EU general information notice (in force since 25/03/2024)

If you are reading this information notice (“Notice”), it is because you are visiting one of Our Pages, Mobile Applications, E-commerce and/or one of Our Shops, or because you attended one of Our Events.

This Notice will help you better understand how we handle your data, for what purposes and how you can control your information.

At the end of this document, you will find Definitions, referring to more detailed explanations of the capitalized terms.

Who we are

Who we are

We are Stella McCartney LTD with registered offices at 3 Olaf Street, London W11 4BE, United Kingdom, and Stella McCartney Italia SRL, with registered offices at Via Morimondo 2/3, 20143 Milano (Italia) and, for the purposes described in this Notice, we are the Main Joint Data Controllers of your Personal Data.

Stella McCartney LTD and Stella McCartney Italia SRL are collectively identified below as (“Stella McCartney” “SMC,” “we” or “us”).

When we collect your Personal Data during your purchasing process on our E-commerce (i.e. when you buy our Services online, or you are interested in a particular product and you place it in your shopping cart), we are Joint Data Controllers of your Online Shopping Data together with Drop Srl, which is the Merchant of Records for the online purchases processing activities on our E-commerce.

What data we collect and process

What data we collect and process

We may collect data from Our Pages, Mobile Applications, E-commerce, when you visit one of Our Shops, and/or when you attend one of Our Events. Data collected and the relative purposes of processing depend on how you interact with us and how you manage the settings of your Browser and the Device you are using.

You may find further details on the reasons why we process your Personal Data in the “Why we use your Data” section below.

Data you provide

You can provide us with Personal Data such as your name, phone/mobile number(s), date of birth, sex, e-mail address, postal address, payment and billing information, as well as your preferences (e.g., hobbies, job, interests, size or particular colours of your purchase history). It is the case, for example, when you use our Services, make purchases in Our Shops, participate in one of Our Events or when you ask us questions, make requests, interact with our support services or participate in our surveys. You can also choose to provide us with Information about your location if, for example, you want to search for one of Our Shops in a particular location (e.g., London, Milan, Paris, etc.) or when you order our products.

If you provide us with the data of third parties (e.g., postal addresses or payment data of third parties for a gift), you will be held responsible for having shared such information with us. You must be legally authorized to share it (i.e., authorized by the third party to share their information or for any other legitimate reason). You must fully indemnify us against any complaints, claims or demands for compensation of damages which may arise from the processing of third-party Personal Data in violation of applicable data protection law.

Data collected by the Browser and the Device

When you use Our Pages, we collect information on the Browser and the Device you are using. This information includes your IP Address, the date, time and the requested URL, Unique Identifiers and other information such as the type of your Browser or Device. Information related to your Browser or Device may include your operating system, language, network settings, telephone operator or internet provider, installed third-party applications and plug-in lists.

Some of this information is collected using Cookies, SDK and Other Tracking Technologies that are on your Browser or Device. This helps us, for instance, to avoid malfunctions during the provision of the Services, and allows us to provide you with Content that may be useful to you. You can find the complete list of Cookies and SDK we use here.

Data inferred by your activity

We collect information based on your online and offline interactions with our Services in order to improve them and to identify Content that may be useful to you. This happens, for example, when you are interested in a particular product and you place it in your shopping cart, when you click on an advertising link on Our Pages, or when you participate in Our Events. In such cases, we will attempt to provide you with relevant content.

In other cases, such as when you contact us by email, mail, telephone or otherwise regarding our products or request other information, we will collect and maintain a record of your contact details, communications and our responses. If you contact us by telephone, more information will be provided during the call.

Information about your location

We collect information about your location to allow you to view Our Shops near you, and to provide you with Content that may be useful to you. Your location can be determined by manually entering an address, city or zip code or by checking your IP Address.

Your location is determined - more or less accurately - depending on whether it is collected from the Browser or Device and on the privacy settings you have set on them. We make every possible effort to ensure that Information on your location is not used to infer your Sensitive Data.

