Lyko Privacy Notice

Lyko Sverige AB is part of an international chain of hair care and beauty specialists who are passionate about beauty. We understand that you care about your privacy. So this Privacy Notice describes our policies and practices regarding the collection and use of your personal data as well as sets forth your privacy rights. We take your privacy seriously and will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Summary

This website is operated by Lyko Sverige AB, reg no. 556575-3018 (“Lyko”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Sveavägen 53, 113 59 Stockholm, Sweden.
Through this website you may learn about our products and services, subscribe to our newsletters, as well as learn about what we at Lyko do and are passionate about.

You will be able to access most of the website without registering your personal data with Lyko. We do, however use cookies, which provide us with personal data about you. You can read more about our cookies in our Cookie Policy.
Certain sections of the website require that you provide us with some information about yourself. Such sections may include, for example, the page for recruitment when you submit a job application with us or when you subscribe to our newsletter. These sections may ask you to provide information such as, but not limited to, your name, your email and your address.
For the specific services, such as Club Lyko, and services managed by our affiliates, such as the webshop, which you may access from lyko.com, specific terms and privacy policies of the relevant services will apply.
We are part of an international group of companies and share administrative systems. Because of this, we may share some or all of your personal data with affiliates for administrative purposes, or the legitimate business purposes described below.
If you have any questions or concerns, please contact us at privacy@lyko.com.

Please follow the links below for further information

Last Revised: 2021-12-01

Go to the condensed version | Go to the full text version

Privacy Notice Full Text

Last Revised: 2021-12-01

Table of Contents

Introduction
Our principles
Personal data that we collect
How and why we use your personal data
Recruitment
When and how we share information with others
Data subject rights
Security of your information
Data storage and retention
Exclusions
Additional Services
Changes and updates to the Privacy Notice
Questions, concerns or complaints

CHANGE HISTORY

Go to the condensed version | Go to the full text version

---------------------------------------------------------------

Privacy Notice

1. Introduction

Welcome to lyko.com! Lyko is an international chain of hair care and beauty specialists who are passionate about beauty! This website is operated by Lyko Sverige AB, reg. no.: 556575-3018 (“Lyko”, “we”, “us”) a company incorporated under Swedish law whose principal place of business is at Sveavägen 53, 113 59 Stockholm, Sweden. This Privacy Notice is therefore applicable on the websites and services provided by Lyko Sverige AB, reg no.: 556575-3018, as well as Lyko’s affiliates. For information about the affiliates included in the Lyko Group, please visit our Affiliates Page.

Through this website you may learn about our products and services, subscribe to our newsletters, and learn about what we at Lyko do and are passionate about.

This Privacy Notice describes our policies and practices regarding our collection and use of your personal data. It sets forth your privacy rights, for when you browse our website or use certain functions of the website. Please note that some of our sites contain links to third-party products whose personal information policies might differ from ours. If you enter personal data in any of these products, your information will be processed in accordance with their respective privacy policy.

Please Note: For the specific services, such as our loyalty programme Club Lyko, and services managed by our affiliates, such as the webshop, which you may access from lyko.com, the specific terms and privacy policies of the relevant service will apply.

We understand and acknowledge that privacy is an ongoing responsibility. We will therefore from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Summary: This Privacy Notice applies to when you browse lyko.com.

2. Our principles

2.1 We do our best to protect your privacy by using security technology appropriately. This means that:

We make sure that we have appropriate security measures to protect your information.
We make sure that when we ask another company to provide a service for us, they have appropriate security measures.
We will respect your privacy. You should receive marketing (whether by email, post, SMS or telephone) only from us and, if you agree, from other organisations we have carefully chosen.

We will make sure it is clear when you can make choices regarding our marketing to you. You will, for example, always have the option to opt out of receiving direct marketing from us.
We will collect and use individual visitor details only if we have your permission or we have sensible business reasons for doing so, such as for marketing purposes.
We will be clear and transparent regarding what personal information we collect and how we will use it.
We will use personal information only for the purposes for which it was originally collected, and we will make sure we delete it securely.

2.2
If we or our service providers transfer any information out of the European Union and European Economic Area (EEA), it will only be done with the relevant protection (stated under applicable data protection legislation) being in place. This includes, for example, that we will use the standard contractual clauses approved by the European Commission for data transfers to third countries (the so-called ‘SCCs’) in the agreements with our processors.

Summary: We respect your privacy and your personal information is safe with us.

