About Third-party sites
subject to this Privacy Notice.
How long we store your Personal Data
We store your Personal Data processed for the purposes stated in this Notice and for the duration of our business relationship with you. Once our business relationship with you has ended and your data is no longer required for these purposes, we will delete your data, unless your data is required also for other purposes set out in this Privacy Notice, and/or is necessary to fulfil
applicable legal or regulatory obligations. We also may store your data for dealing with any complaints regarding our products and services. Our retention periods are being determined as per the legal requirements of the country you are based.
How we share and disclose your Personal Data
As a global Company, we may disclose your Personal Data to:
• Natura &Co Group Of Companies;
• Customers, Sales Leaders and/or Franchisees of Natura &Co, if you have indicated a desire to purchase products this way;
• Third-parties who provide goods or services to help us conduct our business and improve our services;
• External auditors and or legal advisors;
• Other parties to whom we are authorised or required by law to disclose information;
• Law enforcement and other government authorities. To do so, the authority requires an appropriate judicial order or warrant, for which they need to demonstrate that the disclosure of the requested or intercepted information is required. We reserve the right to challenge these requests.
We may share or transfer your Personal Data in the course of any direct or indirect reorganization process including, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or part of our assets. Your Personal Data may be shared following the completion of such transaction and/or during the assessment pending transfer (subject to confidentiality requirements). If transferred, your Personal Data will remain subject to this Privacy Notice or a policy that, at a minimum, protects your privacy to an equal degree as this Privacy Notice unless you otherwise consent.
International Data Transfers: We may transfer your Personal Data to our affiliates and subsidiaries or to other third parties, in accordance with applicable local law, depending on the country you are based. We may also transfer your Personal Data from your country or jurisdiction to other countries or jurisdictions in accordance with legal requirements.
• For international data transfers subject to EEA, UK and Swiss law: we primarily use European Union Commission Standard Contractual Clauses.
• For transfers between other jurisdictions, we may rely on other legal mechanisms for international transfers, as appropriate under the relevant law.
• We have also concluded and executed an Intra-Group Agreement to ensure safe and lawful transfers of personal data take place among entities within the Natura Group of Companies, and also among different countries around the world, where such transfers are necessary in the course of business.
We carry out Transfers Impact Assessments to implement supplementary measures to ensure your personal data is processed under the standards that apply to your territory.
Your Sensitive Personal Data will not be used for any additional purposes that are incompatible with the purposes listed above unless we provide you with notice of those additional purposes.
We do not sell your Personal Data or your Sensitive Personal Data, nor do we share it with third parties for cross-context behavioural advertising.
How we protect your Personal Data
We implement comprehensive technical, physical and organizational measures to ensure a level of security appropriate to the risk to the personal data we process and to ensure compliance with applicable legal requirements. These measures are aimed at safeguarding the ongoing integrity
and confidentiality of personal data. We evaluate and improve these measures on an ongoing basis.
How we approach to children’s privacy
Our websites are designed and intended for adults. We understand the importance of taking extra
precautions to protect the privacy and safety of children using Natura &Co products and services.
Where one of our websites may
be intended for a younger audience, depending on the country our audiences are based we get consent from a parent or guardian in
accordance with the applicable local law. If you learn that a child has, in violation of this Privacy Notice, registered for email newsletters, or otherwise provided their Personal Data, please report it to us using the contact information provided at the bottom of this Privacy Notice. If we become
aware that an underage user has provided Personal Data without parental permission, we will terminate that account and delete all Personal Data provided by that user to the extent feasible and as soon as practicable.
Depending on the country you are based, we may use your personal data to carry out age verification checks and enforce any such age restrictions.
Your rights in relation to the processing of your Personal Data
Depending on the country you are based, you may have some or all of the following rights:
• To obtain information on the personal data processed concerning you and to obtain a copy of such data (right of access);
• To obtain the rectification of any inaccurate personal data and, having regard to the purposes of the processing, the completion of incomplete personal data (right to rectification) (please let us know if and to what extent your data stored by us has changed, so that we can rectify or update the respective data);
• If there are legitimate reasons, to request the deletion of the personal data (right to erasure);
• To request the restriction of the processing of the personal data, if the legal requirements are met (right to restriction of processing);
• To withdraw your consent at any time, if the data processing is based on consent, provided that such withdrawal does not affect the lawfulness of the previous processing of your data (consent withdrawal);
• To receive the personal data provided by you in a structured, commonly used and machine-readable format and to transfer this personal data to another controller or, if technically feasible, to have it transferred by us (right to data portability); and
• Not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met (not to be subject to automated processing).
• To object, where applicable law provides, to the processing of your data (right to object):
o which is being processed for the purposes of our legitimate interests (where applicable and depending on the country you are based) unless such interests outweigh your individual rights; and/or
o for direct marketing purposes, without any special reason
Depending on the country you are based, our digital marketing communications may provide unsubscribe or opt-out mechanisms that allow you to modify your communications preferences. Please note that if you opt-out of marketing communications, we may still contact you with non-promotional communications, such as those about ongoing business relations or administrative messages (e.g. updates on online orders).
In order to exercise your rights, including the withdrawal of your consent, please contact us here. You may also designate an authorized agent to make a request on your behalf. In order to protect your data from unauthorized access or alteration by third parties, all requests regarding your personal information will be subject to verification of the identity of the requesting individual. We endeavour to respond to a verifiable request within required time frames.
A Data Subject who feels that we are not adhering to this Notice or applicable data protection laws with respect to his or her Personal Data may contact us to register a complaint; submit requests for exercising rights; or address any other issue arising under this Notice. Complaints by any person may also be referred to the DPO team by email here].
Without prejudice to any other remedies, you also have the right to
lodge a complaint with a supervisory authority at any time.
Shine the Light Disclosure
California law allows California residents to request certain information regarding our disclosure of Personal Data to third parties for
their direct marketing purposes. To make such a request, please put “Shine the Light” in the” Request Details” portion of your request on the form above or in the subject line, if submitted by e-mail. Note that there are restrictions on the number of times you can exercise some of these rights. You may designate an authorized agent to make a request on your behalf. The agent must provide proof of your authorization. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. We may need to verify your request before completing it. For example, we may ask you to confirm data points we already have about you. We will only use Personal Data provided in a request to verify the requestor’s identity or authority.
If you have previously consented to sharing precise geolocation information with our Digital Services, you can choose to stop the collection of this information at any time by changing the preferences on your browser or mobile device settings.
If you have permitted one of our mobile applications to send you push notifications or alerts, you can deactivate these messages at any time in the notification settings on your mobile device.
Changes we make
We may update this Notice periodically and will revise the date at the bottom of this Notice to reflect the date when such update occurred. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will endeavour to provide you with notice before such changes take effect, such as by posting prominent notice on our Company website.
Continued use of the website constitutes acceptance of the new Privacy Notice. We encourage you to periodically review this page for the latest information on our privacy practices. Where required to do so by the applicable law depending
on the country you are based, we may seek your prior consent to any material changes we make to this Privacy Notice.
Effective Date: November 2023