Customer Privacy Notice
Last update: October 2022
- This Privacy Notice (together with our terms and conditions and any other documents referred to in it) describes the type of information that we collect from you ("you/your") when you purchase a product or service from us ("Products"), or the use of our website: https://parfums-de-marly.com, the "Website", how that information may be used or disclosed by us and the safeguards we use to protect it.
- Our Website may contain links to third party websites that are not covered by this Privacy Notice. We are unable to accept responsibility for any Personal Data you may share on those third party websites. We therefore ask you to review the privacy statements of other websites and applications to understand how and why they process any of your Personal Data.
- This Privacy Notice may be updated from time to time, and the latest version will always be available on our Website. We will notify you if we make any substantial changes to this Privacy Notice.
- It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us. If you have any comments or question on this Privacy Notice, please email: email@example.com.
- “Personal Data” refers to all kinds of information recorded electronically or otherwise that can be used to independently or, by the combination with other information, identify an individual’s identity or recognize an individual’s activities. This can include name, date of birth, residential address, email address, financial information, IP addresses, location data, aliases, preferences and profiles, amongst other things.
- “Special Category Personal Data” or “Sensitive Personal Data” refers to any Personal Data relating or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership or a person or any genetic data, biometric data used to identify a natural person, or information concerning health or a natural person’s sex life or sexual orientation.
- “Criminal Records Data” means anyPersonal Data relating to criminal convictions and offences or related security measures.
- The term “process” or “processing” means any activity relating to Personal Data, including, by way of example, collection, storage, use, consultation, disclosure, destruction and/or transmission.
- “Automated Decision Making” means any decision based solely on automated processing (i.e. not involving any human interaction), including profiling, which produces legal effects concerning the Data Subject or similarly significantly affects him or her or them.
- The member of the SBGC group (the “Group”) to whom you are interacting with, including making purchases from, is a Controller of your Personal Data. This is a legal term – it means that it makes decisions about how and why it is processing your Personal Data and, because of this, it is responsible for making sure it is used in accordance with the applicable data protection laws. In limited situations, your Personal Data may be shared with other members of the Group (acting as either separate Controller(s)) or Processors acting on behalf of the member of the Group (acting as a Controller) you are interacting with.
- “Processor” means a third party processing Personal Data solely on behalf of and under the instruction of the Controller.
3. Who we are
- Here are our details:
- Our Website address is: https://parfums-de-marly.com;
- Our company name is LNC;
- Our company registered number is 511 248 981;
- Our registered address is 2 Rue de la Paix, 75002, Paris, France;
- Our trading name/brand name is “Parfums de Marly”.
- Our nominated representative who is responsible for overseeing questions in relation to this Privacy Notice is our customer service representative. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please email firstname.lastname@example.org marked for the attention of customer service representative.
- We respect your right to privacy and will only process personal information about you or provided by you in accordance with the Data Protection Legislation which for the purposes of this Privacy Notice shall mean, for France, (i) the General Data Protection Regulation (EU 2016/679) (GDPR), (ii) the “Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés”, and (iii) any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time.
4. The data we collect from you
- We may process different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier. When you contact us, either by email or via our contact us form we may collect information such as your first name, last name, email address and phone number.
- Contact Data includes billing address, invoicing address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments and other details of Products you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.
- Usage Data includes information about how you use our Website and Products.
- Marketing and Communications Data includes any consents to receive marketing information and any preferences you have indicated in receiving marketing from us and our third parties and your communication preferences.
- Information we receive from other sources. We may receive information about you if you use any of the other websites we operate. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on our Website. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them.
4. How we may collect and use your data
- We may use third parties, including other members of the Group, and other processors, agents and sub-contractors acting on our behalf to process your personal information by way of different methods to collect data from and about you including through:
- Direct interactions: you may give us your information by filling in forms via our Website or by corresponding with us by email or using our ‘contact us’ form or otherwise. This includes Personal Data you provide when you:
- present information to us on the Website;
- purchase or use any of our Products;
- create an account on our Website;
- subscribe to our services or publications;
- request marketing to be sent to you; or give us some feedback; and/or
- otherwise interact with us.
