Depending upon the country where you registered, your ONEINSTITUTE account may offer the ability to access your information and make updates to or delete your data.
If not, you may make a request for access, erasure, rectification, to opt out of receiving marketing emails or texts, or to object to our use of your email address or phone number for advertising, here.
You can also tell us to stop sending you email and text messages by following the opt-out instructions sent with these communications. Please be aware that we may need to keep certain information to honor your choices (e.g., if you tell us to stop sending marketing emails, we will need your email address on file so that our systems remember that you no longer wish to receive marketing communications to that email address).
Also, there some situations where we may be unable to grant your request (e.g., deleting transaction data where we have a legal obligation to keep it, or for fraud prevention, security, or to protect the privacy of others, among other things).
Traditional Online Behavioral Advertising
How you can stop receiving traditional interest-based ads To stop receiving ONEINSTITUTE interest-based advertising, you can click here or click on the AdChoices icon on one of our sites. For Europe, you may click here. Please make sure to opt out of all of our advertising partners:
You can also prevent getting interest-based ads on websites by declining cookies in your browser(s). declining the “access to data” requests that apps usually present when you install them, or by adjusting the ad tracking settings on your device. Please note that you may also receive personalized ads based on your email address or phone number, if you have provided those to us for marketing purposes. To opt out of that usage, please contact us.
You will still see “contextual” ads even if you opt out of interest-based ads Even if we stop sending you interest-based ads, you will still get ads from our brands on your computer or mobile devices. These ads, however, are based on the context of the sites you visit and are called contextual ads. Unlike interest-based ads which are based on pages you visit on your mobile phone or computer viewing activities, contextual ads are ads shown to you based on the context of the specific site you are visiting. For example, you still may see an ad for one of our baby care brands while looking at nursery products online because these sites traditionally have had mostly new or expecting parents as visitors. You should also know that we may still collect information from your computer or devices and use it for other purposes like evaluating how our websites work, for consumer research, or detecting fraud.
Deleting cookies also deletes your opt-out When you opt out of interest-based advertising, we send an opt-out cookie to your browser that tells us that you no longer want to receive interest-based ads from us. You opt-out cookie will be deleted if you decide to delete all cookies. This means that you will need to opt out again if you still do not want to receive interest-based ads.
Access or Erasure To make a request for access or erasure with respect to personal data used for traditional online behavioral advertising which, for example, would include information we may have about you at a cookie or device ID level and which we use to provide you with relevant ads, please contact us here. To process your request, we need you to provide any of the following identifiers
Your Mobile advertising IDs (IDFA, Android ID).
Your TV Device Identifier for Advertising, which is a unique ID assigned by a Connected TV provider, e.g., Roku ID for Advertising.
Additional information for Nordics
Consumer Research Participants
To make a request with respect to personal data we may have as part of your participation in one of our research studies, please see the contact information provided on your consent form or call or visit your research center.
If you live in California, you may access the personal information we hold about you, request details about how we process your personal information, ask us to delete your data or request that we no longer “sell” your personal information (as “sell” is defined in the CCPA). To learn more and to exercise such rights, please click here.
EEA and UK Residents
If you live in the EEA or the UK, or are physically in the EEA or the UK, you may access the personal data we hold about you, request that inaccurate, outdated, or no longer necessary information be corrected, erased, or restricted, and ask us to provide your data in a format that allows you to transfer it to another service provider. You also may withdraw your consent at any time where we are relying on your consent for the processing of your personal data. And you may object to our processing of your personal data (this means ask us to stop using it) where that processing is based on our legitimate interest (this means we have a reason for using the data).
If you would like more information about data protection and your personal data rights in general, please visit the European Data Protection Supervisor’s site at https://edps.europa.eu/data-protection/ or the UK Information Commissioner’s Office site at https://ico.org.uk. If you are not happy with our response to your requests, you may lodge a complaint with the data protection authority in your country.
OneInstituteEspaña SA adheres to the Code of Conduct for Data Protection in AUTOCONTROL, accredited by the Spanish Data Protection Agency and therefore is subject to its extrajudicial system of data processing complaints when related to data protection and advertising, available for those interested on the website www.autocontrol.es.
