Last updated: 28 May 2019
The website www.patou.fr (the “Website”) is published by Jean Patou, a simplified joint-stock company under French law with capital of 10 million euros, headquartered at 24/32, rue Jean Goujon, 75008 Paris, France, registered in the Trade and Companies Register of Paris under the number 831 242 359, with the following intracommunity VAT number: FR67831242359, (hereinafter the “Company”).
The Company respects the concerns of users and/or internet users browsing the Website (the “Users”) relating to privacy and the protection of their personal data (the “Personal Data”).
In this respect, the Company undertakes to implement appropriate measures to ensure the protection, confidentiality and secure storage of Users’ Personal Data, in accordance with legal requirements, in particular the French Act 78-17 of 6 January 1978, as amended – and any law or regulation that supplements or replaces said Act – and the General Data Protection Regulation (EU) 2016/679 (the “Applicable Regulations”).
1.2. Scope of application
This Policy supplements the Website’s General Terms and Conditions of Use, available here and applies to all Personal Data collected and processed when the User visits the Website.
In browsing the Website, the User declares to accept the terms of this Policy. The Company may change this Policy at any time, and these changes will take effect as from the date of publication of the updated Policy on the Website.
1.3. Personal Data collected
The Company ensures that the Personal Data collected are relevant, adequate, not excessive, and strictly necessary for the purposes that were previously identified.
Accordingly, the Company processes the User’s Personal Data during the following operations, in particular:
- When the User subscribes to the Company's newsletters and other commercial information;
- When the User contacts the Company, in particular by sending an email to one of the contact addresses entered on the Website.
In this regard, the Company may be required to collect and process the following Personal Data:
- data relevant to the browsing experience: the data collected by the Company when the User browses the Website are indicated in the Cookies Management Policy available here;
- data entered when subscribing to the Company’s newsletters: User's email address, as entered by him or her in the field provided to register to receive the Company’s newsletters.
- any other data provided by the User, in particular when contacting the Company.
The User undertakes to ensure that the Personal Data he or she communicates to the Company are up-to-date, accurate, complete and unambiguous.
1.4. Purpose of the data collection
The Personal Data collected are intended for the Company’s use. The Company undertakes to collect and process the User’s Personal Data in a fair and lawful manner. In that respect, the Company processes data for specified, explicit and legitimate purposes. In particular, the User’s Personal Data are processed for the following purposes:
- To analyse the User’s browsing of the Website and improve his or her use under the terms described in the Cookies Management Policy available here;
- To manage the User’s subscription to the Company's newsletters. Within this framework, the processing is based on the Company’s legitimate interests, more specifically its economic interest to inform the User of its news;
- To answer the User's questions and complaints. Within this framework, the legal basis for the data processing is either the performance of the contract if the request concerns the contractual relationship between the Company and the User, or the Company’s legitimate interest, more specifically its economic interest to communicate clearly with the User and to understand his or her needs and expectations.
1.5. Recipients of the Personal Data collected
The Company is responsible for processing the Personal Data collected.
The Company shall only communicate the Users’ Personal Data to authorised and specified recipients, in accordance with the provisions of the Applicable Regulations.
In particular, the Company may grant the following parties access to the Users’ Personal Data: companies within its Group, and any third-party service providers acting as sub-contractors, to perform services (in particular hosting, storage, analysis, data processing or database management services) related to the Website. These third-party service providers act only on the Company’s instructions and shall not have access to the Users’ Personal Data for any other reasons than to fulfil the purposes of collecting said Personal Data and will be bound by the same security and confidentiality duties as the Company.
Moreover, the User’s Personal Data may be shared with third parties for the following reasons:
- as part of a merger, acquisition or sale of all or part of the Company's assets, of which the User acknowledges to be informed;
- in response to a legal or administrative proceeding of any nature, or to a request from a competent law enforcement agency;
- to comply with legal obligations, to protect the rights and/or safety of an individual, to protect the rights and property of the Company, including the necessity to ensure the present Policy is respected, and to prevent any problems related to fraud, security or technical aspects.
The User’s Personal Data collected by the Company are processed in the territory of the European Union (EU). However, for some specific services, the Company may work with sub-contractors located outside of the EU. Some Personal Data may then be communicated to them if strictly necessary for their assignments. In that case, in accordance with the applicable regulations, the Company requires its sub-contractors to provide the guarantees necessary to govern and secure these transfers by implementing adequate protection measures.
If the User provides the Personal Data of third parties, he or she is responsible for informing them thereof and obtaining their consent to communicate such data to the Company, in accordance with the Applicable Regulations.
The User hereby guarantees that the Personal Data he or she has provided are true, accurate and complete, and undertakes to inform the Company of any change to these data. Any loss or any damage caused to the Website or Company, following the communication of erroneous, inaccurate or incomplete information, will be the sole responsibility of the User.
1.6. Storage of Personal Data
The Company stores the User’s Personal Data as long as necessary to fulfil the purposes for which they were collected and processed. However, the Company may store the User’s Personal Data for a longer period to comply with legal obligations, in particular the relevant limitation periods.
In order to define an adequate duration of Personal Data storage, the Company uses the following criteria, in particular:
- when the User has agreed to receive marketing materials, the Company stores the User's Personal Data until the latter expresses his or her desire to no longer receive communications, or following a period of inactivity of two (2) years;
- when the User's Personal Data are collected further to the User’s requests/questions, the Company stores such Personal Data for the period necessary to process such requests;
- cookies or other trackers placed on the User’s device are kept under the terms described in the Cookies Management Policy available here.
1.7. Users’ Rights regarding their Personal Data
In accordance with the Applicable Regulations, the User has a:
- right of access: the User has the right to obtain (i) confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, to obtain (ii) access to and a copy of the Personal Data.
- right to rectification: the User has the right to obtain the rectification of inaccurate Personal Data concerning him or her. He or she also has the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- right to erasure: in some cases, the User has the right to obtain erasure of Personal Data concerning him or her. However, this right is not an absolute right and the Company may have legal or legitimate grounds for keeping said Personal Data.
- right to restriction of processing: in some cases, the User has the right to obtain restriction of processing of the Personal Data concerning him or her.
- right to data portability: the User has the right to receive the Personal Data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Company. This right does not apply when the processing of the Personal Data concerning him or her is based on his or her consent or on the performance of a contract, and when said processing is carried out via automated processes.
- right to object: the User has the right to object, on grounds relating to his or her particular situation, at any time to any processing of Personal Data concerning him or her when said processing is based on the Company’s legitimate interest. However, the Company may demonstrate compelling legitimate grounds to continue the processing. Where Personal Data are processed for direct marketing purposes, the User has the right to object at any time to the processing of Personal Data concerning him or her.
- right to lodge a complaint with a supervisory authority: the User has the right to contact the CNIL (French data protection authority) to lodge a complaint regarding the Company's Personal Data protection practices.
- right to provide instructions concerning the use of data after death: the User has the right to give the Company directives concerning the use of Personal Data concerning him or her after his or her death.
To exercise these rights, the User can send a request to the following address: email@example.com.
If the User has subscribed to the Company’s newsletter, he or she may unsubscribe at any time by clicking on the link intended for that purpose at the bottom of each newsletter.
1.9. Information regarding cookies
A cookie (or tracker) is a small text file that can be placed or stored on the User's device (computer, tablet or mobile phone) when browsing the Website. The cookie enables the Website to recognise the User, remember his or her preferences and provide secure connections while browsing and upon later visits.
For more information on this Policy, the User can send an email to the following address: firstname.lastname@example.org.