Privacy Statement

Privacy Statement

Last revised: 28 January 2021

Introduction

This Privacy Statement explains what personal data Rethink Retail and its subsidiaries (also referred to below as “we”) process about you, how we process it and for what purposes. It also gives information on the rights you have in relation to the processing of your personal data. This Privacy Statement gives an oversight of the main processing activities we do relating to your personal data in connection with Rethink Retail websites and all related services we may provide to you.

Processing activities regarding Rethink Retail’s employees, clients and service providers are covered by a separate policy or specific contracts. Clients and service providers’ contact details might however be concerned by this Privacy Statement to the extent they are registered on the Rethink Retail websites or for marketing purposes.

In the event of a conflict between the English and other language versions of this Privacy Statement, the English version shall prevail.

This Privacy Statement may be amended from time to time to take into account changes in applicable laws or in the way we handle your personal data. Certain areas of Rethink Retail websites (e.g., recruitment) may link to third parties’ privacy statements or policies.

Information about Rethink Retail

As used in this Privacy Statement, “Rethink Retail Network” means Rethink Retail member entities (100% owned by Rethink Retail directly or indirectly).

Role of Rethink Retail regarding processing of personal data

According to the General Data Protection Regulation (GDPR), Rethink Retail is a “data controller” when deciding how personal data are processed in connection with our websites or services, and Rethink Retail is a “data processor” when processing personal data on behalf of and according to the instructions of another company (e.g. a client).

You will find at the bottom of this Privacy Statement all the details for (i) the Data Protection Managers in each country where Rethink Retail SE has a subsidiary and (ii) the Group Data Protection Officer.

For the purposes of compliance with data privacy laws, Rethink Retail entities located outside the European Union are represented by Rethink Retail. If you are using Rethink Retail services through one of our clients, please address your privacy-related issues or questions directly to them.

Collection of personal data

We may collect or obtain your personal data if you are a job applicant, a website user, a business partner or a shareholder.

The type of personal data we obtain depend on how you interact with us and the services you use. Some personal data are collected (i) directly from you (e.g. data provided when you apply for a job, when you sign up for a newsletter or complete a contact form or survey) or (ii) indirectly from your use of Rethink Retail websites (e.g. data collected through cookies or other similar technologies) or (iii) when you provide consent through one of our partners (e.g. Rethink Retail may sponsor the partner and/or the partner offers “Rethink Retail content”) or (iv) from publicly available sources.

Regarding personal data we collect directly from you, such information may consist of, but is not limited to, your name, current job title, company address, email address, telephone number and other contact information. Where appropriate, you will be informed if certain data are required for a proper service or if their provision is optional (e.g. information identified with an asterisk in the registration form is mandatory).

We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health or sexual orientation) from you, and you are prohibited from posting or sending such data, except if such sensitive information are requested by local law.

Regarding personal data that we obtain indirectly through your use of our websites and services, such information may consist of, but is not limited to, standard Internet log information including your IP address, browser type and language, geolocation, access times and referring website addresses. To ensure that our websites are well managed and to facilitate improved navigation, we or our service provider(s) may also use cookies (small text files stored in a user’s browser) or web beacons (electronic images that allow the website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregated data.

Regarding publicly available sources, Rethink Retail websites may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Please note that any personal data or other information that you contribute to any Social Media Application can be read, collected and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse or misappropriation of any personal data or other information that you contribute to any Social Media Application.

Use of personal data

This section provides details on the legal basis we rely on to process your personal data and the purposes for which we process them.

In compliance with GDPR, we process your personal data:

  • because you have given your consent to the processing of your personal data for a determined purpose;
  • to perform a contract to which you are party or in order to take steps at your request prior to entering into a contract;
  • to comply with a legal obligation to which we are subject;
  • when the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (e.g. partners, service providers), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;

Depending on how you interact with us, we may process your personal data in connection with our services or for other business purposes to:

  • administer accounts or profiles related to you or your organisation, which may include registration, subscription, purchase, billing events, and/or payments;
  • answer your questions and requests;
  • enable you to access to certain restricted part of our websites;
  • enable you to download specific documentation (e.g. White Papers);
  • enable you to attend a hosted event or a webinar;
  • enable us to manage and secure our website or service;
  • compile aggregate statistics regarding the use of the websites;
  • for marketing or research purposes and development purposes for new content, services and/or products aiming at improving, testing, and enhancing features of current services;
  • send you offers and promotional materials or communications regarding our services that we feel may be of interest to you, provided that you have given us your express consent by any means;
  • provide you with personalized advertising;
  • manage the forums to which you may take part;
  • conduct satisfaction surveys and feedback on our services;
  • for recruitment purposes when you submit a resume or a job application online;
  • fulfill our contractual obligations towards you;
  • comply with your instructions or to fulfill other, specified purposes for which you have given your consent;
  • comply with the law and legal obligations;
  • respond to a request or order from a court, regulator, or authority;
  • exercise our rights and protect our own and others’ rights and/or property;

Disclosure of personal data

Rethink Retail is a global organization having separate entities in other parts of the world and whose internal processes and infrastructures are international in scope and nature and often cross borders. Accordingly, we may share your personal data with other Rethink Retail entities and transfer it to countries around the world where we have offices or where we conduct business, which include those located outside the European Union (EU).

