NEUTROGENA® Collective Privacy Notice
Welcome to our Privacy Notice for Neutrogena, part of Kenvue’s family of brands (“we”, “our”, “us”). We are committed to protecting your Personal Data, this Privacy Notice outlines our practices regarding the processing of your Personal Data when you register as a Neutrogena Collective member and engage with us over social media.
We have organised this Privacy Notice into sections and included a Glossary at the end where you can find an explanation of any defined terms we have used. We will update this Privacy Notice from time to time. Any changes will be available on the Privacy Notice accessible from the website and will include the last reviewed date. If we make any significant changes, we will notify you and provide you with additional information. We encourage you to check this Privacy Notice regularly to stay informed about how we use your Personal Data.
Links on our website may direct you to other brands or services we offer, each with its own privacy notice distinct from this one. We encourage you to review the specific privacy notices of these sites to understand how they use your personal data.
About Us and Contact Details
Johnson & Johnson Ltd, part of Kenvue registered at 50-100 Holmers Farm Way, High Wycombe, Bucks HP12 4EG
Under Applicable Data Protection Laws, we are the Controller of your Personal Data.
We have designated a Data Protection Officer (DPO). You can contact our DPO and the EMEA DPO Team at [email protected]
Where Do We Collect Your Data from?
We will collect Personal Data about you from the following sources:
Directly From you:
- When you visit our website or register to use our services.
- Through cookies we use on our website, for more information please visit our Cookie Policy
- Via surveys and feedback forms e.g. data collected when you participate in surveys, feedback forms, or market research initiatives.
- Your devices e.g. when you use your device to browse our website. For more information about our use of Personal Data which we collect from your device see our Cookie Policy
Third Parties:
- Companies that are part of Kenvue to assist us with the services we offer you or for internal administrative purposes.
- During collaborative events with other organisations.
- The institution or organisation you are affiliated with
- Social Media Platforms
Publicly available sources:
- Publications, academic registries
Why Do We Collect Your Personal Data and What Types?
The table below outlines what activities we carry out, the type of Personal Data we use and our legal basis for processing your Personal Data.
|
Why We Collect Your Personal Data
|
Personal Data Processed
|
Our Legal Basis
|
|
To send you products and samples
|
Postal address, name, email
.
|
Contractual necessity (to fulfil the agreement to provide products and samples)
legitimate interest (the brand's interest in providing samples for review or promotion)
|
|
To use your content on our social channels
|
Social media handle (a public username used on social media accounts. On platforms like TikTok and Instagram) which can include your social media content, images, and videos that may include your likeness or voice
|
Contractual necessity (to fulfil the agreement to allow us to use your social media handle to promote our products)
legitimate interest (the brand's interest in marketing and promoting its products using real user-generated content).
|
|
To use your content on our retailer channels
|
Social media handle (a public username used on social media accounts. On platforms like TikTok and Instagram), which can include your social media content, images, and videos that may include your likeness or voice
|
Contractual necessity (to fulfil the agreement to allow us to use your social media handle to promote our products)
legitimate interest (the brand's interest in enhancing sales and visibility through retailer channels with authentic content).
|
|
For events management
|
Address, name, email, social media handle, dietary preferences or restrictions, accessibility requirements.
|
Contractual necessity (to manage your participation in events)
legitimate interest (organising events efficiently and catering to participants' needs).
|
|
To send you marketing communications about our brand, products and services
|
Email, name, social media handle, interaction history
|
Consent (you agree to receive marketing communications)
|
|
To share your social handle with other influencers
|
Social media handle (a public username used on social media accounts. On platforms like TikTok and Instagram), which can include your social media content, images, and videos that may include your likeness or voice
|
Consent (explicit agreement to share this information)
|
|
To provide you with access to our Services e.g. to browse our website, download reports, presentations
|
Device information, IP address and browsing behaviour. Please see our see our Cookie Policy
|
Contractual necessity (to provide the requested services)
legitimate interest (to ensure a good user experience and improve service offerings).