You can limit our collection of your position by changing your Browser or Device settings, as set out in the “How to control your Data and manage your choices” section below.

Who can access your Personal Data stored in our CRM

Please note that your Personal Data stored in our CRM, subject to your prior consent as explained below, are worldwide accessible by SMC, acting as the Main Joint Data Controllers of your Personal Data, and by:

  • Drop S.r.l., which process your Online Shopping Data acting as Joint Data Controller, in accordance with your jurisdiction, for the online purchases processing activities;
  • our Affiliates operating Our Shops, acting as Data Processors of your Personal Data for marketing and profiling activities, which can access worldwide to your Online Shopping Data stored in our CRM.
Third parties we collect data from

Third parties we collect data from

Data collected by third parties

We may ask third-party business partners (e.g., social media, co-branding companies, etc.) to send or display our advertisements to their users on the basis of certain criteria/interests. These so-called micro-targeting and/or retargeting activities typically do not lead to the direct collection of Personal Data by SMC. Instead, they usually allow us to obtain Aggregated Information on the effectiveness of those advertisements or lead to the registration of new users or new followers. In accordance with European legislation, in carrying out these activities both SMC and our business partners make every possible effort to verify the conformity of the data (including joint controllership agreements) before they are used. You can request more information on our list of active commercial partners and the obligations of the respective parties by writing to privacy@stellamccartney.com.

When you buy our Services in one of our Shops, your Shopping Data are processed by our Affiliates operating our Shops, acting as independent Data Controllers for the related purchases processing activities.

In order to have a better insight and understanding of your needs, we may ask the Affiliates operating our Shops to send us your Shopping Data to enable us to analyse them and send you offers targeted to your interests. The transfer of your Shopping Data from our Shops to SMC is subject to your explicit prior consent.

Data collected from public or publicly accessible sources

We may collect or enrich your Personal Data with information obtained from third parties and public sources accessible within the limits of the law applicable to us. These sources may include data brokers, public registers, online newspapers, lists or public directories. Please note that a preliminary check is always carried out on the possibility to use this information, according to the best practices established by the competent Supervisory Authorities to which we are subject (the UK ICO and the Italian Garante).

For your convenience, we will collectively refer to all Personal Data mentioned here above as "Data".

Why we use your data Why we use your data

Why we use your data

The Data serves the following purposes:

Privacy Policy

Privacy Policy

Providing our Services and related support

We use your Data to offer you our Services; to organize Our Events in which you take part; to respond to your requests/suggestions/reports; to process your requests for remote sales appointments, stylist appointments or other boutique services; to verify and process a purchase you have made, using your Personal Data (e.g., name, contact information and information voluntarily provided by you) to communicate with you in connection with any prize draws and contests in which you choose to participate.

This processing is based on the execution of a contractual obligation or pre-contractual measures taken at your request.

Privacy Policy

Privacy Policy

Complying with legal obligations

We may use your Data to comply with legal and tax obligations to which we are subject, which form the legal basis of this processing.

Privacy Policy

Privacy Policy

Detecting anomalies and improving our Services

We use Data you provide, Data collected by the Browser and the Device, Data inferred by your activities and Aggregated Information in order to avoid anomalies in our Services. For example, we may detect anomalies when you open one of Our Pages, access a link, or when a bug is present in our system.

The processing is based on our need to guarantee the best Services and on our legitimate interest in avoiding any service disruptions.

Privacy Policy

Customizing our Services including any Content that may be useful to you

We use your Data, in particular Data inferred by your activities, Information about your location, Data collected by third parties and Data collected by the Browser and the Device, to improve our Services (e.g., Our Pages, Our Events), our promotional communications and to show Content that may be useful to you. For example, we may display a specific product according to your clicks, views, follows, tags.

Content that may be useful to you:

  • is not created using Sensitive Data such as that which may be derived from Information about your location;
  • may also be visible on websites and mobile applications other than Our Pages once uploaded to Programmatic Advertising or social media platforms to the extent that you have authorised us to do so.