On a case-by-case basis, we may also share your personal data with business partners (e.g. to provide or improve products/services or to host events), with service providers (e.g. to pass your requests to them or for data security and storage services), with social media providers (e.g. to share our content with you through them) and with other third parties where we believe that such disclosure is reasonably necessary to comply with an applicable law or regulation or if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

All of these disclosures may involve the transfer of personal data to countries with different data protection rules from those in effect in your area of residence.

When relying on such third parties located outside the EU, we implement appropriate means to safeguard these transfers in accordance with applicable data protection regulation and we make sure that they provide an adequate level of protection to the personal data they process on our behalf. When such third parties are located outside the European Union, we make sure that we enter into Standard Contractual Clauses as adopted and updated by the European Commission. In the near future, we plan to obtain Binding Corporate Rules (BCR).

Security of personal data

The security of your personal data is our priority. Taking into account the nature, scope, context, and purposes of each data processing, as well as the risks of varying likelihood and severity for your rights and freedoms, we implement all appropriate technical and organisational measures and policies to ensure the protection of your personal data and prevent any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Regarding Rethink Retail websites, we have in place reasonable commercial standards of technology and implement technical and organisational security measures to protect all information you may provide to us from unauthorized access, disclosure, alteration or destruction. If you registered to our websites, it is important you maintain the confidentiality of your identifiers in order to prevent illicit use of your account.

Rights on your personal data

There are some cases in which local data protection laws may give you rights regarding your personal data, especially if you are located or reside in certain countries (e.g. within the EU). In such cases, the below mentioned rights may be available to you.

In accordance with applicable data protection regulation (i.e. the GDPR), you can exercise your rights of access, rectification and erasure of your personal data, your right to restriction of processing related to your personal data, and your right to data portability. You may also, for legitimate reasons, object to the processing of your personal data. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You can exercise these rights at any time by sending a proof of identity to Rethink Retail’s relevant local Data Protection Manager and/or to the Data Protection Officer as listed below.

Nevertheless, insofar as the collection and processing of your personal data is strictly necessary for the provision of the service you requested, you acknowledge that you don’t have an absolute right of erasure or restriction of the processing and to oppose the processing of such personal data. There may be circumstances under which Rethink Retail could have grounds to refuse to grant your request to exercise your data protection rights.

When the processing of your personal data is based on the collection of your consent, you may withdraw this consent at any time, in particular by clicking on the unsubscription link contained in communications sent by Rethink Retail Network and generated in response to your registration on the Rethink Retail websites.

In accordance with applicable data protection regulation, if you have any concerns about our use of your personal data, you also have the right to lodge a complaint with a supervisory authority.

Retention of personal data

Your personal data are retained by us for the time strictly necessary to fulfill the pursued purposes as set forth herein, in accordance with the applicable data protection regulation or timelines recommended by supervisory authorities and/or to comply with our legal or contractual obligations.

The personal data used for marketing purposes may be retained for a maximum of 2 years from the closure of your account or from the last contact with you. This duration may be reduced in compliance with local regulation.

The personal data used for recruitment purposes may be retained for a maximum of 2 years from the last contact with you ; this duration can be reduced in compliance with local regulation ; if you want to have your personal dataerased, please let us know at the relevant email address (depending on your country) you can find at the end of this document.

Your information is deleted when the above retention period expires. Nevertheless, the personal data may be archived beyond the retention period for research purpose or for the sole purpose of allowing their provision to the judicial authorities. In addition, we are likely to retain your personal data (including your contributions on blogs and forums) anonymously, for the purpose of producing statistical studies.

Cookies and web beacons are retained for 13 months maximum. This duration is not automatically extended on new visits. Information collected via cookies and web beacons are retained for a maximum period of 25 months. This duration may be reduced in compliance with local regulation.

Changes to our Privacy Statement

We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page.

Children’s privacy protection

We understand the importance of protecting children’s privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16. Therefore, if you are under 16, please do not attempt to register for the Services or send any personal data about yourself to us.