Privacy Policy

The entity responsible for processing your personal data under the conditions described in this privacy policy is Duolab UK Limited, the registered office of which is at c/o L'Occitane UK Limited, Capital House, 25 Chapel Street, London NW1 5DY, United Kingdom (collectively referred to as "Duolab", "we", "us" or "our").

This privacy policy applies to the data that we collect when you use our website, www.duolab.com (our “Website”) and when you act as a Brand Ambassador on behalf of Duolab. This privacy policy describes the types of personal data that we collect from you and explains how we use, disclose, share and transfer the said data, as well as the choices available to you regarding our use of the said data. It also describes the measures that we take in order to protect the security of this data, and how you can contact us regarding our personal data protection practices. Please carefully read this privacy policy.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us by email at info@duolab.com or by post at Duolab UK Limited, c/o L'Occitane UK Limited, Capital House, 25 Chapel Street, London NW1 5DY, United Kingdom.

We ask you to regularly review this privacy policy in order to remain up-to-date with any modifications to this policy, notably any that relate to the collection and purposes for the processing of your personal data.

Collection of your personal data

Personal data, means any information about an individual from which that person can be identified or which relates to an identifiable person. It does not include data where the identity has been removed (anonymous data).

We use different methods to collect your personal data including:

  • Direct interactions: you may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. Including when you:
  • sign up to become a Brand Ambassador on behalf of Duolab;
  • create an account with us;
  • take a “selfie” photograph via our Website or in our retail stores or otherwise provide us with your photograph;
  • fill out a skin diagnosis questionnaire;
  • register and take part in our events;
  • register as a member and/or join our loyalty programme;
  • make a purchase online;
  • participate in a competition, draw, contest or promotional game;
  • participate in a survey; or
  • subscribe to our mailing list.
  • Information collected through your use of our Website: we will automatically collect information when you use our Website, please see the Cookies section below for more details.
  • Publicly available sources: we may collect your data from publicly available sources, including publicly available content on social media platforms.
  • Third parties: we work closely with other organisations who may provide us with your personal data, including:
  • Klarna, where you choose to pay with Klarna, in order to facilitate the processing of your orders and any returns if necessary;
  • analytics providers such as, Google Analytics, Firebase;
  • advertising networks such as Google Ads, Bing Advertising, Facebook Ads (which includes Facebook, Instagram and WhatsApp);
  • emailing platforms such as Klaviyo;
  • search information providers;
  • technical, payment and delivery services; and
  • data brokers or aggregators...

We may link and/or combine the personal data regarding you that we collect from the various devices that you use.

The types of personal data that we may collect include the following:

  • Registration data: your name, mailing address, e-mail address, mobile telephone number or other number;
  • Account data: your usernames, passwords and preferred language;
  • Profile data: your date of birth, gender, race, ethnic origin, information about your health or biometric data, your beauty profile (such as skin and hair types), photographs, videos and other comments that you provide;
  • Questionnaire data: data you provide when answering the skin diagnosis questionnaire.
  • Purchase data: your purchase and returns history;
  • Transaction data: payment card details, delivery address and invoicing address;
  • Customer service data: surveys and comments collected by the customer service department and data exchanged with our customer service team;
  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences;
  • Technical data: your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Sites;
  • Usage data: information about how you use our Sites, products and services and access our content;
  • Brand Ambassador data: where you act as a Brand Ambassador, in addition to some of the personal data listed above, we will process your signature and bank account details. We will track the sales made via your personalised affiliate link and the value of those sales and associated referral fees. We may also review content that you post on various online platforms;
  • Any other data that you may provide to us from time to time.

Aggregated Data

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Use of the Data we collect

We will only use your personal data when the law allows us to. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Why do we process your data?

How do we use your data for these purposes?

What are the legal bases for the processing?

To contact you with updates about the Duolab brand.

We use your personal data, including your e-mail address, in order to contact you with updates about the Duolab brand.

