PERSONAL DATA

CHRISTIAN DIOR PRIVACY POLICY (22)

PRIVACY STATEMENT - CHRISTIAN DIOR

Last Updated: 28 August 2023

 

Confidentiality and security of your personal data are important to us. We would like to offer you personalized services while respecting your privacy and choices.

 

This Privacy Statement (“Statement”) is provided by The Maison Christian Dior Couture and The Maison Parfums Christian Dior (together, “Christian Dior,” “Dior,” “Maisons,” “we” or “us”), a luxury retail and wholesale brand with its global headquarters in Paris, France and its United States headquarters in New York, New York.

 

The purpose of this Statement is to inform you in a transparent and simple manner about the processing of the personal data that you provide or that we collect through the different touchpoints you use to interact with us (e.g. in store, client services, dior.com, social media, digital apps, events), about possible transfers to third parties, as well as your rights and options to control your personal data and protect your privacy.

Who are we?

The Maison Christian Dior Couture

Christian Dior Couture SA (head office), a public limited company under French law with its head office located at 30 avenue Montaigne, 75008 Paris, France, and all of the Christian Dior Couture affiliates with whom you share your information.

Christian Dior Couture is a story of dreams and elegance, passion and excellence; it is also a story of know-how. The creations of Christian Dior Couture express the passion for beautiful gestures and exceptional objects. From haute couture to ready-to-wear, including leather goods, watchmaking and jewelry, know-how is transformed into the art of making.

The Maison Parfums Christian Dior

Parfums Christian Dior SA (head office), a public limited company under French law whose head office is located at 33, avenue Hoche, 75008 Paris, France, and all of the affiliates of Parfums Christian Dior with whom you share your information.

Parfums Christian Dior is a story of dreams, glamor, creativity and excellence. The Maison, which has unique expertise, is made up of talented and ambitious professionals who are committed to perpetuating the Dior heritage and transmitting their passion for beauty.

Note: Please note that the Maison Parfums Christian Dior and the Maison Christian Dior Couture are independent entities, and each Maison has its own customer database, though this Statement describes the data collected and processed by both entities.

What data may we collect or receive about you?

"Personal data" means any information that could reasonably identify you either directly (e.g. your name) or indirectly (e.g. through a unique client ID number).

 

The personal data we collect depends upon the touchpoint of our interaction and is also limited to that which is relevant and appropriate for the interaction.  Unless you choose to interact with us via other touchpoints, such as (but not limited to) by making a purchase on our site, signing up for one of our programs (for example: My Exclusive Loyalty Program by Parfums Christian Dior) or services, using our apps, communicating with us via email, phone or submitting online forms, or posting a comment or a like online, our data collection is limited to the use of ‘cookies’ for website visitors.

 

For customers and other individuals who sign up for programs or services or otherwise interact with us beyond browsing our site via the touchpoints described above, for example, we collect certain relevant information from you.  The information we collect is related to the particular transaction as well as our overall relationship with you.  For example, if you make purchases from Dior.com or in our stores, we must collect information to process (and, if relevant, fulfill and ship) your order. For customers and other individuals who sign up for our programs or services, we generally collect your contact details, contact preferences, and information that will allow us to make recommendations to you about our products or services that may be of interest.  We may centralize the information pertaining to our customers so that we have it organized in one place, as this helps us manage our relationship with you as well as your choices and preferences. Or, if you subscribe to our personalised newsletter, we collect your email address.

 

Depending on your interactions with us, personal data we receive may include information related to:

  • Your identity and your contact details (e.g., name, address, email address, date of birth);

  • Your interests and your preferences (as you may provide in creating your Dior profile);

  • Your purchases (in store or online, including your orders, their tracking information, your purchase invoices, the amount and type of your purchase) and any returns or exchanges;

  • Your in store or online digital experiences (in store, there is a short term collection of photos or images in relation to virtual beauty technology; however, our online digital and try-on experiences are operated by third-party vendors, and no information can be retrieved by Dior or any of its partners after your session closes), as per our contracts with these vendors;

  • Your use of our online assets, including when you visit and interact with them, what pages you accessed, and your interaction with our features. We also receive information to help detect and prevent consumer fraud, including but not limited to browser and keyboard language settings, whether data is automatically filled or manually entered, whether data is manually entered or copy and pasted, and proxy detection (dior.com, social media pages, partner websites (e.g. for events) and databases (e.g. for data storage and maintenance));

  • Your Dior account log-in information;

  • Your financial information to process your orders (such as bank details);

  • Your requests through our client services or our public relations department;

  • Your publications and mentions of our products on social networks;

  • The Dior events you attend; or

  • Any self-reported undesirable side-effects concerning any of our products (for Parfums Christian Dior products).

 

We invite you to keep us regularly informed in writing of any change in your contact details.

 

We Collect and Use Limited Sensitive Information.

 

As described above, we collect personal data that is described under some laws as sensitive personal data, special categories of personal data, sensitive personal information, or similar terms (collectively referred to here as “Sensitive Personal Data”). Here, we provide more information about which categories of the personal data described above may be designated as Sensitive Personal Data, and how we use these categories of Sensitive Personal Data.  We only use Sensitive Personal Data to provide you goods and services, and do not use such information to infer characteristics about you. Depending on what you choose to provide and how we interact with you, we may collect:

 

  • Account log-ins to provide Dior products and services. Account login information is used to identify an active user on any site that requires login. Login information includes first and last name and corresponding email for such account, as well as the associated account password.

  • Financial information to process your orders.  We collect and use credit or debit card information and required security or access codes in order to process payments and fulfill any order you make.

  • Passport-related information to process your orders.  We may collect passport or other government-issued ID information in connection with an order, including when you are purchasing a product in a country other than that in which you live, in order for you to make purchases free of value added tax (VAT).

  • Self-reported data regarding undesirable side-effects of Parfums Christian Dior products to fulfill legal cosmetovigilance obligations. If you have a medical reaction to a Parfums Christian Dior product and choose to complete a questionnaire about those side effects and/or provide us with photos or other self-reported data, our client services and quality control team will evaluate the information and determine whether to provide it to a health regulator to fulfill legal cosmetovigilance obligations.

 

Note for Quebec Residents:  We do not collect sensitive data (as defined in the privacy laws) without your consent. Your consent will be collected if and when you sign up for services requiring such information. Note for California Residents: see “Your California Privacy Rights”, Limit the use and disclosure of sensitive personal data.

How do we collect or receive your data?

We may collect or receive data via the following touchpoints:

  • Use of Dior.com;

  • In-store, including in communication with our salesperson who may assist you in creating an account via the Christian Dior Couture system either on your cell phone or on the in-store tool;

  • Dior events you attend;

  • Public Relations relationship and communication;

  • Contact with the Client Services, when you call, text, message us via the Christian Dior Couture live chat;

  • Forms you complete (in store or online);

  • During your purchase journey, you will be able to choose between i) logging into your existing Dior account, ii) creating a new account, or iii) paying as a Guest;

  • Digital apps you use;

  • Digital experiences such as virtual beauty technology in store (if you choose to use that technology where offered via a retailer), or our third-party vendors may receive data via virtual try-on online;

  • Loyalty or rewards program you benefit from;

  • Dior social media pages you visit or interact with, or other social media pages on which you post Dior content or comments;

  • Digital media advertising you click on;

  • Search engines’ paid advertising you click on;

  • Retailers (such as Department Stores) in which you have purchased a Dior product and in which you consented (e.g. via an iPad) to have your details shared with one of the Dior Maisons to receive its communications;

  • Video surveillance: we use video surveillance in our stores in order to detect and address security and safety incidents, shoplifting, other potentially illegal activities, and adequate staffing considerations. If you enter our store, your images may be collected for these purposes;

  • Other third-parties: fraud detection and prevention service providers or from public sources to meet legal and regulatory requirements, government entities, operating systems and platforms;

  • We may also use cookies, web beacons, flash cookies, and other tracking technologies when you visit or navigate our website, such as pages and videos viewed; or

  • Surveys or satisfaction questionnaires you answer.

 

We may combine the personal data that we collect from you in store with personal data we collect through our website or from the devices you use to access our website or from third parties.

For what purposes are your data used by Dior?

Depending on the context in which your data is collected, we use your data for:

  • the provision of Dior products and services, including the management of your orders, the management of personalized content, communications and interactions with Dior (digital or otherwise), and providing customer support;

  • the facilitation of showing you what your selected product would look like on you (in relation to using our virtual beauty and try-on technology, though when online, all processing for providing the feature is done by our third-party vendors’ proprietary technology);

  • the management of your account and profile (for example, in order to simplify your navigation through our different country-specific websites, if you navigate to another country your customer account will automatically be duplicated in that market. This means that it will not be necessary to create a new customer account);

  • contacting you by calling you, sending you emails, SMS or other communications, as permitted by law;

  • the management of your loyalty or rewards program;

  • the management of your requests linked with Dior;

  • the management of events which you register for or attend;

  • the management of alerts you send us as part of our cosmetovigilance obligations (for Parfums Christian Dior products);

  • the management of our website and our digital apps;

  • the management and improvement of our products and services, image and reputation;

  • the management of payments (online transaction security, fraud prevention, legal and compliance related purposes, payment incidents and debt collection);

  • promoting our Maison on social networks;

  • marketing purposes. For example, we may use your data to contact you about new products and special offers we think you’ll find valuable based on your interests, or to subscribe you to a generic newsletter at your request (you have the right to opt-out if you no longer wish to receive it). We and our partners may engage in interest-based advertising using your data gathered across multiple websites, devices, or other platforms;audio recordings and images: we may also collect audio recordings, photos of your product for repair, and other information when you contact us;

  • security and legal purposes to protect our company, our customers, our associates, and our platform. For instance, we and/or our service providers use your data to prevent and protect against consumer fraud and violations of the Terms of Purchase;

  • other internal purposes, such as to meet insurance and processing requirements, for administrative and audit purposes, and in some cases, we may seek your permission if we are legally required to do so; and

  • analysis purposes:

 

> analyse the performance of our Maison on social networks in order to produce statistical analyses (studies of results by country, influence of the Maison and analysis of the campaigns implemented).

