In the framework of the processing of your personal information through the Service, Roc is acting as the data controller according to the General Data Protection Regulation n°2016-679 (the “GDPR”).
For our EU websites, our representative is: Delphic HSE (Europe) B.V. Limited, The Base B, Evert van de Beekstraat 104, Schipol, 1118CN, Netherlands.
For our UK websites, our representative is: Delphic HSE Solutions Ltd., Building B, Watchmoor Park, Camberley, Surrey GU15 3YL, United Kingdom.
USE BY MINORS
The Service is not directed to individuals under the age of 18, 15 for French residents, and we request that these individuals not provide personal information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained below under CONTACTING US.
We may ask you to submit personal information in order for you, to benefit from certain features (such as newsletter subscriptions, tips/pointers,), to use the Service, to post a comment or reviews on our products, to contact us, or to participate in a particular activity (such as sweepstakes or other promotions).
In that framework, in addition to the information collected via the Cookies as detailed below under the section COOKIES – AUTOMATIC INFORMATION COLLECTION, the following data may notably be collected depending on the purpose: name, first name, email address, country, age, and, as the case may be, in the framework of our cosmetovigilance legal obligation, information concerning your health, which are collected by our third party partners as detailed below in section “Processors- Service Providers”.
The information collected (notably your name and email address) is necessary, depending on the intended purpose, to require and/ or receive some information from us or, as the case may be, to send us some information regarding your use of our products, notably in the framework of our cosmetovigilance obligation. The information will be used by us according to the conditions set forth below under the section HOW WE USE AND DISCLOSE INFORMATION below.
You will be informed what information is required and what information is optional: the mandatory information shall be accompanied by a distinguishing sign such as an asterisk (*).
We may combine the information you submit with other information we have collected from you, whether on or offline, including, for example, your purchase history. We may also combine it with information we receive about you from other sources, such as our affiliates, publicly available information sources (including information from your publicly available social media profiles), and other third-party information providers.
Unless we specifically request or invite it, we ask that you not send us, and you not disclose, any sensitive personal information (e.g., Social Security numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual) on or through the Service or otherwise to us.
In any case, and notably for information provided in the framework of complaints, claims and more generally any issues regarding our products, we invite you to disclose solely necessary and strictly relevant information concerning your health.
AUTOMATIC INFORMATION COLLECTION AND USE – COOKIES - PROFILING
We and our service providers may automatically collect and use information in the following ways as you navigate around the Service:
- Through your browser : Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly.
- You can refuse to accept the cookies used on the Service by following your browser's instructions or by clicking on the disabling links on the cookies list chart below; however, if you do not accept them, you may experience some inconvenience in your use of the Service. You may also not receive advertising or other offers from us that are relevant to your interests and needs. To learn more about cookies, please visit http://www.allaboutcookies.org .
- Using Flash cookies : Our use of Adobe Flash technology (including Flash Local Stored Objects ("Flash LSOs")) allows us to, among other things, serve you with more tailored information, facilitate your ongoing access to and use of the Service, and collect and store information about your use of the Service. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel . You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions or by clicking on the disabling links on the cookies list chart below. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
- Using pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Service pages and HTML formatted e mail messages to, among other things, track the actions of users and e mail recipients, measure the success of our marketing campaigns, and compile statistics about Service usage.
- IP address : Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address.
- Device Information : We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service.
We also use profiling techniques for marketing purposes to customize and tailor our product and service offerings to your needs and establish marketing profile templates.
You may object at any time to the processing of your personal data for marketing purposes under the conditions set out below in Section CHOICES – CONTROL AND ACCESS.
Cookies complete list and disabling links
Further information about the types of cookies that are used on the Service is set out below with their corresponding disabling links. The cookie categories are based on the category definitions contained in the International Chamber of Commerce UK Cookie guide.