|
|
To send you technical notices, updates, security alerts and to ensure security of the website
|
Email, device and access information.
|
Legitimate Interest in preventing and detecting fraud or other wrongdoing and protect both users and brand interests).
|
|
To provide customer service and support
|
Email, name, communication/content of support requests.
|
Contractual necessity (to resolve issues and provide support)
legitimate interest (to ensure satisfactory customer experience and service quality).
|
|
To find, investigate and prevent fraudulent activities.
|
Email, name, transaction history, browsing behaviour, and any other relevant data that could indicate fraudulent activities
|
Legitimate Interest (to investigate and prevent fraudulent activities).
|
|
For claims, legal disputes, investigations, enforcement of terms and conditions, for the defense of our rights.
|
Email, phone number, transaction data, communication records, legal documents.
|
Legitimate Interest (for the purpose of establishing, exercising, or defending legal claims.)
|
|
We may process and disclose your Personal Data to comply with legal process or applicable law, which may include laws outside your country of residence.
|
As required by the specific legal request or obligation, which could include a wide range of data, Contact details (email, phone number), As account details, transaction history, and communication records.
|
To comply with our legal obligations
Legitimate Interest (to comply with the laws and regulations in other countries we are subject to).
|
Marketing (Withdrawing Your Consent)
If you have consented to receive (opted-in) direct marketing, you can withdraw your consent (opt-out) and not receive marketing communication from us anytime. You can do this by clicking unsubscribe in our marketing emails or contact us here. Please note that if you withdraw your consent to receive marketing related messages from us, we may still send you important transactional and administrative messages, from which you cannot opt out from.
Marketing from our other parties
If you have previously consented to receiving marketing from our affiliates or third-party partners, each with its own unique offerings, you will receive messages and promotions directly from them. Our affiliates and third-party partners manage their own marketing activities. They will handle your Personal Data and any consent withdrawals as set out in their privacy notices.
Where you have consented but no longer wish to receive marketing from our affiliates or third-party partners, you should contact them directly to stop their marketing messages.
With Whom Do We Share Your Personal Data?
Your Personal Data may be shared with various recipients for the purposes outlined under section 4. You can find the categories of recipients below:
- IT services providers, in the field of image optimization, analytics, hosting services, logs management, security and performance for the browser.
- Website Development Companies.
- Data Analysis Firms to improve our services and user experiences.
- Customer Service that assists in handling customer inquiries and issues.
- Data enrichment service providers e.g. social media platforms (Facebook, Instagram) to provide us with data which, when combined with our own datasets, help us better understand your activities and interests for our marketing or analytics purposes.
- Retailer Social Media Platforms
- Other Influencers
- Marketing, influencer, digital agencies and advisors.
- Kenvue Affiliates acting as our processor, to help us provide our services to you e.g. our customer service function to handle your enquiries.
- Our external professional advisors e.g., legal advisors, our auditors.
- Our Kenvue Affiliates, to send direct marketing about their services and products where you have consented to them doing so.
- Where permitted by applicable law, a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- We may also disclose your Personal Data when necessary or appropriate, especially in response to laws enforcement agencies, fraud prevention bodies, legal counsel, public or government authorities. This may include authorities outside your country of residence. Such disclosures are made to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.
How do we protect your Personal Data?
We seek to use effective organisational, technical, and administrative measures designed to protect Personal Data under our control. For example, we implement robust security measures to protect your information, which include encryption of transmitted data and secure password practices. If you have a reason to believe that your interaction with us is no longer secure (for example, you believe that the security of your account with us has been compromised), please immediately notify us via the “Contact Details” section above.
International Transfers of Personal Data
To ensure your data is protected in the countries we transfer to outside [name country], we either:
- Transfer your Personal Data to countries recognised by the UK as providing adequate data protection, please see list here or
- Transfer your Personal Data by contractually ensuring that the recipient is bound by the UK International Data Transfer Agreement or the UK Addendum to the EU's Standard Contractual Clauses/ EU Standard Contractual Clauses .
