and
  • Criminal record.

During a processing of your Personal Data, we may also collect some sensitive Personal Data about you to enable you to be the customer, vendor or partner. However, we will not collect, use and/or disclose this type of data without your consent unless the law allows us to do so.

HOW DO WE COLLECT OR RECEIVE YOUR PERSONAL DATA?

For individual & business customers:

We might collect or receive personal data from you via our websites, forms, apps, devices, L’Oréal products or brand pages on social media, through your direct interactions with your account managers or customer care teams, or otherwise. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites/apps or in our stores), sometimes we collect it (e.g. using cookies to understand how you use our websites) or sometimes we receive your personal data from other third parties, including other L’Oréal Group entities.

 

When we collect personal data, we will indicate which types of personal data are mandatory via asterisks. Some of the personal data we request from you are either necessary for us to:

 

  • Perform our contract with you (e.g. to create your account, or deliver the goods you have purchased on our websites/apps);
  • Provide you with a service you have asked for ;
  • Comply with legal requirements (e.g. invoicing).

 

If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide.

For vendors & business partners:

We collect and use many kinds of the Personal Data, depending on circumstances relating to a procurement of products and/or services.

We collect the Personal Data about you from a variety of sources, including but not limited to: -

  • From you directly as part of the process of becoming our vendor/business partner;
  • From third parties as part of the process of becoming vendor/business partner e.g., credit checks, trade references, our customers, your customers, law enforcement authorities, etc.;
  • When you talk to us, including recorded calls, posts, e-mails, notes and other means;
  • When you use our websites, applications or other online channel;
  • Insurance claims or other documents;
  • When you manifestly publish your Personal Data, including via social media, we may collect your Personal Data from your social media profile(s) to the extent that you choose to make your profile publicly visible;

HOW DO WE USE IT?

In the table below, we explain:

 

  1. During which interactions you may provide and we may collect your data: This column explains what activity or scenario you are involved in when we use or collect your personal data. For example, whether you are making a purchase, signing up to a newsletter, or browsing a website.

 

  1. What personal data we may receive from you directly or resulting from your interactions with us: This column explains what types of personal data we may collect when you take part in a particular activity.

  1. How and why we use your personal data: This column explains what we do with your personal data, and the purposes for collecting and using it.

  1. What is our legal basis for using your personal data: Whenever we use your personal data, we will have a legal basis to do this. For example, you have asked us to provide a service, you have given us your consent, or we have a legitimate interest in using your personal data. 

 

The legal basis for the processing of your personal data can be:

  • Your consent.

 

  • Our legitimate interest, which can be:
        • Improvement of our products and services: more specifically, our business interests to help us better understand your needs and expectations and therefore improve our services, websites/apps, devices, products and brands for our customers’ benefit.
        • Fraud prevention: to ensure payment is complete and free from fraud and misappropriation.
        • Securing our tools: to keep tools used by you (our websites/apps, devices) safe and secure and to ensure they are working properly and are continually improving.

 

  • Legal grounds – This is where we need to keep your personal data for legal reasons (e.g. when you make a purchase we need to keep your transaction information to comply with our tax and financial reporting obligations).

Information Overview On Your Interactions With Us And Their Consequences On Your Personal Data

For individual & business customers:

 

 

 

 

During which  interactions may you provide

and we may collect your  personal data?

What personal data may we receive from you directly

or resulting from your interactions with us?

 

How and why we may use

your personal data ?

What is the legal basis for using

your personal data?

Professional / non-professional account creation and management

Where your personal data are collected as part of the creation or throughout the  management of a professional account with L’Oréal (either directly through our account management teams, or e.g. on L’Oréal websites/apps).

 

Depending on how much you are interacting with us, this may include:

        • Name and surname;
        • Gender;
        • Email address;
        • Address;
        • Phone number;
        • Photo;
        • Birthday or age range;
        •  ID, username, and password;
        • Bank details or other financial information;
        • Preferences;
        • Order details;
        • Social media profile (where you use social login or share this personal data with us);
        • Tax number;
        • Membership to a professional association
        • Training courses (online and offline) you have selected and/or attended;
        • Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a survey etc.).
 
