PRIVACY POLICY AND USE OF COOKIES

We are committed to respecting the privacy of our customers and prospects. This privacy policy (the "Policy") explains how we collect and process your personal data. This Policy also informs you of the categories of personal data we collect, how we use it and the rights you have to control how we use it. As our business is constantly evolving, our Policy may be modified accordingly. We invite you to check regularly for any changes. Any changes to this Policy will be posted on our sites and the date at the bottom of the Policy will be updated to reflect the date of the last revision.

1. DÉFINITIONS

In this Policy, capitalized terms have the following meanings:

● "Data" means your personal data within the meaning of the GDPR. Personal data is information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more elements that are specific to that person.
● "Controller" means the entity that determines the purposes and means of a processing within the meaning of the GDPR.
● "GDPR" refers to the General Data Protection Regulation (Regulation (EU) 2016/679 of April 27, 2016).
● "Subprocessor" means the entity that processes Data on behalf of the Data Controller within the meaning of the GDPR.

2. WHO IS THE DATA CONTROLLER?

The terms "Data Controller", "we", "us" or "our" used in this Policy refer to FAST RETAILING FRANCE, a simplified joint stock company, registered with the Paris Trade and Companies Register under number 482065786, represented by Mr. Yoshihiro KUNII, in his capacity as Managing Director and whose registered office is located at 151, Rue Saint-Honoré- 75001 Paris.
FAST RETAILING FRANCE is part of the FAST RETAILING CO.LTD (the “Group”).
FAST RETAILING FRANCE manages the stores, websites and applications for the Comptoir des Cotonniers and Princesse Tam Tam brands and acts as the Data Controller.

3. HOW TO CONTACT THE DATA PROTECTION OFFICER?

Our Data Protection Officer (hereinafter the "DPO") ensures that your Data is processed in compliance with the law. You can contact him by :

● E-mail dpo_eu@fastretailing.com
● post to FAST RETAILING FRANCE, Délégué à la protection des données, 151, Rue Saint-Honoré- 75001 Paris.

4. WHEN DO WE COLLECT YOUR DATA?

We may collect your Data from the following sources:

● Our websites and mobile applications: the online websites and mobile applications we operate under our own domain names/URLs and the mini-sites/pages/accounts we have created on third-party social networks such as Facebook.
● Calls, e-mails, SMS and other electronic messages exchanged directly with you. For example, communications between you and our customer service department may be analyzed in order to provide you with the best possible experience.
● Our offline collection forms: printed collection forms and other types of forms through which we collect your Data by mail, during in-store events or as part of other events.
● Your interactions with our advertisements: interactions with our brands' banner ads (for example, if you interact with one of our banner ads on a third-party site, we may receive information about that interaction).
● Profiles we create about you: in the course of our interactions with you, we may create Data associated with your person (for example, tracking your online purchases on one of our websites).
● Data we collect via third parties: we may collect certain Data via social networks (e.g. Facebook), advertising networks (e.g. Google), messaging applications (e.g. WhatsApp), market research (when responses are not anonymized), or when we acquire a company.

5. WHAT DATA DO WE COLLECT AND HOW?

Depending on how you interact and communicate with us (online, offline, by telephone, etc.), we may collect the following Data:

● Identification data: this includes any data we process to identify you. For example, your name, customer number, etc.
● Contact information: this includes any information you give us so that we can contact you. For example, your email address, telephone number, billing or delivery address, etc.
● Information about your tastes and preferences: this includes, for example, your date of birth, your age, your opinions, your favorite products, the fact that you are a member of our loyalty program, etc.
● Financial data: this includes your purchase history, means of payment, etc.
● Technical data: this includes information relating to your digital activities (e.g. IP address, browsing activity, geolocation, account log-in data, etc.) and technical information relating to your computer/mobile device, etc.

In the case of data collected directly from you, we mark all mandatory information on our forms with an asterisk. As part of our day-to-day business activities, we do not collect or process any Sensitive Data within the meaning of the GDPR (for example, Health Data) or Data of minors.

6. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA, ON WHAT LEGAL BASIS AND FOR HOW LONG DO WE KEEP IT ?

The Data Controller carries out various processing operations on your Data.
You will find below a list of the purposes for which the data is processed and for each of them:

● A clear description of the operations we carry out.
● The legal basis on which they are based.
● The categories of Data processed for each purpose.
● The categories of recipients who may have access to your Data.
● The duration of data retention for each of these purposes.

6.1. Creation and management of customer account


Description We process the Data referred to below in order to (i) register you in our customer files, (ii) identify you and give you access to your customer account and (iii) enable you to access the functionalities (e.g. consultation of purchase history), products and services which are available to you.
We inform you that the Data we collect about you, which have been collected through the various channels referred to in section 3 of this Policy, may be linked to your account so that all the information can be consulted at the same time.
Legal basis We process your Data on the basis of your consent.
We rely on our legitimate interest to link your Data collected through the various channels referred to in section 3 of this Policy to your customer account.
Processed data ● Identification data
● Contact information
● Financial data
● Technical data
Recipients Your Data may be transmitted to (i) IT service providers and (ii) public and administrative authorities at their request.
We only provide access to Data that is strictly necessary for these Recipients.
Retention Period Data is kept for 3 years after the last contact with us, for example: the last purchase, the last connection or the opening of a link contained in a newsletter.


6.2. Management of your online purchases and delivery of products


Description We process the Data referred to below in order to (i) receive your order and prepare it, (ii) manage the payment of your order and associated billing and (iii) deliver it.
Legal basis We process your Data on the legal basis of the performance of the contract concluded with you (General Sales Conditions (GSC)).
Processed data ● Identification data
● Contact information
● Financial data
● Technical data
Recipients Your Data may be transmitted to :


● Logistics providers (carriers, warehouses, relay points)
● Banks and payment service providers
● Public and administrative authorities at their request

We only provide access to Data that is strictly necessary for these Recipients.
Retention Period Data (other than your credit card details) is kept for 5 years from the date of your last purchase for the purpose of defending our legal rights. Credit card details are kept for 13 months by our payment service provider.


6.3. Facilitate ulterior payments



Description We process the Data referred to below in order to facilitate your ulterior payments on our websites and mobile applications by storing your financial data.
Legal basis We process your Data on the legal basis of (i) your consent if you are not a member of our loyalty program and (ii) our legitimate interest if you are.
Processed data ● Identification data
● Contact information
● Financial data (credit card number, CCV, expiry date)
● Technical data
Recipients Your Data may be transmitted to our payment service provider and to public and administrative authorities upon their request. We only provide these recipients with access to Data that is strictly necessary.
Retention Period Your Data is kept until your consent is withdrawn, until you object if you are a member of the loyalty program, or until the expiry date of the credit card.


6.4. Management of your in-store purchases


Description We process the Data referred to below in order to (i) manage the payment transaction for the products you have purchased in the store, (ii) manage your claims and refunds in a secure and efficient manner and (iii) be able to inform you of the details and progress of these procedures.
Legal basis We process your Data on the legal basis of the execution of the contract concluded with you.
Processed data ● Identification data
● Financial data
Recipients Your Data may be transmitted to (i) banks and payment service providers and (ii) public and administrative authorities at their request. We only provide these recipients with access to the Data that is strictly necessary.
Retention Period Data (other than your credit card details) is kept for 5 years from the date of your last purchase for the purpose of defending our legal rights.
Credit card details are kept for 13 months by our payment service provider.


6.5. Loyalty program management


Description We process the Data referred to below in order to (i) offer you our loyalty program, (ii) keep your membership active and up to date, (iii) allow you to benefit from all the advantages and rewards granted and (iv) be able to send you invitations for upcoming events.
Legal basis We process your Data on the legal basis of the performance of the contract concluded with you (Loyalty Program).
Processed data ● Identification data
● Contact information
● Information about your tastes and preferences
● Financial data
Recipients Your Data may be transmitted to (i) our service providers specialized in sending commercial communications, (ii) our service providers specialized in events. We only give these recipients access to the Data that is strictly necessary.
Retention Period We will retain and continue to process your Data for as long as is necessary for the performance of your membership of our loyalty program. You may cancel your loyalty program membership at any time. The Data is collected and kept for the duration of your customer account in store or on the web and deleted after 3 years without any activity or interaction with our brand.


