Global Privacy Notice for Natura &Co LATAM Representatives and Consultants - ENGLISH

Global Privacy Notice for Representatives and Consultants

What does this Privacy Notice apply to?

Avon as part of Natura &Co Groupof Companies (“Natura &Co”, “we”, “us”, “our”), are fully committed to the responsible collection, use and care of the personal data of its representatives and consultants. This Global Privacy Notice for Representatives and Consultants (“Privacy Notice”) provides you with information on how we collect, use, and share personal data through our websites, products, mobile applications, or other sites that display this Privacy Notice.

If you are in a jurisdiction that recognizes the concept of a Data Controller or similar, the Data Controller is the Natura &Co entity (including Group of Companies) with which you have a customer relationship. If you have a query about how your Personal Data is being used, you can contact the Data Controller through the Data Protection Officer (DPO) team here.

Key Definitions

Capitalised terms not otherwise defined in this Notice have the following meanings:

Personal Data means any information relating to an identified or identifiable living individual.

Sensitive Personal Data means any information relating to an individual’s racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, criminal records/history or processing of genetic data or biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. Depending on the country you are based sensitive personal data may also refer to personal information that, once leaked or illegally used, may cause harm to natural persons, including but not limited to information on specially designated status, financial accounts, individual location tracking, as well as the personal information of minors or information on social security, driver’s license, state identification, and passport numbers, precise geolocation, combination of email address, debit card, or credit card with security or access code, password, or other credentials allowing access to financial account.

Processing means the use of personal data including collection, recording, organization, structuring, adaptation or alteration, analysis, retrieval, consultation, providing or blocking access (including remote access) to, disclosure, dissemination, aligning, copying, transfer, storage, deletion, hosting, combination, destruction, disposal, or other use or handling of personal data.

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In our Company, the ultimate data controller is Natura & Co., our holding company.

Third Party means any natural person or legal entity, public authority, agency or any other body other than Data Subject, Data Controller, any vendor, supplier or service provider who solely or jointly process personal data on behalf of the Data Controller and acts on the Data Controller’s instructions.

Data Subject means the identified or identifiable living individual to whom the Personal Data relates.

Natura &Co Group of Companies means this.

Personal Data we collect and process

We collect, store, and process your Personal Data in a number of ways including:

When you are appointed as a representative or consultant of any of our brands.
Depending on your role, your personal information may also be processed by Sales Leaders as independent controllers of your personal information. This means that Sales Leaders may, independently from us running their business operations, process your personal information.
Sales Leaders will generally use your personal information in a way which is compatible with this Privacy Notice. If they use your personal information in a different way, they are required to provide you with further privacy information to comply with their own legal obligations under data protection laws.
When you visit one of our retail stores or counters, including if you register an account with us in store;
When you correspond with us across any of our channels (e.g. messaging platforms such as text message, live chat, social media and email).

The following categories of Personal Data are followed by information about their source(s), purpose(s), legal bases and disclosure(s).

Categories of Personal Data

Examples of Personal Data and their sources

Purposes and legal bases for Personal Data Processing

Basic Personal Data

Identifiers may include your name and contact details (title, surname, first name, any other name(s), postal address, an alternative delivery address, e-mail address, telephone numbers), as well as any unique identifiers allocated to you by us (e.g. Rep/Consultant ID), and any profile photo you upload to our systems, your date of birth, your banking details

We may use your personal information to fulfil that order and provide appropriate commissions, rebates, discounts and incentives. This is to meet our contractual obligations to you. We may also use your information to carry out an identity check before we provide you with an account limit through which to purchase product on payment terms; and a credit check to pursue or defend any legal claim, including to pursue any debt owed by you, in order to meet our legitimate business interests (where applicable and depending on the country you are based), in ensuring we can exercise our legal rights appropriately. We use third parties to carry out these checks.

We may contact you by email, SMS or telephone for administrative or operational reasons, for example in order to send you confirmation of your order and your payments.

We may contact you by email to send marketing and service emails to introduce our incentives to you or directing product reviews/surveys to you.

Depending on the laws applicable in the country you are based, we will process such Personal Data on the basis of our legitimate interest(where applicable and depending on the country you are based), , for the performance of our contract with you, or as otherwise permitted by law.

Sensitive Personal Data

We limit the circumstances where we collect and process these special categories of data.

In some instances, you may have requested services or products that do not directly involve the collection of any special categories of data, but may imply or suggest your religion, health or other special categories of data, such as skin concerns and adverse events from you which may include information on your health and or ethnicity.

We may use this Personal Data to provide the products and services you request; for registration in contests and promotions; to provide you with personalized content, information, and to send you brochures, coupons, samples, offers and other information on our products within Natura &Co group of companies; when we perform our duties in a contract with you.

We process this Personal Data on the basis of your consent or as otherwise permitted by the applicable laws of the country you are based.

This personal data may be shared for business purposes within the Natura &Co Group of Companies and with service providers.

Commercial Data

Information on your purchases from us, commission and discount records and your reporting line information, as well as information about your preferences for particular types of products.

