Privacy Policy

PRIVACY POLICY

Introduction

We value your privacy and are committed to protecting your personal data. When you visit our website www.gisou.com and/or its subdomains e.g. us.gisou.com (hereinafter: “Site”), when you make a purchase in our webshop or sign up for our newsletter, NM Beauty Industries B.V. (“NM Beauty” or “we”) processes personal data. We also process personal data when you apply for a job at NM Beauty. Furthermore, we process personal data of our suppliers. The term 'personal data' includes all information about an identified or identifiable natural person. In the processing of personal data, NM Beauty qualifies as the controller in the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This Privacy Policy aims to inform you how NM Beauty collects and processes your personal data and to provide you with information on your legal rights under the GDPR.

We point out that we do not intend to collect personal data from persons younger than 16 years old, unless they have permission from parents or guardians. As we cannot verify if a person is older than 16 years old, we strongly advise parents to be involved in their children’s online activities.

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide the requested data, we may not be able to perform the agreement we have or are trying to enter in with you (e.g. to provide you products you would like to order). If this is the case, we may need to cancel the order you placed with us, but we will notify you beforehand.

It is important to read this Privacy Policy together with our Terms of Use and Terms and Conditions. We recommend that you read this Privacy Policy, the Terms of Use and the Terms and Conditions carefully.

Table of Contents

  • About us
  • Personal data we collect and purposes for which these data are collected
  • Legal grounds for processing
  • To whom do we provide your personal data?
  • How long do we store your personal data?
  • Security of your personal data
  • Your privacy rights
  • How can you file a privacy complaint?
  • Changes to this Privacy Policy

About us

NM Beauty Industries B.V. is a private company (‘besloten vennootschap’) established under Dutch law, based in Amsterdam (The Netherlands) and registered with the Chamber of Commerce under file number 63969769, trading under the trade name “Gisou”.

If you have any questions regarding our Privacy Policy, on how your personal data are handled, or wish to exercise your privacy rights, please direct your inquiry to info@gisou.com or contact us using the address below.

NM Beauty Industries B.V

Nieuwe Spiegelstraat 10

1017 DE Amsterdam

The Netherlands

Please note that this Privacy Policy is not applicable to third-party websites connected to this Site through links or applications. Clicking on such links may allow third parties to collect or share data about you. We cannot guarantee that these third parties will handle your personal data in a secure and careful manner, as we do not control these websites and are not responsible for their privacy policies. We therefore recommend you read these websites’ privacy policies before clicking on any links or making use of the websites accessed by such links.

Personal data we collect and purposes for which these data are collected

Customers and potential customers

We may process the following (categories of) personal data of (contact persons of) our (potential) customers if and when necessary for our order administration:

  • Name and address details (name, first names, initials, title, gender, address, postal code and place of residence and country of residence);
  • Date of birth;
  • E-mail address;
  • Payment details;
  • Order details including order history.

We process these data for the following purposes:

  • If applicable: to register you as a new client;
  • To inform and contact you about your order, our products, ordering methods, payments and applicable conditions;
  • Delivery of ordered goods;
  • Purchase any product or service from us;
  • Book an appointment with our Beauty Advisors (Virtual Consultations);
  • Engage with us via our Website, telephone, cell phone, live chat or video chat; 
  • Dispute resolution including debt collection;
  • To comply with our legal and regulatory obligations.

We may process the following (categories of) personal data of (contact persons of) our (potential) customers if and when necessary for our service administration:

  • Name and address details (name, first names, initials, title, gender, address, postal code and place of residence and country of residence);
  • Telephone number;
  • Date of birth;
  • E-mail address;
  • Order details;
  • Payment details;
  • Service and appointment requests;
  • Other personal data that may be processed in the context of handling the service request, such as order history.

We process these data for the following purposes:

  • Responding to questions;
  • Providing service;
  • Logging data for insight and improvement;
  • Creating replacement orders;
  • Dispute resolution;
  • To comply with our legal and regulatory obligations.

