ALL BRANDS, ONE POLICY TO PROTECT YOU.

Privacy you deserve.
We use data to help customize your experience with more products and offers relevant to you. We also use it to make sure you don’t see the same messages over and over.
Click Here
Data you share.
We collect information that you share with us through our digital or offline brand experiences as well as information you have provided to other companies who share that data with us. You can control your data at any time.
Click Here
Content you'll like.
We use data to help customize your experience with more products and offers relevant to you. We also use it to make sure you don’t see the same messages over and over.
Click Here

Privacy Policy

Commonly asked questions about how we collect, store and use your personal data, as defined in applicable laws.

  • Do we sell your personal data for monetary compensation?

No

  • Do we disclose your personal data to third-party partners?

Yes, where we have a lawful basis to do so.

  • Do we receive personal data from other companies you have given permission to?

Yes

  • Do we use your personal data for better product recommendations and site experiences?

Yes, where we have a lawful basis to do so

  • Do we give you control of your personal data?

Yes

You are in control of your data. You can exercise your rights and change your preferences anytime.

 ➡   Data Subject Rights Requests

Depending on your location (the jurisdiction in which you are a resident), you may have different data subject rights available to you. These may include requests for access, erasure, rectification/correction, to opt-out of receiving marketing emails or texts, object to our use of your email address or phone number for advertising, etc. To submit a Data Subject Rights requests for your jurisdiction, click here.

You can also tell us to stop sending you email and text messages by following the opt-out instructions sent with these communications. Please be aware that we may need to keep certain information to honor your choices (e.g., if you tell us to stop sending marketing emails, we will need your email address on file so that our systems remember that you no longer wish to receive marketing communications to that email address).

Also, there are some situations where we may be unable to grant your request (e.g., deleting transaction data where we have a legal obligation to keep it, or for fraud prevention, security, or to protect the privacy of others, or for the establishment, exercise, or defense of legal claims, among other things). 

➡   Traditional Online Behavioral Advertising

➤  How do you exercise choice as to interest-based ads

  • Advertising Industry Opt-Outs

For the U.S., to exercise choice concerning interest-based advertising, you can utilize the opt-out mechanism provided by the Digital Advertising Alliance (“DAA”) by clicking here (for browsers) or here (for app-based opt-outs).

The Network Advertising Initiative (“NAI”) has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members' ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/.

For Europe, you may click here to learn more about the DAA-Europe’s opt-out program.

For Canada, you may click here to learn more about the DAA Canada’s opt-out program.

  • To opt out of Unified ID 2.0 globally click here.

Please be aware that, even if you opt out of certain kinds of interest-based ads, you may continue to receive other ads. Further, opting out of one or more NAI or DAA members only means that those selected members should no longer under the DAA / NAI rules deliver certain targeted ads to you. This will affect services provided by the applicable DAA / NAI members but does not mean you will no longer receive any targeted content and/or ads from non-participating parties. Also, if your browsers are configured to reject cookies when you visit the opt-out page, or you subsequently erase your cookies, use a different Device or web browser(s), or use a non-browser-based method of access, your DAA / NAI browser-based opt-out may not, or may no longer, be effective. Mobile device opt-outs will not affect browser-based Interest-based ads even on the same device, and you must opt out separately for each device. We are not responsible for the effectiveness of, or compliance with, any third-party opt-out options or programs or the accuracy of their statements regarding their programs.

You can also prevent or reduce getting interest-based ads on websites by declining cookies in your browser(s), or on mobile devices by declining the “access to data” requests that apps usually present when you install them or by adjusting the ad tracking settings on your device.

Please note that you may also receive personalized ads based on your email address or phone number if you have provided those to us for marketing purposes. To opt out of that usage, please contact us.

You will still see “contextual” ads even if you opt out of interest-based ads. Even if we stop sending you interest-based ads, you will still get ads from our brands on your computer or mobile devices. These ads, however, are based on the context of the sites you visit and are called contextual ads. Unlike interest-based ads which are based on pages you visit on your mobile phone or computer viewing activities over time and across unrelated services, contextual ads are ads shown to you based on the context of the specific site you are visiting. For example, you still may see an ad for one of our baby care brands while looking at nursery products online because these sites traditionally have had mostly new or expecting parents as visitors. You should also know that we may still collect information from your computer or devices and use it for other purposes like evaluating how our websites work, for consumer research, or detecting fraud, according to applicable laws.

 
➤   How You Can Control Cookies?

