Privacy policy
Last update: May 2026
We are committed to building strong and lasting relationships with our customers based on trust and transparency. In accordance with this philosophy, the protection of your Personal Data ("Data" i.e. any information about or related to you) is essential to us and we wish to inform you via this Privacy Policy of how we collect and process this Data.
This Privacy Policy ("Policy"), in compliance with applicable Data Protection Regulation, explains how we use the Data we may collect when you interact with us either online, when you use our websites and applications (hereinafter referred to as the "Services", the "Site" or the "Sites") or offline, when you visit one of our stores, and how we ensure the protection of this Data.
Specific privacy and data protection information notices and/or consent requests will, if necessary, be communicated to you in specific situations not covered in this Policy where Shiseido may process your Data. Such data protection information notices and/or consent requests may however refer to this Policy.
1. Who controls the processing of your Data?
The brand Clé de Peau Beauté is part of the Shiseido Group's brand portfolio.
Beauté Prestige International, Shiseido's European headquarters based in 57 rue de Villiers, 92200 Neuilly-sur-Seine, France, whose trade name is Shiseido EMEA, is the controller of the processing of your Data.
Shiseido EMEA is in charge of leading our ecommerce, customer relations and marketing efforts for Europe, the UK and Switzerland. The related Data processing is carried out by or on behalf of Shiseido EMEA.
Shiseido EMEA may further share information with the whole Shiseido Group in accordance with the safeguards foreseen in this policy (see Section 7).
Shiseido EMEA, as well as all companies of the Shiseido Group, are hereafter designated or referred to as "We", "Our" or "Us".
2. What Data do we collect and from what sources?
Depending on how you interact with Us (online, offline, by phone, etc.), we may collect from you various categories of Data, which are described in more details below.
a) Data you provide to Us
You may provide the following categories of Data when you interact with Us for instance when you visit Our Sites, Our stores, or when you participate in one of Our promotional operations, etc. We may also generate Data based on your activity and interactions with Us.
- Identification information: this includes information such as your name, surname, age or age range, title, date of birth, account ID, general geographic location (e.g., postcode or city and state), etc.
- Contact information: this includes any information that would allow Us to personally contact you, such as your home address, billing address, your email address, your phone number (home, mobile), communication language, etc.
- Order and product information: this includes details of the products you have ordered and searched for online or in Our shops, the date and time of your orders and searches, your related customer ID if any, and the shops you prefer to visit, etc. We will also collect information related to any return, transaction number, shipping amount, currency, taxes, net sales amount and keep your purchase history.
- Habits and preferences: this includes any information related to your preferences and interests such as your favorite products, lifestyle information, your concerns in terms of beauty and care, reaction to marketing campaigns, etc.
- Payment and transaction-related information: this includes any information that you use to make a purchase, such as your payment card details. Payments made on the Site are made through Our payment gateway providers. Please note that we do not have access to the payment details you provide to these service-providers which operate autonomously. For more information please refer to the relevant service providers privacy policy.
- User-generated content and posts: this refers to any content (suggestions, testimonials, surveys or any other feedback) that you voluntarily share with Us about your experience in using Our products or services. This also includes your posts on Our applications, such as Our Facebook fan pages (photos, videos, personal stories, or other similar media or content). While submitting any such content, please ensure it is accurate, it does not infringe any third party intellectual property and do not transmit any sensitive data such as political opinions, your religion, your sexual orientation, ethnic or racial origin.
- Particular Data: this might include, in case of adverse effects, information on your allergies, intolerances and other health-related information, which might be related to Our products, that you provide to Us. Please note that We only use this information in accordance with Our legal obligations to follow-up on adverse events reported to Us by Our customers (in accordance with EU Regulation).
- Request information: in order for Us to comply with applicable Data Protection Regulation (e.g. GDPR in EU countries) and ensure you are able to exercise any of your related rights, We may collect information related to you such as last name, first name, type of request (e.g., personal information rectification or deletion request), further request details necessary to process your request (e.g. identification details), and the content of your request provided to Us.
- CCTV: your image may be recorded on CCTV when you visit one of Our shops. We might have to use it for security reasons. We regularly delete the footage unless an incident or alleged incident requires investigation or action.
b) Data collected through cookies
Cookies are small text files that are stored in a computer's web browser memory. We use cookies to ensure that our services function properly, prevent fraud and other harm, improve your browsing experience, make our Websites easier to use and better adapt our Websites and products to suit your interests and needs.