We may process the following (categories of) personal data of (contact persons of) our (potential) customers in our client marketing database:

  • Name and address details (name, first names, initials, title, gender, address, postal code and place of residence and country of residence);
  • E-mail address;
  • Telephone number;
  • Date of birth;
  • Transactional data such as order history;
  • For direct marketing messages: e-mail address, IP-adres, open ratio and time of opening, click ratio including time stamp regarding visited URLs in the message.

We process these data for the following purposes:

  • Provision of information about us and our products, including updates on changes to our Terms and Conditions, Terms of Use and our Privacy Policy;
  • Direct marketing about our products and/or services, including promotions, contests, prize draws and events connected therewith;
  • Complete the transactions you request, perform our contractual obligations, and send you related information, including confirmations and receipts;
  • Engage with you via live chat, video chat or via our Website;
  • To analyse whether our messages are opened and to establish which parts of our messages are the most interesting for our newsletter subscribers;
  • Research and development;
  • Dispute resolution;
  • To comply with our legal and regulatory obligations.

Newsletter subscribers and Custom Audiences

We have a newsletter to inform those interested in our products and/or services, contests, prize draws and other events. The newsletter is event-based, meaning that it will be sent when certain events occur (such as a new product being launched). Your email address will be added to the list of subscribers only with your explicit consent. The newsletter is aimed at driving engagement and may include information about new products, promotions and events. We can measure when and to what extent newsletters are opened and on which links in the newsletter you click. Each newsletter contains a link through which it is possible to unsubscribe from our newsletter.

When you sign up to our newsletter, we process the following personal data:

  • Your e-mail address;
  • IP-adres;
  • Open ratio and time of opening;
  • Click ratio including time stamp regarding visited URLs in our newsletters.

We process these data for the following purposes:

  • To send you our newsletter;
  • To analyse whether our newsletter is opened and to establish which parts of our newsletter are the most interesting for our newsletter subscribers;
  • Dispute resolution;
  • To comply with our legal and regulatory obligations.

To find you on social media, we use Custom Audience targeting from Google Ads Customer Match and Facebook Custom Audiences.  To do this, we upload certain information, such as a cookie ID, which is converted into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to enable us to target our advertising campaigns at specific users. If you do not want to be part of a Custom Audience tool, you can indicate this at any time by contacting us via info@gisou.com. You can also control the ads you see on Google services, including Customer Match ads in your Google Ads settings. More information about changing your Facebook ad preferences can be found here.

Site users

When you visit our Site, we analyse your use of our Site via the use of cookies and similar technologies. You can set your browser to (partly) disable or refuse cookies. Please read our Cookie Policy for more information about the use of cookies.

We may process the following (categories of) personal data of all our Site users (whether you make a purchase or not):

  • Information on how you use and interact with our websites as well as on the amount of time that you spend on it;
  • Basic information that relates to the request that is made from your browser when you visit the webs. These data may include information such as your last visit date and time, the duration of your visit, the timestamp of the browser request, your IP address and basic HTTP header information (like referral URL and user agent), information about the website you have previously visited as well as demographic information including your location.

We process these data for the following purposes:

  • Analyzing and improving the use of the website, including optimizing the operation and your experience of the website
  • Marketing purposes (advertising)
  • Dispute resolution
  • To comply with our legal and regulatory obligations

Beauty Advisors (Virtual Beauty Consultations) 

You can make an online appointment to get advice from our Beauty Advisors. In order to offer this service, we process the following personal data:

  • Your first and last name;
  • Your e-mail address;
  • Audio recordings of your online appointment.

We process this data for the following purposes:

  • To offer this service;
  • Our legitimate interest to use the audio recordings for training purposes in order to improve the quality of the provided advice;
  • Dispute resolution;
  • To comply with our legal and regulatory obligations.

Please note that the audio recordings will be deleted within two weeks after your online appointment. You can object to the audio recording of your beauty advice session at the start of your online appointment. 