- Information from third parties, such as from financial institutions in respect of payments or from delivery companies in respect of deliveries
- In addition to the above, we may process your Personal Data:
- To administer a contest, promotion, survey or other site feature;
- Provide information, and services that you request, or (with your consent) which we think may interest you;
- Manage any accounts you may have with us;
- Carry out our contracts with you or provide you with your purchased Products to you;
- Comply with, or evidence our compliance with our legal obligation;
- exercise, establish or defend legal rights; or
- otherwise interact with you, including responding to any correspondence from you; and
Where you have consented to allow us to do so:
- receive our e-mail newsletter or information about our products. If you would no longer wish to receive promotional e-mails from us, please unsubscribe using the link provided in the emails.
- If you are a new customer, you will only be contacted if you agree to it or where necessary for the performance of a contract (or to take steps at your request prior to entering into a contract) or to comply with a legal obligation imposed on us.
- We may keep a record of those links which are used the most to enable us to provide the most helpful information, but we agree to keep such information confidential and you will not be identified from this information.
- In addition, if you don't want us to use your Personal Data for any of the other reasons set out in this section 4, you can let us know at any time by contacting us at: email@example.com and we will delete your data from our systems. However, you acknowledge this may limit our ability to provide the best possible products and services to you.
- In some cases, the collection of Personal Data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you if you don't provide your Personal Data in these cases.
- If you provide personal information to us about another data subject, you are responsible for ensuring that you have their consent to provide that data for the uses set out in this Privacy Notice and for bringing this Privacy Notice to their attention.
5. Legal Basis
- We will ensure that your Personal Data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your Personal Data if at least one of the following basis applies:
- where you have given us your prior consent to the processing of your Personal Data for one or more specific purposes;
- where it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- where is necessary for compliance with a legal obligation to which we are subject, for example compliance with health and safety, tax or other statutory obligations; or
- only for France: where the Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments and your interests and fundamental rights do not override those interests.
- We generally do not rely on consent as a legal basis for processing your Personal Data other than in relation to our marketing communications or sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by clicking the unsubscribe link in any marketing email we send.
- As indicated above, with your consent we may also use your data for marketing purposes which may lead to us contacting you by email and/or SMS messages with information, news and offers on our Products. We will not do anything that we have not agreed to under this Privacy Notice, and we will not send you any unsolicited marketing or spam. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR, the “Loi n° 2004-575 du 21 juin 2004 pour la confiance dans l'économie numérique” and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- When you register on our Website, we (or a third party on our behalf) also store the personal information you provide in the user profile. All Website users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
7. With whom will your data be shared and where
Sharing of your data within the Group
- As a global company, we may transfer your Personal Data to other businesses within the Group, in France, the UK, the USA and the UAE, where necessary for the performance of a contact you have entered into, or for our operational management purposes.
- Where such transfers take place, it shall be undertaken in compliance with this Privacy Notice, and the recipients will be subject to restrictions, including those set out below, as to how and why they can access or process that Personal Data, including ensuring that such access or processing is undertaken only where necessary, depending on job functions and roles.
Outside the Group
- We use a company called Shopify who provide software used by us to run our business. If you visit our Website or make a purchase from us, Shopify collects and use information about you on our behalf and at our direction. For further information about Shopify and the way in which they collect information, including what information they collect and how it is used, please visit Shopify's privacy information and policy.
- We may also share your Personal Data with third parties in the following cases subject to your consent, where required under the applicable laws:
- Where we plan to sell any or all of our businesses, or our companies, we may share your Personal Data with any potential buyer, solely to allow them to determine whether they wish to proceed with the purchase.
- Where necessary to comply with a legal obligation imposed on us;
- In order to protect other people's property, safety or rights.
- We may contract with third parties to supply services to you on our behalf. These may include payment processing companies (Shopify International Limited, PayPal, Stripe), search engine facilities, advertising and marketing. In some cases, these third parties may require access to some or all of your data.
- When making a purchase on our Website, your payment details are captured and sent to Stripe or PayPal for processing. In order to process your payment your details are transmitted to the acquiring bank in order to authorise payments. We do not store credit or debit card details.
Personal Data sent outside of the EEA or UK
- For transfers of personal data to recipients located outside the European Economic Area (the “EEA”) or the UK.