 

> analyse your preferences and habits, anticipate your needs from your consumer profile and your publications/mentions on social networks.

 

> personalised customer experience: we may provide you with personalised communications by means of email, postal mail, SMS or calls based on the communication preferences you have indicated and your consumer profile (where permitted) (if you have an account, please connect to either your Parfums Christian Dior account or your Christian Dior Couture account to modify your channel preferences.  Otherwise, you can contact our customer service (see "Contact Us" section below)). With your free, specific, informed and unambiguous consent (where required), we use your personal data to send you personalised communications based on your interests (newsletters, offers, invitations and surveys).

 

In the latter two interactions (“analysing your preferences and habits” & “providing you with a personalised customer experience”), when we send personalised communications or content, we may use so-called profiling techniques. For the sake of transparency within this Statement, profiling is currently defined as any kind of automated processing of personal data which consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict elements relating to the preferences, interests, behaviour or location of that natural person. In these circumstances, you have the right to opt-out, meaning the right to withdraw your consent by unsubscribing or see the “Contact Us” section below.

  

The legal basis for the processing of your data can be, depending in which context your data is collected:

  • Your consent (e.g. to manage our tailored services, managing your browsing via cookies);

  • The performance of a contract (e.g. managing your access to your customer account, processing and tracking your orders, your subscription to our loyalty program);

  • A legal obligation when processing is required by law (e.g. retention of purchase invoices, cosmetovigilance for Parfums Christian Dior products); or

  • Our legitimate interest: improve our products and services, prevent fraud, secure our tools or tailor our communications.

For how long may we keep it?

Please note that each Maison has its own retention periods that include the requirements regarding the products each Maison offers.

Unless otherwise stated, we only keep your personal data for as long as we need it to fulfill the purpose of collection, to meet your needs, or to comply with our legal or business obligations, and to fulfill the purposes described above in this Privacy Statement. By way of example:

 

For Christian Dior Couture:

- we keep your data for up to 10 years from the date of your last purchase.

For Parfums Christian Dior:

- for customers (i.e.: those that have a customer account) or Client ‘Guests’ (i.e. those that do not have a customer account but have made a purchase as a “Guest”), we keep your data up to 5 years from the last interaction with us (i.e: last purchase)

- for prospective customers (i.e. those that have not made a purchase and do not have a customer account, but are registered for our communications), we keep your data up to 3 years from the last interaction with us (i.e: participation in an event)

 

Where cookies are placed on your computer, we generally shall keep them for no more than 6 months.

 

When you choose to use our virtual beauty or try-on technology:

  • in store (where offered via a retailer) the photos or images connected with that use are stored for a maximum period of 7 days, and then irreversibly erased;

  • Online, the photos, images, and information processed to apply the selected beauty or try-on feature never possessed by Dior (rather it is only possessed by our third-party vendor) and is not retained or stored.

 

When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.

 

We use the following criteria to determine how long to retain personal data:

  • Our relationship with you, and the products and services we provide to you;

  • Your requests to us regarding your information, or our products or services;

  • Any legal obligations to retain the data, or for our own legal purposes (such as enforcing our agreements or litigation);

  • Recommendations and legal requirements, including applicable international, national, federal and state statutes; and

  • Technical considerations and feasibility, and level of protections in place for your personal data.

Who may access your data?

We ensure that only duly authorized persons can access your personal data when necessary for the above-mentioned purposes.

 

We communicate your information, including if possible in a form that does not allow a direct identification, to:

 

  • Other Dior entities and other entities of the LVMH group, acting as processors according to our instructions and solely on our behalf, to provide you with the same personalized service worldwide.

 

  • Our trusted third-party service providers, including third parties in charge of managing our communications and alerts, third parties who assist us in the organization of our events, third parties providing IT services, digital communication and public relations agencies, third parties who assist us with customer care and logistics services, third parties who assist us with providing our apps and other tools, and our third parties who assist us in the management of your orders. In particular, we entrust certain services to third parties in charge of delivering you a product, payment service providers and providers securing transactions against fraud.

 

  • Third-party partners, who provide advertising, marketing, website performance, analytics, and similar services for Dior, including cookies or other trackers, including for the purposes of behavior-based targeted advertising. 

 

  • Department stores in which you buy our products who may assist in cases such as fraud cases or insurance coverage. 

 

Please note that these third-party partners may act as data controllers; in such cases, they have their own privacy policies. These third parties include:

 

  • Third parties in the event of a change of control, for legal reasons, or with your prior consent

  • Third parties wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, Dior is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours

 

We illustrate some examples below:

- Facebook (Privacy policy accessible here)

- Google (Privacy policy here)

- Instagram (Privacy policy accessible here)

  • Third parties conducting statistics on our performance on social networks on our behalf

  • Third parties such as IAS (International Accreditation Service), which assists us, for example, in finding out the exposure rate of our created formats. For more information, their privacy policy is available here.

 

We do not share or sell your data to third parties for separate commercial purposes. However, the meaning of “sale” and “share” under the California Privacy Rights Act (CPRA) is broad and may include sharing information with third parties through cookies and other trackers that we use for performance purposes, targeted advertisements, and social media purposes, as described above. Information disclosed to such third parties includes basic identification information, device information and other unique identifiers, internet activity, and commercial data. Dior uses cookies, including third-party cookies, and other trackers, for strictly necessary purposes that allow our website to function, for performance reasons that allow us to measure and improve the performance of our website, for functional reasons such as to provide you with enhanced functionality and personalization, for targeted advertisements such as to provide you with marketing aligned with your previous choices and behavior, and for social media purposes that allow you to share our content with your friends and networks.

You have the right to accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising and of “profiling” cookies as defined in Quebec). To opt-out of all or selected cookies, please visit the Your Privacy Choices / Cookies.

You may also choose to separately disclose your personal data to certain partners, advertisers or affiliates by following a link to and from their websites. Please note that these websites have their own privacy policies which apply to the personal data that you may choose to entrust to them.

 

We may also offer you the opportunity to instant message us through apps (e.g., WhatsApp) to communicate with a sales associate. Please be aware that in this case you are sharing your public profile information with us. The personal data shared depends on your platform settings. Please note that these platforms have their own privacy policies.

How do we protect it and keep it confidential?

We have adopted reasonable and appropriate physical, technical and organizational security safeguards to protect your data from loss, misuse, alteration, destruction or access by unauthorized third parties. The Internet, wireless networks and information storage are not 100% secure. We cannot guarantee the security of your personal data stored or sent to us. We encourage you to take precautions to protect your personal data. For example, in creating your account on dior.com, entering a personal password complying with our security requirements is compulsory and part of this Privacy Statement.

The security safeguards that we have adopted are commensurate with the sensitivity of the particular data collected.  For example, credit, debit and other payment information is subject to stricter security measures.

 

Regarding your purchases, your bank details are encrypted through Dior servers. Payments are made via a secure payment platform which is PCI-DSS certified, supplemented by control measures, to ensure the security of purchases made and to fight against fraud.

 

We also require our partners and group companies to uphold a substantially similar level of protection for your data. The measures are evaluated and updated to address new threats and challenges, as well as new legal requirements in the countries where we operate. 

 

To the maximum extent allowed by applicable law, you agree and acknowledge that Dior will not be liable or responsible for use or disclosure of your information that is the result of unauthorized or illegal access to our systems or those of our vendors, agents, contractors, affiliates, or partners. If you have reason to believe that the security of your communications or personal data has been compromised, please notify us immediately using the contact information below.

How do we address cross-border protections?

Because Dior operates in many countries across the world, some of your data may be collected, accessible or stored outside of your country of residence.  You should know that the data protection and security requirements differ from place to place and may not offer the same level of protection as those in your home country.  Nevertheless, Dior and our group companies have taken steps to ensure an adequate level of protection of your data irrespective of where it is located, such as by using data transfer methods approved by the European Commission (where the data protection laws are considered to be the strongest worldwide).  We also require our third-party partners to fulfill applicable data transfer obligations in relation to the personal data that they receive on our behalf.

 

In this context:

- Christian Dior Couture and all of its affiliates have entered into a Personal Data Processing and Transfer Agreement

- Parfums Christian Dior and all of its affiliates have entered into a Data Processing and Transfer Agreement

- In specific cases and roles, Christian Dior Couture and Parfums Christian Dior have entered into a Data Processing and Transfer Agreement

How are consumer preferences and individual rights addressed?

In accordance with applicable laws and requirements, Dior and its group companies have put in place measures to fulfill the rights of individuals in relation to the personal data that we (or our third parties) hold about them.  This includes, for example, the right to know about the data we hold about you or to obtain a copy, and the limited rights to amend your data, request erasure, or object to the processing of your data.  We encourage individuals who have entrusted their data to us to keep it current (such as if you change your email address, address or phone number), so that we have your correct information on file.  We also encourage consumers to update their preferences with us, such as in relation to products and the frequency of communications, so that we can personalize our service to your expectations and needs.  Finally, we offer individuals the right to withdraw consent from our programs and offerings at any time.  To do so, or to exercise any of these other rights, please see “Contact Us” section below. For individuals seeking access to their data, we also require authentication to ensure that we are not providing personal data to an unauthorized person. See below for additional protections provided for those individuals in particular regions.

