Privacy policy

PRIVACY POLICY

The website available at the following address: eisenberg.com (hereinafter the “Site”) is published by JOSÉ EISENBERG S.A., a public limited company (société par actions) with share capital of 150,000 euros, whose registered office is located at 24, avenue Princesse Grace, Monte-Carlo, MC 98000 Monaco, registered with the Monaco Trade and Industry Register under number 01S03910, with intra-community VAT identification number FR 17 0000 5726 4 (hereinafter “JOSÉ EISENBERG S.A.”), which, in its capacity as controller of personal data, attaches great importance to the protection and respect of privacy.

This privacy policy is intended to inform, when browsing the Site, any person using the Site (hereinafter the “Users” or the “User”) of the practices of JOSÉ EISENBERG S.A. regarding the conditions for the collection, use and sharing of the information that Users may be required to provide, as well as their rights.

IMPORTANT: NOTICE TO USERS

If the User wishes to withdraw their consent to the processing of their data, they simply need to request this directly by email at the following address: customerservice@eisenberg.com

Furthermore, where this is required by law and/or in certain circumstances, the User’s consent will be obtained, or an option to refuse will be provided, prior to any transfer of data.

1. Controller of the personal data collected

The controller of personal data is JOSÉ EISENBERG S.A.

For any question relating to confidentiality or the exercise of your rights: customerservice@eisenberg.com.

2. Nature of the data collected

The data collected on the Site in connection with the use of the Site are those enabling JOSÉ EISENBERG S.A. to identify Users directly or indirectly.

The following categories of data concerning Users may be involved:

  • Civil status, identity, identification, images: surname, first name, title, email address, telephone number, date of birth, profile photograph (where applicable), customer ID, order number;
  • Personal life: postal address, purchasing preferences, beauty-related interests, browsing history on the Site, messages or comments left via the contact form or customer service;
  • Professional life: only in the context of partnerships or professional programs (e.g. influencers, resellers): company, position, professional contact details;
  • Economic and financial information: payment information (bank card via secure provider), purchase history, invoices, billing addresses;
  • Connection data: IP address, login credentials, activity logs, browser type, operating system, connection duration, pages viewed;
  • Location data: approximate geolocation data based on the IP address, if the User consents to this via their browser or mobile device;
  • Other data: any other information provided voluntarily by the User in connection with the use of the Site, participation in prize competitions, surveys, quizzes, reviews or exchanges with customer service.

Users who communicate the personal data of a third party must confirm that they hold the consent of that third party for the Site’s use of the latter’s personal data.

3. Purpose and legal basis of the processing activities

3.1. Purpose of the personal data collected

The personal data collected on the Site are used only for and during the performance of the services for the following purposes:

Collection situations

Data collected

Purposes (use)

Legal basis

Creating and managing an account / joining the loyalty program

Surname, first name, title, email address, date of birth, ID, password, personal preferences, order history, profile photo (where applicable)

Manage your account and your preferences, access to services, participation in marketing activities, loyalty management

Performance of a contract

Newsletter subscription and commercial communications

Surname, first name, email address, product preferences, previous interactions, order history

Sending promotional emails, personalization of offers, audience analysis

Consent

Purchases and orders

Postal address (delivery/billing), telephone number, email address, surname, first name, products purchased, payment method (via provider), purchase history

Order processing, delivery, billing, customer service, order tracking

Performance of a contract

Browsing the site, cookies strictly necessary for the operation and security of the site

Session ID, browsing preferences (language, cart), technical logs (IP address, browser type, connection date/time), security cookies

Ensure the operation and security of the Site (session, cart, authentication and language management)

Legitimate interest

Browsing the site, analytics and/or advertising cookies, personalizing content and advertising

Cookie identifiers, IP address, pages visited, browsing time, pages/products viewed, interactions with content, advertising ID, browsing preferences, approximate geolocation data.

Analyze behavior, targeted advertising, personalization

Consent

Prize competitions / promotional operations

Surname, first name, email, date of birth, postal address, answers, user content, participation in a draw or operation

Manage entries, prizes, surveys, marketing statistics

Performance of a contract / Consent / Legitimate interest

Customer service / information requests

Surname, first name, email, telephone, message content, contact data

Respond to requests, improve the customer experience, satisfaction surveys

Legitimate interest / Consent

User-generated content

Surname, alias, photo, social media, shared content, comments

Publish the content, enhance the brand, promotion on digital channels

Consent / Legitimate interest

Use of beauty applications or devices

Surname, email, beauty data (skin type, skin concerns), location, test results

Provide a personalized diagnosis, recommendations, notifications

Consent

The diagnosis offered through beauty applications or devices is cosmetic and declarative in nature; it does not constitute a medical diagnosis.

