Privacy Policy
We take your privacy very seriously and we are committed to protecting it. We believe that you should easily know what personal data we collect and use, as well as to understand your rights in respect of your personal data.
This privacy policy (“Privacy Policy”) explains our policies and practices regarding how we collect, use, and disclose the personal data that we collect through our Digital Platforms or during our events.
We recommend that you read this Privacy Policy carefully as it provides important information about your personal data.
What is Personal Data and how do we collect it?
Personal data is information relating to an identified or identifiable natural person. For example, it may include an individual’s name, address and gender.
We may collect personal data either directly from you (for example when you purchase a product in a store) or indirectly (for example from your electronic devices that interact with our websites, electronic forms or mobile applications (“Digital Platforms”)).
Information you provide directly to us
You may provide us with information:
- When you create an account online;
- When you subscribe to our newsletter;
- When you use our Digital Platforms;
- When you purchase products or services on our Digital Platforms or in our retail partners’ stores;
- When you visit our retail partners’ stores;
- When you participate in one of our events;
- When you contact our customer-services.
Depending on what you provide us with, such information may include:
- Your identity (including your first name, last name, gender, image);
- Your contact details (including your postal address(es), email address(es), phone number(s));
- Your personal status (including your title);
- Your purchases and repairs (including purchase history, order details);
- Your preferences;
- Certain payment information (including billing information, payment type or method, charge or credit card number);
- Other information you may provide by filling forms or by contacting us (including your feedbacks, or other communications with us which may include health data relating to possible adverse reactions to our cosmetic products).
We will inform you when your information is required in order to process your request, to respond to your queries or to provide you with our products and services. If you do not provide this information, then it may delay or prevent us from processing your request, responding to your query or providing products or services to you.
We hope to ensure that the personal data we possess are accurate at all times and therefore we encourage you to update your information in case any changes have occurred. We also may ask you to update your information from time to time.
We recommend that you only provide the data requested or necessary for your query, with the exception of any sensitive information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, sex life or sexual orientation.
Information Indirectly Collected
We may collect information when you use our Digital Platforms, such as your IP address or other browsing information (including browser, operating system, device model), through cookies or similar technologies placed on your device. Some cookies are required for the proper functioning of our Digital Platforms and other are used for analytics purposes which help us to provide you with more personalized and customized services and a better digital experience.
We may also collect information about you from third parties, such as a spouse who contacts us on your behalf or from your friends who provide us with your information in order to invite you to events you may be interested in.
If you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in our Privacy Policy. For example, you should ensure the individual concerned is aware of the various matters detailed in our Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.
Minimum Age
We remind you that we do not collect, directly or indirectly, personal data from persons under the age of 16, without prejudice to any local law setting a different minimum age. We therefore ask you not to provide us with personal data of persons who do not meet this requirement.
Why we collect personal data and how we use it
We collect and use your personal data based on one or many of the following legal basis:
- we have obtained your prior consent (for example, when you subscribe to our newsletter). Please note that for this specific legal basis, you have the right to withdraw your consent at any time
- the processing is necessary in connection with any contract between Flora Nero and you (for example, when you make a purchase);
- we have a legitimate interest in carrying out the processing and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms (for example, to prevent payment fraud);
- we have to process your personal data to comply with applicable laws and regulations.
Depending on the context, we may use your personal data in order to:
- provide you with the products or services you requested;
- conduct checks to identify you and verify your identity;
- send you Promotional Communications - with your prior consent
- provide you after-sale services and manage refunds;
- respond to your queries, suggestions and requests, including your data subjects’ rights exercises;
- manage complaints and litigation;
- manage the events you registered and/or participated in;
- to detect, prevent and fight against any fraudulent or illegal activity, including to protect your transactions from payment fraud, to act against counterfeiting and against the resale of our products in violation of our terms and conditions of sale and/or outside our distribution network
- manage the stock of certain types of products to allow a fair allocation of the products we sell;
- monitor and improve our Digital Platforms;
- conduct statistical analysis, in particular to adapt our product offer (including the use of your nationality after anonymization);
- improve our products and services;
- respect our legal obligation, including providing information to regulatory bodies when legally required, in particular to comply with our legal obligations in terms of prevention and the fight against fraud, money laundering and the financing of terrorism.
Promotional Communications (newsletters, invitations, etc.)
With your express prior consent (usually obtained by ticking a specific box in a form), you may receive information concerning offers, services, products or events sent by Flora Nero and/or by Flora Nero retail partners (“Promotional Communications”). In such a case, you also accept that your contact information is shared with Flora Nero retail partners for this purpose.
We rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you can withdraw your consent at any time.
We may ask you to confirm or update your preferences regarding Promotional Communications if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
How we disclose your personal data
We may disclose your personal data only to the parties indicated below and for the following reasons:
- We disclose your personal data to Flora Nero employees that need to have access to your personal data and are authorized to process them in order to achieve the aforementioned purposes and who are committed to confidentiality.
- We may also disclose personal data to third-party providers acting on behalf of Flora Nero and approved by Flora Nero.
All such processing is based on our prior instructions set out in a binding contract that is compliant with the requirements of applicable law. Such disclosures are made for different purposes including:
o IT development and support;
o Hosting and carrying out marketing and business studies and marketing campaigns;
o Verifying your information, authenticating payments and processing orders and payments, to third parties that provide credit reporting, payment or order fulfillment services;
o Delivery services
o Data quality management services (standardization, deduplication…)...
These providers are committed to confidentiality and are not permitted to use your personal data for any other purposes. We also require them to use appropriate security measures to protect your personal data .
