PRIVACY POLICY

PRIVACY POLICY
Last revised May 9th, 2018

John Frieda UK, 130 Shaftesbury Avenue, London, W1D 5EU ("Kao Company" or "we" or "our") and each of its affiliates and subsidiaries in the EMEA region collectively, the "Kao Group") takes data privacy seriously. This Privacy Policy informs the users of  www.johnfrieda.com and any other Kao Company-owned websites or mobile applications on which this Privacy Policy is displayed ("Website") how we, as controller within the meaning of the General Data Protection Regulation ("GDPR") collect and process the personal data and other information of such users in connection with their usage of the Website.

Note that other Kao Group websites or mobile apps may be governed by other privacy
policies.


1.      Categories of Personal Data and Processing Purposes - What personal data do we process about you and why?

1.1    Metadata

You may use the Website without providing any personal data about you. In this case, we
will collect only the following metadata that result from your usage of the Website:
browser type and version, operating system and interface, website from which
you are visiting us (referrer URL), webpage(s) you are visiting on our Website,
date and time of accessing our Website, and internet protocol (IP) address.

Your IP address will be used to enable your access to our Website. Once the IP address
is no longer necessary for this purpose, we will shorten your IP address by removing the last octet of your IP address. The metadata, including the shortened IP address, will be used to improve the quality and services of our website and services by analysing the usage behaviour of our users.

1.2    Account
If you create an account on our Website you will be asked to provide the following
personal data about you: name, gender (salutation), date of birth, postal
address, email address, telephone number, selected password for your account,
payment details, invoicing and delivery address and your preferences in
receiving marketing from us (voluntary). We process such personal data for
purposes of account administration, answering your queries or information
requests, providing desired products or services, providing you with marketing
materials where you have provided consent for us to do so, to the extent
permitted by applicable law, analysing your interests for marketing purposes,
improving our Website according to usage patterns, and for technical
administration or other purposes to which you have agreed.

1.3    Product Orders

If you order a product via our Website we collect and process the following personal data
about you: name, gender (salutation), postal address, email address, telephone
number, payment details, invoicing and delivery address, type and amount of
product, purchase price, order date, order status, product returns, customer
care requests, and your preferences in receiving marketing from us (voluntary).
We process such personal data for purposes of carrying out the contractual
relationship and the product order, providing customer care services,
compliance with legal obligations, defending, establishing and exercising legal
claims, providing you with marketing materials where you have provided consent
for us to do so, to the extent permitted by applicable law, and analysing your
interests for marketing purposes.

1.4    Competitions

If you participate in a competition, we collect and process the following personal
data about you: name, gender (salutation), postal address, email address,
telephone number and selection as winner. We process such personal data for
purposes of carrying out the competition, informing the winner, delivering the prize
to the winner, carrying out the event, and providing you with marketing
materials where you have provided us consent to do so, to the extent permitted
by applicable law, and analysing your interests for marketing purposes.

1.5    Newsletter

If you request to receive our newsletter, we collect and process the following
personal data about you: name, address, date of birth and email address, and your
preferences in receiving marketing from us via emails, SMS or postal mails
(voluntary). We process such personal data for purposes of providing the newsletter
and other marketing materials to the extent permitted by applicable law and where
you have provided us consent to do so, and analysing your interests for
marketing purposes.


1.6    Contact Us


On our website, we offer you the opportunity to contact us via a contact form. For
this we need the following personal data from you: name and email address. The
personal data that you provide us in the context of this contact request will
only be used to answer your inquiry and for the technical administration thereof.
The transfer to third parties does not take place. Your personal data will be
deleted as soon as we have processed your request or you revoke the consent you
have given.

1.7    Salon Finder

Via our website you have the opportunity to find the nearest salons to your location
that offer our products. You have the option of having your location determined
by geolocation based on your IP address or by manually entering a postal code
or address. There is no storage or linking of your location data with other
personal data.

2.      Processing Basis and Consequences - What is the legal justification for
processing your personal data and what happens if you choose not to provide it?

