Privacy
1. Generalities
1.1 Object
The purpose of this Privacy Policy is to inform you about how NOSE processes your Personal Data in the course of its activities, both in the shop and online via the website https://noseparis.com.
If you have any questions about NOSE's processing of your Personal Information, you can contact NOSE at info@noseparis.com.
This Privacy Policy is not intended to inform you about the cookies used on the website, how to consent or not to the use of cookies that require your consent and the related processing of your Personal Data. To learn more about this, NOSE invites you to consult its Cookie Policy.
1.2 Definitions
The following terms, when their first letter is capitalized, in both the singular and plural, will have the following meaning:
« Personal data » ou « Data » |
Refers to any personal data within the meaning of the RGPD, i.e. any data enabling you to be identified directly (surname, first name, e-mail address, etc.) or indirectly (olfactory preferences, age, NOSE product(s) purchased, etc.). |
« Privacy policy » ou « Privacy » |
Means this Privacy Policy. |
« Processing » |
Any operation or set of operations applied to Personal Data, including but not limited to collecting, recording, organising, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, matching or linking, limiting, erasing or destroying Personal Data. |
« Data controller » |
Refers to the person who determines the purposes and means of the processing of your Personal Data, in this case NOSE. |
« RGPD » |
Refers to the European Regulation 2016/679 of 27 April 2016 on the protection of personal data. |
« NOSE » |
NOSE, a simplified joint stock company with capital of 131,463.20 euros, registered in the Paris Trade and Companies Register under number 534,386,818, whose registered office is located at 20, rue Bachaumont, 75002 Paris, France. |
« Subcontractor » |
Means any person processing Personal Data on behalf of NOSE. |
« Personal account data » |
Data collected when creating your personal NOSE account and associated with this account (Name and surname, gender, date of birth, email address, postcode). This Data may be processed as part of various services offered by NOSE (see section 2 "Processing by NOSE"). |
2. Processings realized by NOSE
2.1 Processings realized instore
When you make purchases in the shop or use the various services offered in the shop by NOSE, NOSE may process your Data. Depending on the case, NOSE may carry out the following processing:
Processings |
Concerned data |
Purposes |
Legal base |
Duration of data retention |
Creating a personal account in shop |
- Full name, gender, date of birth, email address, postcode, country - (Registration with a Facebook account: your Facebook account address will also be collected) - This data constitutes the "Personal Account Data". - Password |
To allow you to create a personal account in order to carry out an olfactory test, to propose you an offer adapted to the result of the test, to manage your orders and to offer you other associated services (delivery of samples, evaluation of products, sponsorships...). |
Fulfilment of the contract concluded when the account was created (art. 6§1 b) of the GDPR) |
5 years from the last contract concluded with you. |
Carrying out an olfactory diagnosis at the store |
Data from the personal account created in the shop, test data:
- Data entered: your last three perfumes worn (brand, name of the perfume and period during which you wore the perfume or you no longer wear the perfume),
- Test results: your olfactory portrait (your favourite olfactory families, your olfactory pyramid) |
Identify your olfactory preferences in order to provide you with a personalised product offer. |
Execution of the NOSE TOU (provision of services) (art. 6§1 b) GDPR) |
These Data are kept in a form that allows you to be identified in your personal account for as long as that account exists. |
Payment by credit card instore |
Bank details, date and amount of the transaction |
Allow you to pay for your purchases in the shop by payment card |
Performance of the sales contract (art. 6§1 b) of the GDPR) |
Your bank details are kept for the duration of the complete payment plus 13 months (15 months for deferred debit cards) for the purpose of handling any complaints. |
VAT refund (customers with tax residence outside the EU) |
Surname, first name, address, credit card number and expiry date, nature of the product purchased, amount of the purchase, amount of VAT, date of zero-rating, other information on the zero-rating form (e.g. terminal number used, time of request) |
Allow you to obtain a VAT refund on your purchases in our shop |
Legitimate interest of NOSE to allow its customers to obtain a tax refund (art. 6§1 f) of the GDPR) |
Your data is kept for a period of 10 years from the date of the sale, in accordance with the law, with the exception of your bank details (credit card number and expiry date) which are kept for a period of 6 months from the date of sale. |
Payment by gift card in shop |
Gift card number, gift card activation and expiry date, gift card balance, transaction date and amount |
Allow you to pay with a NOSE gift card |
Performance of the contract concluded with the purchaser of the gift card (art. 6§1 b) of the GDPR)
Legitimate interest of NOSE to ensure the proper functioning of its gift cards (art. 6§1 f) RGPD) |
Transaction data is retained for the duration of the full payment plus 13 months for the purpose of handling any claims.
