Privacy Policy



1. Preamble

1.1. This Privacy Policy is an integral part of the General Terms and Conditions, therefore the definitions used in the latter are also used in this Privacy Policy.

1.2. The purpose of this Privacy Policy is to inform Customers about the way their Personal Data is collected from the Website, how it is processed by the Data Controller, and finally the rights Customers have in relation to such processing, as defined below.

2. Definitions

2.1. The following terms, whether used in the singular or plural in this Privacy Policy, shall have the following meanings:

Intermediate Archiving: means the transfer of Personal Data that is still administrative interest to the Data Controller (e.g. in the event of litigation and/or in the case of legal obligation) to a specific logically or physically seperated database, with resrticted access in all cases. This archive is an intermediate step before the deletion of the Personal Data concerned or its anonymisation;

GTC: means the General Terms and Conditions;

Privacy Policy: means the privacy and protection policy for Customer Personal Data implemented by the Data Controller;

Customer: means a natural person of at least 15 years of age browsing the Website, whose Personal Data is processed by the Data Controller and governed by the Privacy Policy. In this regarded, the Customer guarantees, the event that they are under 15 years of ages, that they have obtained the consent of the holder of parental authority in respect of the processing of their Personal Data as defined in the Privacy Policy;

Account: means the Customer's personal account accessible on the Website through personal identifiers confidential to the Customer, which may not be communicated to a third party, and from which they may place an order;

Data or Personal Data: means the Customer's personal data, as defined by the Personal Data Regulation, collected and processed by the Data Controller in the context of the use of the Website;

Specific Rights: means the rights granted by the Personal Data Regulation, collected and processed by the Data Controller in the context of the use of the Website;

Personal Data Regulation: means Law no.78-17 of 6 January 1978 on data processing, files and freedoms, in application of the EU Regulation of 27 April 2016 published in the Official Journal of the European Union on 4 May 2016, on the protection of individuals with regard to the processing of personal dat and on the free movement of such data (known as "GDPR", General Data Protection Regulation);

Data Controller: means the company referred to in the to in the legal notice available here: 

Website: means the Website on which the Privacy Policy is hosted;

Terminal(s): means the hardware (computer, tablet, smartphone, telephone, etc.) used by the Customer to visit or view the Website.

3. The legal basis for the processing

3.1. In accordance with the Personal Data Regulation, the processing operations described in this Privacy Policy are supported by a specific legal basis.

3.2. The Customer has consented to the processing of their Personal Data for one or more specific purposes.

3.2.1. The Website has requested the express consent of the Customer in order to carry out a specific processing operation explained at the time of obtaining the consent.

3.3. The processing is necessary for the performance of a contract to which the Customer is a party or for the performance of pre-contractual measures taken at the Customer's request.

3.3.1. In order to use the Website and benefit from its services, the Customer has accepted at least the GTC. These documents establish a formal contractual relationship between the Customer and the Data Controller, serving in particular as the legal basis for the collection and processing of the Customer's Personal Data by the Data Controller.

3.3.2. This Data is needed in order to carry out a number of processing operations related to the execution of the contractual relationship between the Customer and the Data Controller, the purposes of which are detailed in paragraph 4 - Purposes of the processing operations.

3.4. The processing is necessary to comply with a legal obligation to which it is subject.

3.4.1. Personal Data may also need to be processed in order for the Data Controller to comply with a legal obligation to which it is subject, for example, the storage of Website access logs, in accordance with Decree No. 2011-219 of 25 February 2011 on the storage and communication of data enabling the identification of any person who has contributed to the creation of content placed online.

3.5. It needs to be processed for the purposes of the legitimate interests of the Data Controller or a third party, unless the Customer's interests or fundamental rights and freedoms requiring protection of personal data prevail, in particular where the Customer is a child.

3.5.1. The Data Controller may have a legitimate interest justifying the processing of the Customer's Personal Data, such as the processing of Data that is strictly required for fraud prevention purposes.

3.5.2. In this case, the Data Controller shall ensure that the processing in question is necessary to fulfil its legitimate interest and shall assess the consequences of such processing on the Customer, particularly taking into account the nature of the Data processed and the way it is processed.