You can set your browser to refuse all cookies or to indicate when a cookie is being sent to your computer. However, this may prevent our sites or services from working properly. You can also set your browser to delete cookies every time you finish browsing.

When you opt out of interest-based advertising, an opt-out cookie is sent to your browser that indicates that you no longer want to receive interest-based ads. Your opt-out cookie will be deleted if you decide to delete all cookies on your browser. This means that you will need to opt out again on each browser where you have deleted cookies if you still do not want to receive interest-based ads.

In some markets and on some of our websites, we offer a cookie consent management platform that allows you to exercise choice concerning certain categories of cookies. If this is available, this may appear as a cookie banner and/or as an icon that is visible on the applicable websites. We may also provide similar technology in mobile apps, which, if available, will be accessible through the applicable app’s settings menu

 

➡  U.S. State Privacy Laws

See our “U.S. State Privacy Notice“ below for information required by certain state privacy laws, and information regarding privacy rights under such laws.

 

➡  Additional Information for EEA, Switzerland, and UK Residents

If you live in the EEA, Switzerland, or the UK, or are physically in the EEA, Switzerland, or the UK, you may access the personal data we hold about you, request that inaccurate, outdated, or no longer necessary information be corrected, erased, or restricted, and ask us to provide your data in a format that allows you to transfer it to another service provider. You also may withdraw your consent at any time when we are relying on your consent for the processing of your personal data. And you may object to our processing of your personal data (this means ask us to stop using it) where that processing is based on our legitimate interest (this means we have a legitimate reason for using the data for a certain purpose and this reason is not outweighed by your interest in JNCorporate not using it). To make a request, click here .

If you would like more information about data protection and your personal data rights in general, please visit the European Data Protection Supervisor’s site at https://edps.europa.eu/data-protection/ or the UK Information Commissioner’s Office site at https://ico.org.uk. If you are not happy with our response to your requests, you may lodge a complaint with the data protection authority in your country.

JNCorporate España SA adheres to the Code of Conduct for Data Protection in AUTOCONTROL, accredited by the Spanish Data Protection Agency and therefore is subject to its extrajudicial system of data processing complaints when related to data protection and advertising, available for those interested on the website www.autocontrol.es.

➡  Dental Professionals

If you are a dental professional and have provided your data to us as part of one of our professional outreach programs, including through https://www.dentalcare.com, please contact us through your local P&G representative, e.g. Oral-B.

➡ Healthcare Professionals

If you are a healthcare professional and have provided your data to us as part of one of our professional outreach programs or any other form of collaboration, please contact us through your local or regional P&G representative.

➡ Consumer Research Participants

To request concerning personal data we may have as part of your participation in one of our research studies, please see the contact information provided on your consent form or call or visit your research center.

 

Like most brands, JNCorporate collects personal data as you interact with us or when you share personal data with third parties that in turn can be shared with us. We do this respectfully and carefully to protect your rights. Personal data can help us better understand your interests and preferences as a consumer and a person.

Like most brands, JNCorporate collects personal data as you interact with us or when you share personal data with third parties that in turn can be shared with us. We do this respectfully and carefully to protect your rights. Personal data can help us better understand your interests and preferences as a consumer and a person.

➡ With Your Consent

When we have your consent, we may disclose your personal data to others, such as select partners so they can send you offers, promotions, or ads about products or services we believe you may be interested in. For example, people who receive JNCorporate emails from our diaper brands such as Pampers® may also consent to hear about baby formulas from other companies.

➡ Online Platforms and Ad Tech Companies

Our websites and applications may make available contact information, unique identifiers, inferred and derived information, online and technical information, and geolocation data with online platforms and ad tech companies to help us serve you relevant advertisements and offers, subject to applicable legal requirements, which may include consent and/or opt-outs. We do not sell your data to marketers outside of JNCorporate in exchange for monetary compensation. Please see the U.S. State Privacy Notice section of the privacy policy below for additional information.

➡ Vendors

We may disclose or otherwise make available your personal data to our vendors (including “service providers” and “processors” defined under applicable laws, which we collectively refer to as “service providers” or “vendors” herein) who help us run our business. This includes hosting our sites, processing payment information for the purchases made by you through our sites, delivering our emails and marketing communications to you, analyzing the data we collect, helping us with sales attribution (e.g., to see if we showed you an ad on a platform site and then you bought a product from us), and sending you the products and services you requested. We also disclose or otherwise make available your personal data with lawyers, auditors, consultants, information technology and security firms, and others who provide services to us. We disclose or otherwise make available only the personal data needed for these companies to complete the tasks we request or, where permitted by applicable law, use the personal data for certain internal purposes such as security or fraud detection. We instruct our service providers to appropriately process and protect your data.

