LABORATOIRES PHYT’S CHARTER FOR THE PROTECTION OF PERSONAL DATA

When browsing our site, you may transmit personal data to us, directly or indirectly. Your personal data is precious, it is part of your private life. Therefore, we are committed to collecting, using, and retaining your data under conditions that ensure its protection and confidentiality, in accordance with applicable laws.

We invite you to carefully read this Private Data Protection Charter (hereinafter “the Charter”). Here you will find all the information about the data we collect, how we use it, its retention period, the means we use to protect it, the rights you enjoy, etc.

Our Private Data Protection Charter may be updated or modified, depending on the evolution of our tools and of the regulations. We therefore invite you to consult it regularly.

  1. What data is covered by the Charter?

This Private Data Protection Charter applies to all personal data that you provide to us, directly or indirectly, when you browse our website (hereinafter “phytshop.com”).

A piece of “Personal data” is a piece of information that directly or indirectly identifies a natural person. This includes, for example, your name, email address, phone number, but also data about your consumption habits, skin type, etc.

  1. Who is responsible for processing the data?

The law defines the entity responsible for processing the data as the company that determines the purposes and conditions for the collection and use of your data.

It is the company Laboratoires PHYT’S with a capital of 1,451,000 euros, registered with the Trade and Companies Register under number 493 447 494, whose registered office is located at La Bouygue 46140 Caillac, France.

III. On what legal basis is your personal data processed?

The processing of personal data that we carry out during our activity may have several legal bases:

  • Legitimate interest: we need to collect your personal data to get to know you better to offer you personalised offers and services, ensure the security of our Site, improve our content, etc.
  • Execution of a contract: the collection of your data is necessary when you subscribe to one of our online services (creation of an account in our loyalty programme, participation in a promotional offer, etc.)
  • Your consent: the law requires us to obtain your consent to collect or use your data. This is the case, for example, when we collect data about your health or ethnicity to advise you on appropriate products (ex: skin problems revealing a pathology, skin colour, etc.), or when we wish to send you commercial solicitations (ex: information about our products, etc.) by e-mail or by text message.
  •  
  1. Why do we collect your personal data?

We only collect your personal data only when necessary, for explicit, legitimate, and specific purposes.

Thus, we collect and process your personal data to:

  • provide you with information about your order (tracking, delivery.)
  • improve the operation and content of our Site and our services to better meet your needs and requests;
  • collect your feedback on our products and services;
  • carry out audience analysis and statistical studies, for example to know and measure the number of visits to our Site, the activity and path of users on our Site, the subscription rate for our services, etc.
  • conduct satisfaction surveys on our products and services;
  • detect fraudulent behaviour and manage litigation;
  • ensure the security of our Site and our services.
  •  
  1. What data is collected, when and for how long is it stored?

We respect the principle of data minimisation. That is to say that we only collect data that is strictly necessary for the fulfilment of our purposes.

Data can be collected:

  • either directly from you, for example when you fill in our collection forms on our website (ex: when placing your order).
  • or indirectly or automatically, for example when you browse our Site.

In our data collection forms, fields with an asterisk are mandatory. Failing to respond will prevent or compromise the provision of the services concerned.

We define the retention period of your data according to the length of time required to achieve the objectives of the collection. When our objectives are met, we delete your data, except in certain cases where we are required by law to retain it. In these cases, your data is archived under the conditions provided by law.

The table hereafter shows you when your data is collected, what data is collected and how long it will be stored for:

Time of collection

Category of data collected

Retention period

You browse our Site

We collect:
your login and browsing technical data (ex: your IP address, information about your browser, etc.)

26 months from the date of collection

You create an account on our Site, you log in to your account, you complete your profile

We collect:
 your identification data (ex: surname, first name, mailing address, e-mail address, etc.)

3 years from the date of creation of your account

or from the last login to your account

 

 

 

 

 

 

You give us your opinion on a product and/or service offered on our Site or on Laboratoires Phyt’s pages and accounts on social networks (Facebook, Instagram, etc.)

We collect:
 the content of your review

3 years from the date of your review

Our Consumer Service or our advisors by email, phone, chat, mail

We collect:
 your identification data (ex: surname, first name, mailing address, e-mail address, etc.),
the reason and content of the exchange, as well as responses to your requests,
data relating to your health, if you decide or agree to communicate it to us,
your real-time browsing data on our Site and the content of your messages in pre- visualisation (not saved).

3 years from each contact

You enter game/contest, a product test, a satisfaction survey

We collect:
 your identification data (ex: surname, first name, mailing address, e-mail address, etc.),
 the content of your answers.

3 years from the date of entering

You write on our social media pages or in private messages

We collect:
 the content of your messages (which may include data relating to your health or skin colour)

3 years from the date of your message

You declare a case of CosmetoVigilance

We collect:
 your identification data (ex: surname, first name, mailing address, e-mail address, etc.),
 the reason and content of our exchange,
 data relating to your health or skin colour, if you decide or agree to provide it to us,
banking or financial data (ex: IBAN for a refund, etc.)

Statutory period

  1. How do we collect data from minors?

Our site is accessible to anyone, adult or minor.
However, the additional consent of the holder of the parental authority is required for minors under the age of fifteen who subscribe to our services or provide us with personal data about them.

VII. Who are the recipients of your data?

We may transmit your data to the following companies or individuals, who are involved in the fulfilment of the purposes described in IV above:

  • Google, to measure the audience on our Site,
  • administrative or judicial authorities at their request.

We select subcontractors, service providers and suppliers who have sufficient guarantees to ensure the protection, security, and confidentiality of your personal data, by implementing appropriate technical and organisational measures that meet legal requirements. They are only allowed to process your data according to our instructions.

We do not sell nor transfer your data to companies other than those mentioned above.

VIII. How do we ensure you data is secure?

Laboratoires PHYT’S undertake to use reasonable means to ensure that your personal data is sufficiently protected, considering the sensitivity of some collected information. We use several technologies and procedures to protect your data from unauthorised access, use or disclosure. We demand an equivalent level of safety to our subcontractors.

For example, we or our subcontractors store your data on computer servers located in controlled locations with limited access. Unfortunately, the complete security of data transmission over the Internet cannot be guaranteed. Thus, we cannot fully guarantee the security of the data that you transmit to us by electronic means.

  1. Where do we store your data?

Our company and our subcontractors process and store your data only in member countries of the European Union.

  1. How can you exercise your rights?

Pursuant to applicable laws, you benefit from:

  • the right to access data about you,
  • the right to rectify your data,
  • the right to erase your data, for legitimate reasons,
  • the right to object to the processing of your data, for legitimate reasons,
  • the right to withdraw your consent to the processing of your data,
  • the right to restrict the processing,
  • the right to transfer your data,
  • the right to refuse commercial prospecting,
  • the right to formulate directives about the retention, erasure, and communication of your post-mortem personal data,
  • the right to lodge a complaint with the CNIL (Commission nationale de l’informatique et des libertés / French National Commission on IT and Freedom)

You can exercise these rights at any time by contacting us at the following address: Service Consommateurs Laboratoires PHYT’S — ZAC des Grands Camps, 46090 Mercuès, France; or by sending us a message via our contact form

How do I contact the DPO?

LABORATOIRES PHYT’S have appointed a Data Protection Officer (DPO) who can be reached at the following address: contact@jerodia.fr

 

Moment de la collecte Catégories de données collectées Durée de conservation
Vous naviguez sur notre Site

We collect:
your technical connection and browsing data (e.g. your IP address, information about your browser, etc.)

26 months from the date of collection
You create an account on our Site, you connect to your account, you complete your profile

We collect:
your identification data (eg: surname, first name, postal address, email address, etc.)

3 years from the date of creation of your account or of the last connection to your account
You give us your opinion on a product and / or service offered on our Site or on Laboratoires Phyt’s pages and accounts on social networks (Facebook, Instagram, etc.)

We collect:
the content of your review

3 years from the date of your notice
Our Consumer Service or our advisers by email, phone, chat, mail

We collect:
your identification data (e.g. last name, first name, postal address, email address, etc.),
the reason and content of our exchanges,
data relating to your health or your skin color, if you decide or agree to communicate them to us
banking or financial data (e.g. IBAN in case of reimbursement, etc.)

3 years from each contact
You participate in a game / contest, a product test, a satisfaction survey

We collect:
your identification data (e.g. last name, first name, postal address, email address, etc.),
the content of your answers.

3 years from the date of your participation
Vous écrivez sur nos pages des réseaux sociaux ou en messages privés

We collect:
the content of your messages (which may include data relating to your health or skin color)

3 ans à compter de la date de votre message
You declare a case of CosmetoVigilance

We collect:
your identification data (e.g. last name, first name, postal address, email address, etc.),
the reason and content of our exchanges,
data relating to your health or your skin color, if you decide or agree to communicate them to us
banking or financial data (e.g. IBAN in case of reimbursement, etc.)

Durée prévue par la loi

VI.How do we collect data from minors?

Our site is accessible to anyone, adult or minor.
However, the additional consent of the holder of the parental authority is required for minors under the age of fifteen who subscribe to our services or provide us with personal data about them.

VII. Who are the recipients of your data?

We may transmit your data to the following companies or individuals, who are involved in the fulfilment of the purposes described in IV above:

  • Google, to measure the audience on our Site,
  • administrative or judicial authorities at their request.

We select subcontractors, service providers and suppliers who have sufficient guarantees to ensure the protection, security, and confidentiality of your personal data, by implementing appropriate technical and organisational measures that meet legal requirements. They are only allowed to process your data according to our instructions.

We do not sell nor transfer your data to companies other than those mentioned above.

VIII. How do we ensure you data is secure?

Laboratoires PHYT’S undertake to use reasonable means to ensure that your personal data is sufficiently protected, considering the sensitivity of some collected information. We use several technologies and procedures to protect your data from unauthorised access, use or disclosure. We demand an equivalent level of safety to our subcontractors.

For example, we or our subcontractors store your data on computer servers located in controlled locations with limited access. Unfortunately, the complete security of data transmission over the Internet cannot be guaranteed. Thus, we cannot fully guarantee the security of the data that you transmit to us by electronic means.

  1. Where do we store your data?

Our company and our subcontractors process and store your data only in member countries of the European Union.

X. How can you exercise your rights?

Pursuant to applicable laws, you benefit from:

  • the right to access data about you,
  • the right to rectify your data,
  • the right to erase your data, for legitimate reasons,
  • the right to object to the processing of your data, for legitimate reasons,
  • the right to withdraw your consent to the processing of your data,
  • the right to restrict the processing,
  • the right to transfer your data,
  • the right to refuse commercial prospecting,
  • the right to formulate directives about the retention, erasure, and communication of your post-mortem personal data,
  • the right to lodge a complaint with the CNIL (Commission nationale de l’informatique et des libertés / French National Commission on IT and Freedom)

You can exercise these rights at any time by contacting us at the following address: Service Consommateurs Laboratoires PHYT’S — ZAC des Grands Camps, 46090 Mercuès, France; or by sending us a message via our contact form.

XI. How do I contact the DPO?

LABORATOIRES PHYT’S have appointed a Data Protection Officer (DPO) who can be reached at the following address: contact@jerodia.fr