If you are a dental professional and have provided your information to us as part of one of our professional outreach programs, including through https://www.dentalcare.com, please contact us through your local ONEINSTITUTE representative.
How We Gather & Use Data
Like all brands, we collect data as you interact with us or when you share data that in turn can be shared with us. We do this respectfully and carefully to protect your rights. Data can help you be better understood as a consumer and a person. We can use the information we have separately, or combine it together, to bring you better products, services, and experiences.
How We Collect Data
We collect information about you in many ways from many places. Some of the information we collect may include personal information that can be used to identify you; for example, your name, email address, telephone number, or postal address. In some countries like those in the EEA or UK or in states like California, things like IP address or cookie and mobile device identifiers may also be considered personal information.
Please note: We may combine all of the information we collect about you to give you better products, services, and user experiences.
You Share it Directly
You give us your information when signing up for an account on our websites or mobile apps or by calling or emailing us. We may ask for things like your name, email or home address, date of birth, payment information, your age, gender, the number of people in your family, and the way you want us to send you information about our products and services—for example, to your home address, email address, or by texting you.
You Interact with Websites & Emails
You Use Mobile Apps & Other Devices
To give you the best possible user experience, we may use technologies that collect information from your phone when you use our mobile apps or our “smart” devices in your home. You consent to do this when downloading the app or installing household internet connected devices. This information could include your mobile phone or other device advertising ID, information about your phone’s operating system, how you use the app or device, and your physical location. You will get a pop up notice on your phone or device that gives you the option to accept or reject allowing us to know your precise geolocation (exactly where you are standing or where you are accessing the internet).
You Connect with Partners or Third Parties
We may get information that other companies share with or sell to us. For example, you may have given consent for another company to share your personal information with us when you signed up for telecom services or a retailer loyalty points program. We may also collect information from places that you know everyone can see, such as from internet postings, blog entries, videos, or social media sites. We may also receive information from other companies, such as consumer data resellers, who are in the business of collecting or aggregating information about you sourced from publicly available databases (in line with local legal requirements as applicable) or from consent you have given to their use and subsequently our use of your information. This might be information about your income level, age, gender, number of people in your family, and products you have bought on the internet or from stores in your neighbourhood.
General Ways We Use Data
We use your information to help us meet our purpose of touching and improving the lives of people like you every day around the world.
For example, we use your information to:
Perform services for you
Identify and authenticate you to our different marketing programs and websites
Respond to your questions or requests for information
Provide customer service
Send transactional messages (such as account statements or confirmations)
Send marketing communications, survey, and invitations
Process your payment for the products you buy from us
Process and issue refunds and collections
Send you products or samples you have requested
Help you manage your ONEINSTITUTE site or app preferences
Allow you to enter our contests or sweepstakes
Interact with you on social media
Better understand your interests and preferences and serve you and others like you with relevant offers and communications
Serve you with relevant ads and serve others with relevant ads through look-alike audiences. For example, if you sign up for marketing emails for laundry detergents in the U.S., we may upload your hashed email address into Facebook in France to find consumers there who, according to Facebook, “look like” you so we can serve them an ad on Facebook.
We also use your information for internal business purposes such as:
Quality control, training, and analytics
Safety maintenance and verification
System administration and technology management, including optimizing our websites and applications
Security purposes, including detecting threats and protecting against malicious or fraudulent activity
Recordkeeping and auditing interactions with consumers, including logs and records maintained as part of transaction information
Risk management, audit, investigations, reporting and other legal and compliance reasons
We may also use your personal information to better understand you, including:
For internal research
To design and develop products, services and programs that delight our consumers
To identify prospective consumers
Cookies are small files sent to your computer as you surf the web. They store useful information about how you interact with the websites you visit. Cookies do not collect any information stored on your computer or device or in your files. Cookies do not contain any information that would directly identify you as a person. Cookies show your computer and device only as randomly assigned numbers and letters (e.g., cookie ID ABC12345) and never as, for example, John E. Smith.
to serve you with relevant advertising
to learn more about the way you interact with ONEINSTITUTE content
help us improve your experience when visiting our websites
to remember your preferences, such as a language or a region, so there is no need for you to customize the website on each visit
to identify errors and resolve them
to analyze how well our websites are performing
Types of Cookies We Use
Strictly necessary These cookies allow the page to load or provide some essential functionality without which the page would not work (i.e., store your data in a shopping cart).
