Privacy Policy

July 09, 2025

L'ORÉAL (UK) LIMITED CONSUMER PRIVACY POLICY

 

WHO THIS APPLIES TO

This Privacy Policy applies to you if you are a Consumer Customer of ours – this is where you engage with us as a consumer when buying directly from us, subscribing to one of our brand-led communications (such as Aesop, Kiehl’s or NYX Professional Make-up), using one of our online diagnostic tools, engaging in one of our Communities, entering a competition or joining a membership scheme. You may also contact us as a Consumer about our products – whether bought from us directly or via a retailer. 

We set out below the types of personal data we might collect or hold about you, how and why we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data. 

A special note for our Aesop customers, joining us from 1st October 2025.  You may be a business customer or a consumer, but this policy applies to how we use your personal information.  

Please note that you must be at least 18 years old or older to use our services and sign up to marketing unless the terms for a specific service or marketing sign-up state another age. 

 

WHY THIS MATTERS

Please read this information carefully.  If you have any questions, please contact us using the contact details provided below (please see the “Contact Us” section) and let us know you are a Consumer Customer so we can best support you.  Note that not all the information set out below may apply to you.  We have detailed all possible situations in which we could interact together - one or more of these may apply to you depending on how you have interacted with us.  For example, if you have not provided us with a photo for your account, then these details will not apply to you.  

WHO WE ARE

“L’Oréal”, “us”, “our” or “we” means L’Oréal (UK) Limited.  We are responsible for the personal data that you share with us as we are the “controller” for the purposes of applicable data protection laws.  

The L’Oréal family is made up of a number of different brands – you can find out more here http://www.loreal.co.uk/.  

We are also part of the L’Oréal Group which operates in 140 countries around the world. For details on the L’Oréal Group, please see http://www.loreal.com/group.  

WHAT’S NOT INCLUDED

This Consumer Privacy Policy does not apply to L’Oréal employees and shareholders. It doesn’t cover other companies or organisations (which advertise our products and services and use cookies, tags and other tracking technologies) collecting and using your personal data to offer relevant online advertisements to you - you should review their cookie and privacy policies before giving them your personal information. 

You may also be a Business Customer of ours, if so, with the exception of Aesop business customers, please see our Business Customer Privacy Policy for further information on how we use your personal data in that context. If you are a talent partner of ours then please see our Talent Partner Privacy Policy for details on how we use your personal data in that context. If you are also an employee of ours, then please also see our Employee Data Protection Notice available via our intranet. If you visit one of our premises or attend an event we are hosting, we will also provide you with information about how we use your personal data to manage your time safely and securely with us. 

OUR PRIVACY PROMISES

Our ambition is to be an exemplary corporate citizen and we place great value on honesty and clarity.  Part of this commitment means safeguarding and respecting your privacy and your choices - this is essential to us.  We want you to understand how we use your personal data so you can feel comfortable and confident in sharing it with us. 

  1. We respect your privacy and your choices.
  1. We make sure that privacy and security are embedded in everything we do.
  2. We will not send you marketing communications unless you have asked us to. You can change your mind at any time.
  3. We will never sell your personal data.
  4. We are committed to keeping your personal data safe and secure. This includes only working with trusted partners. 
  5. We are committed to being open and transparent about how we use your personal data.
  6. We will not use your personal data in ways that we have not told you about.
  7. We respect yourrights andwill always try to accommodate your requests as faras ispossible, in line with our own legal and operational responsibilities.

 

 

WHAT IS PERSONAL DATA?

 

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, User Generated Content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address or your mobile device’s MAC address, as well as cookies.  

 

 

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT?

 

You, the consumer, are our priority. You drive what we do. We love hearing from you, learning about you, and creating and delivering products that you enjoy.  

 

At L’Oréal, our ambition is to build relationships based on transparency and mutual trust. 

 

We know that many of you love interacting with us and because of this, there are many ways that you might share your personal data with us, and ways that we might collect it.  

 

How do we collect or receive your personal data?

 

We might collect or receive personal data from you in a number of ways, including via our websites, forms, apps, devices, L’Oréal products or our brand pages on social media. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores), sometimes we collect it (e.g. using cookies to understand how you use our websites and apps) or sometimes we receive your personal data from other third parties including other L’Oréal Group entities (e.g. when you mention L’Oréal products or services on non-L’Oréal pages (e.g. social media platforms) or smart devices (e.g. voice assistant platform providers)), or where you purchase via an online marketplace (e.g. one of our Brand shops on Tik Tok Shop).  

 

The table below sets out which legal basis we rely on when processing your personal data for the different contexts in which we engage with you. 