We may use your personal information in order to tailor our service to your needs and preferences and to provide you with a personalised Representative and Consultant experience.

To help you sell of our product products to your customers, we may contact you by email, SMS or telephone about our products and offers. We may use the information we have about you (including your purchasing history) to build a profile about your preferences and to send you products and offers tailored to you to ensure that we run our business most effectively.

Depending on the laws applicable in the country you are based, we will process your Personal Data on the basis of our legitimate interest(where applicable and depending on the country you are based), , for the performance of our contract with you, to comply with legal obligations, or as otherwise prescribed by law.

Inferences drawn from other Personal Data

This includes a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. It also includes information ascertained about you from social media such as your profile picture, likes, location and friend list and product preferences.

We receive these inferences indirectly from you (e.g.from observing your actions on our Sites) or from third parties, such as a data analytics provider.

We use such Personal Data to provide and improve the features, products and services you request; to provide you with personalized content, information, and to send you brochures, coupons, samples, offers and other information on our products or our Group of Companies; and/or to deliver relevant advertising. We may also use it to provide you with copies of our newsletter and information about our products, store launches, partnerships and in-store events, contact you regarding service-related matters. We may use your data to gather feedback from you, to enable you to participate in customer research or focus groups, to inform you about products and commercial opportunities you may be interested in, to improve your experience as a Representative or Consultant by building a profile of your preferences (including purchasing records), to offer you personalized products and offers; to enable your participation in our promotions, contests, prize draws, and special offers; to improve existing and develop new products and services; and to fulfil our administrative and commercial purposes and interests in activities such as those for security purposes, statistic and marketing analyses, systems maintenance and developing, and to manage product warranties and refunds.

Depending on the laws applicable in the country you are based, we will process this Personal Data on the basis of our legitimate interest (where applicable and depending on the country you are based), and, when required by law, on your consent.

Communication Data

We may collect communication data from various sources, including contact lists, demographic information originally collected from other companies within Natura &Co group, and Personal Data legally obtained from other third parties, which may be combined with other information that we collect for the purposes described in this section, including information on your communications with us (e.g. your emails, letters, calls, posts and messages on our social media). This may include communications with Sales Managers, Regional Managers, and/or Beauty Entrepreneurs if they share such communications with us.

We use such Data to provide and improve the features, products and services you request; to provide you with personalized content, information, and to send you brochures, coupons, samples, offers and other information on our products or our Group of Companies; and/or to deliver relevant advertising.

Other Personal Data we may have collected with your consent

We get this information directly from you. This may include:

Information ascertained about you from social media such as your profile picture, likes, location and friend list
geo-location details when using one of our mobile applications;
Other information we have collected from you with your consent.

We use this Personal Data to provide and improve the features, products and services you request; to provide you with personalized content, information, and to send you brochures, coupons, samples, offers and other information on our products or Natura &Co Group of Companies; when we perform our duties in a contract with you; and/or for processing of Personal Data needed for the assessment and acceptance of customers and to assist you to find your nearest store.

How long we store your Personal Data

We retain your Personal Data for the purposes stated on this Notice. To the extent retention of your Personal Data is no longer necessary for these purposes, your data will be deleted, unless your data is required for other purposes set out in this Privacy Notice, or further retention is mandatory by applicable laws and/or necessary to fulfil legal or regulatory obligations or to protect our legitimate interests (where applicable depending on the country you are based), including the establishment, exercise, or defence of any existing or potential legal claims. Our retention periods are being determined as per the legal requirements of the country you are based.

How we share and disclose your Personal Data

As a global Company, we may disclose your Personal Data to:

Natura &Co Group of Companies;
Customers, other Representatives, Sales Leaders; and/or Franchisees of Natura &Co;
Third-parties who provide goods or services to help us conduct our business and improve our services;
External auditors and or legal advisors;
Other parties to whom we are authorised or required by law to disclose information;
Law enforcement and other government authorities. To do so, the authority requires an appropriate judicial order or warrant, for which they need to demonstrate that the disclosure of the requested or intercepted information is required. We reserve the right to challenge these requests.

We may share or transfer your Personal Data in the course of any direct or indirect reorganization process including, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or part of our assets. Your Personal Data may be shared following the completion of such transaction and/or during the assessment pending transfer (subject to confidentiality requirements). If transferred, your Personal Data will remain subject to this Privacy Notice or a policy that, at a minimum, protects your privacy to an equal degree as this Privacy Notice unless you otherwise consent.

International Data Transfers: We may transfer your Personal Data to our affiliates and subsidiaries or to other third parties, in accordance with applicable local law, depending on the country you are based. We may also transfer your Personal Data from your country or jurisdiction to other countries or jurisdictions in accordance with legal requirements.

For international data transfers subject to EEA, UK and Swiss Law we primarily use European Union Commission Standard Contractual Clauses.

For transfers between other jurisdictions we may rely on other legal mechanisms for international transfers, as appropriate under the relevant law.