To:
  • Manage your orders;
  • Manage any competitions, promotions, surveys or contests you choose to enter;
  • Respond to your questions and otherwise interact with you;
  • Offer you a loyalty program;

Allow you to manage your preferences;

  • Send you marketing communications (where you have asked us to) which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences);
  • Offer personalized services based on your beauty characteristics;
  • Monitor and improve our  websites/apps ;
  • Run analytics or collect statistics
  • Secure our websites/apps and protect you and us against fraud;
  • Manage our relationship with you.
 
  • Performance of a contract

To provide you with the service you requested (e.g. create an account, complete a survey, or purchasing a product).

  • Consent

To send you direct marketing communications.

  • Legitimate Interest

To ensure our websites/apps, devices remain secure, to protect them against fraud, and to help us better understand your needs and expectations and therefore improve our services, products and brands.

Newsletter and commercial communications subscription

Depending on how much you are interacting with us, this may include:

        • Email address;
        • Name and surname;
        • Preferences;
        • Social media profile (where you use social login or share this personal data with us).

To :

  • Send you marketing communications (where you have asked us to) which may be tailored to your “profile” based on the personal data we know about you, and your preferences (incl. location of your favourite store);
  • Run analytics or collect statistics.
  • Keep an up to date suppression list if you have asked not to be contacted.
  • Consent

To send you direct marketing communications.

  • Legitimate Interest

To tailor our marketing communications, understand their effectiveness, and ensure you receive the most relevant experience; to help us better understand your needs and expectations and therefore improve our services, products and brands.

  • Legal grounds

To keep your details on a suppression list if you have asked us not to send you direct marketing anymore.

Purchases and order management

Information collected during the purchase process made on L’Oréal or in the course of our interactions with you such as on our website/apps/E-stores on any E-commerce platforms/ social pages or in store.

Depending on how much you are interacting with us, those data may include:
  • Name and surname;
  • Email address;
  • Address (delivery and invoicing);
  • Phone number;
  • Personal description or preferences;
  • Social media profile (where you use social login or share this personal data with us);
  • Transaction information including purchased products and store location;
  • Payment and information; or
  • Purchase history.
 

To:

  • Contact you to finalize your order where you have saved your shopping cart or placed products in your cart without completing the checkout process;
  • Inform you when a product you wanted to purchase is available;
  • Process and follow your order including delivering the product to the address you indicated;
  • Manage the payment of your order. To be noted, payment information (credit card number / Paypal information / bank account details) are not collected by us but directly by payment service providers;
  • Manage any contact you have with us regarding your order;
  • Secure the transactions against fraud. To be noted, we use a third party provider’s solution to detect fraud and ensure the payment is complete and made by you or someone authorized by you;
  • Enrich your profile if you place a purchase using your account information;
  • Measure satisfaction;
  • Manage any dispute relating to a purchase;
  • For statistics and analytic purposes.

 

  • Performance of a contract:

To provide you with the service you requested (purchase).

  • Legitimate interest

To protect you and us from fraudulent transaction and to ensure the payment is complete and free from fraud and misappropriation.

Online browsing

Information collected by cookies or similar technologies (“Cookies”*) as part of your browsing on L’Oréal website/apps and/or on third-party website/apps.

For information on specific Cookies placed through a given website/app, please consult the relevant cookie table.

 

* Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oreal Group’s websites.

Depending on how much you are interacting with us, those data may include:

  • Data related to your use of our websites/apps:
  • Where you came from;
  • Login details;
  • Pages you looked at;
  • Videos you watched;
  • Ads you click on or tap;
  • Products you search for;
  • Your location;
  • Duration of your visit;
  • Products you selected to create your basket.

Technical information:

  • IP address;
  • browser information;
  • device information.

A unique identifier granted to each visitor and the expiration date of such identifier.

We use Cookies, where relevant, with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) or the following purposes:

  • To allow proper functioning of our website/apps:
    • proper display  of the content;
    • creation and remembering of a cart;
    • creation and remembering of your login;
    • interface personalisation such as language;
    • parameters attached to your device including your screen resolution, etc;
    • improvement of our websites/apps, for example, by testing new ideas.