|_ab||Used in connection with access to admin.||Shopify|
|_secure_session_id||Used in connection with navigation through a storefront.||Shopify|
|Cart||Used in connection with shopping cart.||Shopify|
|cart_sig||Used in connection with checkout.||Shopify|
|cart_ts||Used in connection with checkout.||Shopify|
|cart_ver||Used in connection with shopping cart.||Shopify|
|checkout_token||Used in connection with checkout.||Shopify|
|Secret||Used in connection with checkout.||Shopify|
|Secure_customer_sig||Used in connection with customer login.||Shopify|
|storefront_digest||Used in connection with customer login.||Shopify|
|_shopify_u||Used to facilitate updating customer account information.||Shopify|
|_landing_page||Track landing pages.||Shopify|
|_orig_referrer||Track landing pages.||Shopify|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.||Shopify|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.||Shopify|
|tracked_start_checkout||Shopify analytics relating to checkout.||Shopify|
|visited||Welcome message popup||RoC|
|signupFooter||If footer sign up form submitted|
|quiz||If user completed regimen section|
HOW WE USE AND DISCLOSE INFORMATION
Legal basis of the processing
We use and disclose information you provide to us as described to you at the point of collection and on the following legal basis. Please see the section entitled "Choices and Access," below, to learn notably how you may opt out of certain of our uses and disclosures.
Where required by applicable law, we will obtain your consent to our use of your personal information at the point of information collection.
We may also use information from or about you as necessary to perform a contract as the case may be, to comply with a legal obligation (for example, due to our pharmacovigilance obligations), or for our legitimate business interests.
We may also rely on other legal bases, specifically for:
- Providing the functionality of the Service and fulfilling your requests.
- to provide the functionality of the Service to you and providing you with related customer service;
- to respond to your inquiries and fulfill your requests, such as to send you documents you request or e mail alerts;
- to send you important information regarding our relationship with you or regarding the Service, changes to our terms, conditions, and policies and/or other administrative information.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
- Accomplishing our legitimate business purposes.
- for data analysis, for example, to improve the efficiency of the Service;
- for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements;
- for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- for developing new products and services;
- for enhancing, improving or modifying our website or products and services;
- for identifying Service usage trends, for example, understanding which parts of our Service are of most interest to users; and
- for determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users.
We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
- Analysis of Personal Information to provide personalized services.
- to better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests;
- to better understand your preferences so that we can deliver content via the Service that we believe will be relevant and interesting to you.
We will provide personalized services either with your consent or because we have a legitimate interest.
Disclosure to third parties
We also disclose information collected through the Service:
- to our third party partners with whom we offer a co-branded or co marketed promotion as listed below;
- to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, e mail and direct mail delivery services, auditing, and other services, in order to enable them to provide services; and
- as permitted by applicable law, to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
In addition, we may use and disclose your information as we believe to be necessary or appropriate: (a) to comply with legal process or applicable law, which may include laws outside your country of residence; (b) as permitted by applicable law to respond to requests from public and government authorities, which may include authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others. We may also use and disclose your information in other ways, after obtaining your consent to do so.
We may use and disclose information we collect automatically as described above, under "Automatic Information Collection and Use." In addition, where allowed by applicable law, we may use and disclose information that is not in personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.
CHOICES, CONTROL AND ACCESS
How you can opt-out of commercial prospection
We give you choices regarding our use and disclosure of your personal information for marketing purposes for which you previously agreed. You may opt out at any time from:
- Receiving marketing communications from us : If you previously opted in to receiving marketing communications from us and if you no longer want to receive them on a going forward basis, you may opt out of receiving them by using one of the following means. You may opt-out by contacting us as described in the CONTACTING US section. In your request to us, please provide your name, identify the form(s) of marketing communications that you no longer wish to receive, and include the address(es) to which it/they are sent. For example, if you no longer wish to receive marketing e mails or direct mail from us, tell us that, and provide your name and e mail or postal address. If available, you may also opt out of receiving marketing communications from us by visiting the Service to update your online profile. In addition, you may opt out of receiving marketing e mails from us by following the unsubscribe instructions provided in any such message.
- Our sharing of your personal information with affiliates and third party partners : If you previously opted in to receiving marketing communications from our affiliates or third party partners, you may opt out of our sharing of your personal information with those parties for their direct marketing purposes on a going forward basis either by contacting us as described in the CONTACTING US section or by contacting directly the relevant third party partner. In your communication to us, please state that we should no longer share your personal information with our affiliates and/or third party partners for their marketing purposes, and include your name and e mail address.
