PRIVACY POLICY
PRIVACY POLICY LAST UPDATED AUGUST 2023
We invite you to read this Policy, which explains how your personal data are collected, used, disclosed and otherwise processed by the La Prairie companies listed in the Data Controllers and Contact section below (Section 10) ("La Prairie", "we", "us").
1. INTRODUCTION
This Policy tells you how you can access and update your personal data and make certain choices about how your personal data are used which, depending on where you are located may include a right to object to some of the processing (including personalized marketing) we carry out or where we rely on your consent, and a right to withdraw this consent. More information about your preferences and rights is set out in Section 8 below.
This Policy covers our data collection activities, including personal data we collect through our various channels online (such as websites, apps, and social networks) and offline (such as at points of sale, customer service and events). It also explains how we collect information through the use of cookies and related technologies on our websites and apps. Certain sections may not be applicable to you depending on how you provide your personal data to us or interact with La Prairie. Please note that we combine personal data that we collect via one channel (e.g. La Prairie website) with personal data we collect via another channel (e.g. a La Prairie point of sale or event-in-store) which can include combining personal data that were originally collected by different La Prairie companies in different countries in order to provide you a personalized service adapted to your preferences and interests. More information about these activities is set out below. We will tell you if it is mandatory for you to provide us with certain personal data – if you do not provide us with such requested personal data, we may not be able to provide you with the requested products or services or communicate with you.
If we change the way we handle your personal data, we will update this Policy and notify you or seek your consent as and when appropriate, usually by placing an updated Policy on our websites. If we make significant changes that materially alter our privacy practices, we may also notify you by other means, such as sending an email prior to the changes taking effect. We reserve the right to make changes to our practices and this Policy at any time. We invite you to check our websites from time to time for any updates or changes to this Policy.
We may also provide you with additional information when we collect personal data where we feel it would be helpful to provide relevant and timely information.
If you are using our website in South Korea, please refer to the Addendum for South Korea which is appended to this Policy.
2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS AND HOW WE COLLECT IT?
We obtain personal data from or about you from various online and offline sources including when you: (i) interact with our websites listed on http://www.laprairie.com, mobile sites, applications or social media pages (together "the Digital Platforms"); (ii) create a La Prairie account on our Digital Platforms, or in our boutiques, stores, counters or spas ("Points of Sale"); (iii) interact with us on our chat services, forums or blogs; (iv) visit one of our Points of Sale; (v) participate in our events and demonstrations, loyalty or other client programs, competitions, promotions or surveys; (vi) subscribe to our marketing communications; (vii) make physical or online purchases in our Digital Platforms or Points of Sale; (viii) participate in beauty consultations or treatments; or (ix) interact with our beauty advisors and customer service.
Our products are sold through various authorized business partners. Unless otherwise indicated at the time that you provide your personal data, this Policy does not apply to any personal data that our authorized business partners independently collect from you.
We collect and process the following personal data:
The list below is provided to give you an overview of the type of personal data we may collect and process. However, the collection and processing of these data are not systematic: only personal data necessary to fulfil each purpose will be collected and used.
Personal data provided by you (for example, by creating a La Prairie account, signing up to our loyalty or other client programmes, or by providing data about yourself to us in our Digital Platforms or Points of Sale):
- Contact information (such as your name, phone number (home and mobile), home address and email address);
- Identification information, (such as your age, date of birth, gender, nationality, country of residence, image, signature);
- Purchase history and interactions with us (such as order details, products bought and quantity, consultations, treatments, visits to our Digital Platforms or Points of Sale);
- Social media account;
- Billing information (including delivery address and payment details). We reserve the right to request additional evidence or proof of billing information where, in our reasonable opinion, this is necessary. Please note we do not keep your payment card details on file. We use a third-party data controller to process payment details;
- Website registration credentials (including username and password). By creating a La Prairie account, you can store and edit your delivery addresses and billing information and review your previous purchases and order history;
- Preferences (such as communication channels, preferred language, product preferences, skincare wishes);
- Personal life information and inferences (such as life habits, interests, lifestyle, hobbies, reactions to marketing campaigns);
- Skin type and health information in case you participate in our beauty consultations or treatments (such as allergies, medication, previous reactions) or you provide this information to our customer service;
- Information about your physical characteristics, skincare concerns and any other information obtained through the different interactions with us (such as a beauty consultation or treatments, a survey or when you visit our social media pages, blogs or forums or interact with customer service or our chat service);
- Correspondence and communication between us and you; and,
- Information or content you provide to us (such as photographs, videos, reviews, questions, survey response and comments).
We do not knowingly collect and process information about minors, nor do we knowingly sell or share personal data about individuals who would be considered minors in your jurisdiction.
Information automatically collected and processed from us or from your use of our Digital Platforms, your visits to our Points of Sale or interaction with our online adverts.
