Privacy

« Personal data » ou « Data »

Refers to any personal data within the meaning of the RGPD, i.e. any data enabling you to be identified directly (surname, first name, e-mail address, etc.) or indirectly (olfactory preferences, age, NOSE product(s) purchased, etc.).

« Privacy policy » ou « Privacy »

Means this Privacy Policy.

« Processing »

Any operation or set of operations applied to Personal Data, including but not limited to collecting, recording, organising, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, matching or linking, limiting, erasing or destroying Personal Data.

« Data controller »

Refers to the person who determines the purposes and means of the processing of your Personal Data, in this case NOSE.

« RGPD »

Refers to the European Regulation 2016/679 of 27 April 2016 on the protection of personal data.

« NOSE »

NOSE, a simplified joint stock company with capital of 131,463.20 euros, registered in the Paris Trade and Companies Register under number 534,386,818, whose registered office is located at 20, rue Bachaumont, 75002 Paris, France.

« Subcontractor »

Means any person processing Personal Data on behalf of NOSE.

« Personal account data »

Data collected when creating your personal NOSE account and associated with this account (Name and surname, gender, date of birth, email address, postcode). This Data may be processed as part of various services offered by NOSE (see section 2 "Processing by NOSE").

Processings

Concerned data

Purposes

Legal base

Duration of data retention

Creating a personal account in shop

-  Full name, gender, date of birth, email address, postcode, country

-  (Registration with a Facebook account: your Facebook account address will also be collected)

-  This data constitutes the "Personal Account Data".

-  Password

To allow you to create a personal account in order to carry out an olfactory test, to propose you an offer adapted to the result of the test, to manage your orders and to offer you other associated services (delivery of samples, evaluation of products, sponsorships...).

Fulfilment of the contract concluded when the account was created

(art. 6§1 b) of the GDPR)

5 years from the last contract concluded with you.

Carrying out an olfactory diagnosis at the store

Data from the personal account created in the shop, test data: 

- Data entered: your last three perfumes worn (brand, name of the perfume and period during which you wore the perfume or you no longer wear the perfume),

- Test results: your olfactory portrait (your favourite olfactory families, your olfactory pyramid)

Identify your olfactory preferences in order to provide you with a personalised product offer.

Execution of the NOSE TOU (provision of services)

(art. 6§1 b) GDPR)

These Data are kept in a form that allows you to be identified in your personal account for as long as that account exists.

Payment by credit card instore

Bank details, date and amount of the transaction

Allow you to pay for your purchases in the shop by payment card

Performance of the sales contract

(art. 6§1 b) of the GDPR)

Your bank details are kept for the duration of the complete payment plus 13 months (15 months for deferred debit cards) for the purpose of handling any complaints.

VAT refund (customers with tax residence outside the EU)

Surname, first name, address, credit card number and expiry date, nature of the product purchased, amount of the purchase, amount of VAT, date of zero-rating, other information on the zero-rating form (e.g. terminal number used, time of request)

Allow you to obtain a VAT refund on your purchases in our shop

Legitimate interest of NOSE to allow its customers to obtain a tax refund (art. 6§1 f) of the GDPR)

Your data is kept for a period of 10 years from the date of the sale, in accordance with the law, with the exception of your bank details (credit card number and expiry date) which are kept for a period of 6 months from the date of sale.

Payment by gift card in shop

Gift card number, gift card activation and expiry date, gift card balance, transaction date and amount

Allow you to pay with a NOSE gift card

Performance of the contract concluded with the purchaser of the gift card (art. 6§1 b) of the GDPR)

Legitimate interest of NOSE to ensure the proper functioning of its gift cards (art. 6§1 f) RGPD)

Transaction data is retained for the duration of the full payment plus 13 months for the purpose of handling any claims.

If you have not used up the balance on the gift card, the card number and the amount of the balance on the card are kept until you have spent the entire balance on the card or until the expiry date of the gift card, plus 13 months for the purpose of handling any complaints.

Processings

Concerned Data

Purposes

Legal base

Duration of data retention

Creating a personal account in shop

-  Full name, gender, date of birth, email address, postcode, country

-  (Registration with a Facebook account: your Facebook account address will also be collected)

-  This data constitutes the "Personal Account Data".

-  Password

To allow you to create a personal account in order to carry out an olfactory test, to propose you an offer adapted to the result of the test, to manage your orders and to offer you other associated services (delivery of samples, evaluation of products, sponsorships...).

