EUROPEAN UNION PRIVACY POLICY
Terms of Use Copyright Policy California Privacy Notice EU Privacy Policy Cookies Policy Privacy Policy
Terms of Use Copyright Policy California Privacy Notice EU Privacy Policy Cookies Policy Privacy Policy

European Union Privacy Policy

 

This EU Privacy Policy applies to Florence Beauty, LLC’s (aka Florence by Mills) (“FBM”) processing of your Personal Information collected through the Services and/or received from our Licensees.  This EU Privacy Policy provides information about, among other things, the categories of Personal Information collected and processed, as well as the purpose of processing and the legal ground the processing is based on. FBM advises you to carefully read this EU Privacy Policy.


Terms starting with a capital that are not defined in this EU Privacy Policy, are defined in the Privacy Policy and/or the Terms and also apply to this EU Privacy Policy.   


It is important that to read this EU Privacy Policy together with our Privacy Policy so that you are fully aware of how and why we are using your Personal Information. This EU Privacy Policy supplements our Privacy Policy and in the event of a conflict between this EU Privacy Policy and our Privacy Policy, this EU Privacy Policy shall control.

 

 

1. Controller details

Florence Beauty, LLC, is a limited liability company established in the U.S. with registered offices at 2210 East Maple Avenue, El Segundo, California, 90245, United States.


With regard to FBM’s processing of the Personal Information of EU Residents, the EU General Data Protection Regulation (“GDPR”) applies. Since FMB determines the purpose and means of processing the Personal Information, we qualify as controller as defined in Clause 4(7) of the GDPR. Please note, from this point forward, this EU Privacy Policy uses the term “Personal Data,” which refers to Personal Information, but in the terminology of the GDPR.

 

 

2. Services

As set forth in the Terms, among other things, the Services include providing you with information about FBM’s Licensees and Florence by Mills branded products available on each Licensee’s own website. 


This means (among other things) that each individual Licensee determines the purpose and means for processing the personal data it collects through their own respective website (or otherwise). Each individual Licensee qualifies as a controller for the processing of these personal data as meant in Clause 4(7) of the GDPR. The privacy policy of the applicable Licensee (and not this EU Privacy Policy or the Privacy Policy) applies to any Licensee’s aforementioned processing of your personal data. 

 

 

3. Overview of categories of Personal Information and Processing Purposes 

Subsection (i) of this Section 3 provides an overview of the categories of Person Data FBM collects and further processes and gives you examples of the specific type of Personal Data that fall in each category.


FBM has the Personal Data described below because you either provided it to us and/or we received it from our Licensees. The Personal Data you provide to FBM can be either actively provided (see subsection (i)  Contact data, below) or can be collected automatically (see subsection (ii) Automatically generated data, below).  FBM may also receive Personal Data about you from our Licensees, but only if the Licensee obtained your prior consent. Please see Sections 3 and 4 for more information on the Personal Data FBM receives from our Licensees and the purposes for which such data are processed. 


Subsection (ii) of this Section 3 provides an overview of the purposes for which FBM processes your Personal Data, the categories of Personal Data we need to process for these purposes, the legal ground on which the processing of your Personal Data is based, as well as a concise explanation regarding all of the above. 

 

 

(i) Categories of Personal Data 


Contact data

This category of Personal Data covers all data FBM can use to contact you, such as your email address. The content of any emails you send FBM and/or the content of our further correspondence by email or otherwise may contain Personal Data and also falls under this category.  


Automatically generated data

This category of Personal Data covers all data that is automatically generated and relates to (a) the device you use to use the Services, such as the ID number of the device, type of browser and the computer system you use, (b) the way you use the Services, such as your IP address, the time you spend on our website and each separate webpage, which links you click and/or which  other features of the Services you use, and/or (c) other information on your use of the Internet collected by cookies, such as your IP address.

 

 

 (ii) Processing Purposes 

 

Purpose: Offering the Services to You

Personal Data: Contact Data, Automatically generated data

Legal groundnecessary for the performance of our agreement with you

Explanation: We have an agreement regarding the use of the Services under the conditions stated in the Terms. In order to perform our agreement and make it possible for you to access and use the Services, FBM must engage third party services which requires the transfer your Personal Data to these third parties. This primarily pertains to the transfer of your data to hosting providers (please see Section 4, below).

 

 

Purpose: Replying to questions and inquiries 

Personal Data: Contact Data

Legal ground: legitimate interest, legal obligations

Explanation: We have a legitimate interest (6.1 (f) GDPR), to process Personal Data in order to reply to your questions and inquiries, because it enables FBM to offer you an efficient customer service by replying to your questions and inquiries. The processing of your Personal Data for this purpose is for your benefit and has little to no impact on your privacy. 

