Galeries Lafayette attaches great importance to protecting your personal data and respecting your privacy.
The purpose of this policy is to inform you of our practices regarding the collection, processing and sharing of data that you provide to us in store and/or via our websites.
Galeries Lafayette refers to Galeries Lafayette Management, whose registered office is located at 27 rue de Châteaudun – 75009 Paris, as well as all companies operating Galeries Lafayette shops and websites that are subsidiaries or affiliates of Galeries Lafayette Management (hereinafter “Galeries Lafayette”).
PREAMBLE
We consider your personal data to be confidential and take particular care to protect it.
Personal data includes any data that enables you to be identified directly or indirectly, in particular your name, gender, age, postal address, telephone number, e-mail address and IP address.
In accordance with legal and regulatory obligations, we collect, use, share and store this information under reinforced security conditions and for limited periods of time, proportionate to the purposes for which you have communicated it to us.
CONTENTS
1. Data collection
2. Nature of data and purposes of data processing
3. Transmission of personal data to third parties
3.1 Galeries Lafayette Group companies
3.2 Business partners
3.3 Financial partners
3.4 Service providers
3.5 State authorities
4. Transfer of personal data outside the European Union
5. Data retention period
6. Rights of the persons concerned
7. IT security
7.1 General principle
7.2 Transaction security
7.3 Managing security vulnerabilities
8. Changes to the privacy policy
9. Contact
10. Cookie management
10.1 What is a “cookie”?
10.2 Why does the Galeries Lafayette website use cookies?
10.3 How do I configure cookies?
1. DATA COLLECTION
You trust us to handle your data and we want to be transparent about how we collect it.
We collect the data you provide when you use our in-store and/or online services, in particular when you :
● Browse and visit our websites;
● Create a customer account;
● Subscribe to our services, subscriptions and/or programmes, in particular loyalty programmes;
● Subscribe to and/or participate in our online kitty service.
● Present your loyalty card;
● Apply for a Cofinoga credit card;
● Add products to your shopping basket;
● Place an order or request a return on our websites;
● Make a payment
● Subscribe to Galeries Lafayette newsletters or alerts;
● Contact our customer service department;
● Use WiFi in our stores;
● Ask or answer a question on the community chat;
● Take part in a game or competition;
● Fill in an information collection form, such as a questionnaire or survey.
Under no circumstances do we automatically collect visitors’ e-mail addresses unless they deliberately provide us with them. In the event that certain sections are aimed specifically at children under the age of 15 and offer them the possibility of sending us personal data (registration for a game or competition, for example), we ask them to obtain prior authorisation from their parents or legal guardian(s).
In addition, certain information requested on order forms is mandatory and is marked with an asterisk. Collecting this information is essential for us to process your request. Consequently, if you do not reply, we will not be able to process your request.
2. NATURE OF DATA AND PURPOSES OF DATA PROCESSING
The data controller is Galeries Lafayette Management, the parent company of the Department Stores branch, which acts on its own behalf and on behalf of its sales/service subsidiaries operating the Galeries Lafayette brands (Magasins Galeries Lafayette, Galeries Lafayette Haussmann, Galeries Lafayette la cagnotte, Restauration Galeries Lafayette, 1001 Listes, Galeries Lafayette Outlet) as well as for the Affiliated Companies operating Galeries Lafayette-branded shops and accepting the Galeries Lafayette loyalty programme.
The information collected about you enables us to manage and facilitate your purchases, to get to know you better so that we can send you targeted offers and thus improve and personalise our services.
We use your personal data for the purposes for which you provided it to us, which are based on one or more of the following legal grounds:
● The performance of the services we offer;
● Your consent;
● Our legitimate interests;
● A legal, regulatory, judicial or administrative obligation.
The table below sets out the data we are likely to collect, the ways in which we use it, as well as the intended purpose and legitimate interests.