If you have not used up the balance on the gift card, the card number and the amount of the balance on the card are kept until you have spent the entire balance on the card or until the expiry date of the gift card, plus 13 months for the purpose of handling any complaints. |
2.2 Processing on the NOSE website associated with the personal online account
NOSE may process your Personal Data when you use the online services offered on the website https://noseparis.com/.
NOSE may collect a certain amount of Data about you in the context of creating your personal account, providing related services (olfactory test, ordering samples, evaluations, sponsorships ...) and the completion and tracking of your orders.
Processings |
Concerned Data |
Purposes |
Legal base |
Duration of data retention |
Creating a personal account in shop |
- Full name, gender, date of birth, email address, postcode, country - (Registration with a Facebook account: your Facebook account address will also be collected) - This data constitutes the "Personal Account Data". - Password |
To allow you to create a personal account in order to carry out an olfactory test, to propose you an offer adapted to the result of the test, to manage your orders and to offer you other associated services (delivery of samples, evaluation of products, sponsorships...). |
Fulfilment of the contract concluded when the account was created (art. 6§1 b) of the GDPR) |
5 years from the last contract concluded with you. |
Carrying out an olfactory diagnosis at the store |
Data from the personal account created in the shop, test data:
- Data entered: your last three perfumes worn (brand, name of the perfume and period during which you wore the perfume or you no longer wear the perfume),
- Test results: your olfactory portrait (your favourite olfactory families, your olfactory pyramid) |
Identify your olfactory preferences in order to provide you with a personalised product offer. |
Execution of the NOSE TOU (provision of services) (art. 6§1 b) GDPR) |
These Data are kept in a form that allows you to be identified in your personal account for as long as that account exists. |
My five fragrance recommendations |
Data from the personal account, data from the olfactory test |
Provide you with a personalised offer based on the results of the olfactory test |
Execution of the Nose TOU (provision of services) (art. 6§1 b) of the GDPR) |
This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists. |
Order of a perfume sample kit |
Personal account data, delivery address you entered |
Provide you with samples to help you find a fragrance; provide you with a promotional code |
Fulfilment of the sample order contract (art. 6§1 b) of the GDPR) |
This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists. |
My evaluations |
Personal account data, evaluation data you have entered |
To take into account your feedback in order to provide you with a personalised product offer and to adapt NOSE's offer more widely to the needs of its customers |
Execution of the Nose TOU (provision of services) (art. 6§1 b) of the GDPR) |
This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists. |
Sponsorship program |
- Data from the sponsor's personal account, number of invitations sent, free samples and coupons in value
- Data on the sponsored person: surname, first name, email address of the sponsored person, relationship with the sponsor |
Allow you to sponsor a friend or family member to obtain free samples and value coupons and allow your friend or family member to discover NOSE's products and services |
- For the sponsor: Execution of the Nose GTC (provision of service) (art. 6§1 b) of the GDPR)
- For the sponsored person: Legitimate interest of NOSE to offer a sponsorship service (art. 6§1 f) of the RGPD) |
- For the sponsor : This Data is kept in your personal account for the duration of the existence of this account.