Fulfilment of the contract concluded when the account was created

(art. 6§1 b) of the GDPR)

5 years from the last contract concluded with you.

Carrying out an olfactory diagnosis at the store

Data from the personal account created in the shop, test data: 

- Data entered: your last three perfumes worn (brand, name of the perfume and period during which you wore the perfume or you no longer wear the perfume),

- Test results: your olfactory portrait (your favourite olfactory families, your olfactory pyramid)

Identify your olfactory preferences in order to provide you with a personalised product offer.

Execution of the NOSE TOU (provision of services)

(art. 6§1 b) GDPR)

These Data are kept in a form that allows you to be identified in your personal account for as long as that account exists.

My five fragrance recommendations

Data from the personal account, data from the olfactory test

Provide you with a personalised offer based on the results of the olfactory test

Execution of the Nose TOU (provision of services)

(art. 6§1 b) of the GDPR)

This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists.

Order of a perfume sample kit

Personal account data, delivery address you entered

Provide you with samples to help you find a fragrance; provide you with a promotional code

Fulfilment of the sample order contract

(art. 6§1 b) of the GDPR)

This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists.

My evaluations

Personal account data, evaluation data you have entered

To take into account your feedback in order to provide you with a personalised product offer and to adapt NOSE's offer more widely to the needs of its customers

Execution of the Nose TOU (provision of services)

(art. 6§1 b) of the GDPR)

This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists.

Sponsorship program

- Data from the sponsor's personal account, number of invitations sent, free samples and coupons in value

- Data on the sponsored person: surname, first name, email address of the sponsored person, relationship with the sponsor

Allow you to sponsor a friend or family member to obtain free samples and value coupons and allow your friend or family member to discover NOSE's products and services

-  For the sponsor: Execution of the Nose GTC (provision of service) (art. 6§1 b) of the GDPR)

-  For the sponsored person: Legitimate interest of NOSE to offer a sponsorship service (art. 6§1 f) of the RGPD)

- For the sponsor : 

This Data is kept in your personal account for the duration of the existence of this account.

- For the sponsored person: If the sponsored person does not create a personal account, the data is deleted by NOSE after one year.

Online order

Personal account data, delivery address, billing address, telephone number, products selected in the shopping cart/purchased, payment method and bank details (or Paypal details depending on the payment method chosen), "credits" obtained by inviting a friend or family member to carry out an olfactory test, gift card(s) ("balance Gift Card" and/or "Gift Card")

To allow you to order or pre-order online the products offered by NOSE; to ensure the follow-up of your orders

Pre-contractual steps to conclude a sales contract and performance of the sales contract

(art. 6§1 b) of the GDPR)

Your Data is kept in your personal account for the duration of the existence of this account, subject to the following reservations: 

- Your Banking Data (and/or Paypal details) are kept by NOSE's payment provider for the duration of the full payment, plus 13 months (15 months for deferred debit cards) for the purpose of managing any claims.

- Billing Data is kept for 10 years from the end of the accounting year in progress at the time of the order, in accordance with the law.

Device for combating payment card fraud (verification per small transaction, declaration of fraud and other procedures...)

Personal account data, bank details, delivery address, delivery status

Fight against payment card fraud and ensure secure online payment

- Compliance with a legal obligation of NOSE to ensure a secure payment and to prevent fraud via the payment tools made available by NOSE (art. 6§1 c) of the RGPD)

- Legitimate interest of NOSE to fight against payment card fraud (art. 6§1 f) RGPD)

Your bank details are kept by NOSE's payment service provider for the duration of the complete payment plus a period of 13 months (15 months for deferred payment cards) for the purpose of managing any complaints.

This period may be extended in the event of payment card fraud. If the fraud leads to legal action, your bank details will be kept for the duration of the proceedings and/or the procedure in progress, plus any time limits for appeal. Otherwise, your data will be kept for five years from the discovery of the fraud, i.e. for the duration of the statute of limitations for civil proceedings.

Gift card ("balance Gift Card" and "Gift Card")

Gift card number, gift card activation and expiry date, gift card balance, transaction date and amount

Allow you to buy products with your NOSE gift cards

Performance of the sales contract concluded at the time of purchase of the gift card

(art. 6§1 b) GDPR)

The Transaction Data is retained for the duration of the full payment plus 13 months for the purpose of handling any claims.