| Personal Data | Purpose | Legal basis |
| Title / Surname / First name | – To provide the product or service to the eligible person by name (e.g. loyalty programme, personalised sales advisor, order, kitty service). – To improve our services and your customer experience. – To personalise our communications – to issue a named document: an invoice or a guarantee, etc. – To participate in a competition. – To carry out statistical analyses. | – To fulfil a contract – Legitimate interest, improving our services |
| Postal address | – To identify you. – To ship and deliver your orders. – To draw up a document with your name on it: an invoice or a guarantee… – To contact you and send you documents concerning you. – To manage your participation in a competition: send prizes. – Where applicable, verification of your address by the credit institution or by any competent administrative authority (tax exemption). – To invite you to an event. – Carry out statistical analyses. | – To fulfil a contract – Legitimate interest, improving our services – Legal obligation |
| Email address | – To identify you. – To contact you. – To keep you informed. – To invite you to events. – To send you sales documents. – To send you commercial offers if you have given your consent. – To carry out statistical analyses. | – To fulfil a contract – Legitimate interest, improving our services – Consent |
| Opt in (authorisation) via a box to tick on forms in store or on our sites or opt in on social networks | – To send you commercial solicitations. – To receive commercial solicitations from our partner brands. – To chat with you via instant messaging. | – Consent |
| Mobile and/or landline number | – To identify you. – To contact you and keep you informed. – To improve your customer experience. – To send you commercial offers | – To fulfil a contract – Legitimate interest, improve our services – Consent |
| Date of birth / Age | – Identify customers with the same name. – Determine if you are a minor or an adult for product or service delivery. – Improve your customer experience. – Carry out statistical analyses. | – Legitimate interest, improving our services – Legal obligation – To fulfil a legal obligation |
| Communicated preferences | – Get to know you better – Provide you with personalised offers and benefits | – To fulfil a contract – Legitimate interest, improving our services |
| Payment information/bank details | – Record your payments securely. – Refund you. – Facilitate the customer journey – Carry out analyses to combat fraud. – Carry out statistical analyses. | – To perform a contract – Legitimate interest, preventing and detecting fraudulent activity, abuse and security breaches |
| Purchasing data | – Award your loyalty points or vouchers – Manage your loyalty programme. – Make personalised product suggestions – Manage your orders. – Allow returns and associated refunds. – Issue invoices/proof of guarantees. – Carry out economic or statistical analyses of purchases. – Carry out analyses to combat fraud. | – To fulfil a contract – Legitimate interest, improving our services |
| Contact history | – Monitor customer relations and speed up processing times. – Improve our services and your customer experience – Carry out analyses to combat fraud. | – To fulfil a contract – Legitimate interest, improving our services |
| Customer/Loyalty Login | – Identify you. – Award you loyalty points or vouchers. – Loyalty programme management – Monitor customer relations and speed up processing time. | – To fulfil a contract – Legitimate interest, improving our services |
| Connection data | – Monitor the relationship. – Finalise an order. | – To fulfil a contract – Legitimate interest, improving our services |
| Password | – Enable and secure your connection. | – To perform a contract – Legitimate interest, preventing abuse and security breaches |
| Copy of ID/proof of address | – Verify identity. – Carry out analyses to combat fraud. | – Performing a contract – Legitimate interest, combating fraud – Legal obligation |
- TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Your personal data, collected within Galeries Lafayette shops and/or through our websites, may be transmitted to third parties within the limits set by the provisions in force and in accordance with this policy.
All companies other than Galeries Lafayette Management or the subsidiaries or affiliates operating Galeries Lafayette shops for which it acts (hereinafter referred to as “Third Parties”) are considered to be Third Parties.
These Third Parties are:
3.1 Galeries Lafayette Group companies
In order to get to know our customers better and to enable you to benefit from appropriate commercial offers, your personal data may be passed on to other entities in the Galeries Lafayette Group, such as the other Companies in the Galeries Lafayette Group, which includes in particular :
o 1001 Listes
o Louis Pion Royal Quartz
o BazarChic
o La Redoute
3.2 Business partners
Your personal data may be transmitted to our commercial partners and more particularly to the companies operating the brands of products and services offered for sale in the Galeries Lafayette shops and websites, in order to carry out processing in connection with a purchase or a service request (order tracking, warranty, after-sales service) and for the same purposes as those for which you have authorised us.
If you have expressly consented, our commercial partners may send you commercial information in the context of commercial operations, events or partnerships.
Our commercial partners are not authorised to use this data for any other purpose.
3.3 Financial partners
Your personal data may be passed on to our partners involved in payment transactions, in particular financial institutions and entities involved in the fight against fraud. In this way, the personal data collected on the site is processed by the partners to determine the associated level of risk.
Any order considered suspicious will be checked by the dedicated department, which may adjust the conditions under which it is carried out.
If a fraudulent order is detected, the data may be transmitted to the administrative or financial authorities as part of their investigative powers.
3.4 Service providers
Your personal data may be transmitted to external service providers who process it on our behalf and/or in accordance with our instructions. These service providers may be subcontractors or responsible for their own processing. The transmission of your data is strictly regulated in order to guarantee the security of your data.
In particular, these are third-party companies that provide services such as marketing, advertising, technology, IT, logistics, order management, transport and delivery, and customer services, in order to offer you all the guarantees you need to carry out your commercial transactions.