 

To explain what a ‘legal basis’ is – under data protection laws, the legal basis for the processing of your personal data can be: 

 

  • Your consent– where we ask for your agreement to use your personal data for a specific purpose.
  • The performance of a contract– where we need to process your personal datatoprovide you with a service/something under an agreement we have with you or as part of preparing to enter into an agreement with you.
  • Our legitimate interests– where the use of your personal data is in our legitimate business interests.
  • To comply with a legal obligation– where we need to use your personal data for our own legal and regulatory compliance reasons (for example tocomply withour tax and financial reporting obligations).

 

When we collect personal data, we will indicate which types of personal data are mandatory via asterisks.  For example, mandatory information to allow us to create your account or deliver the goods you have purchased on our websites/apps.  If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide. 

 

In which context is your personal data collected? 

What personal data may we hold about you? 

 

This will depend on the frequency and nature of your interactions with us, so the lists below are a guide. 

How and why we may use it? 

What is our legal basis for processing your personal data? 

Account creation and management 

 

Where your personal data is collected during the creation or management of an account on L’Oréal websites/apps (including one of our Communities), through a social media login or in store. 

 

  • First name andsurname;
  • Gender;
  • Emailaddress;
  • Address;
  • Phonenumber;
  • Photoand a scan of your ID (for age verification if needed to access ourCommunities);
  • Birthday, Date of birthor agerange;
  • ID/username, andpassword;
  • Personal description orpreferences;
  • Orderand/or appointmentdetails;
  • Social media profile (where you useyoursocialmedialogin or share this personal data with us);
  • Loyaltycode;
  • UserGeneratedContent;and/or
  • Other information you have shared with us about yourself (e.g. viayour “My Account” page, by contacting us, a question via the chat function available on some websites, or byparticipatingin a contest, game, surveyetc.).

To: 

  • Manage youraccount,ordersand/orappointments;
  • Send you marketing communications (where you have asked us to)(i) by direct means (email, SMS, postal mail) and (ii) by advertising displayed on our andthird partywebsites you browse;
  • EnrichYourProfile to tailor these communications to your interests. For more information on thisseethe section on“Your Profile” following thistable;
  • Offerand managea loyalty programand/or Community membershipand share engaging and relevantinformation with youincluding eventinvites;
  • Offer personalised services based onYour Profile includingyourbeautycharacteristics;
  • Allow you to manage yourpreferences;
  • Monitor and improve our websites andapps;
  • Run analytics or collectstatistics;
  • Secure our websites and protect you and us againstfraud;
  • To verify your age if weare required toas part of our legalobligations;
  • Display adson L'Oréal websites to create a unique experience when you visit ourwebsites;
  • Respond to your questions and otherwise interact with you;and/or
  • Manage any competitions, promotions, surveys or contests you enter. 
  • The performance of a contract – so you can create and manage youraccount, and provide you with the services that yourequest;
  • Our legitimate interests:(i) to improve our products and services; (ii) better engage with you; (iii)send or display personalised communications or content (iv)prevent fraudor criminal activity; and (v)maintainthe security of our websites/apps; and(vi) topublish content.; and
  • Consent, where we ask for consent (wedon’talways rely on consent)includingto send youmarketing messages.

Newsletter and marketing subscription and Your Profile 

 

 

Where your personal data is collected when you subscribe to receive our marketing communications and in building Your Profile to personalise our communications to you.  

  • First name andsurname;
  • Emailaddress;
  • Gender;
  • Address;
  • Phonenumber;
  • Birthday, Date ofbirthorage range;
  • ID/username, andpassword;
  • Personal description orpreferences;
  • Orderdetails;
  • Social media profile (where you use your social media login or share this personal data with us);
  • UserGeneratedContent; and/or
  • Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or byparticipatingin a contest, game, survey etc.).

To: 

  • Send you marketing communications (where you have asked us to) which may be tailored toYourProfile based on the personal data we know or learn about you and yourpreferences;
  • To personalise our marketing and advertising campaigns and create a unique experience when visiting our websites or mobile apps and ourshops;
  • Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored toyou;
  • Keep anup-to-datesuppression list if you have asked not to becontacted;
  • Run analytics or collect statistics;and/or
  • Send content on your behalf to your friends and/or family.
  • Consent(wedon’talways rely on consent – seebelow)–so(i)you can receive marketing communications from us; and(ii) sendor displaypersonalisedadsonline via third partiespartner sites (for more information seethe ‘Sharing your personal data’ section below);
  • Our legitimate interests:(i) to improve our products and services; (ii) better engage with you;(iii) topublish content; and
  • Legal obligation:maintainyour contact information on a suppression list if you have asked us to stop sending you marketing messages.

