Personal Data Protection Policy
ISSEY MIYAKE EUROPE S.A. (“ISSEY MIYAKE”) commits to using and protecting your personal data (“Data”) in compliance with the requirements of Regulations applicable in France.
Our personal Data Protection Policy applies whether we are the Controller or act as Processor. The Policy may evolve based on changes in laws and regulations and how those changes are interpreted by courts and the CNIL, the French data protection authority.
What Data do we collect?
We process Data that you share with us or that we collect as part of our business relationship with you, namely:
-Your personal identification data (such as your last name, first name, telephone number, email, physical address, banking data, photo ID);
-video recordings or photographs in which you may appear, which are processed for the purposes of surveilling our premises by means of CCTV cameras, and only within limits authorized by law, or because you took part in some of our filmed events (such as our fashion shows);
Our Processing records are kept and updated on a regular basis.
What do we do with your Data?
We collect and use your Data for the following purposes:
– managing our business relationship, as well as, in particular, the financial transactions arising therefrom;
– promotion of our products, notably by sending you our newsletters;
– informing you of events we may organize and that may be of interest to you;
– monitoring and improving our communication in terms of quality and customer satisfaction;
– surveillance and protection of our premises, only within limits authorized by law.
These Data are collected and processed in order to allow us to fulfill our obligations (i) as part of the business relationship which binds us to you, and/or (ii) because it is in our legitimate interest (for example in order to detect unauthorized access on our premises), and/or after obtaining your permission (notably in order to keep you informed of our new collections).
1 Capitalized terms refer to the glossary at the end of the document.
How long are your Data retained?
We retain your Data as long as necessary in order to conduct our business relationship, in order for ISSEY MIYAKE to meet its legal and regulatory obligations, and for it to exercise the prerogatives it is granted by laws and regulations.
Depending on the categories of Data involved, we may have to keep your Data in our records for an additional period of time for purposes of storage on our servers (be they internal or externalized to third-party service providers), under strict conditions of access and confidentiality.
Who can have access to your Data?
Access to your Data is strictly limited to those of our employees who are authorized to process them. We may also have to share them with third-party subcontractors and/or service providers so that they can fulfill their duties as part of the management of our contractual relationship with you. We ensure that those third parties’ access is strictly limited to achieving the purpose of the Processing entrusted to them in accordance with Regulations.
Rest assured that we shall not sell, transfer, market, or otherwise share your Data without your prior express consent.
Where do your Data go?
Data Processing occurs exclusively on the territory of a Member State of the European Economic Area (EEA) and/or in countries that offer what are considered adequate regulatory protections, i.e., countries providing a level of protection equivalent to Europe’s.
How are your Data protected?
In order to protect the integrity and confidentiality of your Data and your ability to exercise your rights, and in order to prevent that Data from being damaged, erased, or accessed by unauthorized third parties, we implement various measures including: storage of the Data in secure premises, processing on dedicated computers, and staff training.
What are your Rights?
You have at any moment the right to access, correct, and/or erase your Data.
You also have the right to ask that the Data be updated, and/or to limit and/or oppose their Processing, whether in whole or in part. We will notify you if such limitation and/or opposition prevents us from being able to fulfill our contractual and/or legal obligations to you.
In order to exercise your rights, you may contact our Data Point of Contact at the following address: firstname.lastname@example.org. We will process your request within one month of our receiving it.
In case of difficulty
You may file a request with CNIL (www.cnil.fr) or any other relevant authority in the event of difficulty in exercising your rights.
A few definitions:
Personal Data or Data: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (GDPR, Article 4 (1)).
Regulations: the EU’s General Data Protection Regulation 2016/679 (GDPR), and France’s Act 78-17 of January 6, 1978 amended by Act 2018-494 of June 20, 2018 and the implementation Decree of August 1, 2018, as well as any and all other regulations applicable to the protection of private data within the European Union.
Controller: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” (GDPR, Article 4 (7)).
Processor: “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” (GDPR, Article 4 (8)).
Processing: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (GDPR, Article 4 (2)).