The customization of our Services and the provision of Content that may be useful to you may be more or less accurate depending on the consent(s) you have given, which you may or may not decide to provide through:

  • the banner that appears when you first visit Our Pages concerning the Data collected by the Browser and the Device, and the Information about your location;
  • data collection forms, in which we ask you to express your preferences regarding the Data you provide, the Data inferred by your activities and the transfer of your Shopping Data from the Affiliates operating our Shops to SMC;
  • the preferences in your social media accounts.

If you do not wish to receive personalized Services or Content that may be useful to you, you can change your preferences, as explained in the “How to control your Data and manage your choices” section below.

Privacy Policy

Privacy Policy

Analysing and improving our Services and creating new services and features

We use your Data and Aggregated Information to measure the performance of our Services and to create new ones. This can be done, for example, through the analysis of your interactions with Our Pages, your purchase history and/or promotional communications (if requested).

Except for your consent to the customization of our Services, measuring the effectiveness of our Services and the creation of new Services is based on our legitimate interest in creating and maintaining Services that are truly useful to our customers.

Privacy Policy

Sending you promotional communications

We use the contact information you provide and those collected by third parties to send you communications about our products and the Services we offer, information about our initiatives and/or to ask you to participate in our surveys. In some cases, communications may include products or service promotions from selected co-branded companies (without sharing your Data with them). Such communications are sent by SMC and may also be customized if you have consented to the customization of Services, including Content that may be useful to you.

No communication will be sent to you without your prior consent, which you can provide through specific tick-boxes for this purpose.

Privacy Policy

Privacy Policy

Protecting our interests and your interests

We may need to use your Data to detect, react to, and prevent fraudulent and illegal behaviour or activities which could compromise the security of our Services. This could be the case when you use Our Pages in ways other than what is permitted or in the case of inappropriate behaviour at Our Events. This purpose also includes audits and assessments of our business operations, security controls, financial controls, records and information management program, and otherwise relating to the administration of our general business, accounting, record keeping and legal functions.

These purposes rest on our legitimate interest in safeguarding our interests and protecting our users, including you.

With whom we share your Data

With whom we share your Data

We disclose your Data with the following list of persons/entities (“Recipients”):

  • Persons authorized by us to perform any of the data-related activities described in this document: our employees and collaborators who have undertaken an obligation of confidentiality and abide by specific rules concerning the processing of your Data;
  • Our Data Processors: external subjects to whom we delegate some processing activities. For example, security systems providers, accounting, administrative, legal, tax, financial and debt collection consultants, data hosting platform providers, etc. We have signed agreements with each of our Data Processors to ensure that your Data are processed with appropriate safeguards and only under our instruction.
  • Systems administrators: our employees and those of our Data Processors which assist us with the management of our IT systems and therefore can access, modify, suspend and limit the processing of your Data. These subjects have been previously selected, adequately trained and their activities tracked by systems they cannot modify.
  • Third parties in relation to your purchases: external payment providers, international carriers.
  • Our Affiliates: depending on your jurisdiction, we will share your Data with our Affiliates operating Our Shops to assist you in your preferred language and in cases where we wish to engage in business initiatives at the local level. All the Affiliates have signed a data processing agreement for the processing of your Data. You can request more information on our Affiliates and our data processing agreements by writing to privacy@stellamccartney.com.
  • Law enforcement or any other authority whose provisions are binding for us: this is the case when we have to comply with a judicial order or law or defend ourselves in legal proceedings. Where a government, being supranational, federal, state or governmental, prefectural or local government, statutory, administrative or regulatory body, court, agency, including a law enforcement agency, or any other authority in any part of the world (also outside of your jurisdiction) whose regulations, directives, notices, resolutions, orders, decrees, injunctions, warrants, subpoenas, or judgments are binding upon us requires us to disclose your Data, we will not share your Data without your consent, unless we are under a legal obligation to comply with said regulations, etc.
How we use your Data (method of processing)

How we use your Data (method of processing)

Data collected for the purposes indicated above are processed both manually and via automated processing, namely, through programs or algorithms that analyse Data inferred by your activities, Information about your location, and Data collected by the Browser and the Device.