3.5 State authorities
In order to fulfil our legal, regulatory, judicial or administrative obligations, or respond to requests from
judicial and administrative authorities, we may be required to communicate your data to these authorities when legally obliged to do so.
4. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
Your personal data is processed and stored on servers located in the European Union. However, it is possible that this data may occasionally and on an exceptional basis be transferred to a subcontractor whose servers are located in country outside of the European Union.
In such a case, we will take all necessary measures to guarantee the security of your data and compliance with legal and regulatory obligations, in particular by signing specific agreements such as the standard contractual clauses adopted by the European Commission. In particular, we will ensure that your data is protected in the same way as though it were used within the European Union.
5. PERIOD FOR WHICH DATA IS RETAINED
Customers:
We keep data for the duration of our commercial relationship and for a maximum of 5 years after our last interaction.
Prospects:
We keep your data for a maximum of 3 years after our last interaction.
In addition to the retention period, your data will no longer be used to send you commercial solicitations by email or text message after a period of two years from your last interaction with us, i.e. either :
• Your last order on our website or purchase in one of our stores;
• Your last login to your customer account or loyalty scheme account;
• Your last communication with customer services;
6. RIGHTS OF THE PERSONS CONCERNED
You have the right to access, move, rectify and delete your data or limit its processing at any time.
In the case of commercial prospecting, you may exercise your right to object without having to prove a legitimate reason. If you have given us your consent to use your data, for example to send you newsletters, you may withdraw your consent at any time.
You can exercise these rights through the channels described below:
1- directly through your customer account:
When you are logged in to your customer account on our site, you can always check and update your information by accessing the services on the “MY ACCOUNT” > “MY PERSONAL DATA” > “MODIFY” page. The information recorded in your account is stored until it is deleted, unless your data is no longer required for the performance of our services.
2- directly in-store:
If you do not have a customer account on our site but you are a member of the Mes Galeries loyalty programme, you can ask our in-store staff to check and update your details in our customer file.
3- by email or letter:
You may exercise your right to access, portability, rectification and deletion of the data concerning you under the conditions provided for by the legal and regulatory provisions by sending a request by post to : GALERIES LAFAYETTE – Délégué à la protection des données, 27 rue de châteaudun – TSA 56 000 – 75009 PARIS or by e-mail at the following address: [email protected].
Please note that you may also object, on legitimate grounds, to your personal data being processed or stored in our files.
If, for any reason, you consider that our response is not satisfactory, you can submit a
complaint to the CNIL (Commission Nationale de l’Informatique et des Libertés), which is responsible for protecting personal data in France.
7. IT SECURITY
7.1 General principle
We implement all appropriate technical and organisational measures to ensure the security, integrity and confidentiality of your personal data and to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorised access to such data.
7.2 Security of transactions
We pay the utmost attention to security issues relating to online and in-store payments. Encryption is an essential means of ensuring a high level of security for transactions on our sites. We have adopted the SSL encryption process to protect all data relating to personal information and means of payment.
Your bank details are encrypted and transmitted to our bank in a totally secure environment. They are not stored under any circumstances.
What’s more, with the SIPS system (integrated site protection system), your bank card number is not sent unencrypted over the Internet, thanks to SSL encryption. So you can make your purchases in complete security.
7.3 Managing security vulnerabilities
We have defined a procedure for the prevention, management and remediation of security breaches and the notification of personal data breaches, in accordance with legal and regulatory provisions. This procedure enables us to effectively address vulnerabilities and potential breaches of personal data. We undertake to notify the CNIL of any personal data breach as soon as possible and, if possible, no later than 72 hours after becoming aware of it, if the breach in question is likely to pose a risk to your rights and freedoms.
We also undertake to notify you, as soon as possible, if the breach is likely to result in a high risk to your rights and freedoms. We will also inform you of the measures taken to remedy the data breach, including measures to mitigate its consequences.
8. CHANGES TO THE PRIVACY POLICY
We may amend this policy from time to time. Should these changes lead to a reduction in your rights, we will inform you directly by the means of contact that you have communicated to us.
9. CONTACT
If you have any questions, please contact our Customer Service department via email: [email protected].
In addition, the Galeries Lafayette Group has appointed a data protection delegate. This person can be contacted at the following address: GALERIES LAFAYETTE – Délégué à la protection des données, 27 rue de châteaudun – TSA 56 000 – 75009 PARIS and is responsible for dealing with the following matters:
– make a complaint
– question about this Privacy Policy and confidentiality
7
10. MANAGING COOKIES
10.1 What is a “cookie”?
A cookie is a file placed on your terminal (computer, mobile or tablet) when you visit a site or view an advertisement. Its purpose is to collect information relating to your browsing, in order to send you services and offers tailored to your terminal and your areas of interest.
