Privacy and Data Protection Policy (Effective Date: August 2021)
1. General Statement
We take your privacy very seriously and we are committed to protecting it. We believe that you should easily be able to find out what personal data we collect and use, and the nature of your rights with regard to these data.
The Fondation d’entreprise Hermès is the foundation belonging to Hermès International and Hermès Sellier, headquartered at 24, rue du Faubourg Saint-Honoré – 75008 PARIS, and regulated by the loi n°87-571 du 23 juillet 1987 on the development of patronage, and by the successive modifications of this law.
You can find our contact information in the ‘Contact Us’ section below.
3. What personal data to we collect, and how do we collect them?
Personal data are information relating to an identified or identifiable physical person. They include, for example, a person’s name, address, and gender.
We may collect such personal data directly from you (for example, when you apply to one of our programmes) or indirectly (for example, from electronic devices you use to access our websites, from online forms, or from mobile applications [‘Digital Platforms’]).
3.1 Data that you provide to us directly
You may provide us with data when:
- You apply to one of our programmes
- You subscribe to our newsletter via our website
- You take part in or attend one of our events
- You contact us via the online contact form on our website
Depending on what you provide us with, this information may include:
- Your identity (including your first name, family name, gender, and image)
- Your addresses and contact information (including your postal address(es), email address(es), telephone number(s)
- Your personal status (including your title)
- Your professional status (profession, job title, etc.)
- Your financial situation (for grant/scholarship applicants)
- Payment information (such as bank details for payment of services, or for receiving grants/scholarships)
- Further information you may provide to us by filling in forms or by contacting us (including your comments or other communications with us).
We will inform you when your information is necessary for processing and for replying to your questions and requests, or for the provision of products and services. If you do not provide this information, the processing of your requests or questions, or the provision of goods or services, may take longer or may not be possible.
We try to ensure that the personal data that we hold are always accurate and up-to-date. We therefore encourage you to update your information if your situation changes. We may also request that you update your information from time to time.
We recommend that you provide only the data requested or relevant to your request, and we ask that you do not provide sensitive data relating to race or ethnicity, political, religious or philosophical opinions or beliefs, or data concerning your health, personal life or sexual orientation.
We remind you that we do not provide support to/partner directly with people under 18 years of age, nor do we collect personal data from people under 18 years of age.
3.2 Indirectly collected data
We may also collect your data from third parties, in particular from a partner or from friends who contact us on your behalf and provide your information so that we can invite you to events that may interest you.
4. Why do we collect personal data and how do we use them?
We collect and use your personal data on one or several of the following legal bases:
- We have obtained your prior consent (for example when you subscribe to our newsletter). Please note that this particular legal basis allows you to revoke your consent at any moment (see the section ‘What are your rights with regard to your personal data?’ below)
- The processing of this data is necessary as part of a contract between yourself and the Fondation d’entreprise Hermès (for example, when you apply for a grant)
- We have a legitimate interest in collecting your data, and this legitimate interest is not invalidated by your interests, your fundamental rights or your freedoms (for example, collection of data for the purposes of fraud prevention when paying for goods or services)
- We need to process your personal data in order to abide by current laws and regulations.
Depending on the context, we may use your personal data to:
- Process your application to one of our programmes
- Verify and confirm your identity
- Send you a newsletter (with your prior consent), or invitations to one of our events
- Respond to your questions, requests, and suggestions
- Manage events that you have signed up to and/or which you attended or participated in
- Detect fraudulent and illegal activity
- Carry out statistical analysis
- Supply information to oversight bodies when legislation requires us to do so
5. How long do we keep your personal data?
The length of time during which we keep your data is determined by the time necessary to fulfil the purposes for which the data were provided, for abiding by legal and regulatory obligations, and for the establishment, exercise and defence of legal rights.
In order to determine the most appropriate duration for the conservation of your personal data, we have specifically taken into account the quantity, nature and sensitivity of your personal data, the reasons for which we collected them, the service that you expect and deserve from us, as well as all applicable legal standards. For example:
- Applicants to our grant programmes and projects: Your data are kept for one year from the date of their collection, then deleted.
- Newsletter subscribers: Your data are kept for three years from the date of your last action, then deleted.
- Grant recipients: Your data are kept for the period of the dispensation of the grant, up to a maximum of five years, and then deleted, or archived in order to meet legal obligations related to their conservation.
- Prize laureates: Your data are kept for a maximum of five years, and then deleted, or archived in order to meet legal obligations related to their conservation.
- Cookies used by Digital Platforms: Cookies are kept for up to thirteen months from the date on which they are installed on your device.
6. How do we disclose and transfer your personal data?
We can only disclose your personal data to the parties listed below, for the reasons stated below:
- We disclose your personal data to employees of the Fondation d’entreprise Hermès who need to access them and who are authorised to process them for the purposes mentioned above, and who are committed to respecting the confidentiality of your data.
- We may also communicate your personal data to third parties acting on behalf of, and certified by, the Fondation d’entreprise Hermès (service providers, partners, beneficiaries). All and any handling of your data will be based on our instructions, which will be set out in a binding contract that will be in line with all legal obligations. Such disclosure of information may take place for several reasons, including:
- The development of IT support
- The verification of your information, the authentication of payments, and the processing of orders and payments by third parties who provide credit reports or payment services, or who process orders.
