Personal data protection policy

THE CONTROLLER’S IDENTITY

The controller is the company SISLEY South Africa Property Ltd., a private company, whose registered office is located at Co-Work at Midstream Midlands Office Park, Mount Quray Road Midstream Estate, Centurion, Gauteng 1683, registered in the South Africa Trade and Companies Register under number 2011/005803/07 (hereinafter “SISLEY”).

WHAT PERSONAL DATA IS COLLECTED AND WHEN?

All information enabling you to be directly or indirectly identified is "personal data".

More specifically, SISLEY may collect, save, process, transfer, and use personal data relating to:

• - Your identity (title, first and last name, address, telephone and/or mobile number, email address, date of birth, internal processing code enabling the customer to be identified).
• - Managing orders and monitoring commercial relations (placing orders, subscribed service, billing, shipping, payment methods, fraud prevention, product returns, refunds, claims, after-sales service for purchased products, purchasing and services history, loyalty program, correspondence and after-sales service, exchanges and comments from existing and potential customers).
• - Initiatives aimed at loyalty, finding potential customers, conducting studies, surveys, product tests and promotions.
• - The contribution of people who submit their opinions on products, services, or content.
• - The organisation and handling of contests, sweepstakes, and all promotional initiatives (participation date, answers given during the contests and type of prizes offered).
• - Technical information (language, IP address) or browsing information linked to the device.

SISLEY may collect your personal data especially when:

• - You visit the Website www.sisley-paris.com (hereinafter the "Website").
• - You subscribe to SISLEY newsletters.
• - You create your account on the Website.
• - You place an order on the Website and answer customer satisfaction surveys.
• - You write to SISLEY by mail, email, chat, or when you call. This correspondence may be kept by SISLEY to better monitor the relationship with you and improve its services.
• - You give your opinion on products, services, or content.
• - You participate in special initiatives (contests, sweepstakes).
• - You share content on social networks such as Instagram, Facebook, Pinterest or Twitter using the hashtag #sisley or other hashtags that SISLEY offers.

How is the content you share on social networks handled using the hashtags we offer?

You can choose to use the hashtags we offer to tag your content on social networks such as Instagram, Facebook, Pinterest or Twitter. By using these hashtags, you acknowledge and consent that your content may appear on our Website and be used to link to our products or services. We remind you that the information you make public on social networks can be viewed, used and saved by other people around the world, and in particular in countries that do not have legislation guaranteeing adequate protection of your personal information, as defined in your country of residence. We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the terms and conditions of those social networks. We invite you to read them and refer to them regularly.

If you no longer want any of your content to appear on our Website, please remove them from the social network or stop using one of our hashtags or exercise your right to erasure in accordance to article 9 in cases where SISLEY is able to remove it. When collecting personal data, the mandatory or optional nature of the data is indicated by an asterisk or other means.

WHAT ARE THE PURPOSES?

In general, your personal data helps SISLEY customise and continually improve your shopping experience on the Website. It is particularly intended for:

• - Managing and tracking orders (lawful basis: contract), where applicable prevention, detection and management of fraud or unpaid debts (lawful basis: legitimate interests of Sisley).
• - Managing and monitoring commercial relations (lawful basis: contract).
• - Managing customer opinions on purchased products, services, and content (lawful basis: legitimate interests of Sisley).
• - Managing and monitoring customer accounts (lawful basis: contract).
• - Managing SISLEY SMS or Newsletter subscriptions (lawful basis: consent).
• - Conducting initiatives aimed at loyalty (lawful basis: contract), finding potential customers, promotions (lawful basis: consent) and customising various communications (digital, email, paper, sms) from SISLEY (lawful basis: legitimate interests of Sisley).
• - Conducting telemarketing campaigns (lawful basis: legitimate interests of Sisley).
• - Compiling sales statistics (lawful basis: legitimate interests of Sisley);
• - Managing Sisley masterclasses (lawful basis: legitimate interests of Sisley).

HOW LONG IS THE DATA KEPT?

In general, SISLEY keeps your personal data for a period of time that enables it to comply with all legal obligations in accordance with applicable laws and regulations or for a period that does not exceed the duration of its commercial management or however long the purposes defined by SISLEY require.
So:

• - Data establishing proof of a right or a contract or that is kept under a legal obligation is stored in accordance with the applicable provisions.
• - Bank details are deleted once the transaction is completed or stored as evidence in accordance with the applicable provisions, unless you consent to use the "Saved payment cards" option to save your banking data in a secure, encrypted manner. In any case, the security code of your credit card is never kept.
• - The data relating to your identity documents is kept for one year from date of submission or uploading with regard to the right to access, rectification, restriction of processing, erasure, data portability or to object.

SISLEY is an international group headquartered in France and, for operational and technical reasons, we draw your attention to the fact that your data is stored for a period of three years from the last contact/purchase unless you object or request it be deleted.

At the end of this three-year period, we may contact you again to find out if you wish to continue receiving commercial offers. If you do not give an explicit, affirmative answer, your data will either be deleted, rendered anonymous, or archived in accordance with the applicable laws or regulations.

WHO ARE THE RECIPIENTS OF THE DATA?

Your data may be sent to c.f.e.b. SISLEY (France) and service providers that are selected for their expertise and on behalf of SISLEY to achieve the purposes it defines such as payment, delivery, marketing or IT service providers.

It may sometimes be passed on to SISLEY's partners for purposes for example in the context of its use of social networks.

Under no circumstances does SISLEY disclose or make available your personal data in a manner that enable a picture of you to be associated with your personal data nor will SISLEY sell your personal data to anyone.

If requested by the authorities, SISLEY may be required to transmit your personal data in accordance with applicable regulations.

WHAT IS THE LEVEL OF CONFIDENTIALITY AND DATA SECURITY?

In accordance with best practices on the date hereof, SISLEY implements all the appropriate technical and organisational measures with regard to the nature of the data and the risks that its processing entails in order to preserve the highest security and the strictest confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorised third parties.

These measures may include but are not limited to: limited access to data, contractual terms when using service providers, security measures such as secure access, antivirus software, authentication process, firewalls.

Despite all of the confidentiality and security measures implemented by SISLEY, we draw your attention to the fact that communications via the internet are never totally secure. SISLEY therefore assumes no liability in case of a communication failure or any other case of unforeseen circumstances.

WHAT PROTECTION IS THERE WHEN TRANSFERRING DATA OUTSIDE SOUTH AFRICA?

Your data may be transmitted to countries outside South Africa for the purposes defined by SISLEY. Before your data is transmitted to these countries, SISLEY will take all possible steps to obtain the necessary guarantees to procure that your personal data is protected.

WHAT IS THE COOKIE POLICY?

To find out more about our cookie policy, please visit our cookie section.

WHAT ARE YOUR RIGHTS?

In accordance with applicable laws and regulations on personal data protection, you have a right to access, to rectify, to erase, to data portability, to restrict or to object to the processing or further processing of your personal data, and inform us of your instructions regarding the fate of your data after your death, by sending:

• - An email through the "Contact us" section of the Website
• - An e-mail to the address: sa_customer_service@sisley.fr

Where the processing of your personal data is based on your consent, you also have the right to withdraw this consent at any time without prejudicing the lawfulness of the processing before you withdraw your consent.

You also have the right to make a complaint with the competent supervisory authority.