Your choice concerning the storage of cookies is retained for 6 months. Cookies placed on the site have a maximum lifespan of thirteen months.
When you visit our website for the first time, cookies may be stored, subject to the choices you have made regarding cookies.
We inform you of the storage of these cookies via the information banner that is displayed when you first open the web page consulted. You are then informed that by clicking on the “I ACCEPT” button you are giving your consent for all cookies to be stored. If you click on the “I REFUSE” button, no cookies will be stored apart from those strictly necessary for the operation of the site (hereinafter defined as functional cookies).
Your choices are not final and may be modified at any time by adjusting your cookie storage settings. 10.2 Why does the Galeries Lafayette website use cookies?
Cookies record information relating to your interaction with the site, in particular your browsing habits and behaviour. This information may include your IP address, the pages you visit, the brands you are interested in, your purchases, etc.
In this context, subject to your agreement and/or the settings you have chosen, Galeries Lafayette collects and processes all or part of the following information as part of the operations detailed below:
> Functional cookies essential for browsing:
These cookies are files that are essential for the display and smooth operation of the site. In particular, they are used to authenticate you, to store data relating to customer accounts and to record shopping baskets. These cookies are deposited automatically and it is not possible to configure or refuse their deposit as, without them, the site could not be displayed and/or function correctly.
> Marketing cookies :
We may use partner companies to display advertising and targeted content based on your areas of interest and the products you like, which will be displayed on other sites as you browse the Internet (advertising banners).
These partners are:
● Google Ads: uses trackers to display personalised advertising based on your browsing behaviour and to measure the performance of advertising campaigns on Google tools.
● Bing:uses trackers to display personalised advertising and measure the performance of advertising campaigns
● Criteo: uses trackers to display personalised advertising based on your browsing habits and to measure the performance of advertising campaigns.
● Awin: uses tracers in order to display personalised advertising based on your browsing. ● RemailMe: uses cookies to display personalised advertising based on your browsing behaviour. ● Kwanko: uses cookies to display personalised advertising based on your browsing behaviour. ● Avent media: uses cookies to display personalised advertising and measure the performance of advertising campaigns.
● Radverstising: uses trackers to display personalised advertising and measure the performance of advertising campaigns.
● Adventure Conseil: uses trackers to display personalised advertising and measure the performance of advertising campaigns.
● Facebook: uses trackers to display personalised advertising and measure the performance of advertising campaigns on Facebook tools.
● Snapchat: uses trackers to display personalised advertising and measure the performance of advertising campaigns on Snapchat tools.
● Pinterest:uses trackers to display personalised advertising and measure the performance of advertising campaigns.
● Dataiads: uses trackers in order to offer Google shopping users an optimised browsing path. ● TikTok: uses tracking data to display personalised advertising and measure campaign performance.
> Analysis and performance cookies:
We may use the services of partner companies to analyse and measure audiences and visits to our websites, compile statistics and carry out checks, in particular with a view to optimising our services and/or improving customer knowledge.
These partners are:
● Google Analytics: uses trackers to measure performance.
● Content Square: uses trackers to measure audience performance.
> Personalization cookies:
We may use partner cookies to recommend products or services that you are likely to appreciate.
These partners are:
● AB Tasty: uses trackers to display personalised tests and measure the performance of personalisation campaigns.
● Target 2 Sell: uses trackers to display personalised product recommendations. ● TikTok: uses trackers to display personalised advertising and measure campaign performance.
10.3 How to configure cookies?
You have several options for setting your cookie preferences. However, any changes you make may affect your browsing experience and your conditions of access to certain services requiring the use of cookies: you will no longer be able to benefit from a certain number of functions which are nevertheless necessary for browsing certain areas of our site. This would be the case if you tried to access our content or services that require you to be identified. This would also be the case if we – and/or our partners – were unable to recognise, for technical compatibility purposes, the type of browser used by your terminal, its language and display settings or the country from which your terminal appears to be connected to the Internet.
You can configure cookies in the following ways:
– by directly configuring your browser (Internet Explorer, Chrome, Safari, Mozilla, etc.) to save or reject cookies;
– by clicking on “Customize my choices” on the cookies banner displayed on your first visit to our sites;
– by clicking on “Cookie management” at the bottom of the page on our websites.