If you have not used up the balance on the gift card, the card number and the amount of the balance on the card are retained until you have spent the entire balance on the card or until the expiry date of the gift card, plus 13 months for the purposes of handling any claims.

Subscription to the newsletter and sending of the newsletter

Email address

Inform you about NOSE products and services that may be of interest to you

Consent (art. 6§1 a) of the GDPR)

Your email address is kept in our newsletter recipient database as long as you consent to it. If you withdraw your consent, your e-mail address is removed from this database. After 5 years of inactivity, you will be automatically unsubscribed.

Processings

Concerned data

Purposes

Legal base

Duration of data retention

Statistics and incidents

Data relating to the frequentation of the site (number of visitors, pages consulted, connection time...) - These data are anonymised.

Carry out statistics on traffic and use of the NOSE website in order to identify incidents and improve the performance of the website

Legitimate interest of NOSE to make statistics on the use of its website 

(art. 6§1 f) of the GDPR)

The data stored is anonymous.

Processings

Concerned Data

Purposes

Legal Base

Duration of data retention

Delivery

Surname, first name, delivery address you entered on the "delivery addresses" page or at the time of ordering, telephone number

Delivering products ordered online on the NOSE website

Fulfilment of the sales contract concluded at the time of ordering a product

(art. 6§1 b) of the GDPR)

 This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists.

Customer relationship

Any data relevant to the processing of your request, including, as appropriate

- Data from your personal account

- Data relating to the delivery of your order (delivery address, date...)

- Data relating to payment (method of payment)

- Data relating to the products purchased (nature, amount, quantity, etc.)

Process your requests for NOSE products and services (purchased or not); follow up on your requests

- When your request concerns an order/purchase:

- Fulfilment of the sales contract concluded at the time of the online order or in-store sale (art. 6§1 b) of the GDPR)

- For any other request: Legitimate interest of NOSE to answer your queries (art. 6§1 f) of the GDPR).

- When your request concerns an order/purchase :  Five years from the date of the request, i.e. during the limitation period for civil actions.

- For all other requests : Up to three years from the last exchange with you.

Withdrawal of order

- Withdrawal form data

Or

Data from the letter or email sent to NOSE to exercise the right of withdrawal (full name, email or postal address, order number)

- Bank details, if applicable any promotional code, balance Gift Card or Gift Card used at the time of purchase

Allow you to exercise your right of withdrawal

Compliance with a legal obligation of NOSE

(art. 6§1 c) of the GDPR)

Five years from the date of the application, i.e. during the limitation period for civil actions.

Legal guarantee of conformity/hidden defects

Depending on the case: surname, first name, e-mail, postal address and/or personal account data, bank details (in case of reimbursement)

To enable NOSE to fulfil its obligations with regard to the legal guarantee of conformity/hidden defects and to carry out, if necessary, any necessary exchange or refund

Compliance with a legal obligation of NOSE

(art. 6§1 c) of the GDPR)

Five years from the date of exchange or reimbursement, i.e. during the limitation period for civil actions.

Promotional operations (competitions, satisfaction surveys, etc.)

As the case may be: surname, first name, e-mail, postal address and/or personal account data

To address you and offer you to participate in promotional operations such as competitions

- Sending promotional operations/satisfaction surveys:

Consent (art. 6§1 a) of the GDPR)

- Participation in competitions: execution of the rules of the competition (art. 6§1 b) of the GDPR)

Three years from sending/participation, with the exception of winners of competitions (five years from participation, i.e. during the limitation period for civil actions).

Processing your requests for personal data

- Identifying data: surname, first name, e-mail address and/or postal address of the data subject

- Content of the request: data relating to the nature of the request and any data necessary to respond to it

To enable NOSE to fulfil its data protection obligations and respond to your request

Compliance with a legal obligation of NOSE

(art. 6§1 c) of the GDPR)

NOSE's legitimate interest in proving that your request has been processed 

(art. 6§1 f) of the GDPR)

Five years from the date of the application, i.e. during the limitation period for civil actions.

Cosmetovigilance

- Contact data of the person who reported the adverse event or of any health professional who can provide details: surname, first name, postal address, e-mail address, telephone number, speciality of the health professional.