We automatically collect and process the following information:
- technical information, including your device’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers;
- information about your visit to our Digital Platforms, including the URL clickstream to, through and from our Digital Platforms (including date and time); products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- online activity, such as your internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with our websites or third parties' websites such as social media, applications or advertisements and other technical information or personal information shared by the service provider you are using;
- social media data – the use of our Digital Platforms does not generally involve processing data in relation to third party media platforms and/or social networks, such as Facebook or Instagram. However, if you accept the targeting cookies or if you use the share button to share our content through those platforms, those third parties may collect and process your data in order to provide you with personalized advertising. To find out more about how those third parties process your data and your data protection rights, please check their respective privacy policies;
- CCTV security camera data (such as your image) when you visit one of our boutiques that has a CCTV camera used to view and record individuals 24 hours per day, 7 days per week for security reasons. When a CCTV camera is in use at our boutiques, we will make sure that signs are displayed at the entrance of the surveillance zone to inform employees, clients and contractors, and that all such recordings are automatically destroyed after a maximum of 72 hours. Other activities might be conducted at our boutiques, such as measurement and analysis of client’s movements and demographics in an aggregated and anonymous way. If they involve the processing of your personal data, additional and specific notice will be available at our boutiques and your consent will be requested if required by applicable laws;
- Information necessary to fight counterfeiting and infringements of La Prairie’s intellectual property rights, such as identification and contact details and any other information and documents related to counterfeit and infringing activities. This information may be collected directly by La Prairie or one of its vendors on its behalf and provided to La Prairie by external parties;
- Information necessary to manage La Prairie’s selective distribution system in order to protect La Prairie brand and identify unauthorized resellers. This will include profiling activities on client’s purchase behaviours (such as products bought, quantities, frequency and other transaction details) based on objective criteria but it does not imply automated decision making.
Some of this information is collected using cookies and related technologies. To learn more, please see Section 6 on "Cookies and related technologies".
Information collected and processed from third party sources
- From time to time (where permitted by applicable law), we collect information such as your preferences, interests and other demographic data from trusted third party sources (e.g. business and retail partners, payment and delivery services, social media networks, advertising networks, analytics providers, market research organisations, our affiliates, event partners, public authorities and search information providers) for example, when you have given consent to such third party to share your information with us. We may also instruct such third-party partners to provide their own information about you to external platforms. This information will be used for the purposes outlined in this Policy, and in particular, to enrich your La Prairie profile. The privacy and cookie policies of those third parties will apply to their processing of your personal data.
- Location information when you visit our Digital Platforms in order to direct you to the appropriate domain (internet location) or when you request location services provided by us, for example in order to find the nearest store to you or to provide more precise location based content.
- When you pay for your products, we may get information from our payment processing service provider who will carry out credit and antifraud checks on you and the payment method you provide in order to verify your identity, to validate your credit or debit card, to obtain an initial credit or debit card authorization and/or to authorize individual purchases.
Profiling
In order to ensure data accuracy and to offer you a better and personalized client experience no matter where and how you interact with us, we link or combine the information that we collect from the different sources and channels outlined above to provide personalized services, content, targeted communications and advertising and for analytics purposes (e.g. we combine data about your purchases in our Digital Platforms with information gathered at our Points of Sales such as details from a beauty consultation so that we can provide you with personalized service, offers and skincare recommendations). This includes combining personal data also collected by different La Prairie companies. All the information that La Prairie processes about you (including information provided by you or collected by us or by third parties) will be linked to your La Prairie profile. We also may draw inferences from any of your information and interactions with us to enrich and supplement such profile, reflecting your preferences, characteristics, trends, predispositions, aptitudes and attitudes. We will use your identification data such as email address or phone number to link the information to your profile. The above may also apply when checking out as a guest on our Digital Platforms and if you are a prospective client.
You do not have to provide personal data to us to purchase our products in the Points of Sale or access our Digital Platforms but certain functionalities and services (such as being able to buy our products via the website) will not otherwise be available to you. You may however choose whether or not to receive personalized marketing communications from us and we will only send you such communications where we have the appropriate consent to do so. For more information on your rights and preferences regarding how we use your personal data, please see Section 8 below.
You must not provide to us information about anyone else unless you have their permission to do so.
3. WHY DO WE NEED YOUR PERSONAL DATA?
We process your personal data for the reasons set out below (and/or with your consent, where required by applicable law):
Purpose | Legal basis |
---|---|
To provide you with the products and services you have purchased or requested in our Digital Platforms or Points of Sale. This includes for example the processing of your payment, credit card checks and fraud prevention activities, delivery and return management. |
|
To send you service-related communications. This includes communications related to your purchases, your beauty consultations, appointments or events you have registered to. |
|
To set up and manage your La Prairie profile and provide you with personalized services. All personal data we process about you will be linked and combined to create a profile about you and provide you with personalized services adapted to your interests and preferences. More details can be found in Section 2 under "Profiling". |
|
To communicate with you for marketing-related purposes if agreed by you. This includes communications about our products, services, promotions and events by telephone, post, SMS, e-mail, social media, chat or via our applications or to send you samples, gifts and rewards in accordance with your communications preferences and to the extent permitted by applicable laws. These communications can be conducted by our beauty advisors or by any of our group companies (please see Section 8 below about how you can control your preferences and opt-out from these communications); |
|
To enrich your La Prairie profile. This includes supplementing your La Prairie profile with information related to your activities on social media and your browsing activity across different websites and devices through the use of cookies and similar technologies by us or third parties (such as social media - WeChat, WhatsApp, Baidu, Kakao Talk, Twitter, Facebook, Instagram or other online platforms). The privacy and cookie policies of these third parties will apply to their use of your personal data. |
|
To allow you to participate in the interactive features of the website and to place cookies and related technologies in accordance with Section 6 below. |
|
To ask your opinion or to take part in market research or client studies. |
|
To provide you with personalized advertising both on our Digital Platforms and other selected partner websites. |
|
To create lookalike campaigns that enable us to reach people who are likely to be interested in our products because they are similar to you. We may use cookies or other technologies that may rely on third parties (such as Facebook, Instagram, WeChat and other online platforms). You may have provided your consent to those third parties and their respective privacy policies would apply. |
|
To monitor your account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime in accordance with applicable law. |
|
To investigate any complaints or answer any inquiry received from you or from others about our Digital Platforms, Points of Sale or our products and services. |
|
To monitor the use of our Digital Platforms and Points of Sale and use your information to help us monitor, improve and protect our products, brand, content, services and Digital Platforms and Points of Sale, both online and offline and your experiences with us including via research and demographic studies; analytics and data cleansing and measuring the effectiveness of our advertising campaigns. |
|
To use personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such personal data in connection with legal process or litigation) or to enforce or apply our Terms of Use or any other agreements, our selective distribution system or to protect the rights, property, or safety of La Prairie, our customers, or others. |
|
For our internal corporate reporting purposes. |
|
In response to requests by government or law enforcement authorities conducting an investigation. |