 

 

Purpose: Analysis and evaluation

Personal Data: Contact Data, Automatically generated data

Legal ground: legitimate interest 

ExplanationWe continuously evaluate and analyze the Services. Based on the outcome of these evaluations and analyses, FBM may decide to change the Services, or any part or parts thereof, to keep them working properly and offer you the desired user experience. The outcome of the analyses and evaluations cannot be used to directly or indirectly identify you and therefore no longer qualifies as Personal Information (as meant under Clause 4(1) GDPR).

 

We have a legitimate interest to process your Personal Data for this purpose because it enables us to tailor the Services to your liking and optimize your user experience. The processing of your Personal Data for this purpose is primarily for your benefit and has little to no impact on your privacy.

 

 

Purpose: Assessing and/or complying with requests to exercise your rights

Personal Data: Contact data 

Legal ground: legal obligation 

ExplanationWe have a legal obligation to offer you the possibility to exercise the rights set forth in Section 7. In order to comply with this legal obligation, we need to process the Contact Data in relation to this purpose. 

 

 

Purpose: Marketing 

Personal Data: Contact Data, Automatically generated data

Legal ground: consent 

Explanation: We only use your Personal Data for marketing purposes if you have given your prior consent to us or our Licensees for this purpose. If you gave us consent for using certain cookies, we use the Personal Data collected by these cookies to show you advertisements regarding our Licensee’s products on websites of third parties (also see our Cookie Policy and our Cookie Choices widget, which you can launch at any time by clicking on the heart shaped cookie icon located on the bottom right corner of our website). 

 

We also share Personal Data from Licensees with other Licensees so that our Licensees may use these for marketing purposes, provided you gave these Licensees your consent. 

 

Depending on the consent you gave, the information or offers tailored to your interests, can be send to you by email and/or by banners on third party websites including but not limited to the Licensees’ websites. Please see subsection (i) of this Section 3 for more information on the processing of Personal Data received from Licensees.

 

 

Purpose: Protecting our rights and interests

Personal Data: Contact Data, Automatically generate data

Legal ground: legitimate interest; necessary to comply with legal obligations 

Explanation: We have a legitimate interest to process these categories of Personal Data if we deem this necessary for the protection of FBM’s rights and interests. We may need your Personal Data to substantiate a claim we made against a third party or against you and/or to defend ourselves against claims made against us by third parties and/or you. 

 

Depending on the way we need to protect our rights and interest, FBM may be legally obligated to transfer Personal Data to a third party. In those situations, Processing Purposes “Complying with legal obligations” applies.  

 

 

Purpose: Security management

Personal Data: Contact Data, Automatically generated data

Legal ground: necessary to comply with legal obligations, legitimate interest 

Explanation: We are legally obligated to take appropriate technical and organizational measures to protect your Personal Data. 

 

If the measures we take in relation to the purpose of security management can not be directly related to this legal obligation, for instance if we transfer Personal Data to a third party in relation to a security audit of our systems, we have a legitimate right to process Personal Data for this purpose because it helps enable us to keep the Services and therefore your Personal Data safe which is for your benefit. 

 

 

Purpose: Mergers and acquisitions

Personal Data: Contact Data, Automatically generated data

Legal ground: legitimates interest

Explanation: For this purpose, a third party will gain access to the Personal Data, or part or parts of it.  Although it cannot be determined beforehand which specific Personal Data are necessary, depending on the circumstances, the third party may need access to all Personal Data, for instance for due diligence purposes. 

 

 

Purpose: Complying with legal obligations 

Personal Data: Contact Data, Automatically generated data

Legal ground: necessary to comply with legal obligations 

Explanation: Various legal obligations require us to process your Personal Data, for instance the legal obligation to demonstrate that you have indeed consented to the use of certain cookies that collect Personal Data. Some of these obligations require us to transfer Personal Data at the request of a third party, such as a supervisory authority and/or a court.

 

 

 

4. Third parties 

Subsection (i) of this Section 4 relates to the Personal Data we transfer to third parties whereas subsection (ii) relates to then processing of Personal Data we received from third parties. Please note, because our Licensees are under contracts to produce and sell Florence By Mills branded products on FBM’s behalf, our Licensees are not considered third parties under this or any of our privacy policies.

 

 

(i) Personal data transferred to third parties

 

We will not sell your Personal Data to third parties for direct marketing purposes without your prior consent. 


However, as follows from Section 2 above, in other circumstances we (are obligated to) transfer your Personal Data, or part or parts thereof, to third parties. All contracts entered into with these third parties contain clauses aimed to protect your Personal Data. Specifically with regard to third parties that qualify as “processors” as defined in Clause 4(8) of the GDPR, we have entered into processing agreements which, among other things, describe the technical and organizational measures implemented by these third parties to protect Personal Data. 