- Data relating to the exposed person strictly necessary for the assessment of the adverse health event: identification data of the person exposed to the adverse health event (surname, first name, date of birth, sex, weight, height), data relating to the identification of the product concerned by the report (type of product), health data.

To enable NOSE to fulfil its obligations in terms of cosmetovigilance (and in particular to make any declaration that may be necessary and/or contact the persons concerned)

Compliance with a legal obligation of NOSE

(art. 6§1 c) of the GDPR)

Five years from the date of the adverse event, i.e. during the limitation period for civil actions.

Social networks & data controllers

Links to the information notices relating to the Processing of your Data

Facebook et Instagram :

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Irlande.

https://www.facebook.com/privacy/explanation

LinkedIn : 

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irlande

https://www.linkedin.com/legal/privacy-policy

YouTube : 

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Irlande

https://policies.google.com/privacy

Type of recipients

Complementary informations

IT and software providers

Your Data may be transferred to IT and software service providers necessary for the operation of NOSE's business (e.g., hosting providers, customer relationship management software publishers, etc.). 

Your Data may be transferred to payment service providers to enable you to make remote purchases on the NOSE website.

Payment service provider

When you make a purchase on the NOSE website, your bank details are collected and processed exclusively by NOSE's payment service providers. NOSE does not at any time have access to this Data, nor does it process it directly or store it in its systems. Any request from you to exercise your rights regarding this Data will be forwarded by NOSE to its payment service provider.

Logistics providers

Your Data may be transferred to logistics providers when a product or paper communication needs to be sent to you (e.g. delivery of your order, delivery of samples etc.).

Marketing, communication and/or press relations agencies

Your Data may be transferred to NOSE's service providers in connection with the organisation of a communication campaign or event, only if you have consented to receive commercial communications from NOSE.

The rights

The object of your right

The right to object

You have the right, at any time, to object to the Processing of your Personal Data, when such Processing is carried out on the legal basis of NOSE's legitimate interest. When you object to the Processing of your Personal Data:

- for advertising purposes, you may object without giving us any reason(s) for your objection;

- for all other purposes, you must indicate the compelling reason(s) for your request to exercise your right to object.

Your opposition to the Processing of your Personal Data is valid for the future. Please be aware that NOSE may continue to send you advertising after receiving your request to object. These mailings are temporary, and some are automatically scheduled in advance. However, this does not mean that NOSE does not exercise your right to object

Withdrawing your consent

You have the right at any time to withdraw your consent to the Processing of your Personal Data, where such Processing is carried out on the legal basis of your consent. You may withdraw your consent without giving NOSE any reason(s) for your request. If you wish to unsubscribe from the NOSE newsletter, simply click on the "unsubscribe" field at the bottom of each newsletter.

The withdrawal of your consent to the Processing of your Personal Data is valid for the future. Please be aware that NOSE may continue to send you advertising solicitations after receiving your request to withdraw your consent. These mailings are temporary, and some are automatically scheduled in advance. However, this does not mean that NOSE does not exercise your right to withdraw your consent.

The right of rectification

You have the right to ask NOSE to correct your Personal Information that is incorrect or incomplete.

The right of access

You have the right to ask NOSE about the nature and manner of the Processing of your Personal Data by NOSE. You also have the right to obtain a copy of your Personal Information that NOSE holds about you.

The right to erasure

You have the right to request NOSE to delete your Personal Data. In this context, NOSE will delete as much of the Personal Data concerned as possible. However, you should be aware that such a request may not affect NOSE's right to retain your Personal Data as necessary to:

- to meet its legal obligations;

- in the event of a claim and/or dispute relating to your orders, products and/or services purchased.

The right to portability

You have the right to request that NOSE transmit your Personal Data to you and/or to a third party of your choice, in a format that is technically usable by you or by such third party.

The right to limitation

You have the right to ask NOSE to limit the Processing of your Personal Data, in any of the following cases:

- when you dispute the accuracy of the Personal Data or consider that NOSE is processing it in contravention of its obligations, but you do not immediately wish it to be deleted; in either case, NOSE must suspend the Processing of your Personal Data while it carries out the necessary checks;

- when NOSE no longer needs the Personal Data but you need it to claim, exercise and/or defend your rights; in this case, NOSE must retain your Personal Data that is necessary for you.

The right to give directions

You have the right to give NOSE instructions on what to do with your Personal Information after your death.