  • To ensure the website/app is secure and safe and protect you against fraud or misuse of our websites or services, for example through performing troubleshooting.

  •  To run statistics:
    • To avoid visitors being recorded twice;
    • To know users’ reaction to our advertising campaigns;
    • To improve our offers;
    • To know how you discovered our websites / apps.
  • To deliver online behavioural advertising:
    • to show you online advertisements for products which may be of interest to you, based on your previous behaviour;
    • to show you ads and content on social media platforms.
  • To tailor our services for you:
    • to send you recommendations, marketing, or content based on your profile and interests;
    • to display our websites/apps in a tailored way like remembering your cart or login, your language, the user-interface customization cookies (i.e. the parameters attached to your device including your screen resolution, font preference, etc).
  • To allow sharing of our content on social media (sharing buttons intended to display the site).

 

  • Legitimate interest:

To ensure we are providing you with websites/apps, advertising and communications that are working properly and are continually improving for cookies that are (i) essential for the functioning of our  websites/apps, (ii) used to keep our websites/apps safe and secure.

  • Consent

For all other cookies.

Promotional operations

Information collected during a game, contests, promotional offer, sample requests, surveys.

Depending on how much you are interacting with us, those data may include:
  • Name and surname;
  • Email address;
  • Phone number;
  • Birth date;
  • Gender;
  • Address;
  • Personal description or preferences;
  • Social media profile (where you use social login or share this personal data with us);
 
Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps, or by participating in a contest, game, survey).

To:

  • Complete tasks that you have asked us to, for example to manage your participation in contests, games and surveys, including to take into account your feedback and suggestions;
  • For statistics and analytic purposes;
  • Send you marketing communications (where you have asked us to).
  • Performance of contract

To provide you with the service you requested.

  • Legitimate Interest

To help us better understand your needs and expectations and therefore improve our services, products and brands.

  • Consent

To send you direct marketing communications.

User Generated Content

Information collected when you submitted some content on one of our social platforms or accepted the re-use of content you posted on social media platforms by us.

Depending on how much you are interacting with us, those data may include:

  • Name and surname or alias;
  • Email address;
  • Photo;
  • Personal description or preferences;
  • Social media profile (where you use social login or share this personal data with us);
  • Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or a review, or a question via the chat function available on some websites/apps).
 
 

In accordance with the specific terms and conditions accepted by you:

  • To post your review or content;
  • To promote our products.
  • For statistics purposes.
  • Consent

To reuse the content you posted online.

  • Legitimate Interest

To help us better understand your needs and expectations and therefore improve and promote our services, products and brands.

Use of Apps and devices

Information collected as part of your use of our Apps and/or devices.

Depending on how much you are interacting with us, those data may include:

        • Name and surname;
        • Email address;
        • Location;
        • Birth date;
        • Personal description or preferences;
        • Photo;
        • Beauty profile including skin tone, skin/hair type;
        • Geolocation.
 

To:

  • Provide you with the service requested (for example, virtually test our products, purchase our products through the App or on related e-com websites; advice and notifications regarding your sun exposure, your hair routine);
  • Analyse your beauty profile and recommend the appropriate products (including bespoke products) and routines;
  • Provide you product & routine recommendations;
  • For research and innovation by scientists within L’Oréal Group;
  • For monitoring and improvement of our Apps and devices;
  • For statistics purposes.
 
  • Performance of a contract

To provide you with the service requested (including, where needed, analysis by the research and innovation team of the algorithm necessary to provide the service).

  • Legitimate Interest

To always improve our products and services to match your needs and expectations and for research and innovation purposes.

Enquiries

Information collected when you ask questions (e.g. through our consumer care) relating to our brands, our products and their use.

Depending on how much you are interacting with us, those data may include:

        • Name and surname;
        • Phone number;
        • Email address;
        • Other information you have shared with us about yourself in relation to your enquiry (which may include welfare and health data).
 

