We take your privacy very seriously and we are committed to protecting it. We believe that you should easily know what personal data we collect, use and disclose, as well as to understand your rights in respect of your personal data.

Our privacy policy (“Privacy Policy”) explains our policies and practices regarding how we collect, use, and disclose the personal data that we collect through our Digital Platforms, our stores or during our events. 

We recommend that you read this Privacy Policy carefully as it provides important information about your personal data.

Our Privacy Policy is designed so that you can easily reach the section you are interested in.

You can print the complete text of our Privacy Policy on “Hermes.com” by hereNew window. You may also ask for a copy of our Privacy Policy in any of our stores.

Do not hesitate to contact us should you have any questions or remarks about our Privacy Policy (See section “How to contact us?” below). 

“Hermès”, "we" "us" and “our” refer to Hermès International to Hermès Canada, and to Hermès Sellier as the controllers of your personal data, except otherwise stated in this Privacy Policy.

• Hermès International is a French limited partnership with shares (“Société en commandite par actions”) with a capital of 53,840,400.12 euros, having its registered office at 24, rue du Faubourg Saint-Honoré, 75008 Paris, France, registered with the Paris Trade and Companies Registry under number 572 076 396 RCS Paris.
• Hermès Canada Inc., is a subsidiary of Hermès International and is a company incorporated in the province of Ontario, whose mailing address is 131 Bloor Street West, Suite 202, Toronto, Ontario, M5S 1R0.
• Hermès Sellier is a French simplified joint-stock company (“Société par actions simplifiée”) with a capital of 4,976,000 euros, having its registered office at 24 rue du Faubourg Saint-Honoré, 75008 Paris, France, registered with the Paris Trade and Companies Registry under number 696 520 410.

Hermès International and Hermès Canada and Hermès Sellier are companies of Hermès group. Hermès International is the parent company of Hermès group. For further details on Hermès group, please visit http://finance.hermes.comNew window or consult our Binding Corporate Rules (BCRs) on www.hermes.comNew window (list of Hermès Group companies in Appendix 3).

You can find our contact details in section “How to contact us?” below.

Personal data is information relating to an identified or identifiable natural person. For example, it may include an individual’s name, address and gender.

We may collect personal data either directly from you (for example when you purchase a product in a store) or indirectly (for example from your electronic devices that interact with our websites, electronic forms or mobile applications (“Digital Platforms”)).

3.1.     Information you provide directly to us

You may provide us with information:

• When you create an account online or in our stores;
• When you subscribe to our newsletter;
• When you use our Digital Platforms;
• When you purchase products or services on our Digital Platforms or in our stores;
• When you visit our stores;
• When you participate in one of our events;
• When you contact our customer service. 

Depending on what you provide us with, such information may include:

• Your identity (including your first name, last name, photo);
• Your contact details (including your postal address(es), email address(es), phone number(s));
• Your purchases and repairs (including purchase history, order details);
• Your preferences (including your size);
• Certain payment information (including billing information, payment type or method, charge or credit card number);
• Other information you may provide by filling out forms or by contacting us (including your feedback, or other communications with us which may include health data relating to possible adverse reactions to our cosmetic products). 

We will inform you when your information is required in order to process your request, to respond to your queries or to provide you with our products and services. If you do not provide this information, then it may delay or prevent us from processing your request, responding to your query or providing products or services to you. 

We hope to ensure that the personal data we possess are accurate at all times and therefore we encourage you to update your information in case any changes have occurred. We also may ask you to update your information from time to time.

We recommend that you only provide the data requested or necessary for your query, and do not include any sensitive information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health (other than as required to determine possible adverse reactions to our cosmetic products), sex life or sexual orientation. 

3.2.    Information indirectly collected

We may collect information when you use our Digital Platforms, such as your IP address or other browsing information (including browser, operating system, device model), through cookies or similar technologies placed on your device. Some cookies are required for the proper functioning of our Digital Platforms and other are used for analytics purposes which help us to provide you with more personalized and customized services and a better digital experience. For more information about cookies and to know how you can edit your preferences, please read our Cookie Policy available on each Digital Platform. 