6.6. Marketing operations management

Description We process the Data referred to below to enable you to benefit from our promotions and special offers. Our commercial prospecting operations may be carried out by (i) e-mail, (ii) SMS and electronic messaging on cell phones, (iii) post and (iv) telephone calls.
Legal basis The legal basis for this processing is your consent for emails and SMS and mobile electronic messages. The legal basis for this processing is our legitimate interest in postal mail and telephone calls, or when we offer you by email and SMS goods and services similar to those already purchased/subscribed from the Data Controller in accordance with Article L34-5 of the French Post and Electronic Communications Code.
Processed data ● Identification data
● Contact information
● Information about your tastes and preferences
● Financial data
Recipients Your Data may be processed by our service providers specialized in sending commercial prospecting and analyzing customer profiles.
Retention Period Data is kept for 3 years after the last contact with us, for example: the last purchase, the last connection or the opening of a link contained in a newsletter.


6.7. Customer service management

Description We process the Data referred to below in order to (i) answer your questions and manage your complaints, (ii) provide after-sales service.
This purpose requires us to be able to contact you, if necessary, by any appropriate communication channel.
Legal basis We process your Data on the legal basis of the performance of the contract concluded with you.
Processed data ● Identification data
● Contact information
● Financial data (mainly your purchasing history)
Recipients Depending on your question and/or complaint, our various internal departments may need to process your Data in order to provide you with the best possible response and/or support.
Your Data may also be processed by our service providers specialized in customer service management.
Retention Period We keep your Data for 3 years after the closing of your request. We keep the recording of your call for 2 months if you accept it when you contact customer service by phone.


6.8. Management of reviews on our products and services

Description We process your Data in order to collect your opinions concerning our products and services. This feedback may be collected through the various channels referred to in section 4 of this Policy. We may ask you to provide us with a pseudonym or your email address in order to contact you for further details.
Legal basis We process your Data on the legal basis of our legitimate interest in order to improve our services and products.
Processed data ● Identification data
● Contact information
● Information about your tastes and preferences (your opinions)
Recipients Depending on the purpose of our questionnaire, various internal departments may have access to your Data (customer service, sales department, etc.).
Retention Period Your reviews are kept for 12 months from the date of collection.


6.9. Events and competitions management

Description We process your Data in order to organize contests, events and promotional operations in which you can participate.
Legal basis We process your Data on the legal basis of your consent.
However, some competitions may have a prize to be won and will have Special Conditions applied. In these cases, we process your Data on the legal basis of the performance of the contract (Terms and Conditions relating to the competition).
Processed data ● Identification data
● Contact information
Recipients Your Data may be processed by our internal departments such as sales or customer service.
Retention Period Your Data will be kept for the duration of the offer or competition. This will depend on the offer or contest. Please refer to the associated Terms and Conditions.


6.10. Safety management

Description We use several security technologies to protect our website. To ensure secure access to our sites and applications, we use certain technical information from your Internet browser.
Legal basis We use our legitimate interest to protect our sites and applications from attacks.
Processed data ● Identification data
● Contact information
● Financial data
● Technical data
Recipients Your Data may be transmitted to our specialized IT security service providers. We only give these recipients access to the Data that is strictly necessary. We use service providers located in Europe and the United States in addition to our internal teams when it is necessary to investigate.
Retention Period Your Data is kept for 12 months from the discovery of a security incident.


6.11. Anti-fraud management

Description Your Data is processed to enable us to (i) detect attempted fraud, (ii) secure transactions (3D Secure) and (iii) investigate proven fraud.
Legal basis We use our legitimate interest in protecting ourselves against purchase/payment fraud to handle this information.
Processed data ● Identification data
● Contact information
● Financial data
● Technical data
Recipients Your Data may be processed by our partners specialized in fraud management located in Europe and the United States in addition to our security teams.
Retention Period Your Data is kept for 12 months from the discovery of an attempt at fraud.