Purchases and order management 

 

Where your personal data are collected during the purchase process made on L’Oréal websites/apps, in store or on voice assistant platforms. 

  • First name andsurname;
  • Emailaddress;
  • Address;
  • Phonenumber;
  • Personal description orpreferences;
  • Gender;
  • Social media profile (where you use your social media login or share this personal data with us);
  • Transaction information including purchasedproducts;
  • Payment and information; and/or
  • Purchase history.

To  

  • Contact you to finalise your order where you have saved your shopping cart or placed products in your cartwithout completing the checkout process.
  • Inform you when a product you wanted topurchaseis available.
  • Process your order including delivering the product to the address youindicated.
  • Manage payment. Please note that your payment information (credit card number/PayPal/bank account details) are not collected by us directly, but by secure payment service providers.
  • Manage any contact you have with us about your orderand/or contact you to request feedback on our products/services.
  • Secure your transactions against fraud. We may use athird-partyprovider’s solution to detect fraud and make sure that payment is completed.
  • If you place a purchase using a registered account, we will add this transaction toYour Profileso we can understand your interests andpreferencesand you will see a record of your transactions with us within your account (where applicable).
  • Manage any dispute relating to a purchase.
  • Run analytics or collect statistics.
  • To send you commercial communications (i) by direct means (email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites.
  • To enrichYour Profileto personalise these communications according to your interests – see, for more details,the section on“YourProfile”following this table.
  • To display ads on L'Oréal websites to create a unique experience when you visit our websites.
  • To send you commercial communications (i) by direct means (email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites.
  • To enrichYour Profileto personalise these communications according to your interests – see, for more details, the section on“Your Profile”following this table.
  • The performance of a contract – so you can makeapurchaseand we can manage the associatedlogistics.
  • Our legitimate interests:(i) to improve our products and services; (ii) better engage with you; (iii)send or display personalised communications or contentto you(profiling);(iv)prevent fraudor criminal activity; and (v) secure our tools; and (vi) topublish contentonline
  • Tocomply witha legal obligation – to keep information weare required to.
  • Consent(wedon’talways rely on consent – see below) - so you can receive marketing communications from us.

Online browsing 

 

Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse L’Oréal websites/apps or on third-party websites/apps where we have cookies. 

 

For information on the specific cookies placed on a particular website/app, please check the cookies table or tool available on the specific website/app. 

 

 

 

 

 

*cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on L’Oréal Group websites. 

Data related to your use of our websites, including:  

  • Where you camefrom;
  • Logindetails;
  • Location;
  • Data related to your navigation on our apps/websites, incl. scroll/mouse movement (but in a manner that does notidentifyyou);
  • Videos youwatched;
  • Pages/ads/content you looked at, clicked or tappedon;
  • Durationof yourvisit;
  • Products yousearched for and/orselected to create your basket; and/or
  • Your Profile information.

 

Technical information:  

  • Your IPaddress;
  • Browserinformation;
  • Deviceinformation;
  • Your unique ID which is given to each visitor, and theexpirationdate of the ID; and/or;
  • Your visitor ID.

We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters) for the following purposes: 

 

  • To deliver targeted advertising, that is to show you: 
  • online advertisements for products which may be of interest to you, based on yourpreviousbehaviour; and/or
  • ads and contenton thirdparty partner sites (for more information see the ‘Sharing your personal data’ section below).

 

You can opt out of targeted advertising by using the function available on our website (where applicable), or in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide. 

 

  • To tailor our services for you, that is to:
    • show you recommendations, marketing, or content based onYour Profileand interests; and/or 
    • display our websites in a tailored way, for example, show you products we think you might like. 

 

  • To allow our websites/apps to function properly, that is to:
    • ensure the proper display ofcontent;
    • create and remember your shoppingcart;
    • create and remember your account logindetails;
    • interfacepersonalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference),etc.;
    • perform troubleshootingand/or
    • improveuser experience andour websites/apps, for example, by testingnew ideasor layouts. 

Please note that we only track your navigation on the website/app (e.g. mouse movements) to ensure our websites/apps function properly, for troubleshooting, and to improve user experience, as explained above. We do so in a way that does not identify you and use encryption mechanisms to ensure that the personal data provided on the website/app is always masked and never recorded. 

 

  • To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services.

 

  •  To run statistics, that is to:
    • avoid visitors being recordedtwice;
    • know users’reactionsto our advertisingcampaigns;
    • improve our offers; and/or
    • understand how you discovered our websites/apps.

 

  • To allow sharing of our content on social mediaplatforms.