3. Personal data that we collect

3.1 Collection of personal data

Lyko collects personal data about its website visitors. We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our products and services. For more on this, see Section 5.

3.2 Personal data you provide to us

When using certain functions of the website, you provide us with personal information directly, e.g. if you order an annual report or subscribe to our newsletter, we will ask for your email address. If you submit a job application, we will ask you for additional information, such as your name, your contact information, and when applicable, your previous work experience and education.

3.3 Personal data we collect when you visit our website – use of cookies

When you visit our website, we collect certain information about you, for the purposes described in section 4.

Like many other websites, lyko.com collects certain information automatically and stores it in log files, to generate statistics and measure site activity. This information may include IP addresses, web beacons, the region or general location of your computer or device, browser type, operating system and other usage information about the use of our website, including a history of the pages you view. Read more about the use of cookies in our Cookie Policy.

3.4 Your correspondence with Lyko

If you correspond with us by email, telephone, or any other form of communication, we may keep such correspondence and the information within (such as name, inquiry, location, and any personal identifiable information you provide in free text form). We will use it to respond to your inquiry; to notify you of publications or other services; or to keep a record of your complaint, question, request, and the like. If you wish to have Lyko “erase” your personal information or otherwise refrain from communicating with you, you are always welcome to contact us at privacy@lyko.com.

Note: if you ask Lyko not to contact you by email at a particular email address, we will retain a copy of that email address on its “master do not send” list specifically to comply with your no-contact request.

3.5 What happens if you do not provide us with your data

You can use our website without providing us with your personal information. However, you will not be able to submit a job application or subscribe to our newsletters without providing Lyko with essential data for the performance of the contract.

You can choose only to enter the minimal amount of mandatory information when making a purchase.

Summary: You do not have to provide us with your data to only browse lyko.com.

4. How and why we use your personal data

4.1 We use your personal data for the purposes described below.

4.2 Managing subscriptions. When you subscribe to our newsletter or order a report, we will ask you to provide us with your email address, so that we can deliver the services and products that you’ve requested.

Legal basis: We use your personal data as is necessary to manage your subscriptions as you requested (legitimate interest) and Swedish Marketing Practices Act with regards to consent alternatively established customer relationship. Managing recruitment. Via our website, you can apply for specific job openings. When you do this, we need certain information from you, so that we can manage the application and contact you if necessary, and so that we can assess whether you are suitable for employment with Lyko.

Legal basis: We use your personal data as is necessary to manage the recruitment process, which is based on our legitimate interest, legal obligations, and, if applicable, your prior consent.

4.3 Statistics, analytics, and service improvement: We collect and store IP addresses, device location, browser type, operating system and other usage information about the use of our website, to help us design our site to better suit your needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather demographic information which assists us in identifying visitor preferences. For statistical purposes we store information about how many individual visitors to our website we have, and how often these individual users visit our website. We collect and store this information to better understand our customers’ needs and interests, so that we can develop and improve our services. For more information about the use of cookies, please read our Cookie Policy.

Legal basis: We carry out this processing because it is necessary for our legitimate interest to improve our services and to develop our business. As applicable, we also rely on your consent to our use of cookies under the e-Privacy directive.

4.4 Showing you relevant marketing when you visit our website. When you browse our sites, we may store certain cookies to analyse your browsing preferences, so that we can show you relevant marketing when you come back to our site. This means that we store information about what we think you are interested in and adjust the marketing you see when you visit our website accordingly. For more information on exactly what type of cookies we use, what type of information they gather, why they gather this information, and how you can manage, inactivate or delete cookies, please visit our Cookie Policy.

Legal basis: We carry out this processing to the extent it is necessary for our legitimate interest to understand our visitors and provide them with personalized and relevant content and offers. As applicable, we also rely on your consent to our use of cookies under the e-Privacy directive.

4.5 Providing you with relevant marketing from our affiliates and business partners: We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email and/or your billing/shipping address, you may receive marketing from our affiliates and other companies you might be interested in. We will also provide our business partner you’re your e-mail address when you make a purchase through our website, to ask for your review of you experience with us. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.

4.6 Security: We use visitor data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.

Legal basis: We carry out this processing because it is necessary for our legitimate interest to protect our systems and services.

4.7 Customer support/Communication with you: As is mentioned above in section 3, certain information that you provide to us when you contact us is stored and processed in order to best manage your inquiry with us and manage any customer complaints.

Legal basis: This processing is carried out to reply to your requests and to fulfil our contract obligations and legal obligations.