6.12. Management of our compliance

Description In order to comply with applicable legislation, we are obliged to process your Data. These obligations may vary from country to country and are stipulated, for example, in legislation relating to taxation, accounting, bookkeeping, penalties and consumer affairs.
Legal basis We process your Data on the basis of applicable legal obligations.
Processed data ● Identification data
● Contact information
● Financial data
● Technical data
Recipients Your Data may be processed by our law firms, bailiffs and the competent administrative and judicial authorities.
Retention Period Your Data is stored according to the purpose, context and specific local legal requirements. The Data will be retained for the duration imposed by the relevant legal obligation or until the end of the limitation period of the legal action.


6.13. Customisation

Description We use several technologies (including the cookies presented below) to offer you personalized content. We process your Data to (i) analyze your preferences, (ii) anticipate your desires based on our analysis of your profile, (iii) improve and personalize your customer experience and (iv) provide you with targeted advertising and content.
Legal basis We use your consent and the use of cookies. For more information, please see the "Cookies" section below.
Processed data ● Identification data
● Information about your tastes and preferences
● Financial data
● Technical data
Recipients Your Data may be processed by our media agencies and our service providers and partners specializing in online advertising (Meta, Google, etc.) and profile analysis.
Retention Period Your Data is kept for a maximum of 13 months.


7. WILL YOUR DATA BE SHARED WITH THIRD PARTIES?

Customer information is important to us and privacy is a primary concern, so we refuse to share your Data with third parties, except for the limited reasons specified below.

We may share your Data with various categories of third parties:

● Data Sharing within the Group: Where we share Data with our parent company or other entities within our Group, they have adopted privacy policies and practices that provide a level of protection at least equivalent to that described in this Policy. Such sharing is mainly carried out for the purposes of creating anonymized statistics or to meet applicable legal and accounting obligations.
● Service providers: these are external companies that we use to help us carry out our activities. The categories of service providers who may have access to your Data are listed, for each of the purposes pursued by the Data Controller, in section 6 of the Policy. These service providers, and certain members of their staff, are authorized to process only the Data required for the specific tasks for which they have been contracted, in accordance with our instructions, and are required to ensure the security and confidentiality of your Data.
● Third-party companies using your Data for their own marketing purposes: we may share with Meta, Google and other partners certain Data concerning your interactions with our websites and mobile applications. This type of sharing enables us to measure the effectiveness of our advertising campaigns and to improve our practices.
● Third party recipients using Data for legal reasons or due to a merger/acquisition: we will disclose your Data to third parties where required by law or in connection with an acquisition or merger. In the event that we sell or transfer all or part of our business or assets to another company within or outside the Group, or in the event that any other business transaction is implemented as a result of corporate restructurings, we may disclose your Data to the acquirer of such business or assets. In this case, we believe that we have a legitimate interest in the reorganization of our corporate structure.

8. WILL YOUR DATA BE TRANSFERRED OUTSIDE THE EUROPEAN ECONOMIC AREA?

For the purposes defined above, your Data may be transferred to companies located in countries outside the European Union. In such cases, and prior to any transfer, we ensure that we comply with the guarantees required to ensure the security of such transfers.
This Data may also be processed by third parties working on our behalf, such as our service providers, who may be located outside the EEA.
These third parties may be involved in fulfilling your order, processing your payment details and providing support services.
We undertake to make every effort to ensure that these third parties adopt the required organizational, technical and security measures and we require them to sign contracts based on the European Commission's model clauses, in accordance with Article 46.2 of the GDPR.

9. WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?

9.1. Your rightss

In accordance with the applicable legislation, you are entitled to :
● Right of access: you can obtain communication of all the Data concerning you that we process.
● Right of rectification: you may obtain rectification of inaccurate Data that we process concerning you.
● Right of deletion: you may obtain the deletion of the Data we process concerning you. However, some of your Data will be retained in order to meet our legal obligations or to defend our legal rights.
● Right to object: you may object to the processing of your Data based on our legitimate interests. However, you must justify "reasons relating to your particular situation" in order to exercise this right, except in the case of commercial prospecting.
● Right to portability: you may receive Data concerning you in a structured, commonly used and machine-readable format, and transmit this Data to another data controller without us being able to object, where the processing is based on your consent or on a contract and is carried out using automated processes. You also have the right to have your Data transmitted directly to another data controller, where this is technically possible.
● The right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you (unless such decision is necessary for the conclusion or performance of a contract between us and you or is based on your explicit consent).
● The right to lodge a complaint with a supervisory authority if you consider that our practices relating to your Data do not comply with the applicable regulations.
● Right to formulate post-mortem directives: you may formulate specific and general post-mortem directives concerning the retention, deletion and communication of your Data. In the absence of such instructions, your heirs may contact us in order to (i) gain access to the processing of your Data for the purpose of "organizing and settling the estate of the deceased" and/or (ii) have your customer account closed and/or object to the continued processing of your Data.
● Right to limitation: you have the right to ask an organization to temporarily freeze the use of some of your Data, in particular while your request to exercise another right is being examined.

9.2. Exercising your rights

We may ask you to provide additional information necessary to confirm your identity in order to exercise your rights.
You can exercise your rights by email to service.client@comptoirdescotonniers.com and in case of difficulties to dpo_eu@fastretailing.com or by writing to FAST RETAILING FRANCE, Délégué à la protection des données personnelles,151, Rue Saint-Honoré- 75001 Paris.
A reply will be sent to you within 1 month of receipt of the request.
To exercise your rights, you must prove your identity by any means. In case of reasonable doubt, you may be asked to show proof of identity. Through your online account, you can :

● Modify or access your Data ;
● Withdraw your consent or object to receiving commercial prospecting at
● Request deletion of your account.

10. DO WE USE COOKIES OR SIMILAR TECHNOLOGIES?

10.1. What is a cookie?

A cookie is a small text file that asks permission to be placed on your computer's hard drive by the websites you visit. They are widely used to make websites function more efficiently. Some of these cookies are necessary for the site to function properly. Others are used to identify you and, depending on your browsing habits, to help our teams improve the site.

A cookie cannot give access to information about you that you do not wish to share. A cookie has a limited lifespan and is deleted by your browser once it has expired. Only the company depositing the cookie is likely to read or modify the information contained in it.

10.2. Purpose and type of cookies

Different cookies are used for different purposes. The most common cookies are :


● Technical use cookies, which respond to an action on your part on the website, necessary to use a particular service or access a particular content. Your consent is not required for so-called "essential" cookies, i.e. when they are necessary for the proper functioning of the digital environment (technical use cookies).
● Identification and personalization cookies, which enable us to get to know you better and identify you when you return to our sites.
● Analysis and performance cookies, which enable us to measure the number of visitors and pages visited.
● Advertising or targeting cookies, which record data that can be used to control the display of advertisements to specific users.

10.3. Cookie-related responsibilities

● First-party cookies: we are responsible for the cookies we use on our sites.

● Cookies issued by third-party companies (third-party cookies): The issue and use of cookies by third parties on our sites (e.g. Google) are subject to the privacy protection policies of these third parties. These cookies are not essential for site navigation. The site integrates the technologies of advertising partners which enable the recognition of your connection terminal and the data relating to your navigation on your connection terminal in order to display advertisements adapted to your centers of interest according to your navigation.

10.4. Manage cookies

The cookies we install on your deviceenable us to recognize your browser when you connect to our sites and applications. You can use our cookie management tool, which can be accessed from the cookies banner that appears when you first log on to our site and which can also be accessed here : Cookie consent management link

You can refuse third-party cookies by making the appropriate settings in your browser. Any such settings may affect your Internet browsing experience and your access to certain services requiring the use of cookies.

