DE BEERS PRIVACY POLICY
How we get information and what data we collect
Use of our customer service web chat function
Why we collect, process and use your information
How long we keep your information for
Changes to this Privacy Policy
Where your information is transferred and stored
Grounds for processing your information
We care about your privacy and we think it is important that you always know what information we obtain about you in the context of your use of De Beers' website (available at www.debeers.com, including any purchases or associated activities undertaken by you whilst using the website (the "Services") and what that information is used for. In the Privacy Policy below, we therefore aim to keep you fully informed as to the type, extent and purpose of the collection, storage, use and processing of your personal data by us. Personal data (as used in this Privacy Policy) is all information relating to an identified or an identifiable natural person. A person is identified when the identity of a specific person can be deduced from the information itself. A person is identifiable when we can make a connection to a specific person using information available to us. You generally have the option of not identifying yourself or of using a pseudonym when dealing with us, except where this is impractical (for example when you shop online with us) or where certain laws or a court order provides otherwise. This Privacy Policy applies to the Website and your use of the Services. Depending on your jurisdiction, this Privacy Policy may apply with or without changes. Where changes apply depending on your jurisdiction, the changes are noted in Schedule 2. Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, DO NOT VISIT OUR WEBSITE OR USE THE WEBSITE SERVICES.
|
Our Privacy Policy applies to any customer or visitor to our website. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We are the entity described in Schedule 1 as the entity registered in your country of residence (hereinafter: "De Beers" "we" or "us"). We are the provider of the Website and the Services and the organisation responsible for the personal data collected about you as part of your use of the Website and the Services within the meaning of applicable data protection and privacy laws. |
We are an organisation who sell luxury jewellery. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
If you have any questions about this Privacy Policy or our use of your personal data, if you need to report a problem, or if you would like to exercise one of your rights under data protection and privacy laws you can contact us using the contact details set out in Schedule 1. |
You can get in touch with our dedicated privacy contacts with any queries or complaints regarding your data. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
How we get information and what data we collect |
When you (i) use the Services, (ii) visit our Website, (iii) sign-up for our newsletter, (iv) book an appointment with us, (v) contact our customer services department or (vi) use our live chat service we may collect the following information from you directly:
|
We collect certain information about you when you sign up to our services or use our website. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
When you visit the Website our server will record your IP address together with the date, time and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. It enables us to identify which organisations have visited the Website. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
IF YOU DO NOT WANT US TO COLLECT ANY OF THE INFORMATION DESCRIBED IN THIS PRIVACY POLICY, DO NOT USE OUR WEBSITE OR THE WEBSITE SERVICES. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We provide a customer service web chat function as part of the Services. You should be aware that personal data that you voluntarily include and transmit online via this chat function will also be processed in accordance with this privacy policy. Please bear this in mind when providing us with information about yourself via the chat function. |
You choose what personal data you share with us when you use our chat function, and we will process that personal data in accordance with this policy. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We collect, process and use your personal data for the following purposes: To provide you with the Services
|
We use your data to provide you with the Services. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
For business administrative purposes
|
We use your data for business administrative purposes. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
For marketing and promotion purposes
|
We use your data to provide you with details of new products and services. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We retain your personal data until you ask us to delete it or it is no longer necessary for the purposes described above. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
You have various rights in relation to the data which we hold about you as described below. You can find out more about your rights by contacting the data protection authority in your jurisdiction (where applicable). Some of the rights described below are not legal rights in all jurisdictions, and we may not be legally required to comply with requests that you make in respect of these. We will comply with requests where we are required by law to do so, and where reasonable and practicable, we will also endeavour to meet other requests you make in respect of these rights. If we are unable to do so, then we will communicate this to you. To get in touch with us about any of your rights under applicable data protection laws, please use the contact details set out in Schedule 1. We will seek to deal with your request without undue delay, and in any event within any time limits provided for in applicable data protection law (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object This right enables you to object to us processing your personal data where we do so for one of the following reasons:
Right to withdraw consent If we obtain your consent to process your personal data for any activities, you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. You can withdraw your consent by updating your preferences in your account or by contacting our customer services department. Right to access a copy of your data You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so. Right to erasure You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data. Right to restrict processing You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data. Right to rectification You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision. Right of data portability If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you. Right to complain You also have the right to complain to your data protection authority (where applicable). |
You have a number of rights regarding your data. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
In general, your data is processed exclusively by us and we do not pass on any personal data to third parties unless in the context of our Website and Services. Where we do share your personal data, we do so with the following categories of recipients: Service providers We may share your personal data with third party service providers who perform functions on our behalf (including logistics companies, website providers, email communications service providers, payment and tax calculation services providers, technical support functions and IT consultants carrying out testing and development work on our business technology systems). We will only share your data with these third party service providers where we have appropriate data processing agreements (or similar protections) in place (or your consent where required) and they will not be able to use your data for their own purposes (e.g. for their own marketing purposes). Related Entities We may disclose your personal data to our affiliated companies and to our franchisees. Regulatory bodies We may disclose your personal data:
Professional advisors and Auditors We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us. Replacement providers In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If De Beers or substantially all of its assets are acquired by a third party, personal data held by us about our clients will be one of the transferred assets. Otherwise, your data will only be disclosed in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority. |
We may share your data with certain third parties (e.g. to help us provide the Services and the Website). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We will review this Privacy Policy periodically, and reserve the right to modify and update it at any time. You acknowledge that we may make changes to this Privacy Policy. Where those changes are not material, it is your responsibility to check back to this page from time to time to review the Privacy Policy. Changes to this Privacy Policy will come into effect immediately upon such changes being uploaded to our Website. Where changes are material, we will notify you of those changes and obtain your consent if required. This Privacy Policy was last revised on 17/04/2020 |
We may make changes to this Privacy Policy from time to time. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We use cookies (access data files) on our Website which save certain personal information in order to provide a specialised service that is customised and personalised, as well as for analytics and tracking purposes. Cookies are small pieces of data (text files) that are sent by the website server to the user's browser or app and saved on the user's computer and other devices. With respect to its operation, our cookies distinguish between the users' computer or mobile phones but do not differentiate the individual users. You have a right to choose whether the cookies are installed or not. You may choose to refuse all cookies, confirm each time a cookie is saved, or permit all cookies by going to [Tools]>[Internet Option]>[Security]>[Custom Setting], or by using the Settings or Options function on mobile devices. If you reject cookies or delete our cookies, you may still use our Website, but you may have reduced functionality. We use the following cookies on the Website:
We also use third party cookies on our Website. These third party cookies help us learn more about our customers so that we can provide a more personalised service. We use the following third parties cookies on the Website; to find out how these companies process your personal data, please review the relevant privacy notice.
|
We use cookie technology on the Website. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We care about protecting your personal data. That’s why we put in place appropriate security measures which are designed to prevent any misuse of the data that you provide to us, including:
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet. If you suspect any misuse, loss, or unauthorised access to your personal data please let us know immediately using the contact details set out in this Privacy Policy. We will investigate the matter and update you as soon as possible on next steps. |
We take security seriously and put in place measures to protect your information |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Where your information is transferred and stored |
In general, your data will be stored in the United Kingdom (UK) and replicated elsewhere depending on your geographic location. A number of our service providers are also located elsewhere in the world. For example, in the United States of America, Singapore, Russia, the United Arab Emirates, South Africa, Canada, Slovakia, Kazakhstan and Kuwait. In the event that we transfer your personal data to, or store your personal data in, a country or territory which does not maintain adequate data protection standards, we will take all reasonable steps to ensure that any such transfers are undertaken in accordance with applicable data protection and privacy laws (including, where required, obtaining your consent to such transfers) and that your data is treated securely and in accordance with this Privacy Policy. However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws. |