For more information about how we manage cookies, please read our Cookie Policy.
3. On which legal grounds do we process your Data?
As further described in section 4 below, We use your Data on the basis of the following grounds:
- The performance of the contract We have with you: in certain circumstances, We need your Data to execute Our contractual obligations. For example, if you buy products through Our Site, We need your name and contact details so We can communicate with you and deliver the products you ordered. If you do not provide your Data, We will not be able to provide you with the requested products and services. Mandatory fields are indicated with asterisks.
- Your prior consent: in certain cases, We must ask for your consent before using your Data. For instance, We will always ask for non-customer's permission to send promotional communications.
- Compliance with a legal obligation applicable to us: sometimes We have to collect and use your Data in order to comply with Our own legal obligations. For example, tax laws require Us to keep trace of invoices related to your purchases. In these cases, the provision of Data is a statutory requirement, and failure to provide such data will result in the impossibility for Us to provide you with the requested products and services.
- Our legitimate interests: this means We have a good and fair reason to use your Data and We do so in ways which does not hurt your interests and rights.
4. For what purposes do we use your Data?
We may collect, use and disclose your Data for the main following purposes:
| For what purpose do We use your Data? | What Data do We use? | On which legal ground? | For which duration? |
|---|---|---|---|
| Manage your online activities | |||
| 1. Create and manage your online account |
|
The execution of pre-contractual and contractual measures | 3 years after last activity |
| 2. Manage your online product orders |
|
The execution of pre-contractual and contractual measures | 3 years after relevant order + 10 years in archive |
| 3. Send you customized communication based on your profile |
|
Our legitimate interest to propose you similar products and services to the ones you previously purchased/subscribed. Your prior consent for other products and services. | Until you withdraw your consent and at the latest 3 years after last activity |
| 4. Manage your participation in one of Our promotional operations (game-contests, sample operations, promotional offers, etc.) |
|
Your prior consent | Duration of the promotional operation + maximum 2 years in archive |
| 5. Manage the referral programme (Friends and Family) |
|
Our legitimate interest in acquiring new customers and building customer loyalty | Duration of the referral operation + maximum 2 years in archive |
| Offer you quality services in store | |||
| 6. Create and manage your personal profile to offer you personalised services and advices in store, according to your preferences |
|
Your prior consent | Until you withdraw your consent and at the latest 3 years after last activity |
| 7. Manage your appointments with Us (beauty consultants, make-up sessions, tutorials and events, etc.) |
|
Performance of the service contract with you | 3 years after last activity |
| 8. Manage cabin treatments |
|
Performance of the service contract with you. Where applicable, your prior consent to adapt services to your health conditions. | 3 years after last activity |
| 9. Manage your registration to Our loyalty programs |
|
The execution of pre-contractual and contractual measures | 3 years after last activity |
| 10. Manage distance selling (click and collect, orders by phone, etc.) |
|
Performance of the sales contract with you | 3 years after relevant order + 10 years in archive |
| Interacting with you | |||
| 11. Manage personalized promotional communications (via email, SMS or phone) |
|
Your prior consent | Until you withdraw your consent and at the latest 3 years after last activity |
| 12. Interact with you when you contact Us via Our customer service or any other channel |
|
Depending on context: execution of pre-contractual and contractual measures (if you are a client), or our legitimate interest to offer efficient management of your requests and feedbacks. | 3 years after last activity + 10 years in archive |
| 13. Manage your comments and reviews on Our products |
|
Our legitimate interest to offer efficient management of your feedbacks | 3 years after relevant order |
| 14. Assess your satisfaction |
|
Our legitimate interest to gather your feedback and improve Our products and services | 3 years after relevant order |
| 15. Carry out market surveys |
|
Our legitimate interest to gather your feedback and improve Our products and services | Time required to achieve the survey objective |
| 16. Managing back-in-stock email notifications |
|
Performance of the sales contract with you | Until notification |
| 17. Manage adverse events notifications |
|
Compliance with a legal obligation applicable to Us | Relating to the Cosmetovigilance procedure |
| 18. Manage your exercise of rights related to your Personal Data |
|
Compliance with a legal obligation applicable to Us | 3 years after last activity + 10 years in archive |
| Others | |||
| 19. Performing analysis and statistics |
|
Our legitimate interest to gather your feedback and improve Our products and services | 3 years after last activity |
| 20. Exercise Our legal rights in case of proceedings |
|
Our legitimate interest to defend our interests | Until all means of appeal have been exhausted |
| 21. Ensuring Our websites security |
|
Our legitimate interest to maintain the security of Our Sites | Maximum 12 months |
5. Data enrichment and profiling
To the extent permitted by law and taking into account the protection of your rights and freedom in respect of the processing of your Data, and the consent you have given (if need be), to have a better overall understanding of you as a customer, We combine information about you gathered across various channels. For example, Data collected in the course of your online activity (e.g. shopping, account creation, etc.) may be combined with Data We collect when you visit one of Our stores.