What additional rights are provided for residents of certain regions?

Dior has adopted the data protection and security practices described in this Statement for all individuals within scope.  In addition, we also recognize and have addressed data protection and security measures that are required on a local or regional level.  This includes, for example, those required for residents of the European Union/European Economic Area under the EU General Data Protection Regulation (GDPR) 2016/679 and those required for California residents under the California Consumer Privacy Act of 2018 sections 1798.100 et seq. (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”).

 

 In particular, the GDPR provides the following rights (with some exceptions):  

  • The right to be informed: you have the right to obtain clear, transparent and easily understandable information about how we use your personal data, and your rights. You will find all this information in this Statement;

  • The right of access: you have the right to access to the personal data Dior holds about you;

  • The right of rectification: you have the right to have your personal data rectified if it is incorrect or outdated and / or completed if it is incomplete;

  • The right to erasure / right to be forgotten: you have the right to have your personal data erased or deleted. Please note this is not an absolute right, as we may have legal or legitimate grounds for retaining your personal data;

  • The right to object to direct marketing: you can unsubscribe or opt out of our direct marketing communication at any time. You are able to do so by clicking on the “unsubscribe” link in any email or communication we send you. You are also able to request to receive non-personalized communications about our products and services;

  • The right to withdraw consent at any time for data processing based on consent: You can withdraw your consent to our processing of your data when such processing is based on consent; and

  • The right to data portability: you have the right to move, copy or transfer data from our database to another. This only applies to data that you have provided, where processing is based on a contract or your consent, and the processing is carried out by automated means.

 

You are also entitled to determine your personal data protection guidelines and directives in the event of death or extern circumstances.

 

You also have the right to contact the data protection authority of your country in order to lodge a complaint against the data protection and privacy practices of Dior.

 

We also wish to inform you about the contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_fr.

 

We may require proof of your identity and full details of your request before we process it.

 

United States Consumer Privacy Rights.

 

While Dior applies the GDPR benchmark globally, there are specific privacy laws in the U.S., including California’s CCPA, as amended by the CPRA, and certain similar consumer privacy laws in other states. To this effect, Dior complies with rights of consumers regarding the personal data that we collect and hold about them.  Those rights vary by region, and by state within the U.S.

 

  •   Your California Privacy Rights.

California residents have certain additional rights in relation to their personal data, subject to certain exceptions. For example, you may have the right to:

1. Transparency. Businesses that collect personal data subject to the CCPA and CPRA have a responsibility to provide you with notice regarding the categories of personal data to be collected (see “WHAT data may we collect or receive about you?” above), the purposes for which the categories of personal data are collected or used (see “FOR WHAT PURPOSES are your data used by Dior?” above), whether that information is sold or shared (see “WHO may access your data?” above), and the length of time we intend to retain each category of personal data, or if that is not possible, the criteria used to determine that period (see “FOR HOW LONG may we keep it?” above), among other information.

 

2. Access the categories and specific pieces of personal data we have collected about you, the categories of sources from which the personal data is collected, the business purpose for collecting the personal data, and the categories of third parties with whom Dior shares personal data.

3. Limit the use and disclosure of sensitive personal data. Although this is a right in California, because Dior only uses sensitive personal data as reasonably necessary to provide products and services, and for internal business or legal obligations, we do not, and are not required to, offer this right.

4. Correct inaccurate or obsolete personal data that the Company may maintain. 

5. Delete the personal data under certain circumstances.

6. Opt-out of the sale or sharing of personal data. Dior may be considered to sell or share the personal data of California residents in the context of transferring information to third parties for use in analytics and targeted advertising, as described in the “WHO may access your data?” section above, through the use of cookies and other trackers. California residents can contact us by using one of the contact methods below, or you may accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising) by visiting Your Privacy Choices / Cookies.

7. Request process. Dior does not discriminate against our users on the basis of their exercising any of their rights afforded by the CCPA and CPRA, which is further in accordance with California residents’ rights under the law.  Please see our section regarding financial incentives for Parfums Christian Dior in the section below (“Notice of Financial Incentive”).

To request access to your personal data, or correct or delete your personal data, see the “Contact Us” section below.

We will first acknowledge receipt of your request within 10 business days after receipt of your request. We will provide a substantive response to your request within 45 calendar days after its receipt. If we require more time (up to 90 days or the permitted timeframe), we will inform you of the reason and extension period in writing.

Only you or an authorized agent (as described below) may make a verifiable consumer request related to your personal data.

  • How to Authorize an Agent. You may designate an authorized agent to submit your verified consumer request on your behalf, only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.

  • How We Verify Your Request. To respond to your request we must verify your identity or the authority of your authorized agent. We will only use the personal data provided in that context to verify your identity or the authority of your authorized agent to make the request. Making a verifiable consumer request does not require you to create an account with us. To allow us to verify your request, we will we will ask that you please provide us with information about the products you may have purchased on our website or in our Boutiques, or events in which you may have participated, or exchanges you may have had with our Client Service Center by email, or text exchanges you may have had with one of our Sale Associates in a Boutique, or if none of the prior sources applies, we may send you an email verification to the email address that we have on file, and request that you confirm your name and date of birth, or another piece of information that we have on file. If we do not have your email address on file, or you do not receive our email verification, we may verify your information using a government-issued card with a name that corresponds to information we have on file.

California’s Shine the Light Law

California Civil Code Section 1798.83, also known as "Shine The Light" law, permits California residents to annually request information regarding the disclosure of your personal data (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. We do not share personal data with third parties for the third parties’ direct marketing purposes.

United States Consumer Privacy Rights.

While Dior applies the GDPR benchmark globally, there are specific privacy laws in the U.S., including California’s CCPA, as amended by the CPRA, and certain similar consumer privacy laws in other states. To this effect, Dior complies with rights of consumers regarding the personal data that we collect and hold about them.  Those rights vary by region, and by state within the U.S.

 

  •   Your California Privacy Rights.

California residents have certain additional rights in relation to their personal data, subject to certain exceptions. For example, as a Client of Dior and a resident, you may have the right to:

 

  1. Transparency. Businesses that collect personal data subject to the California CCPA and CPRA or the laws of certain other States, have a responsibility to provide you with notice regarding the categories of personal data to be collected (see “WHAT data may we collect or receive about you?” above), the purposes for which the categories of personal data are collected or used (see “FOR WHAT PURPOSES are your data used by Dior?” above), whether that information is sold or shared (see “WHO may access your data?” above), and the length of time we intend to retain each category of personal data, or if that is not possible, the criteria used to determine that period (see “FOR HOW LONG may we keep it?” above), among other information.

 

  1. Access the categories and specific pieces of personal data we have collected about you, the categories of sources from which the personal data is collected, the business purpose for collecting the personal data, and the categories of third parties with whom Dior shares personal data.

 

  1. Limit the use and disclosure of sensitive personal data. Although this is a right in California, because Dior only uses sensitive personal data as reasonably necessary to provide products and services, and for internal business or legal obligations, we do not, and are not required to, offer this right.

 

  1. Correct inaccurate or obsolete personal data that the Company may maintain.

 

  1. Delete the personal data under certain circumstances.

 

  1. Opt-out of the sale or sharing of personal data. Dior may be considered to sell or share the personal data of California residents in the context of transferring information to third parties for use in analytics and targeted advertising, as described in the “WHO may access your data?” section above, through the use of cookies and other trackers. California residents can contact us by using one of the contact methods below, or you may accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising) by visiting Your Privacy Choices / Cookies.

 

  1. Request process. Dior does not discriminate against our users on the basis of their exercising any of their rights afforded by the CCPA and CPRA, which is further in accordance with California residents’ rights under the law.  Please see our section regarding financial incentives for Parfums Christian Dior in the section below (“Notice of Financial Incentive”).

 

To request access to your personal data, or correct or delete your personal data, see the “Contact Us” section below.

 

We will first acknowledge receipt of your request within 10 business days after receipt of your request. We will provide a substantive response to your request within 45 calendar days after its receipt. If we require more time (up to 90 days or the permitted timeframe), we will inform you of the reason and extension period in writing.Only you or an authorized agent (as described below) may make a verifiable consumer request related to your personal data.

 

  • How to Authorize an Agent. You may designate an authorized agent to submit your verified consumer request on your behalf, only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.

  • How We Verify Your Request. To respond to your request we must verify your identity or the authority of your authorized agent. We will only use the personal data provided in that context to verify your identity or the authority of your authorized agent to make the request. Making a verifiable consumer request does not require you to create an account with us. To allow us to verify your request, we will we will ask that you please provide us with information about the products you may have purchased on our website or in our Boutiques, or events in which you may have participated, or exchanges you may have had with our Client Service Center by email, or text exchanges you may have had with one of our Sale Associates in a Boutique, or if none of the prior sources applies, we may send you an email verification to the email address that we have on file, and request that you confirm your name and date of birth, or another piece of information that we have on file. If we do not have your email address on file, or you do not receive our email verification, we may verify your information using a government-issued card with a name that corresponds to information we have on file.

 

California’s Shine the Light Law

 

California Civil Code Section 1798.83, also known as "Shine The Light" law, permits California residents to annually request information regarding the disclosure of your personal data (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. We do not share personal data with third parties for the third parties’ direct marketing purposes.

Notice of Financial Incentive

This Notice of Financial Incentive includes an explanation of our programs that may be considered financial incentives under applicable law, such as the CPRA.  For example, Parfums Christian Dior offers members-only benefits and rewards (“Incentives”) to customers who share personal information with us (e.g. name, email address, billing address, birthday and other identifiers) by setting up an account and signing up for the My Exclusive Loyalty Program (collectively “Programs”).  By joining the Programs, you get access to exclusive Incentives depending on your membership status which includes in particular: welcome, birthday, holiday, and other gifts; consultations; early access to Dior events; and a Luxury Miniature. The material aspects of these Programs will be explained to you when you sign up. 