Your Data may also be subject to Combination and/or Crossing, which provides a deeper understanding of your interactions with us. The Combination and/or Crossing of your information for the purposes we process it for (e.g., customizing the Services) can be enabled or disabled as explained in the “How to control your Data and manage your choices” section below.

Where your Data are

Where your Data are

SMC is a global brand and Our Shops are available in multiple jurisdictions worldwide. This means that your Data may be stored, accessed, used, processed, and disclosed outside your jurisdiction, including within the European Union, and the United States of America, or any other country where our Affiliates operating Our Shops, service providers, Data Processors and sub-processors are located, or where their server or cloud computing infrastructures may be hosted. We take steps to ensure that the processing of your Data by our Recipients is compliant with the applicable data protection laws, including the UK and the Italian laws to which we are subject. Where required by EU data protection law, transfers of your Data to Recipients outside of the EU will be subject to adequate safeguards (such as the EU standard contractual clauses for data transfers between EU and non-EU countries), and/or other legal basis according to the EU and the UK legislations. For more information on the adequate safeguards we have implemented with regard to Data that is transferred to third countries, please write to: privacy@stellamccartney.com.

How long we store your Data

How long we store your Data

Data processed for the purposes indicated above will be kept for the period deemed strictly necessary to fulfil such purposes. Data collected for marketing and customization of Services will be retained for seven years based on our legitimate interest as luxury brand.

Data processed in compliance with the legal obligations to which we are subject will be kept for the period required by law. Data processed to protect our interests, and our users' interests, is kept until the time provided for by applicable law to protect our interests (typically no longer than 10 years).

Once the relevant retention period/criterion has expired, your Data is erased pursuant to the SMC retention policy.

You can request more information on our data retention criteria and policy by writing to: privacy@stellamccartney.com

How you can control your Data and manage your choices

How you can control your Data and manage your choices

At any time, you can ask to:

  • Access your Personal Data: depending on your use of our Services, we will provide the Data we have about you, such as your name, age, IP Address, Unique Identifiers, e-mail and preferences expressed, together with the Notice you received when you provided them, and the source of the Data (if, for example, they were provided to us by one of our business partners);
  • Exercise your right to the portability of your Personal Data: according to your use of our Services, we will provide you with an excel file containing your Data;
  • Correct your Data: for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
  • Limit the processing of your Data: for example, when you think that the processing of your Data is unlawful or that processing based on our legitimate interest is not appropriate;
  • Delete your Data: for example, when you do not want to use our Services and do not want us to retain your Data any longer;
  • Update your preferences for processing based on your consent. According to your use of our Services, you may request us to not send you commercial communications and/or to not personalize our Services including any Content that may be useful to you.

In accordance with UK and EU data protection law, we will reply to your request within one month of its receipt (extendable for two further months in case of particular complexity). Please mind that some of your rights may be subject to restrictions if the applicable law allows to do so.

You can exercise any of the rights listed above towards:

At any time, you can also:

Privacy Policy

Privacy Policy

Contact our Data Protection Officer (DPO) by writing to dpo@stellamccartney.com

Privacy Policy

Privacy Policy

Contact the competent Supervisory Authorities (the UK ICO or the Italian Garante) or the authority in charge of data protection of your country of residence.

