Updated: January 2026Download

Personal data

SISLEY pays particular attention to protecting the personal data that you provide or that it collects.

SISLEY undertakes every effort to ensure the highest degree of protection of your personal data in accordance with current regulations, particularly the Singapore Personal Data Protection Act 2012 (“PDPA”). SISLEY reserves the right to update this Personal Data Protection Policy at any time.

This document gives you a better understanding of how SISLEY protects your personal data and is aimed at users of our website, our consumers and prospects and all our partners.

We invite you to read this document before submitting your personal data and to refer back to it regularly.

1. THE CONTROLLER’S IDENTITY

The controller of the personal data you submit is the company SISLEY SINGAPORE PTE LTD., a company incorporated and registered in Singapore with company number 2001-04887C whose registered office is at 3 Killiney Road #05-02, Winsland House 1, Singapore 239519 and with VAT registration number 2001-04887C (hereinafter “SISLEY”).

2. FOR CONSUMERS, PROSPECTS AND USERS OF SISLEY’S WEBSITE

2.1 WHAT PERSONAL DATA ARE COLLECTED AND WHEN?

All information enabling you to be identified directly (for example, your name) or indirectly (for example, your internal consumer processing code) are "personal data".

SISLEY generally does not collect your personal data unless (a) it is provided to SISLEY voluntarily by you directly after (i) you have been notified of the purposes for which the data is collected, and (ii) you have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

More specifically, SISLEY may collect, save, transfer, and use your personal data relating to:

• - Your identity (title, first and last name, address, telephone and/or mobile number, email address, date of birth, internal processing code enabling the customer to be identified).
• - Managing orders and monitoring commercial relations (placing orders, subscribed service, billing, shipping, payment methods, fraud prevention, product returns, refunds, claims, after-sales service for purchased products, purchasing and services history, loyalty program, correspondence and after-sales service, exchanges and comments from existing and potential customers).
• - Initiatives aimed at loyalty, finding potential customers, conducting studies, surveys, product tests and promotions.
• - The contribution of people who submit their opinions on products, services, or content.
• - The organisation and handling of contests, sweepstakes, and all promotional initiatives (participation date, answers given during the contests and type of prizes offered).
• - Technical information (language, IP address) or browsing information linked to the device.

SISLEY may collect your personal data especially when:

• - You visit the website https://www.sisley-paris.com/en-SG/ (hereinafter the "Site").
• - You subscribe to SISLEY’s communications.
• - You create your account on the Site.
• - You place an order on the Site and answer customer satisfaction surveys.
• - You write to SISLEY by mail, email, chat, or when you call. This correspondence may be kept by SISLEY to better monitor the relationship with you and improve its services.
• - You use the services and tools of SISLEY (Masterclasses, Hair Rituel Analyzer, Virtual Try-On…).
• - You give your review on products, services, or contents.
• - You share content on Social Networks (Instagram, Facebook, LinkedIn, TikTok, Pinterest or YouTube) using the hashtag #sisley or other hashtags that SISLEY offers.

At the time of the personal data’s collection, the mandatory or optional nature is indicated with an asterisk or any other means.

How is the content you share on Social Networks handled?

When you interact with SISLEY's profile/pages on Social Networks (Instagram, Facebook, LinkedIn, Pinterest, TikTok or YouTube) your data are first collected and processed by the Social Network on which you have a profile (which acts as the "Controller" of your personal data). SISLEY has access to a restricted part of your data held by the Social Network and only processes it if you interact with SISLEY's accounts and pages on the Social Networks. SISLEY is a controller of your personal data, independent of the Social Networks. Consequently, the Social Networks and SISLEY decide autonomously on the purposes and methods of processing your personal data to which they respectively have access.

If you wish to know how the Social Networks process your data, we invite you to read the privacy policies accessible from your profile(s) on the Social Network(s) concerned.

The processing operations carried out by SISLEY are described below.

If you interact with SISLEY's account/page/profile on Social Networks, SISLEY may process the following data deduced from your profile:

• - Last name, first name, username and other biographical information, age, gender, as well as information that you have voluntarily made public or shared on the Social Network by means of publications or other features,
• - Your activities on the SISLEY page on social networks, such as "likes", comments, public publications, tags and hashtags, content of private messages addressed to SISLEY.

With regard to your consent to the processing of your data obtained by SISLEY via your profile on a Social Network, we would like to point out the following:

• - The consents concerned are given by yourself when you register on the Social Networks, you can personalize them at any time (however, SISLEY does not control these operations in any way - they are entirely managed by the Social Networks),
• - The data processed by SISLEY are those made available by the Social Network, which means that SISLEY cannot be held responsible in the event of unauthorized disclosure of information by the Social Network or receipt of unwanted advertisements/messages, in violation of the options you have selected.