We obtain your consent before processing your data for this purpose. In some circumstances we may rely on legitimate interests (to provide you with updates about products that are the same or similar to those that you have previously enquired about).

To create, register and manage your account.

We use your personal data, including your e-mail address and username, in order to create, register and manage your account, for example by providing you with a password when you ask us for one, and by verifying your identity when necessary.

We use this data for this purpose in order to fulfil our legal obligations. We use this data in order to fulfil the contractual obligations existing between us and you.

To provide you with a skin diagnosis and recommend the best products for you based on this.

We use your personal data, including “selfie” photographs taken via our Website or otherwise and answers to your skin diagnosis questionnaire, in order to provide you with a skin diagnosis and recommend the best products and services suited to your needs. When you visit our retail stores and use our skin diagnosis tool, we may email you the results of the diagnosis to recommend you the most suitable products.

We use this data on the basis of your consent, where indicated. In our legitimate interests to provide you with a personalised recommendation of products.

To improve the efficiency of our artificial intelligence algorithm that recommends products to you.

We use your “selfie” photograph taken via our Website.

In our legitimate interests in order to improve our artificial intelligence algorithm.

To process orders, including payments, made via our Website or via Klarna.

We use data, including transaction data, registration data and purchase data in order to process purchases of goods or services from us.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.

To deliver your order to you and process any returns.

We use your personal data, including your transaction data and purchase data, to deliver your orders to you and process any returns you make.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.

To manage your customer opinions, comments, complaints and enquiries.

We use your personal data, including your e-mail address and username, to manage the opinions, comments, complaints and enquiries that you publish regarding our products.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you. If we do not have a contract with you, this processing is necessary so as to meet the legitimate interests of Duolab, namely better communicating with you and improving the quality of our products and services.

To communicate with you and answer any queries that you might have.

We use your personal data, including your contact details, in order to communicate with you and to respond to your queries.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.
If we do not have a contract with you, this processing is necessary so as to meet the legitimate interests of Duolab, namely our interest in communicating with you to resolve your queries.

To market, assess and improve our products and services (including developing new products and services, analysing our customer database, performing data analyses, accounting and auditing).

We combine personal data, such as data provided by our customer service team, to assess and improve the products and services that we offer to you.

This processing is necessary for the legitimate interests of Duolab in ensuring that we are able to continue to improve our products and services and provide high quality products and services.

To send promotional offers and other communications and information that we believe may be useful to you by means of e-mails, postal letters, telephone messages, SMS and push notifications.

We use personal data, including contact details, information on purchases and your beauty profile, in order to provide you with communications that may be of interest to you.

We obtain your consent before any processing of your data for these purposes. In some circumstances we may rely on legitimate interests (to provide you with updates about products that are the same or similar to those that you have previously enquired about).

To develop and carry out targeted marketing campaigns as well as behavioural advertising, including by means of displays on third party applications installed on your device.

We use personal data, including contact details, information on purchases and your beauty profile, in order to provide you with communications that may be of interest to you.

This processing is necessary for the legitimate interests of Duolab in ensuring that we provide you with relevant information about our products and services. In some circumstances, on the bases of your specific consent.

To manage your participation in promotions, competitions, special events (such as contests, games, random draws, offers, surveys and market studies) and your participation in our loyalty programme.

We use your personal data to manage your participation in various promotions or special events, as well as the loyalty programme.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you (when you accept the terms of the contests, games or random draws, and when you accept the conditions for using the loyalty programme). This processing is necessary for the legitimate interests of Duolab, namely in order to better prepare and carry out offers, surveys and market studies.

To document your preferences and habits regarding our products and services.

We use your personal data, including your interest in our products and your experience with them, in order to understand how you make the most of our products and services.

This processing is necessary for the legitimate interests of Duolab, namely to know our customers better and provide you with the best service.

To analyse surveys or statistics in order to improve our Sites and our services.