We rely on the following legal grounds for the collection, processing, and use of your personal
data:

·     your consent to the processing of your data for one or more specific purposes;
·       the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior
to entering into a contract;

·       the processing is necessary for compliance with a legal obligation to which we are subject;
·       the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where your interests or fundamental rights and freedoms do not override those interests;
·       the provision of your personal data is required by a statutory or contractual obligation. The provision of your personal data is necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary
for you.

Not providing your personal data may result in disadvantages for you, for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.

3.      Categories of Recipients and International Transfers - Who do we transfer your personal data to and where are they located?

We may transfer your personal data to third parties for the processing purposes described above as follows:
·         Within the Kao Company: Our parent entity, the Kao Corporation, in Japan and each of its affiliates and subsidiaries (each affiliate or subsidiary including us referred to as "Kao Company"; collectively, the "Kao Group") within the global Kao Group may receive your personal data as necessary for the processing purposes described above. Depending on the
categories of personal data and the purposes for which the personal data has
been collected, different internal departments within the Kao Company may
receive your personal data. For example, our IT department may have access to
your account data, and our eCommerce and sales departments may have access to
your account data or data relating to product orders. Moreover, other
departments within the Kao Company may have access to certain personal data
about you on a need to know basis, such as the legal department, the finance
department or internal auditing.

·       With data processors: Certain third parties, whether affiliated or unaffiliated,
may receive your personal data to process such data under appropriate
instructions ("Processors") as necessary for the processing purposes described above, such as website service providers, order fulfilment providers, customer care providers,
marketing service providers, IT support service providers, and other service
providers who support us in maintaining our commercial relationship with you.
The Processors will be subject to contractual obligations to implement appropriate
technical and organisational security measures to safeguard the personal data,
and to process the personal data only as instructed.

·        Other recipients: We may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without your permission.
Any access to your personal data is restricted to those individuals that have a
need-to-know in order to fulfill their job responsibilities.

UNITED STATES OF AMERICA

The website and our related databases are maintained in the United States of America. By
using the website, you freely and specifically give us your consent to collect
and store, your information in the United States and to use your information as
specified within this policy.

The transfer certified under the EU-U.S. Privacy Shield is thereby recognised as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of
protection from a European data protection law perspective. We will take all
necessary measures to ensure that transfers out of the EEA are adequately
protected as required by applicable data protection law. With respect to
transfers to countries not providing an adequate level of data protection, we
will base the transfer on appropriate safeguards, such as standard data
protection clauses adopted by the European Commission or by a supervisory
authority, approved codes of conduct together with binding and enforceable
commitments of the recipient, or approved certification mechanisms together
with binding and enforceable commitments of the recipient. You can ask for a
copy of such appropriate safeguards by contacting us as set out in Section 7
below.

4.      Retention Period - How long do we keep your personal data?
Your personal data will be retained as long as necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal,
accounting or reporting requirements. To determine the appropriate retention
period for personal data, we consider the amount, nature, and sensitivity of
the personal data, the potential risk of harm from unauthorised use or
disclosure of your personal data, the purposes for which we process your
personal data and whether we can achieve those purposes through other means,
and the applicable legal requirements.

5.      Your Rights - What rights do you have and how can you assert your rights?
Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your
personal data (in particular, regarding the receipt of direct marketing
communication via email, telephone/SMS and postal), you can withdraw this
consent at any time with immediate effect. Such a withdrawal will not affect the
lawfulness of the processing prior to the consent withdrawal. Please contact us
as stated in Section 7 below to withdraw your consent. Further, you can object
to the use of your personal data for the purposes of marketing without
incurring any costs other than the transmission costs in accordance with the
basic tariffs.

Additional data privacy rights: Pursuant to applicable data protection law, you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing
of your personal data; (v) request data portability; and/or (vi) object to the
processing of your personal data (including objection to profiling).

Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR
applies:

·         Right to request access to your personal data: You may have the right
to obtain from us confirmation as to whether or not personal data concerning
you is being processed, and, where that is the case, to request access to the
personal data. This access information includes – inter alia – the purposes of
the processing, the categories of personal data concerned, and the recipients
or categories of recipient to whom the personal data have been or will be
disclosed. However, this is not an absolute right and the interests of other
individuals may restrict your right of access.

You may have the right to obtain a copy of the personal data undergoing processing
free of charge. For further copies requested by you, we may charge a reasonable
fee based on administrative costs.

·          Right to request rectification: You may have the right to obtain from us the
rectification of inaccurate personal data concerning you. Depending on the
purposes of the processing, you may have the right to have incomplete personal
data completed, including by means of providing a supplementary statement.

·         Right to request erasure (right to be forgotten): Under certain circumstances,
you may have the right to obtain from us the erasure of personal data
concerning you and we may be obliged to erase such personal data.

·       Right to request restriction of processing: Under certain
circumstances, you may have the right to obtain from us restriction of
processing your personal data. In such case, the respective data will be marked
and may only be processed by us for certain purposes.

·           Right to request data portability: Under certain circumstances, you may have the
right to receive the personal data concerning you, which you have provided to
us, in a structured, commonly used and machine-readable format and you may have
the right to transmit those data to another entity without hindrance from us.

·         Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such
right to object may especially apply if we collect and process your personal
data for profiling purposes in order to better understand your interests in our
products and services or for direct marketing. If you have a right to object
and you exercise this right, your personal data will no longer be processed for
such purposes by us. You may exercise this right by contacting us as stated in
Section 7 below. Such a right to object may, in particular, not exist if the
processing of your personal data is necessary to take steps prior to entering
into a contract or to perform a contract already concluded. If you no longer
want to receive direct marketing via email, telephone/SMS, and postal, you need
to withdraw your consent as explained at the start of Section 5.

To exercise your rights, please contact us as stated under Section 7 below. You also have
the right to lodge a complaint with the competent data protection supervisory
authority.

6.      Cookies and other tracking technologies

This Website uses cookies and other tracking technologies.
Kao may record your interactions with our advertisements, our web sites, emails or other
applications we provide using Clickstream Data and Cookies. “Clickstream Data”
is a recording of what you click on while browsing this web site. This data can
tell us the type of computer and browsing software you use and the address of
the web site from which you linked to this web site.

“Cookies” are small text files that are placed on your computer by a web site for the
purpose of facilitating and enhancing your communication and interaction with
that web site, remembering your preferences and collecting aggregate (i.e., not
personally identifiable) information. Many web sites, including ours, use
cookies for these purposes.

The website may also include cookies set by third parties, including Google, which 1) helps
us measure the performance of the web site, 2) allows us to share relevant
information and advertising with you based on your and other visitors’ past
visits to this web site when you surf the web, and 3) helps us measure your
interactions with any Kao advertising you see on other sites.  Finally, Kao will use data from Google’s Interest-based advertising or third-party audience data, such as age, gender
and interests, together with our own data, to deliver relevant advertising to
you based upon your demographic profile and interests. 

Specifically, this web site has implemented the following Google Analytics features to
support our advertising across the web: Remarketing (to show you ads on sites
across the Internet), Google Display Network Impression Reporting, the
DoubleClick Campaign Manager Integration, and Google Analytics Demographics and
Interest Reporting. 

You can opt-out of Google Analytics for Display Advertising and customise Google
Display Network ads by using the Ads Settings, or by using the Google Analytics
opt-out Browser add-on.  You can find more information about Google Analytics here.

As an alternative to the browser add-on and especially for mobile
browsers, please click on the following link to set an opt-out cookie. This
opt-out cookie prevents detection by Google Analytics within this website. http://www.goldwell.de/datenschutz/?google-analytics-opt-out=true


You may stop or restrict the placement of cookies on your computer or flush them from your
browser by adjusting your web browser preferences and browser plug-in settings,
in which case you may still use our web site, but it may interfere with some of
its functionality.