The data collected from Social Networks will be processed for the following purposes:

• - Answering to your posts, requests and questions, carrying out statistical analysis and market research on users who interact with our pages on Social Networks. The legal basis for processing is SISLEY's legitimate interests in promoting its activities and improving its image as a company,
• - To fulfill its legal obligations as well as to meet its obligations relating to the protection of public health, which requires the monitoring, tracking and reporting to the authorities of any information relating to actual or potential adverse reactions related to the use of SISLEY products. The legal basis for the processing is the obligation to report undesirable effects to the various health agencies and authorities,
• - To set up promotional campaigns relating to SISLEY's activities, products or services using the SISLEY account on the Social Network, including the sending of advertisements or messages. The legal basis for processing is your consent expressed towards the Social Network,
• - With regard to data collected relating to job offers published by SISLEY on Social Networks, your data are collected to evaluate and/or establish a professional relationship. The legal basis for processing is the performance of a contract or pre-contractual measures aimed at concluding a contract with you.

If you publish data relating to third parties, it is your responsibility to meet the requirements for collecting information and obtaining consent, in accordance with applicable data protection laws.

The data we collect through Social Networks will be processed mainly electronically and will be stored in our IT systems, in compliance with current data protection laws, including aspects relating to data security and confidentiality, in accordance with the principles of lawfulness and impartiality. Furthermore, data will be kept for as long as is strictly necessary to achieve the specific purposes pursued. In all cases, the criteria used to determine the retention period is based on compliance with the time limits authorised by law and on the principles of minimisation and limitation of data retention.

2.2 WHAT ARE THE PURPOSES?

In general, your personal data are processed for:

• - Managing the Site and its quality (legal basis: legitimate interests of SISLEY).
• - Managing your account and preference, such as remembering your information so you do not have to re-enter it, understanding your preferred method of purchasing and delivery location (lawful basis: consent).
• - Managing and tracking orders (legal basis: consent).
• - Managing loyalty program (legal basis: consent).
• - Prevention, detection and management of fraud or unpaid debts (legal basis: legitimate interests of SISLEY).
• - Managing and monitoring commercial relations (legal basis: consent).
• - Managing consumer/client service (legal basis: legitimate interests of SISLEY).
• - Managing cosmetovigilance (legal basis: consent).
• - Managing customer opinions on purchased products, services, and content (legal basis: consent).
• - Managing and monitoring customer accounts created on the Site for commercial and marketing activities (legal basis: consent).
• - Managing SISLEY communications’ subscriptions (phone calls, mail, email, SMS/MMS/RCS, WhatsApp) (legal basis: consent).
• - Managing SISLEY Masterclasses (legal basis: consent).
• - Managing SISLEY one-to-one personalised beauty consultation and advices (legal basis: consent).
• - Managing diagnosis (hair, face and skin) (legal basis: consent).
• - Managing Virtual Try-On (legal basis: consent).
• - Managing sponsorship or referral program (legal basis: consent).
• - Managing purchases and services in Maison SISLEY (legal basis: performance of a contract or consent).
• - Operating and improving our business, including to conduct analytics, provide quality assurance and process adverse event or product related claims, conduct research and development, and perform accounting, auditing and other internal business functions (lawful basis: legitimate interests of Sisley).
• - Detecting, preventing, and prosecuting harmful, fraudulent, or illegal website activity, loss prevention, identifying and repairing bugs on our websites or mobile applications (lawful basis: legitimate interests of Sisley).

In compliance with the PDPA, SISLEY may collect, use or disclose your personal data without your consent for the legitimate interests of SISLEY or another person. In relying on the legitimate interests exception of the PDPA, SISLEY will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.

3. FOR PARTNERS OF SISLEY (SUPPLIERS, SERVICE PROVIDERS, DISTRIBUTORS/RETAILERS, MEDIA, INFLUENCERS, EVENTS PARTICIPANTS, ETC.)

3.1 WHAT PERSONAL DATA ARE COLLECTED AND WHEN?

All information enabling you to be identified directly or indirectly are "personal data".

SISLEY generally does not collect your personal data unless (a) it is provided to SISLEY voluntarily by you directly after (i) you have been notified of the purposes for which the data is collected, and (ii) you have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

More specifically, SISLEY may collect, save, transfer and use personal data relating to:

• - Your identity: title, first name, last name, date of birth, address, phone and/or mobile number, email address, signature.
• - Your professional life: registration number in a professional register, company, occupation, workplace address, phone and/or mobile number, email address, image, profile on Social Networks (if you share with us these personal data).
• - Your bank details or others financial information.
• - Any other information about you that you share with SISLEY.

