THE CONTROLLER’S IDENTITY
The controller is the company c.f.e.b. SISLEY, a simplified joint-stock company [société par actions simplifiée] with share capital of €1,000,000, having its registered office at 3 avenue de Friedland, 75008 Paris, France, registered on the Paris Trade and Companies Registered under number 722 003 464, intra community VAT number FR16722003464 and SISLEY ApS., a company incorporated and registered in Denmark with company number 26307120 whose registered office is at Bredgade 20A, 1. Sal, 1260 København K and with VAT registration number (hereinafter “SISLEY”).
2. WHAT PERSONAL DATA IS COLLECTED AND WHEN?
All information enabling you to be directly or indirectly identified is "personal data".
More specifically, SISLEY may collect, save, process, transfer, and use personal data relating to:
SISLEY may collect your personal data especially when:
How is the content you share on social networks handled using the hashtags we offer?
You can choose to use the hashtags we offer to tag your content on social networks such as Instagram, Facebook, Pinterest or Twitter. By using these hashtags, you acknowledge and consent that your content may appear on our Website and be used to link to our products or services. We remind you that the information you make public on social networks can be viewed, used and saved by other people around the world, and in particular in countries that do not have legislation guaranteeing adequate protection of your personal information, as defined in your country of residence. We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the terms and conditions of those social networks. We invite you to read them and refer to them regularly. In this connection, SISLEY is operating as a joint controller with the social network in question. The legal basis for the processing of your personal data in this context is article 6(1)(f) of the General Data Protection Regulation ("GDPR") as we are pursuing our legitimate interest in showcasing social network content which is tagged with our name, products and services on our Website.
If you no longer want any of your content to appear on our Website, please remove them from the social network or stop using one of our hashtags or exercise your right to erasure in accordance to article 9 in cases where SISLEY is able to remove it.
When collecting personal data, the mandatory or optional nature of the data is indicated by an asterisk or other means.
WHAT ARE THE PURPOSES?
In general, your personal data helps SISLEY customise and continually improve your shopping experience on the Site. It is particularly intended for:
- - Managing and tracking orders (lawful basis: article 6(1)(b) of the GDPR as the processing is necessary to fulfil our contract with you), where applicable prevention, detection and management of fraud or unpaid debts (lawful basis: article 6(1)(f) of the GDPR as we are pursuing our legitimate interest I protection our business and keeping our customers' data safe).
- - Managing and monitoring commercial relations (lawful basis: article 6(1)(f) of the GDPR as we are pursuing the legitimate interests of Sisley in maintaining our customer relationships and providing proper customer service and support as part of our day-to-day business operations).
- - Managing customer opinions on purchased products, services, and content (lawful basis: article 6(1)(f) of the GDPR as we are pursuing the legitimate interests of Sisley in maintaining and continuously improving our business and customer experiences).
- - Managing and monitoring customer accounts article 6(1)(b) of the GDPR as the processing is necessary to fulfil our contract with you),
- - Managing SISLEY SMS or Newsletter subscriptions (lawful basis: consent pursuant to article 6(1)(a) of the GDPR).
- - Conducting initiatives aimed at loyalty (lawful basis: article 6(1)(b) of the GDPR as the processing is necessary to fulfil our contract with you), and finding potential customers, promotions, including customising various communications (digital, email, paper, sms) from SISLEY (lawful basis: article 6(1)(f) of the GDPR as we are pursuing the legitimate interests of Sisley in being able to personalize the communications ).
- - Conducting telemarketing campaigns (lawful basis: article 6(1)(f) of the GDPR as we are pursuing the legitimate interests of Sisley in contacting persons who has requested us to reach out to them).
- - Compiling sales statistics (lawful basis: article 6(1)(f) of the GDPR as we are pursuing the legitimate interests of Sisley in gathering business intelligence and improving our business);
- - Managing Sisley masterclasses (lawful basis: article 6(1)(b) of the GDPR as the processing is necessary to fulfil our contract with you, i.e. your agreement to participate in the masterclasses).
HOW LONG IS THE DATA KEPT?
In general, SISLEY keeps your personal data for a period of time that enables it to comply with all legal obligations in accordance with the provisions in force or for a period that does not exceed the duration of its commercial management or however long the purposes defined by SISLEY require.
WHO ARE THE RECIPIENTS OF THE DATA?
Your data may be sent to c.f.e.b. SISLEY (France), SISLEY ApS and service providers that are selected for their expertise and on behalf of SISLEY to achieve the purposes it defines such as payment, delivery, marketing or IT service providers. This includes transfer of your personal data to other controllers as well as to our processors.
Your personal data may sometimes be passed on to SISLEY's partners for purposes for example in the context of its use of social networks.
Under no circumstances does SISLEY sell your personal data to anyone.
WHAT IS THE LEVEL OF CONFIDENTIALITY AND DATA SECURITY?
In accordance with best practices on the date hereof, SISLEY implements all the appropriate technical and organisational measures with regard to the nature of the data and the risks that its processing entails in order to preserve the highest security and the strictest confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorised third parties.
These measures may include but are not limited to: limited access to data, contractual terms when using service providers, security measures such as secure access, antivirus software, authentication process, firewalls.Despite all of the confidentiality and security measures implemented by SISLEY, we draw your attention to the fact that communications via the internet are never totally secure. SISLEY therefore assumes no liability in case of a communication failure or any other case of unforeseen circumstances.
WHAT PROTECTION IS THERE WHEN TRANSFERRING DATA OUTSIDE THE EUROPEAN UNION?
Your data may be transmitted to countries outside the European Union that do not have an adequate level of data protection for the purposes defined by SISLEY].
Before your data is transmitted to these countries, SISLEY will take all possible steps to obtain the necessary guarantees so your data is protected.].
WHAT ARE YOUR RIGHTS?
In accordance with the regulation on personal data protection (particularly the Data Protection Act 2018 and Regulation (EU) 2016/679 of 27th April 2016), you have a right to access, to rectification, to erasure, to data portability, to restriction or to object to the processing of your personal data, and inform us of your instructions regarding the fate of your data after your death, by sending:
Where the processing is based on your consent, you also have the right to withdraw this consent at any time without prejudicing the lawfulness of the processing based on this consent made before its withdrawal.
You also have the right to a complaint with the Danish Data Protection Agency.
SISLEY pays particular attention to protecting the personal data that you provide or that it collects.
SISLEY undertakes every effort to ensure the highest degree of protection of your personal data in accordance with current regulations, particularly the Regulation (EU) 2016/679 of 27 April 2016. SISLEY reserves the right to modify this Personal Data Protection Policy at any time without notice.
This document gives you a better understanding of how SISLEY protects your personal data.
We invite you to read this document before submitting your personal data.
SISLEY is an international group headquartered in France and, for operational and technical reasons, we draw your attention to the fact that, unless expressly provided otherwise just above, your data is stored for a period of three years from the last contact/purchase unless you object or request it be deleted. At the end of this three-year period, we may contact you again to find out if you wish to continue receiving commercial offers. If you do not give an explicit, affirmative answer, your data will either be deleted, rendered anonymous, or archived in accordance with the applicable provisions.
If requested by the authorities, SISLEY may be required to transmit your personal data in accordance with applicable regulations.