Privacy Policy

Privacy Policy

  • Revoke your consent for the purposes for which we have collected it through the settings of Our Pages or by writing to privacy@stellamccartney.com;
  • Stop the sending of promotional communications by clicking on the link at the bottom of each e-mail and/or clicking on the “STOP” link to any text or other message you receive notification;
  • Set up your preferences regarding Data collected by the Browser and the Device by clicking here;
  • Block the sharing of some of your Data within the Programmatic Advertising platforms that allow us to send you Content that may be useful to you, by using the AdChoices tool; the ones provided by the Digital Advertising Alliance; the DAA AppChoices in the United States; the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe.
  • Block the sharing of some of Unique Identifiers via your Device. For iOS Devices: you can turn on the “Limit Ad Tracking” setting by going to Settings>Privacy>Advertising and select/toggle on “Limit Ad Tracking”. On the same page, you can also reset your advertising ID (so-called IDFA). For Android Devices: turn on the “Opt out of Ads Personalization” setting by going to Settings > Privacy > Advanced > Ads and select/toggle on Opt out of Ads Personalization.
  • Limit the processing of Information about your location from your Device by choosing to enable the tracking of your location only for a short period of time or by providing us only with your address or zip code;
  • Block the processing of Other Tracking Technologies (e.g., pixels) in our e-mail communications via your e-mail application. For example, on Outlook, the blocking of such tracking is turned off by design unless you press "Download images".

How we protect your Data

We take reasonable precautions from the physical, technological and organizational points of view to prevent the loss, misuse, or modification of Data under our control. For example:

  • We ensure that your Data is only accessed and used by, transferred or disclosed to Recipients that need to have access to such Data.
  • We also limit the amount of Data which is accessible, transferred or disclosed to Recipients to what is strictly necessary to fulfil the purposes or specific tasks performed by the Recipient.
  • The computers and servers where your Data is stored are kept in a secure environment, are password-controlled with limited access, and have industry standard firewalls and anti-virus software installed.
  • Paper copies of any documents containing your Data (if any) are kept in a secure environment as well. For example, depending on the sensitivity of the information in question, your Data may be stored in a locked filing cabinet that can only be accessed by our employees who require the information, as described above.
  • When destroying paper copies of documents containing your Data that is no longer needed, we ensure that such documents are shredded or incinerated.
  • When destroying Data recorded and stored in the form of electronic files that are no longer needed, we make sure that a technical method (for example, low level format) ensures that the records cannot be reproduced.
  • Laptops, USB keys, mobile phones and other electronic wireless devices used by our employees who have access to your Data are password protected. We encourage employees not to store your Data on such devices unless it is reasonably necessary for them to do so to perform a specific task as outlined in this Notice.
  • We train our employees to comply with this Notice and periodically conduct audits and other monitoring activities to ensure ongoing compliance and to determine the effectiveness of our privacy management practices.
  • Any data processor that we use is contractually required to maintain and protect your Data using measures that are substantially similar to those set out in this Notice or required under applicable data protection law.
  • In cases required by the applicable legislation, if a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Data transmitted, stored or otherwise processed, will be notified to you and to the competent data protection authority as required (for example, unless Data is unintelligible to any person or the breach is unlikely to result in a risk to your rights and freedoms and those of others).

What is not covered by this Notice

This Notice explains and covers the processing operations that we carry out as Data Controllers and as Main Joint Data Controllers.

The Notice does not cover processing carried out by parties other than SMC and in particular, does not cover:

  • the processing carried out by our business partners as autonomous data controllers including those carried out by social media platforms within Our Pages;
  • The further processing carried out by our Affiliates as autonomous Data Controllers for the exclusive purpose of finalizing the sales in Our Shops;
  • The processing carried out by Drop Srl as an autonomous Data Controller for purposes other than those described in this Notice.

With respect to such hypotheses, we do not assume any responsibility for the processing of your Data not covered by this Notice.

Changes to the Notice

This Notice entered into force on the date indicated at the beginning of this document. We reserve the right to modify or update this Notice, in full or in part, at our discretion or as a consequence of changes in applicable regulations. We will inform you of substantial changes to this Notice via your contact details.

The previous Notice is available here.

Definitions

:
  • Affiliates: refers to Stella McCartney France SAS; Stella McCartney (Shanghai) Trading Ltd; Stella McCartney Spain SL; Stella McCartney Japan Ltd; Stella McCartney America Inc; Stella McCartney Hong Kong Ltd. All these entities act as Data Processors for the purposes of this Notice. More information is available by writing to: privacy@stellamccartney.com.