You may obtain a copy of these adequate measures by contacting our Data Protection Officer and the EU DPO Team in accordance with the “Contact Details” section above.
How Long Do We Store Your Personal Data
We will retain your Personal Data for as long as needed or permitted considering the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide our services to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable considering our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
Your Rights:
You have various rights regarding your data, as detailed in the table below:
|
Your rights
|
Description
|
|
The right to object to the processing of your Personal Data
|
You can object to the use of your Personal Data for certain purposes. You have the right to stop your Personal Data being used for direct marketing at anytime
|
|
The right to be informed
|
You have the right to know if and how we process your Personal Data, as detailed in this Privacy Notice.
|
|
The right of access
|
You can request access to and a copy of your Personal Data we have unless legal exceptions and exemptions apply.
|
|
The right to rectification (correct)
|
You can ask us to complete or correct any incomplete or incorrect Personal Data.
|
|
The right to Erasure (also known as the “right to be forgotten”)
|
You have the right to ask us to delete your Personal Data in certain circumstances, for example, we cannot delete if there is a legal or regulatory obligation on us to keep it.
|
|
The right to restrict the processing
|
You can request that we limit processing your Personal Data in specific situations: a) when its accuracy is contested, b) the processing is unlawful, but you do not require the deletion of your Personal Data c) your Personal Data is no longer needed for processing, but you need it for the establishment, exercise or defence of legal claims d) If you object to processing of your Personal Data occurring based on our Legitimate Interest.
|
|
The right to data portability
|
You can request your Personal Data in a machine-readable format, only when processing is based on your consent or contract and is carried out by automated means.
|
|
The right to withdraw consent
|
If you gave consent for processing your Personal Data, you can withdraw it anytime. Withdrawing consent will not affect the lawfulness of past processing, and we will inform you if we can no longer provide you with your chosen service.
|
We will keep a record of your requests. In cases of manifestly unfounded, vexatious or excessive request, we may charge a reasonable fee or refuse the request. If you make a request, we will need to confirm your identity and may ask for additional information to help us with your request. We will respond to your request without undue delay, but it may take up to one month to respond. If your identity cannot be verified, we cannot process your request. You can exercise your rights by contacting us here. Please note that for a complex request, timelines may extend up to two months. In such case you will be promptly informed accordingly.
How to Lodge a Complaint
If you have any questions, concerns or complaints about this Privacy Notice, please contact us here.
You may also lodge a complaint with a data protection supervisory authority in particular where you reside, you work or the matter you are complaining about took place.
The competent data protection supervisory authority in the UK is the Information Commissioner’s Office (ICO), Make a complaint | ICO
Updates to the Privacy Notice
This policy was last updated on 04/08/2024
Glossary
|
Terms
|
Definitions
|
|
Applicable Data Protection Laws
|
means all applicable EU legislation and regulation relating to data protection and privacy including without limitation UK's version of the EU GDPR (the "UK GDPR") and the UK's ePrivacy rules ("PECR").
|
|
Controller
|
is a person(s) or company (either alone or jointly or in common with other persons) who decides how Personal Data will be processed.
|
|
Legitimate Interest
|
This is a legal basis which we are able to rely on where we are processing Personal Data for our activities and needs or the activities and needs of others, including providing you with the best service and experience we can offer.
We will balance our interests against any potential impact on your rights or freedom. If your rights, interests and freedoms override our interests, we will not process your Personal Data under this legal basis. |
|
Personal Data
|
This refers to any Information relating to an identified or identifiable individual, who can be directly or indirectly identified by reference to identifiers (e.g. name, email, demographic information, and online identifiers).
|
|
Privacy Notice
|
Also referred to as a Fair Processing Notice or a Privacy Policy – informs individuals what Personal Data is processed and how and why a company will process it. This document is the Privacy Notice for the Services.
|