01. Personal Data Protection
The website www.patou.com (the "Website") is published by Jean Patou, French SAS, which has its registered office at 24-32 rue Jean Goujon, 75008 Paris, and is registered with the Paris Trade and Companies Register under number 831 242 359 (hereinafter "PATOU", "We" or “Us”).
PATOU places the highest priority and takes the utmost care to protect the privacy and Personal Data of its Website users.
For more information about how We handle your product orders placed through the Website (the "Orders"), please refer to the PATOU General Terms and Conditions of Sale.
1. What is a "personal data"?
Personal Data refers to any information or pieces of information that could identify You either directly (e.g. your name, surname) or indirectly (e.g. through pseudonymised data, such as a unique ID number). This means that Personal Data includes information such as: email, home address, purchase history, personal preferences and shopping habits. It may also include unique identifiers like order reference, client number, your computer’s IP address or your device’s MAC address or data regarding your navigation on our Website.
2. Who is the Data Controller responsible of the protection of your Personal Data?
The Data Controller is the entity that determines the purposes and means of the processing of your Personal Data and is responsible to You for compliance with data protection regulations.
As regards to the Website management, PATOU (whose contact information is provided below) acts as the Controller.
PATOU has appointed a Data Protection Officer (DPO) who is your designated contact person for any issues related to PATOU's processing of your Personal Data. The Data Protection Officer may be reached:
- by e-mail at the following address: firstname.lastname@example.org
- by mail at the following address: PATOU Data Protection Officer, 24-32 rue Jean Goujon, 75008 Paris, France.
In the specific context of handling your Orders, please be aware that certain PATOU’s service providers that receive your Personal Data may act as Data Controllers: this is specifically the case for parcel delivery services (DHL, C-log) and service providers that handle payment and fraud management (Adyen, PayPal, Flow.Io, Forter).
3. Why and how do We use the Personal Data that We collect?
3.1 How do We collect your Personal Data?
We collect your Personal Data as follows:
- directly from You when You use our Website and our services (completion of various forms on the Website, placement of an Order, direct communication with Us through our chatbot or our customer service department, etc.);
- automatically when You access or use the Website (cookies, technical details, browsing information, etc.);
- indirectly from third parties (third-party data providers, business partners, social media, etc.).
3.2 What data do we collect?
PATOU collects several types of Personal Data about You:
Personal Data that We collect directly from You
We collect Personal Data that You provide directly when You use our Website and our services.
This is specifically the case when You:
- Create an on-line account and subscribe to the Patou Club, it being understood that You do not need to create an account to place an Order,
- Place an Order,
- Request that We call You on the telephone, or when You interact with Us through our customer service department,
- You register to receive our e-mails and newsletters,
- Take part in any sweepstakes, competition, promotion or survey,
- Interact with Us through third-party social media,
- Request customer support,
- Apply for a job,
- Interact with Us in any other way.
The categories of Personal Data that We collect include:
- Information needed to process your Order: items selected, delivery and invoicing address, telephone number and e-mail address, telephone number, payment method, including your credit card number and expiry date, as well as the name of the cardholder when You make an on-line payment,
- Information about your preferences: g., favorite products and services if You tell Us about them,
- Your Order history: We store your transaction history, e. your purchases, your returns, etc.,
- History and content of your exchanges with Us: We generate the history of our relationship when You contact our customer service department or when You submit a complaint to Us: when You contact one of our advisers, your conversations may be recorded to ensure quality service. You will always be provided alternative ways to contact Us if You do not want your conversation to be recorded.
The Data that We request from You, which is essential to respond to your requests, are identified with an asterisk or an equivalent method on the data collection form. If You do not complete the mandatory fields or fail to provide the information marked as mandatory, We will not be able to respond to your requests or process your Orders.
Personal Data that We collect automatically
We automatically collect certain Data about You when You access or use the Website, specifically:
- Technical information: We collect information about the device that You use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages, language selection and the link that enabled You to access our Website),
Personal Data that We collect indirectly from third parties
We may also obtain Personal Data about You from other sources and combine it with the Data We already have about You, such as
- Data received from third-party data providers and business partners: this concerns Data that We receive from third-party data providers and business partners You interacted with and authorized to share your Personal Data with Us for commercial solicitation or targeted advertising purposes. It generally concerns socio-demographic data (g., socio-professional class, age bracket, gender, etc.), contact information (e.g., e-mail address, telephone number, etc.), profile data (e.g., favorite products or services, areas of interest, etc.),
- Data received from the social media: this concerns Data provided to Us by the social media networks You use through our Website, or from your activity on social media pages. Specifically, when You share your experience with PATOU with other customers, You use a social media and provide Data about yourself to this social media and to Us. These communications are governed by the social media's personal data protection policies, which We invite You to review.