 

  • To recognizereturning users across all touchpointsusing fingerprinting device intelligence technology.
  • Our legitimate intereststo ensure that we provide you with websites/apps, advertisements and communications that function properly, and to continuously improve cookies that are (i) fundamental to the operation of our websites; and(ii) used to ensure the protection and security of ourwebsites;
  • Consentfor all other cookies.

Social Media Platforms 

 

Where your personal data are collected from your activity on social media platforms. 

 

For more information on how your personal data may be shared with Social Media Platforms such as Meta, Pinterest, Amazon and Google, please see the respective sections under “We may disclose your personal data to our partners” below. 

We may get information you publicly post on social media platforms (e.g. TikTok) and use it to better understand how consumers view our products/services and interact with us. For example, we may use public posts to identify beauty trends. Where possible, we do this in a way that we are unable to directly identify you.  

 

We may also collect your personal data when you mention us on social media platforms. The personal data we collect may include:  

  • Social mediahandle;
  • Photo; and/or
  • Any comments mentioned in your post. 

 

If we want to re-use any content you post on social media platforms, we will always ask your permission first (see ‘User Generated Content’ below). 

To  

  • Monitor and improve our websites and apps; and/or
  • Run analytics or collect statistics.
  • Our legitimate interests: (i) to improve our products and services; and (ii) better engage with you.

Promotions 

 

Where your personal data are collected during a competition, prize draw, game, contest, promotional offer, sample request, survey etc. 

Depending on the frequency of your interactions with us, this personal data may include: 

  • First name andsurname;
  • Emailaddress;
  • Phonenumber;
  • Birthday or agerange;
  • Gender;
  • Address;
  • Personal description orpreferences;
  • Social media profile (where you use your social media login or share this personal data with us); and/or
  • UserGeneratedContent;
  • Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on someof ourwebsites, or byparticipatingin a contest, game, survey etc.).

To: 

  • Complete tasks that you have asked us to, for example,to manage your participation in the promotionor prize draw,takinginto accountyour feedback andsuggestions;
  • Run analytics andstatistics;
  • Add your participation toYour Profileso we can understand your interests andpreferences;
  • Send you samples.
  • The performance of a contract – so you mayenter intothecompetition orprizedrawandwe can deliver the prize.
  • Our legitimate interests–(i)to send you communications related to your request; (ii)to help us better understand your needs and expectations and thus improve our services,productsand brands; (iii) topublish content; and
  • Consent – to provide you with the samples you haverequested.

User Generated Content 

 

Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites (including our Communities)/apps/social media platforms, or accept our re-use of any content you posted on social media platforms. 

  • First name and surname oralias;
  • Emailaddress;
  • Photo;
  • Personal description orpreferences;
  • Social media profile (where you use your social media login or share this personal data with us); and/or
  • Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or reviews, or a question via the chat function available on some websites).

To: 

  • Use the content you have created and/or sharedin accordance withthe specific terms and conditions accepted by you(e.g. to post your review/content and to promote our products);
  • Contact you to request feedback on our products and/orservices;
  • Syndicate yourratings andreviews across our brand websites in other countrieswhere weoperate;
  • Run analytics andcompilestatistics;
  • Send you marketing communications,where you have asked us to,(via email, SMS,WhatsApp, socialmedia platforms, etc.)which may be tailored to your “profile” based on the personal data (including your social media ‘handle’) we know or learn about you,and yourpreferences;
  • Deliver social media targeted advertising, to show you: 
    • online advertisements for productsthatmay be of interest to you, based on yourpreviousbehaviour; and/or
    • ads and content on social media platforms such as Google, Meta, Snapchat,Amazonand Pinterest, TikTok or other websites; and/or
  • Add your content toYour Profileso we can understand your interests and preferences.
  • Consent –to reuse the contentyou'veuploaded.
  • Our legitimate interests–To help us better understand your needs and expectations and, in doing so, improve and promote our services, products and brands.

App & Device Use 

 

Where your personal data are collected in connection with your use of our websites/apps and/or devices (for example when you provide your personal data when completing online forms or trying on our products virtually via our apps or booking a virtual consultation with one of our beauty advisers or making a hairdressing academy appointment). 

  • First name andsurname;
  • Gender;
  • Emailaddress;
  • Phonenumber;
  • Photo;
  • Location;
  • Birthday and/or agerange;
  • Personal description or preferences, including characteristics such as skin tone, skin/hair type(e.g. your beauty profile);
  • Recordings ofonlineconsultations;
  • Application or device usagedata;
  • Consultation data(pictures, attributes, scores, survey answers, products recommended);
  • Allergy alert testresults;
  • Answers to health and safety-related questions.