3.5.3. The Data Controller shall ensure that it does not disregard the interest or fundamental rights and freedoms by allowing the Customer to object at any time to all or part of the processing operations described in this Privacy Policy, as well as to exercise their Specific Rights, in accordance with the conditions set out in paragraph 10 - Exercise of Customers' Specific Rights.

4. Purposes of the processing

The Customer's Personal Data is required in order to enable the Customer to access, use and improve the Website and to enable the Data Controller to:

  • Carry out operations related to its business relationship with the Customer, i.e. concerning invoices, accounting, monitoring the "customer relationship" with a Customer, such as carrying out satisfaction surveys, managing complaints, using the Website and more generally the services, etc.;

  • Personalise its communication with Clients, particularly through information emails, according to their preferences, and their use of the services and/or of the Website;

  • Enable the tracking of product delivery and the placing of an order;

  • Carry out commercial solicitation operations;

  • Develop business statistics, analysis and marketing tools (e.g. classification, scoring, etc.);

  • Allow the Customer to access the Account and provide them with all the information contained therein, such as their orders, their address book, the products they have registered;

  • Optimise the Customer's browsing on the Website by storing their preferences and simplifying any subsequent purchases on the Website;

  • Manage requests to exercise Specific Rights under the conditions of paragraph 10 - Exercise of Customers' Specific Rights;

  • Manage after-sales services;

  • Manage unpaid bills and disputes;

  • Manage Customer comments on the Website;

  • Prevent litigation with the Client;

  • Combat fraud and money laundering; and

  • Comply with its legal obligations, in particular its accounting and tax obligations.

  • Carry out beauty diagnostics

  • Post a review or comment on the Website and/or via "Verified Reviews"

  • Interact with the Data Controller via the Website's Chat option

Respond to and satisfy any contact request, regardless of the contact method chosen by the Customer (Website, telephone, social networks, or any other methods).Insofar as the Customer decides to share Personal Data, even if sensitive, for example, relating to their health or skin, this Personal Data will be used in accordance with the regulations and legislation in force and the information communicated by the Data Controller.

  • Facilitate sharing features via social networks

  • Process the data collected via the various platforms developed by the Data Controller (Filorga Addict or others)

  • Comply with company objectives, legal and/or regulatory obligations (such as audits, anti-fraud, security, cosmeto vigilance, detection and prevention of cyber attacks, improvement of services or development of new products or services).

4.2. The Personal Data of the Data Controller's Professionals (distributors, professional customers, suppliers or any other legal entity) may be used for the following purposes (in addition to the purposes listed in 4.1):

  • Provide the products and Services and respond to various requests (in the context of transactions and relationships with Professionals)

  • Comply with anti-corruption and transparency obligations

  • Track and respond to requests, comply with regulatory monitoring and reporting obligations, including those related to product complaints and/or product and customer safety.

  • understand how the products and services offered by the Data Controller affect Professionals and their own customers.

5. Storage of Personal Data

5.1. The Website is hosted by the company Greenshift, please find the contact available at Greenshift contact details

5.2. Every precaution has been taken to store Customer Personal Data in a secure environment and to prevent it from being distorted, damaged or accessed by unauthorised parties. The information transmitted by the Customer will never be transmitted to third parties for commercial purposes, nor will it be sold or exchanged.

6. Collection of Personal Data on the Website

6.1. When an Account is created and as and when information is added to complete it, the Data Controller collects the following Personal Data that the Customer fills in or communicates spontaneously when browsing. It is kept for a period of three (3) years, on an active basis, from the Customer's last connection to the Website:

  • Name,

  • First name,

  • Email address,

  • Postal address for delivery,

  • Billing address,

  • The contents saved in the Customer's Account,

  • Company name, if applicable;

  • Date of birth;

  • If applicable, the reason(s) for the exclusion (all the elements making it possible to demonstrate the behaviour dating back less than one month and justifying the exclusion),

  • The Customer's connection data (date, time, IP address, pages consulted) as they browse the Website

The above Personal Data is also kept in an Intermediate Archive for a further two (2) years, in accordance with the common limitation period.

  • Invoices;

  • Information about an order;

  • Amount of transactions made and the date and time of those transactions

The above Personal Data is also kept in an Intermediate Archive for a further seven (7) years, in accordance with the Data Controller's tax and accounting obligations.

6.2. All the Personal Data indicated as such in the Account creation form are essential in order to benefit from the Data Controller's services.