4.8 Third party payment services: If you choose to pay your purchase later with an invoice, we will use and transfer your personal data to the selected third party payment service provider. Our purpose is to transmit our claim and for us to complete the purchase with you. Please note that the terms and privacy policies of such third payment service providers will apply for the use of your personal data for processing your payment.

Legal basis: This processing is carried out to provide you with the products you have purchased and to fulfil our contract with you.

4.9 Other Purposes: If we intend to use any personal data in any manner that is not consistent with this Privacy Notice, you will be informed of such anticipated use prior to or at the time the personal data is collected, or we will obtain your permission subsequent to such collection but prior to such use.

Summary: We only process your data for specific purposes, and we do at least have one legal basis for each processing.

5. Recruitment

5.1 Lyko will collect personal information about you when you engage in our recruitment services. We use a third-party provider, Reachmee, for our recruitment activities. You may access and submit, store, change and update your personal information through your candidate profile in the recruitment portal provided by Reachmee.

5.2 You can use the recruitment portal to:

Apply for the positions at Lyko which are specifically advertised on our website,

Apply speculatively for possible future job openings at Lyko, and
Sign up to receive email notifications about vacant positions at Lyko (you can always choose to stop receiving such emails via Settings in your account).

5.3 The information we may collect when you use our recruitment services for the purposes described above include, for example:

your CV, information about previous education, employment history and references;
your answers to questions from work psychology aptitude tests; and

any other information which may be relevant for assessing your suitability for a position with us at Lyko.

5.4 We also need to collect contact information to communicate with you, such as your name, your postal and email address, and your telephone number. In connection with our recruitment services, we will also collect additional special categories of personal data in order to comply with our legal obligations or to be able to provide employee benefits; we will ask you to provide us with, for example, your gender identity and your age, as part of our actions to promote equality in the workplace, as allowed or necessary by law.

5.5 Lyko uses your personal information to match your skills and experience with the roles offered by Lyko. The information is processed by Reachmee and may also be passed to relevant hiring managers and other persons involved with HR and recruitment at Lyko. If you are invited to an interview, Lyko might collect further information about you to help assess your suitability for the role. This additional information might include certain health information in order to provide disability benefits as well as a suitable working environment for specific candidates; we may also need to conduct criminal background checks for some candidates, for example regarding certain managerial positions.

5.6 We may collect personal information from the following sources:

Directly from you;

From recruitment agencies;
Through publicly available sources online, e.g. LinkedIn; or
By reference or word of mouth (such as from a previous employer).

5.7 Although we will transfer your personal information from our recruitment portal to our internal HR systems if we hire you, this Notice does not form part of an employment offer or contract between you and Lyko. If we do make an employment offer to you, we will separately provide further information about our handling of your personal information.

Summary: We respect your privacy when you apply for a job with us.

6. When and how we share information with others

6.1 We share your personal data when it is necessary for the completion of any transaction or for the performance of any contract, or when we have sensible business reasons for doing so. If you choose to pay later by invoice, we will share your personal data with our third party payment service provider.

6.2 For the purpose of managing your subscription, or managing the functioning of our website, we may disclose your personal information to our affiliates and service partners (i.e. companies we've hired to provide customer support, assist in protecting and securing our systems, or assist us in the administration of our newsletter or reports) that are entrusted to process your information on our behalf and in accordance with our instructions, this Privacy Notice and other appropriate measures for privacy and security. We will also share your information with our service partners if you review the product you purchase from us or your contact with us.

6.3 We may also disclose your personal information to third parties if we have good reasons to believe that access, use, retention or disclosure of such information is reasonably necessary to:

comply with any court order, governmental order or decision, or other legal obligation,

enforce or apply our agreements,
manage and maintain the security of our products, including preventing or stopping an attack our computer system or network, and
protect the rights, property, or safety of Lyko, its customer, its franchisees, or others.

Please note that the terms and privacy policies of such third party service providers will apply for the use of your personal data for processing your requests.

Summary: We only share your data when we have to.

7. Data subject rights

General information

7.1 Lyko complies with current data protection laws in the European Union, which, when applicable, include the following rights:

You are free to request access to a record of your processing (as defined in the law), and you have the right to information about the processing and access to a copy of your personal data, request a correction and, in certain circumstances, deletion of your personal data.
You are entitled to request restriction, and object to the processing, of your personal information which has as its basis our legitimate interests.