Furthermore, JOSÉ EISENBERG S.A. may use the data to fulfil, where applicable, its legal and/or regulatory obligations.

3.2. Aggregation with non-personal data

JOSÉ EISENBERG S.A. reserves the right to publish, disclose and use aggregated information (information about Users or about specific groups or categories of Users combined in such a way that an individual User can no longer be identified or referred to) and non-personal information for the purposes of industry and market analysis, demographic profiling, promotional and advertising purposes, and other commercial purposes.

4. Time of collection

The data collected by JOSÉ EISENBERG S.A. are freely communicated by Users at the time of:

  • creating an account,
  • subscribing to the newsletter or a loyalty program,
  • placing an online order,
  • participating in a prize competition, a survey or a promotional operation,
  • sending a request via the contact form or customer service,
  • using an application or a personalized service (beauty diagnosis, virtual try-on, etc.).

They may also be collected automatically during the use of the Site, in particular when the User:

  • browses the pages of the website,
  • interacts with the content,
  • clicks on advertisements,
  • watches videos,
  • accepts cookies,
  • uses a connected device or a mobile application linked to our services.

In any event, the personal data collected:

  • shall be obtained and processed fairly and lawfully;
  • shall be recorded for specified and legitimate purposes;
  • shall be used in accordance with these purposes;
  • are adequate, relevant and not excessive in relation to these purposes; and
  • shall be subject to precautions designed to ensure the security and confidentiality of the data in order to prevent them from being damaged, modified, destroyed or disclosed to unauthorized third parties.

5. Recipients of the personal data

The primary recipient of the personal data collected on the Site is JOSÉ EISENBERG S.A.

Certain data may be transmitted to strictly selected partners or providers, only where this is necessary to carry out the services offered:

  • IT and hosting providers (site host, maintenance providers, CRM and emailing tools);
  • Payment providers and banking institutions (processing and securing of online payments);
  • Logistics providers and carriers (order preparation and delivery, parcel tracking);
  • Marketing and communication providers (management of newsletters, promotional campaigns, audience analysis), subject to the User’s consent where applicable;
  • Legal, accounting or tax advisers where required by law or for the defence of the rights of JOSÉ EISENBERG S.A.

Unless otherwise indicated, these partners act as processors within the meaning of the regulations, on the instructions of JOSÉ EISENBERG S.A., and are required to implement appropriate measures to ensure the security and confidentiality of the data. Certain recipients (for example, banking institutions, carriers or authorities) may act as independent controllers for their own legal obligations.

Where applicable, the competent administrative or judicial authorities may also be recipients of the data where required by law. JOSÉ EISENBERG S.A. does not sell personal data.

In the event of a change of control of JOSÉ EISENBERG S.A., a merger, an acquisition, insolvency proceedings, or any other form of transfer of assets, the data collected by JOSÉ EISENBERG S.A. may be transferred to third parties. Nevertheless, JOSÉ EISENBERG S.A. undertakes to guarantee the confidentiality of the personal data collected and to inform Users before such data is transferred or subject to new confidentiality rules.

Where recipients are located outside Monaco and/or the EU/EEA, JOSÉ EISENBERG S.A. puts in place appropriate safeguards (for example, Standard Contractual Clauses of the European Commission and, where applicable, additional measures). Further information on these safeguards may be obtained on request.

Where this is required by law, the User’s consent will be obtained, or an option to refuse will be provided, prior to any transfer of data.

6. Users’ rights

In accordance with amended Monegasque law no. 1.165 of 23 December 1993, law no. 1.565 of 3 December 2024 on the protection of personal data, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the “GDPR”, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the User has:

  • a right of access to their personal data;
  • a right to rectification of their personal data;
  • a right to erasure and deletion of their personal data;
  • a right to object to the processing of their personal data;
  • a right to restriction of the processing of their data;
  • a right to portability of their data, where the data are subject to automated processing based on consent or on a contract;
  • a right to withdraw their consent at any time; and
  • a right to determine the fate of their data after their death.

A User wishing to exercise one of these rights may submit their request via the rights exercise request form, by email at the following address:

Email: customerservice@eisenberg.com

When exercising one of these rights, the User must provide JOSÉ EISENBERG S.A. with the information necessary for their identification: surname, first name, email address and, where applicable, postal address.

JOSÉ EISENBERG S.A. then undertakes to respond within a maximum period of one (1) month following receipt of the User’s complete request.

Owing to the complexity of the request and/or the number of requests, this period may be extended by two (2) months, provided that JOSÉ EISENBERG S.A. informs the User, within one (1) month of receipt of their request, of the reasons for the postponement.

Finally, the User has the right to lodge a complaint with the Personal Data Protection Authority of Monaco (APDP), or, where the GDPR applies, with the competent supervisory authority in their Member State of residence.

