Your cart
There are no more items in your cart
PERSONAL DATA POLICY
v.04/02/2025
This policy informs you of the processing of personal data that SFC carries out in the context of the operation of the Website and the online sale of its products through the Website, in its capacity as data controller within the meaning of EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016, known as "GDPR".
We attach great importance to the protection of the personal data of users of the Website and, to this end, we have implemented the following policy:
What is personal data?
This refers to any data that can directly (e.g. a name) or indirectly designate a natural person (e.g. an identifier, a code).
What data does we collect?
As part of your user experience of our Website, we may collect personal data about you.
You may provide us your personal data in various ways via our Website, as specified in the table below:
- Either directly: Examples: creation of a customer account, request for information, participation in constests, reporting a case of cosmetovigilance, etc…;
- Or indirectly: cookies.
We do not collect personal data from third parties.
We take care to collect only data that is strictly necessary in order to offer you the most pleasant user experience tailored to your needs and in order to provide you with the services to which you have subscribed.
For this purpose and if necessary, your consent will be required.
The fields that must be filled in are marked with an asterisk. Failure to complete the fields marked with an asterisk may affect our ability to offer you the requested service or manage your requests.
The following data may be collected:
|
Situation that may give rise to the collection of personal data |
Type of data collected |
Purpose(s) of the processing (by us or our subcontractors) |
Legal basis for processing |
Data retention period |
|
Creating a customer account
|
Last name, first name, email address |
Customer relationship management; Sending personalized offers
|
Performance of the contract (being able to provide the service to which you have subscribed) |
3 years from the end of the business relationship
|
|
Issuing invoices |
Last name, first name, email address, telephone, order summary |
Issuing and managing invoices in the context of contract execution and compliance with legal and accounting obligations |
Performance of the contract
Legal obligations |
10 years from the date of issue of the invoice (accounting document) |
|
Loyalty program management |
Last name, first name, email address, details of orders placed on the Website |
Updating the customer's kitty according to the orders made and application of the loyalty program |
Performance of the contract |
5 years from the end of the business relationship |
|
Order Management |
Last name, first name, email address, telephone number, postal address, order summary. |
Order processing and product delivery |
Performance of the contract |
5 years from the date of order. |
|
Claims folluw-up |
Last name, first name, email address, telephone number, postal address, subject of the claim |
Management and follow-up of claims concerning orders placed on the Website |
Performance of the contract
Legal obligation |
5 years from the end of the application processing
|
|
Cosmetovigilance cases |
Last name, first name, address, telephone number, email address, age, profession, health data |
Management and follow-up of a cosmetovigilance case |
Legal obligation
Public Interest |
2 years from the registration of the cosmetovigilance case (if the is closed) |
|
Gift Voucher Offer |
Last name, first name and email address of the recipient of a gift card (if different from the customer) |
Delivery of a paper or digital gift card to the Customer. |
Performance of the contract |
5 years from the end of the purchase of the Gift Voucher. |
|
Request information via the contact form, by mail or telephone |
Last name, first name, postal address, telephone, email address |
Processing your request |
Consent |
3 years from last contact |
|
Online opinion |
Username, Customer's opinion on the product, possibly a photo (at the customer's choice) |
Management of consumer opinions on products or the brand |
Consent
Legitimate interest |
While the product is on sale on the Website |
|
Skin diagnosis
|
IP adress |
Consultation of the results of this diagnosis
|
Performance of a contract (to be able to respond to the service to which you have subscribed) |
Immediate deletion |
|
Sending commercial communications |
Email address |
Sending commercial communications |
Consent |
3 years from the last contact or until unsubscribing |
|
Promotional operations (contests) |
Last name, first name, email address and/or postal address, telephone number of the participants |
Participation and execution of the commercial operation
|
Consent
Legitimate interest |
Duration necessary for the purpose of this operation |
|
Management of requests to exercise the rights of individuals |
Last name, first name, email address, content of the request, ID document (if verification required) |
Management of requests to exercise people’s rights under the GDPR |
Legal obligation |
5 years from the date of the application or the closure of the application |
|
Product recall management |
Last name, first name, email address, telephone number, order details. |
Management of product recalls with customers affected by the recalled products |
Legal obligation
Public Interest |
10 years after the end of the product's marketing |
For navigation data, please refer our Cookies Policy.
It should be noted that the retention periods indicated cover storage in active databases and internal archives.
Who is the data controller?
The data controller is the person who determines the purposes and means of data processing. He is directly responsible for compliance with personal data protection obligations.
We are the data controller.
In the specific case of cosmetovigilance, your data is processed by SOREDEC, a french company with a capital of 80,000 Euros, also a member of the Sothys Group, whose registered office is located at ZI de la Marquisie, 19100 Brive la Gaillarde (France), RCS Brive 345 175 772, as a Subcontractor of SFC.
Recipients of your data
We inform you that your personal data may be communicated to our service providers, in order to comply with our legal and contractual obligations, to prevent fraud and/or to secure our tools, to improve our products or after obtaining your consent.
Also, in addition to the members of SFC's and the Sothys Group's internal departments who, for the purposes of contract performance, customer relationship management, order and complaint processing, the sending of commercial communications and the management of the Website, may be required to process some of your personal data, in accordance with the purposes referred to above, third-party service providers (hereinafter "Subcontractors"), in particular for secure online payment, products delivery or other services that could not be provided by SFC or the Sothys Group itself. In this case, SFC ensures that its Subcontractors comply with the applicable European regulations on the protection of personal data.
As such, we inform you that your personal data may be transferred outside the European Union in the context of the provision of services by our Subcontractors. In this case, SFC ensures that such transfers comply with the applicable European regulations on the protection of personal data.
Data security and retention
We ensure the confidentiality of your personal data and put in place technical means to ensure that it is stored.
Your data is stored on protected software with restricted and controlled access.
What are your rights?
In accordance with the regulations in force, you have a right to information (to receive concise, transparent, understandable and easily accessible information in clear and simple terms), a right of access to your personal data, to rectify, as well as the right to oppose, erasure and limit your personal data, depending on the case, by contacting the following address: hello@bcparis.net. If you have any doubts about your identity, we may ask you for a copy of your identity document.
If you exercise your right to object and/or to erasure and/or portability your data, we will be unable to provide certain services.
Furthermore, your right to object to and/or erasure and/or port your data may not be exercised when the legal basis for processing is compliance with a legal obligation by SFC (e.g. Cosmetovigilance).
In addition, you have the option to withdraw your consent to the collection and processing of your personal data at any time.
You also have the right to lodge a complaint with the CNIL and/or to take any legal action.