Last updated: 21 August 2019
Article 1 (Purposes of Processing Personal Information and Items of Personal Information to be Processed)
The Company collects the following items of personal information from customers.
[General Personal Information]
|Purposes of Processing Personal Information||Identifying and verifying of customer information;
registration and management of customer account of each customer;
offering an enhanced customer service.
|Items of Personal Information to be Processed||Name, title, email address country/region of residence, language
for communication, contact information (as selected and provided
by customers among e-mail address, phone number and address)
|Purposes of Processing Personal Information||Receiving feedback from customers; providing, helping you to
check out faster when purchasing from Burberry, receiving Burberry
updates. improving customer services
|Items of Personal Information to be Processed||E-mail address, phone number, address, gender, date of birth,
and payment information
Article 2 (Period of Processing and Retaining Personal Information)
The Company processes and retains personal information within statutorily prescribed periods of retention and use, or within such period that customers agreed to at the time of collecting his/her personal information.
- Registration of customer accounts: Until the customer deletes their customer account (however, in the event that an investigation or inspection is proceeding due to the violation of relevant acts and regulations, customer accounts may be preserved until the end of such investigation or inspection.)
- Provision of goods or services: Until the completion of supply of goods or services, and the payment or settlement of fee for such goods or services and as otherwise required to be retained by the Company for its proper record keeping purposes in accordance with applicable laws.
Article 3 (Providing Personal Information to Third Parties)
1. The Company processes personal information of customers within the scope set forth under Article 1 (Purposes of Processing Personal Information and Items of Personal Information to be Processed), and provides third parties with the personal information collected only when it falls under Article 17 of the PIPA: (i) where consent is obtained from the data subject, and (ii) where there are special provisions prescribed by acts.
2. The Company provides its affiliates, including other companies, joint ventures, franchises, and licensees within the Burberry Group worldwide (the “Affiliates”), with the personal information of customers collected during the period until the customer deletes his/her account, for purposes such as (i) providing services to offline customers visiting the Burberry stores worldwide, (ii) registering customer accounts for such providing of services, (iii) retaining transaction records as statutorily prescribed or as otherwise required to be retained for proper record keeping purposes, (iv) developing and enhancing products and services by analyzing purchase pattern of customers and understanding preferences of key customers, (v) provision of customized services by informing customers of products, services and events , and (vi) developing products and services by analyzing offline customers visiting the Burberry stores and customers participating in events (including the internal group reporting thereof).
The Company provides the personal information of customers to the following Affiliates. These Affiliates retain and use the personal information of customers until the aforementioned purposes are attained.
|Burberry (Austria) GmbH||Austria|
|Burberry (Deutschland) GmbH||Germany|
|Burberry (Malaysia) Sdn. Bhd.||Malaysia|
|Burberry (Shanghai) Trading Co., Ltd||Mainland China|
|Burberry (Singapore) Distribution Co. PTE Ltd||Singapore|
|Burberry (Spain) Retail SL||Spain|
|Burberry (Suisse) S.A.||Switzerland|
|Burberry (Taiwan) Co Ltd||Taiwan Area|
|Burberry (Thailand) Limited||Thailand|
|Burberry (UK) Limited||United Kingdom|
|Burberry Antwerp N.V.||Belgium|
|Burberry Asia Limited||Hong Kong S.A.R|
|Burberry Brasil Comércio de Artigos de Vestuário e Acessórios Ltda||Brazil|
|Burberry Canada Inc||Canada|
|Burberry Czech Rep s.r.o||Czech Republic|
|Burberry Distribution Limited||United Kingdom|
|Burberry France SASU||France|
|Burberry Group plc||United Kingdom|
|Burberry Hungary kft||Hungary|
|Burberry India Pvt Limited||India|
|Burberry Ireland Limited||Ireland|
|Burberry Italy Retail Limited||United Kingdom|
|Burberry Italy SRL||Italy|
|Burberry Japan K.K||Kuwait|
|Burberry Latin America Limited||United Kingdom|
|Burberry Limited||United Kingdom|
|Burberry Limited||United States|
|Burberry London Limited||United Kingdom|
|Burberry Retail LLC||Russia|
|Burberry Macau Limited||Macau S.A.R|
|Burberry Middle East LLC||United Arab Emirates|
|Burberry Netherlands BV||Netherland|
|Burberry North America, Inc||United States|
|Burberry Pacific Pty Ltd||Australia|
|Burberry Qatar WLL CR||Qatar|
|Burberry Saudi Company Limited||Saudi Arabia|
|Burberrys Limited||United Kingdom|
|Horseferry Mexico S.A. de C.V.||Mexico|
|Horseferry Mexico Servicios Administrativos, S.A. de C.V.||Mexico|
|Sandringham Bahrain SPC||Bahrain|
|Burberry (Wholesale) Limited||United States|
|Burberry (Spain) Retail SL, Sucursal em Portugal||Portugal|
Article 4 (Delegation of the Processing of Personal Information)
1. The Company delegates the processing of personal information for efficient processing of personal information as follows:
|Delegatee||Contents of Delegated Services|
|Burberry Limited||Processing orders, customer service support,
management of customer accounts records,
marketing and promotion support, and data analysis support
|PMG Integrated Communications Co., Ltd.||Telemarketing and LMS/MMS services|
|ILYANG Logis Ltd.||Delivery of goods|
List of the Subcontracted Delegatees
|Amazon.com, Inc||Cloud services for data storage|
|EPAM Systems Ltd||Support services provider for Burberry e-commerce platform|
|BPA Corporate Facilitation Ltd||Access to customer service calls for quality assurance purposes|
|Capgemini UK plc||IT consulting services|
|Facebook, Inc||Data matching services regarding Facebook advertising|
|IBM (International Business Machines Corporation)||Order management services|
|Medallia, Inc||Provider of customer experience management and
enterprise feedback management software and services
|NewVoiceMedia Limited||Operation and management of customer service center tools|
|Omnico Group Ltd.||POS software maintenance and management services|
|SAP AG||Provider of global ERP solutions and hosted environment|
|Sprinklr Inc.||Recording services for customer inquiries via social media platform|
|Tableau International Company Tableau Software, Inc||Marketing analysis services|
|Verint (Frontline) Systems Inc.||CCTV software maintenance and management services|
2. When the Company enters into a delegation agreement, the Company implicitly sets forth in the agreement the matters related with liabilities regarding the prevention of personal information processing for purposes other than the purpose of performing the delegated services, technical and managerial measures to ensure security of personal information, restriction of subcontracting, management and supervision of the delegatee, and for compensation for damages pursuant to Article 25 of the PIPA, and supervises the safe processing of personal information by the delegatee.
