Updated as of 27 April 2022
1.1 This Policy statement provides information on the obligations and policies of Clarins in respect of an individual customer’s Personal Data to ensure compliance with its obligations under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (the “Act”). Clarins undertakes to use reasonable efforts in applying, where practicable, those principles and the processes set out herein to its operations.
1.2 Clarins’ officers, management, and members of staff shall use reasonable endeavours to respect the confidentiality of and keep safe any and all Personal Data collected and/or stored and/or disclosed and/or used for, or on behalf of, Clarins. Clarins shall use reasonable endeavours to ensure that all collection and/or storage and/or disclosure and/or usage of Personal Data by Clarins shall be done in an appropriate manner and in accordance with the Act and this Policy.
1.3 By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Clarins as well as to its respective representatives and/or agents ("Representatives") (collectively referred to herein as "Clarins", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to Clarins’ authorised service providers and relevant third parties in the manner set forth in this Privacy Statement.
1.4 This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use, disclose or process your Personal Data.
1.5 For the purposes of this Policy, in line with the provisions under the Act, “Personal Data” shall mean data, whether true or not, about an individual customer who can be identified — from that data; or from that data and other information which an organisation has or is likely to have access. Such Personal Data shall also refer to that which is already in the possession of Clarins or that which shall be collected by Clarins in future.
2. Statement of Practices
Types of Personal Data Collected:
2.1 As part of its day-to-day activity, Clarins may collect from you, through various means, including via our websites, book a spa appointment, smart phone applications, retail counters, marketing events such as road shows and any forms used by Clarins from time to time, some or all of the following Personal Data:
- Name (first and surname);
- Postal Address;
- Phone number (including mobile);
- Office number;
- Email address;
- Bank account/credit card details;
- Personal Data of your emergency contacts;
- Username and password;
- IP addresses;
- Date of birth
- Photographs and images; and
- Any other Personal Data furnished by you.
Purpose of Collection and Use of Personal Data
2.2 We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
The above Personal Data mentioned in Clause 2.1 is collected and used for the purposes of performing obligations in the course of or in connection with our provision of the goods and/or services requested by you; processing your application and registration of your membership and to ascertain if you are eligible for discounts, privileges or benefits or other related purposes; to conduct market research and analysis; for quality control, appraisal, as well as staff management, training and development; for payment and/or credit control purposes; to notify you of any changes to our policies or services which may affect you; to respond to queries and feedback; maintaining and updating your membership details; to provide you with personalised services; verifying your identity; to notify you of special events, promotions and offers and marketing and advertising materials in relation to our goods and services and those of third party organisations which we are associated with (including through direct marketing via voice calls, text messages, email, direct mail and facsimile messages); complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority; to enable us to develop, deliver and improve our products, services, content and advertising; to administer our websites; to improve your experience with us; and any other incidental business purposes related to or in connection with the above.
Telephone calls made to any of Clarins’ companies to order and/or service hotlines and/or inquiry telephone numbers including virtual calls made via virtual consultation services on Clarins’ websites may be recorded for the purposes of quality control, appraisal, as well as staff management, training and development. In such an event, by agreeing to this Policy, you hereby give your consent for the collection, use, disclosure and/or processing of such Personal Data for the purposes of our records, following up with your enquiry and/or transaction, and for quality control and training purposes.
Optional Provision of Personal Data
In some instances, you may also be requested to provide certain Personal Data that may be used to further improve Clarins’ products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalised service, or provision of a product or dependent on your providing all requested data, failure to provide the requested data may prevent Clarins from providing the service to you. This type of data includes, but is not limited to:
- Your age;
- Salary range and employment details;
- Education and Profession;
- Medical history;
- Hobbies and leisure activities;
- Other related products and services subscribed to; and
- Family and household demographics.
Disclosure of Personal Data
2.3 In order to carry out the functions described above, Clarins may, from time to time, disclose your Personal Data between Clarins’ companies. We may also disclose your Personal Data: (a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods and services requested by you; or (b) to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned purposes in Clause 2.2 above.
2.4 Without derogating from any of the above, Clarins may also disclose your Personal Data to the following third parties:
- Regulators and law enforcement officials;
- Third party service providers and consultants;
- Credit, debit and charge card companies, banks and other entities processing payment;
- Potential buyers or investors of Clarins or any of Clarins’ companies;
- Any agent or subcontractor acting on Clarins’ behalf for the provision of Clarins’ services.
2.5 Clarins may disclose your Personal Data to the abovementioned parties also in the occurrence of any of the following events:
- When and to the extent that Clarins is required to do so by the law;
- In connection with any legal proceedings or prospective legal proceedings;
- When establishing, exercising, or defending Clarins’ legal rights;
- When Clarins is (or is contemplating) selling to the purchaser (or prospective purchaser) any business or asset;
- When any person and/or entity processes such information on Clarins’ behalf;
- When third parties provide services to Clarins or on its behalf;
- When any third party purchases Clarins or Clarins’ business or any part of Clarins or Clarins’ business;
- With your consent; and
- For the purposes of disaster recovery.
