privacy policy


PRIVACY POLICY
 
Last revised May 9th, 2018
 
John Frieda UK, 130
Shaftesbury Avenue, London, W1D 5EU ("Kao Company" or
"we" or "our") and each of its affiliates and subsidiaries
in the EMEA region collectively, the "Kao Group") takes data privacy seriously. This Privacy Policy informs the users of www.johnfrieda.com and any other Kao Company-owned websites or mobile applications on which this Privacy Policy is displayed ("Website") how we, as controller within the meaning of the General Data Protection Regulation ("GDPR") collect and process the personal data and other information of such users in connection with their usage of the Website.
 
Note that other Kao Group websites or mobile apps may be governed by other privacy policies.
 
1. Categories of Personal Data and Processing Purposes – What personal data do we process about you and why?
 
1.1    Metadata
 
You may use the Website without providing any personal data about you. In this case, we will collect only the following metadata that result from your usage of the Website: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website, and internet protocol (IP) address. Your IP address will be used to enable
your access to our Website. Once the IP address is no longer necessary for this purpose, we will shorten your IP address by removing the last octet of your IP address. The metadata, including the shortened IP address, will be used to improve the quality and services of our website and services by analysing the usage behaviour of our users.
 
1.2   Account
 
If you create an account on our Website you will be asked to provide the
following personal data about you: name, gender (salutation), date of birth,
postal address, email address, telephone number, selected password for your
account, payment details, invoicing and delivery address and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of account administration, answering your queries or information requests, providing desired products or services, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, analysing your interests for marketing purposes, improving our Website according to usage patterns, and for technical administration or other purposes to which you have agreed.
1.3    Product Orders
 
If you order a product via our Website we collect and process the following
personal data about you: name, gender (salutation), postal address, email
address, telephone number, payment details, invoicing and delivery address,
type and amount of product, purchase price, order date, order status, product returns, customer care requests, and your preferences in receiving marketing from us (voluntary). We process such personal data for purposes of carrying out the contractual relationship and the product order, providing customer careservices, compliance with legal obligations, defending, establishing and
exercising legal claims, providing you with marketing materials where you have provided consent for us to do so, to the extent permitted by applicable law, and analysing your interests for marketing purposes.
 
1.4   Competitions
If you participate in a competition, we
collect and process the following personal data about you: name, gender
(salutation), postal address, email address, telephone number and selection as
winner. We process such personal data for purposes of carrying out the
competition, informing the winner, delivering the prize to the winner, carrying
out the event, and providing you with marketing materials where you have
provided us consent to do so, to the extent permitted by applicable law, and
analysing your interests for marketing purposes.
 
1.5   Newsletter
If you request to receive our newsletter, we collect and process the following personal data about you: name, address, date of birth and email address, and your preferences in receiving marketing from us via emails, SMS or postal mails (voluntary). We process such personal data for purposes of providing the newsletter and other marketing materials to the extent permitted by applicable law and where you have provided us consent to do so, and analysing your interests for marketing purposes.
1.6    Contact Us
On our website, we offer you the opportunity to contact us via a contact form. For this we need the following personal data from you: name and email address. The personal data that you provide us in the context of this contact request will only be used to answer your inquiry and for the technical administration thereof. The transfer to third parties does not take place. Your personal data will be deleted as soon as we have processed your request or you revoke the consent you have given.
 
1.7   Salon Finder
Via our website you have the opportunity to find the nearest salons to your location that offer our products. You have the option of having your location determined by geolocation based on your IP address or by manually entering a postal code or address. There is no storage or linking of your location data with other personal data.
 
2.     
Processing Basis and Consequences - What is the legal justification for
processing your personal data and what happens if you choose not to provide it? We rely on the following legal grounds for the collection, processing, and use of your personal data:
·       
your consent to the processing of your data for one or more specific purposes;
·       
the processing is necessary for the performance of a contract to which you are a party or to take steps at your
request prior to entering into a contract;
·       
the processing is necessary for compliance with a legal obligation to which we are subject;
·       
the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where your interests or fundamental rights and freedoms do not override those interests;
·       
the provision of your personal data is required by a statutory or contractual obligation.
 
The provision of your personal data is necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary for you.
 