Performance cookies These cookies allow sites to remember what you prefer when you come back again.
Advertising cookies These cookies can be used to learn about what interests you generally might have, based, for example, on the websites you visit and the products you buy. This can also help us infer things about you such your age, marital status, and how many kids you may have. That data allows us to send you ads for products and services that better fit the things you like or need. It also allows us to limit the number of times you see the same advertisement.
How You Can Control Cookies
You can set your browser to refuse all cookies or to indicate when a cookie is being sent to your computer. However, this may prevent our sites or services from working properly. You can also set your browser to delete cookies every time you finish browsing.
When you visit our partner sites, we can show you ads or other content we believe you would like to see. For example, you may receive advertisements for Tide® laundry detergent if we notice that you are visiting sites that sell children’s clothing or school supplies. And from that information, we may conclude that you have children and therefore could well be interested in a powerful laundry-cleaning product. In this way, we intend to send you relevant information about our products that might be of benefit to you.
We learn from groups of consumers sharing similar interests We may place you into a particular group of consumers who show the same interests. For example, we may put you in the group of “razor aficionados” if we see you frequently purchase razors online or you could be a “bargain-shopper” if we notice you use online coupons or look for discounts or sales. We notice these things about you as you look at web pages, links you click on our websites and other websites you visit, mobile applications you use, or our brand emails you view and links you click in the emails. We group together cookie and device IDs to help us learn about general trends, habits, or characteristics from a group of consumers who all act similarly online and/or offline. By doing this, we can find and serve many others who “look like” those already in the group and thereby send them what we believe will be relevant and beneficial product offers and information.
We link other information to your cookie and device IDs Your cookie and device IDs may be supplemented with other information, such as information about the products you buy offline or information that you provide directly to us when creating an account on our sites. We generally do this in ways that will not directly personally identify you. For example, we could know that cookie ID ABC12345 belongs to the razor aficionado group based on person’s web site visits, age, gender, and shopping habits, but we would not know that person’s name or address or other information that would identify him or her as a person. Should we ever want to personally identify your cookie or device information (web and app viewing history), we will always ask you before doing so.
We may know you across all of your computers, tablets, phones, and devices We may know that cookie ID ABC12345 is from a computer that that may be connected to the same person or household owning the mobile phone with device ID EFG15647. This means that you may search for diapers on your laptop, click on a Google search result link which we have sponsored, and then later see an ad for our Pampers® brand diapers on your mobile phone. We might assume or deduce that the same person owns the computer and phone because, for example, they sign on to the same WiFi network every day at the same time. Understanding what devices seem to be used by a person or household helps us limit the number of times you see the same ad across all of your devices. And this is important because that way you don’t get annoyed at us for spamming you with the same ad and we don’t pay for such repetitive ads that we don’t want you to receive.
Addressable Media When you provide us with your personal data via our sites or apps, we will use an encryption of that data – or a substitute identifier such as The Trade Desk’s UID2 — to serve you with ads we think you may like. We do this generally by uploading an encrypted copy of your email address, phone number, or your mobile advertising ID to a platform that offers ad space (e.g., Facebook, YouTube, Instagram, TikTok, etc.). We also use that same data to serve you advertising through what is called the open web. This means you may see relevant ads from us on sites like nytimes.com or apps or other places like digital TV that participate in online auctions of their ad inventory.
Advanced Matching Some of our sites use the Advanced Matching features offered by Social Media Platforms to its advertisers (For e.g. Facebook’s Advanced Matching, TikTok’s Advanced Matching etc). Through Advanced Matching, we will send some of the information you enter into our site form fields (e.g., your name, email address, and phone number – not any sensitive or special category data) encrypted in hashed format to the Social Media Platform, or the Social Media Platform Pixel will encrypt and pull that data automatically, for the purpose of helping associate you with your browser cookie or device ID. We do this so that we can better target and measure the effectiveness of our advertising on the respective Social Media platforms. This is how we can know that if we showed you an ad on a given Social Media Platform, you clicked on it, came to our site and bought something – or not – and therefore whether we should continue to buy ads on that Social Media Platform – or not.