- For the sponsored person: If the sponsored person does not create a personal account, the data is deleted by NOSE after one year. |
Online order |
Personal account data, delivery address, billing address, telephone number, products selected in the shopping cart/purchased, payment method and bank details (or Paypal details depending on the payment method chosen), "credits" obtained by inviting a friend or family member to carry out an olfactory test, gift card(s) ("balance Gift Card" and/or "Gift Card") |
To allow you to order or pre-order online the products offered by NOSE; to ensure the follow-up of your orders |
Pre-contractual steps to conclude a sales contract and performance of the sales contract (art. 6§1 b) of the GDPR) |
Your Data is kept in your personal account for the duration of the existence of this account, subject to the following reservations:
- Your Banking Data (and/or Paypal details) are kept by NOSE's payment provider for the duration of the full payment, plus 13 months (15 months for deferred debit cards) for the purpose of managing any claims.
- Billing Data is kept for 10 years from the end of the accounting year in progress at the time of the order, in accordance with the law. |
Device for combating payment card fraud (verification per small transaction, declaration of fraud and other procedures...) |
Personal account data, bank details, delivery address, delivery status |
Fight against payment card fraud and ensure secure online payment |
- Compliance with a legal obligation of NOSE to ensure a secure payment and to prevent fraud via the payment tools made available by NOSE (art. 6§1 c) of the RGPD)
- Legitimate interest of NOSE to fight against payment card fraud (art. 6§1 f) RGPD) |
Your bank details are kept by NOSE's payment service provider for the duration of the complete payment plus a period of 13 months (15 months for deferred payment cards) for the purpose of managing any complaints.
This period may be extended in the event of payment card fraud. If the fraud leads to legal action, your bank details will be kept for the duration of the proceedings and/or the procedure in progress, plus any time limits for appeal. Otherwise, your data will be kept for five years from the discovery of the fraud, i.e. for the duration of the statute of limitations for civil proceedings. |
Gift card ("balance Gift Card" and "Gift Card") |
Gift card number, gift card activation and expiry date, gift card balance, transaction date and amount |
Allow you to buy products with your NOSE gift cards |
Performance of the sales contract concluded at the time of purchase of the gift card (art. 6§1 b) GDPR) |
The Transaction Data is retained for the duration of the full payment plus 13 months for the purpose of handling any claims.
If you have not used up the balance on the gift card, the card number and the amount of the balance on the card are retained until you have spent the entire balance on the card or until the expiry date of the gift card, plus 13 months for the purposes of handling any claims. |
Subscription to the newsletter and sending of the newsletter |
Email address |
Inform you about NOSE products and services that may be of interest to you |
Consent (art. 6§1 a) of the GDPR) |
Your email address is kept in our newsletter recipient database as long as you consent to it. If you withdraw your consent, your e-mail address is removed from this database. After 5 years of inactivity, you will be automatically unsubscribed. |
2.3 Other processing carried out on the NOSE website
NOSE may need to perform Processing necessary for its activity and the proper functioning of its site (maintenance, incident management ...):
Processings |
Concerned data |
Purposes |
Legal base |
Duration of data retention |
Statistics and incidents |
Data relating to the frequentation of the site (number of visitors, pages consulted, connection time...) - These data are anonymised. |
Carry out statistics on traffic and use of the NOSE website in order to identify incidents and improve the performance of the website |
Legitimate interest of NOSE to make statistics on the use of its website (art. 6§1 f) of the GDPR) |
The data stored is anonymous. |
2.4 Other processings realized by Nose
In addition to the Processing carried out in the shop and on the NOSE website, NOSE may need to process your Data to follow up on the delivery of your order and any requests you may make, and to meet its legal obligations:
Processings |
Concerned Data |
Purposes |
Legal Base |
Duration of data retention |
Delivery |
Surname, first name, delivery address you entered on the "delivery addresses" page or at the time of ordering, telephone number |
Delivering products ordered online on the NOSE website |
Fulfilment of the sales contract concluded at the time of ordering a product (art. 6§1 b) of the GDPR) |
This Data is kept in a form that allows you to be identified in your personal account for as long as that account exists. |