We use your personal data, including customer service data, surveys and comments from the customer service department and data exchanged with our customer service team, in order to improve our Sites and our services.

This processing is necessary for the legitimate interests of Duolab, namely to know our customers better and provide you with the best service.

To fulfil our obligations resulting from contracts or agreements existing between us and you.

We use your personal data so as to better meet your expectations, resulting from contracts or agreements existing between us and you.

We use this data for this purpose in order to fulfil the contractual obligations existing between us and you.

To ensure that the content of our Sites, our pages on social networks and our e-mail messages are presented in the most efficient possible manner for you, and to customise your experience by providing you with information and products that suit your needs.

We use personal data, notably related to your online activity, your browser and your operating system, to ensure that our Sites is properly displayed on your computer.

This processing is necessary for the legitimate interests of Duolab, namely providing you with access to our Sites while improving your experience when you visit. In some circumstances, on the bases of your specific consent.

To personalise our Sites and our advertising.

We compile data notably relative to the web pages that you view, in order to provide you with personalised advertising content.

This processing is necessary for the legitimate interests of Duolab, namely in order to make our Sites more attractive and relevant to you and to improve its content. In some circumstances, on the bases of your specific consent.

To manage our Sites, including for security purposes, and combat fraud.

We use personal data, including data collected by cookies, in order to update and enhance our Sites and to combat fraud over the internet.

This processing is necessary for the legitimate interests of Duolab, namely in managing, maintaining and improving our Sites such as to prevent fraud and combat any risk of fraud, while also ensuring the security of our Sites during your visits.

To conduct research and analysis of the efficiency of our marketing and advertising efforts.

We use personal data, including data that we may obtain from suppliers of external services, in order to understand the efficiency of our communication efforts.

This processing is necessary for the legitimate interests of Duolab, namely in analysing the efficiency of our communication efforts so as to provide you with a more pleasant user experience that better meets your expectations.

To analyse how and how often you visit our Website.

We use personal data, including data collected by cookies, to better understand how you use our Sites.

This processing is necessary for the legitimate interests of Duolab, namely to analyse your visits to our Sites to improve your experience during your future visits. In some circumstances, on the bases of your specific consent.

To target the advertising and messages that we send to you, via third party advertising networks, including search engines such as Google, and social media such as Facebook.

We use data from social networks and third party networks that notably relate to demographic means linked to areas of interest and context as well as your online activities, in an isolated or combined manner. After compiling this data with other information that we have provided to them, you will receive advertising messages suited to your interests.

This processing is necessary for the legitimate interests of Duolab, namely so as to know you better and to provide you with a more pleasant user experience that better meets your expectations. In some circumstances, on the bases of your specific consent.

 

Special Category Personal Data

Special Category Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.

We will process your Special Category Personal Data where we are legally able to do so. Most commonly this will be where you have given us your explicit consent or where it is needed in relation to legal claims.

Information that we share

We do not disclose the personal data that we collect regarding you, except in the following cases:

  • within the L’Occitane group worldwide, meaning with our subsidiaries and the company that ultimately controls us (“L’Occitane Group”);
  • with our payment provider where you have elected to make a payment via a payment provider, in order to provide you with your order and process any returns if necessary. We currently use Klarna (Klarna Bank AB (publ) registered with the Swedish companies register under the registration number 556737-0431 and with its main office located at Sveavägen 46, 111 34 Stockholm, Sweden);
  • with service providers that provide services in our name or partner with us on certain business activities, including providers that assist us to manage the relationships with our Brand Ambassadors and providers that help us with the maintenance and/or improvement of our Website, the management of our loyalty programme, as well as with the distribution, improvement and/or marketing of the products and services that we offer to you, including the entities that process orders and provide the web hosting, information storage, suppliers of e-mail services, marketing services including direct marketing, research and analysis services as well as tag management services such as Google Analytics and Adobe Analytics. For more information on these analysis services and regarding your rights, please visit the Sites: Google Analytics: click here and Adobe Analytics: click here;
  • with our professional advisers including lawyers, bankers, auditors and insurers;
  • we may pass your personal data to our marketing and other business partners and other carefully selected third parties who may wish to offer you other goods or services that we or they have identified as likely to be of interest to you with your consent. These third parties will only be allowed to use your personal data in accordance with our instructions or your marketing preferences (where applicable) and will be required to keep your information secure;
  • if we are required to do so by the law, or when bringing or defending a legal claim;
  • with the police authorities, representatives of the government or other parties in response to a legal decision, judicial procedure or writ of summons;
  • when we consider that this disclosure is necessary or appropriate in order to prevent physical damage or a financial loss or fraud possibly affecting you or us; to prevent or report illegal activity; to protect the property rights of any person, or the security of any person, including our own, or in application of our Terms and Conditions or of any other agreement between us;
  • as part of the sale or a merger of all or part of our company and its assets to a third party, or as part of a business reorganisation or restructuring (including dissolution or liquidation). If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy; and
  • when you provide your consent for this in another manner, or ask us to share your information with third parties.

We may share aggregated information that does not identify you and/or anonymous information, for our own commercial purposes or those of our partners, which notably includes the number of visitors to our Sites and the number of clicks on our advertising and/or e-mails.

Please note that the information that you provide to Klarna when you choose to use their service will be processed by Klarna in accordance with Klarna’s own privacy notice. We do not typically have access to this personal data. You should therefore make sure that you are comfortable with Klarna’s privacy notice before submitting details to them. See Klarna’s privacy policy at

 https://cdn.klarna.com/1.0/shared/content/legal/terms/Klarna/en_gb/privacy

 

International Transfers

Your personal data collected by us may be transferred, stored and processed in any country or territory in which one or more subsidiaries of our group or a service-providing third party, agent or business partner is located, including other countries of the European Economic Area (EEA), Switzerland and the United States for the aforesaid purposes. Your personal data may also be processed by personnel members outside of the EEA.

When we transfer your information to a country outside of the EEA, we take one of the following measures in order to ensure the security of your personal data:

  • ensuring an adequacy decision has been made by the European Commission in respect of the country to which we are transferring your personal data;
  • for transfers of personal data to the United States, only transferring to organisations certified under the EU-US Privacy Shield self-certification mechanism; or
  • we have put in place Standard Contractual Clauses approved by the European Commission which give personal data the same protection it has in Europe.

Information Retention Period

Unless indicated otherwise, we will store your personal data for the time strictly needed in order to carry out the aforementioned purposes, in accordance with the applicable law. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some cases, we are required to retain data in order to fulfil our legal and administrative obligations. When we have no further need of the information, it is deleted from our systems or anonymised.

Social Media

Please note that any content posted on our social platforms can be seen by the public. You should therefore be vigilant with regard to posting certain personal data on these platforms, such as any financial data, your address or any health problems. We cannot be held liable for actions taken by other persons if you post personal data on one of our social network platforms.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

  • Request access to your personal data.
  • Request any incomplete or inaccurate personal data that we hold about you to be completed or corrected.
  • Request erasure of your personal data, where certain grounds have been established.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) providing that we do not have a compelling legitimate ground to continue to process it for that purpose.
  • Object to processing where we are processing your personal data for direct marketing purposes.
  • Request restriction of processing of your personal data, under certain conditions.
  • Request the transfer of your personal data to you or to a third party, in certain circumstances.

You can exercise these rights by contacting us by e-mail or by postal letter at the addresses shown in the “Contact us” section below.

Updating your account details and marketing preferences

You can correct, update and delete the information in your online account as well as change your marketing preferences at any time, by signing in to your account and looking under “My Account”, or by contacting us using the details shown in the “Contact us” section below.

