• Preamble

    This Personal Data Protection Policy (hereinafter the “Policy”) describes the practices of the company LIGHTINDERM (“LIGHTINDERM”) to collect, process and store personal data (the “Personal Data”) of visitors and users (the “User(s)”) of the site and the LIGHTINDERM mobile application (together  the “Site”), in accordance with the provisions of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms in its consolidated version and Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).

    This Policy may be modified, supplemented or updated in order to comply with any legal, editorial or technical developments. The User must refer to the latest updated version of the Policy before any navigation.

  • Responsible for collecting personal data

    The person responsible for the collection, processing and storage of Personal Data is INDERM, a simplified joint stock company with capital of 84,008.00 euros, having its head office located at 4, rue Meissonier, 75017 Paris, registered in the Trade Register and Companies of Paris under number 528 062 813.

  • What is personal data?

    Personal data is any information relating to a natural person identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to him (such as his name, his first name, his date of birth, customer or order number, location data, etc.)

  • What is the purpose of processing your Personal Data?

    The User's Personal Data allows LIGHTINDERM to provide him with products or services, to offer him products and services likely to interest him or to communicate with him for other purposes for which LIGHTINDERM informs the User when Data Personal information is collected.

  • What personal data can be collected?

    Your identity and contact data (e.g. name, email address, postal address, telephone number, etc.);

    Socio-demographic information (e.g. your age, profession, gender, etc.) mentioned when you create an account;

    Information relating to your online purchases, subscriptions, their tracking as well as purchase invoices (e.g. items chosen, delivery and billing address, product amounts, payment method, etc.);

    Information that you may be required to communicate to our customer service;

    Information relating to the use of the Site, in particular your navigation (e.g. pages visited, links clicked, etc.). Some of this information may be collected through cookies when you browse our Site.

  • When does INDERM collect my personal data?

    LIGHTINDERM may collect your personal data in particular when: 

    • Creating your customer account on our Site;
    • Purchases made on our Site;
    • Your agreement to receive all LIGHTINDERM news and offers;
    • Your participation in a draw, a competition, a promotion, an event that we organize or a customer survey;
    • Interaction with LIGHTINDERM via our official page on social networks or when we offer you the opportunity to reuse content that you have published on a social network;
    • Your exchanges with our customer service and your requests for information addressed to Lightinderm;
    • Your browsing on the Internet using cookies or similar technologies; or when you click on advertisements relating to our products.
  • Why is personal data collected?

    To guarantee you the best possible service, and in particular to ensure customer relationship management, LIGHTINDERM must collect some of your personal data at different times during your customer journey.

    Operations relating to the management of subscriptions, orders and customer relations.

    For example, we collect your personal data in order to ensure our deliveries, prepare invoices, for the management of your customer account, the monitoring of your customer relationship, to carry out studies, surveys and product tests.

    Payment for your orders, services or subscriptions

    We do not collect your payment data but only a payment identifier and the first 6 and last 4 digits of your bank card in order to recognize the card used for payment. All of your banking details are collected only by Stripe (our payment service provider) which ensures the security of payments.

    If you have subscribed to a subscription service, the bank card used for payment at the time of subscription is recorded for the purposes of paying your subscription due dates.

    If you have accepted the registration of your bank card to facilitate your next purchases, your card is associated with your Lightinderm account and kept for this use for the validity period of the bank card as long as you wish to keep it in your account.

    Personalization of our services and communications

    We want to offer you a selection of the most personalized products and services. Your data allows us to improve and personalize our services, the product offering we offer you and the communications we send you. For example, we may send you personalized emails or recommend products similar to those you have already purchased or viewed and which match your care profile and preferences. 

    Commercial prospecting by third parties

    Subject to your prior consent, your data may be transmitted to our commercial partners, including marketing and advertising agencies.

    The security of our Site & Fight against Fraud

    We collect certain browsing data to enable us to ensure the security of our services and to detect, avoid or trace any malicious attempt, computer intrusion, fraud or other violations of our terms. In this context, we can use service providers specialized in risk prevention to refine our risk analysis.

    Personalization of online advertisements (targeted advertising)

    In order to adapt the advertising that you view on our Site or on those of our partners, we may use data that does not allow you to be directly identified. This data may be cross-referenced with navigation data and other information collected during our relationships with our partners. Your data is made anonymous before any use.