|
4. HOW DO WE DISCLOSE AND TRANSFER YOUR PERSONAL DATA?
In addition to the La Prairie companies mentioned in the Data Controllers & Contact section below, we may share your personal data: (where permitted in accordance with applicable privacy laws) with the following third parties for the purposes outlined above:
- companies in our group. A full list of our group companies can be found here;
- banks and our payment services provider for the purpose of transaction processing;
- third parties, where we have your permission to do so (e.g. social networks providers, concierge service or our authorized retail partners). Your personal data will become subject to the privacy policies of those third parties when your personal data is shared with them;
- prospective or eventual buyers of our business (if we or substantially all of our assets are acquired by or merged with a third party including through bankruptcy);
- any law enforcement agency, court, regulatory, government authority or other third party where in our reasonable opinion this is necessary to comply with a legal or regulatory obligations or otherwise to enforce or apply our Terms of Use or any other agreements and our selective distribution system; or to protect the rights, brand, property, or safety of La Prairie, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; or
- our third-party service providers (as well as group companies and authorized retail partners) who perform services on our behalf based on our instructions. We do not authorize these parties to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these parties include employees of our authorized retailers and partners that serve you in the stores, IT support service providers, companies that fulfil orders and manage refunds, and provide data hosting and support, content personalization, advertising and marketing services (including digital and personalized advertising) and data cleansing, management, segmentation and analysis.
Please note that the third parties listed above may be located in a country outside of your country of residence, including outside the European Economic Area, United Kingdom or Switzerland. Please click here for a list of our affiliate locations. When these third parties process your data on our behalf, we implement appropriate contractual arrangements with them that include strong data protection obligations. More details about international data transfers can be found below under "Data Transfers."
We also share information with third parties including social media and search engine partners:
We aggregate your personal data with the information of other customers, creating a dataset of information about the usage of our platforms, purchase of our products, and other general, grouped information about our customers. Although this dataset is aggregated and anonymised, meaning it cannot directly or indirectly identify you as an individual, it provides a valuable insight into the use of our Digital Platforms and Points of Sale and we will share it with select third parties. These parties include our group companies.
We also transfer information about you to ad technology providers and our social media and search engine partners (including Meta, Google and Twitter) so that they may recognize your devices and deliver interest based content and advertisements. The information can include your name, postal address, email, device ID, or other identifier in encrypted form. The providers often process the information in hashed or de-identified form. These providers can collect additional information from you, such as your IP address and information about your browser or operating system; combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. The third parties that generate these cookies have their own privacy policies that will apply.
In this regard, we have concluded a corresponding agreement with Meta for joint controllership, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This agreement defines the respective responsibilities for fulfilling the obligation under the applicable laws with regard to joint controllership. The contact details of the controller and the data protection officer of Meta can be found here: https://www.facebook.com/about/privacy. Without prejudice to this, the jurisdiction of the Rights of Data Subjects is not limited. We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see Section 8).
Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of joint controllership based on the legitimate interest.
Information on the data security conditions can be found here. https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Data Transfers
Your personal data is stored mainly on servers in the European Union. However, we operate globally and may transfer your personal information to other companies within the La Prairie group, (a full list of which can be found here), third party service providers or to authorized retail partners in locations around the world, including countries that do not provide an adequate level of data protection. We want you to have the best service and client experience no matter how and where you interact with us, whether in our Digital Platforms or our Points of Sale all over the world. For this purpose, we may have to share your personal information outside the country where you have first shared it with us, always for the purposes described in this Policy and where we are satisfied with the levels of protection and security implemented by the third party in compliance with applicable laws. This sharing of your personal information is necessary to enable us to offer you a global and personalized client experience and services.
Where your personal data is transferred to jurisdictions outside the place from which you are accessing the website, the European Union or Switzerland and to jurisdictions that do not offer an adequate level of data protection in accordance with the European Commission, Swiss authorities, or the relevant applicable laws, we will take steps to ensure your information is adequately protected by entering into the EU Commission and Swiss approved standard contractual clauses pursuant to Art. 46 (2) of the GDPR or put in place other measures under applicable laws to ensure that such transfer provides adequate safeguards. More information about this topic for users from the European Union and Switzerland is published here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en
A copy of the relevant mechanism can be obtained for your review on request by using the contact details provided in Section 10.
5. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data will be retained for a certain period of time based on the following criteria: (i) as long as necessary to fulfil the purposes outlined in this Policy; (ii) any applicable legal requirements; or (iii) any request for deletion from you in applicable situations.
To the extent permitted by applicable laws:
- In relation to our clients, your data is stored for the duration of the contractual relationship and for 7 years afterwards.
- In relation to our prospects: your data is stored for 3 years from your last interaction with us.
Please note that we may be required by law (e.g. tax, accounting or legal obligations) to store certain data for a longer period of time. For more information, please contact us using the details in Section 10.
6. COOKIES AND RELATED TECHNOLOGIES
What are cookies?
Cookies are small text files that websites send to your computer, mobile device or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser.
We use and allow third party service providers to use cookies, web beacons and other similar technologies on our platforms, social media pages and communications. We do this to understand your use of our services, improve your user experience and enable personalized features and content; optimize our advertising and marketing and to enable third party advertising companies to assist us in serving ads specific to your interests across the Internet. View a full list of cookies and update your preferences in the Cookie Settings.
The cookies that we use can be categorised as follows:
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Whenever technically possible, all information these cookies collect is aggregated and therefore anonymous.
[If you do not allow these cookies, we will not know when you have visited our site. Upon your consent, we use Google Analytics, run by Google Inc for this purpose. To opt out of being tracked by Google Analytics, you can visit the Cookie Settings or visit https://tools.google.com/dlpage/gaoptout.
These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.
These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly identifying personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Web server logs and web beacons
In conjunction with obtaining information through cookies, our web servers may log details such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. The web server logs also may record information such as the address of the web page that linked you to our website and the IP address of the device you use to connect to the Internet. This information helps us to troubleshoot errors, improve performance and maintain the security of our Digital Platforms. To control which web servers collect this information, we may place tags on our web pages called “web beacons”. These are computer instructions that link web pages to particular web servers and their cookies. We may also use cookies and similar technologies (such as web beacons) to allow us to tell if an email we have sent to you has been opened and acted upon and whether our mailing tools are working correctly or, to measure performance and to provide content and ads that are more relevant to you.
Can I opt out of cookies and similar technologies?
You have the option to accept or reject our cookies at any time in the Cookie Settings.
By rejecting or disabling cookies, certain website content or functionality may not be available to you.
Because web beacons are the same as any other content request included in the recipe for a web page, you cannot opt out or refuse them. However, you may be able to disable web beacons in email messages by not downloading images contained in messages you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable a web beacon or other similar technologies in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider. Web beacons may also be rendered ineffective in some circumstances by opting out of cookies or amending your cookie settings in your browser.
7. HOW DO WE PROTECT YOUR PERSONAL DATA?
We are committed to protecting the personal data we collect and keeping your personal data secure is very important to us. We take steps to ensure that your personal data is protected against unauthorized or unlawful processing and against accidental loss, damage or destruction or disclosure and we limit access to your personal data to persons who reasonably need access to it, to provide products or services to you. However, no set of security measures is completely effective against all security threats.
Our Digital platforms may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how those third parties may use your personal data. Please check these policies before you submit any personal data to those websites.
If you create an online account with us, you will be asked to provide an account username and password as part of our security procedures. You must treat such information as confidential and you must not disclose it to any third party.
8. WHAT ARE YOUR RIGHTS AND PREFERENCES REGARDING YOUR PERSONAL DATA?
Your rights
In accordance with applicable law, you may have the following rights:
- Right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible form of the personal data we process about you and how we process it. You also have the right to obtain a confirmation from us on whether or not we process your personal data and if that is the case, access to such personal data and obtain a copy.
- Right to rectification: you have the right to rectify your personal data and to have it complete in case it is incomplete or inaccurate.
- Right to erasure: you have the right to ask us to delete your personal data. We will delete or anonymize your personal information, unless otherwise required by applicable data protection laws or if La Prairie has a legitimate interest to keep it.
- Right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data.
- Right to discontinue collection, use, and/or processing: if you are a resident of Taiwan, you have the right under the PDPA to request that we discontinue the collection, use, and/or processing of your personal data.
- Right to data portability: you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit such personal data to another controller.
- Right to withdraw your consent: if you have given your consent to a data processing activity, you can withdraw this consent at any time as indicated under "Your preferences." Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement or contractual obligation to process your personal data. In some instances, this may mean that we are able to retain your personal data even if you withdraw your consent. In such a case, we will apply appropriate measures and safeguards to protect your personal data.
Right to object
You have the right to object to the processing of your personal data when such processing is based on legitimate interests. Nevertheless, we may have legitimate reasons to continue processing your personal data.
If you wish to exercise any of these rights, please contact us by using the details in Section 10.
Your preferences
We strive to provide you with choices regarding the personal data that you provide to us. The following mechanisms give you control over your personal data:
Advertising, marketing and personalization (offline and online): If you wish to be notified about our products and services, events, loyalty and other client programmes as well as other promotional activities, you can indicate your communication preferences through the relevant checkbox(es) on our Digital Platforms and Points of Sale or by answering the question(s) presented by our beauty advisors or store representatives. Some of our activities and communications may be personalized to your specific interests and preferences (which will be done with your permission, if required by law).