➡ Payments for Purchases

Payments for purchases made through some of our sites are completed using a third-party vendor’s online payment system. For these sites, JNCorporate does not have access to your credit card information provided for purchases and does not store or disclose your credit card information as part of your purchases through these third-party systems. The personal or financial information you provide to our online payment system on these sites is subject to the third-party’s privacy policy and terms of use and we recommend you review these policies before providing any personal or financial information.

➡ Legal and Similar Reasons

If a brand or one of our businesses that controls your personal data, or some or all of its business assets, are sold to another company, your personal data will be disclosed to that company. We may also disclose your information to companies who help us protect our rights and property, or when required by law, legal processes, government authorities, or as reasonably necessary to protect the rights or interests of ourselves or others.

 

 

 

 

As a large company, with many products and businesses in many countries around the world, we collect the following types of personal data to best serve our consumers.

Please be aware that this is a comprehensive list of various types of personal data we collect and that we only collect it when we have a lawful basis to do so (for example, when we have your consent, or when we need this information for the performance of a contract to which you are a party, or when the processing is necessary based on our legitimate interest or for compliance with a legal obligation). Many of these types almost certainly will not apply to you. If you want to know what data we have about you, just ask.

➡ What We Typically Collect

Contact Information: Data elements in this category include names (including nicknames and previous names), titles, mailing address, email address, telephone/mobile number, and contact information for related persons (such as authorized users of your account).

General Demographics & Psychographics: Data elements in this category include personal characteristics and preferences, such as age range, marital and family status, race and ethnicity (for example, to information you provide in relation to your haircare or skincare purchases or preferences), shopping preferences, languages spoken, loyalty and rewards program data, household demographic data, data from social media platforms, education and professional information, hobbies and interests, and propensity scores from third parties (likelihood of purchase, experiencing a life event, etc.).

Transaction and Commercial Information: Data elements in this category include customer account information, qualification data, purchase history and related records (returns, product service records, records of payments, credits, etc.), records related to downloads and purchases of products and applications, non-biometric data collected for consumer authentication (passwords, account security questions), and customer service records.

Unique IDs & Accounts Details: Data elements in this category include unique ID numbers (such as customer number, account number, subscription number, rewards program number), system identifiers (including username or online credentials), device advertisers, advertising IDs, and IP address.

Online & Technical Information: This includes internet or other electronic network activity information. Data elements in this category include IP addresses, MAC addresses, SSIDs, or other device identifiers or persistent identifiers, online user IDs, encrypted passwords, device characteristics (such as browser information), web server logs, application logs, browsing data, viewing data (TV, streaming), website and app usage, first-party cookies, third-party cookies, web beacons, clear gifs, and pixel tags. This also includes information such as your device functionality (browser, operating system, hardware, mobile network information); the URL that referred you to our website; the areas within our website or apps that you visit and your activities there (including emails, such as whether you open them or click on links within); your device characteristics; and device data and the time of day.

Inferred Information: This includes information derived from other personal data listed in this section. We create inferred and derived data elements by analyzing all personal data we may have about you. Data elements in this category include propensities, attributes, and/or scores generated by internal analytics programs. experiencing a life event, etc.).

➡ What We Sometimes Collect

Precise Geolocation: Data elements in this category include precise location (such as latitude/longitude).

Health-Related Information: Data elements based on how it is collected include:

      • Information collected from consumer programs (such as when you register on our brand sites, participate in our rewards programs, or purchase our products)
      • General health and symptom information
      • Pregnancy-related information, such as due date
      • Consumer Research Studies where you have provided your informed consent
      • Information about physical or mental health, disease state, medical history or medical treatment or diagnosis, medicines taken and related information
      • Information collected when you contact us to report a complaint or an adverse event occurring in connection with the use of one of our products

Financial Account Information: Data elements in this category include bank account number and details and payment card information (e.g., when you make a purchase directly with a brand or receive a credit from a brand).

Government-Issued IDs: Data elements in this category include governmental ID and Tax ID (e.g., for winners of a contest in jurisdictions where we are required to collect that information).

Audio Visual Information: Data elements in this category include photographs, video images, CCTV recordings, Call Center recordings and call monitoring records, and voicemails (e.g., for research, when you visit our facilities, or when you call us).

Smart Devices and Sensor Information: Data elements in this category include smart device records, IoT products (e.g., from an Oral B app-connected toothbrush).