Google Analytics Advertising Features: Some of our sites use Google Remarketing Lists for Search Ads with Analytics (“RLSA”), which is a service they offer to advertisers. When individuals visit our sites, Google Analytics collects data about their visits. If a visitor is signed into their Google account, we are able to provide that user with interest-based advertising when they conduct a Google search for terms related to the ONEINSTITUTE site they visited. For example, if you are signed into a Google account when visiting one our Head & Shoulders websites, we may provide you with Head & Shoulders advertising when you search for “dandruff shampoo” on Google. You may opt out of Google Analytics at any time
Other Technologies We May Use
Proximity-based beacons Beacons send one-way signals to mobile apps you install on your phone over very short distances to tell you, for example, what products are on-sale as you walk through a store. Beacons only talk to your device when you get close enough and after you have given consent within the mobile application associated with a particular beacon. In turn, apps may provide us location information to help customize advertising and offers to you. For example, when you are near a beacon in the skin care section of a supermarket, we may send you a $4 off coupon.
Pixels These are small objects embedded into a web page, but are not visible. They are also known as “tags,” “web bugs,” or “pixel gifs.” We use pixels to deliver cookies to your computer, monitor our website activity, make logging into our sites easier, and for online marketing activity. We also include pixels in our promotional email messages or newsletters to determine whether you open and act on them.
Mobile device identifiers and SDKs We use software code in our mobile apps to collect information similar to what cookies collect on the internet. This will be information like your mobile phone identifiers (iOS IDFAs and Android Advertising IDs) and the way you use our apps. Similar to cookies, the device information we collect automatically as you use our apps will never identify you as a person. We only know a mobile device as randomly assigned numbers and letters (e.g., advertising ID EFG4567) and never as, for example, John E. Smith.
Precise geolocation We may receive information about your exact location from things like global positioning system (GPS) coordinates (longitude and latitude) when you use our mobile apps. You will always get a pop-up notice on your phone or device asking for you to accept or reject allowing us to know exactly where you are in the world. You should understand that we will not always ask for consent to know generally that you are in a broader city, postal code, or province. For example, we do not consider it to be precise location if all we know is that you are somewhere in Manila, Philippines.
Site and App Content
Logins Our websites may allow you to log in using your account with another company such as, for example, “Login with Facebook.” When you do this, we will have access only to the information that you have given us consent to receive from your account settings in the other company’s account you’re using to log in with.
Links ONEINSTITUTE sites may include links to other sites, which we do not control. Those sites will be governed by their own privacy policies and terms, not ours.
How We Share Data
We are not in the business of sharing your personal data and do so only in very limited situations where your privacy is protected.
With Your Consent
When we have your consent, we may share your information with select partners so they can send you offers, promotions, or ads about products or services we believe you may be interested in. For example, people who receive ONEINSTITUTE emails from our diaper brands such as Pampers® may also consent to hear about baby formulas made by other companies.
Online Platforms and Ad Tech Companies
Payments for Purchases
Legal and Similar Reasons
If a brand or one of our businesses with which you’ve shared personal data is sold to another company, your data will be shared with that company. As a result, your account, and the personal data in it will not be deleted unless you tell the brand or new company that you want it deleted. We may also share your information with companies who help us protect our rights and property, or when required by law or government authorities.
Types of Data We Collect
As a large company, with many products and businesses in many countries around the world, we collect the following types of data in order to best serve all of our consumers.
Please be aware that this is an exhaustive list of all of the possible types of data we collect, and many of these types almost certainly will not apply to you. If you want to know what data we actually have about you, just ask.
What We Typically Collect
Contact Information Data elements in this category include names (including nicknames and previous names), titles, mailing address, email address, telephone/mobile number and contact information for related persons (such as authorized users of your account).
General Demographics & Psychographics Data elements in this category include personal characteristics and preferences, such as age range, marital and family status, shopping preferences, languages spoken, loyalty and rewards program data, household demographic data, data from social media platforms, education and professional information, hobbies and interests and propensity scores from third parties (likelihood of purchase, experiencing a life event, etc.).
Transaction and Commercial Information Data elements in this category include customer account information, qualification data, purchase history and related records (returns, product service records, records of payments, credits etc.), records related to downloads and purchases of products and applications, non-biometric data collected for consumer authentication (passwords, account security questions), customer service records.