7. Data retention period

7.1. Retention of data during the contractual relationship

The personal data of Users collected are not retained beyond the time necessary for the performance of the obligations of JOSÉ EISENBERG S.A. defined at the conclusion of the contract or for the predefined duration of the contractual relationship, except for the data that JOSÉ EISENBERG S.A. may need to retain as evidence, for legal or administrative purposes, or in accordance with the legislation in force.

7.2. Retention of anonymized data beyond the contractual relationship

JOSÉ EISENBERG S.A. retains the personal data of Users collected for the period strictly necessary to achieve the purposes described in this privacy policy.

At the end of the commercial relationship, JOSÉ EISENBERG S.A. will retain the information provided by the User for the following periods, namely:

  • Customer account data: 3 years after the last contact or the last activity.
  • Commercial prospecting data (email/newsletter, SMS, advertising cookies): 3 years after the last contact, or until consent is withdrawn.
  • Order and invoice data: 10 years from the close of the financial year.
  • Customer service / complaints data: 5 years after closure of the file.
  • Prize competition / promotional operation data: 2 years after the end of the operation.
  • User-generated content (reviews, photos, testimonials): until a deletion request is made or 3 years after inactivity.
  • Data from beauty / skin diagnosis applications: 2 years maximum after last use or withdrawal of consent.
  • Technical logs / security data: 6 to 12 months maximum.
  • Analytics cookies: 13 months maximum.

Beyond this period, the data will be anonymized and retained for exclusively statistical purposes and will not give rise to any use of any kind whatsoever.

8. Transfer of personal data abroad

As far as possible, JOSÉ EISENBERG S.A. processes Users’ data within Monaco and the European Economic Area (EEA), in particular in Ireland, and does not transfer such data outside this area except where necessary for certain technical providers.

Nevertheless, in the event of an international transfer of Users’ data outside the European Union, a distinction must be made between:

  • countries that have been the subject of an adequacy decision by the European Commission (such as the United States for companies certified under the EU-U.S. Data Privacy Framework): in this case, the data are transferred to a country ensuring a level of protection deemed sufficient and adequate under the European data protection regulation; and
  • countries whose level of data protection has not been recognized as adequate: in this case, to ensure a transfer compliant with the European regulation, and in particular to ensure the security of the data, JOSÉ EISENBERG S.A. will base its transfer on protection mechanisms adapted to each service provider and processor, such as the conclusion of Standard Contractual Clauses approved by the European Commission, the application of Binding Corporate Rules, or under an approved certification mechanism.

9. Security

JOSÉ EISENBERG S.A. undertakes to implement the appropriate technical and organizational measures reasonably necessary under the applicable regulation on the protection of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, in order to ensure a level of security appropriate to the risks to the rights and freedoms of natural persons in connection with the processing referred to in this privacy policy.

Where personal data are transferred to third parties for processing, JOSÉ EISENBERG S.A. ensures that these third parties implement all appropriate technical and organizational measures to ensure the protection of personal data in accordance with applicable laws.

These measures are defined taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the identified risks.

Depending on needs, risks, costs and the purpose of processing, these measures may include the pseudonymization and encryption of data.

This protection may be indicated by the “https” reference in the browser’s URL address, as well as by the depiction of a closed padlock at the bottom of the screen.

In the event of a personal data breach, JOSÉ EISENBERG S.A. undertakes to notify the Personal Data Protection Authority of Monaco (APDP), or the competent supervisory authority within the European Union where the GDPR applies, within a maximum period of 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of the persons concerned. Where the breach is likely to result in a high risk, the Users concerned will be informed without undue delay, unless appropriate protective measures render the data unintelligible.

10. Links

On the Site, Users may have access to various links directing them to third-party sites.

JOSÉ EISENBERG S.A. shall not be responsible for the information that is sent to these third parties or collected by them.

This privacy policy does not govern third-party sites or third-party content accessed by the User of the Site.

JOSÉ EISENBERG S.A. exercises no control over hypertext links and/or other promotional formats.

Consequently, JOSÉ EISENBERG S.A. gives no guarantee regarding, in particular, the personal data protection practices of the indexed websites and may in no event be held liable in the context of a dispute arising between an indexed website on the Site and one of the Users, in particular on account of losses or damage suffered, the operators of the indexed websites being solely responsible for their personal data protection practices.

11. Cookies

A cookie (or connection tracker) is a text file that may be stored, in a dedicated area of the hard drive of the User’s computer, when consulting an online service through their browsing software.

In practice, cookies are small text files that are placed on the User’s computer by the websites the User visits. They are used to make websites work and improve the ease of use of these sites.