  • Aggregated Information: refers to statistical information about you that does not contain your Personal Data. We use this information for analysing and improving our Services and creating new services and features and to create statistical reports for Our Shops.



  • Browser: refers to programs used to access the internet (e.g., Safari, Chrome, Firefox, etc.).



  • Combination and/or Crossing: this is the set of fully automated and non-automated operations which we combine with the Information about your location, the Data inferred by your activity, the Data collected by the Browser and the Device, the Data you provide used to provide the Services, analysing and improving our Services and creating new services and features, as well as to offer Content that may be useful to you. We may also combine and/or cross information from different sources, such as information collected from Our Pages and Application, Data collected from public or publicly accessible sources and Data collected by third parties.



  • Content that may be useful to you: for example, if you search for a particular product, we may display similar products on Our Pages or through Programmatic Advertising. Customization of the content may occur through the Combination and/or Crossing of Data.



  • Cookie: refers to a small text sent to your Browser from Our Pages. It allows the site to store information such as the fact that you visited the site, your language and other information. Cookies are used for different purposes, for example, to record your preferences regarding the use of Cookies (technical cookies), analysing and improving our Services and creating new services and features or Customizing our Services, including Content that may be useful to you. Information transmitted by Cookies is subject to Combination and/or Crossing with Other Tracking Technologies where applicable.



  • Data Controller or Joint Data Controller: refers to the legal person, public authority, service or other entity which, individually or jointly, determines the purposes and means for processing your Personal Data. The Main Data Controller is Stella McCartney LTD. In other cases, it may be preceded by the word "autonomous" (e.g., "autonomous Data Controller") to indicate that your Personal Data is processed by a subject other than us.



  • Data Processor: refers to an entity that we engage to process your Personal Data solely on behalf of and pursuant to the written instructions provided by us.


  • Device: refers to the electronic device (e.g., iPhone) which you use to visit Our Pages.



  • E-commerce: electronic commerce or “e-commerce” is the buying of goods and services using the internet when shopping online on SMC official website.



  • IP Address: is a unique number used by your Browser or your Device in order to connect to the internet. The internet service provider provides this number allowing identification of the provider and/or the approximate area where you are located. Without this data, you cannot connect to the internet and use our Services or use Content that may be useful to you.



  • Main Joint Data Controllers: Stella McCartney LTD and Stella McCartney Italia SRL.



  • Mobile Application: means the Stella McCartney mobile apps available on app stores.



  • Online Shopping Data: this category of data includes both information about the online customer (e.g., first and last name, address, e-mail address, date of birth) and information on the online transactions (e.g., goods, article numbers, purchase price and similar information, purchase history).



  • Other Tracking Technologies: pixel tags (tracers used with Cookies and embedded in images on web pages to track certain activities, such as the viewing of Content that may be useful to you, or to see if an e-mail has been read) or Unique Identifiers embedded in links to commercial communications that send us information when clicked on.



  • Our CRM: the Customer Relation Management used by Stella McCartney LTD, acting as Joint Controllers, to process your Personal Data for marketing and profiling activities.


  • Our Events: these are events, boutique events or showrooms organized by SMC or in collaboration with other brands with whom we have signed partnership agreements.


  • Our Pages: includes our social network pages, and some sections of our dealers' websites where this Privacy Policy is available (e.g., www.stellamccartney.com).



  • Our Shops: these include Stella McCartney physical shops present worldwide which are operated by our Affiliates.


  • Personal Data: means any information relating to an identified or identifiable natural person whether directly or indirectly, as well as any information that is linked or reasonably linkable to a particular individual or household. For example, an e-mail address (if it refers to one or more aspects of an individual), IP addresses, and Unique Identifiers are considered Personal Data.