 

We offer these Programs and Incentives to better serve you and to provide products and services that meet your needs.  The value of your personal information varies depending on a number of factors including the resources required to collect and maintain such information. Incentives are not directly tied to, or exclusively based upon, a set value of any individual element of your personal information, but are reasonably based in good faith on the following considerations:

•    Online and email marketing, and exclusive Incentives, provide a tailored and exclusive experience for existing and potential customers to interact with us and explore our products;

•    Online and email marketing is an integral part of Parfums Christian Dior’s ability to attract and maintain existing and potential customers and allows us to provide you with information you want;

•    Incentives, the value and provision of which are impacted by performance targets, geographic location, seasonality, costs to provide, and market trends.

 

Your participation in these Programs is voluntary. You may withdraw at any time by contacting us at Parfums Christian Dior, see “Contact Us” section below.

Canada Consumer Privacy Rights

While Dior applies the GDPR benchmark globally, there are specific privacy laws in Canada, including the Quebec Act, and certain similar consumer privacy laws at the federal and provincial levels. To this effect, Dior complies with rights of consumers regarding the personal data that we collect and hold about them.  Those rights vary by province.

 

  • Your Quebec Privacy Rights.

 

 

1. Transparency. Upon request, Dior shall inform the individual of:

 

-        The personal information collected from the individual;

-        The categories of individuals who have access to the information within the organization;

-        How long the information will be retained;

-        The contact information for the Privacy Officer.

 

2. Access. With certain exceptions, individuals have the right to be informed of their personal information held by a company and, if necessary, to request that it be corrected. To access your personal information, you must send a written request to Dior’s Privacy Officer (See “CONTACT US”) or to the store that holds your personal information.

 

3. Correction and Erasure.  When you are informed of the existence in a file or record of inaccurate, incomplete or equivocal information about you, or if its collection, communication or retention is not authorized by law, you may make a request for its correction or erasure.

 

4. Deindexation. Individuals can ask organizations to stop posting their personal information or to de-index any hyperlinks to their name that provide access to information if such posting causes harm to the individual or contravenes a law or court order (right to erasure or to be forgotten).

 

5. Portability. The right to portability allows an individual to obtain access to computerized personal information that he or she has provided to an organization, for example, when creating an account online, in a structured and commonly used technological format. An individual may request access to his or her personal information for his or her own use, including for the purpose of retaining the information in a private storage space or disclosing it to a third party of his or her choice. At the request of the individual, the information may also be disclosed to any person or organization authorized by law to collect it.

 

4. Assistance. Dior has delegated the internal management and oversight of its privacy program to its Privacy Officer. It is the Privacy Officer who approves and implements privacy policies and procedures, ensures their proper functioning and reports to Dior’s senior management on the effectiveness of the program.

 

The Privacy Officer is also responsible for providing you with the necessary support in the event of a privacy-related question, complaint or request. For more information, please consult the "Contact us" section.

How does Dior protect children's privacy?

Dior has adopted practices that are designed to ensure that we do not intentionally or knowingly collect or maintain any information from children under the age of 16, though we do not monitor the age of users of our services. If we learn that we mistakenly collected any information from anyone under the age of 16, we will purge it immediately, except for responding to a question or inquiry on a one-time basis from his/her parent or legal guardian. If you are under the age of 16, you should not submit personal data on this website or any other website without the consent of your parent or guardian. If a parent or guardian of a child under 16 believes that the child has provided us with personal data, the parent or guardian of that child should contact us, see “Contact Us” section below. Parents and legal guardians who seek to exercise the CCPA / CPRA rights of their children will also be subject to authentication so as to prevent the release of any information pertaining to a minor to an unauthorized individual.

We do not knowingly sell or share the information of children of any age.

Updates to this Statement

Dior reserves the right to change this Statement at any time at its sole discretion and will post the date it was last updated at the top of this Statement. Such changes shall be effective immediately upon posting them to Dior’s website, or otherwise providing them to you. We will provide additional notice to you if we make any changes that materially affect your privacy rights.

Updates to this Statement

Dior reserves the right to change this Statement at any time at its sole discretion and will post the date it was last updated at the top of this Statement. Such changes shall be effective immediately upon posting them to Dior’s website, or otherwise providing them to you. We will provide additional notice to you if we make any changes that materially affect your privacy rights.

Contact us

If you have any general questions or concerns about how we process and use your personal data or would like to exercise any of your privacy rights, you may contact us at the Maison below that processes your personal information. Please note that you should direct any inquiries you may have about your data directly to the Maison that may hold your personal information. Each Maison manages its own database and cannot provide information about the data that may be held by the other Maison. 

 

The Maison Christian Dior Couture

 

  • For residents of the United States,

    • Toll-free number: 1 800 929 3467 from Monday to Saturday from 10am to 10pm (EST) and on Sunday from 11am to 7pm (EST)

    • By email: contactdiorus@christiandior.com

 

  • If you need to access the Statement in an alternative format due to a disability, please contact us as provided above.

 

  • For residents from other countries: please see the contact details in the Privacy Statement of your country of residence.

 

The Maison Parfums Christian Dior

 

  • For residents of the United States

 

  • If you need to access the Statement in an alternative format due to a disability, please contact us as provided above.

 

  • For residents from other countries: please see the contact details in the Privacy Statement of your country of residence.

NOTICE ABOUT 30 MONTAIGNE ACTIVITIES

PRIVACY STATEMENT - CHRISTIAN DIOR –  30 Montaigne Hotel, Restaurant and Gallery

The Maison Christian Dior Couture attaches particular importance to the processing, confidentiality and security of your personal data. We are committed to offering you personalized services while respecting your privacy and personal choices.

 

The purpose of this privacy policy is to inform you in a clear, simple and complete manner of the processing carried out on the personal data that you provide to us, or that each of our Affiliates can collect from the various outlets, contact you may have with us (e.g. shop, Customer Service, dior.com, social networks, digital applications, events), their possible transfer to third parties as well as your rights and the options you have to control your information protect your privacy, in accordance with current regulations.

 

In particular, this Privacy Statement is dedicated to the collection, handling and usage of your personal data during your various interaction with the a) Hotel, b) the Restaurant or c) the Gallery located at 30 Montaigne (also named herewith as “30 Montaigne”). Throughout this dedicated Privacy Statement, in relation to other processing activities, notably with regards to your purchases of Dior products, please refer to the generic Privacy Statement which can be reached at this link.

 

The Data Controller will be Maison Christian Dior Couture, within the meaning of the regulations applicable to personal data and in particular with regard to article 24 of the Regulations (EU) 2016/679 (hereinafter "GDPR").

 

In this Statement dedicated to the activities of the “30 Montaigne” and your interaction with it, you will find information about:

• Who are we?

• What data we may collect about you

• How we collect or receive your data

• For what purposes we use your data

• How long we keep them

• Who are the recipients of your data

• How we protect them and ensure their confidentiality

• How we treat your preferences and your rights stemming from European Regulation

• The additional protections we offer to residents of certain regions

• How to contact us if you have questions about our use of your personal data

•Modification of this privacy statement

 

WHO are we ?

The Maison Christian Dior Couture

 

Christian Dior Couture SA (head office), a public limited company under French law with its head office located at 30 avenue Montaigne, Paris 8, France, registered in the Paris Trade and Companies Register under number 612 035 832 and represented by Hien Tran Trung in his capacity as Administrative and Financial Director of Christian Dior Couture,

And all of the Christian Dior Couture affiliates with whom you share your information

Christian Dior Couture is a story of dreams and elegance, passion and excellence; it is also a story of know-how. The creations of Christian Dior Couture express the passion for beautiful gestures and exceptional objects. From haute couture to ready-to-wear, including leather goods, watchmaking and jewelry, know-how is transformed into the art of making.

 

WHAT data do we collect about you?

"Personal data" means any information that identifies you either directly (such as your name) or indirectly (for example, using a unique customer number).

 

The personal data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described in this Policy and are also limited to those which are relevant and appropriate for this interaction. Visitors to the Dior.com website, or applicable websites for the “30 Montaigne”, who view our products, services information and offers can choose to do so without logging in, and the same is true for point-of-sale search and browsing on social media. Unless you choose to interact with us through these contact points, for example:

 

• by making a purchase on our dedicated sites,

• by subscribing to one of our programs or services,

• by writing to us via the consumer contact forms,

• or by writing us a comment in the free online order fields,

 

or else, our data collection is limited to the use of "cookies" (visitors) for website visitors whose conditions are specifically defined by our cookie policy and according to your preferences. For the sake of transparency and clarity, our cookie management policy is separate from this general policy. The cookie management policy is accessible from this link.

 

Depending on the data that you communicate to us or that you share with us, personal data may include information concerning:

• Your identity and contact details: surname, first name, postal address, email address, telephone number, and for the “30 Montaigne” Hotel only: Passport details

• Your interests

• A history of your purchases (in store or online, including your orders, tracking and invoices, amount and type of purchase)

• Your requests via our customer service or our public relations service

• The Dior events in which you participate

• Your food intolerance in relation to the “30 Montaigne” Restaurant

• Your satisfaction and comments on our programs, services and products

 

Regarding your purchases, payments are made via a secure payment platform, supplemented by control measures, including encryption of contact details, in order to guarantee the security of purchases made and to fight against fraud. Your bank details are therefore not accessible on Dior's servers.

 

We invite you to ensure that your data is regularly updated, either by modifying it directly on our sites or, by informing us in writing of any modification by referring to the dedicated section "How to contact us".

