Aller au contenu principal
Finland - EN

Privacy policy for employees



1. Purposes of the Privacy Policy for employees

  • Respect your privacy and your data

L'Oréal's ambition is to be an exemplary corporate citizen and help build a better world. We therefore give great importance to the principles of honesty and transparency and we are committed to building a strong and lasting relationship with our visitors, candidates and new hires based on mutual trust and interest. Part of this commitment means protecting and respecting your privacy as well as your personal data.
This is why we set out the statements hereunder, and our full Privacy Policy below.

  1. We respect your privacy and your choices.
  2. We make sure that privacy and security are embedded in everything we do.
  3. We do not send you marketing communications unless you have asked us to. You can change your mind at any time.
  4. We never offer or sell your data.
  5. We are committed to working only with trusted partners.
  6. We are committed to being open and transparent about how we use your data.
  7. We do not use your data in ways that we have not told you about.
  8. We respect your rights, and always try to accommodate your requests, in line with our own legal and operational responsibilities.

For more information, the Privacy Policy below sets out the different types of personal data that we may collect or retain concerning you, the way we can use them, the purposes for which we collect them, the people with whom we can share them, how we protect them and ensure their security, as well as the rights you have regarding this data.

When you provide us with personal data and/or when we collect or generate data about you with our tools, we undertake to process them in accordance with this Privacy Policy.



2. Who we are and who is Concerned about this Policy?

The Employees’ Policy applies to all individuals who work (regardless of their status) at L’Oréal/ an entity of the L'Oréal Group identified below, that acts as a data controller of the employees’ data.


  • Who is the data controller?

L'Oréal S.A. is responsible for the personal data that you share with us and that it processes, as well as each entity of L'Oréal’s group as your employer.

The terms "L’Oréal", "we" or "us" that we use herein refer to:

L’Oréal SA
41, rue Martre
92117 Clichy
FRANCE


  • Who is concerned?

Individuals who work / have worked within L’Oréal, as:

  • Employees or Apprentices,
  • French retired persons still holders of Securities in the French “PEE”

In addition to this Employees’ Policy, a Policy about Social Media may also contain provisions that concern you and are applicable.



3. What is a Personal Data & a Processing?

The Employees’ Policy applies to all personal data collected, generated and more generally processed by L'Oréal in relation to its employees, acting as their employer.


  • The term "personal data" refers to any information that may identify you directly or indirectly (the "Data").

  • In practice, the data that can identify you directly are:
    - Your names /email / postal address / phone numbers,
    - Your financial information and
    - Etc.

  • In practice, the data that can identify you indirectly are:
    - Your IP address,
    - Your social security number, or
    - An internal identification number.
    - Etc.

  • What is a Data Processing?

Any operation we do or plan to do directly or indirectly with the Data as it includes any operation performed such as collecting, recording, hosting, sending, organizing, structuring, storing, keeping/retaining, adapting / modifying, retrieving, consulting/access, using, disclosing by transmission or otherwise making available, alignment or combination, restriction, erasing/deleting etc.



4. Which Data do we collect from you and how do we use them?

  • How do we collect, generate or receive your Data?

- We may collect or receive your Data directly from you, such as through the forms or questionnaires that you fill-in


  • When we collect Data from you, we identify the required fields with an asterisk. Some of the Data we require is mandatory for the following reasons:

    • Performance of your employment agreement with L’Oréal;

    • The answer to a request that you have sent us (e.g. to send you an information, to validate your a registration/subscription to a training);

    • To use certain tools; or

    • To comply with legal obligations (e.g. your social security number).

Failing to provide the required information may have consequences on the performance of your agreement or use of the services and tools that we provide you or that are available.
Under no circumstances will we collect your Data via tools that you are not aware of.


  • In the event that your personal, family or professional situation changes and that results from a modification of your Data, you agree to update them, directly on the employee platform, by contacting your manager or by contacting the service identified in paragraph “Contact us” below.


5. Table summarizing the purposes, data processed, grounds of the processing and retention period

You will find in the table below detailed information relating to the following items:


  • In which context may your Data be collected?

This column lists the activities you are performing or the circumstances when we use or collect your Data. For example, to manage the payment of your salary.


  • Which Data relating to you are we likely to retain?

This column lists the categories of Data that we collect considering the circumstances.


  • How and why do we use your Data for?

This column explains what we could do with your Data and the purposes of their collection.


  • On which legal basis do we process your personal data as part of the purpose of the processing?

This column explains the legal basis on which we process your Data, namely:


  1. Your agreement with L'Oréal (employment, apprenticeship, internship agreement, etc.); or
  2. Our legitimate interest, which may be:
    • The safety of the individualsin our premises.
    • The security of our tools, to ensure the protection and safety of our tools (websites / applications / devices) and to ensure that they work properly and are constantly improved.
  3. Legal obligations when the applicable law or regulation requires the processing of the, which is often the case with regard to human resources; or
  4. Your consent in a few instances.

* With regard to processing based on your consent (i.e. processing that do not fall within 1 to 3 above) L'Oréal can ask you at any time to consent to a data processing. Consent-based processing is an integral part of the Collaborator Policy and will therefore be implemented in accordance with these provisions. You may withdraw your consent for these processing, as explained below under "Your Rights and Your Choices".

