Personal data protection policy

Personal data protection policy

YOLAINE PARIS respects your privacy and is committed to protecting your personal data. This personal data protection policy aims to inform you of the way in which we treat your personal data, of their possible transfer to third parties as well as of your rights and the options available to you to control your personal information and protect your privacy.

WHO IS RESPONSIBLE FOR DATA PROCESSING? BEAUTYCOM S.A.S. (hereinafter referred to as "YOLAINE PARIS"), a simplified joint stock company, registered in the Paris Trade and Companies Register under number 532 832 201, and whose registered office is located at 10, rue du Faubourg Montmartre - 75009 PARIS, intra-community VAT number FR 53532832201, is the data controller of personal data collected on the yolaine-paris.com site (hereinafter “the Website”) within the meaning of the applicable personal data regulations and in particular the EU Regulation 2016/679 relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter “GDPR”).

WHAT IS PERSONAL DATA? Personal data is any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more elements that are specific to them (such as their name, first name, date of birth, customer or order number, location data, etc.)

WHAT PERSONAL DATA CAN BE COLLECTED BY YOLAINE PARIS? We collect the following information:

● Your identity and contact details (e.g., names, email address, postal address, telephone number, etc.);

● Socio-demographic information (e.g., your age, profession, gender, etc.) mentioned when you post a review or create an account;

● Information relating to your purchases (online or in store), subscriptions and Salon services, their follow-up as well as purchase invoices (e.g., selected items, delivery and billing address, product amounts, payment mode, etc.);

● Information that you may need to communicate to our customer service;

● Information concerning your beauty profile (e.g., type of skin, hair);

● Information from your Facebook account or the accounts of other third-party services at YOLAINE PARIS (such as your friends or contacts), if you decide to link it to your YOLAINE PARIS account;

● Information relating to the use of the Website, in particular your navigation (e.g., pages visited, links clicked, etc.). Some of this information may be collected through cookies when you browse our Website.

WHEN DOES YOLAINE PARIS COLLECT MY PERSONAL DATA? YOLAINE PARIS may collect your personal data in particular during:

● The creation of your customer account on our Website, in store or at the Salon.

● Purchases made on our Website or in our points of sale;

● Your acceptance to receive all YOLAINE PARIS news and offers

● Your participation in a raffle, a contest, a promotion, an event that we organise or a customer survey;

● An interaction with YOLAINE PARIS via our official page on social networks or when we suggest that you reuse content that you have published on a social network; ● Your exchanges with our customer service and your requests for information addressed to YOLAINE PARIS;

● Your internet browsing through cookies or similar technologies; or when you click on advertisements relating to our products.

● When a customer gives you a gift or a gift card or refers you. We will contact you only once to make the offer. All additional communications are subject to your express consent.

WHY DOES YOLAINE PARIS COLLECTS MY PERSONAL DATA? To guarantee you the best possible service, and in particular to ensure customer relationship management, YOLAINE PARIS must collect some of your personal data at different points in your customer journey.

● Operations relating to the management of orders and customer relations. For example, we collect your personal data in order to ensure our deliveries, produce invoices, and in particular for the management of your customer account, the follow-up of your customer relationship, the selection of customers to carry out studies, surveys and product tests.

● Payment for your orders or services We do not collect your payment data but only a payment identifier and the first 6 and last 4 digits of your card to allow you to recognize the card that was used for payment. All your bank details are collected only by Stripe (our PCI-DSS certified payment service provider) which helps ensure payment security. If you have subscribed to a subscription service, the card used for payment at the time of subscription is registered for the purposes of payment of the terms of your subscription by tacit renewal. If you have accepted the registration of your bank card to facilitate your next purchases, your card is associated with your YOLAINE PARIS account and kept for this use for the duration of the validity of the bank card as long as you wish to keep it in your account.

● The personalisation of our services and communications Our mission is to offer you a selection of the most personalised products and services. Your data allows us to improve and personalise our services, the product offering we offer and the communications we send to you. For example, we may send you personalised emails or recommend products similar to those you have already purchased or viewed and which match your beauty profile and preferences.

● Commercial prospecting by third parties Subject to your prior consent, your data may be transmitted to our business partners and in particular to marketing and advertising agencies.

● The security of our Website & Anti-Fraud We collect certain browsing data to enable us to ensure the security of our services and to detect, prevent or trace any malicious attempt, computer intrusion, fraud or other violation of our terms and conditions. In this context, we can use service providers specialising in risk prevention to refine our risk analysis.

● Personalisation of online advertising (targeted advertising) In order to tailor the advertising you view on our Website or on those of our partners, we may use data that does not allow you to be directly identified. This data can be crossed with navigation data and other information collected during our relations with our partners. Your data is anonymised before any use.

● Customer knowledge and the statistics and performance of our Website We carry out audience measurements including, for example, the number of pages viewed, the number of visits to the Website, as well as the activity of visitors to the Website and their frequency of return. These data allow us to better understand our customers or to analyse (for statistical purposes) the activity of our Website and to improve our services and offers.