We have also concluded and executed an Intra-Group Agreement to ensure safe and lawful transfers of personal data take place among entities within the Natura &Co Group of Companies and also among different countries around the world, where such transfers are necessary in the course of business.

We carry out Transfers Impact Assessments to implement supplementary measures to ensure your personal data is processed under the standards that apply to your territory.

Your Sensitive Personal Data will not be used for any additional purposes that are incompatible with the purposes listed above unless we provide you with notice of those additional purposes.

We do not sell your Personal Data or your Sensitive Personal Data, nor do we share it with third parties for cross-context behavioural advertising.

How we protect your Personal Data

We implement comprehensive technical, physical and organizational measures to ensure a level of security appropriate to the risk to the personal data we process and to ensure compliance with applicable legal requirements. These measures are aimed at safeguarding the ongoing integrity and confidentiality of personal data. We evaluate and improve these measures on an ongoing basis.

How we approach to children’s privacy

Our websites are designed and intended for adults. We understand the importance of taking extra precautions to protect the privacy and safety of children using Natura &Co products and services.

Where one of our websites may be intended for a younger audience, depending on the country our audiences are based we get consent from a parent or guardian in accordance with the applicable local law. If you learn that a child has, in violation of this Privacy Notice, registered for email newsletters, or otherwise provided their Personal Data, please report it to us using the contact information provided at the bottom of this Privacy Notice. If we become aware that an underage user has provided Personal Data without parental permission, we will terminate that account and delete all Personal Data provided by that user to the extent feasible and as soon as practicable.

Depending on the country you are based, we may use your personal data to carry out age verification checks and enforce any such age restrictions.

Your rights in relation to the processing of your Personal Data

Depending on the country you are based, you may have some or all of the following rights:

To obtain information on the personal data processed concerning you and to obtain a copy of such data (right of access);
To obtain the rectification of any inaccurate personal data and, having regard to the purposes of the processing, the completion of incomplete personal data (right to rectification) )(please let us know if and to what extent your data stored by us has changed, so that we can rectify or update the respective data);
If there are legitimate reasons, to request the deletion of the personal data (right to erasure);
To request the restriction of the processing of the personal data, if the legal requirements are met (right to restriction of processing);
To withdraw your consent at any time, if the data processing is based on consent, provided that such withdrawal does not affect the lawfulness of the previous processing of your data (consent withdrawal);
If the legal requirements are met, to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transfer this personal data to another controller or, if technically feasible, to have it transferred by us (right to data portability); and
Not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met (right not to be subject to automated processing).
To object, where applicable law provides, to the processing of your data (right to object):

which is being processed for the purposes of our legitimate interests (where applicable and depending on the country you are based) unless such interests outweigh your individual rights; and/or

for direct marketing purposes, without any special reason

Depending on the country you are based, our digital marketing communications shall provide unsubscribe or opt-out mechanisms that allow you to modify your communications preferences. Please note that if you opt-out of marketing communications, we may still contact you with non-promotional communications, such as those about ongoing business relations or administrative messages.

In order to exercise your rights, including the withdrawal of your consent, please contact us here [Hyperlink to be included, local market email address + training]. You may also designate an authorized agent to make a request on your behalf. In order to protect your data from unauthorized access or alteration by third parties, all requests regarding your personal information will be subject to verification of the identity of the requesting individual. We endeavour to respond to a verifiable request within required time frames.

A Data Subject who feels that we are not adhering to this Notice or applicable data protection laws with respect to his or her Personal Data may contact us to register a complaint; submit requests for exercising rights; or address any other issue arising under this Notice. Complaints by any person may also be referred to the DPO team by email here.

Without prejudice to any other remedies, you also have the right to lodge a complaint with a supervisory authority at any time.

Shine the Light Disclosure

California law allows California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please put “Shine the Light” in the ”Request Details” portion of your request on the form above or in the subject line, if submitted by e-mail. Note that there are restrictions on the number of times you can exercise some of these rights. You may designate an authorized agent to make a request on your behalf. The agent must provide proof of your authorization. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf. We may need to verify your request before completing it. For example, we may ask you to confirm data points we already have about you. We will only use Personal Data provided in a request to verify the requestor’s identity or authority.

Geolocation Data

If you have previously consented to sharing precise geolocation information with our Digital Services, you can choose to stop the collection of this information at any time by changing the preferences on your browser or mobile device settings.

Push Notifications/Alerts

If you have permitted one of our mobile applications to send you push notifications or alerts, you can deactivate these messages at any time in the notification settings on your mobile device.

How we approach to children’s privacy

Our websites are designed and intended for adults. We understand the importance of taking extra precautions to protect the privacy and safety of children using Natura &Co products and services.

Depending on the country you are based, we may use your personal data to carry out age verification checks and enforce any such age restrictions.

Changes we make

We may update this Notice periodically and will revise the date at the bottom of this Notice to reflect the date when such update occurred. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will endeavour to provide you with notice before such changes take effect, such as by posting prominent notice on the Companywebsite.

In the event of any difference in interpretation or meaning between the English version and any other translation of this Privacy Notice, the English version shall prevail.

Effective Date: 20/01/2024