6.3. Where applicable, when the Customer exercises their Specific Rights, the Data Controller collects the copy of the Customer's identity document indicated in Article 10.2 and keeps it for one (1) year from the date of its receipt, in an active database.

6.4. The Data Controller may collect and process Personal Data offline, notably when the Customer:

  • Places an order by telephone, when contacting the Consumer Service, the DPO, or when contacting the Data Controller by any other means;

  • Addresses the Data Controller's representatives (in particular, sales representatives, consultants and pharmaceutical representatives in the various Filorga product sales outlets), when visiting a stand, a salon, exhibitions, when visiting the Data Controller's premises or any other place where the Data Controller or its representatives are present, whatever the event may be;

  • Participates in the Data Controller's programmes or activities;

  • Participates in offline competitions or promotional activities;

  • or any other person acting on their behalf reports an adverse event related to one of the products from the Filorga brand.

6.5. The Data Controller also receives Personal Data from other sources, for example:

  • Databases and publicly available sources;

  • Data companies;

  • Joint marketing and/or sales partners;

  • Third parties, third-party companies and/or distributors of Filorga products who report adverse events related to a Filorga product to the Data Controller.

  • When the Customer connects via their social network account (in particular Facebook, Instagram, Twitter, LinkedIn) to an account with these same networks held or offered by the Data Controller. The Customer shares certain Personal Data from their social network accounts with the Data Controller(notably, their name, email address, photos, list of contacts and/or subscribers) and any other data to which the Data Controller has access or is authorised to access.

6.6. The collection of certain personal data is necessary for the provision of certain services. If the Customer does not provide the requested Personal Data, the Controller may not be able to provide said services. If a Customer discloses Personal Data relating to other persons to the Data Controller, its subcontractors, suppliers or distributors, the Customer certifies and warrants that they are authorised to do so and authorises the Data Controller to use it in accordance with this Privacy Policy.

6.7. The Website may offer Customers who are interested in a technology designed to establish face and skin diagnostics. To this end, with the Customer's consent, and provided that the Customer is at least 16 years old, the Customer's photo will be analysed by an artificial intelligence tool. The purpose is to offer Customers a personalised analysis of their skin and to recommend Laboratoires Filorga products in accordance with the results of their diagnosis. The photo is deleted immediately after diagnosis. The Website may also offer a photo of the Customer's diagnosis and product recommendations if they agree to receive it by email.

7. Recipients or categories of recipients, if any 

Enables the connection of the information system, in particular the Website, with the warehouses

Categories of Data Recipients

Purpose of the proposed transfer

Internet service provider

Website Hosting

Website development and management service providers

Administration of the Website back office and management of the database containing Customers' Personal Data

Computer integrator and maintenance

Manages the remote maintenance of the Data Controller's information system, including the Website

Publisher of the customer management software

Enables Customer relationship management

Email routing services provider

Enables the transmission of newsletters

Call flow manager

Enables monitoring of different calls and call flows

Provides support in the management of customer vigilance and complaints

Improves the management of customer complaints and manages the safety of materials

Electronic document management service provider

Electronic invoice management

Data analysis and marketing service provider

Targets adverts on social networks

Publisher of computerised economic analysis tools

Enables sales forecasting

Provides social networks and advertising services, including the management of advertising campaigns

Management of communication on the Facebook site and Instagram mobile app

Referencing and statistical tools services

Manages the Website referencing and analysis of Website data

Payment services provider

Enables payments on the Website

Publisher of warehouse logistics management software

Parcel delivery service provider

Enables the shipment of products ordered by Customers

7.1. In the event of a transfer of Personal Data to a recipient located in a country that is not within the EEA and that has not been the subject of an adequacy decision by the European Commission, the Data Controller undertakes to provide all appropriate safeguards to ensure that it is completely lawful, ensuring that Customers have enforceable rights and remedies against the recipient and obtaining the Customer's prior, specific consent to said transfer of Personal Data.

7.2. The Data Controller will not obtain the Customer's prior and specific consent to the transfer of their Personal Data if:

- the Data Controller has:

  • entered into the standard contractual clauses with the recipient of the Personal Data, as proposed by the European Commission; or

  • taken all the appropriate measures to ensure that the transfer of Personal Data outside the European Union is lawful, in accordance with the Personal Data Regulation.