WHAT ARE THE LEGAL GROUNDS LEGITIMISING THE PROCESSING OF YOUR DATA? YOLAINE PARIS processes your personal data:

● for the execution of the contract between you and YOLAINE PARIS, in order to manage your access to your customer account, as well as for the processing and monitoring of your orders;

● as part of its legitimate interest for the purposes of marketing management, securing its digital media (websites, applications, etc.) and Anti-fraud;

● when you have given us your consent for the processing of your data, in particular for the purposes of managing our commercial prospecting, your browsing data via cookies, etc;

● within the framework of compliance with its legal obligations, in particular tax (conservation of purchase invoices) and relating to cosmetic products. WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA? Your personal data is processed by YOLAINE PARIS staff. We ensure that only authorised persons within YOLAINE PARIS can access your personal data when necessary. We may also be required to communicate your personal data to:

● other YOLAINE PARIS subsidiaries in Europe;

● subcontractors or business partners such as:

○ Our hosting and maintenance providers for the website and our dematerialised solutions for collecting personal data in our shop and Salon;

○ Our payment service providers (e.g., Stripe);

○ Our providers of prevention and Anti-fraud;

○ Our logistics providers;

○ Our marketing solution providers;

○ Our commercial prospecting and communication management providers;

○ Our customer service providers;

○ Our event or promotional organisation providers.

● to third-party service providers to meet legal, regulatory or contractual obligations, or to respond to requests from legally empowered authorities.

FOREIGN DATA TRANSFERS Some recipients of your personal data may be located abroad, including outside the European Economic Area. Any transfer of your data outside the European Economic Area is carried out subject to appropriate guarantees, in particular contractual, technical and organisational, in accordance with the applicable regulations on the protection of personal data.

HOW LONG DO WE RETAIN YOUR DATA FOR? Your personal data will not be retained beyond the time strictly necessary for the purposes pursued as set out in the privacy policy and in accordance with applicable laws.

WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM? In accordance with the regulations in force, in particular the GDPR, you have the right to be forgotten, access, modify, rectify, erase, to data portability, objection, complaint and deletion of data concerning you. You also have the right to formulate specific or general guidelines concerning the storage, erasure and communication of your post-mortem data. For more information on this subject, you can click on the following link: https://www.cnil.fr/fr/comprendre-vos-droits These rights can be exercised directly with YOLAINE PARIS by regular mail to the following address: 10, rue du Faubourg Montmartre 75009 PARIS, or by email to vieprivee@yolaine-paris.com indicating your name and first name. If you believe that the way in which we have treated your personal data violates data protection legislation, you also have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL) 3 place de Fontenoy TSA 80715 - 75334 Paris Cedex 07 - www.cnil.fr INFORMATION ON THE MANAGEMENT OF COOKIES YOLAINE PARIS may set cookies on the Website. This is an automatic tracking process that records information relating to navigation on the Website, and stores information entered during visits to the Website in order to facilitate the registration procedure and use of the Website. This section is devoted to our cookie management policy on our Website. Its purpose is to inform you about the origin and use of navigation information processed during your consultation of our Website and about your rights. What is a cookie? A cookie is a text file uniquely placed on the hard drive by the Website‘s server. Cookies cannot run programs or introduce viruses to your computer devices (computer, phone, tablet, etc.). Cookies are uniquely assigned and can only be read by the web server of the domain that issued the cookie. Website Users have the option of accepting or refusing cookies by specifying it from the settings of the web browser they use. What cookies are used on the Website? There are several categories of cookies, some are issued directly by YOLAINE PARIS and its service providers, others may be issued by third-party companies.

● "Essential" cookies These cookies are necessary for the operation of the Website or their purpose is to allow or facilitate your navigation on our Website, in particular the proper execution of the ordering process. Their deletion may cause navigation difficulties on our Website as well as prevent from ordering. These cookies are also necessary for monitoring the activity of YOLAINE PARIS. These cookies can be installed on your terminal by YOLAINE PARIS or by its service providers.

● "Analytical and Personalisation" cookies: These cookies (e.g., Google Analytics, Criteo, etc.), allow us to measure and analyse the audience of our Website, as well as your activities on the Website, in order to detect navigation problems and improve your experience on our Website.

● "Advertising" cookies: These cookies are likely to be used for advertising purposes (Google Ad Manager, Smart, etc.) and help make the advertisements you see more relevant to you. Google uses various domain names for Google Ads, including doublelick.net. We also use Google Tag Manager to integrate and manage Google Ads and other Google and third-party services on our Website. Google processes the transferred information and other data relating to Google Ads anonymously. My browser settings Your browser may allow you to disable all or some of the Cookies, either systematically or depending on the issuer. You can also configure your browser software so that you can accept or reject cookies (on a case-by- case basis or in full). We remind you, however, that disabling all Cookies may modify your internet browsing and prevent you from using our Website under normal conditions, with the exception of basic functions. Below are the links to the help you need to access the browser menu provided for this purpose:

● Chrome: Click here

● Firefox: Click here

● Internet Explorer: Click here

● Opera: Click here

● Safari: Click here For more information on tools for the control of cookies, you can consult the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.

MODIFICATIONS TO OUR PRIVACY POLICY We may occasionally modify this personal data protection policy, in particular in order to comply with all regulatory, jurisprudential, editorial or technical developments. When necessary, we will inform you and/or seek your consent. We advise you to regularly consult this page to take note of any changes or updates to our personal data protection policy. CONTACT For any questions relating to this personal data protection policy or for any request relating to your personal data, you can contact us at the following address: YOLAINE PARIS France - BeautyCom S.A.S 10 rue du Faubourg Montmartre 75009 Paris vieprivee@yolaine-paris.com