In which context may your Data be collected? Which Data relating to you are we likely to retain? How and why do we use your Data for? On which legal basis do we process your personal data as part of the purpose of the processing? Retention of your Data
LTI and Profit Sharing management
Employee Share Ownership Plan (ESOP /IRIS)
Communication site:
  • Audience tracking Cookies
  • Email address in case of subscription to Newsletter

Subscription site:
  • Identification data
  • ESOP /IRIS data
  • Banking data, and bank account in case of SEPA direct debit, sale of shares, payment of dividends
Esop Chatbot
  • Questions and comments
  • Manage the Plan communication
  • Managing the Employee Share Ownership Plan (ESOP /IRIS)
  • Managing personal shares
  • Consent
  • Cookies: 13 months
  • 12 month (subscription data)
  • retention period of shares, + 12 months (banking data), unless legal requirements
  • Chatbot: 2 years


6. Automated individual decision making & profiling

  • Automated individual decision-making

L’Oréal does not use automated systems for individual decision-making.
Any decision related to an Employee is taken by HR teams in charge of the said Employee.


  • Profiling

  • Certain techniques constitute "profiling" (defined as "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement").

  • We do not collect Data for profiling about you in the different scenarios mentioned in the table above.
    We study the use of our tools through statistics, but we do not evaluate or predict your personal preferences and / or interest.


7. Who can access to your data?

  • We can share your Data within L’Oréal’s Group.

Depending on the purpose for which your Data is processed, any member of the L'Oréal’s Group staff, in particular the Human Resources department, may have access to your Data, provided that:

  • They need to have access to your Data,

  • If possible, the Data is in a pseudonymized form (not allowing any direct identification), and

  • It is necessary as part of your employment/collaboration process within L'Oréal, or to meet our legal obligations, to prevent fraud and/or to secure our tools, for reasons of physical security, or after having obtained your consent to do so.


This means that we can communicate your Data to our holding company, L'Oréal S.A., and its subsidiaries worldwide.


  • We decide who has access to your Data for each type of Data

  • Your Data is only available to people and employees who need to access to this Data as part of their duties within L'Oréal (e.g. your manager for the evaluation Data), as well as the trusted third parties we work with.
  • Access rights have been defined internally for this purpose.

  • Your Data may also be processed on our behalf by trusted service providers.

  • We may also share your Data with some of our service providers who need to access to some of your Data to perform the mission assigned to them by L'Oréal, including those that are located outside your country. In this case, L'Oréal imposes strong commitments to these co-contractors regarding the processing, confidentiality and security measures regarding the Data that these service providers access to. Thus, we only provide them the Data necessary to perform the services they have been assigned and we require that they do not use your Data for any other purposes.

  • As part of this, your Data may be shared with:

    • third parties that provide us with solutions and tools for banking, Employee savings or investment for L'Oréal employees and available in SaaS (i.e. it is an outsourced service available remotely through the Internet);

    • third parties that provide us with Saas solutions and tools to organize your participation to events, trainings, games, or to manage the services you have opted in.

    • third parties that provide us studies (quality at work…)

    • third parties that assist and help us in providing IT services, such as platform providers, hosting services, maintenance and technical assistance services for our databases as well as for our software and applications that may contain data relating to you (these providers may sometimes require access to your Data to perform the requested tasks);

    • third parties that provides us with administrative services, such as payroll and the issuance of L'Oréal employee pay slips or file archiving;

    • third parties that help us to ensure the security and monitoring of our premises.


  • We may also disclose your Data to third parties in certain specific situations:

  • If we decide to or intend to transfer of an activity/business or assets (by any means including the sale of the entity carrying on that business or owning such assets), we may disclose your Data to the purchaser of that activity or assets and potential purchasers as part of an audit including to their counsel.

  • If L'Oréal or any part of its assets is acquired by a third party, your Data will be considered as one of the assets transferred. If so, your Data will be processed by the acquirer that will act as the new data controller and its data privacy policy will then govern the processing of your Data.

  • If we are obliged to disclose or share your Data to comply with a legal obligation, a court or administrative order or decision, or to protect the rights, property or safety of L'Oréal, its customers or employees;

  • If you have given your consent to do so; or

  • If the law allows us to do so.

We will not give or sell your Data.


8. How long do we retain your data?

  • We retain your Data only for the period necessary to achieve the purpose for which we hold the Data, to meet to your needs or to fulfill our legal obligations. Generally, most of this Data is retained for the duration of your employment agreement with L'Oréal.

  • When we do not need to use you Data, in particular when you leave the company, we delete your Data from our systems and files or anonymize them so that they no longer allow your identification.

  • We may retain certain Data in order to fulfill our legal or regulatory obligations and to allow us to exercise our rights (e.g. filing a claim before the courts) or for statistical or historical purposes.

  • We may fully anonymize your Data and use it to generate statistics and other type of reports.


To know how long your Data can be retained, please refer to the summary table above.