- Any transfer of Personal Data from the EEA or the UK to a country outside of the EEA that has not been recognized by the European Commission or the United Kingdom as providing an adequate level of data protection within the meaning of the EU GDPR or UK GDPR (including to Group companies located in the UAE or the USA) will be made subject to appropriate safeguards, as prescribed by the EU and UK GDPR, being in place to ensure the protection of your Personal Data. For personal data sent from the UAE to France, UK or the US: the provisions of the UAE Federal Data Protection Law and its Executive Regulations, as may be applicable.
- In the absence of an adequacy decision and where appropriate safeguards are unavailable, transfers may take place on the basis of your consent. In such a situation, we will inform you of the possible risks associated with such a transfer. Alternatively, we may transfer your Personal Data where necessary (i) in connection with the performance of your employment contract, (ii) for reasons of public interest, or (iii) in connection with a legal claim.
- Data security is of great importance to us, we will do what we reasonably can to keep your data secure. As such, in order to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Any electronic payment made by you will be encrypted, and we will not have access to information about the cards used to make such a payment. This information will be retained by the payment provider.
- We have finally implemented security measures such as a firewall to protect any data and maintain a high level of security.
- Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.
- If we give you a password upon registration on our Website, you must keep it confidential. Please don't share it.
9. Retention periods of your data
- We will retain Personal Data for as long as is necessary which is usually the life of our relationship and up to a period of up to six years after our relationship have ended. We may however be required to retain Personal Data for a longer period of time to ensure we comply with our legislative and regulatory requirements. We review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.
10, Your legal rights
- We rely on you to provide accurate, complete and current Personal Data to us. You have the right to request to exercise the following legal rights over your Personal Data. Please note that not all these rights are absolute, and in certain situations, we may not be able to comply with a request to exercise these rights. If this is the case, we will contact you to set out the reasons why we are unable to comply with your request to exercise that right.
- Access. You may contact us at any time in order to request access to the personal information we hold about you. We will confirm whether we are processing your Personal Data, provide details of the categories of Personal Data concerned and the reasons for our processing. We can also provide you with a copy of your personal information on request.
- Be informed. You have the right to be informed as to how and why we are processing your Personal Data. This Privacy Notice sets out, in general terms, how and why we process your Personal Data.
- Rectification. If the information we hold appears to be inaccurate we will not use it, and not allow others to use it, until it is verified. You can ask us to correct or complete your Personal Data by contacting us at any time. To the extent possible, we will inform anyone who has received your Personal Data of any corrections we make to it.
Restriciton. In certain circumstances, it may be possible to require us to limit the way in which we process your personal information (i.e., require us to continue to store your Personal Data, but not otherwise process it without your consent). Such circumstances include:
- where you think the data we hold about you is inaccurate, processing can be restricted while it is being rectified;
- where you object to our processing, (which is being carried out on the grounds that it is necessary in the public interest or for our legitimate interests) processing can be restricted while we determine whether such grounds override your interests;
- where processing is unlawful but you oppose the erasure and request restriction of your data instead; or
- where we no longer need the Personal Data but you require the data in order to establish, exercise or defend a legal claim, our processing can be restricted.
- Erasure. You may ask to have the information on your account deleted or removed. We will try to do so promptly, and, to the extent possible, we will inform anyone who has received your personal information of your request.
- Receiving/transferring your Personal Data. In certain circumstances you may also ask us to send you the Personal Data we hold on you in an electronic, structured and user-friendly format, or you may ask us to send this data to another entity.
- Object. Where we are processing your personal information without your consent to pursue our legitimate interests, you may object to us processing your Personal Data. In particular, where we are using your Personal Data to contact you for marketing purposes, you have the general right to object to receive direct marketing from us at any time.
- Where our processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your Personal Data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point. Your withdrawal of your consent won’t impact any of our processing up to that point. For example, where you have consented to us processing your Personal Data to contact you for marketing purposes, you have the right to withdraw your consent at any time.
- Post-mortem directives. In France, you are entitled to issue post-mortem directives concerning the processing of your Personal Data after your death.
- If you wish to exercise any of your rights please contact [please complete with the contact details of the Controller or DPO or an equivalent function in charge of receiving questions on Personal Data] in the first instance. We have a template form (below) to assist you to make such requests, but you do not have to use it to make such requests.