You can configure your browser so that cookies are stored on your device or, conversely, so that they are rejected, either systematically or depending on the sender.

You can also configure your browser so that you are prompted to accept or reject cookies before a cookie is stored on your device.

If your browser is configured to reject all cookies, you will not take advantage of certain features of our sites and applications, such as receiving personalized recommendations. The configuration of each browser is different. It is described in your browser's help menu, which will tell you how to modify your cookie settings.

For more information on how to delete or control cookies, please visit www.AboutCookies.org.

11. HOW DO WE SECURE YOUR DATA?

While we take all necessary measures to protect your Data, it is impossible to guarantee the security of transmissions via the Internet. If you are using a devicein a public place, we recommend that, for your own safety, you always log out and close your browser window after finishing a session.

11.1. Password recommendations

We also recommend that you take the following security measures to improve your Internet security: ● Keep your passwords confidential. Remember that anyone who knows your password can access your account.

● When creating a password, use at least 8 characters, preferably a mixture of letters and numbers. Do not use your name, e-mail address, or other easily obtainable data. We also recommend that you change your password frequently. To do so, go to 'My Account', then click on 'Change name, e-mail or password'.

● Avoid using the same password for several Internet accounts.

11.2. Recommendations on the use of links to third-party sites

Some links on our sites and applications may take you to websites operated by third-party companies. We never share your Data with these third parties.
Links to third-party sites appearing on our sites and applications are provided for information purposes only. We do not control these sites or their privacy practices, which may differ from ours. We cannot be held responsible for the Data that third parties may collect, store and use via their websites. We invite you to always carefully read the privacy policy of any website you visit.

11.3. Email scam recommendations

We will never ask you to confirm your account or credit card details by email. If you receive an email purporting to be from us or another Fast Retailing Group company requesting such information, please ignore it and do not respond.

Our official websites are listed below. Any other site may represent a potential fraud.
https://www.comptoirdescotonniers.com/
https://www.comptoirdescotonniers.de/
https://www.comptoirdescotonniers.es/
https://www.comptoirdescotonniers.eu/
https://www.princessetamtam.com/
https://www.princessetamtam.com/en
https://www.princessetamtam.de/

12. DO WE USE PROFILING?

Profiling is the creation of an individualized profile based on an individual's data, with the aim of evaluating that person and predicting his or her behavior, such as preferences, lifestyle habits and so on.
This profiling is based on the analysis of different variables such as the type of products or services ordered and your profile.
Please refer to section 9 of the Policy for details of your rights regarding profiling.
We process your Data in order to create profiles in the following cases:

12.1. Fighting fraud

In order to guarantee you optimum quality of service and secure payments and deliveries, your Data may be processed to determine the level of fraud risk associated with our interactions. We have chosen ADYEN to carry out this Data analysis on a fully automated basis.

The Data concerned relates to the setting up of the contract (products, personal and bank details) and to the use of our sites and applications (pages visited and browsing), combined with certain anonymous data relating to the terminal used for browsing (such as screen resolution or operating system version) which can be used to identify your terminal reliably on successive visits and enable analysis of the risk of fraud.

Depending on the results of the control, we may decide to take security measures and, if the security of the order cannot be guaranteed, we may choose to cancel it.

12.2. Personalized advertising

After browsing our sites and applications, personalized advertising banners may be displayed when you visit other websites. We are committed to providing you with offers that are relevant to you. Thus, the advertising banners displayed will relate to products that have been consulted while browsing our sites and applications from your device. The aim of the service is to offer personalized advertising displaying products or services based on the recent behavior of Internet users on the sites and applications of its partners. To achieve this, our service providers use cookies to recognize web users.
If you have agreed to us contacting you for marketing purposes, we may send you emails and other communications about goods and services that may be of interest to you. To do this, we study our customers' online and in-store purchasing habits and browsing behavior. In this way, we can send personalized commercial communications or communications related to certain dates (newsletter registration, customer account creation, customer birthday, etc.).


**********************************

01/08/2024
Validated by the Data Protection Officer