Privacy policy

The data controller, which collects personal data and implements data processing, is: Cosmaé, a simplified joint-stock company with capital of €100,000, registered with the Brest Trade and Companies Register under number 897 559 829 , whose registered office is 249 Impasse du Marais 29800 Saint-Thonan.

(Article 6 (1) (a), Article 7 and Article 9 (2) (a) GDPR). We may process your personal data on the basis of the consent you have expressly given (by filling out a form on our site, or by ticking a dedicated box, for example). You can withdraw your consent at any time in your customer area or by contacting us via our contact form.

(Art. 6(1)(b) GDPR). We will process your personal data for the establishment and execution of a contract between you and Cosmaé.

(Article 6(1)(c) GDPR). Cosmaé is subject to several legal obligations under the applicable regulations. We therefore need to process some of your personal data to comply with these obligations.

(Art. 6(1)(f) GDPR). Cosmaé may process your personal data for the purposes of the legitimate interests pursued by the company or by a third party, without infringing your rights and interests.

Cosmaé collects the personal data of users on the website www.cosmae.com. The personal data likely to be collected are as follows:

• The data of your user account: namely, the data that the user provides when creating an account by completing the registration form (first name, last name, date of birth, email address, mobile phone number, word password for connecting to the customer account, the types of treatments appreciated: face care/hair care/body care/hygiene/well-being).
• The user's personal data when the user has a customer account: delivery and billing addresses.
• Transaction data: means the data that the user provides when making purchases (information relating to orders made such as his telephone number, address, email address and information relating to his means of payment, as well as as the history of past orders).
  Data related to exchanges made via the contact form or the chat messenger.
• Data related to reviews: means the surname, first name (if the user chooses to put his identity), the pseudonym and the visuals downloaded when writing a review.
• Browsing data: refers to the data that the Publisher collects when the User browses the site, such as the date, time of connection and/or browsing, type of browser, language of the browser, its IP address, location data and geolocation.
• Data relating to means of payment (credit card number, expiry date, authorization number, security code) are neither recorded nor collected by our Crédit Agricole payment service.

Third-party providers of applications, tools, gadgets and plug-ins on our website as well as the networks on which we publish editorial and promotional content (such as Facebook and Instagram) may also use automated means, linked to the centers of interest and context, to collect user data (interactions with functions and profiling of online activity). This data is collected directly by these service providers and/or third parties and is subject to their policy.

To the extent permitted by applicable law, Cosmaé is not responsible for the practices of these service providers and third parties.

Certain services may be altered or inaccessible in the absence of consent to the collection of data mentioned in this Privacy Policy.

In general, the data is collected directly from you on the occasion of:

• The creation and management of an online account (customer account, user);
• Subscription to our newsletters;
• Your connection to our services;
• Your consultation of our newsletters and communications (statistics of openings, clicks, etc.);
• The purchase of products;
• Your participation in promotions, contests or games;
• Your sharing and interactions of our content with social networks;
• Your comments, opinions and contributions on our products, services and content;
• Your inquiries and our correspondence;
• Your browsing on our site;
• The exercise of your rights relating to your personal data.

The regulations in force protect the privacy of users and require any data controller to be able to justify a legitimate basis for said processing.

The data collected in the context of use is processed in order to meet the purposes below.

In this context, Cosmaé uses data to provide products and services (from the shopping cart and orders; sale, return and refund of purchased products) according to the legal basis of the processing, which is the execution of a contract concluded between the client and the professional.

In this context, Cosmaé uses Crédit Agricole as payment service provider, which uses information relating to means of payment when making payment for each order. This data can also be used for the prevention of fraud during the payment of the order and/or management of unpaid after order.

Cosmaé uses the personal data of a customer registered on the website. Are used email address, password for the execution of the contract concluded between the customer and Cosmaé during the purchase in order to respect the legal obligation.

Personal data (addresses, telephone numbers, email addresses) are used to ensure deliveries.

Personal data is used to interact with customers/users. As such, exchanges between the services and the user made by telephone, email or chat may be recorded in order to improve the quality of service. The customer can object to this at any time.

This data is used to inform customers of our products, recipes, and to personalize the products offered in the newsletter following the types of care provided during registration.

The data (Name, first name, pseudonym, uploaded visuals) are used to inform other customers/users on the website and can be used as content on Cosmaé's official social networks. This interest is legitimate and makes it possible to offer and improve products/recipes for customers as well as provide a right of information to users.