If you wish to stop receiving our marketing communications (and/or you wish opt out of only some type of personalized marketing communications), simply let us know at any time by following the opt-out instructions in the relevant communication or using the details in Section 10. Please note that we send different types of personalized marketing communications (e.g. newsletters, beauty advisors’ emails, surveys, etc.) and you can decide to opt out of all of them or only some of them. Opting out of personalized marketing communications will not stop you from receiving service messages (i.e. non-marketing communications, such as e-mail updates on your order status or notifications about your account activities) from us.
Please note you may be asked about your preferred channel/s to receive our communications and you can change or update this at any time by contacting one of our beauty advisors or using the contact details in Section 10.
We only undertake direct marketing with your consent, where required by applicable law. If you have a La Prairie account on our Digital Platforms, you can withdraw your consent and/or update your communication preferences under your account profile while logged in.
Cookies/Similar Technologies and Interest Based Advertising: You can set your cookie preferences at any time in the Cookie Settings.
9. U.S. PRIVACY DISCLOSURES
If you are a California resident, you may take advantage of the following privacy rights:
- Right to Know: You have the right to know what personal data we have collected about you, including the categories of personal data, the categories of sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom we disclose personal data, and the specific pieces of personal data we have collected about you.
- Right to Delete: You have the right to delete personal data that we have collected from you, subject to certain exceptions. Note that there are some reasons we will not be able to fully address your request, such as if we need to complete a transaction for you, to detect and protect against fraudulent and illegal activity, to exercise our rights, for our internal purposes, or to comply with a legal obligation.
- Right to Correct: You have the right to correct inaccurate personal data that we may maintain about you, subject to appropriate verification.
- Right to Opt-Out of the Sale or Sharing of Personal Data: You have the right to opt-out of the "sale" or "sharing" of your personal data, as such terms are defined in California privacy laws, to third parties and to affiliated companies that do not share the same brand name. This means that, if you opt out, going forward, we will not sell or share your personal data with such third parties to use for their purposes, including cross-context behavioral advertising, unless you later direct us to do so.
If you are a Virginia resident, you may take advantage of certain privacy rights pursuant to Virginia Code 59.1-577. For example, you may request to access, correct, or delete your personal data. Because we "sell" personal data and engage in "targeted advertising" as these terms are defined in Virginia law, you may also exercise your right to opt-out of such sales or targeted advertising. You have the right to appeal a denial of your privacy rights.
How to submit a request
To take advantage of your right to know, delete, or correct under California or Virginia law, or to submit an appeal of a denial of your privacy rights, please use the Client Services page of our website to send us a note or contact us by phone at 1 800 821 5718, or by using the Data Controllers and Contact section below. We may request certain information to verify your identity before we can respond to your access and deletion requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.
To take advantage of your right to opt out of the sale or sharing of personal data, please click on the "Do Not Sell or Share My Personal Information" link which also is on our website footer or contact us using the Data Controllers and Contact section, below.
We will not discriminate against you because you exercised your rights under this section of the Privacy Policy.
Agent requests
You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. La Prairie retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal data, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention.
Text messages
You can text SIGNUP to 48442 to receive exclusive news about La Prairie, or by signing up through our website, you are subscribing to receive promotional text messages from La Prairie at the mobile number you provided. Consent to receive marketing text messages is not required as a condition of purchasing any goods or services. Standard message, data, voice, or other rates may apply from your mobile service or wireless device carrier for SMS messages you receive. Message frequency will vary.
You can opt out of texts at any time by replying STOP to any text message or text 48442. You may receive one final confirmation SMS message of your opt-out request. For help related texts, reply HELP to any text message or text 48442. You can also contact us using the details in Section 10.
Supported carriers in the US are: AT&T, Sprint, T-Mobile®, Verizon Wireless, Boost, Cricket, MetroPCS, U.S. Cellular, Virgin Mobile, ACS Wireless, Appalachian Wireless, Bluegrass Cellular, Carolina West Wireless, Cellcom, C-Spire Wireless (formerly Cellsouth), Cellular One of East Central Illinois, Cincinnati Bell Wireless, Cross (dba Sprocket), Duet IP, Element Mobile, EpicTouch, GCI Communications, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri Cellular), Illinois Valley Cellular, Immix (Keystone Wireless / PC Management), Inland Cellular, iWireless, Mobi PCS (Coral Wireless LLC), Mosaic, MTPCS / Cellular One (Cellone Nation), Nex-Tech Wireless, nTelos, Panhandle Telecommunications, Peoples Wireless, Pioneer, Plateau, Revol Wireless, Rina - Custer, Rina - All West, Rina - Cambridge Telecom Coop, Rina - Eagle Valley Comm, Rina - Farmers Mutual Telephone Co, Rina - Nucla Nutria Telephone Co, Rina - Silver Star, Rina - South Central Comm, Rina - Syringa, Rina - UBET, Rina - Manti, South Canaan / CellularOne of NEPA, Thumb Cellular, Union Wireless, United, Viaero Wireless, West Central Wireless, Leaco, Nemont/Sagebrush. T-Mobile is not liable for delayed or undelivered messages.
