Vulnerability Disclosure Policy

The safety and security of our customers’ data, and the reliability of our products and services, are of utmost importance to L’Occitane Group. Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our products and services.

This policy describes L’Occitane Group’s approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services from those that interact with such products and services.

Customers, users, researchers, partners and any other person that interacts with L’Occitane Group’s products and services are encouraged to report identified vulnerabilities and errors with such products and services.

The preferred method for contacting L’Occitane Group regarding such vulnerabilities and errors is by using the form present on this page.

L’Occitane Group highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

Please note that providing your contact information with your report is entirely voluntary and at your sole discretion as they are not required by L’Occitane for handling your report. L’Occitane Group will make use of all reports that are submitted; both those submitted anonymously and those with contact information. If you do submit your contact information voluntarily, L’Occitane will only use such information to get in touch with you regarding clarifying the details of your report, if that is necessary and based on L’Occitane’s legitimate interests. We may share your information with other L’Occitane Group companies and trusted third parties acting on our behalf and only for the needs of these purposes. You have the right to request access, rectification, erasure, limitation, as well as to object to the processing of your Personal Data, at any time. By filling out this form, if you choose to provide your contact details, you certify that you are at least 18 years old.

By making a report to L’Occitane Group using the form on this page, or otherwise communicating a report to L’Occitane Group, regarding vulnerabilities and errors, you agree to the following terms:

L’Occitane Group may use your report for any purpose deemed relevant by L’Occitane Group, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that L’Occitane Group deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a L’Occitane Group product or service in your report, you assign to L’Occitane Group all use and ownership rights to such proposals.

You confirm to L’Occitane Group that:

  • You have not exploited or used in any manner, and will not exploit or use in any manner (other than for the purposes of reporting to L’Occitane Group), the discovered vulnerabilities and/or errors;
  • You have not engaged, and will not engage, in testing/research of systems with the intention of harming L’Occitane Group, its customers, employees, partners or suppliers;
  • You have not accessed, used, misused, deleted, altered or destroyed, and will not attempt to access, use, misuse, delete, alter or destroy, any data that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
  • You have not conducted, and will not conduct, social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks;
  • You have not tested, and will not test, the physical security of any property, building, plant or factory of L’Occitane Group;
  • You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with L’Occitane Group product or service that lead to your report.
  • You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that a vulnerabilities and/or errors has been reported to L’Occitane Group, both of which must be considered as confidential information, with the obligation to maintain the confidentiality and security of these confidential information for so long the information is considered confidential by L’Occitane Group, and agree that any threatened or actual breach of this confidentiality may entitle L’Occitane Group to seek the remedies of injunction, specific performance and other equitable relief and no proof of special damages shall be necessary for the enforcement of this vulnerability disclosure policy.
  • L’Occitane Group does not guarantee that you will receive any response from L’Occitane Group related to your report. L’Occitane Group will only contact your regarding your report if L’Occitane Group deems it necessary.
  • You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by L’Occitane Group.
Shopping Cart
Scroll to Top