  • Programmatic Advertising: these are platforms that share the information they collect about you, such as your IP Address and the data collected by Cookies, SDKs and Other tracking technologies, with entities who have an interest in showing you Content that may be useful to you. In our case, if you visualize a particular product on Our Pages, we will ask participants in Programmatic Advertising to grant us an advertising space on one of the websites you visit in order to display Content that may be useful to you. On this point, we would like to reiterate that the communication of your Data to participants in Programmatic Advertising is based on your prior and specific consent provided on the banner when the first visiting Our Pages. If you want to know how you can object to such communications, please follow the instructions in the “How you can control your Data and manage your choices” section above.


  • SDK: are software libraries that are installed together with a mobile application. They allow the collection of data in the same way as the Cookies do on the Browser. Depending on the settings of your Device, SDKs can collect Information about your location, Unique Identifiers, and Data inferred by your activity.



  • Sensitive Data: means Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation



  • Services: collectively, this means all the services available on Our Pages and Our Shops including sales, booking an appointment with our stylists and aftersales services.



  • Shopping Data: this category of data includes both information about the customer (e.g., first and last name, address, e-mail address, date of birth) and information about the in-store transactions (e.g. goods, article numbers, purchase price and similar information, purchase history).



  • Unique Identifiers: consist of information that can uniquely identify you through your Browser and Device. On the Browser, your IP Address and Cookies are considered Unique Identifiers. On your Device, advertising identifiers provided by manufacturers, such as Apple's IDFA and Android’s AAIG, which we use for analysing and improving our Services and creating new services and features including Content that may be useful to you, are considered Unique Identifiers. Please note that for these purposes and in line with the opinions of the European Supervisory Authorities, we do not use other Unique Identifiers such as MAC Addresses and IMEIs as they are not resettable by you.  

U.S.A Privacy Supplementary provisions (Last Update Date 22/07/2024)

These disclosures supplement the information contained in our Global Privacy Notice by providing additional information about the privacy rights available to individual residents of certain states in the United States and our personal data processing practices relating to those individuals. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Global Privacy Notice.

Notice of Collection and Use of Personal Information

We may collect (and may have collected during the 12-month period prior to the Last Updated date of this U.S.A. Privacy Supplementary provisions) the following categories of personal information about you:

 

Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, passport number and other similar identifiers

 

Protected Classifications: characteristics of protected classifications under certain federal law, such as national origin, age, sex, gender, gender expression, marital status.

 

Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies

 

Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements

 

Geolocation data: Physical location or movements. For example, city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi

triangulation; and, with your permission in accordance with your mobile device settings, and precise geolocation information from GPS based functionality on your mobile devices.

 

Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes.

 

We may use (and may have used during the 12-month period prior to the Last Updated date of this U.S.A. Privacy Supplementary provisions) the categories of personal information listed above for the purposes described in our Global Privacy Notice and for the following business purposes:

 

-         Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing analytics services, providing storage, or providing similar services;

-         Providing advertising and marketing services;

-         Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;

-         Short-term, transient use, such as non-personalized advertising shown as part of your current interaction with us;

-         Helping to ensure security and integrity;

-         Undertaking activities to verify or maintain the quality or safety of our services or devices and to improve, upgrade, or enhance them;

-         Debugging to identify and repair errors;

-         Undertaking internal research for technological development and demonstration;

and

-         Managing our relationships with current or prospective partners, corporate customers and vendors and other business partner personnel.

-         We do not collect or process sensitive personal information for purposes of inferring characteristics about consumers.

 

To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.

Retention of personal information

We will retain your personal information as described in the “How long we store your data” section of the Global Privacy Notice.

Sources of personal information

During the 12-month period prior to the Last Updated Date of this U.S.A. Privacy Supplementary provisions, we may have obtained personal information about you from the following categories of sources:

 

-         Directly from you, such as when you make a purchase in-store or online, call our Customer Service center, complete our customer information cards, attend one of our events or participate in a survey 

-         From your devices, such as when you visit Stella McCartney websites

-         Our affiliated entities and subsidiaries

-         Social networks

-         Online advertising companies (including advertising networks)

-         Internet service providers

-         Data analytics providers

-         Operating systems and platforms

-         Law enforcement authorities, regulators, third-party subpoenas and government entities

-         Data brokers and data aggregators, including data append and cleansing companies

-         Publicly available sources and databases.