Article 5 (Rights and Obligations of Customers and the Method of Exercising thereof)
1. Customers may exercise, at any time, his/her rights against the Company regarding the protection of personal information in the following paragraphs:
a) Request for access to personal information;
b) Request for correction in case of errors, etc.;
c) Request for deletion; and
d) Request for suspension of processing personal information
2. Rights under Article 1 may be exercised through Customer Service Team (email@example.com, 080-700-8800), and the Company will promptly implement measures after verifying the identity of the customer making the request or the legitimate agent of the requesting customer upon such request for exercise rights in the above. The Company may refuse such request in the event there is a justifiable reason prescribed by the act.
3. When customers request for correction or deletion of errors, etc. in their personal information, the Company will promptly action the requested correction or deletion in accordance with its established processes and procedures and in accordance with applicable laws.
4. Rights under Article 1 may be exercised through agents such as a legal representative or a delegated person of customers. In this case, customers must submit the power of attorney pursuant to Annex Form No. 11 of the Enforcement Rule of the PIPA.
5. Customers must not violate relevant statutes such as the PIPA, and must not infringe on personal information and private life of the customer him/herself or others processed by the Company.
Article 6 (Destruction of Personal Information)
1. The Company will promptly destroy personal information when the retention period of personal information has lapsed, when the purposes of processing such information have been achieved and hence the processing of such information becomes no longer necessary.
2. After the Company attains the purposes set forth in the above, personal information of customers will be segregated destroyed after certain storage period depending on the grounds for protection of information pursuant to the internal policy and other relevant acts and regulations (see the retention and use period). Personal information that has been segregated is not used for purposes other than retention unless provided by the act.
3. The Company will endeavor to delete personal information in the form of electronic file by the technical method that makes it irrecoverable. Any other personal information printed out in documents will be destroyed by incinerating them or shredding them.
Article 7 (Measure to Ensure the Security of Personal Information)
With respect to the processing of personal information of customers, the Company takes various technical and managerial actions including encryption of personal information, exerting efforts to protect the system from hacking or viruses, and controlling access rights to information for ensuring safety in order to prevent the loss, theft, leakage, alteration or damage of personal information.
Article 8 (Data Protection Officer)
1. The Company designates the following Data Protection Officer responsible for general affairs relating to personal information processing in order to handle customer complaints and damage remedy procedures regarding personal information processing.
- Data Protection Officer
Title: Representative Director
- Customer Service Team
2. Customers may raise any petition regarding personal information protection to the foregoing Data Protection Officer and Customer Service Team.
Article 9 (Request to Access Personal Information)
Customers may make requests to access personal information to the following team pursuant to Article 35 of the PIPA. The Company will exert its best effort to promptly process such request from customers.
- Customer Service Team
- Contact: firstname.lastname@example.org, 080-700-8800
Article 10 (Method to Remedy Infringement of Rights)
Customers may contact the following agencies for the damage remedy or consultation regarding infringement on personal information.
- Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency)
- Website: www.privacy.kisa.or.kr
- Phone number: (No area code) 118
- Address: (58324) Personal Information Infringement Report Center, 3rdFl., (Bitgaram-dong 301-2) 9, Jinheung-gil, Naju-si, Jeollanam-do
- Personal Information Dispute Mediation Committee
- Website: www.kopico.go.kr
- Phone number: (No area code) 1833-6972
- Address: (03171) 4thFl., Seoul Government Building, 209, Sejong-daero, Jongno-gu, Seoul
- Cyber Crime Investigation Division of the Supreme Public Prosecutors’ Office: 02-3480-3573 (www.spo.go.kr)
- Cyber Bureau of the National Policy Agency : 182 (https://cyberbureau.police.go.kr)