We may also collect information about you from third parties, such as a spouse who contacts us on your behalf or from your friends who provide us with your information in order to invite you to events you may be interested in.

If you provide personal data to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in our Privacy Policy. For example, you should ensure the individual concerned is aware of the various matters detailed in our Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information. 

3.3.    Minimum age

We remind you that we do not collect, directly or indirectly, personal data from persons under the age of 18, without prejudice to any local law setting a different minimum age. We therefore ask you not to provide us with personal data of persons who do not meet this requirement. 

We collect and use your personal data based on one or many of the following legal basis: 

• we have obtained your prior consent (for example, when you subscribe to our newsletter). Please note that for this specific legal basis, you have the right to withdraw your consent at any time (see below “What rights do you have on your personal data?”);
• we are permitted to collect, use or disclose your personal data in accordance with applicable privacy law; and
• we have to process your personal data to comply with applicable laws and regulations.

Depending on the context, we may use your personal data in order to: 

• provide you with the products or services you requested;
• conduct checks to identify you and verify your identity;
• send you Promotional Communications - with your prior consent (see section “Promotional Communications”);
• provide you after-sale services and manage refunds;
• respond to your queries, suggestions and requests, including your data subjects’ rights exercises;
• manage complaints and litigation;
• manage the events you registered and/or participated in;
• to detect, prevent and fight against any fraudulent or illegal activity, including to protect your transactions from payment fraud, to act against counterfeiting and against the resale of our products in violation of our terms and conditions of sale and/or outside our distribution network
• protect you, employees and other individuals in our stores as well as our property;
• manage the stock of certain types of rare products to allow a fair allocation of the products we sell;
• monitor and improve our Digital Platforms;
• conduct statistical analysis, in particular to adapt our product offer (including the use of your nationality after anonymization);
• improve our products and services;
• respect our legal obligation, including providing information to regulatory bodies when legally required, in particular to comply with our legal obligations in terms of cosmetovigilance, prevention and the fight against fraud, money laundering and the financing of terrorism.

With your express prior consent (usually obtained by ticking a specific box in a form), you may receive information concerning offers, services, products or events sent by Hermès and/or by other Hermès group companies (“Promotional Communications”). In such a case, you also accept that your contact information is shared with other Hermès group companies for this purpose. Please visit http://finance.hermes.comNew window or https://www.hermes.com/ca/en/bcrNew window. You can also access the list of Hermès Group entities and their location in Appendix 3 of our BCRs available on www.hermes.comNew window and in our stores upon request.

We rely on your consent to process the personal data you provide to us for this purpose. Therefore, if you no longer wish to receive such information, you can withdraw your consent at any time (see below “What rights do you have on your personal data?”).

We may ask you to confirm or update your preferences regarding Promotional Communications if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

Your personal data are processed for the period necessary for the purposes for which they have been collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

In order to determine the most appropriate retention periods for your personal data, we have specifically considered the amount, nature and sensitivity of your personal data, the reasons for which we collected your personal data, the service you deserve and expect from us together with the applicable legal requirements. For example:

• With regard to our potential customers: your data is stored for three years from your last action and then deleted or archived to comply with legal retention obligations;
• With regard to our customers: your data is stored for the duration of our commercial relationship and for up to ten years after your last transaction and then deleted or archived to comply with legal retention obligations;
• With regard to the cookies used on Digital Platforms: they are stored for up to 13 months from the moment they were installed on your device.