 

HOW do we collect or receive your data?

As part of our relationships, the data we collect may be collected through the following contact points:

• Course on dedicated websites such as galeriedior.com and billetterie.galeriedior.com

• Exchanges with our advisers at the “30 Montaigne”

• Dior events in which you participate

• Relationship with our public relations services

• Contact with Customer Service

• Forms that you fill out (at the “30 Montaigne” or online)

• Digital applications with which you interact

• Third party data providers with whom you share information

• Retailers for whom you agree to receive our communications

• Satisfaction surveys or questionnaires to which you answer

 

We make sure to identify the personal data essential for the purpose for which it is collected by indicating it with an asterisk like this ‘(*)’ on each personal data collection form. If you do not fill in these mandatory fields, we will not be able to respond to your requests and / or provide you with the services requested. The other information is optional and allows us to know you better and improve our communications and services to you. Although not mandatory, we recommend that you fill them in to allow you to benefit from the best possible experience during our interactions with you.

 

Further information on how Dior collects your data can be found at the generic Privacy Statement which can be reached at this link.

 

FOR WHAT PURPOSES is your data used by Dior?

We are required to use your data for purposes defined according to the nature of our relationships. Thus, depending on the context in which your data is collected, it may be used for one or more of the following purposes:

• Managing your orders in relation to Grand Montaigne goods or services

• Management of personalized content and Dior communications (digital or not)

• Managing your profile

• Managing your requests in connection with Dior

• The management of events in which you register / participate in relation for instance of the Grand Montaigne Gallery

• The management of our website and our digital applications in relation to Grand Montaigne goods or services

• Management and improvement of our products and services, image and reputation

• Transaction management (securing online payments, prevention of fraud, incidents related to payments and debts)

• Analysis and personalization purposes: with your explicit consent (when required), we use your personal data to send you personalized communications (newsletters, offers, invitations and surveys) and analyze your preferences and habits, anticipate your needs from of your consumer profile. We can make you benefit from our personalized communications by means of emails, postal letters, SMS or calls according to the communication preferences that you have indicated to us and your consumer profile (when authorized).

 

Further information on Dior processing activities can be found at the generic Privacy Statement which can be reached at this link.

 

We ensure the legal basis for the processing of your data according to the purpose (s) concerned, which may be, depending on the context in which it is collected:

• Your explicit consent: for example, for the purposes of managing our personalized commercial offers, managing your browsing via cookies under the conditions defined by our Cookies Policy, or establishing your consumer profile in applicable cases;

• The implementation of a contract, for example for your access to your customer account, the processing and follow-up of your orders;

• A legal obligation when processing is required by law, for example, keeping purchase invoices to prevent fraud;

• Our legitimate interest: for example, to improve our products and services, defend ourselves or secure our tools

 

HOW LONG can we keep them?

We keep your personal data only for the time necessary for the purpose pursued. In general, your personal data is stored in a dedicated “30 Montaigne” database:

 

  • For the guests staying at the “30 Montaigne” Hotel: 5 years starting at the date of the check in.

 

  • For the customers of “30 Montaigne” Restaurant: 3 years starting at the date of the meal payment

 

  • For the visitors of the “30 Montaigne” Gallery: 3 years starting at the date of the Gallery visiting ticket issuance.

 

When we no longer need to use your personal data, it is deleted from our systems and our registers or made anonymous so that it can no longer be identified, subject to retention for archival purposes. claims and litigation management as well as to meet our legal and / or regulatory obligations and / or to respond to requests from authorities authorized to make the request

 

WHO can access your data?

Your data is intended for the services of Maison Christian Dior concerned by your requests. We ensure that only duly authorized persons can access your personal data when this is necessary for the aforementioned purposes.

 

We do not pass your data on to third parties for commercial purposes.

 

At high level, we are only required to communicate your information if necessary, and if possible in a form that does not allow direct identification to:

 

• Other Dior entities as well as department stores where you buy our products in order to provide you with identical personalized service worldwide

 

• Our trusted third-party providers, including other entities of the LVMH group, acting as subcontractors according to our instructions and on our behalf only.

For example, we entrust certain services to third parties responsible for delivering a product to you, payment service providers and transaction security against fraud, third parties who assist us in the organization of our events, third parties providing services IT, digital communication and public relations agencies, third parties who assist us in customer service, third parties who assist us in qualitative surveys of our products, programs or services.

 

• Third parties including the LVMH group wishing to know your preferences and consumption trends for our programs and services in order to improve visibility, accessibility and performance.

 

• Our trusted third party partners assist us in the management of your orders. In particular, we entrust certain services to third parties responsible for delivering a product to you, to payment service providers and to providers ensuring the security of anti-fraud transactions. Please note that these partners may act as data controllers; in this case, they have their own privacy policies.

 

Further information on how Dior shares your data can be found at the generic Privacy Statement which can be reached at this link.

 

HOW do we protect and ensure the confidentiality of your data?

We take all the necessary precautions to guarantee the confidentiality and security of your data and to prevent it from being distorted, damaged, destroyed or from unauthorized third parties having access to it.

 

We ask our partners and group companies to maintain a level of protection similar to ours concerning your personal data. The security measures put in place are evaluated and updated to face new threats and new challenges, as well as new legal requirements in the countries where we operate.

 

HOW do we deal with cross-border protections?

Given the presence of Dior in many countries around the world and in order to provide you with personalized service worldwide, some of your data may be collected, accessible or stored outside your country of residence. You should be aware that data protection and security requirements differ from place to place and may not offer the same level of protection as those of your country of origin. However, Dior and our group companies have taken measures to guarantee an adequate level of protection of your data, regardless of their location.

 

Further information on how Dior processing handle data transfer can be found at the generic Privacy Statement which can be reached at this link.

 

WHAT additional protections are provided for residents of certain regions?

Dior has adopted the data protection and security practices described in this privacy policy for all individuals concerned. In addition, we have also identified and taken into account the data protection and security measures required at local or regional level. This includes, for example, those required for residents of the European Union / European Economic Area under the General EU Data Protection Regulation (GDPR) 2016/679.

 

In particular, the GDPR provides the following rights:

 

• Right to information: you have the right to obtain clear, transparent and understandable information about how we use your personal data and about your rights. You will find all of this information in this policy

 

• Right of access: you have the right to access the personal data that Dior holds about you

 

• Right of rectification: you have the right to have your personal data rectified if it is inaccurate or obsolete and / or to supplement it if it is incomplete

 

• Right to erasure / right to be forgotten: you have the right to have your data erased or deleted. However, this right may be limited by a legal reason or our legitimate interest in keeping your personal data

 

• Right of opposition: you can at any time request to no longer receive our communications relating to our offers, news and events. You can in particular use the hypertext link provided for this purpose in each email or communication that we send to you. You can also request to receive non-personalized communications about our products and services

 

• Right to withdraw consent at any time for data processing based on consent: you can withdraw your consent relating to our processing of your data when this processing is based on consent

 

• Right to data portability: you have the right to move, copy or transfer data from our database to another. This right only applies to the data you have provided, and provided that the processing is based on a contract or your consent and carried out using automated processes

 

You, or one of your legally designated representatives, also have the right to formulate specific or general directives concerning the conservation, erasure and communication of your post-mortem data and this in application of the Law for a Digital Republic.

 

HOW to contact us ?

1 / Please contact us in the manner below if you wish to exercise these rights or if you have questions or complaints regarding the processing of your personal data.

Christian Dior Couture

-             By email at privacy@christiandior.com

-             By postal mail: Christian Dior Couture, 30 avenue Montaigne, 75008 Paris, France

2 / You also have the right to contact the Dior lead data protection authority, the CNIL, at any time, in order to lodge a complaint against Dior's data protection and privacy practices. The CNIL can be contacted using the following information:
Commission Nationale de l’Informatique et les Libertés (CNIL)

3 Place de Fontenoy
TSA 80715 - 75334 Paris, Cedex 07
Phone. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/

CHRISTIAN DIOR COUTURE - CANDIDATE PRIVACY STATEMENT

Statement relating to the protection of your personal data collected in the context of recruitment

This Privacy Statement for Candidates (hereinafter the “Privacy Statement”) is intended to provide visitors and users (“You”) of the www.dior.com website, as well as of all the Dior’s websites with .com, .it, .ru, .co, .jp, .cn domain names suffixes (hereinafter collectively the “Website”) with information relating to how the Maison Christian Dior Couture (hereinafter “Christian Dior Couture” or “We/Us”) processes your personal data (hereinafter the “Personal Data” or “Data”) and about your rights in this respect.

This Privacy Statement does not apply to residents of California. If you are a resident of California, please review our California Candidate Privacy Notice here.

Christian Dior Couture places the highest priority and takes the utmost care to protect your Personal Data.

1. Who are we? Who is the Data Controller of your Personal data?

During your recruitment experience, and in order to inform you in advance, the Data Controller will be Christian Dior Couture within the meaning of the regulations applicable to personal data and in particular with regard to article 24 of the Regulations (EU) 2016/679 (hereinafter "GDPR").

As an example, referring to some of the Maison iconic products:

• Lady Dior bag

• 30 Montaigne bag

• Bar jacket

Christian Dior Couture SA (head office), a public limited company under French law with its head office located at 30 avenue Montaigne, Paris 8, France, registered with the Paris Trade and Companies Register under number 612 035 832 and represented by Hien Tran Trung in his capacity as Administrative and Financial Director of Christian Dior Couture,

And all Christian Dior Couture affiliates

Christian Dior Couture is a story of dreams and elegance, passion and excellence; it is also a story of know-how. The creations of Christian Dior Couture express the passion for beautiful gestures and exceptional objects. From haute couture to ready-to-wear, including leather goods, watchmaking and jewelry, know-how is transformed into the art of making.

