ORIFLAME PRIVACY NOTICE – ORIFLAME BEAUTY COMMUNITY “MEMBERS” AND “GUESTS”
Malta
Publication Date: 28.02.2025
What does this policy cover?
This policy describes the Company's, and your Sponsors' processing of your personal data with regard to your (or your underage child’s) participation in the Oriflame Beauty Community (“Our Community”) as a Member or with regard to your use of the Oriflame sales platform as a guest customer (“Guest”).
Who we and your Sponsors are
The Company, we or us means Nommon S.à r.l., registered at: 24, Avenue Emile Reuter - L-2420 Luxembourg, registration number B278229
Your Sponsor (singular) means the Sponsor identified in the confirmation email we send you during the registration to Our Community (i.e. the person who has invited you to join Our Community as a Member or assigned to you during the registration in case you join us without such invitation).
Your Sponsors (plural) means your Sponsor along with your Sponsor's up-line Sponsors within the Our Community who will have access to your personal data in accordance with this policy. You can find the details of your Sponsors in “Upline Report” available in “My Beauty Community” menu on our website, after you have registered and logged into your account.
For the purposes of applicable data protection law (including, the General Data Protection Regulation 2016/ 679 (the "GDPR"), we and your Sponsors are each independent data controllers of your personal data.
What personal data is collected?
The following categories of personal data will be collected:
Personal data collected from you: Depending on how you interact with Oriflame, we and/or your Sponsor collect data from you when you complete a Member registration form on our website (yourself or by providing the required data to your Sponsor who registers you), give consent to your underage child registering as a Member, purchase Oriflame products, participate in discussion boards or other social media functions on the website, leave a product review, enter a competition, promotion or survey on the website, use other services offered by Oriflame via website and Oriflame applications or otherwise communicate with us (for example, when you contact Customer Services). The data may include your full name, date of birth, postal address, product delivery address, email address, mobile phone number, the password that you set, your Sponsor's name and number, images, pictures and video recordings you upload onto your profile, the content of your chats and recordings of your interactions with our customer or sales support service (each time you will be informed about your interactions being recorded), opinions or statements you make (e.g. our products reviews) on discussion boards or in communications with us and any other information you provide to us in the course of using our website or corresponding with us or our representatives as well as posts and messages on social media.
Personal data collected about you:
We process personal data related to your history of purchases, and for Members also your position in Our Community structure, your plan benefits (eg Cashback) and we share some/ all of this data with your Sponsors for the management of their downline networks. We process your unique Member ID; membership start date and anniversary date when you have completed your Member sign-up process:
If a Member chooses to create an account via a third-party platform (e.g., Facebook, Apple, Google), we may automatically receive personal data about you from that third party. For more details please see Schedule 1 to this Privacy Notice.
Further, with regard to each of your visits to the website and any Oriflame app, or any third-party software/ app used by Oriflame on a SaaS basis we will automatically collect the following personal data:
technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform;
information about your visit to the website, including the full Uniform Resource Locators (URL) clickstream to, through and from the website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to contact our customer service number; and
information obtained via the cookies or other similar technologies that we or a third-party service provider places on the website.
We process personal data necessary to analyse how effectively we communicate with you by email, SMS, instant messaging services (like e.g. WhatsApp and alike) and push notifications, for example number of sent and opened communications, click-through rates, websites visited through sent links or products purchased.
If you are a parent or guardian of an underage child who registers as a Member, we process your telephone number provided by the child.
Where we and/or your Sponsors require your personal data to enter into a contract or comply with legal or contractual obligations, then the provision of such data is mandatory: if such data is not provided, then we and/or your Sponsors will not be able to establish or manage our/their contractual relationship with you, or to meet obligations placed on us/them. When collecting data, we will clarify which fields are mandatory.
How is your personal data used, and what is the legal basis for this use?