Data About Children: Data elements in this category may include the number of children you have, your children’s diaper sizes, their genders, and ages.

Biometric Information: Data elements in this category include facial recognition data, and a mathematical representation of your biometric identifier, such as the template maintained for comparison (e.g., for healthcare research studies).

 

Generally, we keep your data for only as long as it is needed to complete the processing purpose for which it was collected or as required by law. We may need to keep your personal data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal or other obligations. This section outlines why the processing purposes comply with the law (legal basis, as required by certain non-U.S. Privacy Laws such as the GDPR), and how long we keep the personal data used for that processing purpose, unless an exception applies (retention period), such as the ones noted above. Some U.S. Privacy Laws (defined below) require us to, on a per-category basis, disclose the retention period applicable to each such category of personal data. See the table outlined in our U.S. State Privacy Notice for this information.

 ➡   Product Services 

Legal Basis:  

      • Performance of a Contract for fulfilling eCommerce sales

      • Consent for sampling programs

      • Legitimate Interest in coupon issuing and coupon clearing

Retention Period:

After no longer needing to provide you with the requested products or services unless required by law or contract to retain it further.

 ➡  Customer Management

Legal Basis:

Consent for:

        • sending you marketing email and text communications
        • processing your ratings and reviews of our products
        • collection and analysis of the information contained on the purchase receipts you upload for more personalized advertising
        • the processing of any special category data and certain sensitive personal data
        • non-essential tracking technologies on our websites and in our mobile apps in certain countries

Legitimate Interest for:

        • postal marketing (unless consent is required according to country laws)
        • delivering requested items to you
        • processing your data within our various marketing systems

Depending on the case, we may rely on our Legitimate Interest or Consent for:

        • The enrichment and combination of your registration data (including data that you disclose to us when interacting with our services, such as brand preferences, clipped coupons, etc.) with attributes, interests, or demographic data obtained from commercially available sources or other third parties

Performance of a Contract for:

        • contests

Retention Period: Until you request to delete the personal data or withdraw your consent. Otherwise, we will delete your personal data after no longer needed for the processing purpose or after a maximum of 50 months of non-activity unless required by law or contract to retain it further. We define inactivity through several internal criteria that indicate a user’s lack of interaction with our programs and communications. For example, if you do not log in, or do not open or click on our emails, we will consider you “inactive” and delete your data after a maximum of 50 months but sooner for certain countries depending on local legal requirements. We may need to keep some of your data to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with other legal obligations. We may also retain certain personal data used in ratings and reviews for as long as the review is used or until the product is discontinued.

 ➡ Customer Service/Communications

Legal Basis:

Legitimate Interest for:

        • managing consumer and business inquiries

Consent for:

        • special category data/sensitive personal data which may be collected in some adverse event cases

Performance of a Contract for:

        • sending transactional/program information about your accounts, purchases, reward terms, etc.
        • engagement with professional influencers, business contacts, ambassadors, etc.

Retention Period: Until you request to delete the personal data or withdraw your consent. Otherwise, we will delete your personal data after no longer needed for the processing purpose unless required by law or contract to retain it further.

 ➡ Payment/Financial

Legal Basis:  Performance of a Contract

Retention Period:  As long as necessary to fulfill the order unless required by law or contract to retain it further. We generally retain data for 24 months for cashback offers and 10 years for warranties.

➡ Serving Ads

Legal Basis:

Consent for: the deployment of tracking technologies on our own websites or within our own mobile applications. When we place tracking technologies on third-party properties or buy data from third-party vendors, we require them to obtain your consent before deploying our tracking technology or sharing your personal data with us.

Legitimate Interest for: processing your email address, phone number, or mobile advertising ID to serve you relevant advertising across different media channels, including on social media platforms, via custom audiences and look-a-like audiences.

Retention Period: After no longer needed for the processing purpose (i.e., after the ad campaign ends) or within a maximum of 110 months unless you opt out sooner.

➡ Ads Administration

Legal Basis: Legitimate Interest

Retention Period: After no longer needed to fulfill the processing purpose. For personal data collected via tracking technologies on our websites or within our mobile applications, within 12 months unless you opt out prior.

➡ Quality & Safety

Legal Basis: Legitimate Interest

Retention Period: After no longer needed to fulfill the processing purpose unless required by law or contract to retain it further. For personal data collected via various tracking technologies on our websites or within our mobile applications, within 12 months unless you opt-out prior.