To: 

  • Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you withonline consultations to speak with an expert about your skin and receive bespoke skincare recommendations,advice and notifications regarding your sun exposure,skin/hair routine etc.);
  • Analyse your personal characteristics and recommendappropriate products(including bespoke products) androutines;
  • Conduct research and innovation by scientists within the L’OréalGroup;
  • Monitor and improve our apps anddevices;
  • Run analytics andstatistics;
  • Send you commercial communications (i) directly (byemail, SMS, postal mail) and (ii) by advertising display when you browse third-partysites;
  • EnrichYour Profileto tailor these communications to your interests. For more detailsseethe section on“Your Profile”following thistable;
  • Display advertisements on L'Oréal websites to create a unique experience when you visit our websites.
  • Consent– tosend you commercial prospecting messages.
  • The performance of a contract – to deliver the service you haverequested(e.g. to enable you to try on products virtually).
  • Our legitimate interests-toimprove our products and services to meet your needs and expectations, and advance research and innovation; to publish content.

Enquiries 

 

Where your personal data are collected when you ask questions (via customer service) relating to our brands, our products and their use, or your purchases, account or rights. 

  • First name andsurname;
  • Phonenumber;
  • Emailaddress;
  • Other information you have shared with us about yourself in relation to your enquiry (which may include welfare,healthdataand call recordings).

To: 

  • Answer and manage your enquiries– connect you with theappropriateserviceifnecessary;
  • Send you satisfaction surveysas a result ofinteractions with us (e.g. after a purchase or customer service contact);
  • Compilestatistics;
  • Add your questions or concerns toYour Profileso we can understandyour interests andpreferences;
  • Monitor and prevent any adverse reactions related to the use of ourproducts;
  • Carry out studies concerning the safety oruse of ourproducts;
  • Carry out and follow up on corrective actions taken, if necessary.
  • The performance of a contract – to respond to your enquiries.
  • Our legitimate interests:(i) to improve our products and services; (ii) better engage with you; and (iii) secure our tools.
  • Consent– to processyour request.
  • Legal obligation– tocomply withthe legal obligation tomonitortheadverse effects ofourproducts.

Our Premises 

 

Where your personal data are collected when you visit our premises (e.g. our store(s) or our hairdressing academy). 

  • Photo/Video captured via CCTV; and
  • Attendance/visitor forms (which may include the collection of welfare and health data).

To: 

  • Assistin the prevention and detection of crime and manage enquiries; and/or
  • Help ensure the health, safety and security ofouremployees andvisitors;
  • Help ensure the security ofinformationlocatedor stored withinourpremisesorassets.
  • Our legitimate intereststo: (i) prevent fraud and criminal activity; and (ii) secure our tools.
  • Tocomply withourlegal obligations– to meet health and safety requirements.

 

A note on sensitive personal data

The processing of special categories of personal data (or ‘sensitive personal data’) is limited to data made public by you or a third party on your behalf, or where you have given us consent to use such information. For example, we may need to understand your health, including dietary, requirements when preparing access and catering for an event you are attending, or when handling a query or complaint made by you. We will always check such requirements with you and you only need provide the information you are comfortable with us using. 

 

Automated Decision Making

 

Automated decision making means the ability to make decisions using technology, without human involvement. 

 

We may use automated decision-making techniques for the purposes of securing transactions placed through our websites/apps and/or devices against fraud.  In addition, we may use a third-party provider’s solution to protect our systems, assets etc. against fraud.  

 

The method of fraud detection is based on several different data prediction and data intelligence techniques that may change over time, to keep up with technological advancements.  These may include, for example, simple comparisons, or association, clustering, prediction and outlier detections using intelligent agents, data fusion and data mining techniques.  This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.  In all cases, we take all reasonable precautions and safeguards to limit access to your data.  

 

As a result of automatic fraud detection, you may: (i) experience a delay in the processing of your order/request whilst we review your transaction; and/or (ii) be limited or excluded from using a service if a risk of fraud is identified. 

 

You have the right to access the information on which we base our decision.  Please see “Your Rights and Choices” section below. 

 

Your Profile

 

To be able to send or display personalised communications or content, we may use a technique known as “profiling” (or “insights”).  This means we process personal data to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your personal preferences, interests, economic situation, reliability, behaviour, location or movements. 

 

We do this to build a profile about you (‘Your Profile’). Your Profile includes things such as: what you like, dislike, are passionate about and interested in, in addition to the information we know about you through your relationship with us, for example, products you have bought from us or been interested in, events and competitions you have attended or entered, and campaigns you have been interested in. We collect personal data about you in the different scenarios mentioned in the table above, both directly from you or from our third party partners (see the ‘Sharing your personal data’ section below for more details).  