3.2 WHAT ARE THE PURPOSES?

In general, your personal data are processed for:

• - Managing our commercial and media relationship with our partners (legal basis: legitimate interests of SISLEY)
• - Organisation of cultural events or external communications to which you are invited (legal basis: consent),
• - Prevention, detection and management of fraud or unpaid debts (legal basis: legitimate interests of SISLEY). Our legitimate interest consist of the security of transactions to ensure that payments are correctly made and have not been subject to any fraud,
• - Compliance with our legal obligations relating to the fight against money laundering, terrorism financing and corruption (legal basis: legitimate interests of SISLEY).

4. HOW LONG IS THE DATA KEPT?

We do not retain your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed, deleted or anonymised as soon as it is no longer required. We take appropriate measures to ensure that your personal data is processed only under the following conditions:

• 1. For the duration that the data is used to provide you with a service.
• 2. As required by applicable law, contract, or in consideration of our legal obligation, financial auditing, commercial/tax reporting requirements.
• 3. Only as long as necessary for the purpose for which the data was collected, or longer, if required by contract or applicable law, with the application of appropriate safeguards.

A requirement may particularly exist if the data is still needed to fulfill contractual obligations, to assess and provide warranty or guarantee claims, or to defend against such claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted unless its temporary retention is still necessary, especially to meet statutory retention periods. In cases of statutory retention obligations, deletion can only occur after the respective retention period has expired.

Thus:

• - The data establishing proof of a right, a contract, or kept under a legal obligation are stored in accordance with the applicable provisions,
• - Bank details are deleted once the transaction is completed or stored as evidence in accordance with the applicable provisions, unless you consent to use the "Saved payment cards" option to save your banking data in a secure, encrypted manner. In any case, the security code of your credit card is never kept.

5. WHO ARE THE RECIPIENTS OF THE DATA?

Your data may be sent to c.f.e.b. SISLEY (France), other Group’s entities and trusted service providers selected for their expertise and on behalf of SISLEY in order to achieve the purposes it defines such as payment, delivery, marketing or IT service providers.

If requested by the authorities, SISLEY may be required to transmit your personal data in accordance with applicable regulations.

Under no circumstances does SISLEY sell your personal data to anyone.

6. WHAT IS THE LEVEL OF CONFIDENTIALITY AND DATA SECURITY?

In accordance with best practices on the date hereof, SISLEY implements all the appropriate technical and organisational measures with regard to the nature of the data and the risks that its processing entails in order to preserve the highest security and the strictest confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorised third parties.

These measures include in particularly contractual terms when using service providers, security measures such as secured and limited access to data, antivirus software, authentication process, firewalls.

Despite all of the confidentiality and security measures implemented by SISLEY, we draw your attention to the fact that communications via the internet are never totally secure. SISLEY therefore assumes no liability in case of an Internet communication failure or any other case of unforeseen circumstances.

7. WHAT PROTECTION IS THERE WHEN TRANSFERRING DATA OUTSIDE SINGAPORE?

In order to fulfil the purposes defined by SISLEY, your data may be transmitted to countries outside Singapore that do not have an adequate level of data protection.

Before your data are transmitted to these countries, SISLEY will ensure that the recipients provide a standard of protection at least comparable to the protection under the PDPA or that the transfer is otherwise in accordance with the PDPA.

8. WHAT IS THE COOKIE POLICY?

To find out more about our cookie policy, please visit our cookie section: https://www.sisley-paris.com/en-SG/use-of-cookies/

9. WHAT ARE YOUR RIGHTS?

In accordance with the PDPA, you may exercise the following rights in respect of your personal data by sending:

• - An email through the "Contact us" section of the Site or,
• - A letter to the following address: SISLEY SINGAPORE PTE LTD., 3 Killiney Road #05-02, Winsland House 1, Singapore 239519.

Withdrawal of consent: Where the processing is based on your consent, you also have the right to withdraw this consent at any time, by submitting your request in writing or via email, without prejudicing the lawfulness of the processing based on this consent made before its withdrawal. Upon receipt of your written request to withdraw your consent, SISLEY may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for SISLEY to notify you of the consequences of SISLEY acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within 10 business days of receiving it. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

Access and correction: You may make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you.
Please note that a reasonable fee may be charged for an access request. If so, SISLEY will inform you of the fee before processing your request.

SISLEY will respond to your request as soon as reasonably possible. In general, our response will be within thirty (30) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).
SISLEY generally relies on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data.

If you consider the answer provided by SISLEY is not satisfying, you have the right to lodge a complaint with the competent supervisory authority.