9. Where do we store you data and what security measures are implemented to protect them?

  • Location of your Data:

  • Your Data may be transferred, accessed to and stored in a country located outside the European Economic Area (the "EEA"). They can also be processed by individuals working outside the EEA who work for us or for one of our trusted service providers.

  • L'Oréal transfers Data outside the EEA only in a secure manner and in compliance with the applicable regulations. As some countries may not have laws governing the use and transfer of Data, we undertake to take all necessary steps to ensure that third parties comply with the terms and conditions set out in this Employees’ Policy. These measures may include controlling the standards applied by these third parties as part of data protection and security and / or the execution of appropriate agreements (e.g. the standard contractual clauses adopted by the Commission of the European Union).

  • For further information, please contact us as indicated in the "Contact" section below.


  • Security measures implemented

  • We take all reasonable and useful measures regarding the nature of the Data and the risks induced by its processing, to preserve the security of the data and, in particular, to prevent them from being distorted, damaged, or that unauthorized third parties have access.

  • Our general IT security policy is described in the L’Oréal IT Policy that we have implemented and which includes obligations for you as well, since the security of your Data also depends on you.

  • In addition, we require third party service providers who have access to your Data on our behalf, through an agreement, to commit to the same obligations.

  • If you would like to know more about the security measures implemented to protect your Data, you can also read L'Oréal's security assurance plan, available at: [●].

  • However, considering that the provision of Data via the Internet is not completely secure, we cannot guarantee the security of your Data provided via the Internet.



10. Your rights and your choices

L'Oréal respects your right to privacy, it is important that you control your Data.

You have the following rights:

  • To be informed: You have the right to receive clear, transparent, understandable and easily available information about how we use your Data and about your rights. This is the purpose of the information included in this this Employees’ Policy.

  • Accessing and obtaining a copy: You have the right to access to your Data that we retain (subject to certain restrictions), and to obtain a copy of such Data.

  • Right to rectify: You have the right to require that your Data be rectified if it is inaccurate or out of date and / or completed if it is incomplete.

  • Right to object: You may object, in writing, to the collection and processing of your Data as part of any processing based on our legitimate interests, subject to the applicable legal and regulatory provisions. In case of disagreement, we will have to prove the legitimacy of this treatment for our interests. On the other hand, you can not oppose the processing of your Data which is essential for the performance of your collaboration contract or compliance with the Law.

  • Right to erasure and right to be forgotten: In some cases, you have the right to obtain the erasure or deletion of your Data. This is not an absolute right, as we may be forced to retain your Data for legal or legitimate reasons, which is often the case in the human resources sector.

  • Right to withdraw your consent at any time for consent-based data processing: You may withdraw your consent to the processing of your Data if this processing is based on your consent. Withdrawing your consent does not have consequences on the lawfulness of consent-based processing prior to such withdrawal. For example, you may object to receiving our marketing messages at any time by clicking on the "unsubscribe" link in any email or communication we send you. You can also object to the processing of your image or your voice You can also contact us at the coordinates below. You can read the table included in the section "What data do we collect from you and how do we use it?" and in particular under the column “On which legal basis do we process your personal data as part of the purpose of the processing?” to know if our processing is based on your consent.

  • File a complaint before a supervisory authority: You have the right to file a complaint before the data protection authority of your country to dispute L'Oréal's data protection practices and respect of privacy. You may contact us at the contact details below before filing any complaint to the relevant data protection authority.

  • Right to Data portability: You have the right to move, copy or transmit data relating to you from our database to another one. This only applies to the data you have provided, when the processing is based on your consent or an agreement and it is implemented via automated means. You may read the table added in the section "What data do we collect from you and how do we use it?" and in particular under the column “On which legal basis do we process your personal data as part of the purpose of the processing?” to know if our processing is based on an agreement or the consent.

  • Right to restriction of processing: You have the right to request the restriction of your Data processing. This means that the processing of your Data be limited, so that we may retain the Data but not use or process it. This right applies in specific circumstances provided for by the General Data Protection Regulations, namely:

    • the accuracy of the Data is challenged by the data subject (i.e. You), for a period enabling the controller (i.e. L’Oréal) to verify the accuracy of the Data;

    • the processing is unlawful and the data subject (i.e. You) opposes the deletion of the Data and requests the restriction of their use instead;

    • the controller (i.e. L’Oréal) no longer needs the Data for the purposes of the processing, but they are required by the data subject (i.e. You) for the establishment, exercise or defense of legal claims;

    • the data subject (i.e. You) has objected to the processing based on legitimate grounds from the controller (i.e. L’Oréal) pursuant to pending the verification whether the legitimate grounds of the controller (i.e. L’Oréal) override those of the data subject (i.e. You).

  • Organize the use of your Data after your death: You have the right to provide L'Oréal with instructions concerning the use and the future of your Data after your death.


To exercise each of the rights listed above, please contact us at the contact details below. We may ask you to prove your identity and provide additional information about your request before processing your request.

11. Contact us if you have any questions or wish to exercise your rights

If you have any questions or comments about how we process and use your Data, or if you wish to exercise any of your rights listed above, please contact us at the e-mail address, mentioning your subsidiary:

Data Protection Officer for HR
[email protected]





.