Data Protection Disclosures
Categories of Personal Data Disclosed for Business Purposes
In the last 12 months, La Prairie has disclosed the following categories of personal data for a business purpose (such as with our service providers or processors, whose use of personal data we disclose is limited to providing certain service to us pursuant to a written contract):
- Identifiers, billing information and commercial information, disclosed to our affiliates, our third-party service providers, payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
- Website registration credentials, disclosed to our cloud data storage providers.
- Preferences, disclosed to our affiliates, our third-party service providers, email/SMS service providers, customer service and intelligence platforms, and cloud data storage providers.
- Personal life information, disclosed to our affiliates, our third-party service providers, customer service and intelligence platforms and cloud data storage providers.
- Communications with you, disclosed to our affiliates, our third-party service providers and our cloud data storage providers.
- Content you provide, disclosed to our affiliates, our third-party service providers and our cloud data storage providers.
- Internet or electronic activity information, disclosed to our affiliates, our third-party service providers, payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
- Demographic information, disclosed to our affiliates, our third-party service providers, payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
- Sensitive personal data disclosed to our affiliates, our third-party service providers, email/SMS service providers, customer service and intelligence platforms, and cloud data storage providers.
- Audio or visual Information disclosed to our security providers.
- Inferences drawn from the above categories, disclosed to our affiliates, our third-party service providers, payment processors, email/SMS service providers, customer service and intelligence platforms, cloud data storage providers, and anti-fraud and anti-counterfeiting service providers.
Additional detail on the business purposes for which we disclose personal data is provided above under "How we Disclose and Transfer Your Personal Data?"
Categories of Personal Data Sold or Shared
In the last 12 months, La Prairie has sold or shared the following categories of personal data with advertising networks, advertising platforms, and social media companies for the purposes described in this Privacy Policy, including for targeted advertising:
- Identifiers
- Commercial information
- Preferences
- Personal life information
- Internet or electronic activity information
- Social media information
- Demographic information
- Inferences drawn from the above categories
We do not knowingly sell or share personal data about persons under the age of 16.
10. DATA CONTROLLERS AND CONTACT
If you have any questions about this Policy or privacy matters generally or to make a complaint about our compliance with applicable privacy laws, please contact us using the Contact us page of our website and our customer services team will be happy to assist you.
You can also use this Contact us if you wish to exercise your preferences and rights as detailed above.
We will acknowledge and investigate any complaint you make (including a complaint that we have breached your rights under applicable privacy laws). We hope that we can satisfy queries. The Data Protection Officer (DPO) designated by La Prairie Group AG (and its affiliates) is available at the following address: Data.Privacy@LaPrairieGroup.ch
However, you have the right to lodge a complaint with the relevant data protection authority, in particular in the Member State of your habitual residence or place of the alleged infringement.
If you are in Australia, your data protection authority is the Office of the Australian Information Commissioner (www.oaic.gov.au).
If you are in Hong Kong, your data protection authority is the Office of the Privacy Commissioner for Personal Data (https://www.pcpd.org.hk/)
If you are in Japan, your data protection authority is the Personal Information Protection Commission. (https://www.ppc.go.jp/)
DATA CONTROLLER RESPONSIBLE FOR ALL ACTIVITIES (BOTH ONLINE AND OFFLINE)
CH-8008 Zurich
Switzerland
Phone number: +41 44 947 82 10
Contact Us form: Contact us
Data Protection Officer of La Prairie Group AG (and its affiliates):
Email: Data.privacy@LaPrairieGroup.ch
Phone: +41 44 947 82 10
Phone number: +49 931 304 976 0
Correspondence address: Westlands Road 18, Suites 2408 – 11, 24/F, Hong Kong
If indicated at the time you make a La Prairie purchase in our Points of Sale or you provide your details to one of our instore beauty advisors or representatives, the La Prairie group companies will also act as local data controllers. Please find here the list of companies and contact details: https://www.laprairiegroup.ch/contact-us.
Privacy Policy Addendum for South Korea
This Privacy Policy Addendum ("Addendum") applies only if you use our website in South Korea. The Addendum supplements the information in the Policy and is to be read together with the Policy.
Personal Information Processing and Retention Period
- We process and retain personal information within the retention period as required by laws or agreed by you.
- As referenced in Section 5, we may be required by law (e.g. tax, accounting or legal obligations) to store certain data for a longer period of time.
- For more information, please contact us using the details in Section 10.
Items of Personal Information to be Collected and Used
With reference to the categories of data outlined in Section 2, La Prairie collects and uses the following items of personal information, making the following distinctions between mandatory and optional:
- General personal information
Platform | Collection Event | Items | Mandatory/Optional |
---|---|---|---|
Online Store | Creating a La Prairie account online | Name, password, email address, country of residence, general consent | Mandatory |
Marketing consent, title, date of birth, phone number, preferred language, preferred communication channel, country/region of origin | Optional | ||
Purchasing products from our online store | Credit card information, bank account information, payment records, order records, address, purchase history | Mandatory | |
Booking an online consultation | Preferred language, phone number | Mandatory | |
Using our Contact Us form | Name, email address | Mandatory | |
Country | Optional | ||
Cookie data | IP address, date and time of visit, device information, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers, URL clickstream to, through and from our Digital Platforms (including date and time), products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page | Mandatory | |
Social media data, geolocation | Optional | ||
Offline in store | Creating a La Prairie account offline | Title, name, email/mobile phone, country of residence, general consent, signature | Mandatory |
Marketing consent, date of birth, email/phone number (depending on whichever channel was not provided above), preferred language, country/region of origin, personal life information and inferences, skincare wishes | Optional | Consultations/treatments | Name, email address, signature | Mandatory |
Address, telephone number, treatment preferences | Optional |
- Sensitive information
- Optional items: Skin type and medical information in case you participate in our beauty consultations or treatments (such as allergies, medication, previous reactions), Information about your physical characteristics, skincare concerns and any other information obtained through the different interactions with us.