We store your data in the UK and elsewhere depending on your geographic location but our service providers may be located elsewhere in the world. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Where you give us your consent to process your personal data We are allowed to use your personal data where you have specifically consented. In order for your consent to be valid:
We currently seek your consent to use your personal data for marketing and advertisement purposes. Before giving your consent you should make sure that you read any accompanying information provided by us so that you understand exactly what you are consenting to. You have the right to withdraw your consent at any time, and details can be found in the "Right to withdraw consent" paragraph in the section on your rights above. Where processing your information is within our legitimate interests We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you. We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
We don't think that any of the activities set out above will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis. We have set out details regarding how you can go about doing this in the section on your rights above. Where processing your personal data is necessary for us to carry out our obligations under our contract with you We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you. For example, we need to collect and store your email address in order to provide you with our newsletter if you have requested it. Where processing is necessary for us to carry out our legal obligations As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with, and we are allowed to use your personal data when we need to comply with those other legal obligations. |
We rely on certain grounds to collect, use and share data about you. |
Schedule 1: De Beers Controller Entities and Regulatory Authorities
Your country of residence |
De Beers Controller Entity |
Contact Details for De Beers Controller Entity |
Regulatory authority and contact details (if applicable) |
Australia |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Office of the Australian Privacy Commissioner Phone: 1300 363 992 Email: enquiries@oaic.gov.au Post: GPO Box 5218, Sydney NSW 2001, Australia |
India |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Not applicable. |
Japan |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Personal Information Protection Committee (PPC) Phone: 03-6457-9849 Post: Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan |
Monaco |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Data Protection Authority of Monaco (Commission de Contrôle des Informations Nominatives - CCINN) Phone: (+377) 97 70 22 44 Fax: (+377) 97 70 22 45 Email: ccin@ccin.mc Post: “Suffren” building, Block B, 4th floor, 7, rue Suffren Reymond, 98000 - Monaco
|
Norway |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Details of the relevant supervisory authority can be found at the following website: https://edpb.europa.eu/about-edpb/board/members_en |
Switzerland |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Federal Data Protection and Information Commissioner Phone: +41 (0)58 462 43 95 Email: info@edoeb.admin.ch Post: Office of the Federal Data Protection and Information Commissioner FDPIC Feldeggweg 1 CH - 3003 Berne |
Malaysia |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
|
Saudi Arabia |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
|
South Korea |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
|
UK |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Information Commissioner's Office Phone: 0303 123 1113 Email: casework@ico.org.uk Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF |
EU |
De Beers Jewellers Ltd |
Email: clientservices@debeers.com Post: 45 Old Bond Street, London, W1S 4QT
|
Details of the relevant supervisory authority can be found at the following website: https://edpb.europa.eu/about-edpb/board/members_en |
Schedule 2 - Addenda to the De Beers Privacy Policy
Index
|
Addenda |
Date of last revision |
|
Addendum for Andorra |
17/04/2020 |
|
Addendum for Australia |
17/04/2020 |
|
Addendum for India |
17/04/2020 |
|
Addendum for Japan |
17/04/2020 |
|
Addendum for Monaco |
17/04/2020 |
|
Addendum for Malaysia |
17/04/2020 |
|
Addendum for Norway |
17/04/2020 |
|
Addendum for Saudi Arabia |
17/04/2020 |
|
Addendum for South Korea |
17/04/2020 |
|
Addendum for Switzerland |
17/04/2020 |
|
Addendum for the United Kingdom |
17/04/2020 |
|
Addendum for the European Union |
17/04/2020 |
Note on Addenda
The above Privacy Policy shall be replaced, deleted or varied (as applicable) by the country-specific provisions contained below. For example, if you are a consumer in Andorra, the above Privacy Policy shall apply with the changes described in Andorra Addendum below.
No changes required.
- Addendum for Australia
- The Privacy Policy applies with the following changes:
-
- The definition of personal data in the "About this Privacy Policy" section includes opinions.
-
- The word "use" is replaced with "handling" in the "How to contact us" section.
-
- The following sentence is added to the end of the "How long we keep your information for" section:
"Laws and regulations may set a minimum period of time for which we must retain your personal data."
-
- The "Your rights" section is changed as follows:
-
-
- The word "always " is replaced with "usually" in the paragraph the "Right to access a copy of your data".
-
-
-
- The "Right to restrict processing" paragraph is replaced with the following:
-
"You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impracticable or unlawful. We will, of course, where lawful to do so, notify you before lifting any restriction on processing your personal data."
-
-
- The "Right to rectification" paragraph is replaced with the following:
-
"You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impracticable or unlawful. You may also request that we notify the third parties that we have disclosed the inaccurate or incomplete personal data to and any correction made to the personal data. Where we think that it is reasonable for us not to comply with your request, we will usually explain our reasons for this decision."