You have the right to file a complaint with a data protection authority. The Swedish Authority for Privacy Protection (Sw. ‘Integritetsskyddsmyndigheten’) is the authority in Sweden that oversees how we as a company comply with relevant data protection legislation.
If the processing of personal data is based on your consent, you are entitled to withdraw your consent for future processing of your personal information at any time.
You are entitled to request that we provide your personal information to another organisation responsible for processing your personal data (controller) in cases where our right to process your personal data is based either on your consent or performance of an agreement with you.

7.2 You will have reasonable access to your personal information at no extra cost if you request this via privacy@lyko.com. If we cannot provide you with this within a reasonable time frame, we will give you a date for when the information can be provided. If such access is denied, we will explain to you why access has been denied.

7.3 When processing your personal information, we will do so in cooperation with our affiliates to offer you the functions of the website, operate our business, meet our contractual and legal obligations, protect our systems and customers, or meet the legitimate interests as described in detail in the sections "How and why we use your personal data" and "When and how we share information with others" above. When we transfer personal data from the European Union, we make it based on several legal mechanisms, as described in the section "Data storage and retention".

7.4 To what extent do we use automated individual decision-making (including profiling)?

As a rule, we do not make decisions based on automated processing and profiling that will have legal effect for you as defined in Article 22 GDPR. If we were to use such procedures in the future, on a case-by-case basis, we will inform you separately and request your consent before such new use of your personal data, to the extent required by law.

7.5 Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)

Right to object to processing which is based on our legitimate interests.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on article 6 (1) f) GDPR (processing to safeguard legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.

If you choose to refrain from receiving interest-based advertising, it does not mean that you will no longer see advertisements on our web sites without the advertisements displayed will not be appropriate for you and therefore, are perceived as less relevant. See more under the section "Data subject rights" below.

Right to object to the processing of data for marketing purposes.
In certain cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes. There are no formal requirements for lodging an objection; where possible it should be made by privacy@lyko.com.

7.6 Note: if you ask Lyko not to contact you by email at a particular email address, Lyko will retain a copy of that email address on its “master do not send” in order to comply with your request.

Summary: We respect your rights regarding your data.

8. Security of your information

8.1 To help protect the privacy of data and personally identifiable information you transmit through the use of our website, we maintain physical, technical and administrative safeguards. We regularly update and test our security technology.

8.2 We restrict access to your personal data to those employees who need to know this information to provide services to you or to administer our systems. We train our employees about the importance of confidentiality, privacy and security.

8.3 We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Summary: Your personal information is safe with us.

9. Data storage and retention

9.1 Personal data handled by Lyko is stored and processed in the region in which you live, in Sweden or in other European countries where Lyko, its affiliates, subsidiaries, partners or suppliers are active. We take steps to ensure that the information we collect following this Privacy Notice is dealt with in accordance with the provisions of this Notice and in accordance with applicable laws where the information is available.

9.2 If we were to transfer your personal data to third countries, i.e. countries outside the EU / EEA, we will enter into agreements and take other measures in accordance with applicable legal requirements.

9.3 Lyko retains personal data for as long as necessary.

9.4 The criteria that determine how long we store your personal data may be:

How long is the personal data needed for us to be able to provide you with the functions of our website?

This includes, among other things, maintaining and improving the website, managing your subscriptions or other agreements we have with you, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.

Is the personal data considered sensitive?

In these cases, the storage period is usually shorter.

Have you, as a data subject, consented to a more extended storage period?

In these cases, we store the information longer, with your consent.

Do we have legal, contractual or other similar obligations to store the data?

Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.

9.5 For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact the Lyko privacy team at privacy@lyko.com.

Summary: We only keep your data for as long as it is necessary considering the purpose it was collected for.

10. Exclusions

10.1 Aggregated data

Aggregated data is collected and processed to monitor and evaluate user trends on the website. This means that information about your actions on our website is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may, therefore, be stored a longer time than your personal information.

Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.

10.2 Third-Party Links:

This Privacy Notice does not apply to any personal data that you provide to another user through the website or through any other means. Any third-party links you click on via our website may be subject to these third parties’ privacy policies, terms or different rules. Please make sure you read the respective privacy information for each third-party whose links you click in, to keep yourself up to date about the processing of your personal data.

10.3 Children:

Lyko does not knowingly collect personal data from children under the age of thirteen (13). If you are under the age of thirteen (13), please do not submit any personal data through our website. We encourage parents and legal guardians to monitor their children’s Internet usage and to instruct their children never to provide personal data through the website without the permission of the parent/legal guardian. If you have reason to believe that a child under the age of 13 has provided personal data to us through the website, please email us at privacy@lyko.com, and we will endeavor to delete that information from our databases.