Customer relationship |
Any data relevant to the processing of your request, including, as appropriate
- Data from your personal account - Data relating to the delivery of your order (delivery address, date...) - Data relating to payment (method of payment) - Data relating to the products purchased (nature, amount, quantity, etc.) |
Process your requests for NOSE products and services (purchased or not); follow up on your requests |
- When your request concerns an order/purchase: - Fulfilment of the sales contract concluded at the time of the online order or in-store sale (art. 6§1 b) of the GDPR) - For any other request: Legitimate interest of NOSE to answer your queries (art. 6§1 f) of the GDPR). |
- When your request concerns an order/purchase : Five years from the date of the request, i.e. during the limitation period for civil actions. - For all other requests : Up to three years from the last exchange with you. |
Withdrawal of order |
- Withdrawal form data Or Data from the letter or email sent to NOSE to exercise the right of withdrawal (full name, email or postal address, order number) - Bank details, if applicable any promotional code, balance Gift Card or Gift Card used at the time of purchase |
Allow you to exercise your right of withdrawal |
Compliance with a legal obligation of NOSE (art. 6§1 c) of the GDPR) |
Five years from the date of the application, i.e. during the limitation period for civil actions. |
Legal guarantee of conformity/hidden defects |
Depending on the case: surname, first name, e-mail, postal address and/or personal account data, bank details (in case of reimbursement) |
To enable NOSE to fulfil its obligations with regard to the legal guarantee of conformity/hidden defects and to carry out, if necessary, any necessary exchange or refund |
Compliance with a legal obligation of NOSE (art. 6§1 c) of the GDPR) |
Five years from the date of exchange or reimbursement, i.e. during the limitation period for civil actions. |
Promotional operations (competitions, satisfaction surveys, etc.) |
As the case may be: surname, first name, e-mail, postal address and/or personal account data |
To address you and offer you to participate in promotional operations such as competitions |
- Sending promotional operations/satisfaction surveys: Consent (art. 6§1 a) of the GDPR) - Participation in competitions: execution of the rules of the competition (art. 6§1 b) of the GDPR) |
Three years from sending/participation, with the exception of winners of competitions (five years from participation, i.e. during the limitation period for civil actions). |
Processing your requests for personal data |
- Identifying data: surname, first name, e-mail address and/or postal address of the data subject - Content of the request: data relating to the nature of the request and any data necessary to respond to it |
To enable NOSE to fulfil its data protection obligations and respond to your request |
Compliance with a legal obligation of NOSE (art. 6§1 c) of the GDPR)
NOSE's legitimate interest in proving that your request has been processed (art. 6§1 f) of the GDPR) |
Five years from the date of the application, i.e. during the limitation period for civil actions. |
Cosmetovigilance |
- Contact data of the person who reported the adverse event or of any health professional who can provide details: surname, first name, postal address, e-mail address, telephone number, speciality of the health professional. - Data relating to the exposed person strictly necessary for the assessment of the adverse health event: identification data of the person exposed to the adverse health event (surname, first name, date of birth, sex, weight, height), data relating to the identification of the product concerned by the report (type of product), health data. |
To enable NOSE to fulfil its obligations in terms of cosmetovigilance (and in particular to make any declaration that may be necessary and/or contact the persons concerned) |
Compliance with a legal obligation of NOSE (art. 6§1 c) of the GDPR) |
Five years from the date of the adverse event, i.e. during the limitation period for civil actions. |
3. How we obtain and share your Personal Data
3.1 Exchange of Personal Data with Facebook (at the registration stage)
When you choose the option "register with Facebook" or "sign in with Facebook", you consent to NOSE obtaining the Personal Data necessary to provide its services from Facebook.
This data is: your name, first name and email address.
You can withdraw your consent at any time by logging out. NOSE will then no longer be able to provide you with its online services (olfactory diagnosis, product reviews, sponsorships ...).
If you do not want NOSE to obtain your data from Facebook, you can create a personal account using the form provided for this purpose on the NOSE website. You can then log in to your personal account using your email address.