Personal Data about other data subjects
In some cases, We may also collect Personal Data that You supply about other persons, when You decide to purchase and send products to someone. We only use this Personal Data to respond to your requests, and do not send marketing communications to your contacts unless they elect to receive communications from Us.
3.3 On what legal grounds and for which purposes do We use the Data that We collect?
In accordance with current personal data protection regulations, We only collect Personal Data when We have a legal basis to do so.
Personal Data is collected either:
(i) based on your consent,
(ii) as part of the performance of a contract,
(iii) in our legitimate interest, or
(iv) to meet our legal obligations.
(i) We collect Personal Data based on your consent, for the following purposes:
- To create your customer account, it being understood that You do not need to create an account to place an Order
- To manage your requests and queries (other than related to an Order): We use your Data to send You the information You request,
- To show you customised adverts and offers tailored to your interests on our Website, using targeting cookies and other Data collected about You. In this way, the ads and offers directed to You will be based on a review of your profile, your preferences and habits inferred from your browsing patterns on our Website and our business partners' websites.
- To send You commercial and marketing solicitations: We may use your Data to propose You new products and special offers, to invite You to private events and to send You our newsletters.
- Recruit new members of staff and to assess their suitability for a role
(ii) We collect Personal Data based on the performance of a contract, for the following purposes:
- To process your Order: We use your Data to manage the purchase, delivery and invoicing of the products You order,
- To handle any request You may have in relation to your Order as part of our after-sale services,
- To manage your participation in sweepstake that We may organise and to award You as the case may be any prize won in this context.
(iii) We collect Personal Data based on our legitimate interest, for the following purposes:
- To measure and improve the performance of our Website: We use performance cookies to allow us to count visits and traffic sources. This helps Us to know which pages are the most and least popular and see how visitors move around the Website. This way, We can also measure the effectiveness of our advertising and promotional campaigns to improve their relevance and effectiveness. Most information collected by these cookies is aggregated and therefore anonymous.
- To customize your experience and ease your use of our Website: We use customization cookies and other Data to build your profile. In this way, the Website's appearance will be adapted to your preferences and habits inferred from your browsing patterns on our Website or on our business partners’ websites. We can aggregate your Data collected from the various devices that You use to navigate on the Website, as well as any Data collected in our stores, to gain a better understanding of your tastes and preferences.
- To measure and improve the performance of our newsletters: we use performance cookies to measure opening and clicks of the newsletters We sent to You to improve their relevance and effectiveness.
- To prevent payment frauds and ensure the validity of payments We receive,
- To prevent acts of infringement or illicit resell in order to ensure the security of our assets and products,
- To defend our interests in the event of a dispute or court action,
(iv) We collect Personal Data based on legal obligations, for the purpose of complying with applicable laws:
In this respect, We store transactions history and any other commercial documents for legal and administrative reasons (accountability, tax, legal or commercial warranties, insurance, audit, etc.).
3.4 Who has access to your Data?
Your Data is processed by PATOU for the purposes described above and are only accessible to PATOU personnel who need to know it to perform their duties.
Certain third parties may also have access to your Data, specifically:
(i) our subcontractors and service providers acting for technical and logistical reasons (logistics specialists, carriers, Website hosting and maintenance providers, payment and fraud management service providers, technical service providers responsible for sending e-mails and newsletters, customer service center, etc.);
(iii) any third-party company in the event of PATOU’s restructuring, which may acquire all or part of PATOU or merge with our company;
(iv) any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.
3.5 Is any Personal Data transferred outside of the European Economic Area?
Although our company is located in France, We rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA. Any transfer of your Data outside of the EEA takes place with appropriate contractual safeguards in place that comply with applicable personal data protection regulations.
3.6 How long do We store your Data?
Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.
In general, your Data is stored for the entire term of our relationship, then for a 3-year period following termination of our relationship (which typically corresponds to the date of your last Order via the Website, the date your customer account is closed or the date of our last contact with You). The Data is then either (i) archived when necessary for accounting or documentation purposes for the applicable statutory limitation period (generally up to 10 years) then destroyed or anonymized once the limitation periods have expired or (ii) if there is no archive, immediately deleted or anonymized.
By way of exception, We may store your Data for shorter or longer periods.