While not considered third parties, we transfer Personal Data to Licensees so that Licensees can contact you with regard to their Florence by Mills branded products and services. We will only transfer the Personal Data listed below to our Licensees if you have given us your consent to do so. 

 


Purpose: marketing purposes of Licensees

Personal Data transferred:  Contact data, Transaction data 

Legal basis: consent

 


As a principal, we prefer to store Personal Data locally. This means within the European Economic Area (“EEA”) if collected there. However, it is possible that parts of the Personal Data are stored on servers outside the EEA. In that case we will make sure to comply with the applicable legislation and regulations.


Finally, FBM can transfer Personal Data to third parties if you have consented to this (Clause 6.1(a) GDPR). You have the right to withdraw consent at any time. We will no longer process the relevant Personal Data as of the time of withdrawal. Please be advised that withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.


Please be advised that the Services contains links to websites of third parties, such as the websites of our Licensees. Although these websites have been carefully selected, we are not responsible for the processing of your personal data through them. This EU Privacy Policy does not apply to the use of such websites (also see Section 2, above).

 

 

(ii) Personal Data received from Third Parties: None.  


While not considered third parties, we receive Personal Data from our Licensees so that we can share with our other Licensees so that such other Licensees can contact you with regard to their other Florence by Mills branded products and services. We will only receive the Personal Data listed below from our Licensees if you have given such Licensee your consent to do so. 

 

 

Purpose: marketing purposes of Licensees

Personal Data transferred:  Contact data, Transaction data 

Legal basis: consent

 

 

 

5. Retention of Personal Data 

FBM does not retain Personal Data longer than necessary for the realization of the purposes for which the Personal Data are collected.


We will delete or anonymize the Personal Data we use for the purposes set forth herein within two (2) years after your last use of the Services, except as set forth herein. For the retention periods of Personal Data collected by using cookies, please consult our Cookie Policy.  


Deviations from the above-mentioned retention periods are possible if applicable legislation requires us to retain Personal Data (or part or parts thereof) longer and/or the Personal Data (or part or parts thereof) remain necessary for other Processing Purposes described in Section 3.

 

 

 

6. Security  

Keeping your Personal Data safe is important to us. FBM has therefore implemented technical and organizational measures to ensure a level of security appropriate to the risk. In this regard we have taken into account (among other things) the state of the art and the nature, scope, context and purposes of the processing of your Personal Data. Examples of these measures are: keeping our Services, software and applications up-to-date by installing updates, upgrades and patches; hosting our central database which contains most Personal Data separately from any other databases; limiting access to Personal Data by only allowing such access on a need-to-know basis; using strong passwords; and performing stress and penetration tests on a regular basis.  

 

 

 

7. Your rights 

This Section 7 describes your rights when it comes to FBM’s processing of your Personal Data under GDPR, and also describes how FBM facilitates you in exercising these rights.


Rights of EU Residents 

If the GDPR applies to FBM’s processing of your Personal Data, you have the following rights:   

 

i) Right of access 

Means your right to receive from FBM and made available to you, a copy of the Personal Data we process about you.

ii) Right to rectification 

iii) Right to be forgotten (right to erasure)

Your right to require us to permanently delete or anonymize (certain) Personal Data about you.  

iv) Right to restriction of processing 

v) Right to data portability 

vi) Right to object  

 

 

If you wish to exercise any of the rights stated above, you can send a substantiated request by email to: EUrequest@florencebymills.com or you can do so via our form, located at - https://www.florencebymills.com/pages/gdpr-compliance.  

 

 

Before we can start the assessment of your request, FBM must be sure of your identity. If FBM is unable to establish your identity at first, we are obligated under the GDPR to request further information for the purpose of verifying your identity.

 

 

Please be advised that the above-mentioned rights are not absolute. The GDRP stipulates the conditions under which the rights can be invoked. FBM can therefore only comply with a request to exercise your rights if we have established that all applicable conditions are met. 

 

 

FBM tries to respond to requests within a reasonable period of time, and normally within one (1) month. However, it is possible that FBM will need additional time. If that is the case, FBM will inform you thereof before the end of the aforementioned one (1) month period. The additional time will not exceed two (2) months (in total). 

 

 

 

8. Cookies 

If cookies collect Personal Data, this EU Privacy Policy also applies to the processing of the Personal Data in addition to Cookie Policy

 

 

 

9. Complaints 

If you contact FBM with a complaint regarding the processing of your Personal Data and we are unable to resolve this complaint together, as an EU Resident, you can lodge a complaint with the competent national supervisory authority as meant by the definition of supervisory authority concerned in Clause 4(22) of the GDPR.

 

 

 

February 27, 2024