➡ Security

Legal Basis: Legitimate Interest

Retention Period: After no longer needed to fulfill the processing purpose unless required by law or contract to retain it further. For personal data collected via tracking technologies on our websites or within our mobile applications, within 12 months.

➡ Recordkeeping and Auditing

Legal Basis:  

      • Performance of a Contract for transactional data

      • Legal Obligation for certain recordkeeping activities

Retention Period:  After no longer needed to fulfill the processing purpose unless required by law to retain it further.

➡ Legal/Compliance

Legal Basis: Legal Obligation

Retention Period: After no longer needed to fulfill the processing purpose unless required by law to retain it further.

➡ Research & Development (“R&D”)

Legal Basis: Consent

Retention Period:

      • We retain non-biometric personal data collected from clinical research as long as needed for the purpose for which it was collected, or 30 years after the purpose of collection is fulfilled, and/or for as long as may be required to retain it by local law, regulation, or good clinical research practice, whichever is later.
      • For non-clinical research, we will retain non-biometric personal data for a maximum of 5 years after the time of collection, or after the purpose of collection is fulfilled, whichever is later.
      • For biometric data, we will retain for as long as necessary to fulfill the purpose of collection or processing, unless we are required to retain it longer for legal or regulatory compliance purposes, or to exercise or defend our legal interests.
      • We may retain your signed informed consent documents longer.

We follow all applicable data protection laws when collecting personal data online from children, including by obtaining parental consent where required, based on the applicable age standard. For example, we obtain consent from the holder of parental responsibility of a child in the EEA, Switzerland, Serbia, and the UK when we collect personal data from children under 16 years of age. Similarly, in the U.S., we obtain verified parental consent when collecting personal data from children younger than 13. In Canada, these verified parental consent measures are in place for minors younger than 14. We do not use personal data collected from children for targeted advertising.

Your privacy is important to us. That’s why we respect it by taking steps to protect your data from loss, misuse, or alteration.

We have processes and controls in place to appropriately manage personal data, including its collection, use, disclosure, retention, and destruction. We respect your personal data and take steps to protect it from loss, misuse, or alteration. Where appropriate, these steps can include technical measures like firewalls, intrusion detection and prevention systems, unique and complex passwords, and encryption. We also use organizational and physical measures such as training staff on data processing obligations, identification of data incidents and risks, restricting staff access to your personal information, and ensuring physical security including appropriately securing documents when not being used.

JNCorporate has its head offices in the United States, regional offices in Singapore, Dubai, Geneva, and Panama, and additional service centers in other countries, such as Costa Rica or the Philippines. As a multinational company, JNCorporate undertakes data transfers, either within the JNCorporate group of entities or when sharing your data with service providers or selected partners that may store, process, or access your data in a country other than the one in which it was collected, including the United States. Personal data collected from Quebec, for example, may be transferred outside of Canada with adequate protections and safeguards in place.

For EU citizens (as well as citizens of Switzerland, the UK, and Serbia, for example), this means that their data may be processed outside of the European Economic Area (EEA), either in countries that have been recognized by the European Commission to offer adequate data protection, like the United Kingdom (where, for example, some of our fulfillment, return, and contact center services are managed for the EU region), or Switzerland (where our EU headquarters are located), or in other countries that the European Commission does not deem as offering such a level of data protection. For such transfers of data, special safeguards need to be foreseen to ensure that the protection travels with the data. We use the EU Standard Contractual Clauses, standardized and pre-approved model data protection clauses, for these transfers. You can find the latest version of the approved EU Standard Contractual Clauses, including the different transfer modules, here. Our transfer agreements also incorporate the standard data protection clauses issued following UK, Swiss, and Serbian data protection law. If you have any questions regarding our data transfer agreements, please contact us.

If you are located in the European Economic Area (EEA), United Kingdom (including Gibraltar), or Switzerland, please note that JNCorporate is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) [collectively, the “Data Privacy Framework”] developed by the U.S. Department of Commerce, the European Commission, Information Commissioner, and Swiss Federal Data Protection, respectively, regarding the transfer of personal information from the EEA, United Kingdom (including Gibraltar), or Switzerland to the U.S. Click here to view our Data Privacy Framework: Consumer Privacy Policy.

For non-EEA and UK data, we perform such transfers based on your consent or our contracts, where required by local law.