2A. Reliance on the Legitimate Interests Exception
2A.1 In compliance with the PDPA, Clarins may collect, use or disclose your personal data without your consent for the legitimate interests of Clarins or another person. In relying on the legitimate interests exception of the PDPA, Clarins will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
2A.2 In line with the legitimate interests’ exception, Clarins will collect, use or disclose your personal data for the following purposes:
(a) Fraud detection and prevention;
(b) Detection and prevention of misuse of services;
(c) Network analysis to prevent fraud and financial crime, and perform credit analysis; and
(d) Collection and use of personal data on company-issued devices to prevent data loss.
The purposes listed in the above clause may continue to apply even in situations where your relationship with Clarins (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
3. Transfer of Personal Data Overseas
Your Personal Data may be transferred and/or processed by Clarins, its affiliates, agents and third parties providing services to Clarins, in jurisdictions outside of Singapore with standards of data protection that is at least comparable to the protection under the Act, or where we have taken steps to ensure that your personal data continues to receive a comparable standard of protection. In this event Clarins will comply with the terms of the Act.
4. Accuracy of Personal Data
Clarins will make a reasonable effort to ensure that personal data collected by it or on its behalf is accurate and complete if the personal data is likely to be used by Clarins to make a decision that affects the individual concerned, or is likely to be disclosed by Clarins to another organisation. Where possible, Clarins will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, Clarins is able to validate the data provided against pre-existing data held by Clarins. In some cases, Clarins is required to see original documentation before we may use the Personal Data such as with Personal Identifiers and/or proof of address. To assist in ensuring that your Personal Data in the possession of Clarins is current, complete and accurate, please inform us of any updates of any parts of your Personal Data by sending a clearly worded email to the DPO at the email address provided at Clause 13.1 below.
5. Protection of Personal Data
Clarins will protect personal data in its possession or under its control (whether in physical or electronic form) by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks and the loss of any storage medium or device on which personal data is stored. Clarins uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your Personal Data and will not knowingly allow access to this data to anyone outside Clarins, other than to you or as described in this Policy. However, Clarins cannot ensure or warrant the security of any information you transmit to Clarins and you do so entirely at your own risk. In particular, Clarins does not warrant that such information may not be accessed, altered, collected, copied, destroyed, disposed of, disclosed or modified by breach of any of Clarins’ physical, technical, or managerial safeguards.
6. Access To and Correction of Personal Data
6.1 Where you request access to and/or correction of Personal Data relating to you, which is in the possession and control of Clarins, Clarins will respond as soon as reasonably possible from the time the request is received. If Clarins is unable to respond within thirty (30) days of receiving your request, Clarins will inform you in writing within thirty (30) days of the time by which it will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required or permitted to do so under applicable laws).
6.2 In accordance with Clause 6.1 of this Policy, you have the right to:
(a) Check whether Clarins holds any Personal Data relating to you and, if so, request for copies of such data;
(b) Request information on how Clarins has used or disclosed, or may have used or disclosed such personal data, in the one (1) year before the date of your request; and
(c) Request for Clarins to correct or update any Personal Data relating to you which is inaccurate for the purpose for which it is being used.
You may submit your request in writing or via email to our DPO at the contact details provided at Clause 13.1 below.
6.3 Clarins reserves the right to charge a reasonable administrative fee in order to meet your requests under Clause 6.2. Upon payment of the requisite fee and/or receipt of your request under Clause 6.1, your request shall be processed as soon as reasonably possible from the time the request is received.
6.4 If you wish to verify the details you have submitted to Clarins or if you wish to check on the manner in which Clarins uses and processes your personal data, Clarins’ security procedures mean that Clarins may request proof of identity before we reveal information. This proof of identity may take the form of full details of name, membership number and NRIC or Passport or Fin number. You must therefore keep this information safe as you will be responsible for any action which Clarins takes in response to a request from someone using your membership details. We would strongly recommend when you login to your online account in our websites that you do not use the browser's password memory function as that would permit other people using your terminal to access your personal information.
6.5 Please note that your right to access or correct your personal data is subject to legal prohibitions and permitted exceptions under the Act.
7. Withdrawing your Consent
7.1 The consent that you provide for the collection, use disclosure and/or processing of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using, disclosing and/or otherwise processing your personal data for any or all of the purposes listed above by submitting your request via email to our DPO at the contact details provided at Clause 13.1 below.
7.2 Upon receipt of your written request to withdraw your consent, Clarins may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
7.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in Clause 13.3 below.
7.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
8. Storage and Retention of Personal Data
We may retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. Clarins will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for any reasonable business or legal purposes of Clarins and where the Personal Data is deleted from Clarins’ electronic, manual, and other filing systems in accordance with Clarins’ internal procedures and/or other agreements.
9. Contacting you
To the extent that any of the communication means which you have provided Clarins with (which may include, your telephone number and fax number) is/will be listed on the Do Not Call Registry (the “DNC”), by checking the box on the application form, data collection and consent form, or by any other means of indication, you hereby grant Clarins your clear and unambiguous consent to contact you using all of your communication means you have provided to Clarins including using via voice calls, SMS, Whatsapp, MMS, fax or other similar communications applications or methods, for the purposes as stated above in Clause 2.2. This will ensure your continued enjoyment of Clarins’ promotional rates and services.
10. Your Choices Regarding Your Personal Information
You can exercise the following choices with respect to your personal information either through your online account or by sending us an email at email@example.com.
- You can request access to your personal information we maintain;
- You can correct your personal information, which includes the right to have incomplete personal information completed;
- You can request that we stop sending you electronic marketing communications, including by following the procedures described in the Opt-Out section below;
- You can request that we delete your personal information, subject to our obligation or ability to retain your personal information under applicable law;
- If our use of your personal information is based on consent, you can withdraw your consent at any time.
11. Opting Out
If you would like to opt out of receiving promotional emails from us, please follow the unsubscribe instructions located at the bottom of each email. If you would like to opt out of receiving direct email, mail, mobile marketing or telephone marketing calls from us, please send your request, including your name, email address, street address via email to firstname.lastname@example.org (please use the subject line: Privacy Opt-Out Request). We are not responsible for notices that are labelled or sent improperly or do not have complete information. We will process your request within 30 calendar days of the date we receive your request, but you may, in the meantime, receive previously scheduled emails, mail, or calls from us. Once you have opted out, you do not need to do so again.
12. Changing, Updating or Deleting Personal Information
You can update, change, or delete certain personal information (such as your email address, mailing address, and payment method) on Clarins’ Websites by clicking “My Account” in the menu at the top of each page. If the information you wish to update, change, or delete is not included in the “My Account” page, you can request an update, change, or deletion by emailing email@example.com
13. Change Policy
Clarins reserves the right to alter any of the clauses contained herein in compliance with local legislation, and for any other purpose deemed reasonably necessary by Clarins. You should look at these terms regularly. If you do not agree to the modified terms, you should inform us as soon as possible of the terms to which you do not consent. Pending such notice, if there is any inconsistency between these terms and the additional terms, the additional terms will prevail to the extent of the inconsistency.
14. Governing Law
This Policy is governed by and shall be construed in accordance with the laws of Singapore. You hereby submit to the non-exclusive jurisdiction of the Singapore courts.
12.1 This Policy only applies to the collection and use of Personal Data by Clarins. It does not cover third party sites to which we provide links, even if such sites are co-branded with our logo. Clarins does not share your Personal Data with third party websites. Clarins is not responsible for the privacy and conduct practices of these third party websites, so you should read their own privacy policies before disclosure of any Personal Data to these websites.
12.2 Clarins will not sell your personal information to any third party without your permission, but we cannot be responsible or held liable for the actions of third party sites which you may have linked or been directed to Clarins’ website.
12.3 Clarins’ websites do not target and are not intended to attract children under the age of 18 years old. Clarins does not knowingly solicit personal information from children under the age of 18 years old or send them requests for personal data.
16. Contacting the Data Protection Officer
13.1 In accordance with the Act, Clarins has established a process for receiving and responding to any query or complaint that may arise with respect to the application of this Act. To ensure that Clarins receives your complaints and enquiries, please send the same via email to the Data Protection Officer (the “DPO”) of Clarins at the following email address: firstname.lastname@example.org
13.2 Please note that if your personal data has been provided to us by a third party (e.g. a member via a referral process), you should contact that individual to make such queries, complaints, and access and correction requests to Clarins on your behalf.
13.3 Should you not wish Clarins to use your Personal Data for any of the purposes listed in Clause 2, or not to receive promotional materials from Clarins, you may opt out by sending a clearly worded email to the DPO via the email address provided in Clause 13.1 above.
17. Limitation of Liability
In no event shall Clarins, its parent, subsidiaries or affiliates or their respective officers, directors, employees, agents, successors, subsidiaries, divisions, distributors, suppliers, consultants, service providers, affiliates or third parties providing information on its websites have any liability for any damages or losses arising out of or otherwise incurred in connection with the loss of any data or information contained in your account or otherwise stored by or on behalf of Clarins or in connection with the collection, use, disclosure and/or processing in relation to your personal data.
Because some countries do not allow limitations on implied warranties or the exclusion or limitation of certain damages, in such countries some or all of the above disclaimers or exclusions may not apply and liability will be limited to the fullest extent permitted by applicable law.