    Customer knowledge and the statistics and performance of our Site

    We carry out audience measurements including, for example, the number of pages viewed, the number of visits to the Site, as well as the activity of visitors on the Site and their frequency of return. This data allows us to better understand our customers or to analyze (for statistical purposes) the activity of our Site and to improve our services and offers.

  • Who are the recipients of your personal data?

    Your Personal Data is processed by LIGHTINDERM staff. We ensure that only certain specifically authorized persons can access your personal data when necessary.

    We may also communicate your personal data to:

    subcontractors or commercial partners such as:

    Our hosting and site maintenance providers.
    Our payment service providers (e.g. Stripe);
    Our fraud prevention and fight service providers;
    Our logistics providers;
    Our marketing solutions providers;
    Our commercial prospecting and communication management providers;
    Our customer service providers;
    Our event or promotion organization service providers.

    third-party service providers to meet legal, regulatory or conventional obligations, or to respond to requests from legally authorized authorities.

  • Data transfers abroad

    Some recipients of your personal data may be located abroad, including outside the European Economic Area. Any transfer of your data outside the European Economic Area is carried out subject to appropriate guarantees, in particular contractual, technical and organizational, in compliance with the applicable regulations on the protection of personal data.

  • User Rights

    In accordance with the regulations in force, you have the right to be forgotten, to access, to modify, to rectify, to erase, to portability of data, to oppose, to complain and to delete data concerning you. . You also have the right to formulate specific or general instructions regarding the storage, erasure and communication of your post-mortem data. For more information about this, you can click on the following link:

    Each time LIGHTINDERM processes Personal Data, LIGHTINDERM takes all reasonable measures to ensure the accuracy and relevance of the User's Personal Data in accordance with the purposes for which LIGHTINDERM collects it.

    The exercise of the rights mentioned above is done by sending an email to the following address: 

    In the event of prospecting, including by electronic means, LIGHTINDERM will provide the User with the means enabling them to object to receiving information or to consent to it.

    Requests for deletion of Personal Data will be subject to the restrictions imposed on LIGHTINDERM by law, in particular with regard to the conservation or archiving of documents.

  • Security and Privacy

    To ensure the security and confidentiality of Personal Data and/or Personal Health Data, such as LIGHTINDERM skin type  collects online, LIGHTINDERM uses networks protected by standard devices such as firewalls and passwords. When processing the User's Personal Data, LIGHTINDERM takes all reasonable measures to protect them against any loss, misuse, unauthorized access, disclosure, alteration or destruction.

  • How long does Inderm keep your data?

    In principle, we only store personal information for as long as it is essential for the fulfillment of the contractual or legal obligations for which we collected it. We then immediately delete the information, except that which we need until the statutory limitation period has expired for documentary purposes for legal actions, or due to legal archiving obligations.

    We must, for example, retain contractual information for three years from the end of the year in which our business relationship with you ended for evidentiary purposes. Indeed, any claim is prescribed after the legal limitation period at the earliest from that moment.

    We must still retain part of your data after the limitation period. We are obliged to do so due to legal documentation obligations which may arise from the Commercial Code, the tax law, the banking law, the law on money laundering and on valuable trading. The archiving deadlines for documents in force extend from two to ten years.

  • Newsletters

    If you no longer wish to receive our email newsletters, you can let us know at any time by one of the following means: 

    • Click the unsubscribe link in each email 
    • Send an e-mail to specifying this request
  • Cookies

    A “cookie” is a small information file sent to the User’s browser and stored on the User’s terminal (“Cookies”). This file includes information such as the User's Internet service provider, the User's operating system, and the date and time of access. Cookies are in no way likely to damage the User's terminal.

    LIGHTINDERM may collect and process, in particular with third party sites, the User's information concerning their visit to the Site, such as the pages consulted, the searches carried out, the website visited just before this one or even the choices of service or personalization of the User. This information allows LIGHTINDERM to improve the content of the Site, the User's navigation and/or to compile statistics on people using the Site for internal market research purposes or to provide the User with a service he requested.

    What is the benefit of cookies for a subscription plan?

    You have the option to subscribe in order to regularly receive our products without placing new orders. The data entered for subscriptions (first and last name, email address and password, payment information as well as billing and shipping address) are necessary for their implementation. Registration for a subscription is impossible without this data because it is essential for the execution of the contract. This is why we use cookies. 

    Are cookies used during payment?

    For orders, we offer payment by credit card. In doing so, we collaborate with payment service providers to whom we transmit your payment information.

