ABBI.CARE Personal Data Charter

ABBI's commitments
Wishing to protect the privacy of its partners, ABBI is committed to ensuring the best level of protection for your personal data in accordance with applicable French law and European regulations, in particular the General Data Protection Regulation (GDPR), applicable since May 25, 2018.
To further explain our personal data protection and privacy practices, we have outlined below the different types of personal data we may obtain directly from you or through your interaction with us, how we may use them, with whom we may share them, how we protect and keep them secure, and the rights you have regarding your personal data. Of course, not all of these situations may apply to you. This privacy policy is intended to give you an overview of all the situations in which we may interact with each other.

Data controller
 
ABBI is responsible for the personal data you provide to us on this site. The terms
“ ABBI ”, “we” or “us” as used herein refers to ABBI . In accordance with applicable personal data protection regulations, ABBI is the “data controller”.

Personal information

Personal data means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to one or more elements specific to them.
We may collect personal data from you, or receive personal data from you, through our websites, questionnaires, applications, devices, ABBI product or brand pages on social media or by any other means.
Whether providing your personal data is mandatory or optional is indicated by an asterisk at the time of collection. If you do not wish to provide the information considered essential, you will not be able to access certain services or features of our website and our application.
Some of the data we request from you is essential for the following reasons:

• - The execution of the contract concluded with us (Ex: delivering goods purchased on our site to you);
• - The provision of the requested service (Ex: sending you a newsletter);
• - Compliance with legal obligations (Ex: Editing an invoice).

Situations of collection of your personal data and purposes
Below you will find detailed information on the different situations in which your personal data is collected and their purposes.

1. - Creation and management of an account

   Data Collected	Purposes
   Personal data may include: password;	the history of your diagnoses

   • First and last name ;

   • Sex;

   • Email address;

   • Postal address;

   • Phone number;

   • Photo ;

   • Date of birth or age range;

   • Username, Username and Password

   • Order information;

   • Manage your orders;

   • Manage the promotional operations in which you participate;

   • Respond to your requests for information;

   • Offer you a loyalty program;

   • Allow you to manage your preferences;

   • Send you commercial communications;

   • To offer you personalized services;

   • Monitor and improve our websites and applications;

   • Allow you to keep

2. - Subscription to newsletters

Data Collected	Purposes
Personal data may include: First and last name ; Email address;	Send you commercial communications Maintain a suppression list if you have requested not to be contacted;

3 - Purchasing and order management

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Postal address (delivery and billing); Phone number; Purchase history.	We use this data in order to: Contact you to finalize your unfinished order; Inform you of availability of a product; Process and track your order; Manage the payment of your order with our payment service providers; Manage any contact you have with us regarding your order; Protect transactions against fraud. Evaluate satisfaction; Manage any dispute related to a purchase; Carry out statistics.

4 – Use of the SKANMYSKIN application

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Phone number; Age Face photo	We use this data in order to: Analyze your skin characteristics and recommend appropriate products (including tailor-made treatments); Provide you with recommendations; Constantly improve our products, our software and advance research and innovation; Carry out statistics

5 - Requests for information

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Mailing address	We use this data in order to: Respond to your request; Monitor and prevent any adverse effects related to the use of our products; Carry out studies concerning the safety of use of our products ; Carry out and monitor corrective actions taken, if necessary Carry out statistics.

6 – Sponsorship

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Mailing address	We use this data in order to: Sending information about our products to one person at the request of another person. .

7 – Registration for a promotional operation (competition, sample request, survey, etc.)

Data Collected	Purposes
Personal data may include: First and last name ; Email address; Phone number; Date of birth ; Sex; Postal address;	We use this data in order to: Complete the tasks you have requested from us; Send you commercial communications; Carry out statistics;

Presentation or personal preferences;

We promise not to use your personal data for any purpose other than that intended. Furthermore, if at any time you wish us to stop using your information for the purposes detailed above, you may freely contact us under the conditions set out herein.

Legal basis

Depending on the purpose for which the data is used, the legal basis on which the processing of your data is based may be:

• -Your consent;
• -Our legitimate interest which may consist of:
  
  ° Improving our products and services,
  • °Fraud prevention,
  • °Securing our tools,

• The execution of a contract,

• Legal obligations when current legislation requires the processing of data.

Recipients of personal data

In accordance with the purposes for which the personal data was initially collected and/or for which you have expressly consented subsequently, information concerning you may be transmitted

1. -To ABBI Group companies and its subsidiaries in order to comply with our legal obligations, prevent fraud and/or secure our tools, improve our products and services , process and track orders, for commercial prospecting purposes.

Depending on the purposes for which your data was collected, and only if necessary, some of your personal data may be accessible to ABBI Group entities, and entities within its group to provide you with the requested services.

We may also share your personal data with scientists in ABBI 's Research & Innovation division for research and innovation purposes.

1. We only share your personal data for commercial prospecting purposes with your consent. In this context, your data is processed by the ABBI group entity, which acts as data controller, and is subject to its general terms and conditions and its personal data protection policy.
   We recommend that you carefully review their information before consenting to the sharing of your data with this third party. If permitted, we may compile statistics based on your characteristics and tailor our communications.

2- To trusted service providers.

2. We use trusted third parties to perform a range of business operations and tasks on our behalf. We only provide them with the information they need to perform the service and ask them not to use your personal data for any other purpose. We always make every effort to ensure that all these third parties we work with maintain the confidentiality and security of your data.

3. Here is a non-exhaustive list of services requiring processing of your personal data that we may request from our service providers:

   • To provide digital and e-commerce services, such as social media monitoring, loyalty programs, identity management, rating and review management, customer relationship management (CRM), web analytics, search engines and user-generated content creation tools;

   • To carry out advertising, marketing and commercial campaigns,

   • To analyze the effectiveness of these campaigns

   • To manage your contacts and questions;

   • To deliver a product;

   • To provide IT services, such as hosting services, maintenance services and technical support for our databases as well as for our applications which may contain data about you;

   • To verify your information where required to enter into a contract with you;

   • To help us with customer service

   • To improve our cosmetovigilance.