Please see the table below for additional details about these periods.
|Purpose||Applicable data categories||Period of storage before erasure|
|Customer Orders management||
Identification and order data: duration of the processing of the Order until delivery + warranty period, then purchase-related data is archived for up to 10 years for accounting or documentation purposes
Payment data: duration of transaction and any necessary verifications.
In the event of a payment irregularity: for the duration of the payment irregularity, then for a 3 to 5-year period depending on the seriousness of the irregularity
|Customer relationship management||
Duration of relationship + 3 yearsThen Purchase history Data is archived for up to 10 years for accounting or documentation purposes; other Data is either deleted or anonymized.
|Sending our newsletter/commercial solicitation||Information concerning your e-mail address and your options regarding electronic solicitation||
3 years from the most recent Order or from last contact with You, or earlier if You wish to unsubscribe before the end of this period.
Then, the Data will be destroyed or anonymized, unless You reiterate your desire to receive our offers and newsletters
Customization of the Website
|Data collected using customization cookies category (information about your browsing)||13 months and then the Data is anonymized|
|Measure and enhance performance of the Website||
Data collected using performance cookies category (count visits and traffic sources, various indicators to measure effectiveness of campaigns, etc.)
|13 months and then the Data is anonymized|
Data collected using targeting and tracking cookies category and other trackers (information about your habits and preferences, social media interactions)
|13 months and then the Data is anonymized.|
|Sweepstake management||Identification data||Duration of the sweepstake (or longer if provided by the applicable T&Cs)|
|Security of the Website and services||Technical information of your device (IP address, device type, browser ID, etc.)||6 months then the Data is either deleted or anonymized.|
|Disputes/complaints||Data concerning the dispute/complaint||
If no court action is filed, based on the applicable statutory limitation period: up to 5 years from the eventIn the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement
|Recruitment||Identification data, professional data, CV||
4. What are your data protection rights?
Access, rectification and portability
In accordance with current regulations, You have the right to access your Personal Data and request correction of Your Personal Data should they be inaccurate. You also have the right to request that the Personal Data in our possession be completed.
To respond to your request, We may ask You to provide Us with a proof of identity. We may also need to ask You for additional information or supporting documents to respond to your request. We will make every effort to respond to your request as soon as possible.
You may, to the extent provided for by law, exercise your right to Data portability which allows You to retrieve, in an interoperable format, the Personal Data that You provided to Us.
Right to erasure of your Data and to limitation of the processing of your Data
You may request erasure of your Personal Data if:
- You withdrew your consent to the processing of your Data (see above),
- You object to the processing of your Personal Data for reasons relating to your personal circumstances,
- You object to the use of your Data for commercial solicitation purposes or profiling,
- Your Data was collected on-line when You were a minor.
Alternatively, to the extent provided for by law, You may request limitation of the processing of your Data.
Please note that despite the exercise of your right to erasure or processing limitation, We will store some of Your Personal Data when the law requires or authorizes Us to do so, when We have a legitimate reason to do so (for example, to prove performance of a contract) or to exercise or defend our rights in court. For example, if We consider that You have violated our General Terms and Conditions of Use or our General Terms and Conditions of Sale.
Right to establish instructions for the management of your Personal Data after your death
For France and when mandatory local provisions so provide, You may determine how You want Us to handle your Personal Data upon your death.
Procedure to exercise your Data protection rights
If You already have a customer account, You may exercise your right to access, rectification and/or erasure of your Data by accessing your account.
In all other cases, You may contact Us directly at email@example.com.
For any questions related to your rights and the processing of your Data, please contact Us at firstname.lastname@example.org.
5. How is your Personal Data secured?
PATOU uses technical and organizational measures that comply with French and EU legal and regulatory requirements, to keep your Data secure and confidential.
Under written agreements, PATOU requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under personal data protection laws.
However, PATOU does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.
6. Protection of minors
Our Website is not intended for children. We do not knowingly collect information about children, unless it is permitted by law.
You must be at least 13 years of age to share your Data with Us. If We are notified that a minor under 13 years of age has submitted Data to Us, We reserve the right to immediately delete such Data and any associated account.
If You are more than 13 but less than the legal age of consent in your country, You hereby recognize and warrant that You have your parents’ or legal guardian’s consent to use this Website and provide your Data to Us.
7. Cookies, Advertising and Tracking
8. Third party websites
9. How can You contact Us if You have queries or complaints?
If You have a complaint about the way We collect and process your Data, You also have the right to contact the Commission Nationale de l’Informatique et des Libertés (French data protection authority) (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, Tel: 01 53 73 22 22, or if You live within the European Economic Area, your local data protection authority.