Not providing your personal data may result in disadvantages for you, for
example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
 
3.    Categories of Recipients and International Transfers - Who do we transfer your personal data to and where are they located?
We may transfer your personal data to third parties for the processing purposes described above as follows:
·       
Within the Kao Company: Our parent entity, the Kao Corporation, in Japan and each of its affiliates and subsidiaries (each affiliate or subsidiary including us referred to as "Kao Company"; collectively, the "Kao Group") within the global Kao Group may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within the Kao Company may receive your personal data. For example, our IT department may have access to your account data, and our eCommerce and sales departments may
have access to your account data or data relating to product orders. Moreover, other departments within the Kao Company may have access to certain personal data about you on a need to know basis, such as the legal department, the finance department or internal auditing.
·       
With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data under appropriate instructions ("Processors") as necessary for the processing purposes described above, such as website service providers, order fulfilment providers, customer care providers, marketing service providers, IT support service providers, and other service providers who support us in maintaining our commercial relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process the personal data only as instructed.
·       
Other recipients: We may transfer - in compliance with applicable data protection law - personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, external consultants, or business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition. We will not disclose your personal data to third parties for advertising or marketing purposes or for any other purposes without your permission.
Any access to your personal data is restricted to those individuals that have a need-to-know in order to fulfill their job responsibilities.
 
UNITED STATES OF AMERICA
The website and our related databases are maintained in the United States of
America. By using the website, you freely and specifically give us your consent to collect and store, your information in the United States and to use your information as specified within this policy. The transfer certified under the EU-U.S. Privacy Shield is thereby recognised as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of
protection from a European data protection law perspective. We will take all
necessary measures to ensure that transfers out of the EEA are adequately
protected as required by applicable data protection law. With respect to
transfers to countries not providing an adequate level of data protection, we
will base the transfer on appropriate safeguards, such as standard data
protection clauses adopted by the European Commission or by a supervisory
authority, approved codes of conduct together with binding and enforceable
commitments of the recipient, or approved certification mechanisms together
with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below.
4.     
Retention Period - How long do we keep your personal data?
Your personal data will be retained as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5.     
Your Rights - What rights do you have and how can you assert your rights? Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular, regarding the receipt of direct marketing communication via email, telephone/SMS and postal), you can withdraw this consent at any time with immediate effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Please contact us as stated in Section 7 below to withdraw your consent. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.
·       
Additional data privacy rights:
Pursuant to applicable data protection law, you may have the right to: (i)
request access to your personal data; (ii) request rectification of your
personal data; (iii) request erasure of your personal data; (iv) request
restriction of processing of your personal data; (v) request data portability;
and/or (vi) object to the processing of your personal data (including objection to profiling). Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR applies:
·       
Right to request access to your personal data: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. This access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal
data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing
processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
·       
Right to request rectification:
You may have the right to obtain from us the rectification of inaccurate
personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
·       
Right to request erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
·       
Right to request restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In such case, the respective data will be marked and may only be processed by us for certain purposes.
·       
Right to request data portability: Under certain circumstances,  you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
·       
Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required
to no longer process your personal data. Such right to object may especially
apply if we collect and process your personal data for profiling purposes in
order to better understand your interests in our products and services or for
direct marketing. If you have a right to object and you exercise this right,
your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below. Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a
contract already concluded. If you no longer want to receive direct marketing
via email, telephone/SMS, and postal, you need to withdraw your consent as
explained at the start of Section 5. To exercise your rights, please contact us as stated under Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority.
 
 
6.     
Cookies and other tracking technologies This Website uses
cookies and other tracking technologies. Kao may record your interactions with our advertisements, our web sites, emails or other applications we provide using Clickstream Data and Cookies. “Clickstream Data”
is a recording of what you click on while browsing this web site. This data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to this web site.
“Cookies” are small text files that are placed on your computer by a web site for the purpose of facilitating and enhancing your communication and interaction with that web site, remembering your preferences and collecting aggregate (i.e., not personally identifiable) information. Many web sites, including ours, use cookies for these purposes. The website may also include cookies set by third parties, including Google,
which 1) helps us measure the performance of the web site, 2) allows us to
share relevant information and advertising with you based on your and other
visitors’ past visits to this web site when you surf the web, and 3) helps us
measure your interactions with any Kao advertising you see on other
sites.  Finally, Kao will use data from Google’s Interest-based
advertising or third-party audience data, such as age, gender and interests,
together with our own data, to deliver relevant advertising to you based upon
your demographic profile and interests. Specifically, this web site has implemented the following Google Analytics features to support our advertising across the web: Remarketing (to show you ads on sites across theInternet), Google Display Network Impression Reporting,
the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. You can opt-out of Google Analytics for Display Advertising and customise Google Display Network ads by using the Ads Settings, or by using the Google Analytics opt-out Browser add-on.  You can find more information about Google Analytics here. You may stop or restrict the placement of cookies on your computer or flush them from your browser by adjusting your web browser preferences and browser
plug-in settings, in which case you may still use our web site, but it may
interfere with some of its functionality.
 