 

We use this data to send or display communications and/or content specifically tailored to your interests and/or needs – both directly to you (emails, digital app service messages, via our websites) or through our use of social media platforms such as Facebook, Instagram and TikTok. We may also use Your Profile to identify individuals, within our database and those of our third party partners, with the same profile characteristics, as you and who are therefore likely to be interested in similar advertising content (often referred to as a ‘lookalike audience’).   

 

We ensure that we have an appropriate legal basis to process your personal data when conducting profiling activities. You may have the right to object at any time to the use of your personal data for “profiling”. Please see “Your Rights and Choices” section below.  

 

 

Joint controllers

 

We are always responsible for personal data that we collect about you. In some cases, for example, when we collaborate with our trusted partners, we may be jointly responsible with those partners for protecting your personal data.  

Our data protection commitments as joint controllers are as follows: 

  • We will agree the respective roles and responsibilities of each partyinvolved;
  • We will make sure thatboth partiesare transparent aboutthejoint purposes for processing yourpersonal data, and explain howyourpersonal datais used for these purposes; and
  • We will make sure thatyou are always ableto exerciseyourlegal rights.

 

Where we work jointly with another party, we will inform you about your rights and other important information at the point we ask for your personal data.  

 

An example of where we act as a joint controller, is with the third-party partners we share and receive personal data with about you to be able to display tailored ads on their sites. To do this we share your (pseudonymised) identification data, i.e. your full name and email address, to enable the partner to find you among their members/users and to display relevant ads about our products and services to you and to create lookalike audiences (please see the ‘Your Profile’ section above for more details). Our partners provide us with reports on the results of our ad campaigns (number of clicks, conversion rate, audience profile, etc.) so we can improve our future campaigns. In these activities, we act as joint data controller with the third-party partner, but only to the extent of the personal data shared by them as relevant to our business – we do not have access to all personal data they hold about you.  

 

Please note, if you do not have an account with that third party partner, then the processing activity is limited to sharing with a ‘no match’ finding.  We only do this where we have your consent to do so.  

 

SHARING YOUR PERSONAL DATA

 

We may share your personal data within L’Oréal and the L’Oréal Group - Where appropriate, we may share your personal data between our brands to build a central record, keep the information we hold about you up to date (for example, you may be a Consumer Customer of more than one of our brands), enrich the profile we hold about you (see Your Profile), tailor our communications with you,  run analytics and perform statistics to better inform our investment and business strategy decisions.  This includes sharing Your Profile. 

Access within the L’Oréal Group will always be controlled on a need-to-know basis, to fulfil our contractual obligation with you (such as to refund you), or to allow us to perform any necessary or legitimate functions.  This may include sending you marketing communications about other brands but only where we have a marketing permission to do so. 

 

We may also share your personal data in a pseudonymised way (not allowing direct identification of you) with L’Oréal Research & Innovation scientists, including those located outside of your country, for research and innovation purposes.  

 

Your personal data may also be processed on our behalf by our trusted suppliers - We only provide them with the information they need to perform the service they are providing. We require them to keep it secure and tell them not to use it for any other purpose. For example, we may trust third parties to deliver services that require the processing of your personal data as follows:  

  • To provide digital and e-commerce services such as social listeningandloyaltyprogrammes;
  • Toreview social media and public profilesas well asratings andreviews;
  • To provideCRM,identity management,webanalyticsand search enginetools;
  • To providecommunity platform management and User Generated Content curationtools;
  • As required to deliver a product to you, for example, postal/deliveryservices;
  • Payment service providers and credit reference agenciesto assess your credit score and verifyyour details where this is a condition of entering into a contract withyou;
  • Advertising, marketing, digital and social media agencies to help us deliver advertising, marketing, and campaigns, to analyse their effectiveness, and to manage your contact details, questions,and ourrelationship;
  • Third parties thatassistuswithcustomer care, productqueriesandcomplaints;
  • To provide us with IT services such as website hosting and platform management services; and/or
  • To help us provide training, seminars, and events, such as training providers, travel agencies, and event management companies.

 

We may also disclose your personal data to third parties beyond those that provide services to us, such as: 

  • If we sell any or part of our business or assets, we maydiscloseyour personal data to the prospective buyer of such business or assets. Your personal data will usually be processed by the buyer acting as the new controller and its privacy policy will govern the processing of your personaldata;
  • If we are under a duty to disclose or share your personal data to comply with a legal obligation, orin order toenforce or apply our terms of use/sales or other terms and conditions you have agreed to, or to protect the rights, property, or safety of L’Oréal, our customers, or others; and/or 
  • In other circumstances if we have your consent or we arepermittedto do so by law.