Suppliers

We may process the following (categories of) personal data of persons from whom we purchase products or services or who work at our suppliers if and when necessary in our supplier administration 

  • Name and address details (name, first names, initials, title, gender, address, postal code and place of residence and country of residence);
  • Other contact data (telephone number, e-mail address and similar data required for communication);
  • Information about your company such as company name, business address, zip code, business e-mail address and telephone number;
  • In some cases, depending on the type of service provision: a certificate of good conduct and data relating to an identity document;
  • Data in view of making orders or purchasing services;
  • Data for calculating and recording fees and expenses and making payments, including bank account numbers;
  • Other data, the processing of which is required or necessary to comply with applicable legislation.

We process these data for the following purposes:

  • Placing orders and purchasing services;
  • Calculating and recording income and expenses and making payments;
  • The collection of receivables, including placing those receivables in the hands of third parties and other internal management activities;
  • Arranging the transport of goods and services to be delivered to the parties involved;
  • Maintaining contact between us and customers or suppliers;
  • Dispute resolution and audits;
  • Cooperating in the levy or collection of taxes;
  • To comply with our legal and regulatory obligations.

Job applicants

If you apply for a job at NM Beauty, we may process the following (categories of) personal data if and when necessary in dealing with your job application:

  • Name, first names, initials, title, gender, address, zip code, city;
  • Telephone number, e-mail address and similar information required for communication;
  • Date of birth, place of birth, nationality;
  • Content of your CV, educational attainment, employment history, references and availability;
  • Your reasons for applying;
  • information regarding the position to which you have applied;
  • Bank account number (for expense allowance only).

We process these data for the following purposes:

  • The assessment of the suitability of the person concerned for a position that is or may be vacant (recruitment and selection), including dealing with related questions and complaints;
  • Dealing with any expenses incurred;
  • Internal checks and business security service;
  • To comply with our legal and regulatory obligations.

Legal grounds for processing

We process your personal data on the basis of one or more of the following legal grounds: 

  1. When this is necessary for the performance of an agreement to which you are a party or for the performance of pre-contractual acts at your request, e.g. we need to process your information to be able to handle your order;
  2. When this is necessary to comply with a legal obligation;
  3. When this is necessary to promote our legitimate interests or the interests of a third party, e.g. to manage our relationship with you;
  4. With your consent, e.g. when you sign up to our newsletter.

If we process your personal data on the basis of your consent, we will request this separately from you. You may withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

If you have specific questions about the legal grounds on which certain personal data are being processed, we are happy to provide you with additional information and you can always contact us via info@gisou.com.

To whom do we provide your personal data?

We do not disclose your information to third parties (‘recipients' within the meaning of privacy legislation), unless necessary for the proper performance of the purposes described in this Privacy Policy. For example: to fulfil your order, we need to share your data with payment providers and transportation companies. We may share personal data with our service providers, such as hosting providers, e-mail services and (other) software suppliers, payment service providers, transportation companies, lawyers etc. Furthermore, we may share your data when necessary to and defend the rights or property of NM Beauty and when necessary to protect the personal safety, property or other rights of the public, NM Beauty or its customers or employees.

The third parties to whom the personal data is made available are obliged to treat your personal data confidentially. If these parties are regarded as 'processors' within the meaning of the privacy legislation, we will ensure that a data processing agreement is concluded with these parties that meets the requirements set out in the GDPR.

Your personal data may be included in an acquisition of NM Beauty, in whole or in part; a sale of some or all of NM Beauty; a merger or merger involvement; during a bankruptcy; dissolution or other transition of our business. This means that your personal data may be transferred to a new owner or successor entity to ensure that our services can be continued.