Unique IDs & Accounts Details Data elements in this category include unique ID number (such as customer number, account number, subscription number, rewards program number), system identifiers (including username or online credentials), device advertisers, advertising IDs and IP address.
Online & Technical Information This includes internet or other electronic network activity information. Data elements in this category include: IP address, MAC address, SSIDs or other device identifiers or persistent identifiers, online user ID, encrypted password, device characteristics (such as browser information), web server logs, application logs, browsing data, viewing data (TV, streaming), website and app usage, first party cookies, third party cookies, flash cookies, Silverlight cookies, web beacons, clear gifs and pixel tags.
Inferred Information This includes information derived from other information listed in this section. We create inferred and derived data elements by analyzing our relationship and transactional information. Data elements in this category include propensities, attributes and/or scores generated by internal analytics programs.
What We Sometimes Collect
Precise Geolocation Data elements in this category include precise location (such as latitude/longitude or in some cases IP address).
Health-related Information Data elements based on how it is collected include:
Information collected from consumer programs
General health and symptom information
Pregnancy-related information, such as due date
Consumer Research Studies where you have provided your informed consent
Information about physical or mental health, disease state, medical history or medical treatment or diagnosis, medicines taken and related information
Financial information Data elements in this category include bank account number and details and payment card information (e.g., when you make a purchase directly with a brand or receive a credit from a brand).
Government-issued IDs Data elements in this category include governmental ID and Tax ID (e.g., for winners of a contest in jurisdictions where we are required to collect that information).
Audio Visual Information Data elements in this category include photographs, video images, CCTV recordings, Call Center recordings and call monitoring records, and voicemails (e.g., for research, when you visit our facilities, or when you call us).
Smart Devices and Sensor data Data elements in this category include smart device records, IoT products (e.g., from an Oral B app-connected toothbrush).
Data About Children Data elements in this category may include the number of children you have, your children’s diaper sizes, their genders, and ages.
Biometric Information Data elements in this category include facial recognition data, and a mathematical representation of your biometric identifier, such as the template maintained for comparison (e.g., for healthcare research studies). We will retain this biometric data for no more than three years from the individual’s last interaction with us, unless we are required to retain it longer for legal or regulatory compliance purposes, or to exercise or defend our legal interests. We have implemented commercially reasonable protocols to safeguard and, when appropriate, to permanently delete or dispose of such biometric data.
Children and Personal Data
We follow all applicable data protection laws when collecting personal information online from children. For example, in the EEA and the UK we do not collect personal information from children under 16 years of age without the consent of the holder of parental responsibility over the child, unless a lower age is provided for by the local laws – provided that such lower age is not below 13 years. Similarly, in the U.S., we obtain verified parental consent when collecting personal information from children younger than 13.
How Your Information Stays Safe
Your privacy is important. That’s why we respect it by taking steps to protect it from loss, misuse, or alteration.
We respect your personal information and take steps to protect it from loss, misuse, or alteration. Where appropriate, these steps can include technical measures like firewalls, intrusion detection and prevention systems, unique and complex passwords, and encryption. We also use organizational and physical measures such as training staff on data processing obligations, identification of data incidents and risks, restricting staff access to your personal information, and ensuring physical security including appropriately securing documents when not being used.
Your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected, including the United States. For example, we may store your data on a server in the United States because that is where a particular database is hosted; and that data may be “transferred” again when one of our marketers accesses that data from Switzerland to send you a product sample. For EEA and UK data, we perform such transfers, both between ONEINSTITUTE entities and between ONEINSTITUTE and our service providers, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as model contract clauses). If you would like a copy of a transfer agreement, contact us. For non-EEA and UK data, we perform such transfers based on your consent, or on our contracts, where so required by local law.
California Consumer Privacy Rights
For more information about the categories of personal information we collect, business and commercial purposes for the collection of the personal information and categories of third parties with whom we share the personal information, please see the disclosures above. As a California resident, you may have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
the categories and specific pieces of personal information we have collected about you;
the categories of sources from which we collected the personal information;
the business or commercial purpose for which we collected or sold the personal information;
the categories of third parties with whom we shared the personal information; and
the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.
