ABBI.CARE Personal Data Charter

ABBI's commitments
Wishing to protect the privacy of its partners, ABBI is committed to ensuring the best level of protection for your personal data in accordance with French law and applicable European regulations, in particular the General Data Protection Regulation (GDPR), applicable since May 25, 2018.
To further explain our personal data protection and privacy practices, we present below the different types of personal data that we may obtain directly from you or following your interaction with us, the way in which we may use them, the people with whom we may share them, the way in which we protect and ensure their security, as well as the rights you have regarding your personal data. You may of course not be concerned by all of these situations. This personal data protection policy aims to give you an overview of all the situations in which we may be required to interact together.

Data controller
 
ABBI is responsible for the personal data you provide to us on this site. The terms
“ ABBI ”, “we” or “our” as used herein refers to ABBI . In accordance with applicable regulations on the protection of personal data, ABBI is the “data controller”.

Personal information

Personal data means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to one or more elements specific to them.
We may collect personal data from you, or receive personal data from you, through our websites, questionnaires, applications, devices, pages dedicated to ABBI products or brands on social media or by any other means.
The mandatory or optional nature of providing your personal data is indicated to you at the time of collection by an asterisk. If you do not wish to provide the information considered essential, you will not be able to access certain services or features of our website and our application.
Some of the data we ask you for is essential for the following reasons:

• - The execution of the contract concluded with us (Ex: delivering goods purchased on our site to you);
• - The provision of the requested service (eg: sending you a newsletter);
• - Compliance with legal obligations (Ex: Editing an invoice).

Situations of collection of your personal data and purposes
Below you will find detailed information on the different situations where your personal data is collected and their purposes.

1. - Creation and management of an account

   Data Collected	Purposes
   Personal data may include: password;	your diagnostic history

   • First and last name ;

   • Sex ;

   • Email address;

   • Postal address;

   • Phone number;

   • Photo ;

   • Date of birth or age range;

   • Username, Username and Password

   • Order information;

   • Manage your orders;

   • Manage the promotional operations in which you participate;

   • Respond to your requests for information;

   • Offer you a loyalty program;

   • Allow you to manage your preferences;

   • Send you commercial communications;

   • Offer you personalized services;

   • Monitor and improve our websites and applications;

   • Allow you to keep

2. - Subscription to newsletters

Data Collected	Purposes
Personal data may include: First and last name ; Email address;	Send you commercial communications Maintain a suppression list if you have requested not to be contacted;

3 - Purchasing and order management

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Postal address (delivery and billing); Phone number; Purchase history.	We use this data in order to: Contact you to finalize your unfinished order; Inform you of availability of a product; Process and track your order; Manage the payment of your order with our payment service providers; Manage any contact you have with us regarding your order; Protect transactions against fraud. Evaluate satisfaction; Manage any dispute related to a purchase; Carry out statistics.

4 – Using the SKANMYSKIN application

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Phone number; Age Face photo	We use this data in order to: Analyze your skin characteristics and recommend appropriate products (including tailor-made care); Provide you with recommendations; Constantly improve our products, our software and advance research and innovation; Carry out statistics

5 - Requests for information

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Mailing address	We use this data in order to: Respond to your request; Monitor and prevent any adverse effects related to the use of our products; Carry out studies concerning the safety of use of our products ; Carry out and monitor corrective actions taken, if necessary Carry out statistics.

6 – Sponsorship

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Mailing address	We use this data in order to: Sending information about our products to one person at the request of another person. .

7 – Registration for a promotional operation (competition, sample request, survey, etc.)

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Phone number; Date of birth ; Sex ; Postal address;	We use this data in order to: Complete the tasks you have requested of us; Send you commercial communications; Carry out statistics;

Presentation or personal preferences;

We undertake not to use your personal data for purposes other than those intended. Furthermore, if at any time you wish us to stop using your information for the purposes detailed above, you may freely contact us under the conditions set out herein.

Legal basis

Depending on the purpose for which the data is used, the legal basis on which the processing of your data is based may be:

• -Your consent;
• -Our legitimate interest which may consist of:
  
  ° Improving our products and services,
  • °Fraud prevention,
  • °Securing our tools,

• The execution of a contract,

• Legal obligations when current legislation requires the processing of data.

Recipients of personal data

In accordance with the purposes for which the personal data was initially collected and/or for which you have expressly consented subsequently, information concerning you may be transmitted

1. -To ABBI Group companies and its subsidiaries in order to comply with our legal obligations, prevent fraud and/or secure our tools, improve our products and services , process and track orders, for commercial prospecting purposes.

Depending on the purposes for which your data was collected, and only if necessary, some of your personal data may be accessible to ABBI Group entities, and its group entities to provide you with the requested services.

We may also share your personal data with scientists in ABBI 's Research & Innovation division for research and innovation purposes.

1. We only share your personal data for commercial prospecting purposes with your consent. In this context, your data is processed by the ABBI group entity, which acts as data controller, and is subject to its general terms and conditions and its personal data protection policy.
   We recommend that you carefully check their information before consenting to the communication of your data for the benefit of this third party. If permitted, we can produce statistics based on your characteristics and adapt our communications.

2- To trusted service providers.

2. We use trusted third parties to perform a range of business operations and tasks on our behalf. We only provide them with the information they need to perform the service and ask them not to use your personal data for any other purpose. We always make every effort to ensure that all of these third parties we work with keep your data confidential and secure.

3. Here is a non-exhaustive list of services requiring processing of your personal data that we may request from our service providers:

   • To provide digital and e-commerce services, such as social media monitoring activities, loyalty programs, identity management, ratings and comments management, customer relationship management (CRM), audience analysis (web analytics), search engines and user-generated content creation tools;

   • To carry out advertising, marketing and commercial campaigns,

   • To analyze the effectiveness of these campaigns

   • To manage your contacts and questions;

   • To deliver a product;

   • To provide IT services, such as hosting services, maintenance services and technical support for our databases as well as for our applications which may contain data about you;

   • To verify your information where required to enter into a contract with you;

   • To help us with customer service

   • To improve our cosmetovigilance.

