0 results for ""
Effective Date: June 22nd 2022
This privacy policy covers situations where we, Kering, access, collect, store, process, use, disclose, transfer or delete (hereinafter collectively referred to as "use”) personal information in paper or electronic form about natural persons working for or acting as our service providers, contractors, partners, suppliers (hereinafter collectively referred to as “third parties”).
We, Kering, act as the “data controller”, which means that we determine “why” and “how” your personal information is collected and used. We are a French corporation, located in 40 rue de Sèvres, 75007 Paris, France and registered under number Paris with the company registry of 552 075 020.
We will use your personal information for the purposes described in this section. The processing of your personal information will comply with the applicable privacy legislation and rely on the legal bases set out in this section. Where we rely on our legitimate interests, we will only do so to the extent that your own interests or fundamental rights do not override our interests.
We may collect or receive the following personal information about you:
You may share with us your personal information when:
We mainly obtain information directly from you and process them by automated means when you interact with us. We may also collect your personal information through the legal entity that employs you.
From time to time, we may also obtain information on you from other third-party sources. Our third-party source categories could include our affiliates and subsidiaries, notably our parent company Kering and its affiliates.
As part of procurement operations, and in order to comply with our obligations in terms of anti-corruption, we may also have to consult public registers in order to verify that your company or its legal representatives are not subject to prosecution or of criminal convictions.
We will only process personal information strictly necessary for the realization of the purposes defined above. As a result, in the event you do not provide such information, we will not be able to pursue such purposes. For example, if you want your application to be considered as part of a RFP, you must necessarily provide the information and supportive documentation required.
Our general approach is to retain your personal information only for as long as it is needed.
We generally retain your personal information for the duration of the agreement that you (or you employer) have entered into with us and, after the expiration or termination of this agreement for any reason, until legal claims under that agreement become subject to the applicable statutes of limitations.
We may retain some of your personal information for a shorter or longer time, for instance, where we are obliged to do so in accordance with relevant legal requirements.
We are strongly committed to keeping your personal information safe.
To do so, we design our services with your safety in mind. Within our group, we have dedicated teams managing and ensuring the security and privacy of your personal information. We have adopted specific technical and organisational security measures to protect personal information against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access.
For example, whenever personal information is passed between your device and our servers, we ensure, when necessary, that it is encrypted using Secure Sockets Layer (“SSL”) and/or other security methods. All your personal information is stored on secured servers.
We have also established a specialised personal information security management system. For example, we strictly control the scope of authorisation of our employees who have access to the personal information that we collect and process. We regularly review our information collection, storage and processing practices, including physical security measures, to guard against any unauthorised access and use.
We conduct security and privacy protection training courses and tests on a regular basis to enhance our employees’ awareness of the importance of protecting personal information. We take commercially reasonable steps to make sure that our business partners and third-party service providers are able to protect your personal information. Our employees and those of our business partners and third-party service providers who have access to your personal information are subject to enforceable contractual obligations of confidentiality and specific contractual privacy provisions.
In the event of a security incident resulting in any breach of personal information, as qualified by law, we have an emergency response plan in place to prevent the expansion of such security incidents. In addition, as and where required by applicable law, we will report such personal information breach to the relevant supervisory authority and inform you via an appropriate channel.
Please also note that in order to keep your personal information secure, we may from time to time have to reset your password.
However, you should be aware that no service can be completely secure, and you play a key role in keeping your personal information safe. For the best possible protection of your personal information outside the limits of our control, your devices should be protected (e.g. by updated antivirus software) and your Internet service providers should take appropriate measures for the security of personal information transmission over the network (e.g. with firewalls and anti-spam filtering). When you perform your assignments within our premises or access to our IT system, you agree to comply with the Kering group guidelines in terms of cybersecurity defined in the documentation provided when you enter our services. You accept the inherent security implications of interacting over the Internet and will not hold us or our partners responsible for any security incident or breach of personal information unless it is due to our negligence.
If you have any concerns that your personal information has been put at risk, for example if someone could have found out your password or login, please contact us as soon as possible.
As a general principle, the personal information we collect from you will be stored in servers located in the European Union or Switzerland. However, please note that due to legal and/or technical constraints, we may store your personal information in other locations than the European Union or Switzerland.
This is notably the case where we rely on processors located outside the European Union or Switzerland to carry out processing activities on our behalf. In such a case, your personal information is then deemed transferred to such countries.
For more information about the location where your personal information is stored, you can contact us at privacy@kering.com (or see How can you contact us?
We want to ensure that your personal information is always safely used and available to you, wherever you want to access it and for whatever reason you wish to use it.
When we share, use or transfer personal information in particular from the country of your residence , we use standard contractual clauses approved by the European Commission, or put in place other measures under applicable privacy legislation, to ensure that such transfer provides adequate safeguards. You can contact us at privacy@kering.com (or see How can you contact us?) for more information about these safeguards including how to obtain copies of this information
We do not sell your personal information to third parties.