3.2 Exchange of Personal Data with social network operators (official NOSE pages and website plug-ins)
3.2.1 NOSE’s Official Pages
When you visit NOSE's official pages on social networks, NOSE only receives anonymised data from the social network operators that do not allow it to identify you individually.
This joint processing is contractually regulated in accordance with Article 26 of the GDPR.
3.2.2 Plug-ins of NOSE’s website
The NOSE website https://noseparis.com integrates plug-ins from the following social networks: Instagram, Facebook, YouTube, LinkedIn.
These social networks and NOSE are jointly responsible for the collection and Processing of your Data performed by these plug-ins.
The purpose of these plug-ins is to:
- allow you to view multimedia content on the NOSE website and interact with NOSE on social networks;
- allow us to obtain anonymised statistics on the use of the NOSE pages in these social networks.
The Processing carried out is based on NOSE's legitimate interest in displaying multimedia content on its website and developing its relationships with its customers via social networks (art. 6§1 f) of the RGPD).
This joint Processing is contractually regulated in accordance with Article 26 of the GDPR.
3.2.3 Joint dispositions
In addition to the Processing carried out jointly with NOSE, the operators of these social networks also process your Personal Data, including when you do not have an account with them or are not logged into your account.
The operators of the social networks remain solely responsible for the collection, processing and storage of your Personal Data in this context, including their use for purposes other than those described above.
For more information, we invite you to consult their respective privacy policies:
Social networks & data controllers |
Links to the information notices relating to the Processing of your Data |
Facebook et Instagram :
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Irlande. |
|
LinkedIn :
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irlande |
|
YouTube :
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Irlande |
3.3 Other cases of sharing your Personal Information with third parties
3.3.1 Subcontractors
In the course of its activities, NOSE may use subcontractors to carry out processing on its behalf. Your data may then be transferred to its Subcontractors, within the limits of what is necessary to perform their services. The Processing carried out by the Subcontractors is subject to a contractual framework.
These Subcontractors belong to the following categories:
Type of recipients |
Complementary informations |
IT and software providers |
Your Data may be transferred to IT and software service providers necessary for the operation of NOSE's business (e.g., hosting providers, customer relationship management software publishers, etc.). Your Data may be transferred to payment service providers to enable you to make remote purchases on the NOSE website. |
Payment service provider |
When you make a purchase on the NOSE website, your bank details are collected and processed exclusively by NOSE's payment service providers. NOSE does not at any time have access to this Data, nor does it process it directly or store it in its systems. Any request from you to exercise your rights regarding this Data will be forwarded by NOSE to its payment service provider. |
Logistics providers |
Your Data may be transferred to logistics providers when a product or paper communication needs to be sent to you (e.g. delivery of your order, delivery of samples etc.). |
Marketing, communication and/or press relations agencies |
Your Data may be transferred to NOSE's service providers in connection with the organisation of a communication campaign or event, only if you have consented to receive commercial communications from NOSE. |
3.3.2 Control bodies
NOSE may share your Data in the context of controls carried out by public authorities (tax authorities, DGCCRF, ANSM, CNIL...) to the extent necessary to satisfy the requests of these authorities.
Such data sharing is required by law and is therefore based on NOSE's compliance with its legal obligations (art. 6§1 c) of the GDPR).
3.4 Specific information about the transfer of your Personal Data outside the European Economic Area
NOSE uses servers hosted in the European Economic Area (EEA). NOSE does not therefore transfer your Personal Information outside the EEA.
However, if NOSE does make such transfers, you will be informed of this by amending this Privacy Policy. NOSE undertakes, where applicable, to take all necessary guarantees in accordance with Articles 46 et seq. of the GDPR to ensure the security of your Personal Data and the respect of your rights.
Some of NOSE's service providers may transfer your Personal Data outside the EEA. In this case, NOSE will ensure that the transfer of your Personal Data is accompanied by appropriate safeguards in accordance with Article 46 et seq. of the GDPR.