- or if the transfer is necessary:

  • compliance with obligations to ensure the establishment, exercise or protection of a right in a court of law;

  • entry into a contract between the Data Controller and the recipient at the Customer's request;

  • conclusion or performance of a contract concluded or to be concluded, in the interest of the data subject, between the Data Controller and the recipient.

7.3. The Data Controller shares or may share Personal Data with its subsidiaries and/or affiliates (see list below) and/or its parent company:

8. Security of online transactions

8.1. In accordance with the GTC, the Website uses the technology of CREDIT LYONNAIS SA to secure the Customer's bank transactions.

8.2. Thus, when paying on the Website, the Customer's bank details are transmitted in encrypted form to CREDIT LYONNAIS SA.

8.3. To exercise their rights as identified in paragraph 9 - Specific Rights, relating to their bank card details, the Customer is invited to contact the company CREDIT LYONNAIS SA directly.

8.4. The Data Controller implements appropriate organisational, technical and administrative measures to protect Customer Personal Data throughout its organisation and to ensure a level of security appropriate to the risk (pseudonymisation, encryption, anonymisation and other methods to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services). If the Customer has reason to believe that their interactions with the Controller are no longer secure, they are invited to immediately notify the Data Controller via the following email address:

9. Specific Rights

9.1. In accordance with the Personal Data Regulation, the Customer may, at any time, benefit from the following Specific Rights:

- access,

- correction,

- deletion,

- limitation of processing,

- portability,

- opposition,

- post-mortem privacy instructions,

9.2. Rights of access

9.2.1. The Customer can obtain confirmation from the Data Controller as to whether Personal Data concerning them is being processed and, if it is, access to said Personal Data, as well as the following information:

a) the purposes of the processing;

b) the Personal Data categories;

c) the recipients or categories of recipients to whom the Personal Data has been or will be disclosed;

d) where possible, the period of time for which Personal Data is to be retained or, where this is not possible, the criteria used to determine this period;

e) the existence of the right to request from the Data Controller the rectification or erasure of Personal Data, or a restriction of the processing of their Personal Data, or the right to object to such processing;

f) the right to lodge a complaint with the personal data control authority (in France, the CNIL);

g) where Personal Data is not collected from the Customer, any available information as to its source;

h) the existence of automated decision-making, including profiling, and, at least in such cases, relevant information about the underlying logic and the significance and intended consequences of such processing for the Customer;

9.2.2. Where Personal Data is transferred to a third country or to an international organisation, the Customer has the right to be informed of the appropriate safeguards with respect to such transfer.

9.2.3. The Controller shall provide a copy of the Personal Data being processed.

9.2.4. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the Customer or in case of a request for the transmission of a hard copy of Personal Data on paper and/or storage media.

9.2.5. When the Customer submits their application electronically, the information shall be provided in a commonly used electronic form, unless they request otherwise.

9.2.6. The Customer's right to obtain a copy of their Personal Data shall not infringe the rights and freedoms of others.

9.3. Rights of rectification

9.3.1. The Customer may obtain from the Data Controller, as soon as possible, the rectification of Personal Data concerning them that are inaccurate. They can also request that incomplete Personal Data be completed, including by providing an additional declaration.

9.4. Rights to erasure

9.4.1. The Customer has the right to obtain from the Data Controller the erasure, as soon as possible, of Personal Data concerning them when one of the following reasons applies:

a) Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed by the Data Controller;

b) The Customer has withdrawn their consent for the processing of their Personal Data and there is no other legal basis for the processing;

c) The Customer exercises their right to opposition under the conditions set out below and there is no compelling legitimate reason for the processing;

d) Personal Data has been processed unlawfully;

e) Personal Data must be deleted to comply with a legal obligation;

f) Personal Data has been collected from a child.

9.5. Rights to limitation

9.5.1. The Customer has the right to obtain from the Data Controller the limitation of the processing of their Personal Data when one of the following reasons applies:

a) The Data Controller checks the accuracy of the Personal Data following the Customer's dispute on the accuracy of the Personal Data,

b) The processing is unlawful and the Customer objects to the deletion of the Personal Data and demands instead the limitation of its use;

c) The Data Controller no longer needs the Personal Data for the purposes of the processing, but it is still necessary for the Customer for the establishment, exercise or protection of rights in a court of law;

d) The Customer has objected to the processing under the conditions recalled below and the Data Controller checks whether the legitimate reasons pursued prevail over the alleged reasons.