Provision of Personal Information to Third Parties
We provide personal information to the following third parties within the scope of consent obtained from users.
1. Personal data collected through our various channels offline (such as at points of sale, customer service and events):
Recipient | Country | Purposes | Personal data | Retention period |
---|---|---|---|---|
La Prairie Group AG +41 44 947 82 10 |
Switzerland | Fulfil a contract, provide personalized client services, statistics and direct marketing (only if you have consented to receive marketing communications) | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Certain period of time based on the following criteria: (i) fulfilment of the purposes; (ii) any applicable legal requirement; or, (iii) any request for deletion from you |
La Prairie Group AG Affiliates located outside of South Korea | See list of entities and contact details here: https://www.laprairie.com/ko-kr/contact-us | Fulfil a contract, provide personalized client services, statistics and direct marketing (only if you have consented to receive marketing communications) | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Certain period of time based on the following criteria: (i) fulfilment of the purposes; (ii) any applicable legal requirement; or, (iii) any request for deletion from you |
2. Personal data collected through our various channels online (such as websites, apps, and social networks):
Recipient | Country | Purposes | Personal data | Retention period |
---|---|---|---|---|
La Prairie Korea Ltd. +82263 90 11 11 |
South Korea | Fulfil a contract, provide personalized client services, statistics and direct marketing (only if you have consented to receive marketing communications) | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Certain period of time based on the following criteria: (i) fulfilment of the purposes; (ii) any applicable legal requirement; or, (iii) any request for deletion from you |
La Prairie Group AG Affiliates located outside of South Korea | See list of entities and contact details here: https://www.laprairie.com/ko-kr/contact-us | Fulfil a contract, provide personalized client services, statistics and direct marketing (only if you have consented to receive marketing communications) | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Certain period of time based on the following criteria: (i) fulfilment of the purposes; (ii) any applicable legal requirement; or, (iii) any request for deletion from you |
- In case of emergencies, such as disasters, infectious diseases, incidents or accidents that cause imminent risk to life or body, and imminent property loss, the Company may provide personal information to relevant agencies without the consent of data subjects, in accordance with the "Rules on Processing and Protection of Personal Information in Emergency Situations" jointly announced by government agencies. Please click here (link) for more details.
Delegation of Personal Information Processing
We delegate the processing of personal information to the following third parties.
Delegation of personal data processing | ||||
---|---|---|---|---|
Delegate | Country | Delegated scope of work | Personal data | Retention period |
ARIM Mailing Packaging Co. Ltd. +82 2 803 2445 |
South Korea | Send the La Prairie marketing communications by direct mail (only if you have consented to receive marketing communications) | Title, first name, last name and address | After one month from the sending date |
Invito +82 70 5143 6862 | South Korea | Send the La Prairie marketing communications by SMS and MMS (only if you have consented to receive marketing communications) | Title, first name, last name and phone number | After one week from the sending date |
Wee’s Group +82 70 5038 3023 |
South Korea | Send the La Prairie marketing communications by Mobile DM/ website system development (only if you have consented to receive marketing communications) | Title, first name, last name and phone number, transaction history, personal preferences | After one week from the maintenance requested date |
Schenker Korea Ltd. +82 32 744 0300 |
South Korea | Send packages to customers of our eCommerce platform | First name, last name and phone number, address | Until contract is terminated |
SureM +82-70-4162-4744 |
South Korea | Send the La Prairie marketing communications by mobile and Kakao (only if you have consented to receive marketing communications) | Title, first name, last name, phone number and nationality | Keep until next month of the month of sending |
Ilyang Logis +82 1588 0002 |
South Korea | Package delivery tracking | First name, last name and phone number, address | After 3 months from the sending date |
Overseas Transfer of Personal Information
We delegate personal information overseas as follows:
- Personal data collected through our various channels offline (such as at points of sale, customer service and events):
- Personal data collected through our various channels online (such as websites, apps, and social networks):
Service Provider | Jurisdiction | Purposes | Personal data | Retention period |
---|---|---|---|---|
Winparf SAS +33 1 80 05 13 40 |
France | Database maintenance | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Until the La Prairie client account is deleted |
BnKay Limited +852 9664 3319 | Hong Kong | Database maintenance | Title, date of birth, nationality, preferred language, transaction history, personal preferences | Until the La Prairie client account is deleted |
Free FutureSoft Ltd. +30 210 9249704 |
Greece | Database maintenance | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language, transaction history, personal preferences | Until the La Prairie client account is deleted |
Service Provider | Country | Purposes | Personal data | Retention period |
---|---|---|---|---|
Salesforce.com Inc. 1-800-667-6389 |
United States | Housing services | Title, first name, last name, address, e-mail, phone number, date of birth, nationality, preferred language | Until the La Prairie online client account is deleted |
Destruction of Personal Information
- We will destroy personal information without delay when personal information becomes unnecessary, such as when the retention period has lapsed, or the purpose of processing personal information has been achieved. This also applies to instances where we receive requests to delete personal information.