2. What is a “personal data”?

Personal Data refers to any information or pieces of information that could identify You either directly (e.g. your name, surname, email, home address, etc.) or indirectly (e.g. through pseudonymized data, such as a unique ID number, etc.). It may also include unique identifiers like your computer’s IP address.

3. Why and how do We use the Personal Data that We collect?

3.1 How do We collect your Personal Data?

 We collect your Personal Data as follows:

  • directly from You when You use our Website and our services (completion of various forms on the Website, direct communication with Us through our institutional departments, etc.);

  • automatically when You access or use the Website (technical details, IP address, browsing information, etc.).

3.2 What Data do We collect?

We collect several types of Personal Data about You:

 Personal Data that We collect directly from You

We collect Personal Data that You provide directly when You use our Website.

This is specifically the case when You:

  • interact with Us through the contact forms,

  • register to receive our newsletters or institutional documentation,

  • apply to job offers.

The categories of Personal Data that We collect include:

  • Identification and contact information: e.g., last name, first name, mailing address, contact details needed to identify You when You interact with Us,

  • Application information: e.g., last name, first name, email address, telephone number, professional experience and all the information You provide by sending your application and/or your curriculum vitae: photo, skills, education level, spoken languages, salary expectations, home address, hobbies, family status, etc.  We only collect and store this Data in connection with the management of our own job offers and do not use them for any other purposes, including for commercial purposes.

Personal Data that We collect automatically

We automatically collect certain Data about You when You access or use the Website, specifically:

  • Technical information: We collect information about the device that You use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled You to access our Website),

  • Browsing information: We use tracking technologies to collect Data about You when You use our Website.

3.3 On what legal grounds and for which purposes do We use the Data that We collect?

 In accordance with current personal data protection regulations, We only collect Personal Data when We have a legal basis to do so.

Personal Data is collected either:

        i.          based on pre-contractual measures

       ii.          based on your consent,

      iii.          in our legitimate interest, or

     iv.          to meet our legal obligations.

(i) We collect your Personal Data on the basis of pre-contractual measures, in particular in the context of the processing of applications (CV and motivation letter) and management of interviews.

(ii) We collect Personal Data based on your consent, for the following purposes

  • Share opportunities that can match your profile and keep you up to date on the life of Maison Dior,

 (iii) We collect Personal Data based on our legitimate interest, for the following purposes:

  • ·        to manage your requests and queries: We use your Data to send You the information You request,

  • to defend our interests in the event of a dispute or court action,

  • to manage cybersecurity of the Website,

  • to prevent fraudulent acts in order to ensure the security of our assets and contents.

(iv) We may also store your Personal Data when the law requires Us to do so or to defend our legal rights.

3.4 Who has access to your Data? 

3.4.1 Accessibility within Christian Dior Couture

Your Data is processed by the Christian Dior Couture for the purposes described above and are only accessible to Christian Dior Couture personnel who need to know it to perform their duties.

In this respect, your Personal Data is processed by the following departments of Christian Dior Couture and/or other Maisons of the LVMH Group:

  • Christian Dior Couture Institutional Communication Department and Financial Communication Department for the management of your requests and queries, as well as to send You newsletters;

  • Christian Dior Couture Human Resources department to manage your applications to job offers;

  • Christian Dior Couture Security Department to manage cybersecurity of the Website;

  • Christian Dior Couture Fraud and Legal Departments to manage fraudulent acts or legal claims if any.

3.4.2 Accessibility by third parties

Certain third parties may have access to your Data, specifically:

(i) our subcontractors and service providers acting for technical and logistical reasons (carriers, Website hosting, security and maintenance providers, fraud management service providers, technical service providers responsible for sending e-mails and newsletters, anti-spam and anti-bot services, recruitment agencies which may provide Us with advice on the management of our candidates’ databases and help with the selection of profiles within such databases, etc.);

(ii) other LVMH Group affiliates for recruitment purposes: when you apply to an LVMH Group affiliate’s job offer, this affiliate collects and processes your Data as independent data controller. In such case, your Data will be processed according to this affiliate’s personal data protection policy, which You may obtain by contacting it directly. Likewise, the rights You enjoy pursuant to personal data protection laws must be directly enforced against it;

(iii) any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.

3.5 Is any Personal Data transferred outside of the European Economic Area?

Your Data is processed in France by the Maison Christian Dior Couture. However, We may rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA.

With reference to the data relating to applications, the LVMH Group has adopted binding corporate rules ("BCR") which the French Supervisory Authority (the CNIL) has declared to be compliant with current legislation and suitable for offering an adequate level. of protection in case of data transfer within the Group, also outside the European Economic Area.

3.6 How long do We store your Data?

Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.

Please see the list below for additional details about these periods.

Any transfer of your Data outside of the EEA will take place with appropriate safeguards in place that comply with applicable personal data protection regulations. Upon request, We will provide You with a copy of applicable safeguards.

  • Purpose: Management of your requests and queries

  • Data categories: Identification Data (last name, first name, mailing address, contact details needed to identify You when You interact with Us).

  • Period of storage before erasure: Duration required to manage your requests and queries. Your Data will then be either deleted or anonymized, unless we need to keep it to meet our legal obligations for the applicable statutory retention period.         

 

  • Purpose: Sending You our newsletters

  • Data categories: Your email address

  • Period of storage before erasure: Duration of your subscription. Then, the Data will be destroyed or anonymized.

 

  • Purpose: Management of your applications to job offers

  • Data categories: Application information

  • Period of storage before erasure: Duration of two (2) years from when the Data has been provided or from the last contact with You. At the end of this 2-year period, Christian Dior Couture may contact You to know whether You want Christian Dior Couture to keep retaining your Personal Data, for the purpose of informing You of an opportunity that may arise and match your career aspirations and skills. In any event, your Data will be erased at your request, within a maximum period of 1 month from your request.

 

  • Purpose: Security of the Website

  • Data categories: Technical information of your device (IP address, device type, browser ID, etc.)

  • Period of storage before erasure: 6 months, then the Data is either deleted or anonymized.

 

  • Purpose: Disputes/complaints

  • Data categories: Data concerning the dispute/complaint

  • Period of storage before erasure: Duration of the complaint + 5 years from the complaint.

  • In the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement

4. What are your rights in relation to your Data?

 4.1 Access, rectification and portability

 In accordance with current regulations, You have the right to access your Data. You may also request correction of Your Personal Data should they be inaccurate. Depending on the purpose of processing, You also have the right to have incomplete Personal Data completed.

To respond to your request, We may ask You to provide Us with a proof of your identity. We may also need to ask You for additional information or supporting documents. We will make every effort to respond to your request as soon as possible.

You may, to the extent provided for by law, exercise your right to Data portability which allows You to retrieve, in an interoperable format, the Personal Data that You provided to Us.

4.2 Right to erasure of your Data and to limitation of the processing of your Data

 You may request erasure of your Personal Data if:

  • You believe that our processing of your Personal Data is no longer needed for the purposes described in this Privacy Policy,

  • You believe that the processing is unlawful or You contest the accuracy of the Data We process about You,

  • You withdrew your consent to the processing of your Data.

Alternatively, to the extent provided for by law, You may request limitation of the processing of your Data.

Please note that despite the exercise of your right to erasure or processing limitation, We will store some of Your Personal Data when the law requires Us to do so, or to exercise or defend our rights.

4.3 Right to establish instructions for the management of your Personal Data after your death

For France and when mandatory local provisions so provide, You may determine how You want Us to handle your Personal Data upon your death.

4.4 Procedure to exercise your Data protection rights

  • You can exercise your data protection rights in the following ways or if you have any questions or complaints about the processing of your personal data.by using the following email address: privacy@christiandior.com  

  • by using the following contact form: https://www.dior.com/en_us/contact-couture

  • by mail at the following address: Data Protection Officer, Christian Dior Couture, 11 bis rue François 1er, 75008 Paris, France.

You also have the right to contact Dior’s lead Supervisory Authority, the CNIL, at any time in order to file a complaint against Dior’s data protection and privacy practices. The CNIL can be contacted by using the following information:

 

Commission Nationale de l'Informatique et des Libertés – CNIL

3 Place de Fontenoy
TSA 80715 - 75334 Paris, Cedex 07
Phone. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/

We also wish to inform you about the contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

When the processing of your Data is based on your consent (e.g., subscription to the newsletter), You may withdraw your consent at any time without justification. This right can be exercised by changing your options regarding subscriptions to our newsletters by clicking on the hyperlink provided for this purpose in each email We send You.

5. How is your Personal Data secured?

Christian Dior Couture uses technical and organizational measures that comply with French and EU legal and regulatory requirements, to keep your Data secure and confidential. Under written agreements, Christian Dior Couture requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under personal data protection laws. However, Christian Dior Couture does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.

6. Third party websites

There may be links to third-party websites (such as LVMH Group affiliates’ websites) that We do not control, and which are governed by their own confidentiality and personal data protection policies. This Privacy Statement does not apply to third-party websites. Please review the confidentiality and personal data protection policies of the third-party websites that You visit to understand how they process your Data. Christian Dior Couture shall not be liable for any use of your Data by any third parties.

CALIFORNIA CANDIDATE PRIVACY NOTICE

Effective Date: January 1, 2023

The Company has implemented this California Candidate Privacy Notice (the “Notice”) to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”). For the purpose of this notice, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident.