➡ U.S. State Privacy Disclosure and Consumer Rights (“U.S. State Privacy Notice”)

This U.S. State Privacy Notice applies to “Consumers” as defined under U.S. privacy laws, specifically the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Privacy Act (“VCDPA”), the Colorado Privacy Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, and any other U.S. privacy laws, as each are amended and as and when they become effective, and including any regulations thereunder (collectively, the “U.S. Privacy Laws”). This U.S. State Privacy Notice is a supplement to this Privacy Policy. In the event of a conflict between any other JNCorporate policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to Consumers and their rights under the applicable U.S. Privacy Laws.

This U.S. State Privacy Notice is designed to provide you with notice of our recent personal data practices over the prior 12 months from the “Last Updated” date of this Privacy Policy. This U.S. State Privacy Notice will be updated at least annually. This U.S. State Privacy Notice also applies to our current data practices, providing “notice at collection,” which informs you of the personal data (also referred to in some of the U.S. Privacy Laws as “personal information”) we collect online and offline, and the purposes for which we process personal data, among other requirements mandated by the U.S. Privacy Laws. For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as required by the U.S. Privacy Laws, either at the time of collecting personal data or by updating this U.S. State Privacy Notice earlier than required. We reserve the right to amend this U.S. State Privacy Notice at our discretion and at any time. To contact us about this U.S. Privacy Notice, please see the Contact Us section below.

Generally, we collect, retain, use, and disclose your personal data for our business and commercial purposes, as described throughout the remainder of this Privacy Policy, including in “How We Gather & Use Personal Data” and “How We Disclose Personal Data” (collectively, our “Processing Purposes”). The sources from which we collect personal data are detailed in the “How We Gather & Use Personal Data” section above. Some of the Processing Purposes involve activities such as “Sale,” “Sharing,” and “Targeted Advertising,” which are further explained in the “Do Not Sell/Share/Target” section below. Please note that the Processing Purposes listed in the table are general descriptions to enhance readability and clarity. For a comprehensive description of each Processing Purpose, please refer to the “General Ways We Use Personal Data” section of the Privacy Policy above.

The table below outlines the categories of personal data we collect in the first column. The second column provides examples of data types within each category, including some of the personal data types/categories mentioned under “Types of Personal Data We Collect.” The third column identifies the categories of recipients who may receive such personal data (including sensitive personal data) as part of disclosures for business purposes, as well as disclosures that may qualify as a Sale or Share under certain U.S. Privacy Laws. The fourth column specifies the Processing Purposes applicable to each category of personal data. In the fifth column, we indicate the applicable retention period on a per category basis.

➡ EEA, UK and Serbia Privacy

This section includes information required for disclosing our processing of personal data of EEA country, UK, and Serbian residents. It aims to enhance transparency regarding our processing, retention, and transfer of personal data by the General Data Protection Regulation (“GDPR”), and its incorporation into UK law by the Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019. Certain information, such as the entities and list of data controllers, as well as the legal bases for processing explained under “Processing and Retention” below, applies specifically to the processing of personal data of EEA country, UK, and Serbia residents. However, the retention periods described below apply more broadly to the personal data of residents of the states described above in the U.S. State Privacy Notice.

Entities

Different JNCorporate entities may act as the controller of your personal data. A data controller directs the processing activity and is primarily responsible for the data. The chart below identifies our data controllers for EEA country, UK, and Serbian data. For instance, if you register for email on one of our French websites, the JNCorporate entity listed next to that country name will be the controller of that personal data (e.g., JNCorporate France SAS).

➡ Colombia Privacy

JNcorporate Colombia Ltda., with NIT 800.000.946-4, located at Carrera 7 # 114-33, 12th floor, Bogotá D.C., phone number 601-5280000, and email address notifications.im@jn.com, acts as the Data Controller. In compliance with articles 15 and 20 of the Constitution of Colombia, Law 1581 of 2012, Law 1266 of 2008, Decree 1377 of 2013, and Decree 1074 of 2015, it informs all data subjects that the personal data provided will be processed in accordance with the purposes described in this privacy policy.

 

➤  Rights of the Owner of Personal Data Residing in Colombia

In compliance with articles 15 and 20 of the Constitution of Colombia, Law 1581 of 2012, Law 1266 of 2008, Decree 1377 of 2013, and Decree 1074 of 2015, data subjects are informed that the personal data provided will be processed according to the purposes described in this privacy policy. Additionally, data subjects have the following rights:

a) To know, update, and rectify their personal data regarding partial, inaccurate, incomplete, fractioned, misleading, or data whose processing is expressly prohibited or has not been authorized;

b) To request proof of the authorization granted, unless expressly exempted as a requirement for processing;

c) To be informed, upon request, of the use that has been given to their personal data;

d) To file complaints with the Superintendence of Industry and Commerce for violations of Law 1581 of 2012 and other regulations that modify, add, or complement it;

e) To revoke the authorization and/or request the deletion of the data when the processing does not comply with constitutional and legal principles, rights, and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the Data Controller or Processor have engaged in conduct contrary to this law and the Constitution;

f) To access their personal data that have been subject to processing free of charge.