To:

  • Answer your enquiries;
  • Where needed, to connect you with the relevant services;
  • For statistics purposes;
  • For Cosmétovigilance:
    • To monitor and prevent any undesirable effect linked to the use of our products;
    • To perform studies relating to the safe use of our products;
    • To perform and follow-up on corrective measures taken, where needed.
 
  • Consent

To process your enquiry.

  • Legitimate interest

To help us better understand our customers’ needs and expectations and therefore improve our services, products and brands.

  • Legal grounds

To comply with the legal obligation to monitor undesirable effects of its products.

Sponsorship

Depending on how much you are interacting with us, those data may include:

        • Name and surname;
        • Phone number;
        • Email address.
  • To send information on our products and or information tagged in a wish list to a person at another person’s request.
 
  • Performance of a contract

To process the request.

And

  • Legitimate interest

To contact the person at another person’s request.

Automated Decision Making

For purposes of securing transactions placed through our websites/apps/devices against fraud and misappropriation, we use third party provider’s solution(s). The method of fraud detection is based on, for example, simple comparisons, association, clustering, prediction and outlier detections using intelligent agents, data fusion techniques and various data mining techniques.

This fraud detection process may be completely automated or may involve human intervention where a person takes the final decision. In any case, we take all reasonable precautions and safeguards to limit access to your data.

As a result of automatic fraud detection, you may (i) experience delay in the processing of your order/request whilst your transaction is being reviewed by us; and (ii) be limited or excluded from the benefit of a service if a risk of fraud is identified. You have the right to access information on which we base our decision. Please see “Your Rights and Choices” section below.

Profiling

When we send or display personalised communications or content, we may use some techniques qualified as “profiling” (i.e. any form of automated processing of personal data consisting of using those data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s personal preferences, interests, economic situation, behaviour, location, health, reliability, or movements). This means that we may collect personal data about you in the different scenarios mentioned in the table above. We centralize this data and analyse it to evaluate and predict your personal preferences and/or interests.

Based on our analysis, we send or display communications and/or content tailored to your interests/needs.

You have the right to object to the use of your data for “profiling” in certain circumstances. Please see “Your Rights and Choices” section below.

When we rely on the legitimate interests as the lawful basis for processing the Personal Data, we have considered whether or not your rights are overridden by our interests and have concluded that they are not.

In case you refuse to give the Company your Personal Data

Under the circumstance that it is necessary for the Company to collect your Personal Data in accordance with the law or under the contract terms between you and the Company and you decline to such collection, the Company may not be able to meet the obligations that have been agreed with you, or to enter into a contract with you. In this given circumstance, the Company may refuse to procure the products and/or services from you. In any case, the Company will notify you while the Company is collecting your Personal Data.

WHO MAY ACCESS YOUR PERSONAL DATA?

For individual & business customers:

We may share your personal data within L’Oréal Group to comply with our legal obligations, to prevent fraud and/or to secure our tools, to improve our products and services, or after having obtained your consent to do so.

Depending on the purposes for which they were collected, and only on a need-to-know basis, some of your personal data may be accessed by L’Oréal Group entities worldwide, where possible in a pseudonimized way (not allowing direct identification), and where necessary to provide you with requested services.

We may also share your personal data in a pseudonimized way (not allowing direct identification) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.

Where permitted, we may also share some of your personal data including those collected through cookies between our brands to harmonize and update the information you share with us, to perform statistics based on your characteristics and to tailor our communications.

Please visit the L’Oréal group website, for further details on the L’Oréal Group, its brands and its locations.

We may share your personal data for marketing purposes with third party or entities of the L’Oréal Group.

We only share your personal data with third parties for direct marketing purposes with your consent. In this context, your data is processed by such third party, acting as a data controller, and its own terms and conditions and privacy notice apply. You should carefully check their documentation before consenting to the disclosure of your information to that third party.

Your personal data may also be processed on our behalf by our trusted third party providers.