4. 3- For security or law enforcement purposes:

In certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Transfer of personal data outside the European Economic Area (EEA)

The personal data collected may be (occasionally) transferred to selected third parties, who may be located outside the European Economic Area (“EEA”) in connection with the services offered to you through our websites and mobile/internet applications. For example, this may occur if one of our servers is located in a country outside the EEA or if one of our service providers
services are located in a country outside the EEA.
Such a transfer may only be carried out by ABBI in full compliance with the legal and regulatory provisions in this area, and in particular the Data Protection Act of 6 January 1978 as amended and the applicable European regulations.
These third parties will not use your personal information for any purpose other than those we have agreed with them and which have been disclosed to you. ABBI requires these third parties to implement sufficient levels of protection to maintain the confidentiality and protection of your personal information.
We respect your personal information and will therefore take steps to ensure that your privacy rights continue to be protected if we transfer your information outside the EEA. In addition, if you use our services while located outside the EEA, your information may be transferred outside the EEA in order to provide those services to you.
Subject to the provisions of this Privacy Policy, we will not disclose any personally identifiable information without your permission, unless we are legally entitled or required to do so (for example, if we are required to do so by legal process or in the context of lawful requisitions or interceptions).
We want to assure you that we will not use your information for any of these purposes if you have indicated that you do not want us to use your information in this way when you submitted it to us, or subsequently.

Retention of your personal data

We retain your personal data only for as long as necessary to achieve the purpose for which we hold this data, to meet your needs or to fulfill our legal obligations.
To establish the retention period of your data, we apply the following criteria:

Case	Duration
A product chat	For the entire duration of our contractual relationship .
Participation in a promotional offer	For the entire duration of the offer promotional material concerned
Request for information	For the entire duration necessary for the processing your request
Account creation and management	Until you ask us to delete them or at the end of from a period of inactivity
Receiving our newsletter	Until you unsubscribe or until you ask us to delete them or at the end of from a period of inactivity

We may retain certain personal data in order to comply with our legal or regulatory obligations, and to enable us to exercise our rights (e.g., to file a claim in any court) or for statistical or historical purposes.
When we no longer need to use your personal data, we will erase it from our systems and files or anonymize it so that it can no longer identify you.

Specificity of cookies

A cookie is a small data file that a website, when visited by a user, asks your browser to store on your device in order to remember information about you, such as your language preferences or login information. These cookies are set by us and are called first-party cookies. We may also use third-party cookies, which come from a different domain than the one you are visiting, for our advertising and marketing efforts, as well as to understand your browsing.
More specifically, we use cookies and other trackers for the following purposes:

• -Assist navigation;
• -Support account creation and session opening;
• -Analyze the use of our products, services or applications;
• -Participate in our promotional and marketing efforts (including behavioral advertising)
• We regularly analyze cookies using our cookie analytics tool on this site to maintain an up-to-date list.
• We classify cookies into the following categories:
• Strictly necessary cookies Performance cookies Functionality cookies Advertising cookies
• You can choose to opt out of each category of cookies (except strictly necessary cookies) by clicking on the "Cookie Settings" button at the bottom of the page.

Safety measures

• We have implemented security measures to best protect your personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination, or unauthorized access to your data. These security measures are further strengthened when we process data considered sensitive. Since securing your data is a priority, we are committed to complying with security standards in accordance with regulations. We have strict management of access to your data. Thus, only staff whose duties involve the use of your data are authorized to consult the personal data you have entrusted to us. In the event that we have used a subcontractor to process personal data on our behalf, we ensure that the subcontractor provides sufficient guarantees regarding the implementation of appropriate technical and organizational security measures so that the processing meets the requirements of the GDPR and guarantees the protection of your rights.

Links to third-party sites

This site may occasionally contain links to websites owned by our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for these policies. We encourage you to read the terms of these policies before submitting any personal data to these websites.

Social networks

This site may allow users to upload their own content. We remind you that any content transmitted to one of the social networks we use may be accessible to the public. Therefore, we urge you to exercise caution when sharing certain personal data such as financial data or an address. We decline all responsibility for any actions taken by third parties in the event that you post personal data on one of our social networks, and we recommend that you do not share this information.

Your rights

In accordance with the current “Informatique et Libertés” law and European regulations concerning the protection of personal data, you have the following rights:

• -right of access,
• -right of rectification,
• -right to erasure,
• -right to portability,
• -right to object for legitimate reasons,
• -right to restriction of processing,
• -right to withdraw your consent where applicable,
• -right to define guidelines relating to the fate of your personal data in the event of death.

These requests can be made by email to contact@abbi.care or by post to the attention of:

ABBI SAS, accompanied by a copy of an identity document to the following address:

ABBI SAS

Personal Data:
8b Chemin de l'industrie. 69570 Dardilly

We undertake to respond to the request within a maximum of one month after receipt. If your right cannot be exercised, we will inform you of the reasons within a maximum of one month. In addition, any message sent to you includes an option (in particular by clicking on a hyperlink) to oppose the further processing of your data for commercial purposes. Finally, you are reminded that you have the right to file a complaint with a supervisory authority, in particular the CNIL.

( https://www.cnil.fr/fr/plaintes ).

Changes to this Personal Data Charter

We may periodically make changes to this Privacy Policy. If we make any material changes to this Privacy Policy and how we use your personal data, we will post those changes on this page and will endeavor to notify you of any material changes. We encourage you to review this Privacy Policy regularly.