9.6. Right to Data portability

9.6.1. The Customer can receive from the Data Controller Personal Data concerning them in a structured, commonly used and machine-readable format when:

a) The processing of Personal Data is based on consent, or on a contract; and

b) It is processed using automated processes.

9.6.2. When the Customer exercises their right to portability, they have the right to have the Personal Data transmitted directly by the Data Controller to another data controller that they will designate when technically possible.

9.6.3. The right to portability of the Customer's Personal Data must not violate the rights and freedoms of others.

9.7. Right of opposition

9.7.1. The Customer may object at any time, for reasons relating to their particular situation, to the processing of their Personal Data based on the legitimate interests of the Data Controller. The latter will then no longer process the Personal Data, unless it can demonstrate compelling legitimate grounds for the processing which override the Customers interests, rights and freedoms, or may retain them for the establishment, exercise or protection of rights in a court of law.

9.8. Post-mortem privacy instructions

9.8.1. The Customer can communicate to the Data Processor instructions concerning the retention, deletion and sharing of their Personal Data after their death. These instructions may also be registered with a "certified digital trustworthy third party". These instructions, or a sort of "digital will", may appoint a person to be responsible for their execution; failing this, the Customer's heirs will be appointed.

9.8.2. In the absence of any instructions, the Customer's heirs may contact the Data Controller in order to:

- access the processing of Personal Data for the "organisation and settlement of the estate of the deceased";

- receive communication of "digital assets" or "data resembling family souvenirs, which may be transmitted to heirs";

- close the Customer's Account on the Website and oppose the further processing of their Personal Data.

9.8.3. In any case, the Customer may indicate to the Data Controller at any time that they do not want their Personal Data to be communicated to a third party in the event of their death.

10. Exercise of Specific Customer Rights

10.1. These Specific Rights may be exercised at any time with the Data Controller:

- By email via the following address

- By post via the following address:

Laboratoires Filorga Cosmétiques,

Consumer Service,

2, rue de Lisbonne

75008 Paris

10.2. For the purposes of asserting its Specific Rights under the conditions referred to above, the Data Controller may ask the data subject to provide proof of identity by mentioning their surname, first name and email address, and by submitting with the request a copy of a valid identity document, as well as any information or document that enables the identification of the data subject.

10.3. A response will be sent to the Customer within a maximum of one (1) month from the date of receipt of the request.

10.4. If necessary, this period may be extended by two (2) months by the Data Controller, which shall notify the Customer, taking into account the complexity and/or the number of requests.

10.5. In the event that the Customer requests the deletion of their Personal Data and/or in the event that they exercise their right to request the deletion of their Personal Data, the Data Controller may nevertheless retain it in the form of Intermediate Archiving, for the time necessary to meet their legal obligations, or for the purposes of proof during the applicable limitation period.

10.6. The Customer may also lodge a complaint with the competent supervisory authority (in France, the CNIL).

11. Password security

11.1. The Data Controller shall take all necessary precautions to ensure the secure storage of the Customer's password for access to their Account.

11.2. However, the security of this password also depends on its design.

11.3. The Customer is also reminded that in order for their password to be valid, it must consist of a minimum of 8 characters, with at least 3 of the following 4 character types: uppercase, lowercase, numbers, special characters

11.4. There are mnemonics for creating complex passwords, such as:

  • Keeping only the first few letters of words in a sentence; for example, the sentence "One Password to remember!" corresponds with the password 1pw@tr!

  • Capitalising the word if it is a noun (e.g. word)

  • Using punctuation marks (e.g. !)

  • Expressing numbers using the digits from 0 to 9 (e.g. One ->1)

12. The cookies deposited on the Customer's Terminal after browsing on the Website

12.1. Cookies are used on the Website

12.2. A cookie is a piece of information deposited on the Terminal which is used by the Customer to access the Website.

12.3. Cookies are related to the Customer's browsing on the Website and make it possible to determine the pages they have visited, and the date and time they were visited.