The aforementioned rights may be exercised in accordance with the provisions set forth in this section and the privacy policy.

➤  Authorization and form of collection of personal data

For the processing of personal data, JNcorporate Colombia Ltda. will obtain the prior, express, and informed consent of the data subject. This consent may be obtained through any means that can be consulted later and may be granted through different mechanisms enabled by JNcorporate Colombia Ltda., including in writing, orally, or through the data subject's unequivocal conduct.

The data subject's consent will not be necessary when it concerns:

        1. Information required by a public or administrative entity in the exercise of its legal functions or by judicial order.
        2. Data of a public nature.
        3. Cases of medical or sanitary urgency.
        4. Processing of information authorized by law for historical, statistical, or scientific purposes.
        5. Data related to the Civil Registry of Persons.

➤ Processing of personal data

JNcorporate Colombia Ltda. uses personal data to fulfill the purpose of affecting and improving people's lives, better understanding their interests and preferences as consumers and individuals. We use your information for the processing purposes designated in the privacy policy, which can be found through our official communication channels.

Here are the purposes for which we process personal data:

        1. Carrying out marketing, promotion, and/or advertising activities through different means such as personal visits to customers, marketing, and sending information by physical and electronic means.

        2. Providing customers with information that allows them to access offers, promotions, discounts, launches, and supplying information of interest (personalized attention, benefits, use, health care, and well-being, etc.).

        3. Fulfilling obligations contracted with customers, suppliers, and employees.

        4. Informing about changes to our products and/or services.

        5. Evaluating the quality of products and/or services and measuring customer satisfaction.

        6. Disseminating policies, programs, results, and organizational changes.

        7. Analyzing information for the development and implementation of commercial or marketing strategies, as well as designing, implementing, and developing programs, projects, and events.

        8. Contacting the data subject through calls, text messages, emails, and/or physical means for activities related to the authorized purposes.

        9. Electronic invoicing.

        10. Disclosing, transferring, and/or transmitting personal data within and outside the country to JNcorporate Colombia Ltda.'s parent companies, subsidiaries, or affiliates, or to third parties because of a contract, law, or lawful relationship requiring it or to implement cloud computing services, with the same limitations and rights.

        11. Transferring and/or transmitting sensitive personal data to competent public entities, either by virtue of a legal mandate or judicial or administrative order, on account of or suspicion of adverse events that JNcorporate Colombia Ltda. has become aware of, relating to technical claims or others.

        12. Knowing, storing, and processing all the information provided in one or more databases, in the format that JNcorporate Colombia Ltda. deems most convenient.

        13. Managing procedures (requests, complaints, claims).

        14. Sending information regarding the use and care of offered products, whether directly or through the data processor.

➤  Attention to inquiries, complaints, revocation of authorization, updating, withdrawal, correction, or deletion of databases (generally known as "PQRS").

The data subject, their successors, representatives, or anyone determined by stipulation in favor of another (generally known as the "Interested Party") may exercise their rights by contacting us through written communication addressed to the customer service department, which is the unit responsible for the protection of personal data.

➤  Procedure for the exercise of queries, requests, complaints, revocation of authorization, updating, withdrawal, correction, or deletion of databases

➥  Verification of the Data Subject's identity and the content of any request

To protect the privacy and security of the Data Subject, we verify their identity before responding to requests related to their personal data. Therefore, to address your request, please provide the following identification data of the Data Subject:

          1. Full name
          2. Identification number
          3. Contact information (physical and/or electronic address, and contact telephone numbers)
          4. Date of birth

If the request is submitted through our Preference Center, upon receipt, we will send a verification form via email. The Data Subject must respond to this form to complete the request.

For any other Interested Party who is not the Data Subject but seeks to act on their behalf, it is necessary to prove their identity and their status as a successor in interest, representative, or with legal authorization.

Requests related to the processing of Personal Data must include at least the following information:

          • The Data Subject's identification data (full name, identification number, contact information, and date of birth).
          • Accreditation of the Interested Party's identity and their status, if applicable (identification data and supporting documents).
          • This means to receive a response to the request.
          • Reasons and factual basis for the request.
          • Documents intended to support the request.
          • A clear and precise description of the personal data about which the Data Subject seeks to exercise their rights (except for inquiries).