We may disclose your personal data only to the parties indicated below and for the following reasons: 

• We disclose your personal data to Hermès employees (including employees of Hermès USA) that need to have access to your personal data and are authorized to process them in order to achieve the aforementioned purposes and who are committed to confidentiality.
• We may disclose your personal data to departments of the Hermès group companies (including Hermès USA) that are in charge of customer relationship, retail, e-commerce, communication, legal affairs, finance, internal audit, IT management and security for the purposes set out in our Privacy Policy and to provide you with a consistent level of service across all Hermès group companies. This may include providing you with the products and services that you have requested, improving the services provided and – with your consent – sending you Promotional Communications concerning offers, services, products or events (for such purpose, you may withdraw your consent at any time – see section “What rights do you have on your personal data?” below).

For the specific purpose of combating payment fraud, your personal data are communicated to Hermès Sellier in order to process your order and to fight against online payment methods fraud attempts. As part of our legitimate interest to fight against fraud with payment methods, Hermès Sellier, acting as the organization responsible for the custody and control of your financial information for the purpose of payment fraud prevention, can transmit your financial information to an external service provider with a fraud detection tool in order to authenticate a payment. Such service provider is committed to confidentiality.  

The Hermès group companies are located worldwide. As a result, personal data may be transferred outside the country where you are located. This includes transfers to the USA and to countries both within and outside of the European Union (“EU”).  Under the laws of those countries, in certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data without notice to you. 

Transfers are made on the basis of appropriate contractual clauses designed to safeguard your personal data. To obtain a copy of the relevant adequate safeguards, you can send us your request (see below “How to contact us?”). 
Please visit http://finance.hermes.comNew window for more details about companies of Hermès group.

• We may also disclose personal data to third-party providers acting on behalf of Hermès and approved by Hermès.
  All such processing is based on our prior instructions set out in a binding contract that is compliant with the requirements of applicable law. Such disclosures are made for different purposes including:
  • IT development and support;
  • Hosting and carrying out marketing and business studies and marketing campaigns;
  • Verifying your information, authenticating payments and processing orders and payments, to third parties that provide credit reporting, payment or order fulfilment services;
  • Delivery services
  • Data quality management services (standardization, deduplication of data to ensure relevant and consistent databases…)... 
    These providers are committed to confidentiality and are not permitted to use your personal data for any other purposes. We also require them to use appropriate security measures to protect your personal data. 

Part of those service providers are located outside of your country. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data, including outside of Canada are done lawfully. Where we transfer personal data outside of Canada, the transfers will be under an agreement which covers the requirements for the transfer of personal data outside Canada, such as appropriate safeguards for the protection of your personal data. 
For more information about our use of non-Canadian service providers, you can send us your request using the details in Section “How to contact us?” below.

• We may be required by the binding requirements of an applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.
• We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings). For example, we may disclose such personal data as necessary to identify, contact or bring legal action against a person or entity who may be violating our Terms and Conditions of Sale and Use, or who may be causing injury to, or interfering with, other users of our Digital Platforms.
• In the event that Hermès or Hermès group companies, or all or part of its or their assets, are acquired by a third party, your personal data may be included in the transferred assets.  In accordance with applicable law, we may disclose your personal data to the other party of a prospective business transaction, provided such party complies with the terms of this Privacy Policy, is bound by duties of confidentiality and agrees to return or delete your personal data if the transaction is not completed or notify you if the transaction is completed.

All your personal data is strictly confidential and will only be accessible, on a need-to-know basis, to duly authorized personnel of Hermès and other entities of the Hermès Group and third-party providers acting on our behalf with appropriate physical, technical and organizational security safeguards.

The Hermès group has implemented security measures to protect your personal data against unauthorized access, use and disclosure. We follow appropriate security procedures in the storage and disclosure of your personal data so as to prevent unauthorized access by third parties and to prevent your data being accidentally lost or deleted. We limit those who access your personal data to those who have a genuine business need to access it.  Those who do access your data are subject to a duty of confidentiality towards Hermès.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

We require those parties to whom we transfer your personal data to comply with the above security measures. However, unfortunately, the transmission of information via the internet is not completely secure. So, we cannot ensure the security of your personal data transmitted by you to us via the internet. Any such transmission is at your own risk and you acknowledge and agree that we shall not be responsible for any unauthorized use, distribution, damage or destruction of your personal data, except to the extent we are required to accept such responsibility under applicable law. Once we have received your personal data, we will use the security measures described above to safeguard such information.