 

We may disclose your personal data to our trusted third-party partners, for example if they are co-creating content with us such as for an event or app, then we will each use your personal data for our own purposes and as such your personal data will be used by:  

  • L’Oréalin accordance withthis Privacy Policy; and
  • The partner acting also as a controller, and its privacy policy shall govern the use of your personal data for its purposes. 

 

We may share, for example, your User Generated Content such as ratings and reviews with our partners so it may be displayed on their websites. 

 

We may publish content created by third parties. Where we do this, the third party may place a cookie on your device if you read this content. Please consult the third parties’ cookie policy or cookie consent management platform for details on what information they may gather from the cookie, and how it is used. 

 

We may also share personal data to display L’Oréal content (for example recommended products/services) on our partners’ sites where you have agreed to receive advertising that is tailored to you (either by accepting our or our partners’ cookies, or by agreeing to receive our marketing). Where you accept our cookies from our partners, they may store a cookie on your device so you should read their privacy and cookies policy or consult their cookie consent management platform. In the other cases, we only share data that does not directly identify you with our partners. Our partners will then determine which of our products/services to display to visitors of their websites. For more information, please see the ‘Ypur Profile’ section above. 

 

When we use advertising services from Google, Meta social platforms (Facebook, Instagram) and/or Pinterest on our websites, apps and/or devices. Google and/or Pinterest will access and use your personal data when we utilise their services.  To find out more about how these third-party partners use your personal data, including your rights over how they use your personal data including sharing it with us, please review their privacy policy and associated terms of use of their services following the links below: 

  • Google Privacy & Terms availablehere.
  • Meta’s Privacy Centre is availablehere, more details on Meta below.
  • Pinterest’sPrivacyPolicyisavailablehere.
  • Amazon’sPrivacy Notice is availablehere.
  • TikTok’sPrivacy Policy is availablehere.

 

Further information about what personal data Meta collects and shares with us

 

When using any of our websites/apps and/or devices, you may be able to:  

  • sign-in with yourFacebooklogin. If you do so, you consent to share some of your public profile information withus;
  • use theMetasocial plug-ins(Instagram, Messenger, etc.), such as “like” or “share” to share our content, or yourUserGeneratedContent on theMetaplatform;
  • accept cookies from our websites/apps (also known as “MetaPixels”). These types of cookies help us understand your activity including for example, information about your device, how you use our services, any purchases you make and the ads you see,whether or notyou have aFacebookaccount or are logged intoFacebook.
  •  When you use anyMetafeatures, we collect your data to help us to: 
    • show youadsyou might be interested in onMetaor any of its other services (Instagram, Messenger etc.); and
    • measure and analyse the effectiveness of our websites,appsand/or devices. 
  • We may also use any personal data you provide us with on our websites, apps and/or devices (e.g. your name, email address, gender and phone number), to identify you onFacebookor any ofMeta’sother services (Instagram, Messenger etc.),in order toshow you ads that are more relevant for you. While doing this,Metawill not share your personal data and willdeletethe information promptly after the matching process is complete.

 

Tik Tok Shop data sharing – when you purchase our products from one of our Brand’s shops on Tik Tok Shop, Tik Tok share certain personal data with us about you so we can fulfil and manage your order.  They share this data with us via the portal they provide us with.  The portal is where we notify you of updates to your order and its delivery.  If you need to contact us about your order placed via one of our Brand shops on Tik Tok Shop, please do so via your Tik Tok account. 

Where we store your Personal Data

 

The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside the United Kingdom. It may also be processed by staff operating outside the United Kingdom who work for us or for one of our service providers.  

 

Where L’Oréal transfers personal data outside of the United Kingdom and/or including Ireland, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to ensure that third parties adhere to the commitments set out in this Privacy Policy (e.g. reviewing their privacy and security standards and subjecting them to appropriate contractual obligations). 

 

When we transfer your personal data outside of the territories described above, we: 

  • review and/orenter intoappropriate contracts(including adding the European Commission’s standard contractual clauses (availablehere) which may include the UK’s Addendum to the standard contractual clauses (availablehere); or
  • rely on the applicableUK or European Commission (depending on whether the transfer is from UK or Ireland)adequacy decision which finds the third country to which we may transfer your personal data offers an adequate level of data protection (copies of adequacy decisions availablehere(UK) andhere(EU)).

 

For further information, please contact us as per the “Contact us” section below.  

 

How Long Do We Keep Your Personal data and how do we keep it secure?