12.4. These cookies do not at any time allow the Data Controller to identify the Customer personally.

12.5. These cookies are kept in the Customer's Terminal for no longer than thirteen (13) months.

12.6. More specifically, the Personal Data collected from the cookies issued by the Data Controller or third parties allows for:

- the establishment of statistics and volumes of traffic and use of the Website in order to improve the interest and ergonomics of the services;

- the adaptation of the presentation of the Website according to the display preferences of the Client's Terminal (language used, display resolution, operating system used, etc.);

- the storage of information relating to a form completed by the Customer on the Website (registration or access to your Account);

- the implementation of security measures, for example, when the Customer is asked to log on to the Website again after a certain period of time;

- the maintenance of the commercial relationship with the Customer.

12.7. Through cookies, the Data Controller collects and processes all or part of the following data for the purposes set out above:

  • Information related to the Customer's Terminal:

- The type of terminal (Smartphone, tablet, computer, etc.);

- The operating system of the terminal (Mac Os, iOS, Android, Windows, BlackBerry etc.);

- The categories and versions of plug-ins in their Terminal,

- Their Internet service provider (Orange, SFR, Bouygues, Free, etc.);

- The browser they use (Safari, Chrome, Internet Explorer, etc.);

- Their advertising ID linked to the operating system of their Terminal;

- The IP address of their Terminal;

- The geolocation data of their Terminal;

- Their language preferences

- The key words entered when the Customer accesses the Website from a search engine;

- Their password.

  • Information about their browsing and behaviour on the Website:

- Statistics on the different pages of the Website that were visited, the duration of the session;

- The complete URL path to, through and from the Website;

  • Information about the Customer (surname and first name, age or age range, sex, declared and/or presumed socio-professional category, presumed focus of interest, their established profile, email address, etc.) linked to their activity on the internet and communicated by third parties (advertisers, advertising agencies, etc.)

13. Cookies

Name of the cookie



Duration of retention on the Terminal



Study of Customer behaviour on the Website and referencing of the Website

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and referencing of the Website

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months

Crazy Egg

Crazy Egg

Study of customer behaviour on the Website

13 months



Customer targeting

3 months



Customer targeting

3 months

Facebook Custom Audience


Customer targeting

13 months



Targeted advertising

13 months



Targeted advertising

13 months


Atlas Solutions

Targeted advertising

13 months



Targeted advertising

13 months



Targeted advertising

13 months



Study of Customer behaviour on the Website and the performance of products and sales

13 months



Confirm newsletter subscription




Study of customer behaviour on the Website

5 hours



Study of customer behaviour on the Website

5 hours

14. Objection to the use of cookies

14.1. The Customer is informed, at the time of their first visit, that they have the option of objecting to the use of cookies which are necessary for the operation of the Website, in particular by configuring their browser to do so or by exercising their choices on this page (see below).

14.2. When the Customer browses the Website, information may be recorded or read in their Terminal, subject to their choices.

14.3. The Customer will find more help on the dedicated pages of their browser (below are the most common browsers):

14.4. The Customer can also set their browser to send a code to Websites indicating that they do not wish to be tracked ("Do Not Track" option):

15. Minors

Unless otherwise stated, the Services are not intended for minors. Any person who communicates the Personal Data of minors, certifies that they have the necessary authority to do so and that they can prove this authority at the request of the Data Controller.

16. Sensitive personal data

Unless specifically requested by the Data Controller, the Customer is requested not to disclose sensitive Personal Data (e.g. social security numbers, data relating to racial or ethnic origin, political opinions, religious or other beliefs, biometric data or general characteristics, criminal history or trade union membership) on any of the Services offered by the Data Controller, through the same or in any other manner.

17. Personal Data and Facebook

As part of the Services offered by the Controller, the Controller uses certain Facebook products for analysis and/or advertising purposes. These products may share the Customer's Personal Data with Facebook, including Facebook Ireland Limited and Facebook, Inc. For more information about Facebook's use of this data, please see the Terms and Conditions of Facebook Custom Audience and the Terms and Conditions of Facebook Business Tools. Facebook Ireland Limited is a joint controller of this personal data. For more information on the relationship between joint controllers and the responsibilities of Facebook Ireland Limited, please see the Facebook Controller Addendum. For more information on how Facebook processes personal data and how to exercise your rights, please see Facebook Ireland's Data Use Policy. Facebook Ireland Limited transfers Personal Data from the EEA to Facebook, Inc. in the United States for storage and further processing. For more information on this transfer, please see Facebook's Addendum on Transferring Data Outside the EU.