We rely on trusted third parties to perform a range of business operations on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We always use our best efforts to ensure that all third parties we work with keep your personal data secure. For instance, we may entrust services that require the processing of your personal data to:

  • Third parties that assist and help us in providing digital and e-commerce services such as social listening, store locator, loyalty programs, identity management, reviewing social media and public profiles, ratings and reviews, CRM, web analytics and search engine, user generated content curation tools;
  • Advertising, marketing, digital and social media agencies to help us to deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact and questions and our relationships;
  • Third parties required to deliver a product to you e.g. postal/delivery services;
  • Third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and support on our databases as well as on our software and applications that may contain data about you (such services could sometimes imply access to your data to perform the required tasks);
  • Payment service providers and credit reference agencies for the purpose of assessing your credit score and verifying your details where this is a condition of entering into a contract with you;
  • Third parties that assist us for customer care and cosmetovigilance purposes;

The legal basis for this sharing is our legitimate interests – (i) to improve our products and services; (ii) better engage with you; (iii) prevent fraud; (iv) secure our tools and design new features; (v) use appropriate suppliers; and (vi) ensuring your values align with that of L’Oréal’s.

We may also disclose your personal data to third parties:

  • In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets. If L’Oréal or a part of its assets is acquired by a third party, personal data held by it about its customers relating to those assets is one of the transferred assets. Where appropriate, in such case, the buyer acting as the new data controller processes your data and its privacy policy governs the processing of your personal data.
  • If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to; or to protect the rights, property, or safety of L’Oréal, our customers, or employees.
  • If we have your consent to do so.
  • Or if we are permitted to do so by law.

We may disclose your personal data to our partners:

  • In the event the service you subscribe to was co-created by L’Oréal and a partner (for example, a co-branded app). In such case, L’Oréal and the partner process your personal data each for their own purposes and as such your data is processed:
    • By L’Oréal in accordance with this Privacy Policy;
    • By the partner acting also as a data controller under its own terms and conditions and in accordance with its own privacy policy.
  • In the event you agreed to receive marketing and commercial communications from a L’Oréal partner through a dedicated opt-in (for instance, through an App branded by L’Oréal and made available to its partners). In such case, your data is processed by the partner acting as a data controller under its own terms and conditions, and in accordance with its privacy policy.
  • We may publish on our supports content from social networks. In the event you consult content from social networks on our website/apps, a cookie from such social network may be stored on your device. We invite you to read the Cookie Policy of these social networks for more information;
  • When we use Google advertising services on our websites/apps, Google will access and use your personal data. If you wish to learn more on how Google uses your personal data in this context, please consult their Google Privacy & Terms, which govern these services and data processing.

Information that Facebook collects and shares with us

All Facebook features and services available on our website/app are governed by the Facebook Data Policy, in which you can get more info about your privacy rights and settings options.

 By using this website/app, you may:

  • Sign-up with your Facebook login. If you do so, you consent to share some of your public profile information with us;
  • Use the Facebook social plug-ins, such as “like” or “share” our content on the Facebook platform;
  • Accept cookies from this website/app (also identified as “Facebook Pixel”) that will help us understand your activities, including information about your device, how you use our services, the purchase you make and the ads you see, whether or not you have a Facebook account or are logged into Facebook. When you are using those Facebook features, we collect data that help us to:
  • Show you adds you might be interested in on Facebook (or Instagram, Messenger or any other Facebook services);
  • Measure and analyze the effectiveness of our website/app and ads

We may also use the personal data you gave us on this website/app (such as your name and surname, email, address, gender and  phone number) to identify you in Facebook (or Instagram, Messenger or any other Facebook services) in order to  show you ads that are even more relevant for you. While doing this, Facebook will not share your personal data and will delete the data promptly after the match process is complete. 

We do not offer or sell your personal data.

For vendors & business partners:

We may share your Personal Data with others where it is lawful to do so, including where: -

  • it is necessary to comply with provisions of contract;
  • we/they have a public or legal duty to do so (e.g., assist in a detection and prevention of fraud, tax evasion and financial crime, etc.);
  • we/they need to in connection with a regulatory reporting, litigation, asserting or defending legal rights and interests;
  • we/they have legitimate business reasons to do so (e.g., manage risk, internal report, assess data analysis, verify identity, etc.);
  • we/they request for your permission to share it, and you agree.