The cookie is transmitted by a website’s server to the User’s browser. Each cookie is assigned an anonymous identifier. A cookie does not make it possible to trace back to a natural person.

When consulting the Site, Users are informed that cookies or other means of recording browsing data are used by the Site or by third parties, service providers for the Site, and placed on the User’s device (computer, mobile or tablet).

JOSÉ EISENBERG S.A. or its partners may install, subject to the User’s acceptance, various cookies, and in particular:

  • session cookies, which disappear as soon as the User leaves the Site;
  • permanent cookies, which remain on the User’s device until their lifespan expires or until the User deletes them using their browser’s functionalities; and
  • statistics cookies (allowing the Site’s audience to be measured)

Only the issuer of a cookie may read or modify the information it contains.

Upon their first connection to the Site, the User will be expressly asked to accept the Site’s cookies.

11.1. Purpose of cookies

The cookies used by JOSÉ EISENBERG S.A. or its partners make it possible to identify Users, to recognize their browser when they connect to the Site, to record their access frequencies (traffic measurement) and their display preferences on the Users’ device, to adapt and/or personalize the presentation of the Site to improve the Users’ experience, and to optimize the Site for the sole purpose of providing the services requested by the User.

In addition, the cookies used on the Site are based on the guide of the International Chamber of Commerce, by category:

  • strictly necessary cookies;
  • performance cookies;
  • functionality cookies;
  • advertising targeting cookies.

11.1.1. Strictly necessary cookies

Strictly necessary cookies allow the User to browse the Site.

These cookies collect no information about the User that could be used for marketing purposes.

JOSÉ EISENBERG S.A. uses these cookies to:

  • ensure the operation of the Site;
  • secure forms and protect them against malicious scripts.

JOSÉ EISENBERG S.A. does not use these cookies to:

  • collect information that could be used to promote products or services to Users; or
  • remember Users’ preferences or usernames after their visit.

11.1.2. Performance cookies

These cookies allow the improvement of the performance and of the Site, such as error management, monitoring of response rates, or improvement of the Site’s design.

11.1.3. Functionality cookies

These cookies are used to provide services or to remember the User’s settings in order to improve their visit to the Site.

11.1.4. Advertising targeting cookies

These cookies are used to promote products or services to the User on other sites. They may also be used to limit the number of times the User sees a particular advertisement on the Site and to measure the effectiveness of a particular campaign.

11.2. Cookie retention period

Cookies are retained for a limited period depending on their purpose:

  • Technical and strictly necessary cookies (e.g. cart memorization, language choice, authentication): retained only for the duration of the session or for a maximum period of 6 months.
  • Audience measurement and performance cookies: retained for a maximum period of 13 months after being placed on the User’s device.
  • Advertising and personalization cookies: retained for a maximum period of 13 months after being placed.

In all cases, the period of validity of the User’s consent to the use of cookies subject to consent is limited to 13 months. At the end of this period, consent must be obtained again. The lifespan of cookies is not extended at each visit; it restarts only at the first installation.

11.3. The User’s right to refuse cookies

Upon first browsing the Site, an explanatory banner on the use of cookies appears. It allows the User to enable or disable certain cookies. It will only disappear once the User has accepted, or not, the use of cookies to continue browsing.

The recording of a cookie remains subject to the will of Users. In accordance with legislative and regulatory provisions, JOSÉ EISENBERG S.A. obtains prior consent for the placing of cookies.

Users also have the option to configure their browsing software so as to oppose, wholly or partially (in particular depending on the issuer), the recording of cookies. The configuration also offers the possibility of accepting or refusing cookies on a case-by-case basis, before they are recorded on the Users’ device.

Accordingly, Users who wish to prevent the recording of cookies may follow the specific procedure for each browser and described in the browser’s help menu.

  • Chrome
  • Internet Explorer
  • Edge
  • Safari
  • Firefox
  • Opera

However, in the event of opposition to the recording of cookies or the uninstallation of a cookie, Users are informed that certain services may no longer function correctly.

12. Modification of the privacy policy

JOSÉ EISENBERG S.A. reserves the right to modify and update this privacy policy at any time, in particular in order to take into account any legal and/or case-law developments and to meet the requirements of the regulation applicable to the protection of personal data.

The prevailing version is the one accessible online on the day of consultation of the Site.

Any consultation of the Site after publication of the modified privacy policy constitutes unreserved acceptance by the latter of the new privacy policy.

13. Contacts

For any request for information or to find out more about the processing of their personal data, including the exercise of their rights indicated above, the User may contact JOSÉ EISENBERG S.A. by email at the following address: customerservice@eisenberg.com

When the User contacts JOSÉ EISENBERG S.A., they will be asked to identify themselves.

 

Version updated on 9 July 2026

Landing Page