In order to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside the European Economic Area that offers a lower level of protection of personal data than that provided by European legislation. In that case NM Beauty will ensure that such a transfer of personal data is in accordance with applicable legislation, for example by concluding a model contract drawn up and approved for that purpose by the European Commission and we will assess whether any additional measures are necessary to guarantee an appropriate level of protection of your personal data. Please do not hesitate to reach out to us if you wish to receive more information about the appropriate or suitable safeguards in place for data transfers outside of the European Economic Area or if you would like to obtain a copy of them.

How long do we store your personal data?

We will not retain your personal data in an identifiable form for any longer than is necessary for the purposes set out in this Privacy Policy.

The personal data in our order administration will in principle be deleted at the latest two years after the order in question has been processed. The personal data used for website analysis are stored for a maximum of 24 months. The personal data in our service administration and client marketing database are retained for five years after closure of the client file. The e-mail address used for newsletter subscriptions is removed from our mailing list as soon as you choose to unsubscribe.

The personal data of suppliers will in principle be deleted at the latest two years after the order in question has been processed.

The personal data you provide to us for your job application will be retained for up to four weeks after the end of the application procedure. You can choose to provide us with your consent to retain your personal data for one year after the end of the application procedure. This enables us to reach out to you if job opportunities which may be of interest to you, become available. The personal data that you have provided in the context of your application will become part of your personnel file when you start working for NM Beauty.

In addition to the abovementioned retention periods, we may need to retain certain personal data in order to comply with statutory retention obligations, such as the retention of certain accounting data for 7 years from the end of the year in which the relevant data has lost their current importance for (tax) business operations in connection with our tax retention obligation arising from article 52 of the Dutch State Taxes Act.

The specific retention periods referred to above may become longer or legal retention periods may become applicable to which we need to comply. We may also retain personal data for a longer period of time if necessary for our legitimate interests, such as when necessary for settling legal disputes.

Security of your personal data

We have security measures in place to reduce the likelihood of misuse, loss and unwanted disclosure of, and unauthorized access to, personal data. Our employees and business partners are bound by confidentiality and are bound by instructions aimed at the adequate protection of your personal data.

We have procedures in place to deal with personal data breaches and will notify you and the applicable regulator of such breach where we are legally required to do so. If you have any questions about the security of your personal data, or if you suspect or have any indications of misuse, please contact us at info@gisou.com.

Your privacy rights

You have the following rights with regard to the processing of your personal data by us:

  • the right to request whether we process your personal data and, if this is the case, to inspect your personal data;
  • the right to rectification of your personal data if they are incorrect or incomplete;
  • the right to have your personal data deleted ('right to be forgotten');
  • the right to object to the processing of your personal data or to limit the processing of your personal data;
  • the right to withdraw consent for the processing of your personal data at any time, if the processing is based on your consent;
  • the right to receipt or transfer of your personal data by or to a third party designated by you in a structured, customary and machine-readable form ('right to data portability').

If you wish to exercise any of the rights above, please contact us via info@gisou.com or via the address mentioned in the ‘About us’ section.

Please be aware that in order to prevent fraud and misuse, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request. If you wish to inspect personal data linked to a cookie, please make sure to include a copy of the relevant cookie. You will find the cookie in your browser settings.

Within a month after receipt of your request, we will inform you whether we can comply with your request. This period may be extended by two months in specific cases, for example when a complex request is made. We will inform you of such an extension within one month of receipt of your request. Based on privacy legislation we can refuse your request under certain circumstances. If we do so, we will explain the reasons for the refusal. If you object to the processing of your personal data for direct marketing purposes, we will always respect this request. 

How can you file a privacy complaint?

If you have a complaint about the processing of your personal data by us, we will do our utmost best to resolve it with you. You have the right to lodge a complaint with the competent supervisory authority at any time. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). If you live or work in another country of the European Union, you can file a complaint with the competent supervisory authority in that country.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy and will always post the most recent version of this Privacy Policy on our website. If substantial changes are made that could significantly affect one or more data subjects we will strive to inform the relevant data subjects directly.

This Privacy Policy was last amended on April 5th 2022.