HOW WE USE YOUR INFORMATION

Kao uses your information to understand your needs and provide better products and
services. Kao may use data collected from you to personalise your web site
experience, tailor future communications, and send you targeted offers as
described below. Occasionally, Kao may use your personally identifiable
information to contact you for market research or to provide you with marketing
information we think would be of particular interest. We will always give you
the opportunity to opt out of receiving such contacts.

Kao may share the personally identifiable information you provide with other Kao
divisions or affiliates, provided that, such other divisions or affiliates have
privacy practices that are similar to those set forth in this policy.

Kao may permit its vendors and subcontractors to access your personally identifiable
information, but they are only permitted to do so in connection with services
they are performing for Kao. They are not authorised by Kao to use your
personally identifiable information for their own benefit. Kao may disclose
personally identifiable information as required by law or legal process.

Kao may disclose personally identifiable information to investigate suspected fraud,
harassment or other violations of any law, rule or regulation, or the terms or
policies for the web site.

In the event of a sale, merger, liquidation, dissolution, reorganisation or acquisition of
Kao, or a Kao business unit, information Kao has collected about you may be
sold or otherwise transferred. However, this will only happen if the party
acquiring the information agrees to use personally identifiable information in
a manner which is substantially similar to the uses described in this policy.

Competitions, contests and other promotions may set forth additional uses of your personally
identifiable information in connection with such promotions.

THIRD PARTY COLLECTION AND SHARING

At times, personally identifiable information may be collected from you on behalf of Kao
and a third party who is identified at the time of collection. This may include
co-branded promotions.  In such instances, your personally identifiable information may be provided to both Kao and such third party. While Kao will use your personally identifiable information as set forth in this policy, such third party will use your personally
identifiable information as set forth in their own privacy policy.  Such third parties may collect information regarding your activities over time and across different web sites.  Therefore, you should review such policies prior to providing your personally identifiable information. Kao is not responsible for the actions of such third parties.

TARGETED CONTENT AND MESSAGING

We believe that content, messages and advertising are more relevant and valuable to you
when they are based upon your interests, needs and demographics. Therefore, we
may deliver content, messages and advertising specifically to you that are
based upon your prior activities on our web sites and information provided to
us or gathered as described in this policy. For example, if you have previously
expressed an interest in hair care products through your activities on our web
site, we may deliver more information to you about hair care products than
other products for which you have not expressed an interest or interacted with
on the web site. While we may use this information to tailor what we deliver to
you, we will still handle and secure your personally identifiable information
as set forth in this policy.

Through the use of the Google services (described above), the cookies we place on this web
site, and cookies placed by third parties on this web site or through other
sites you visit on the internet, we may cause advertisements and content to
appear on this web site and elsewhere on the internet based upon your
activities over time and across different web sites.  In most instances, Kao is simply a content
provider and does not directly possess such behavioural information about your
online activities.  You are able to limit such targeted advertising by setting your browser to block third party cookies or by visiting www.aboutads.info/consumers to learn
more about such advertising practices and to exercise options with respect to
such practices at www.aboutads.info/choices.

We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms
transmitted by web browsers.

7.      Questions and Contact Information

Should you have any questions or concerns regarding our website or privacy policy, please email us using the ‘Contact Us’ link on our website.
Alternatively, we can be contacted by telephone +44 (0)800 1070 853 (our lines are open 9am-5pm (UK Time) Monday to Friday, The postal address for John Frieda UK is:

Customer Services Team
Kao (UK) Ltd
130 Shaftesbury Avenue
London
W1D 5EU
United Kingdom

For further information and statutory rights, please go to http://www.kao.com/global/en/EU-Data-Subject-Request/

8.      Changes to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal,
regulatory or operational requirements. We will notify you of any such changes,
including when they will take effect, by updating the "Last revised"
date above or as otherwise required by applicable law. Your continued use of our
Website after any such updates take effect will constitute acceptance of those
changes. If you do not accept updates to this Privacy Policy, you should stop
using our Website.

Page Top