- Where necessary, we may ask you for additional information to confirm your identity. Upon receipt of your request, or proof of identity, we will seek to respond to your request within one calendar month. However, in certain situations, we may need to extend this deadline to 3 calendar months. if this is the case, we will contact you within the first month following receipt of your request/proof of identity to explain the reasons for the extension and the new deadline.
- No fee usually required. You will not normally have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive to cover our administrative costs involved in complying with your request. Alternatively, we could refuse to comply with your request in these circumstances.
If we are unable to comply with your request to exercise any of these rights, either in full or in part, we will set out the reasons why when we respond to your request.
- If you believe that the rights indicated here have not been complied with, you have the right to lodge a complaint with the relevant supervisory authority (e.g., in France: the Commission Nationale de l’Informatique et des Libertés (“CNIL”) having its address at: Commission Nationale de l’Informatique et des Libertés (CNIL), 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07. More information can be found on the CNIL’s website https://www.cnil.fr/).
SCHEDULE - DATA SUBJECT ACCESS REQUEST FORM
- Requester name (data subject) and contact information
Please provide your information. We will only use the information you provide on this form to identify you and the Personal Data you are requesting access to, to respond to your request and to keep a record of your request and our response.
First and last name:
Any other names that you have been known by (including nicknames and previous surnames):
Date of birth:
Proof of data subjects's identity
We may request proof of your identity before we can respond to your access request.
To help us establish your identity, you must provide identification that clearly shows your name, date of birth and current address. We accept a photocopy or a scanned image of your passport or other photo identification such as a driving licence or national identity card as proof of your identity.
Please also attach a copy of a bank or credit card statement or utility bill showing your current address and dated within the last three months. If you have changed your name, please provide the relevant documents evidencing the change.
We may request additional information from you to help confirm your identity and your right to access, and to provide you with the personal data we hold about you. We reserve the right to refuse to act on your request if we are unable to identify you.
Information to which your request relates
To help us process your request quickly and efficiently, please provide as much detail as possible about the personal data or processing activity to which your request relates. Please include time frames, dates, names, types of documents, file numbers, or any other information to help us locate your personal data.
For example, you may specify that you are seeking access to your personal data held in relation to the following:
- Email or other electronic communications (specify the approximate dates, times and correspondents).
- Billing Information.
- Transaction histories.
We will contact you for additional information if the scope of your request is unclear or does not provide sufficient information to allow us to respond to your request, (for example, if you request “all information about me”). We will begin processing your request upon receipt of your request (or where we have requested it, as soon as we have verified your identity and have all the information we need to locate the personal data that falls within the scope of your request).
In response to your request, we will provide you with the information we are required to provide, including information on:
- The purposes of processing.
- Categories of personal data processed.
- Recipients or categories of recipients who receive personal data from us.
- How long we store the personal data, or the criteria we use to determine retention periods.
- Any available information on the source of the personal data if we do not collect it directly from you.
- Whether we use automated decision-making, including profiling, meaningful information about the auto-decision logic used, and the significance and consequences of this processing.
- Your right to:-
- request correction or erasure of your personal data;
- restrict or object to certain types of processing with respect to your personal data; and
- make a complaint to the Local Supervisory Authority.
If we are unable to provide you with access to your personal data because disclosure would infringe the rights and freedoms of third parties, we will notify you of this decision, and provide you with such Personal Data we can that does not infringe such rights.
Applicable law may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you, or we may have destroyed, erased or made your personal data anonymous in accordance with our record-retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions, when we respond to your request.
I confirm that the information provided on this form is correct and that I am the person whose name appears on this form. I understand that:
- LNC may need to confirm my proof of identity and may need to contact me again for further information.
- LNC may request additional information from me to assist it in responding to my request.
- I am entitled to one free copy of the personal data I have requested (in most cases, i.e. other than where the request is manifestly unfounded or excessive), and acknowledge that, for any further copies of the same personal data I request LNC may be entitled to refuse such a request or charge a reasonable fee based on administrative costs.
Please confirm how you would wish to receive the response to your request, including, where requested, any personal data you are seeking access to: