CUSTOMER SERVICE SECURITY POLICY
L’ORÉAL AUSTRALIA PTY LTD
Version Date: 14 September 2021
ABOUT THIS POLICY
1 L’ORÉAL PRIVACY OBLIGATIONS
2 COLLECTION AND USE OF PERSONAL INFORMATION
L’Oréal will, from time to time, collect personal information in the course of its business.
We may use your personal information for the following purposes:
• the purpose for which it was collected (and related purposes which would be reasonably expected by you);
• purposes to which you have consented; or
• as otherwise authorised or required by law.
Generally, we will only use the personal information that we collect about you for purposes connected with our business operations. These purposes may include:
• verifying your identity;
• contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner);
• providing goods or services to you or receiving goods or services from you;
• addressing any issues, problems or complaints that we or you have regarding our relationship; and
• developing and improving our products, services and business.
The types of personal information L’Oréal collects and the purposes for which that personal information is used will depend on the circumstances. Some examples of the types of information that L’Oreal ordinarily collects in certain situations and how it is ordinarily used are set out below.
L’Oréal may collect personal information from its employees in connection with their employment. Personal information includes an employee’s name, address, date of birth, photographs, bank account details and employee records.
Any personal information obtained and held by L’Oréal directly related to an employee’s employment with L’Oréal will be exempt from compliance with the Act. L’Oréal may be required to disclose the personal information of its employees, from time to time, for the purposes of conducting its business or otherwise in accordance with this policy. L’Oréal may, from time to time, obtain sensitive information about its employees, either directly or indirectly. Where L’Oréal comes into possession of sensitive information relating to an employee, this information will only be used for the purposes for which it was obtained.
In general, L’Oréal collects the following types of personal information about consumers: name, contact information (including postal and e-mail address and telephone numbers), gender, age and date of birth, product preferences, purchasing histories, credit card details and other information relating to a consumers’ dealings with us. We generally use this personal information to assist in the supply of products and services, for promotional purposes and for our internal administrative purposes.
L’Oréal collects personal information from consumers in a number of different ways including directly from a consumer when they provide it to us (or our agents or contractors) including when a consumer:
• visits our websites or counters;
• acquires or uses our products;
• enters a competition or promotion;
• responds to a survey;
• joins one of our clubs or mailing lists; or
• otherwise contacts us.
We may also generate personal information about consumers from information that we have. For example, by analysing our records of a consumer’s use of our products or services or the consumer’s previous dealings with us. We may also collect personal information about consumers from publically available resources or (in circumstances where it is unreasonable or impractical to obtain it from the consumer directly) from third parties.
Applicants for employment
L’Oréal collects a range of personal information about applicants for employment such as name, contact information (including postal and e-mail address and telephone numbers), employment and training history and any other information included as part of an application, resume or curriculum vitae. We may also obtain personal information from psychological or aptitude tests and from referees. We use all of that information only to assess a person’s suitability for available employment positions. This information is collected when you submit an application for employment.
Applicants for employment agree to L’Oréal collecting, using and disclosing the information for the purposes for which it was disclosed and to the extent permitted by the Act. Where L’Oréal holds personal information from a previous employment application, the applicant can request to access the personal information in accordance with clause 7 of this policy. The request must be provided to L’Oréal within a reasonable timeframe and must particularise the information sought and the purpose for which the information is sought. L’Oréal will provide access unless an exception to access applies under the Act. L’Oréal will take reasonable steps to destroy all personal information it holds if the information is no longer required for the purpose for which it was obtained.
Suppliers, Purchasers and Contractors
The personal information L’Oréal collects about suppliers, purchasers or contractors who are individuals generally includes name, contact information (including postal and e-mail addresses and telephone numbers), payment and banking details. We use that information for our transactions with such persons, our internal administrative purposes related to our relationship with that person as a supplier, purchaser or contractor and in building and managing our commercial relationships. This information is collected when a supplier, purchaser or contractor contacts us, responds to a request for services, or otherwise offers to supply us with goods or services.