We and your Sponsors each process your personal data as independent data controllers for the following purposes:
Our processing
| Purposes | Legal bases | Individuals concerned |
| To establish and fulfil a contract with you when you make a purchase. This will include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products, awards or services. | Contractual necessity | Members and Guests |
| To create your (or your underage child’s) account and to enable you to participate in Our Community and enjoy all the benefits of being part of it, including to offer you cashbacks, rewards, programs and benefits and provide you with Community communications, so that you can make the most of your membership in Our Community, e.g.:
Community communications may be provided to you by email, sms and other instant messaging technologies (like e.g. WhatsApp and alike) or phone. | Contractual necessity | Members (and their parents or guardians) |
| To ensure the effective management of Our Community, to analyse your activity (e.g., your inviting of other people to Our Community), to compile internal reports | Our legitimate interest (in managing and bringing Our Community together) | Members |
| To invite you to and participate in Oriflame social media groups to help you integrate with and be a part of Our Community, share experience and get latest information on Oriflame products and opportunities
| Our legitimate interest (in managing and bringing Our Community together) | Members |
| To contact you in relation to our products and services similar to those which you have already purchased (direct marketing). Direct marketing communications may be provided to you by email, sms and other instant messaging technologies (like e.g. WhatsApp and alike) or phone. | consent | Guests |
| To deliver relevant advertising to you and to invite you to take part in market research or studies (including consumer satisfaction and similar studies) | Our legitimate interest (in marketing and improving our business) | Guests |
| To analyse measure or understand the effectiveness of Community communications and advertising we serve to you | Our legitimate interest (in managing and bringing Our Community together) | Members, Guests |
| To market our products effectively by personalising our website, applications or products, services for you, to enable you to participate in interactive features of our website | Our legitimate interest (in marketing and improving user experience) | Guests |
| To analyse, monitor, improve, administer and protect our products, content, services and website, both online and offline | Our legitimate interest (in improving and protecting our business) | Members, Guests |
| To investigate and handle any complaints received from you about our products and services, its website or applications. | Our legitimate interest (in improving and protecting our business) | Members, Guests |
| To ensure your compliance with our policies and rules and to monitor your account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law | Our legitimate interest (in promoting compliance with law and policies) | Members, Guests |
| To ensure compliance with applicable laws and the protection of our legitimate business interests and legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation). | Legal Compliance or our legitimate interest (in protecting our interests and rights) | Members (and their parents or guardians),, Guests |
| To use various enhancing tools, products or services offered by us, we may ask you for a specific consent. | Consent | Members, Guest |
Your Sponsors' processing
| Purposes | Legal bases | Individuals concerned |
| To enable your Sponsors to connect with you and enhance your engagement in Our Community. Your Sponsors will provide you with Community communications, so that you can make the most of your membership in Our Community, e.g.:
Community communications may be provided to you by email, sms and other instant messaging technologies (like e.g. WhatsApp and alike) or phone. | Contractual necessity | Members |
| To ensure the effective management of Our Community, to analyse your sharing activity, to compile internal reports | Our and your Sponsors' legitimate interest (in managing and bringing Our Community together) | Members |
| To respond to any comments or complaints you may send them | Our and your Sponsors' legitimate interest (in improving and protecting the business) | Members |
| To contact you in relation to our products and services similar to those which you have already purchased (direct marketing). Direct marketing communications may be provided to you by email, sms and other instant messaging technologies (like e.g. WhatsApp and alike) or phone. | consent | Guests |
| To ensure compliance with applicable laws and the protection of your Sponsors' legitimate business interests and legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, tax, investigative purposes (including disclosure of such information in connection with legal process or litigation). | Legal Compliance or your Sponsors’ legitimate interest (in protecting interests and rights) | Members (and their parents or guardians),, Guests |
Automated decision-making and profiling
We do not use fully automated decision-making.
But we do use profiling (i.e., we evaluate your certain characteristics on an automated or partially automated basis) to provide you with tailored information or services and advise you in a customised way regarding our products. This enables us to provide appropriate communications and advertisements to you like recommending products and services that we think might be suitable for you. We understand that the data processing is also beneficial to you because it allows you to improve your user experience and access the information in accordance with your preferences.
Who will your personal data be shared with and where will it be sent?
We will make your personal data available and accessible only to those who need the data to accomplish the intended processing purpose. We will (or may) share it:
within the Oriflame Group: in particular with Oriflame Cosmetics AB, PO Box 1095, SE-101 39 Stockholm, Sweden; Oriflame Cosmetics AG. Bleicheplatz 3, 8200 Schaffhausen, Switzerland; Oriflame Poland Sp. z o.o., ul. ul. Prosta 51, 00-838 Warszawa, Poland; Oriflame Software s.r.o., Ladova 389/10, Hejčín, 779 00 Olomouc, Czech Republic, for analysing – at a group level – metrics relating to our products, sales, campaigns and relationships with Members and Guests.
with sub-contractors, partners and other third parties whenever needed to fulfil the intended processing purpose, i.e.:
technological service providers including electronic communication providers,
providers of customer support and related services and technologies,
couriers;
advertising and marketing partners and service providers,
payment and accounting services providers.
with government authorities and/or law enforcement officials if mandated by law or if required for the legal protection of our (or your Sponsors) legitimate interests in compliance with applicable laws;
amongst the Sponsors themselves (i.e., your Sponsor along with your Sponsor's up-line Sponsors within Our Community) for the purposes of Our Community management.
In the event that our business is sold or integrated with another business, your personal data will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business. The same applies in case of reorganisation of Oriflame Group activities (e.g. consolidation or change of the functions between various Group entities) in such case your data may be shared and transferred to a relevant entity within the Group.
We process your personal data in your country or within the European Economic Area (i.e. all 27 EU Member States plus Iceland, Liechtenstein and Norway “EEA”) but in some cases, data recipients are located in territories outside the EEA (in particular in India, the United States of America and Switzerland and some of these territories do not offer a level of data protection comparable to that of the European Union (e.g. India or the United States of America if outside the Data Privacy Framework). In such cases we transfer your data only where adequate safeguards are in place:
The recipients participate in the Data Privacy Framework; a list of participants is available at : https://www.dataprivacyframework.gov/list or
The recipients have agreed to be bound by standard contractual clauses approved by the EU Commission; the clauses are available at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
What cookies will be used on the website?