This anonymized personal data, linked to the deposit of cookies, is collected to understand the use of the website by the user, the anonymized customer behavior, to measure the frequentation of the site with the aim of enriching our website to improve the user experience. This data is also used to improve our products and recipes to meet customer needs.

Cosmaé does not share any personal data for commercial purposes with third parties.

The user has the option of modifying his personal data and withdrawing his consent at any time by logging into his customer account or by contacting us via the contact page.

The personal data collected is transmitted to the employees of the internal services of the company Cosmaé as well as to the service providers of Cosmaé, who can carry out processing on behalf of Cosmaé (subcontractors) and/or on their own behalf (recipients of the data).

The recipients of the data are:

- Cosmae

- Crédit Agricole, payment providers

- Any police or administrative authority in the context of legal requisitions concerning the fight against fraud

Cosmaé's subcontractors may have accessed the data collected to:

- preparing and shipping orders and returning products

- improving the content of the site and social networks

- the technical maintenance and development operations of the www.cosmae.com website, including the entities that execute the orders and provide web hosting, information storage, email service providers, as well as the services of analysis, tag management, such as Google Analytics.

For more details on these analysis services and the methods of opposition, we invite you to consult the following site: https://support.google.com/analytics/answer/6004245

The use of social networks to interact with our site (in particular the “share” buttons or the chat messenger) is likely to lead to the collection of your personal data by these social networks. We invite you to consult the personal data management policies of the various social networks to find out about the collection and processing they carry out on your data.

In accordance with Articles 14 to 22 of Regulation 2016/679 of April 27, 2016, any natural person using the Cosmaé website has the right to exercise the following rights:

A right of access, rectification and deletion of the data collected,
A right of opposition to the processing of his data
A right to restriction of processing,
A right to the portability of the data collected
May formulate directives relating to the storage, erasure and communication of his personal data after his death in accordance with article 40-1 of law 78-17 of January 6, 1978.

Finally, if Cosmaé detects a personal data breach likely to create a high risk for the rights and freedoms of its users, it undertakes to inform the users concerned as soon as possible.

The user can exercise all of these rights by logging into his customer area, by contacting customer service via the contact form or by simple mail to:

Cosmaé 249 Impasse du Marais 29800 Saint-Thonan

The user must imperatively attach proof of identity to his request.

In the event of no response or an unsatisfactory response, the user may contact the supervisory authority of his country of residence, for France, the CNIL: https://www.cnil.fr/

User data will not be kept beyond the time strictly necessary for the purposes pursued as set out herein, in accordance with applicable regulations and laws.

User data is erased when the user indicates that they want to close their account with Lessonia via the contact form (Profile: “A client” / Subject: “Other”). However, to comply with the regulations in force, data such as purchase orders and invoices must be available for at least 10 years.

As data controller, Cosmaé undertakes to take all necessary precautions to preserve the security and confidentiality of the data and in particular to prevent them from being altered, deformed or accessed by unauthorized third parties. .

Cosmaé has entered into service contracts with partners who have a certain expertise in the field of data protection.

All data is hosted in France or in the European Union.

Payment providers:

The payment of purchases on the website and on the mobile application is made via the secure platform of our service provider Crédit Agricole.

Cosmaé does not have access to customer payment data.

When browsing our website, information relating to the browsing of the user's terminal (computer, tablet, smartphone, etc.) may be recorded through files called "Cookies".

Cookies are used to monitor browsing or analyze user behavior, and in particular:

• to measure the frequentation of our website, as well as their content;
• to save information relating to the customer account when the user is connected to it;
• save the shopping cart;

This data has a legitimate interest in improving the customer experience on our website as well as our products and recipes.

Cosmaé's official Facebook and Instagram accounts may allow users to post their content. The user is informed that the content published on these social networks can be seen by any third party, and that increased vigilance is required of users when they provide certain personal data on these sites or applications such as financial data, an address or any sensitive data. Cosmaé is in no way responsible for any damage caused by third parties due to or resulting from the publication of their personal data by users.

Cosmaé's data protection officer or personal data manager ensures compliance with the regulations and rules in force, and must in particular establish a register of personal data processing activities.

The user can contact the data protection officer or personal data manager of Cosmaé via the contact form.

This personal data protection policy may be modified or adjusted at any time. When necessary or required, we will notify you. We invite you to consult it regularly.