-
- The “Security" section is replaced with the following:
Security |
We care about protecting your personal data. That’s why we put in place appropriate security measures which are designed to protect your personal data from misuse, interference and loss, and from unauthorised access, modification or disclosure, including:
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet. If you suspect any misuse, loss, or unauthorised access to your personal data please let us know immediately using the contact details set out in this Privacy Policy. We will investigate the matter and update you as soon as possible on next steps. |
We take security seriously and put in place appropriate measures to protect your information |
-
- The "Grounds for processing your information" section is deleted.
- The Privacy Policy applies with the following changes:
-
- The second paragraph of the "Who we are" section is replaced with the following:
"We are the provider of the Website and the Services and the organisation responsible for collecting and retaining personal data about you as part of your use of the Website and the Services within the meaning of applicable data protection and privacy laws."
-
- The following words are added to the beginning of the second paragraph of the "How we get information and what data we collect" section:
"Your credit or debit card details are considered to be sensitive personal information under Indian law."
-
- The "Your rights" section is changed as follows:
- The exception to your right to withdraw your consent (set out in the "Right to withdraw" paragraph), on the ground that an alternative legal basis may be used, does not apply to credit and debit card details. You may withdraw your consent to the processing of this data at any time.
- The "Your rights" section is changed as follows:
-
-
- The last sentence of the paragraph on "Right to access a copy of your data" (namely "Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.") is deleted.
-
-
-
- The last sentence of the paragraph on "Right to rectification" (namely "Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.") is deleted.
-
-
-
- The paragraph on the "Right to complain" is deleted.
-
-
- The following new sentence is inserted after the first sentence in the “Sharing your information” section:
“Whenever we share your sensitive personal data with third parties, we will take all reasonable steps to ensure that the third party maintains at least the same level of protection for the information as we do ourselves.”
-
- The "Grounds for processing your information" section is changed as follows:
-
-
- The following sentence is added to the end of the last paragraph on "Where you give us your consent to process your personal data":
-
"If you withdraw consent, we have the right to terminate your right and ability to access or use the Services."
-
-
- The paragraphs on "Where processing your information is within our legitimate interests", "Where processing your personal data is necessary for us to carry out our obligations under our contract with you" and "Where processing is necessary for us to carry out our legal obligations" do not apply to sensitive personal data such as your credit or debit card details.
-
- Addendum for Japan
- The Privacy Policy applies with the following changes:
-
- The "Why we collect, process and use your information" section is changed as follows:
- The "For marketing and promotion purposes" paragraph is replaced with the following
- The "Why we collect, process and use your information" section is changed as follows:
paragraph:
For marketing and promotion purposes
- to update you on our latest products and services which we think you may be interested in; and
- to send you our newsletters (should you choose to request it).
-
- The following additional paragraph is added to the end of the section:
-
|
For other related legal compliance matters to comply with our legal obligations under applicable laws (including those laws outside Japan), including without limitation, legal obligations relating to know-your-client requirements and tax requirements. |
We use your data to the extent necessary to comply with our legal obligations around the world. |
-
- The "Your rights" section is changed as follows:
- the first bullet under the "Right to object" paragraph (stating "because it is in our legitimate interests to do so (for further information please see the section on our legal bases for processing below)") is deleted;
- The "Your rights" section is changed as follows:
-
-
- the last bullet under the "Right to erasure" paragraph (stating "You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing".) is deleted; and
-
-
-
- the words "or you object to our processing of your personal data for our legitimate interests" are deleted from the "Right to restrict processing" paragraph.
-
-
- The following additional paragraph is added to after the second paragraph of the "Where your information is transferred and stored" section:
“The data will be stored on servers which may be owned by our affiliate companies or our third party IT services providers. For further details regarding our sharing of data with third parties please see the section above headed “Sharing your Information”.”
-
- The words “take all reasonable steps to” in the "Where your information is transferred and stored" section are deleted.
-
- The "Grounds for processing your information" section is deleted.
- Addendum for Monaco
No changes required.
- Addendum for Malaysia
- The Privacy Policy applies with the following changes:
-
- The following sentence is added to the end of the "About this Privacy Policy" section:
"In the event of any discrepancy or inconsistency between the English version and Malay version of this Privacy Policy, the English version shall prevail."