The website uses cookies (small files placed on website users’ hard drive) to distinguish you from other users of the website. This helps us to provide you with a high quality experience when you browse the website and also allows us to improve the website. We use cookies to analyze the flow of information; customize the services, content and advertising; measure promotional effectiveness; and promote trust and safety. For detailed information please read Oriflame Cookie Policy.
Google Analytics
We use Google Analytics to understand how visitors engage with our sites and apps. This means that when you visit our website or use one of our mobile applications your browser automatically sends certain information to Google. This includes, for example, the web address of the page that you're visiting and your IP address. You will find the details of how the Google technology collects and processes data following this link https://www.google.com/policies/privacy/partners/.
If you don’t want the Google Analytics to be used in your browser, you can install the Google Analytics browser add-on. You can find more about the Google Analytics and Google privacy policy here https://www.google.com/policies/privacy
Your rights
You can ask us and your Sponsors:
For access, including a copy of your personal data ;
To correct your personal data (if it is inaccurate, incomplete or not up-to-date);
To 'port' your personal data (i.e. to transfer in a structured, commonly used and machine-readable format, to you or another data controller);
To erase your personal data; or
To restrict its processing (i.e. processing will temporarily stop save to the extent that personal data will continue to be stored).
You also have rights to object to some processing that is based on our legitimate interests, and to processing for direct marketing purposes. Further, where we and/or your Sponsors have asked for your consent to process your data, you are entitled to withdraw this consent. This will not affect the lawfulness of processing before the withdrawal. These rights are limited in some situations – for example, where we and/or your Sponsors can demonstrate there being a legal requirement to process your personal data. In some instances, this may mean that we/they are able to retain data even if you withdraw your consent.
We and your Sponsors hope that we/they can satisfy any queries you may have about the way we/they process your personal data. If you have any concerns, you can get in touch with:
Us: You can contact our data protection officer at privacy@oriflame.com. You may also contact us at the following address: Nommon Sàrl. , registered at: 24, Avenue Emile Reuter - L-2420 Luxembourg, registration number B278229 and/ or
Your Sponsor: Using the contact details provided in the confirmation email we sent you during the sign-up process, or those provided in each communication you receive from your Sponsor.
If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority in the country of your habitual residence, place of work or of an alleged infringement of the data protection law.
How long will we hold your data?
We and your Sponsors will each keep your personal data for the length of the contractual relationship you have with us and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this policy.
Laws may require us and your Sponsors to each hold certain personal data for specific periods. In other cases, we and your Sponsors will each retain data for an appropriate period after any relationship with you ends to protect ourselves/themselves from legal claims, or to administer our/their business.
Changes to this policy
Any changes we may make to the policy in the future will be posted on the website and, where appropriate, notified to you by e-mail or otherwise. The changes will be also available at our premises.
Schedule 1 – log in with 3rd party credentials
Registration and login with your Facebook/Google/Apple account
Instead of registering directly or logging in to our website or our Apps, you can register and log in using your social platforms accounts (Facebook, Google, Apple). The providers of these platforms are respectively:
Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4 Ireland / Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (for UK users)
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (for users of Google services). / Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (for UK users)
Apple Distribution International Limited, Hollyhill Ln, Hollyhill Industrial Estate, Cork, T23 YK84, Ireland
If you decide to register or log in with these social platform accounts and click the "Login with Facebook/Apple/Google" button, you will be automatically redirected to the relevant platform. There you can log in with your user data. This will link your Facebook/Apple/Google account with our website. This link gives us access to your account data. These may include: email address, first name, last name, birth date, profile picture, language. The exact scope of data depends on the information that you have provided to the social platform and your privacy choices.
Further information can be found in the Privacy Policies and the Terms of Use of the platform providers. These can be found at:
https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en (additional information can be found at https://support.google.com/accounts/answer/12849458?hl=en&ref_topic=12843167&sjid=1700593519173017894-EU)
https://www.apple.com/legal/privacy/en-ww/ and https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/ (additional information can be found at https://support.apple.com/en-us/102609)
Instructions for data deletion
Oriflame stores your personal data obtained from these provider to set up, provide and personalize your account.
If you want to remove your connections between Oriflame and your respective account for Facebook, Google or Apple, follow these instructions:
For Facebook
Click your profile picture in the top right of Facebook.
Select Settings & privacy, then click Settings.
Click Apps and Websites in the left side menu.
Click Remove next to Oriflame icon
For Google:
Go to https://myaccount.google.com/security
Click Connections to third party apps and services.
Click Oriflame.
Click Remove all connections to Oriflame, then you will be informed what consequences this action has.
For Apple:
Sign in on account.apple.com.
Go to Sign-In & Security.
Select Sign in with Apple.
Click on Oriflame tab.
Click Stop using Sign in with Apple