- We may be required by the binding requirements of an applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.
- We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings). For example, we may disclose such personal data as necessary to identify, contact or bring legal action against a person or entity who may be violating our Terms and Conditions of Sale and Use, or who may be causing injury to, or interfering with, other users of our Digital Platforms.
- In the event that Flora Nero Accessories, Inc., or all or part of its assets, are acquired by a third party, your personal data may be included in the transferred assets.
How we protect your personal data
All your personal data is strictly confidential and will only be accessible, on a need-to-know basis, to duly authorized personnel of Flora Nero and third providers acting on our behalf with appropriate technical and organizational security safeguards.
Flora Nero has implemented security measures to protect your personal data against unauthorized access and use. We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorized access by third parties and to prevent your data being accidentally lost. We limit those who access your personal data to those who have a genuine business need to access it. Those who do access your data will be subject to a duty of confidentiality towards Flora Nero.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We also require those parties to whom we transfer your personal data to comply with the same. However, unfortunately, the transmission of information via the internet is not completely secure. So, we cannot ensure the security of your personal data transmitted by you to us via the internet. Any such transmission is at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorized use, distribution, damage or destruction of Your Information, except to the extent we are required to accept such responsibility under the law. Once we have received your personal data, we will use the security measures above mentioned.
California Consumer Act Privacy Notice
This California Consumer Act Privacy Notice (“CCPA Notice”) applies to California “Consumers” as defined by the California Consumer Privacy Act (“CCPA”). For the purpose of this CCPA Notice, “Personal Information” (“PI”) as defined by the CCPA includes personal data as used in the Privacy Policy.
This CCPA Notice is in addition to the above-mentioned provisions of the Privacy Policy. In case of contradiction, discrepancy or inconsistency between the Privacy Policy and the CCPA Notice, the CCPA Notice shall prevail for Californian Consumers. We may collect, use and disclose your PI as required or permitted by applicable law, or as directed by you, in accordance with our Privacy Policy.
We collect the following categories of PI from Consumers: identifiers, personal records, account details, consumer characteristics, professional information, and internet usage information. We draw inferences from PI provided to us by consumers, and use PI provided by Consumers to provide requested products and services; advertise and offer new products and services; and improve our products and services. We share PI provided by Consumers with
(i) our Flora Nero employees that need to have access to your personal data and are authorized to process them in order to achieve the aforementioned purposes and who are committed to confidentiality
(ii) our affiliates’ departments in charge of customer relationship, retail, e-commerce, communication, internal audit, legal, security, and IT management for the purposes set out in this CCPA Notice and our Privacy Policy and to provide you with a consistent level of service
(iii) our service providers who assist us in providing, offering and improving products and services and other purposes (IT development and support; hosting and carrying out marketing and business studies and marketing campaigns; verifying your information, authenticating payments and processing orders and payments, to third parties that provide credit reporting, payment or order fulfillment services; delivery services...).
We also use PI provided by Consumers, along with PI from publicly available data bases and from service providers to prevent fraudulent and illegal activity. We provide such PI to service providers who assist us in preventing fraudulent and illegal activity and in subpoenas and other legal process, who use this PI for such purposes.
We do not “sell” Personal Information (“PI”) that we collect directly from you, in accordance with the definition of “sell” in the California Consumer Privacy Act (“CCPA”). We do allow third parties to collect information relating to your use of our websites and mobile apps through the use of cookies and similar technologies. There is not yet a consensus as to whether data collection by third party cookies associated with our websites and mobile apps constitutes a “sale” of your PI as defined by the CCPA.
You can disable cookies through your web browser.
Consumers have the right to exercise their privacy rights under the CCPA (listed below) in their individual capacity or via an authorized agent who meets the agency requirements of the CCPA. Authorized agent requests must include a copy of the agency agreement between the authorized agent and the consumer. We will ask the consumer to independently confirm the agency relationship.
We will not discriminate against you in a manner prohibited by the CCPA as a result of your exercising your rights under the CCPA.
Any request you submit to us is subject to a verification process, including without limitation, verification of residency in the State of California (“Verifiable Consumer Request”). We will not fulfill your CCPA request unless you have provided sufficient information to reasonably verify you are the Consumer about whom we collected PI. This verification process includes asking a Consumer to provide two (2) unique data points for disclosure of general categories of PI that we collect. With respect to requests for your specific pieces of PI, as required by the CCPA we will apply heightened verification standards by asking a Consumer to provide three (3) unique data points. To make a Verifiable Consumer Request according to your rights to access your PI or to request deletion of your PI set forth below, you may send us an email by clicking on the “Contact Us” link, by writing to customerservice@floranero.com or by calling us at 1-855-FLORANERO.
Some PI we maintain about Consumers is not sufficiently associated with a Consumer for us to be able to verify that it is a particular Consumer’s PI (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that PI in our response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your CCPA rights requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. In addition, we have right not to honor a request to the extent that doing so would infringe upon ours or the rights of any other person of party’s rights or conflict with applicable law.
You have the right to send us a request, no more than twice in any twelve-month period, for any of the following for the period that is twelve months prior to the request date:
• The categories of PI we have collected about you.
• The categories of sources from which we collected your PI.
• The business or commercial purposes for our collecting your PI.
• The categories of third parties to whom we have shared your PI.
• The specific pieces of PI we have collected about you.
• A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
• If applicable, a list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:
o The categories of your PI we have sold.
o The categories of third parties to which we sold PI, by categories of PI sold for each third party.
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Note also that we are not required to delete your PI that we did not collect directly from you.