This Data enrichment also occurs between different brands of our group. For example, if you make an online purchase on Our brand website and then create an online account with the same email address on another brand website, the Data collected through these two websites may be combined to enrich your customer profile.
This helps Us to propose products and advice that is most relevant to your interests at particular times, by email or when you visit one of Our stores.
You can object to these "profiling" operations at any time by contacting Us where the processing is based on Our legitimate interest, or withdraw your consent where the processing is based on such consent. Please refer to section 11.
6. With whom do we share your Data?
Depending on the type of Data and purpose of processing, access may be granted to the following authorized persons:
- Other brands of our group: to the extent permitted by law and taking into account the protection of your rights and freedom in respect of the processing of your Data, and the consent you have given (if need be), some of your Data may be shared with the other brands of our group, for example, to enrich your customer profile, to develop other brands Media audience and to update your Data as regularly as possible. Your Data will only be accessible to a limited and defined number of recipients within Our group on a strict need-to-know basis.
- Other affiliates and group entities: your Data may be shared with the other affiliates of our group who are involved in the processing of your Data.
- Third party vendors and providers: We may make your Data accessible to selected third party vendors or providers acting on Our behalf and Our instructions (this may include other affiliates or brands of Our group) or to partners acting as data controller in the course of delivering specific services to You. The sharing of your Data will only take place for the needs of the purposes described in section 4 above.
The categories of third-party vendors and providers involved are as follows:
- The transporters will need to access your Data to deliver the products you ordered.
- The marketing campaign providers will need to access your Data to send you Our communications.
- The IT maintenance providers might need to access your Data in case of technical incident.
- The service providers hosting and maintaining the databases and the Sites.
- The digital and social media partners may have access to some of your online activities.
- The online payment service provider will need to process your bank account information in order to finalize online transactions in its capacity as data controller (We will not have access to any such Data).
In any case, We require such third parties to:
- be subject to strict contractual data protection and confidentiality obligations;
- undertake to comply with all applicable data protection laws and exclusively for the purposes specified in the contract We have with them;
- implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Data.
- Digital and social media partners: in order to share content on or through social media, Our Sites may use functionalities, links or icons owned by Our digital and social media partners. It may consist, for example, of the like or sharing buttons on social networks such as Facebook or Instagram. We also use online tools such as Google Analytics, Facebook Custom Audience or Conversion API in order to optimize Our ad targeting campaigns and ensure to deliver advertising content that suits you best. The providers of these tools can directly identify you when you use them, or even if you do not use them but (i) you have an account with such social network or platform, or (ii) you are already known and identified by such providers. As soon as you view or share content, preferences and opinion, Our partners may connect your activities on Our Sites to other information they already own on you in their capacity as Data controller. Such processing is governed by Our partners' own privacy policies. We invite you to visit and check privacy policies of such online tools and to adapt your choices related to cookies and confidentiality in accordance with your wish.
- Public and judicial authorities: We might need to share your Data with public authorities when the law requires Us to do so. For instance, We might be requested to provide invoices to tax or financial authorities, or to provide information related to adverse events linked to the use of Our products to health authorities. We might also need to share your Data with judicial authorities in the event of a litigation.
- Our professional advisers: We may also share your Data when necessary with Our professional advisers, such as Our accountants, auditors, lawyers, insurers, etc.
- Potential acquirers and other stakeholders involved in Our business transfers: We might share your Data with another legal entity in the event of a collaboration, joint venture, acquisition, merger, sale, corporate restructuring or change of legal form. In this context, the acquirer will act as the new or joint controller of your Data. In case of a merger or sale, your Data will be permanently transferred to the successor company.
In any case, please rest assured that We only grant access to your Data on a need-to-know basis, and that such access is limited to the Data that is strictly necessary to perform the purpose for which such access is granted. We will never rent, trade or sell your Data to third party companies.
7. Where may we transfer your Data?
We are a multinational organization with affiliates, vendors and partners located in many countries around the world. For that reason, We may need to share your Data with entities located in other jurisdictions, in countries which may not be regarded as providing the same level of data protection as the jurisdiction you are based in.
Our European headquarters which is in charge of leading Our ecommerce, customer relations and marketing efforts in Europe, is located in France, and your Data is processed in France. Clé de Peau Beauté processes your Data in France.
In any case We ensure that adequate safeguards, as required under the applicable data protection legislation, are in place. Such safeguards include:
- Adequacy decisions released by the European Commission; or
- The European Commission's Standard Contractual Clauses; or
- Binding Corporate Rules ("BCR").
For more information about the transfer of your Data, you can contact Our Data Protection Officer (please refer to section 11).
8. How do we protect your Data?
We know how much data security matters to all Our customers and take all appropriate steps to protect your Data from unauthorized access, alteration, disclosure, or destruction. We pay particular attention to sensitive data, especially payment card data, allergy or intolerance data, etc.
Please note, however, that any information you choose to share in public areas such as Our website community features, or other social areas is by definition considered as public and can be seen by anyone accessing the related platform.
9. How long do we retain your Data?
We will retain your Data for the period necessary to fulfil the purposes outlined in this Policy (see section 4 for detailed retention periods for each purpose).
The criteria used to determine such retention periods include:
- the length of time We have an ongoing relationship with you;
- whether there is a legal obligation to which We are subject;
- whether a longer retention period is required or permitted by law.
We are committed to improving our Data Protection program and integrating data retention rules into our systems to always better protect your privacy.
10. Data about children
Our Sites are not directed to anyone under 16 years of age even if they have permission from their parents or guardians. We do not solicit or collect any type of information from a person known to be under the age of 16.
We are not able to verify whether a website user is a minor and therefore We recommend parents or guardians to be involved in the online activities of their children in order to prevent data about minors from being processed by Us.
However, if We become aware that We have accidentally collected information from a child under the age of 16, We will remove that information from Our records as soon as feasibly possible.
11. Your rights and choices
In accordance with the applicable data protection law, you have the right to request:
- Access to the Data We hold about you. You also have the right to obtain confirmation as to whether Data concerning you is being processed or not, and obtain information related to the processing of your Data.
- Correction of your Data if they are incomplete or inaccurate.
- Erasure of your Data, in the cases provided by law. Please note that in some cases, We may be obliged to retain your Data anyway, for legal reasons or overriding legitimate grounds.
- The interruption of the use of your Data, by objecting to the use of your Data for processing operations based on legitimate interests and where We have no legitimate overriding interest. You also have the right to object at any time to the processing of your Data for marketing purposes. You may unsubscribe from Our marketing communications simply by clicking on the "unsubscribe" link at the bottom of each communication.
- Withdrawal of your consent at any time, where the processing is based on such consent.
- Restriction of the use of your Data, in the cases provided by applicable law.
- To obtain a copy of the Data you provided Us, in a structured, commonly used and machine-readable format, to transmit it to another data controller, if provided by applicable law. This right only applies when the processing of your Data is based on your consent or on a contract and such processing is carried out by automated means.
Aforementioned rights may be limited in certain cases under applicable regulations.
To exercise your rights or for any further questions related to the use of your Data, please contact Our Data Protection Officer:
- Via Our online contact form here.
- Via Our postal address:
Data Protection Officer
Shiseido EMEA
57 rue de Villiers,
92000 Neuilly-sur-Seine,
France
Please note that to process your request, We may ask you for proof of identity in case of reasonable doubt.
If you feel that your Data has not been handled correctly, or you are unhappy with Our response, you have the right to lodge a complaint with your local data protection authority.
12. Policy update
We may update this Privacy Policy from time to time in order to improve Our transparency towards You and to reflect any change in the way We are processing your Data. Please visit this page frequently so that you may have updated information thereabout.