Summary: This Privacy Notice does not apply to aggregated, anonymized data. Nor does it apply to third party links. Lyko tries not to process personal data of children.

11. Additional services

11.1 Payment service providers

We offer you additional payment solution through a third party payment service. You can use this payment method when you purchase products online. We collect your personal data for the purpose of transferring our payment collection to the third party payment service provider. We collect your personal data such as name, e-mail, phone number, address, social security number and information about your order. Our legal basis for collection of your personal data is necessary for performance of a contract.

Through the third party payment service provider you can pay later by invoice. The third party payment service provider offers you to pay within a certain number of days, or to split your payment.

Klarna Bank AB is a Payment Service Provider, which you can choose as payment method when you make a purchase from us. If you choose Klarna as payment method, we will transfer personal data necessary for the fulfillment of your order, such as name, e-mail, phone number, address, social security number and information about your order. Our legal basis for collection of your personal data is necessary for performance of a contract. For complete terms, please visit their website klarna.com. Klarna Privacy policy

PayPal is a Payment Service Provider, which you can choose as payment method when you make a purchase from us. If you choose PayPal as payment method, we will transfer personal data necessary for the fulfillment of your order, such as name, e-mail, phone number, address, social security number and information about your order. Our legal basis for collection of your personal data is necessary for performance of a contract. For complete terms, please visit their website paypal.com. PayPal Privacy policy

11.2 Trustpilot

When you make a purchase from us, we will share your e-mail address with Trustpilot. Trustpilot ask for your review of your recent experience with Lyko and the products you have purchased, which will be visible on our website. You can choose to review your experience with Lyko through Trustpilot. Our purpose is to receive customer references and ratings of your experience with us and our products, to help us improve our services and processes. We process the personal data necessary for us to improve how we can deliver high quality services to our customers, which is a legitimate interest of ours.

11.3 Trusted shop

When you make a purchase from us, we will offer you the possibility to insure your shipment through Trusted Shops. We will in that case share your e-mail address, order value, currency, payment method and estimated delivery date with Trusted Shops. Trusted Shops will ask for your review of your recent experience with Lyko. You can choose to review your experience with Lyko through Trusted Shops. Our purpose is to receive customer references and ratings of your experience with us, to help us improve our services and processes. We process the personal data necessary for us to improve how we can deliver high quality services to our customers, which is a legitimate interest of ours.

12. Changes and updates to the Privacy Notice

12.1 To reflect customer feedback, and changes to the Service, we might from time to time change this Privacy Notice. The latest update date will be shown at the top of the Notice, and the changes are described on the Change History page. If there are significant changes in the Notice or how Lyko uses your personal information, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Notice from time to time to keep you informed about how Lyko protects your personal information and privacy.

Summary: We will update this Privacy Notice as we update how we process your personal data.

13. Questions, concerns or complaints

Responsibility for customers and users lies with:

Lyko Sverige AB
reg. no. 556575-3018
Sveavägen 53

SE 113 59 Stockholm

Sweden

+46 281-714 90

privacy@lyko.com

To ask questions or comment about our Privacy Notice and our privacy practices, contact our group privacy team at:

privacy@lyko.com

You are also welcome to contact our data protection officer at:

Sharp Cookie Advisors AB

with lead attorney Mrs. Sofia Edvardsen

P.O. Box 45411,
SE-104 31 Stockholm
Sweden

dpo@lyko.com

+46 281-714 90

------------------------

Go to the condensed version | Go to the full text version

CHANGE HISTORY

May 2018: Due to the entry into force of the new Data Protection Regulation ("GDPR") on May 25, 2018, clarifications on how we process personal data have been made. The updated Privacy Notice will automatically enter into force for all existing customers and visitors on May 25, 2018. Your continued use of our services from that date will be subject to the new Privacy Notice. The Notice has also been revised to be concise, clear, comprehensible, and easier to understand.

June 2018: Updates with regard to recruitment practices. Your continued use of our services from that date will be subject to the new Privacy Notice.

October 2020: The Notice has also been revised to be concise, clear, comprehensible, and easier to understand. Your continued use of our services from that date will be subject to the new Privacy Notice.

November 2021: The Notice have been updated following the introduction of new marketing processes and payment service providers.