In addition, you have the right to request that we delete certain personal information we have collected from you. To submit a request for general disclosure, to access all the information we have about you, or to ask to delete your data as described above you can contact us here or call us at (877) 701-0404 in any case. To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or considering your deletion request. Upon receipt of your request, we will send you a verification form by email or postal mail. To complete your request, please respond to the verification form when you receive it. To verify your identity, we may require you to provide any of the following information: Name, email address, postal address, or date of birth. In addition, if you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
Please understand that ONEINSTITUTE cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.
Finally, you also have the right to opt out of the sale of your personal information. To exercise that right, please contact us here or call us at +31 6 22012287
Rewards Programs calculation Under the CCPA, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal information that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personally identifiable information. Generally, we do not assign monetary or other value to personal information. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal information collected and used as being equal to the value of the discount or financial incentive provided, and the calculation of the value is based upon a practical and good-faith effort often involving the (i) categories of personal information collected (e.g., names, email addresses), (ii) the transferability of such personal information for us and our Rewards Programs, (iii) the discounted price offered, (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, applies. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.
California Notice for Minors We may offer interactive services which allow teens under the age of 18 to upload their own content (e.g., videos, comments, status updates, or pictures). This content can be removed or deleted any time by following the instructions on our sites. If you have questions about how to do this, contact us. Be aware that such posts may have been copied, forwarded, or posted elsewhere by others and we are not responsible for any such actions. You will, in such cases, have to contact other site owners to request removal of your content.
“Sales” of Personal Information
Unique Identifiers, Inferred and Derived Information, Online & Technical Information, and Geolocation Data
We sell this personal information to the following categories of third parties:
Online platforms such as Google, Amazon, Facebook
Adtech companies such as our DSPs
This data is shared for purposes of targeted advertising. These companies use that data to improve their products and services in accordance with their platform terms.
Demographic Information and Preferences
We sell this personal information to the following categories of third parties:
This data is shared pursuant to your consent for joint marketing (e.g. linking for rewards programs)
We also sell any other information with your consent.
How to Opt Out
To opt out of sales of your data, click here or call us at +31 6 22012287.
If you want us to update our internal records so we do not share your personal information from our brand programs with a third party in a way that may be defined as a “sale,” click here or call us at (877) 701-0404.
Please note that ONEINSTITUTE may also transfer your personal information to third parties through cookies or tracking technologies for advertising and joint marketing purposes. To exercise your “Do Not Sell” right related to website cookies and tracking technologies, please go to the applicable brand website, access our California Do Not “Sell” Request Center available at the bottom of the page and set your preferences. Because some of these third parties operate differently by website and device, you may need to take this step for each ONEINSTITUTE website you use.
Under the CCPA, you may designate an authorized agent to make a request on your behalf but the agent will need to complete the verification process, including the submission of proof that it has been designated to act on your behalf. For access and deletion requests made by an authorized agent on your behalf, we also may require you to verify your own identity directly with us (as described above). We will not deny, charge different prices for, or provide a different level or quality of goods or services if you choose to exercise your rights under the CCPA.
Click here to see request metrics from the previous calendar year.
EEA and UK Privacy
This section applies only to our processing of personal data of EEA country and UK residents. It aims to provide increased transparency into our processing, retention, and transfer of EEA and UK residents personal data that is in line with the letter and spirit of the General Data Protection Regulation (“GDPR”) and the GDPR as incorporated into UK law by the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.
Different ONEINSTITUTE entities may be the controller of your personal data. A data controller is the entity which directs the processing activity and is principally responsible for the data. The chart below identifies our data controllers for EU country data. For example, when you register for email on one of our French websites, the ONEINSTITUTE entity listed next to that country name will be the controller of that personal data
Countries Data Controller
Netherlands Groenburgwal 9G, 1011 HR Amsterdam
Processing and retention
As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal or other obligations. This section tells you the type of data we collect, the purposes for which we use it, why such uses comply with the law (legal basis), and how long we usually keep it (retention period).
Types of Data Email, name, phone number, postal address, your affinities, your interests, your logged in browsing behavior on our sites or apps, your profession, your habits, what you bought, the photos or videos you upload, information about your children and your home, your family composition, the number of people in your household, your hair type, your skin type, your favorite scent, whether you have a pet, health-related information (for example your pregnancy due date), etc.