We will seek to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out as described above, we will not be able to remove your personal information from the databases of our affiliates with which we have already shared your information (i.e., as of the date that we implement your opt out request). Please also note that if you opt out of receiving marketing related messages from us, we may still send you important transactional and administrative messages related to potential contracts, from which you cannot opt out.
How you can access, change, or delete your personal information
According to the applicable legislation, you have the right to access, review, correct, update, restrict, or delete your personal information free of charge.
If you are a EU and/ or French resident, you may have additional rights as detailed in section YOUR PRIVACY RIGHTS AND INTERNATIONAL PRIVACY PRACTICES below.
If we refuse your request, we will inform you about the reasons of such refusal and of the possibility of lodging a complaint with a supervisory authority (CNIL) and a legal appeal
The Company is committed to the free exercise of these rights without fear for the User of being denied the opportunity to use the Service.
In any case, the exercise of any of the above-mentioned rights will not have any retroactive effect and will not affect RoC’s ability to continue processing data in lawful ways (for example, if such user opts out of the use of such user’s e-mail for direct marketing, RoC might still decide to contact such user by e-mail regarding potential fraud on such user’s account).
The rights and options described above are subject to limitations and exceptions under applicable law, including, without limitation, the GDPR. In situations in which RoC processes personal data on behalf of a user, RoC may refer the request to the relevant user and cooperate with their handling of the request, subject to any special contractual arrangement with that user.
Your personal information may be stored and processed in any country where we have facilities or service providers, notably the United States of America where we are located.
By using our Service or by providing consent to us (where required by law), your information may be transferred to countries outside of your country of residence which may provide for different data protection rules than in your country. In such events, appropriate contractual and other measures, including notably standard contractual clauses adopted by the Commission or binding corporate rules, are in place to protect personal information when it is transferred to our affiliates or third parties in other countries.
We use reasonable organizational, technical, and administrative measures designed to protect personal information under our control in compliance with the applicable laws and regulations. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us in accordance with the "CONTACTING US" section below .
We will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
THIRD PARTY SITES AND SERVICES
YOUR PRIVACY RIGHTS AND INTERNATIONAL PRIVACY PRACTICES
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy.
If you are a Canada resident, Canadian law may provide you with additional rights regarding our use of your personal information. To learn more about your Canada privacy rights, visit https://www.priv.gc.ca/en/.
If you are a resident of the European Union/European Economic Area (the “EU”), the General Data Protection Regulation 2016/679 and EU Directive 95/46/EC (collectively, the “GDPR”) may provide you with additional rights regarding our use of your personal information. To learn more about your GDPR privacy rights, visit https://eugdpr.org/the-regulation/ .
Additional rights for EU Users
In addition to the above-mentioned rights under section CHOICE, ACCESS and CONTROL, the EU Users have further legal rights regarding their personal information as follows:
- the right to oppose at any time to the processing of your data, free of charge, except for the costs necessary to communicate your decision;
- to right to access to your data in a portable form, i.e to ask to receive your personal data provided to us in a structured format that is commonly used and machine-readable. You will thus be able to store them or easily transmit them from one information system to another, notably in order to reuse them for personal purposes;
- the right to lodge a complaint with the competent supervisory authority of your habitual residence (the CNIL for French residents), place of work or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law. However, RoC encourages any such user to contact RoC first in accordance with the "CONTACTING US" section below, and RoC will do its very best to promptly address such user’s issue(s) and resolve the concern(s).
- the right to define guidelines on the fate of your personal data after your death.
For the conditions concerning the exercise of these rights, please refer to the section CHOICE, ACCESS and CONTROL above.
Processors - Service Providers
Below is a list of our service providers with whom we may share user information and the services they generally provide.
Purpose of Data Sharing
Consumer care service
Responsible Person service
consumer-generated content solution
Data science; user and product research
Data science; user and product research
Data science; user and product research
Data science; user and product research
Third Party Partners
Below is a list of third-party partners with whom we may share user information and the services they generally provide.
Ithos - Cosmovigilence and Responsible Party Agent
On the Site, via the CONTACT US section, if available
or please write to one of the following address:
- Roc Opco LLC, 261 Madison Avenue, 16th Floor, New York, NY 10016
- Or to our representative address: Delphic HSE (Europe) B.V. Limited, The Base B, Evert van de Beekstraat 104, Schipol, 1118CN, Netherlands.
© RoC Opco LLC