This Notice covers:

1.           Why we collect your personal information

2.           Use of Personal Information

3.           Our Personal Information retention criteria

4.           How we collect your personal information

5.           How we disclose your personal information

6.           Disclosure for Business Purposes

7.           Privacy Rights

8.           Required disclosures

9.           Agents

10.         Amendment

11.         Contact Information

 

1. Why we collect your personal information

This Notice applies solely to California residents whose personal information is collected by the Company in the following situations: 

  • In connection with a job application.

  • In connection with being a candidate for employment of the Company (a “Candidate”), to the extent that the personal information is collected and used by the Company within the context of such role or former role as a Candidate of the Company.

We refer to such California residents as “you” or “your” throughout this Notice.

We note that CCPA/CPRA and other privacy regulations are still in development and may change in the future. Therefore, we may choose or be required to update this Notice. Any terms defined in the CCPA/CPRA have the same meaning when used in this Notice.

This notice does not address our treatment of certain of your personal information that constitutes protected health information regulated by the Health Insurance Portability and Accountability Act (“HIPAA”). For more information about how we treat this information, please view our Notice of Privacy Practices.

The chart below provides the categories and related examples of personal information we may collect. Below the chart, we have outlined the criteria we use to determine how long such personal information will be retained.

 

Category of personal information

 Examples [Add any other examples in the rows below that may be relevant]

Contact information

Name, mailing address, unique personal identifier, online identifier, IP address, email address, phone number, signature, physical characteristics and/or description.

Government identification numbers

Social Security number, driver’s license or state identification number, passport number, military identification number, tribal identification number and/or immigration status.

Financial information

 

Receipts of authorized expenses relating to interviews with us and account information for reimbursement authorized by us

Protected classification characteristics under California or federal law

Race, color, ancestry, national origin, citizenship, religion or creed, marital status, physical or mental disability, age, sex, sexual orientation, veteran or military status and/or genetic information.

Health or medical information

COVID-19-related information.

Sensory or surveillance data

Audio, electronic, visual, thermal, olfactory, or similar information, such as COVID-19 related temperature checks, call monitoring and/or video surveillance.

Professional information

Current or past job history, title, employer and/or salary information, recruitment information, and copies of right-to-work documentation (e.g., citizenship, work permits, or visa information)

Education information

Institutions attended, grades and/or degrees awarded.

Inferences drawn from other personal information

A profile relating to a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and/or aptitude.

Social media information

Public social media posts and/or statements.

2. Uses of Personal Information

The Company collects Personal Information in the employment context to use as appropriate for the following purposes:

  • To support our organizational and operational functions in human resources, including Candidate onboarding.

  • To provide services to you as a Candidate.

  • To properly administer our workforce and our job application process.

  • To evaluate your candidacy as an applicant.

  • Purposes that are required by law (e.g., for identity verification, I-9 forms, etc.).

  • To fulfill our legal obligations, respond to law enforcement requests and as required or permitted by applicable law, court order, subpoena, or governmental regulations, or as necessary to establish or defend legal claims or allegations.

  • To seek advice from our lawyers, auditors, or other professional advisers.

  • To safeguard our information technology infrastructure, detect security incidents and take other actions as required or permitted by applicable law to protect and defend the Company, our affiliates and subsidiaries, and our Candidates, including in connection with legal proceedings.

  • To protect the safety and health of our Candidates.

  • Purposes that are directed by you.

  • To contact you regarding your application or our relationship with you.

  • As otherwise described to you when we collect, use or disclose your personal information or as otherwise set forth in the CCPA/CPRA.

3. Our personal information retention criteria: CCPA/CPRA requires that we disclose the criteria we use to determine how long we will retain each category of personal information in the chart above. Oftentimes, our records contain several of these categories of personal information combined together and therefore we consider, on a case-by-case basis, a number of factors to assess how long personal information is retained. These factors include what personal information is reasonably necessary to (i) provide our services or administer our relationship with you; (ii) protect our business, employees, organization and others; (iii) fulfill our legal and regulatory obligations; and (iv) investigate and address issues which may include safety concerns, potential security incidents or policy violations.

4. How we collect your personal information.  The Company obtains the categories of personal information listed above from the following categories of sources listed below.

  • Directly from you. For example, we collect the personal information you provide to us in connection with your job application.

  • From our service providers. For example, we will collect your personal information from the service provider that provides background checks for us.

  • From Candidates. For example, if a Candidate provides your personal information in connection with a position referral.

  • From third parties. For example, a recruiting agency may provide your personal information to us in connection with our search for a Candidate.

5. How we disclose your personal information. In connection with the Company’s collection and use of your personal information as described above, the Company may disclose your personal information in the manner listed below.

  • With our parent company, subsidiaries and affiliates, some of which may be outside of the United States.

  • With our service providers.

  • With our auditors, actuaries, accountants, attorneys, governments or other third parties, as required or permitted by applicable law.

  • With third parties for security purposes, such as to issue badges to access Company premises.

  • As directed or authorized by you.

  • To comply with the law or to protect our organization. This includes responding to court orders or subpoenas or defending the Company in a lawsuit. This may also include sharing your personal information if a government agency or investigatory body requests this data. We may share also your personal information when we are investigating a security incident, allegation, or a potential fraud or violation of law.

  • With any successors to all or part of our company. For example, if we merge with, acquire or are acquired, or sell part of our company to another entity. This may include an asset sale, corporate reorganization or other change of control.

  • As otherwise described to you when collecting your personal information or as otherwise set forth in or permitted by the CCPA/CPRA.

6. Disclosures for Business Purposes. In the past twelve (12) months, we have disclosed the following categories of personal information to our service providers for “business purposes,” as defined in CCPA/CPRA; contact Information, government identification numbers, financial information, protected classification characteristics under California or federal law, commercial information, health or medical information, biometric information, internet or other similar network activity, geolocation data, sensory or surveillance data, professional information, education information, inferences drawn from other personal information and social media information. We have not disclosed Candidate personal information for “business purposes” to third parties (e.g., non-service providers) in the past twelve (12) months.

7. Privacy Rights. Subject to certain exclusions included in CCPA/CPRA, to the extent not inconsistent with other applicable laws and as relevant to our operations, you have the rights listed below with respect to the personal information that we maintain about you. We may take steps to verify your identity, as permitted or required under CCPA/CPRA, before we process your request. Verification may include asking you to provide information about yourself that we can match against information already in our possession. All information requests will be processed within forty-five (45) days of receipt of request, unless we notify you of an extension. If your request is denied in whole or in part, we will inform you of the reasons for the denial.

  • Notice, Access. This means that you can request that we disclose what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we have disclosed personal information, and the specific pieces of personal information we have collected about the consumer. As noted below, we do not “share” or “sell” Candidate personal information.

  • Deletion. This means that you can request that we delete personal information about you which we have collected from you. Note that we are not required under the law to honor all such deletion requests, and may, for example, refuse requests to delete as necessary to comply with applicable laws, or if deleting the data would prevent us from exercising or defending legal claims.

  • Correction. This means that you can request that we correct inaccurate personal information that we maintain about you.

  • Right to Non-Discrimination. This means that we are prohibited from discriminating against you if you exercise your rights under CCPA/CPRA.

8. Required Disclosures. We are required under CCPA/CPRA to make the disclosures in this section. In addition to the rights outlined above, CCPA/CPRA also gives you the right to opt-out of the “sharing” or “sale” of your personal information. These rights are not relevant to our collection, use and disclosure of Candidate personal information, as we do not “share” or “sell” Candidate personal information, including the personal information of any individuals under the age of sixteen. Please note that CCPA/CPRA contains specific definitions for “sharing” personal information and “selling” personal information. “Share” or “sharing” means, in short, sharing personal information for cross-contextual advertising purposes. “Sale” or “selling” is defined very broadly and includes the disclosure of personal information for monetary or valuable consideration. In addition, we do not collect, use or disclose Sensitive personal information except for those purposes described under §7027 of the CCPA/CPRA regulations or at the direction of a Candidate.

9. Agents. Agents that you have authorized to act on your behalf may also submit CCPA/CPRA requests as instructed above. The agent must also provide evidence that they have your written permission to submit a request on your behalf. If we are unable to verify the authenticity of a request, we may ask you for more information or may deny the request.

10. Amendment. The Company reserves the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will update the Notice's effective date and make available the updated Notice as required by law.

11. Contact Information.  California residents who wish to exercise their rights under this Notice or have other questions or comments about this Notice, can contact us at:

Name: HR Team

Email: hrbenefits@christiandior.com

Please include your legal name and email address, and indicate you are a California resident making a “CCPA/CPRA” request.

PARFUMS CHRISTIAN DIOR - CANDIDATE PRIVACY STATEMENT

Statement relating to the protection of your personal data collected in the context of recruitment

This Privacy Statement for Candidates (hereinafter the “Privacy Statement”) is intended to provide visitors and users (“You”) of the www.dior.com website, as well as of all the Dior’s websites with .com, .it, .ru, .co, .jp, .cn domain names suffixes (hereinafter collectively the “Website”) with information relating to how the Maison Parfums Christian Dior (hereinafter “Parfums Christian Dior” or “We/Us”) processes your personal data (hereinafter the “Personal Data” or “Data”) and about your rights in this respect.

Parfums Christian Dior places the highest priority and takes the utmost care to protect your Personal Data.

 

  1. Who are we? Who is the Data Controller of your Personal data?

During your recruitment experience, and in order to inform you in advance, the Data Controller will be Parfums Christian Dior within the meaning of the regulations applicable to personal data and in particular with regard to article 24 of the Regulations (EU) 2016/679 (hereinafter "GDPR").