However, to the extent our transfer of your personal information to certain third-parties may be interpreted as a “sale” under California privacy law, if you are a Californian resident you have the right to opt out of that sale.
We may share and disclose your personal information for the abovementioned purposes with the categories of recipients listed below. We may also receive personal information about you from some of them as our third-party sources.
All are bound by an obligation to implement appropriate security measures to protect personal information they process, and are bound by a strict confidentiality agreement and specific contractual terms on “how” and “when” they are allowed to use your personal information on our behalf.
If you would like more information about the sharing of your personal information, including the list of recipients, please contact our privacy team and Data Protection Officer at privacy@kering.com (or see How can you contact us?).
Subject to your applicable privacy legislation, you may be entitled to one or more of the following rights and exercise them on your own or via a legal representative acting on your behalf. We are committed to protecting your rights and allowing you to exercise them. You will never be discriminated against when you exercise your right in good faith under any applicable privacy law.
If you need any further information regarding your rights, how to exercise them, or if you have any complaints or questions regarding our privacy practices, please contact our privacy team and Data Protection Officer at privacy@kering.com or by completing the form available here (or see How can you contact us?).
Under certain circumstances you may have the right to request access to and obtain a copy of any of your personal information that we may process. Such right of access also includes the right to receive information in particular about the purposes of the processing, the categories of personal information concerned, the categories of recipients to whom your personal information may be disclosed, and the envisaged period for the retention of your personal information.
You may also request correction of any inaccurate personal information relating to you and to request the deletion of your personal information. You can obtain and update this personal information by emailing our privacy team at privacy@kering.com (or see How can you contact us?).
Under certain conditions, you may have the right to receive personal information you have provided to us within a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
Subject to privacy legislation applicable to you, you may have the right to restrict our processing of your personal information in particular where:
Where personal information is subject to restriction in this way, we will only process it with your consent or to establish, exercise or defend legal claims, in accordance with local legislation.
Where we rely on legitimate interest to process personal information, you may have the right to object to that processing. In this case, we must stop using your personal information for that purpose unless we can either demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or where we need to process the personal information in order to establish, exercise or defend legal claims. Where we rely on legitimate interest as a justification for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
To exercise rights on behalf of a deceased individual, you may be required to provide us with proof that you are an immediate family member or executor of the deceased person. Subject to applicable privacy laws, we may not be able to support your request. Please be informed that under certain laws (for example in France), you can define directives relating to the storage, erasure and communication of your personal information after your death.
You also have the right to lodge a complaint with your local supervisory authority if you consider that the processing of your personal information infringes applicable law.
If you are a resident of a Member State of the European Economic Area, you may refer to the list of data protection authorities in the European Economic Area available here.
If you need any further information regarding your rights or how to exercise them, or if you have any complaints or questions regarding our privacy practices, please contact our privacy team and Data Protection Officer at privacy@kering.com or by completing the form available here (or see How can you contact us?).
To help protect your privacy and maintain security, we will take steps and may require you to provide certain information to verify your identity before granting you access to your personal information or complying with your request.
Where permissible under applicable law, we reserve the right to charge a fee for instance if your request is manifestly unfounded or excessive, to cover the administrative costs incurred by your request. We will endeavour to respond to your request as soon as possible and in any case within the applicable timeframe.
As a third party, you play a crucial role in the processing of personal information. You must comply with the applicable privacy law rules established by the controller (Kering or Kering Houses) who shares personal data with you. This means that you should implement appropriate technical and organizational measures to ensure the protection of personal data that you receive.
To ensure compliance, we carefully select third parties that can provide guarantees on the implementation of such measures. Additionally, we have established clear procedures for handling security breaches that involve third parties and ensure that the data processing agreement with third parties includes clear provisions on your obligations to comply with applicable privacy law requirements.
It's important to note that we are responsible for ensuring that third parties comply with applicable privacy law requirements. This means that you may be subject to regular audits conducted by Kering or any of its Houses to verify compliance with applicable privacy law requirements. The audit process may cover areas such as data protection policies, processes, and procedures, data protection assessment, and security testing.
By complying with applicable privacy law requirements and implementing appropriate technical and organizational measures, you can help ensure that personal information are processed correctly and protect the fundamental rights of data subjects. This will help build trust with your company, Kering Group and the data subjects, and protect their privacy rights.
We may occasionally make changes to this privacy policy, for example to comply with new requirements imposed by applicable laws or technical requirements.
We may notify you in case of material changes and, where required by applicable law, we will seek your consent to those changes.
If we wish to process your personal information for a new purpose not described in this privacy policy, where necessary we will inform you and where required we will seek your consent.
If you have any questions regarding our privacy practices or how we handle your personal information, please contact our privacy team and Data Protection Officer by sending an email to privacy@kering.com or by using the form available here.