FOR CREED EMPLOYEES - PRIVACY NOTE
Your personal data will be processed by Kering Beauté for training and e-learning purposes. Legal basis is further explained in the Global Employee Privacy Policy. The Personal information will be kept for the entire duration of your employment relationship. You may have the right to access, delete, modify, rectify, restrict, object processing or personal information concerning you, as well as the right to data portability if applicable. You can also lodge a complaint to your applicable supervisory authority.
By submitting your answer to this survey, you agree to the processing of your Personal Data as described above. If you need any further information regarding our privacy practices, or in case you would like to exercise one of the rights mentioned above, you contact us at keringbeaute.privacy@kering.com.
FOR WHOLESALE PARTNERS - PRIVACY NOTICE
This document aims to illustrate the processing operations carried out by Kering Beauté SAS, a corporation organized and existing under the laws of France, registered on the Paris Trade and Companies Register under the number 908 463 425, whose registered office is located at 40 rue de Sèvres, 75007 Paris, France in quality as data controller (‘Company’ or ‘Controller’) pursuant to the data protection legislation in force, including Regulation (EU) 2016/679 (‘GDPR’), in connection with the use of the mobile APP “Kering Beauté Academy” (‘App’) for the purpose of providing training to employees of the wholesalers of the Company.
1. CATEGORIES OF PERSONAL DATA COLLECTED
The Controller needs to collect the following personal data, related to employees of the Company’s wholesalers: name, surname, email address, language preference.
In case of refusal to provide such data, the Company will be prevented to provide training to the employee.
In any case, please note that the Controller will never request/collect through the App, any personal data which fall into special categories pursuant to the GDPR.
2. PURPOSES AND LEGAL BASES OF THE PROCESSING
The personal data identified above will be processed by the Company solely for training and e-learning purposes, based on the Controller’s legitimate interest pursuant Art. 6.1, (f) of the GDPR.
Moreover, the personal data collected will be processed in order to comply with obligations provided for by applicable laws and/or requests or orders issued by competent authorities, pursuant to Art. 6.1, (c) of the GDPR, as well as to establish, exercise or defend legal claims, based on the Controller’s legitimate interest pursuant to Art. 6.1, (f) of the GDPR.
3. METHODS OF PROCESSING AND DATA SECURITY
Personal data identified in Par. 1 are collected and processed lawfully and fairly, exclusively for the purposes described above, in accordance with the fundamental principles and obligations established by the applicable legislation, with special regard to the GDPR.
The processing operations will be carried out exclusively by duly authorized personnel and may take place both manually and electronically, in any case under technical and organizational measures that ensure the security and confidentiality of the data, especially in view of reducing the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to the personal data.
4. COMMUNICATIONS TO THIRD PARTIES
The personal data identified in Par. 1 will be communicated to Teach on Mars – a simplified joint-stock company, registered on the Cannes Trade and Companies Register under the number 793 850 462, whose registered office is located at Parc Haute Technologie – Lot 17, Avenue Maurice Donat, 06250 Sophia-Antipolis, France – which will carry out the processing operations as data processor on behalf of the Controller, pursuant to Article 28 of the GDPR.
It remains understood that the Controller is required to communicate the personal data collected to Public Authorities, such as judicial or supervisory authorities, to comply with their binding orders and requests, as well as with applicable legal provisions.
5. DATA RETENTION
Personal data will be kept in a format that allows the identification of the individuals for no longer than necessary to fulfill the purposes for which the data have been collected and, in any case, for a maximum period of 2 years.
Subject to the above, personal data will be kept in identifiable form for those further periods which are required or expressly permitted by applicable laws, e.g. in order to fulfil orders issued by competent authorities, as well as to enforce or protect the rights of the Controller (consistent with the retention periods and statutes of limitations provided for by the law).
As soon as no longer necessary in accordance with the above, the data will be erased or irreversibly anonymized.
6. TRANSFER OF DATA ABROAD
Given the locations of the establishments of the Company’s wholesalers, personal data may be transferred outside the European Economic Area.
Please note that the transfer will be subject to specific data protection guarantees, as required by the law, e.g. through the adoption of Standard Contractual Clauses as approved by the European Commission, or other equivalent safeguards.
7. DATA SUBJECTS’ RIGHTS
The data subject can at any time exercise his/her rights in accordance with the applicable data protection legislation, including:
a) accessing the personal data, obtaining evidence – among others – of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
b) having incorrect personal data rectified without delay;
c) having the data erased in the cases provided for by the law;
d) obtaining restrictions to processing, where possible;
e) objecting to processing activities, in the cases provided for by law;
f) requesting portability of the data concerning him/her, i.e. receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by the Company;
g) lodge a complaint to the competent Supervisory Authority.
To exercise these rights, or for any further information and/or clarifications regarding the processing activities described in this document, please write to Kering Beauté’s Data Protection Officer at keringbeaute.privacy@kering.com.