-
- The "How to contact us" section is replaced with the following:
How to contact us |
If you have any questions about this Privacy Policy or our use of your personal data, if you need to report a problem or complaint, or to limit the processing of your personal data, or if you would like to exercise one of your rights under data protection and privacy laws you can contact us using the contact details set out in Schedule 1. |
You can get in touch with our dedicated privacy contacts with any queries or complaints regarding your data. |
-
- The following sentence is added to the end of the "Why we collect, process and use your information" section:
"Provision of your personal data to provide you with the Services and for business administrative purposes are [mandatory in order for us to carry out our obligations towards you]. If you do not provide us with this information we may not be able to provide the Services to you. However provision of personal data for marketing and promotional purposes is optional and you may exercise your rights by contacting us using the contact details set out in Schedule 1."
-
- The "Grounds for processing your information" section is replaced with the following:
Consent to process your information and exceptions |
The PDPA requires your consent for any processing of your personal data, except where an exception applies. We have described the requirements of your consent and the exceptions below. Where you give us your consent to process your personal data We are allowed to use your personal data where you have specifically consented. In order for your consent to be valid:
We currently seek your consent to use your personal data for marketing and advertisement purposes. Before giving your consent you should make sure that you read any accompanying information provided by us so that you understand exactly what you are consenting to. You have the right to withdraw your consent at any time, and details can be found in the "Right to withdraw consent" paragraph in the section on your rights above. Exception to the consent requirement - Where processing your personal data is necessary for us to carry out our obligations under our contract with you We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you. For example, we need to collect and store your email address in order to provide you with our newsletter if you have requested it. Exception to the consent requirement - Where processing is necessary for us to carry out our legal obligations As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with, and we are allowed to use your personal data when we need to comply with those other legal obligations. |
We rely on consent or these exceptions to collect, use and share data about you. |
- Addendum for Norway
No changes required.
- Addendum for Saudi Arabia
No changes required.
- Addendum for South Korea
- The Privacy Policy applies with the following changes:
-
- The "How long we keep your information for" section is replaced with the following:
How long we keep your information for |
We retain your personal data until you ask us to delete it or it is no longer necessary for the purposes described above. |
|
-
- The "Service providers" and "Related Entities" paragraphs of the "Sharing your information" section is replaced with the following:
Sharing your information |
Service providers We may share your personal data with the following third party service providers who perform functions on our behalf:
We will only share your data with these third party service providers where we have appropriate data processing agreements (or similar protections) in place and they will not be able to use your data for their own purposes (e.g. for their own marketing purposes).
Related Entities We may disclose your personal data to our affiliated companies and to our franchisees on the following basis:
|
|
-
- The paragraphs on “Where processing your information is within our legitimate interests”, “Where processing your personal data is necessary for us to carry out our obligations under our contract with you" and “Where processing is necessary for us to carry out our legal obligations” in the Grounds for processing your information" section are deleted.
- Addendum for Switzerland
- The Privacy Policy applies with the following changes:
-
- The meaning of “Personal data” in the “About this Privacy Policy” section includes information relating to identified or identifiable legal persons (such as corporate entities) and the Privacy Policy also applies to the personal data of these persons.
-
- The "Where your information is transferred and stored" section is replaced with the following:
Where your information is transferred and stored |
In general, your data will be stored in the United Kingdom (UK) and replicated elsewhere depending on your geographic location. A number of our service providers are also located elsewhere in the world. For example, in the United States of America, Singapore, Russia, the United Arab Emirates, South Africa, Canada, Slovakia, Kazakhstan and Kuwait. In the event that we transfer your personal data to, or store your personal data in, a country or territory which does not maintain adequate data protection standards, we will ensure adequate data protection by way of using appropriate agreements (in particular on the basis of the standard contract clauses of the European Commission) or binding corporate rules. We may also rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or transfer personal data because it is necessary to protect the integrity of the persons concerned. You can obtain a copy of the mentioned contractual guarantees at any time using the contact details provided above. However, we reserve the right to redact copies for data protection reasons or reasons of secrecy as well as the right to produces excerpts only. However, please note that where personal data is stored in another country, it may be accessible to law enforcement agencies in accordance with domestic laws. |
We store your data in the UK and elsewhere depending on your geographic location but our service providers may be located elsewhere in the world. |
- Addendum for United Kingdom
No changes required.
- Addendum for European Union
No changes required.