 

We will keep your personal data for as long as we need it subject to the different use cases described above.  For example, we retain certain personal data for the following periods: 

  • For the duration of our contractual relationship and for a reasonable period after it ends in case of a query orclaim;
  • Where you create anaccount, we keep your personal data until you requestus todeleteit or after a period of inactivity (i.e. where you have not interacted with us fora period of time). This period is definedin accordance withlocal regulations andguidance;
  • We keep User Generated Content for a reasonable period necessary to achieve the purpose we collected it for (e.g. for the duration of a campaign) and otherwise for a period definedin accordance withlocal regulations and guidance; and 
  • Where cookies are placed on your browser, they are stored for as long as necessary to achieve their purposes (e.g. statistics on your social media post) and otherwise for a period definedin accordance withlocal regulations and guidance. 

 

When we no longer need to use your personal data, it is removed from our systems and records, or anonymised so that you can no longer be identified from it. 

 

We are committed to keeping your personal data secure and taking all reasonable steps to do so.  We contractually require that trusted third parties who handle your personal data for us do the same.  However, as no sharing of information via the Internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site.  Any sharing is therefore at your own risk.  

 

Links to Third Party Sites and Social Login

 

Our websites/apps may, from time to time, contain links to the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you share any personal data with these websites. 

 

We may also offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing Your Profile information with us.  The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context. 

 

Social Media and User Generated Content

 

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data (e.g. financial information or address details). We are not responsible for any actions taken by other individuals if you post personal data on a social media platforms or one of our websites (e.g. via a Community) and we recommend that you do not share such information.  

 

Your Rights and Choices

 

L’Oréal respects your right to privacy: it is important that you are able to control your personal data. You may have certain rights and choices over the personal data we collect from you. These rights may be limited depending on our rights as a business and/or the legal basis on which we use the data, but we will always explain where this is the case. We will take reasonable steps to verify your identity before granting access or making corrections to the information we hold about you. You may exercise these rights by contacting us using the details provided below. 

 

Email opt-out

You can opt-out from our email marketing at any time by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us (see the ‘Contact Us’ section below). We will act on your request as quickly as we can, but it can take about 30 days to take effect due to system updates. We will add your email address to our opt-out list to make sure we continue to exclude you from future marketing communications. 

 

Withdrawing your consent

You may also withdraw any consent you previously provided to us at any time by contacting us using the details provided below. This will not affect the lawfulness of our use of your personal data based on your consent before its withdrawal. 

 

Reviewing, correcting, updating, restricting, objecting to our use of or deleting your personal data

You have the right to request access to and correction or erasure of the personal data we hold about you, or to request our use of this information is restricted, as appropriate. You also have the right to object at any time to the use of your personal data for direct marketing purposes, including the profiling we do related to direct marketing and generating and maintaining Your Profile.  Please note, if we cannot hold sufficient information in Your Profile or your account, we may have to reconsider how we engage with you, but we will always explain why.  

 

These rights may be limited depending on our rights as a business and/or the legal basis on which we use the data, but we will always explain where this is the case.  

 

Other Rights

You have the right to receive, in a structured, commonly used and machine-readable format, the personal data that you have provided to us about you, with your consent or based on your contract with us. You also have the right to have this information transferred to another data controller, where it is technically feasible. You may exercise this right by contacting us using the details provided below. You may also lodge a complaint with a data protection authority about our use of your personal data, but we do ask that you contact us first and try to resolve any issues or causes for concern you may have. 

 

How to turn on/off cookies  

The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust them by changing the settings of your browser or, where available, by using the tools on our websites. 

 

Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites.  

If you wish to manage your preferences regarding the cookies and other similar technologies that are set by our websites, you can navigate to the “Cookies Settings” link available in the footer of our websites) or refer to the Help function within your browser to learn how to manage your settings within your browser. For more information please consult the following link: https://www.aboutcookies.org/

 

Changes to this Privacy Policy

 

We may make changes to this Privacy Policy from time to time. Changes may be due to, for example, amendments to applicable laws, regulations, and industry practices, or due to changes we make to our services. We encourage you to review our Privacy Policy to stay informed. 

 

If we make material changes that may affect your rights, as per the “Your Right and Choices” section above, we may provide additional notice, such as via email or via a notice on our website. If you continue to use our services after we publish or send a notice about any changes to our Privacy Policy, it will mean that you have read and understood the updated Privacy Policy.  

 

CONTACT

 

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights as outlined above, please contact us at:  

 

or by writing to us at: 

 

Data Protection Officer 

L’Oréal (UK) Limited 

Gateway Central  

187 Wood Lane 

London W12 7SA 

United Kingdom 

 

If you would like to get in touch with our Data Protection Officer, please contact us at [email protected]

 

UPDATED:  18th December 2025 

Skip the slider: For All PDPs

Our Favourites

Take a look at our top picks

See All Products