Gifting has never been easier
Perfect if you're short on time or are unable to deliver your gift yourself. Enter your message and select when to send it.
PRIVACY POLICY
Introduction
We value your privacy and are committed to protecting your personal data. When you visit our website www.gisou.com and/or its subdomains e.g. us.gisou.com (hereinafter: “Site”), when you make a purchase in our webshop or sign up for our newsletter, NM Beauty Industries B.V. (“NM Beauty” or “we”) processes personal data. We also process personal data when you apply for a job at NM Beauty. Furthermore, we process personal data of our suppliers. The term 'personal data' includes all information about an identified or identifiable natural person. In the processing of personal data, NM Beauty qualifies as the controller in the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
This Privacy Policy aims to inform you how NM Beauty collects and processes your personal data and to provide you with information on your legal rights under the GDPR.
We point out that we do not intend to collect personal data from persons younger than 16 years old, unless they have permission from parents or guardians. As we cannot verify if a person is older than 16 years old, we strongly advise parents to be involved in their children’s online activities.
Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide the requested data, we may not be able to perform the agreement we have or are trying to enter in with you (e.g. to provide you products you would like to order). If this is the case, we may need to cancel the order you placed with us, but we will notify you beforehand.
It is important to read this Privacy Policy together with our Terms of Use and Terms and Conditions. We recommend that you read this Privacy Policy, the Terms of Use and the Terms and Conditions carefully.
Table of Contents
About us
NM Beauty Industries B.V. is a private company (‘besloten vennootschap’) established under Dutch law, based in Amsterdam (The Netherlands) and registered with the Chamber of Commerce under file number 63969769, trading under the trade name “Gisou”.
If you have any questions regarding our Privacy Policy, on how your personal data are handled, or wish to exercise your privacy rights, please direct your inquiry to info@gisou.com or contact us using the address below.
NM Beauty Industries B.V
Nieuwe Spiegelstraat 10
1017 DE Amsterdam
The Netherlands
Please note that this Privacy Policy is not applicable to third-party websites connected to this Site through links or applications. Clicking on such links may allow third parties to collect or share data about you. We cannot guarantee that these third parties will handle your personal data in a secure and careful manner, as we do not control these websites and are not responsible for their privacy policies. We therefore recommend you read these websites’ privacy policies before clicking on any links or making use of the websites accessed by such links.
Personal data we collect and purposes for which these data are collected
Customers and potential customers
We may process the following (categories of) personal data of (contact persons of) our (potential) customers if and when necessary for our order administration:
We process these data for the following purposes:
We may process the following (categories of) personal data of (contact persons of) our (potential) customers if and when necessary for our service administration:
We process these data for the following purposes:
We may process the following (categories of) personal data of (contact persons of) our (potential) customers in our client marketing database:
We process these data for the following purposes:
Newsletter subscribers and Custom Audiences
We have a newsletter to inform those interested in our products and/or services, contests, prize draws and other events. The newsletter is event-based, meaning that it will be sent when certain events occur (such as a new product being launched). Your email address will be added to the list of subscribers only with your explicit consent. The newsletter is aimed at driving engagement and may include information about new products, promotions and events. We can measure when and to what extent newsletters are opened and on which links in the newsletter you click. Each newsletter contains a link through which it is possible to unsubscribe from our newsletter.
When you sign up to our newsletter, we process the following personal data:
We process these data for the following purposes:
To find you on social media, we use Custom Audience targeting from Google Ads Customer Match, Facebook Custom Audiences , TikTok Custom Audiences and Pinterest Custom Audience and targeting functionalities within these platforms. Such functionalities help us to reach (potential) customers through various means, including socio-demographic targeting, interest targeting, keyword targeting, affinity targeting, and others. To do this, we upload certain information, such as a cookie ID - if you have provided consent for the use of the related marketing cookies - and hashed contact data, which is converted into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to enable us to target our advertising campaigns at specific users. We can also use the match quality functionality from Meta, Google, TikTok, Pinterest and Criteo, to enhance our retargeting campaigns sending to these platforms information such as cookie ID, IP address, Client user agent and hashed contact data if you give us your consent. You can read additional information about this functionality via the information provided by Meta here, by TikTok here, and by Google here. If you do not want to be part of a Custom Audience tool, you can indicate this at any time by contacting us via info@gisou.com . You can change your cookie settings at any time as is explained in our Cookie Policy. You can also control the ads you see on Google services, including Customer Match ads in your Google Ads settings. More information about changing your Facebook ad preferences can be found here.
Site users
When you visit our Site, we analyse your use of our Site via the use of cookies and similar technologies. You can set your browser to (partly) disable or refuse cookies. Please read our Cookie Policy for more information about the use of cookies.
We may process the following (categories of) personal data of all our Site users (whether you make a purchase or not):
We process these data for the following purposes:
Beauty Advisors (Virtual Beauty Consultations)
You can make an online appointment to get advice from our Beauty Advisors. In order to offer this service, we process the following personal data:
We process this data for the following purposes:
Please note that the audio recordings will be deleted within two weeks after your online appointment. You can object to the audio recording of your beauty advice session at the start of your online appointment.