    Use of session cookies

    Throughout your stay on the Site, we use session cookies to remember your products when you visit our site: Internet pages have no memory. Session cookies remember you (using a random identifier such as ABC12345) as you navigate from page to page so that you do not have to provide information already provided on the Site. Session cookies are, for example, very useful when you add products to your basket: without them, the products in your basket would disappear while you reach the payment stage. These cookies are deleted as soon as you leave our site or close your browser.

    The cookies used by the Site are as follows:

    Google Analytics (third-party cookie used to establish browsing statistics) Google Analytics uses cookies and other similar technologies to analyze and improve our site based on your habits as a User. The information collected in this context may be transmitted to a company server in the United States and stored there. In the event that personal data is transferred to the United States, Google has submitted to the EU-US Privacy Shield. However, your IP address is shortened by Google Analytics before processing so that your identity cannot be deduced. For this, Google Analytics has been supplemented with "anonymizeIP" code on our site to ensure anonymized capture of IP addresses. Google processes the information collected by Google Analytics through cookies to evaluate your use of the website, to assemble reports concerning the activities of the site for its operator and to provide other services relating to the use of the site and the Internet. Normally, Google AdWords Conversion-Tracking cookies remain active on your computer for approximately 30 days. If you visit our website during this period, we and Google will be informed that you have seen the display made available. We also use Google Tag Manager to integrate and manage Google Ads and other Google and third-party services on our Site. Google processes the transferred information and other data relating to Google Ads anonymously.

    Facebook Pixel (third-party cookie allowing targeted advertising on Facebook network sites)

    If you visit our website, these tags will establish a link between your browser and a Facebook server. This informs Facebook that our website was accessed with your IP address. In the event that personal data is transferred to the United States, Facebook has submitted to the EU-US Privacy Shield. Facebook uses this information to provide statistical and anonymous data regarding the general use of our site as well as the effectiveness of our Facebook advertising ("Facebook-Ads"). If you are a member of Facebook and if you you have authorized through the privacy settings of your account, Facebook can associate the information collected during your visit to our site with your Facebook account and use it for the targeted activation of Facebook Ads. You can view and modify the privacy settings of your Facebook profile at any time. If you do not have a Facebook account, you can terminate data processing by Facebook by confirming deactivation for the provider "Facebook" on the aforementioned TRUSTe website. This prevents the collection of Facebook Pixel within this site (Opt-Out only works in the browser and only for this domain). You can find more information on this in Facebook's Data Use Policy.

    The User can configure his browser via the “Preferences/security” menu if he wishes to accept that Cookies are saved in the terminal or, on the contrary, that they are rejected, either systematically or according to their issuer. The User can also configure his browser software so that the acceptance or refusal of Cookies is offered to him from time to time.

    If the User refuses the recording of Cookies or deletes those recorded, their navigation and experience on the Site may be limited. In this case, LIGHTINDERM declines all responsibility for the consequences linked to the operation of the Site.

    You can deactivate the use of cookies by selecting the appropriate settings on your browser.

    For Mozilla Firefox:

    • Choose the “tool” menu then “options”,
    • Click on the “privacy” icon,
    • Locate the “cookie” menu and select the options that suit you.

    For Microsoft Internet Explorer:

    • Choose the “tools” menu, then “internet options”,
    • Click on the “confidentiality” tab,
    • Select the desired level using the slider.

    For Google Chrome 

    • Choose the “history” menu then “preferences” then “privacy”,
    • Choose the “tools” menu and select “history”.

    For Safari:

    • Choose the “general Safari settings” menu, then “security”,
    • Select “refuse cookies placed”.

    For Opera:

    • Choose the “preferences” menu, then “advanced” then “cookies”,
    • Select “never accept cookies”
  • Responsibility

    The Internet user is solely responsible for his or her use of the content of the Site. Except for serious misconduct on the part of LIGHTINDERM, it cannot be held liable for any use of the Site and the information it contains.


    Our iOS application uses the TrueDepth API to detect the position of the user's face when carrying out a skincare routine, in order to guide them on the correct gestures. This is the only use of this API, we do not collect, store or share data used by the TrueDepth API.

  • What measures are in place for the security of your data?

    We apply current technical measures to guarantee data security, in particular for the protection of your Personal Data against dangers during data transfers and against knowledge by third parties. These measures evolve according to the state of advancement of the technique. We use Standard Secure Sockets Layer (SSL) which encrypts the information you enter.