As an example, referring to some of the Maison iconic products:

  • J’adore

  • Miss Dior

  • Capture Total

Parfums Christian Dior S.A. (head office), a public limited company under French law with its head office located at 33 avenue Hoche, Paris 8, France, registered with the Paris Trade and Companies Register under number 552 065 187 and represented by Laurent Kleitman in his capacity as President Director General Parfums Christian Dior,

And all Parfums Christian Dior affiliates

The Dior soul is expressed in each of the Maison's products and in the attention paid to each stage of their manufacture. From Grasse in Paris to the Jardins Dior, Parfums Christian Dior sublimates the finest materials so that each of its creations contributes to its aura around the world.

2. What is a “personal data”?

Personal Data refers to any information or pieces of information that could identify You either directly (e.g. your name, surname, email, home address, etc.) or indirectly (e.g. through pseudonymized data, such as a unique ID number, etc.). It may also include unique identifiers like your computer’s IP address.

3. Why and how do We use the Personal Data that We collect?

3.1 How do We collect your Personal Data?

 We collect your Personal Data as follows:

  • directly from You when You use our Website and our services (completion of various forms on the Website, direct communication with Us through our institutional departments, etc.);

  • automatically when You access or use the Website (technical details, IP address, browsing information, etc.).

3.2 What Data do We collect?

We collect several types of Personal Data about You:

 Personal Data that We collect directly from You

We collect Personal Data that You provide directly when You use our Website.

This is specifically the case when You:

  • interact with Us through the contact forms,

  • register to receive our newsletters or institutional documentation,

  • apply to job offers.

The categories of Personal Data that We collect include:

  • Identification and contact information: e.g., last name, first name, mailing address, contact details needed to identify You when You interact with Us,

  • Application information: e.g., last name, first name, email address, telephone number, professional experience and all the information You provide by sending your application and/or your curriculum vitae: photo, skills, education level, spoken languages, salary expectations, home address, hobbies, family status, etc.  We only collect and store this Data in connection with the management of our own job offers and do not use them for any other purposes, including for commercial purposes.

Personal Data that We collect automatically

We automatically collect certain Data about You when You access or use the Website, specifically:

  • Technical information: We collect information about the device that You use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled You to access our Website),

  • Browsing information: We use tracking technologies to collect Data about You when You use our Website.

3.3 On what legal grounds and for which purposes do We use the Data that We collect?

 In accordance with current personal data protection regulations, We only collect Personal Data when We have a legal basis to do so.

Personal Data is collected either:

        i.          based on pre-contractual measures

       ii.          based on your consent,

      iii.          in our legitimate interest, or

     iv.          to meet our legal obligations.

(i) We collect your Personal Data on the basis of pre-contractual measures, in particular in the context of the processing of applications (CV and motivation letter) and management of interviews.

(ii) We collect Personal Data based on your consent, for the following purposes

  • Share opportunities that can match your profile and keep you up to date on the life of Maison Dior,

 (iii) We collect Personal Data based on our legitimate interest, for the following purposes:

  • ·        to manage your requests and queries: We use your Data to send You the information You request,

  • to defend our interests in the event of a dispute or court action,

  • to manage cybersecurity of the Website,

  • to prevent fraudulent acts in order to ensure the security of our assets and contents.

(iv) We may also store your Personal Data when the law requires Us to do so or to defend our legal rights.

3.4 Who has access to your Data? 

3.4.1 Accessibility within Parfums Christian Dior

Your Data is processed by the Maison Parfums Christian Dior for the purposes described above and are only accessible to Parfums Christian Dior personnel who need to know it to perform their duties.

In this respect, your Personal Data is processed by the following departments of the Maison Parfums Christian Dior and/or other Maisons of the LVMH Group:

  • Parfums Christian Dior Institutional Communication Department and Financial Communication Department for the management of your requests and queries, as well as to send You newsletters;

  • Parfums Christian Dior Human Resources department to manage your applications to job offers;

  • Parfums Christian Dior Security Department to manage cybersecurity of the Website;

  • Parfums Christian Dior Fraud and Legal Departments to manage fraudulent acts or legal claims if any.

3.4.2 Accessibility by third parties

Certain third parties may have access to your Data, specifically:

(i) our subcontractors and service providers acting for technical and logistical reasons (carriers, Website hosting, security and maintenance providers, fraud management service providers, technical service providers responsible for sending e-mails and newsletters, anti-spam and anti-bot services, recruitment agencies which may provide Us with advice on the management of our candidates’ databases and help with the selection of profiles within such databases, etc.);

(ii) other LVMH Group affiliates for recruitment purposes: when you apply to an LVMH Group affiliate’s job offer, this affiliate collects and processes your Data as independent data controller. In such case, your Data will be processed according to this affiliate’s personal data protection policy, which You may obtain by contacting it directly. Likewise, the rights You enjoy pursuant to personal data protection laws must be directly enforced against it;

(iii) any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.

3.5 Is any Personal Data transferred outside of the European Economic Area?

Your Data is processed in France by the Maison Parfums Christian Dior. However, We may rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA.

With reference to the data relating to applications, the LVMH Group has adopted binding corporate rules ("BCR") which the French Supervisory Authority (the CNIL) has declared to be compliant with current legislation and suitable for offering an adequate level. of protection in case of data transfer within the Group, also outside the European Economic Area.

3.6 How long do We store your Data?

Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.

Please see the list below for additional details about these periods.

Any transfer of your Data outside of the EEA will take place with appropriate safeguards in place that comply with applicable personal data protection regulations. Upon request, We will provide You with a copy of applicable safeguards.

  • Purpose: Management of your requests and queries

  • Data categories: Identification Data (last name, first name, mailing address, contact details needed to identify You when You interact with Us).

  • Period of storage before erasure: Duration required to manage your requests and queries. Your Data will then be either deleted or anonymized, unless we need to keep it to meet our legal obligations for the applicable statutory retention period.         

 

  • Purpose: Sending You our newsletters

  • Data categories: Your email address

  • Period of storage before erasure: Duration of your subscription. Then, the Data will be destroyed or anonymized.

 

  • Purpose: Management of your applications to job offers

  • Data categories: Application information

  • Period of storage before erasure: Duration of two (2) years from when the Data has been provided or from the last contact with You. At the end of this 2-year period, Parfums Christian Dior may contact You to know whether You want Parfums Christian Dior to keep retaining your Personal Data, for the purpose of informing You of an opportunity that may arise and match your career aspirations and skills. In any event, your Data will be erased at your request, within a maximum period of 1 month from your request.

 

  • Purpose: Security of the Website

  • Data categories: Technical information of your device (IP address, device type, browser ID, etc.)

  • Period of storage before erasure: 6 months, then the Data is either deleted or anonymized.

 

  • Purpose: Disputes/complaints

  • Data categories: Data concerning the dispute/complaint

  • Period of storage before erasure: Duration of the complaint + 5 years from the complaint.

  • In the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement

4. What are your rights in relation to your Data?

 4.1 Access, rectification and portability

 In accordance with current regulations, You have the right to access your Data. You may also request correction of Your Personal Data should they be inaccurate. Depending on the purpose of processing, You also have the right to have incomplete Personal Data completed.

To respond to your request, We may ask You to provide Us with a proof of your identity. We may also need to ask You for additional information or supporting documents. We will make every effort to respond to your request as soon as possible.

You may, to the extent provided for by law, exercise your right to Data portability which allows You to retrieve, in an interoperable format, the Personal Data that You provided to Us.

4.2 Right to erasure of your Data and to limitation of the processing of your Data

 You may request erasure of your Personal Data if:

  • You believe that our processing of your Personal Data is no longer needed for the purposes described in this Privacy Policy,

  • You believe that the processing is unlawful or You contest the accuracy of the Data We process about You,

  • You withdrew your consent to the processing of your Data.

Alternatively, to the extent provided for by law, You may request limitation of the processing of your Data.

Please note that despite the exercise of your right to erasure or processing limitation, We will store some of Your Personal Data when the law requires Us to do so, or to exercise or defend our rights.

4.3 Right to establish instructions for the management of your Personal Data after your death

For France and when mandatory local provisions so provide, You may determine how You want Us to handle your Personal Data upon your death.

4.4 Procedure to exercise your Data protection rights

  • You can exercise your data protection rights in the following ways or if you have any questions or complaints about the processing of your personal data.by using the following email address: gdpr_hr@diormail.com

  • by using the following contact form: https://www.dior.com/en_gb/contact-parfum

  • by mail at the following address: Data Protection Officer, Parfums Christian Dior, 190 avenue Charles de Gaulle, 92200 Neuilly sur Seine, France.

You also have the right to contact Dior’s lead Supervisory Authority, the CNIL, at any time in order to file a complaint against Dior’s data protection and privacy practices. The CNIL can be contacted by using

the following information:

Commission Nationale de l'Informatique et des Libertés – CNIL

3 Place de Fontenoy
TSA 80715 - 75334 Paris, Cedex 07
Phone. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: http://www.cnil.fr/

 

We also wish to inform you about the contacts of other authorities in Europe that you can find and contact on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

When the processing of your Data is based on your consent (e.g., subscription to the newsletter), You may withdraw your consent at any time without justification. This right can be exercised by changing your options regarding subscriptions to our newsletters by clicking on the hyperlink provided for this purpose in each email We send You.

5. How is your Personal Data secured?

Parfums Christian Dior uses technical and organizational measures that comply with French and EU legal and regulatory requirements, to keep your Data secure and confidential. Under written agreements, Parfums Christian Dior requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under personal data protection laws. However, Parfums Christian Dior does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.

6. Third party websites

There may be links to third-party websites (such as LVMH Group affiliates’ websites) that We do not control, and which are governed by their own confidentiality and personal data protection policies. This Privacy Statement does not apply to third-party websites. Please review the confidentiality and personal data protection policies of the third-party websites that You visit to understand how they process your Data. Parfums Christian Dior shall not be liable for any use of your Data by any third parties.