When you use our websites, L’Oréal may also collect “clickstream” information (such as which areas of our websites you have accessed, the time and date of access, the type of browser software used, your IP address and the previous website that the you linked to our website from). We may also collect “cookie” information (such as user preferences relating to your use of the web site). This information is used for a number of purposes including to customise and improve L’Oréal websites. You can adjust your internet setting to disable “cookies”, however certain aspects of our websites may require this information to function and may not be available or perform optimally if this information is not collected. The Act defines some types of personal information as “sensitive information”. Personal information about a person’s racial or ethnic origin, political opinions or memberships, religious or philosophical beliefs or affiliations, professional or trade association or union memberships, sexual orientation or practices, criminal record or health (including genetic and biometric information) is considered sensitive information. L’Oréal does not generally collect sensitive information about individuals. If you provide sensitive information to us for any reason (for example if you provide us with health information such as information about allergies or skin conditions) you consent to us collecting, using and disclosing that information for the purpose for which you disclosed it and as permitted by the Act. We will handle any sensitive information that we receive in accordance with this
3 DISCLOSURE OF PERSONAL INFORMATION
We may disclose or provide access to your personal information to third parties in connection with the purposes described in section 2 of this policy. We may disclose your personal information:
• to third party contractors appointed by L’Oréal to perform services for us or on our behalf (such as marketing agencies, customer service organisations, parties who provide credit card processing services and website and data hosting providers);
• to our related companies;
• to our professional advisors, accountants, insurers lawyers and auditors on a confidential basis;
• in the unlikely event that we, or any of our assets, are or may be acquired by a third party, to that third party and its advisors;
• in certain circumstances, to third parties that require information for law enforcement or to prevent a serious threat to public safety;
• as required or authorised by law; or
• otherwise with your consent.
L’Oréal requires our contractors to keep personal information confidential and not to use or disclose it for any purpose other than performing services for us or on our behalf. You should be aware that some information that you upload to parts of our websites or to our social media pages may be available to be viewed by the public. You should use discretion in deciding what information to upload to such sites.
4 PROCESSING AND TRANSFER OF INFORMATION
As L’Oréal is an international business, some information (including personal information) may be transferred to countries outside of Australia in the ordinary course of our business including to parties located in:
• New Zealand;
• the USA;
• Canada; and
• other countries in Asia;
• countries in the EU.
5 DIRECT MARKETING
Direct marketing involves communicating directly with you for the purpose of promoting the sale of goods and services to you. Direct marketing can be delivered by a range of methods including mail, telephone, email or SMS. We may use and disclose your personal information for the purpose of sending you direct marketing materials where: • you have consented to us doing so; or • it is otherwise permitted by law. You can unsubscribe from receiving direct marketing materials from us at any time by contacting us (see section 9 of this policy).
L’Oréal will take reasonable steps to keep any personal information we hold about you secure. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.
7 SEEKING ACCESS
You have the right to seek access to personal information which L’Oréal holds about you or to update or correct that information. There are a limited number of circumstances in which L’Oréal may decline to grant such access. These are set out in the Act. L’Oréal will grant access to information in accordance with the Act. To request to access, verify, correct, or update any personal information we hold about you, please contact us (see section 9 of this policy). L’Oréal will endeavour to acknowledge such requests as soon as practicable. If L’Oréal is required to or otherwise agrees to grant access to the personal information, we will give access within a reasonable period of time. L’Oréal will notify you of the method by which it will give you access to the information. Where permitted by law, L’Oréal may charge an administrative fee for granting access to information. If L’Oréal refuses to grant access to personal information, it will inform you of the grounds on which access is denied and advice you of your options to seek to have that decision reviewed.
8 COMPLAINTS ABOUT PRIVACY
9 REQUESTING DELETION OF YOUR PERSONAL INFORMATION
In some cases, you have the right to have you personal information erased or deleted. Please note this is not an absolute right, as we may have legal and legitimate grounds for retaining your personal information. To request deletion of your personal information, you may send us a request at lorealCAD@loreal.com or telephone us on 1300 659 359.
10 QUESTIONS ABOUT PRIVACY
If you have any questions or concerns about L’Oréal’s collection, use or disclosure of your personal information or if you would like to access, update or correct the information we hold about you please contact L’Oréal’s Privacy Officer via the L’Oreal Consumer Affairs Department at 564 St Kilda Road, Melbourne, Victoria 3004 or by telephone on 1300 659 359 or by email email@example.com.