For more detailed information on identity verification and to understand the procedures

➥  Inquiry procedure

The Interested Party may submit a request specifying the information they wish to know, and all inquiries will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not feasible to respond to the inquiry within this timeframe, the Interested Party will be notified before the expiration of the initial ten (10) business days regarding the reasons for the delay and the new deadline for responding. This subsequent deadline will not exceed five (5) business days following the end of the initial ten-day period.

➥  Procedure for complaints, revocation of consent, withdrawal, correction, updating, or deletion of personal data

When a Data Subject believes that their processed information requires correction, updating, or deletion, or if they suspect a breach of any legal duties, they or another Interested Party may submit a complaint or request for rectification, updating, or deletion of their personal data.

If the complaint is incomplete, the Interested Party will have five (5) days from receipt to rectify any deficiencies. If two (2) months pass without the applicant providing the required information, it will be considered that they have withdrawn their complaint.

Should Procter & Gamble Colombia Ltda. receive a complaint beyond its jurisdiction, it will forward it to the appropriate authority within two (2) business days and inform the Data Subject accordingly.

The maximum timeframe to address a complaint is fifteen (15) business days from the day following its receipt. If unable to address it within this period, the Interested Party will be notified of the reasons for the delay and the new deadline for resolution, not exceeding eight (8) business days after the initial timeframe expires.

➤  Validity

This policy is effective from February 14, 2024. Any future updates will be communicated to Data Subjects accordingly.

The databases where personal data is stored will remain valid until you request deletion of your personal data or withdraw your consent. If neither action is taken, we will delete your data from our databases when it is no longer necessary for the processing purposes outlined in this policy or after a maximum of 50 months of inactivity, unless retention is required by law or contract.

Inactivity is determined by internal criteria indicating a lack of user interaction with our programs and communications. For instance, if you do not log in or engage with our emails (e.g., open or click them), we will deem you "inactive" and delete your data after a maximum of 50 months, sooner in certain countries based on local legal obligations. We may retain some personal data to honor your requests, such as opting out of marketing emails or fulfilling other legal obligations. Additionally, personal data used in ratings and reviews may be retained as long as the review remains active or until the associated product is discontinued.

➡ Nigeria Privacy

Reporting a Potential Data Breach to JNcorporate

A personal data breach refers to a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Confirmed or suspected data breaches should be promptly reported to JNcorporate’s Data Protection Officer (DPO). The DPO will log all data breaches to ensure proper tracking of incident types and frequencies for management and reporting purposes.

To lodge a complaint about a potential data breach, individuals can contact the Data Protection Officer directly via email at nigeriadpo.im@jncorporate.com.

The complaint should include:

      • A detailed description of the security incident that caused the data breach.
      • The type of personal data affected by the data breach.
      • The identity of the affected person(s).
      • Any additional information requested by the Data Protection Officer.

It is important to report any such complaints within 72 hours of becoming aware of the suspected or confirmed data breach.

Reporting a Data Breach to Authorities

JNcorporate endeavors to report potential data breaches to the relevant authorities responsible for monitoring personal data security within 72 hours of becoming aware of such breaches.

➡ Vietnam Privacy

As a data subject in Vietnam, you are entitled to certain rights under local regulations. These rights include being informed about how your data is processed, the ability to give and withdraw consent, and the right to request access, erasure, rectification/correction, and restriction of your personal data processing. You also have the right to object to the use of your personal data for advertising purposes and to seek self-protection or involve other competent organizations/agencies to protect your rights. It is important to provide complete and accurate personal data when consenting to its processing, in accordance with applicable data privacy laws.

Some of the personal data we collect may be classified as sensitive under Vietnamese law. This includes data such as race and ethnicity, location data obtained through location services, IP addresses, health-related information, bank account details, and biometric data.

Please note that in Vietnam, Legitimate Interest is not the sole legal basis for processing personal data. We will generally seek your consent to process personal data unless other exceptions permitted by law apply.

When collecting and processing personal data of children under 16 years old, we obtain consent from children aged seven or older, as well as from their parent or legal guardian, unless otherwise stipulated by applicable laws.

In the event of a data breach, we will adhere to all reporting and remedial obligations specified by Vietnamese laws.

If you have any questions or concerns regarding your privacy and data protection practices, or if you need this notice in an alternative format due to a disability, please feel free to contact us directly. If your inquiry pertains to a suspected data breach or is specific to our Data Protection Officer, please indicate that in your message.