4. 3- For security or law enforcement purposes:

In certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Transfer of personal data outside the European Economic Area (EEA)

The personal data collected may be (occasionally) transferred to selected third parties, who may be located outside the European Economic Area (“EEA”) in connection with the services offered to you through our websites and mobile/internet applications. For example, this may occur if one of our servers is located in a country outside the EEA or if one of our service providers
services is located in a country outside the EEA.
Such a transfer may only be carried out by ABBI in full compliance with the legal and regulatory provisions in this area, and in particular the Data Protection Act of 6 January 1978 as amended and the applicable European regulations.
Such third parties will not use your personal information for any purpose other than those we have agreed with them and which have been made known to you. ABBI requires such third parties to implement sufficient levels of protection to preserve the confidentiality and protection of your personal information.
We respect your personal information and will therefore take steps to ensure that your privacy rights continue to be protected if we transfer your information outside the EEA in this way. In addition, if you use our services while you are located outside the EEA, your information may be transferred outside the EEA in order to provide those services to you.
Subject to the provisions of this Privacy Policy, we will not disclose any personally identifiable information without your permission, unless we are legally entitled or required to do so (for example, if we are required to do so by legal process or in response to lawful subpoenas or interceptions).
We want to assure you that we will not use your information for any of these purposes if you have indicated that you do not want us to use your information in this way when you submit it to us, or subsequently.

Retention of your personal data

We retain your personal data only for as long as necessary to achieve the purpose for which we hold the data, to meet your needs or to fulfill our legal obligations.
To establish the retention period of your data, we apply the following criteria:

Case	Duration
A product chat	For the entire duration of our contractual relationship .
Participation in a promotional offer	For the entire duration of the offer promotional concerned
Request for information	For the entire duration necessary for the processing your request
Account creation and management	Until you ask us to delete them or at the end of from a period of inactivity
Receiving our newsletter	Until you unsubscribe or until you ask us to delete them or at the end of from a period of inactivity

We may retain certain personal data in order to comply with our legal or regulatory obligations, and to enable us to exercise our rights (e.g., to file a claim in court) or for statistical or historical purposes.
When we no longer need to use your personal data, we will erase it from our systems and files or anonymise it so that it can no longer identify you.

Specificity of cookies

A cookie is a small data file that a website, when visited by a user, asks your browser to store on your device in order to remember information about you, such as your language preference or login information. These cookies are set by us and are called first-party cookies. We may also use third-party cookies, which come from a different domain than the one you are visiting, for our advertising and marketing efforts and to understand your browsing.
More specifically, we use cookies and other tracers for the following purposes:

• -Assist navigation;
• -Support account creation and session opening;
• -Analyze the use of our products, services or applications;
• -Participate in our promotional and marketing efforts (including behavioral advertising)
• We regularly scan this site using our cookie analytics tool to maintain an up-to-date list.
• We classify cookies into the following categories:
• Strictly necessary cookies Performance cookies Functionality cookies Advertising cookies
• You can choose to opt out of each category of cookies (except strictly necessary cookies) by clicking on the "Cookie Settings" button at the bottom of the page.

Safety measures

• We have implemented security measures to best protect your personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access to your data. These security measures are also reinforced when we process data considered sensitive. Since securing your data is a priority, we are committed to respecting security standards in accordance with the regulations. We have strict management of access to your data. Thus, only staff whose functions require the use of your data are authorized to consult the personal data that you have entrusted to us. In the event that we have used a subcontractor to process personal data on our behalf, we ensure that the latter provides sufficient guarantees regarding the implementation of appropriate technical and organizational security measures so that the processing meets the requirements of the GDPR and guarantees the protection of your rights.

Links to Third Party Sites

This site may occasionally contain links to websites owned by our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for these policies. We encourage you to read the terms of these policies before submitting any personal data to these websites.

Social networks

This site may allow users to upload their own content. We remind you that any content transmitted to one of the social networks that we use may be accessible to the public. Therefore, we invite you to exercise caution regarding the communication of certain personal data such as financial data or an address. We decline all responsibility for any measures taken by third parties in the event that you post personal data on one of our social networks, and we recommend that you do not communicate this information.

Your rights

In accordance with the “Informatique et Libertés” law in force and European regulations concerning the protection of personal data, you have the following rights:

• -right of access,
• -right of rectification,
• -right to erasure,
• -right to portability,
• -right of opposition for legitimate reasons,
• -right to limitation of processing,
• -right to withdraw your consent where applicable,
• -right to define guidelines regarding the fate of your personal data in the event of death.

These requests can be made by email to contact@abbi.care or by post to the attention of:

ABBI SAS, accompanied by a copy of an identity document to the following address:

ABBI SAS

Personal Data:
8b Industrial Road. 69570 Dardilly

We undertake to respond to the request within a maximum of one month after receipt. If your right cannot be exercised, we will inform you of the reasons within a maximum of one month. In addition, any message sent to you includes an option (in particular by clicking on a hyperlink) to oppose the further processing of your data for commercial purposes. Finally, it is recalled that you have the right to lodge a complaint with a supervisory authority and in particular with the CNIL.

( https://www.cnil.fr/fr/plaintes ).

Changes to this Personal Data Charter

We may periodically make changes to this Privacy Policy. If we make any material changes to this Privacy Policy and the way we use your personal data, we will post those changes on this page and will endeavor to notify you of any material changes. We encourage you to review this Privacy Policy periodically.