HOW WE USE YOUR INFORMATION
 
Kao uses your information to understand your needs and provide better
products and services. Kao may use data collected from you to personalise your web site experience, tailor future communications, and send you targeted offers as described below. Occasionally, Kao may use your personally identifiable information to contact you for market research or to provide you with marketing information we think would be of particular interest. We will always give you the opportunity to opt out of receiving such contacts. Kao may share the personally identifiable information you provide with other Kao divisions or affiliates, provided that, such other divisions or affiliates have privacy practices that are similar to those set forth in this policy. Kao may permit its vendors and subcontractors to access your personally identifiable information, but they are only permitted to do so in connection with services they are performing for Kao. They are not authorised by Kao to use your personally identifiable information for their own benefit. Kao may disclose personally identifiable information as required by law or legal process. Kao may disclose personally identifiable information to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or the terms or policies for the web site.
In the event of a sale, merger, liquidation, dissolution, reorganisation or
acquisition of Kao, or a Kao business unit, information Kao has collected about you may be sold or otherwise transferred. However, this will only happen if the party acquiring the information agrees to use personally identifiable information in a manner which is substantially similar to the uses described in this policy. Competitions, contests and other promotions may set forth additional uses of your personally identifiable information in connection with such promotions.
 
THIRD PARTY COLLECTION AND SHARING
 
At times, personally identifiable information may be collected from you on
behalf of Kao and a third party who is identified at the time of collection.
This may include co-branded promotions.  In such instances, yourpersonally
identifiable information may be provided to both Kao and such third party.
While Kao will use your personally identifiable information as set forth in
this policy, such third party will use your personally identifiable
information as set forth in their own privacy policy.  Such third parties
may collect information regarding your activities over time and across
different web sites.  Therefore, you should review such policies prior to
providing your personally identifiable information. Kao is not responsible for
the actions of such third parties.
 
TARGETED CONTENT AND MESSAGING
 
We believe that content, messages and advertising are more relevant and
valuable to you when they are based upon your interests, needs and
demographics. Therefore, we may deliver content, messages and advertising
specifically to you that are based upon your prior activities on our web sites
and information provided to us or gathered as described in this policy. For
example, if you have previously expressed an interest in hair care products
through your activities on our web site, we may deliver more information to you about hair care products than other products for which you have not expressed an interest or interacted with on the web site. While we may use this information to tailor what we deliver to you, we will still handle and secure your personally identifiable information as set forth in this policy.
Through the use of the Google services (described above), the cookies we place on this web site, and cookies placed by third parties on this web site or
through other sites you visit on the internet, we may cause advertisements and content to appear on this web site and elsewhere on the internet based upon your activities over time and across different web sites.  In most
instances, Kao is simply a content provider and does not directly possess such behavioural information about your online activities.  You are able to
limit such targeted advertising by setting your browser to block third party cookies or by visiting www.aboutads.info/consumers to learn more about such advertising practices and to exercise options with respect to such practices at www.aboutads.info/choices. We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms transmitted by web browsers.
 
7.      Questions and Contact Information
 
Should you have any questions or concerns regarding our website or privacy
policy, please email us using the ‘Contact Us’ link on our website.
Alternatively, we can be contacted by telephone +44 (0)800 1070 853 (our
lines are open 9am-5pm (UK Time) Monday to Friday,  The postal address for John Frieda UK is:
 
·       
·       
Kao Norway AS, Karenslyst Allé 55, 0277 Oslo, Norway
 
For further information and statutory rights, please go to
http://www.kao.com/global/en/EU-Data-Subject-Request/
 
8.   Changes to this Privacy Policy
 
We may update this Privacy Policy from time to time in response to changing
legal, regulatory or operational requirements. We will notify you of any such
changes, including when they will take effect, by updating the "Last
revised" date above or as otherwise required by applicable law. Your
continued use of our Website after any such updates take effect will constitute acceptance of those changes.
 
If you do not accept updates to this Privacy Policy, you should stop using our
Website.

 

 

 
 
 

Page Top