You can also change your marketing preferences and withdraw your consent for receiving direct marketing communications from us, at any time, by following the “Unsubscribe” link or the withdrawal instructions provided in our communications.

It can take a few days to process your unsubscribe request, and it is possible that you may continue receiving promotional or marketing e-mails or postal letters during this time. Please note, if you unsubscribe from receiving direct marketing messages this does not prevent us from providing you with other types of non-promotional messages, such as e-mail confirmations of transactions..

Links to Third Party sites and Services

Our Sites may provide links to other sites, applications and services other than the ones provided by Duolab, and that may be operated by third party companies. Please note that we are not responsible for the processing of your personal data by these third party sites, even if we provide a link to these sites. These companies may have their own personal data protection policies, and we strongly recommend that you read and examine them. Our products and services can also be offered to you through third party platforms or other third party channels. We decline any liability regarding the personal data protection practices of the sites, applications or services that are not provided by Duolab.

Security and protecting your Personal Data

We undertake to implement appropriate technical and organisational measures in order to protect your personal data against accidental or involuntary destruction, accidental loss, alteration, or any unauthorised disclosure, access or usage.

All transactions made on our Website are protected by Secure Sockets Layer (SSL) and Secure Data Encryption using a 1024-bit process to encode all personal data. This sophisticated encryption process ensures that prying eyes are unable to decode your personal data when it travels from your computer to ours, and from our computer to the bank's. Also, all credit card payments are processed in real-time for your security and immediate peace of mind.

You can tell whether your browser is in secure mode by looking for the padlock icon in the bottom corner of your screen or at the end of the address bar of your browser window.

Our Website uses security measures which protect any personal data that is stored on our servers and systems from unauthorised access or use.

However, as no data transmissions over the internet can be guaranteed to be 100% secure, we cannot take responsibility for any unauthorised access or loss of personal data that is beyond our reasonable control.

Contact us

If you would like for us to update the information that we have regarding you or your preferences, notably if you wish to be removed from our distribution lists, to withdraw your consent, to object to the processing of your data, or if you have questions regarding the protection of your personal data, please contact us by email at info@duolab.com or send a letter to the following address:

Duolab UK Limited

c/o L'Occitane UK Limited

Capital House, 25 Chapel Street

London NW1 5DY

United Kingdom

Cookies Policy

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

Strictly Necessary Cookies

These cookies are essential to make our platform work. They enable you to move around the platform and use its features. Without these cookies, services that are necessary for you to be able to use our platform such as accessing secure areas cannot be provided.

Name & Type

Purpose

Duration

refreshToken

Cookie used by Duolab to keep the user authenticated.

1 year

 

Functionality Cookies

These cookies allow us to remember choices you make and tailor our platform to provide enhanced features and content to you. For example, these cookies can be used to remember your user name, language choice or country selection, they can also be used to remember changes you've made to text size, font and other parts of pages that you can customise.

Name & Type

Purpose

Duration

shopCheckoutID

Cookie used to save the content of a user cart.

1 year

p

Cookie used to save the referral link sent to a user.

6 months

 

Analytical cookies

These allow us to see how our site is working, if there are any problems loading certain pages, recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Name & Type

Purpose

Duration

_ga

Cookie used by Google Analytics to distinguish users.

2 years

_gid

Cookie used by Google Analytics to distinguish users.

24 hours

_gat

Cookie used by Google Analytics to throttle request rate.

1 minute

 

Marketing cookies

These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can control the cookies set by changing your preferences when you visit our website. Cookies can also be controlled by your web browser settings. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies you may not be able to access all or parts of our website.

Name & Type

Purpose

Duration

__kla_id

Cookie used by Klaviyo to track when a user clicks through a Klaviyo email to duolab.com

2 years

KL_FORMS_MODAL

Tracks when someone subscribes (opts in) to a form.

1 year

_gcl_au

Cookie used by Google AdSense to track ad performance through clickss.

3 months