Introduction

We attach special importance to the privacy of users of our website and to compliance with the legal provisions in force.

This privacy policy enables you to better understand the principles around the collection, processing and protection of personal data that we apply, as required by applicable data protection laws, and in particular the European General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”)).

Épicerie Fine Cosmétique, the registered office of which is located at 102 Avenue des Champs-Élysées, 75008 Paris, France, is the data controller for the e-commerce website Blancrème, which can be accessed at the following URL: blancrème.com.

This privacy policy may be updated at any time by us. We ask that you read it before you provide your personal data to us. By using the website Blancrème.com, you agree to us collecting, saving, structuring, storing, using and/or transferring your personal data in accordance with this confidentiality policy.

What personal data do we collect?
We consider that any data that enable you to be identified in a direct or indirect fashion are “personal data”.

We are mainly liable to collect the following personal data:

  • Registration data: title, first name, surname, postal address, email address and phone number;
  • Log-in data: username and password;
  • Data regarding purchases: products purchased, promotional codes used, gift wrapping ordered, purchase history;
  • Order data: order dates, order delivery addresses, choice of transport company, payment methods;
  • Product data: customer reviews posted on our website;
  • Data regarding our commercial relations, in particular preferences as regards communications (newsletters), complaints, purchase records, query records and correspondence with our customer care department, sign-ups to our newsletter;
  • Browsing data: IP addresses, browser used, terminal used.

When do we collect your personal data?

We collect personal data from you when:

  • You visit our website;
  • You create an account on our website;
  • You make a purchase on our website;
  • You post a customer review on a product;
  • You subscribe to our newsletters;

You contact us, in particular when you call us or make a request or submit a complaint to our customer service department, or when you give your opinion on our products and/or services.

What is the legal basis for our processing of personal data?

The various types of processing of personal data that we carry out within the framework of our operations may have several legal bases:

  • Legitimate interests: we need to collect your personal data to get to know you better in order to offer to you personalised product and service offerings, to ensure that our website is secure, to improve our content, etc.;
  • Performance of an agreement: we have to collect your data when you sign up for one of our online services (when you create an account on our e-commerce website, when you avail of a promotion, when you make a purchase, etc.);
  • Your consent: in certain cases, the law makes it a requirement that we obtain your consent to collect or to use your data. This is the case, for instance, when we want to send you commercial communications (regarding new products or services, promotions, competitions, etc.) by email;
  • Legal obligations, when applicable legislation requires data to be processed.

Why are your personal data collected?

We collect your personal data within the framework of the aforementioned legal bases.
The main purposes are the following:

  • To create, register and manage your account;
  • To process your purchases and orders;
  • To communicate with you: to handle your requests, your complaints, and to ship your parcels;
  • To carry out administration as regards your participation in promotional events;
  • To carry out website administration, statistical analysis and to improve our quality of service;
  • To manage your orders (orders, deliveries, after-sales service, etc.);
  • To carry out Customer Relationship Management (CRM), in particular to get to know you better and to provide you with personalised information regarding our products and services (in particular, by email, via social networks and via any and all other media);
  • To carry out administration of newsletter subscriber lists and to enable you to take advantage of the benefits you have earned;
  • To manage the publication of customer reviews that are posted as regards products;
  • To carry out administration of our website, to ensure the security thereof and to fight against fraud;
  • To analyse the market and to carry out market intelligence in order to adapt our products and services in order to better meet your requirements;
  • Where applicable, to prevent and detect fraud;
  • To manage your queries (in relation to samples, advice, campaigns, complaints, your right to access data, to have data rectified and your right to have the processing thereof restricted, etc.).

With whom do we share your personal data?

We never sell, lease or assign your personal data to other businesses for sales canvassing purposes. Your data are confidential.

Your data may be sent to service providers or processors that are chosen for their expertise and for their reliability, who act in our name and in accordance with our instructions, in particular in order to provide you with services such as the processing and shipping of orders, the performance of maintenance operations and of technical development operations and the processing of “purchasing declarations”, etc.

Each service provider and processor:

  • 
Only receives the personal data required for the purposes incumbent thereupon;
  • Is obligated to not use said data, for any reason whatsoever.

If we assign a division or assets, we may provide your personal data to the potential purchaser of said division or of said assets. If Épicerie Fine Cosmétique or any and all of the assets thereof are acquired by a third party, then the personal data held concerning the customers thereof which relate to said assets shall be one of the assets that are transferred. Where applicable, in the latter case, the purchaser shall take on the role of the data controller and shall process your data, and its personal data protection policy shall govern the processing of your personal data.