Why We Collect This Data To send you materials, including advertisements, marketing our products or services or the products or services of our partners
Legal Basis Your consent for email and SMS and any special category data, and, where we obtain it, consent for postal. Legitimate interests for everything else (e.g., for advertising).
Retention Period Until you request to delete the personal data or withdraw your consent. If you do not make such a request, the personal data will be deleted on the following schedule:
email: after <50 months of all-channel inactivity. We define inactivity through several internal criteria.
SMS: after <50 months of all-channel inactivity. We define inactivity through several internal criteria.
postal address: after <50 months of all-channel inactivity. We define inactivity through several internal criteria.
These retention periods may be shorter in certain countries in line with local requirements.
Types of Data Email, name, phone number, sometimes other data.
Why We Collect This Data To provide contest participants with information about the contest, including announcing the winner(s) of the contest.
Legal Basis Performance of a contract.
Retention Period For 24 months unless local law requires us to retain it longer.
Types of Data Email, name, phone number, payment information (including bank account IBAN or Paypal details), sometimes other data.
Why We Collect This Data To process your purchases of our products, cashback offers, or warranties and to send you relevant communications related to that purchase.
Legal Basis Performance of a contract.
Retention Period As long as necessary to fulfill your order and follow up with communications about your order unless local law requires us to retain it longer. We also generally retain data for 24 months for cashback offers and 10 years for warranties
Types of Data Email, name, phone number, sometimes other data.
Why We Collect This Data To address your inquiries and make sure we follow up appropriately or as may be required by law or ONEINSTITUTE policy.
Legal Basis Our legitimate business interest in managing consumer inquiries and improving our processes and products, as well as your consent for special category data which may be collected in some adverse event cases.
Retention Period From 0 to 10 years, depending on the nature of the inquiry, our legitimate interests for processing the data, and our legal obligations.
Types of Data Email, name, phone number, address, identifiable photos or videos, sometimes other data.
Why We Collect This Data To test our product ideas and learn about your preferences and practices so that we can improve our products and the lives of our consumers.
Legal Basis Your consent.
Retention Period We will retain the personal data collected as part of substantive clinical research for as long as we need it for the purpose for which it was collected, and/or for as long as may be required to retain it by local law or regulation, which may be up to 25 years. For non-clinical research, we will retain your substantive personal data for a maximum of 5 years. We will retain your signed informed consent documents.
Traditional Online Behavioral Advertising
Types of Data Advertising cookies, device ID, demographic information such as gender and age, behavioral data such as page views, and other data.
Why We Collect This Data To learn about your Internet interests and customize the ads we send you.
Legal Basis We will obtain your consent for the deployment of cookies on our own websites in accordance with ePrivacy requirements. When we place our tags on third party websites or buy data from third party vendors, we require that our partners obtain your consent before our tag is deployed or your data is shared with us.
Depending on the case, we may rely on our legitimate business interests or on your consent for the processing your personal data to serve you with relevant advertising across different media channels.
Retention Period We will retain this data for thirteen months from the date we collect it or until you opt out, whichever is earlier.
Reporting a potential data breach to P&G
Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Confirmed or suspected data breaches should be reported promptly to P&G’s Data Protection Officer. All data breaches will be logged by the Data Protection Officer to ensure appropriate tracking of the types and frequency of confirmed incidents for management and reporting purposes.
An individual who wishes to complain about how their personal information may have been breached may lodge their complaint directly with the Data Protection Officer by email: email@example.com
The complaint should include:
a detailed description of the security incident that caused the data breach,
the type of personal data that was affected by the data breach,
the identity of the affected person,
and any other information that may be requested by the Data Protection Officer.
Any such complaints should be reported within 72 (seventy-two) hours of the occurrence of the suspected or confirmed data breach.
Reporting a data breach to the authorities
ONEINSTITUTE will seek to report potential data breaches within 72 hours of knowledge of such breaches to the relevant authorities responsible for monitoring the security of personal data.
Still have a question or concern? We’re here to help.
Please contact us directly with any questions or concerns you may have about your privacy and our data protection practices or if you are a consumer with a disability and need a copy of this notice in an alternative format. If you have an inquiry that is specific to our data protection officer, such as a suspected data breach, please state that in your message.