The security of your personal data is important to us, so please contact us immediately should you become aware of any incident involving the loss or unauthorized access to or disclosure of your personal data that is in our custody or control.  You agree, at your own risk, to keep the username and password for your Digital Platform customer account confidential and never to disclose them to third parties. In case of loss, theft or unauthorized use of your username or password, you agree to immediately notify us using the contact information set out below.

In accordance with the applicable data protection laws, you can, at any time, request access, rectification, erasure and portability of your personal data or restrict and object to the processing of your personal data. A summary of these rights is provided below:

Your right of access: the right to be provided with a copy of your personal data. In certain limited and specific situations, we may not be able to provide access to all of your personal data (for example, information that contains references to other individuals or information that cannot be disclosed for legal, security, or commercial proprietary reasons).  In those circumstances, we will provide you with the reason for denying such access, subject to any legal or regulatory restrictions.

Your right to rectification: the right to require us to correct any mistakes in your data or to complete your information. Depending upon the nature of the information challenged, amendment may involve the correction, deletion, or addition of information.

Your right to be forgotten: the right to require us to delete your personal data — in certain situations.

Your right to restriction of processing: the right to require us to restrict processing of your personal data — in certain circumstances, for example if you contest the accuracy of the data.

Your right to data portability: the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations.

Your right to object to processing: the right to object:

• at any time to your personal data being processed for direct marketing;
• in certain other situations to our continued processing of your personal information, eg processing carried out for the purpose of our legitimate interests.

When the processing of your personal data is based on your consent, you may at any time decide to withdraw it. If your consent is withdrawn, it won’t affect the processing of your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. 

If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic promotional message we send to you or by contacting us as set out below. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request within ten business days of receipt, however, we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

You also have the right to lodge a complaint with your local privacy commissioner in case of alleged infringement of the data protection rules applicable to you. 

To exercise any of those rights, please contact us using the contact information below (see “How to contact us”).

Please note that upon exercising any of the rights listed above, you will be requested to let us know what right you want to exercise and provide information (copy of an identity card, passport or other legally recognized identity) for identification purposes in order to process your request and protect you against fraudulent requests from third parties.  Such proof of identification will only be used for this purpose.

We have appointed a qualified member of our team as our Privacy Officer, who is accountable for Hermès’ privacy policies and practices and to whom complaints or inquiries can be forwarded.  For issues relating to your account, to withdraw your consent, to exercise your rights as described in the “What rights do you have with respect to your personal data?” section above, to ask general questions or to lodge a complaint, please contact our Privacy Officer as set out below: 

• By email: privacyoffice@ca.hermes.com
• By phone: 416 968 7411
• By mail: Hermès Canada Inc. Privacy Officer, c/o 131 Bloor Street West #202, Toronto, Ontario, M5S 1R0

In issues specifically related to Promotional Communications, we remind you that you can, at any time, directly unsubscribe through the “unsubscribe” link in any electronic promotional messages we send to you.  

If you have any questions or concerns about our Privacy Policy or data processing, you may also contact the Privacy Officer for Hermès Canada as set out above, or our group Data Protection Officer at: privacy@hermes.com.

Our Privacy Policy reflects our current practices and is subject to change and update from time to time. When we post changes to our Privacy Policy we will modify the "Effective Date" at the top of this document to indicate when such changes have come into effect. 

If we change our Privacy Policy in a material way, we will inform you through a notice advising of such change at the beginning of this Privacy Policy and on the “Hermes.com” website homepage.  

By continuing to use our Digital Platforms and/or providing us with your personal data, you will be consenting to the terms and conditions of our revised Privacy Policy.