We may also need to share your Personal Data for these purposes with others, including but not limited to: -

  • other group companies and any sub-contractors, agents or service providers who work for us or provide the services to us or other group companies, including their employees, sub-contractors, service providers, directors and officers;
  • any appointed persons to take care your benefits;
  • people you make the payment to and receive the payment from;
  • your intermediaries, correspondent and agent;
  • financial institutions,  and payment service providers;
  • any people or companies where required in connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
  • law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any parties appointed or requested by our regulators to carry out investigations or audits of our activities;
  • other parties involved in any disputes, including disputed transactions;
  • fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity;
  • anyone who provides instructions or operates any of your accounts, products or services on your behalf, e.g., Power of Attorney, lawyers, etc.; and/or
  • anybody else that we have been instructed to share your Personal Data with by you

Except as described in this Privacy Notice, we will not process your Personal Data for any purposes other than the purposes as described to you in this Privacy Notice. Should we intend to process additional Personal Data which are not described in this Privacy Notice, we will notify you and obtain your consent prior to the processing, except in case where the law allows us to do so without your consent. You will also have an opportunity to consent or decline to such processing of your Personal Data.

We do not offer or sell your personal data.

WHERE DO WE STORE YOUR PERSONAL DATA?

The data that we collect from you may be transferred to, accessed from, and stored at a destination outside Thailand. It may also be processed by staff members operating outside Thailand who work for us or for one of our service providers.

L’Oréal transfers personal data outside Thailand only in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we take steps to make sure that third parties adhere to the commitments set out in this Policy. These steps may include reviewing third parties’ privacy and security standards and/or entering into appropriate contracts as L’Oreal deems compliant to the standard of the Personal Data Protection Act of Thailand B.E. 2562 (2019) and its sub-regulations thereof.

For further information, please contact us as per the “Contact” section below.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

For individual & business customers:

We only keep your personal data for as long as we need it for the purpose for which we hold your personal data, to meet your needs, or to comply with our legal obligations. To determine the data retention period of your data, we use the following criteria:

  • Where you purchase products and services, we keep your personal data for the duration of our contractual relationship;
  • Where you participate in a promotional offer, we keep your personal data for the duration of the promotional offer;
  • Where you contact us for an enquiry, we keep your personal data for the duration needed for the processing of your enquiry;
  • Where you create an account, we keep your personal data until you require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
  • Where you have consented to direct marketing, we keep your personal data until you unsubscribe or require us to delete it or after a period of inactivity (no active interaction with brands) defined in accordance with local regulations and guidance;
  • Where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart cookies or session ID cookies) and for a period defined in accordance with local regulations and guidance.

We may retain some personal data to comply with our legal or regulatory obligations, as well as to allow us to manage our rights (for example to assert our claims in courts) or for statistical or historical purposes.

When we no longer need to use your personal data, it is removed from our systems and records or anonymised so that you can no longer be identified from it.

For vendors & business partners:

We retain your Personal Data for as long as it is necessary to carry out the purposes for which it was collected that is for business reasons or compliance with the applicable laws.

We keep your Personal data for the duration of our contractual relationship and for 10 years after you stop being our vendor. This is for the benefit of the Company in the execution of any contractual dispute that may occur during the specified period. Unless otherwise required in the event of regulatory or technical reasons, we may keep your Personal Data for longer than 10 years. If we do not need to retain the Personal Data for longer than it is legally required or necessary, we will destroy, delete or anonymize it.

IS YOUR PERSONAL DATA SECURE?

We are committed to keeping your personal data secure, and taking all reasonable precautions to do so. We contractually require that trusted third parties who handle your personal data for us do the same.

We always do our best to protect your personal data and once we have received your personal data, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site. As such, any transmission is at your own risk.

Links to Third Party Sites and Social Login

Our websites/apps may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible or liable for these policies. Please check these policies before you submit any personal data to these websites/apps.