- We will destroy personal information as follows:
- Destruction procedure: The information collected for any of the reasons mentioned above will be marked for destruction after the purpose is achieved and then destroyed.
- Destruction method: We will destroy personal information recorded and stored in electronic files in an irrevocable manner, and shred or incinerate personal information recorded and stored in paper documents.
Measures to Ensure Security of Personal Information
- We take the following measures to ensure security of personal information.
- Administrative measures: Establishment and operation of internal management plan, regular training of employees, acceptable use policies, incident management plans, non-disclosure agreements, password policies, penetration testing, secure disposal methods.
- Technical measures: Management of access rights to the personal information processing system (including changing and canceling access as needed), installation of access control system, encryption of personal information and installation and renewal of security programs, regular software update schedules, antimalware, firewalls, multi-factor authentication.
- Physical measures: Restriction of access to the computer room, data storage room, and entire premises.
Matters Concerning Collection and Use of Behavioral Information and Refusal Thereof
- We collect and use behavioral information via cookies to provide customized services and benefits, as well as customized online advertisements that are optimized for you in the course of using the services.
We permit customized online advertising companies to collect and process behavioral information via cookies. - For a full list of all cookies which collect the abovementioned categories of information, visit our Privacy Preference Center here, and then click on "Cookies Details" under the Marketing Cookies header. Here you will also find the respective period of retention for each cookie type.
- Behavioral information collection method: Automatically collected and transmitted when users visit our Digital Platforms
- Items of behavioral information collected and processed: information about your visit to our Digital Platforms (including the URL clickstream to, through and from our Digital Platforms (including date and time); products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page), online activity (such as your internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with our websites or third-parties websites such as social media, applications or advertisements and other technical information or personal information shared by the service provider you are using, technical information (including your device’s IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, unique device identifiers and advertising identifiers), social media data (the use of our Digital Platforms does not generally involve processing data in relation to third party media platforms and/or social networks, such as Facebook or Instagram. However, if you accept the targeting cookies or if you use the share button to share our content through those platforms, those third parties may collect and process your data in order to provide you with personalized advertising. To find out more about how those third parties process your data and your data protection rights, please check their respective privacy policies).
- We (i) collect only the minimum behavioral information necessary for online customized advertisements, and (ii) do not collect any sensitive behavioral information that is likely to seriously infringe on an individual’s rights, interests, or privacy, such as ideology, beliefs, family relationships and relatives, educational background, medical history, and other social activities.
- You may ask questions, such as exercising your rights of refusal, receiving reports of damage, in relation to behavioral information by using the contact information listed in "Contact" Section.
Additional Use and Provision
- We may additionally use or provide your personal information without the consent of users after considering the below issues:
- Whether the additional use or provision of personal information is related to the original purpose of collection;
- Whether the additional use or provision of personal information is foreseeable in light of the circumstances in which personal information is collected or practices of processing personal information;
- Whether the additional use or provision of personal information unduly infringes on the interests of users; and
- Whether necessary measures have been taken to ensure security, such as pseudonymization or encryption.
Contact
- If you have any questions or comments about the Privacy Policy, need to report a problem, or if you would like us to update, amend, or request deletion of information we have about you, please contact our Chief Privacy Officer (CPO) (or department in charge of personal data protection) at:
- Chief Privacy Officer and Responsible Department
- Responsible department (responsible for receiving and processing requests for access to personal information, etc.): Legal & Compliance, La Prairie Group AG
- Telephone (direct): +41 44 947 82 10
- Email: Data.Privacy@LaPrairieGroup.ch
Remedy for Infringement on Rights
- You may file an application for resolution of disputes and to consult with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet Security Agency and other agencies so as to seek remedy for personal information infringement. For reports on any other personal information infringement and consultation therefore, please contact the following agencies.
- Personal Information Dispute Mediation Committee: 1833-6972 (no regional code required; www.kopico.go.kr)
- Personal Information Infringement Reporting Center: 118 (no regional code required; privacy.kisa.or.kr)
- Supreme Prosecutors’ Office: 1301 (no regional code required; www.spo.go.kr)
- National Police Agency: 182 (no regional code required; ecrm.cyber.go.kr)
- If you find that your privacy rights and interests have been infringed due to the act or omission of act of the head of a public agency, you may file an administrative appeal in accordance with the Administrative Appeals Act, and please contact the following agency.
- Central Administrative Appeals Commission: 110 (no regional code required; www.simpan.go.kr)
- We guarantee your privacy rights and endeavor to provide counseling and/or remedies for personal information infringement. If you wish to receive consultation on or report any personal information infringement, please contact our Chief Privacy Officer (CPO) (or department in charge of personal data protection) using the contact information listed in the "Contact" section above.
Prior versions of the Policy:
- For prior versions of this Privacy Policy, please see below.
- Applies from 1 November 2019 to 26 June 2023 (click)