4. Your rights and how to exercise them
4.1 Your rights
You have the following rights with respect to your Personal Information:
The rights |
The object of your right |
The right to object |
You have the right, at any time, to object to the Processing of your Personal Data, when such Processing is carried out on the legal basis of NOSE's legitimate interest. When you object to the Processing of your Personal Data:
- for advertising purposes, you may object without giving us any reason(s) for your objection; - for all other purposes, you must indicate the compelling reason(s) for your request to exercise your right to object.
Your opposition to the Processing of your Personal Data is valid for the future. Please be aware that NOSE may continue to send you advertising after receiving your request to object. These mailings are temporary, and some are automatically scheduled in advance. However, this does not mean that NOSE does not exercise your right to object |
Withdrawing your consent |
You have the right at any time to withdraw your consent to the Processing of your Personal Data, where such Processing is carried out on the legal basis of your consent. You may withdraw your consent without giving NOSE any reason(s) for your request. If you wish to unsubscribe from the NOSE newsletter, simply click on the "unsubscribe" field at the bottom of each newsletter.
The withdrawal of your consent to the Processing of your Personal Data is valid for the future. Please be aware that NOSE may continue to send you advertising solicitations after receiving your request to withdraw your consent. These mailings are temporary, and some are automatically scheduled in advance. However, this does not mean that NOSE does not exercise your right to withdraw your consent. |
The right of rectification |
You have the right to ask NOSE to correct your Personal Information that is incorrect or incomplete. |
The right of access |
You have the right to ask NOSE about the nature and manner of the Processing of your Personal Data by NOSE. You also have the right to obtain a copy of your Personal Information that NOSE holds about you. |
The right to erasure |
You have the right to request NOSE to delete your Personal Data. In this context, NOSE will delete as much of the Personal Data concerned as possible. However, you should be aware that such a request may not affect NOSE's right to retain your Personal Data as necessary to: - to meet its legal obligations; - in the event of a claim and/or dispute relating to your orders, products and/or services purchased. |
The right to portability |
You have the right to request that NOSE transmit your Personal Data to you and/or to a third party of your choice, in a format that is technically usable by you or by such third party. |
The right to limitation |
You have the right to ask NOSE to limit the Processing of your Personal Data, in any of the following cases: - when you dispute the accuracy of the Personal Data or consider that NOSE is processing it in contravention of its obligations, but you do not immediately wish it to be deleted; in either case, NOSE must suspend the Processing of your Personal Data while it carries out the necessary checks; - when NOSE no longer needs the Personal Data but you need it to claim, exercise and/or defend your rights; in this case, NOSE must retain your Personal Data that is necessary for you. |
The right to give directions |
You have the right to give NOSE instructions on what to do with your Personal Information after your death. |
If you believe that NOSE is not processing your Personal Data in accordance with applicable law, you have the right to lodge a complaint with the CNIL (https://www.cnil.fr/fr/plaintes) or any other competent supervisory authority.
4.2 How to exercise your rights
You can exercise your rights by contacting NOSE :
- By email to info@noseparis.com; or
- By post to 20, rue Bachaumont, 75002 Paris, France.
No payment will be required for the exercise of your rights, other than the possible costs of sending your requests, except in the case of repetitive and manifestly unfounded requests. After receiving your request :
- Your Personal Data transmitted on this occasion and your subsequent correspondence with NOSE will be kept in archive form for a period of 5 years from the final processing of your request;
- NOSE may ask you for additional information to confirm your identity; this additional data will be deleted once your identity has been confirmed.
The legal basis for the processing of this Personal Data is Article 6, paragraph 1 f) of the RGPD, namely the legitimate interest of NOSE. The legitimacy of such processing is to be able to prove that NOSE has processed your request to exercise a right.
5. Modifications
The Privacy Policy may be updated, especially in accordance with legislative changes or NOSE's activities. The version of this policy that is made available is always the current version. Therefore, we invite you to consult it regularly.
We will inform you by e-mail of any changes to this Policy.