We may also offer you the opportunity to use your social media login. If you do so, please be aware that you share your profile information with us depending on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

Social Media and User Generated Content

Some of our websites/apps allow users to submit their own content. Please remember that any content submitted to one of our social media platforms can be viewed by the public, so you should be cautious about providing certain personal data e.g. financial information or address details. We are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms and we recommend that you do not share such information.

YOUR RIGHTS AND CHOICES

L’Oréal respects your right to privacy: it is important that you are able to control your personal data. You have the following rights:

 

Your rights What does this mean?
The right to be informed You have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. This is why we are providing you with the information in this Policy.
The right of access

You have the right to access to the personal data we hold about you (subject to certain restrictions).

We may charge a reasonable fee taking into account the administrative costs of providing the information.

Requests manifestly unfounded, excessive or repetitive may not be answered to.

To do this, please contact us at the details below.
The right to rectification

You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete.

To do this, please contact us at the details below. If you have an account, it may be easier to correct your own data via your “My Account” function.
The right to erasure/right to be forgotten

In some cases, you have the right to have your personal data erased or deleted. Note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data.

If you would like us to delete your personal data, please contact us at the details below.
The right to object to direct marketing, including profiling

You can unsubscribe or opt out of our direct marketing communication at any time.

It is easiest to do this by clicking on the “unsubscribe” link in any email or communication we send you. Otherwise, you can contact us using contact detail below.

If you would like to object to any profiling, please contact us at the details below.

The right to withdraw consent at any time for data processing based on consent

You can withdraw your consent to our processing of your data when such processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. We refer to the table inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on consent.

If you would like to object to withdraw your consent, please contact us at the details below.
The right to object to processing based on legitimate interests

You can oppose at any time to our processing of your data when such processing is based on the legitimate interest. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on legitimate interests.

To do so, please contact us at the details below.

The right to lodge a complaint with a supervisory authority

You have the right to contact the data protection authority of your country in order to lodge a complaint against the data protection and privacy practices of L’Oréal.

Do not hesitate to contact us at the details below before lodging any complaint with the competent data protection authority.
The right to data portability

You have rights to move, copy or transfer data from our database to another. This only applies to data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means. We refer to the tables inserted in section “what data do we collect from you and how do we use it” especially the column “What is our legal basis for processing your data?” to identify where our processing is based on the performance of a contract or on consent.

For further details, please contact us at the details below.

The right to restriction

You have the right to request restriction of our processing of your data. This right means that our processing of your data is restricted, so we can store it, but not use nor process it further. It applies in limited circumstances listed by the General Data Protection Regulation which are as follow:

  • the accuracy of the personal data is contested by the data subject (i.e. You), for a period enabling the controller to verify the accuracy of the personal data;
 
  • the processing is unlawful and the data subject (i.e. You) opposes the erasure of the personal data and requests the restriction of their use instead;
 
  • the controller (i.e. L’Oréal) no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
 
  • the data subject (i.e. You) has objected to processing based on the legitimate interests of the data controller pending the verification whether the legitimate grounds of the controller override those of the data subject.

If you would like to request restriction, please contact us at the details below.

The right to deactivate Cookies

You have the right to deactivate Cookies. The settings from the Internet browsers are usually programmed by default to accept Cookies, but you can easily adjust it by changing the settings of your browser.

Many cookies are used to enhance the usability or functionality of websites/apps; therefore disabling cookies may prevent you from using certain parts of our websites/apps as detailed in the relevant Cookie Table. 

If you wish to restrict or block all the cookies which are set by our websites/apps (which may prevent you from using certain parts of the site), or any other websites/apps, you can do this through your browser settings. The Help function within your browser should tell you how. For more information please consult the following links: http://www.aboutcookies.org/;

 

To deal with your request, we may require proof of your identity.

CONTACT

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights above, please contact us at THDPO@loreal.com  or by writing to us at No. 179 Bangkok City Tower, 6th, 8th, 9th and 21st Floor, South Sathorn Road, Tungmahamek, Sathorn Bangkok 10120 Thailand

Orientation message
For the best experience, please turn your device