Suppliers
We may process the following (categories of) personal data of persons from whom we purchase products or services or who work at our suppliers if and when necessary in our supplier administration:
We process these data for the following purposes:
Job applicants
If you apply for a job at NM Beauty, we may process the following (categories of) personal data if and when necessary in dealing with your job application:
We process these data for the following purposes:
Legal grounds for processing
We process your personal data on the basis of one or more of the following legal grounds:
If we process your personal data on the basis of your consent, we will request this separately from you. You may withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.
If you have specific questions about the legal grounds on which certain personal data are being processed, we are happy to provide you with additional information and you can always contact us via info@gisou.com.
To whom do we provide your personal data?
We do not disclose your information to third parties (‘recipients' within the meaning of privacy legislation), unless necessary for the proper performance of the purposes described in this Privacy Policy. For example: to fulfil your order, we need to share your data with payment providers and transportation companies. We may share personal data with our service providers, such as hosting providers, e-mail services and (other) software suppliers, payment service providers, transportation companies, lawyers etc. Furthermore, we may share your data when necessary to and defend the rights or property of NM Beauty and when necessary to protect the personal safety, property or other rights of the public, NM Beauty or its customers or employees.
The third parties to whom the personal data is made available are obliged to treat your personal data confidentially. If these parties are regarded as 'processors' within the meaning of the privacy legislation, we will ensure that a data processing agreement is concluded with these parties that meets the requirements set out in the GDPR.
Your personal data may be included in an acquisition of NM Beauty, in whole or in part; a sale of some or all of NM Beauty; a merger or merger involvement; during a bankruptcy; dissolution or other transition of our business. This means that your personal data may be transferred to a new owner or successor entity to ensure that our services can be continued.
In order to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside the European Economic Area that offers a lower level of protection of personal data than that provided by European legislation. In that case NM Beauty will ensure that such a transfer of personal data is in accordance with applicable legislation, for example by concluding a model contract drawn up and approved for that purpose by the European Commission and we will assess whether any additional measures are necessary to guarantee an appropriate level of protection of your personal data. Please do not hesitate to reach out to us if you wish to receive more information about the appropriate or suitable safeguards in place for data transfers outside of the European Economic Area or if you would like to obtain a copy of them.
How long do we store your personal data?
We will not retain your personal data in an identifiable form for any longer than is necessary for the purposes set out in this Privacy Policy.
The personal data in our order administration will in principle be deleted at the latest two years after the order in question has been processed. The personal data used for website analysis are stored for a maximum of 24 months. The personal data in our service administration and client marketing database are retained for five years after closure of the client file. The e-mail address used for newsletter subscriptions is removed from our mailing list as soon as you choose to unsubscribe.
The personal data of suppliers will in principle be deleted at the latest two years after the order in question has been processed.
The personal data you provide to us for your job application will be retained for up to four weeks after the end of the application procedure. You can choose to provide us with your consent to retain your personal data for one year after the end of the application procedure. This enables us to reach out to you if job opportunities which may be of interest to you, become available. The personal data that you have provided in the context of your application will become part of your personnel file when you start working for NM Beauty.
In addition to the abovementioned retention periods, we may need to retain certain personal data in order to comply with statutory retention obligations, such as the retention of certain accounting data for 7 years from the end of the year in which the relevant data has lost their current importance for (tax) business operations in connection with our tax retention obligation arising from article 52 of the Dutch State Taxes Act.
The specific retention periods referred to above may become longer or legal retention periods may become applicable to which we need to comply. We may also retain personal data for a longer period of time if necessary for our legitimate interests, such as when necessary for settling legal disputes.
Security of your personal data
We have security measures in place to reduce the likelihood of misuse, loss and unwanted disclosure of, and unauthorized access to, personal data. Our employees and business partners are bound by confidentiality and are bound by instructions aimed at the adequate protection of your personal data.
We have procedures in place to deal with personal data breaches and will notify you and the applicable regulator of such breach where we are legally required to do so. If you have any questions about the security of your personal data, or if you suspect or have any indications of misuse, please contact us at info@gisou.com.
Your privacy rights
You have the following rights with regard to the processing of your personal data by us:
If you wish to exercise any of the rights above, please contact us via info@gisou.com or via the address mentioned in the ‘About us’ section.
Please be aware that in order to prevent fraud and misuse, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request. If you wish to inspect personal data linked to a cookie, please make sure to include a copy of the relevant cookie. You will find the cookie in your browser settings.
Within a month after receipt of your request, we will inform you whether we can comply with your request. This period may be extended by two months in specific cases, for example when a complex request is made. We will inform you of such an extension within one month of receipt of your request. Based on privacy legislation we can refuse your request under certain circumstances. If we do so, we will explain the reasons for the refusal. If you object to the processing of your personal data for direct marketing purposes, we will always respect this request. You can find more information about your privacy rights on the website of the Dutch Data Protection Authority.
How can you file a privacy complaint?
If you have a complaint about the processing of your personal data by us, we will do our utmost best to resolve it with you. You have the right to lodge a complaint with the competent supervisory authority at any time. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). If you live or work in another country of the European Union, you can file a complaint with the competent supervisory authority in that country.
Changes to this Privacy Policy
We reserve the right to change this Privacy Policy and will always post the most recent version of this Privacy Policy on our website. If substantial changes are made that could significantly affect one or more data subjects we will strive to inform the relevant data subjects directly.
This Privacy Policy was last amended on January 4th 2024.