Lastly, we may have cause to provide your personal data to the local authorities, if that is required by law or within the framework of an investigation, in accordance with applicable regulations.

How do we protect your personal data?

Épicerie Fine Cosmétique implements the appropriate technical and organisational measures, in relation to the type of data and to the risks which the processing thereof entails, to ensure the security and the confidentiality of your personal data and, in particular, to prevent them from being deformed, damaged, and from unauthorised third parties having access thereto.

These measures may in particular include practices such as limiting access to data as regards staff in our departments who are authorised to access them because of their duties, contractual guarantees in the event of the use of external service providers, privacy impact studies, regular examinations of our privacy practices and policies and/or physical security measures and/or non-physical security measures (secure access, authentication processes, back-up copies, anti-virus software, firewalls, etc.).

Should, in the very unlikely event, we have cause to believe that the security of your personal data in our possession or in our sphere of control has been or could have been compromised, then we shall notify you in accordance with the provisions of law, by the methods set out in law.

What is our policy in respect of minors?

Our website is designed and intended to be used by the general public. It is for people aged at least 18. We do not request or deliberately collect the personal data of individuals aged less than 18.
If it is brought to our attention or if we realise that we have collected the personal data of a minor, then we shall take the appropriate measures to contact the person and, where applicable, to delete said personal data from our servers and/or from those of our service providers. We may use your personal data to carry out checks on your age, in order to apply our rules in respect of age.

If you are not aged 18 or over, please do not create a user account, make purchases or place orders on our website. Ask an adult, your guardian or your legal representative to do these things for you.

What is our cookies policy?

To find out more about our cookies policy, please read our policy regarding cookies and third-party services.

For how long is your personal data stored?

We make sure that we do not store your personal data for longer than necessary for the purposes detailed in this privacy policy or for longer than the period provided for in applicable law.

As a general rule:

  • Prospect and customer data are stored – unless you object to them being retained or you request that they be deleted – for a period of three years from the time of collection, from the time of the last contact or from the end of the commercial relationship. Towards the end of the three-year period, we are liable to get back in contact with you to find out whether you want to keep receiving commercial communications. If we do not receive a positive and clear reply from you, then your personal data will be deleted or archived, in accordance with the provisions in force.
  • Data regarding identity papers are stored for one year in the event that the right of access, of rectification, of restriction, of deletion or of portability is exercised, and for three years in the event that the right of objection is exercised.
  • Data that enable us to establish the existence of a right or of a contract, and data that are stored to comply with a legal obligation are archived in accordance with the provisions in effect.
  • Product reviews are published on the website and are thus retained for the whole duration of publication of the website.

Our database, where our website and data relating to customer accounts is stored, is located on the servers of the company Gandi.net in the Paris area in France.

We never have access to your password, since passwords are encrypted and are thus secure. Neither do we have access to your payment information. Your payment information is sent directly to Payzen, which guarantees that your payments are secure and ensures that your bank details are anonymous.

In respect of the newsletter, email addresses, as well as first names and surnames, if they are provided, are stored on the website of a third-party company: Mailchimp, a company that meets requirements in terms of keeping data secure. The data held by Mailchimp may only be used and accessed by employees of the company Épicerie Fine Cosmétique.

What are your rights concerning your personal data and how can you exercise them?

You can unsubscribe at any time from our electronic mailing lists, by contacting us at the address above, or by clicking on the “Unsubscribe” hyperlink contained in each of the emails we send to you.

You can also change your preferences at any time, using your online Blancrème account.

You can also request that your account be deleted, on our website. You will be sent a record of your data by email and your data will be anonymised on our servers during the legal retention period laid down in the applicable regulations.

In accordance with applicable legislation, you have the right to access your personal data, to have them rectified, to have them deleted or destroyed, to data portability, to object to them being processed and the right to have the processing thereof restricted. You may withdraw your consent at any time. You may also issue us with instructions in relation to the retention, deletion and communication of your personal data after your death. To exercise these rights, you must send us a request and enclose with it a copy of your identity papers that features your signature. Our address is:

Épicerie Fine Cosmétique-Blancrème,
Service Clients,
39 Route d’Herqueville,
27430 Andé,
France.

We shall inform you of the measures taken following your request, as soon as possible.

In accordance with applicable regulations, you may also make a complaint to the competent French regulator that is charged with data protection or make an application to the courts, if your data are used inappropriately.

If you should have any questions at all about this confidentiality policy, please contact our Data Protection Officer (DPO). Our address is:

Épicerie Fine Cosmétique,
Direction Juridique / Délégué à la Protection des Données,
39 Route d’Herqueville,
27430 Andé,
France.