These third parties commit to respecting your privacy and are not authorised to use your personal data for any other purposes. They are obliged by us to ensure that appropriate security measures be taken to protect your personal data.
Some of these third parties may be situated outside your country and/or outside the European Union (EU). We have taken measures to ensure that all personal data are adequately protected and that all transfers of personal data, including to parties outside the EU, are undertaken legally. When we transfer personal data outside the EU to a country that is not certified by the European Commission as capable of ensuring a sufficient level of protection of personal data, the transfers will be conducted in line with the obligations imposed by the EU for transfers of personal data outside the EU, and in particular the standard contractual clauses approved by the European Commission, in line with other appropriate guarantees, such as the EU/US privacy protection framework.
To obtain a copy of the list of appropriate protection measures, please contact us using the information provided in the ‘Contact Us’ section below.
- We may be obliged by law, by judicial procedures, or by other legal requests to disclose your personal data to the relevant authorities or to third parties.
- We may also disclose or process your personal data to defend our legitimate interests in line with relevant legislation (as part of a civil or criminal procedure, for example). We may disclose personal data, for example, if it is necessary to do so to identify, contact, or take legal action against a natural or legal person contravening our General Conditions of Sale and Use, or perturbing or causing harm to other users of our Digital Platforms.
- Should Hermès and its subsidiaries, or some or all of their assets, be acquired by a third party, your personal data may be included as part of the transfer of assets.
7. How do we protect your personal data?
All of your personal data are strictly confidential and will only be accessible when strictly necessary, and solely by employees of Hermès and other duly authorised entities of the Hermès group, and independent service providers acting in our name and in line with appropriate technical and organisational security measures.
The Hermès group has put security measures in place to protect your personal data from all unauthorised access and utilisation. We follow appropriate security measures with regard to the conservation and disclosure of your personal data in order to prevent unauthorised access by third parties, and to avoid accidental loss of your data. We strictly limit access to personal data to those who need to access them for professional reasons. Anyone accessing your data is subject to a duty of confidentiality with regard to Hermès.
We have also put in place procedures to deal with any presumed breach of the security of your data. As set out by law, we will inform you, and all and any relevant authorities, should any breach of the security of your data take place.
We also require that parties to whom your personal data is transmitted respect the above policy. Unfortunately, transmission of data via the internet is not wholly secure. We therefore cannot guarantee the security of your personal data if it is communicated to us via the internet. Any communication online is undertaken at your own risk and you recognise and accept that we decline all responsibility in the case of unauthorised utilisation, distribution, damage or destruction of your data beyond the responsibility that we are required by law to accept. Once we have received your personal data, we will apply the security measures outlined above.
8. What are your rights with regard to your personal data?
In line with laws pertaining to the protection of personal data, you have the right to access, rectify, delete and move your personal data at any time, or to limit or halt the processing of your personal data. A summary of these rights is provided below:
Your right to access: The right to receive a copy of your personal data.
Your right to rectification: The right to ask us to rectify any errors in your personal data, or to complete them with further data.
Your right to be forgotten: The right, in certain situations, to ask us to delete your personal data.
Your right to limit the processing of your data: The right to ask us to limit the processing of your personal data in certain circumstances, such as when you wish to dispute the accuracy of the data.
Your right to data portability: The right to receive the personal data that you have provided to us, in a commonly used, structured format, easily readable by a machine, and/or the right to transmit these data to a third party in certain situations.
Your right to refuse the processing of your data: The right to:
- Refuse the processing of your personal data at any moment
- In certain situations, to refuse that we continue our processing of your personal data, for example the processing carried out on the basis of our legitimate interests.
At any time, you may decide to withdraw your consent for the processing of your personal data, in particular when you wish to stop receiving our newsletter. Withdrawing your consent does not prevent us from processing your personal data on other legal bases should these be applicable, for example the processing of your orders and the conservation of your order data in line with relevant legislation.
If you no longer wish to receive our newsletter, we remind you that you may withdraw your consent at any time by clicking on the ‘unsubscribe’ link included in each email that we send. If you do choose to unsubscribe, we will quickly update our databases and will take all reasonable measures to process your request as rapidly as possible; however, we may continue to contact you should this be necessary in relation to any other products and services that you may have solicited from us.
You also have the right to make a complaint to your local data protection authority if you believe that data protection regulations have been breached.
To exercise any of the above rights, please contact us using the contact information provided below in the ‘Contact Us’ section.
Please note that should you choose to exercise any of the above rights, we will ask you which one(s) and request certain pieces of information for the purposes of identification (copy of identity card, passport or other legally recognised proof of identity) in order to process your request and protect you against fraudulent demands by other parties.
9. Contact Us
For all questions relative to your data, to withdraw your consent, for general questions, or to make a complaint, please contact our customer service department:
- By post: 24 Faubourg Saint-Honoré, 75008 Paris
- Via the Foundation’s website: Please use the contact form (www.fondationdentreprisehermes.com)
For questions specifically relating to emails, we remind you that you can unsubscribe directly by clicking on the ‘unsubscribe’ link included in all the emails that we send you.