Personal data disclosure "Sale", "Sharing" and Targeted Advertising

If you are a resident of the states of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia in the United States, the following supplementary disclosures apply to you.

 

We do not sell or share your personal information in exchange for monetary consideration. We disclose categories of personal data we collect to the categories of recipients set forth below. Different state privacy laws in the United States provide consumers the right to opt-out of certain data processing. This includes the display advertisements that are based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctively branded sites, applications or services (“Targeted Advertising”, also referred to in California as “cross-context behavioral advertising”). Some states also provide the right to opt-out of “Sharing”, which includes providing or making available personal information to third parties for such Targeted Advertising activity. We may use certain personal data that you provide to advertise to you. This may include making available your personal data to certain third parties in a way that may constitute a Sale and/or Sharing, as well as using your personal data for purposes of Targeted Advertising. If you are in one of those jurisdictions, You have the right to opt out of these types of disclosures of your information, as detailed below.

 

During the 12-month period prior to the Last Updated date of this U.S.A. Privacy Supplementary provisions, we may have disclosed the following categories of personal information:

 

-         Identifiers,

-         Commercial Information,

-         Online Activity, and

-         Inferences.

 

We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age.

Disclosure of personal information

 

During the 12-month period prior to the Last Updated Date of this U.S.A. Privacy Supplementary provisions, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:

 

Categories of Personal Information & Third Parties:

Identifiers:                                    

  • Our affiliated entities and subsidiaries
  •  Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Social networks
  • Online advertising companies (including advertising networks)
  • Data analytics providers
  • Internet service providers
  • Operating systems and platforms
  • Data brokers and data aggregators, including data append and cleansing companies

Additional Data Subject to Cal. Civ. Code § 1798.80

  • Our affiliated entities and subsidiaries
  • Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Data analytics providers
  • Internet service providers
  • Operating systems and platforms

Protected Classifications

  •  Our affiliated entities and subsidiaries
  •  Vendors who provide services on our behalf
  •  Professional services organizations, such as auditors and law firms
  •  Data analytics providers
  •  Data brokers and data aggregators, including data append and cleansing companies

Commercial Information 

  • Our affiliated entities and subsidiaries
  • Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Social networks
  • Online advertising companies (including advertising networks)
  • Data analytics providers
  • Internet service providers
  • Operating systems and platforms
  • Data brokers and data aggregators, including data append and cleansing companies

Online Activity

  • Our affiliated entities and subsidiaries
  • Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Social networks
  • Online advertising companies (including advertising networks)
  • Data analytics providers
  • Internet service providers
  • Operating systems and platforms
  • Data brokers and data aggregators, including data append and cleansing companies

Geolocation Data

 Our affiliated entities and subsidiaries

  • Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Internet service providers
  • Operating systems and platforms

Sensory Information 

  • Our affiliated entities and subsidiaries
  • Vendors who provide services on our behalf 
  • Professional services organizations, such as auditors and law firms
  •  Internet service providers
  •  Operating systems and platforms 

Inferences

  •  Our affiliated entities and subsidiaries
  • Vendors who provide services on our behalf
  • Professional services organizations, such as auditors and law firms
  • Social networks
  • Online advertising companies (including advertising networks)
  • Data analytics providers
  • Internet service providers
  •  Operating systems and platforms
  •  Data brokers and data aggregators, including data append and cleansing companies


Consumers Privacy Rights

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

 

Right to Know: The right to confirm whether we are processing personal data about you and, for residents of California and Oregon law only, to obtain certain personalized details about the personal data we have collected about you, including:

o   The categories of personal data collected;

o   The categories of sources of the personal data;

o   The purposes for which the personal data were collected;

o   The categories of personal data disclosed to third parties (if any), and the categories of recipients to whom this personal data were disclosed;

o   The categories of personal data shared for targeted advertising purposes (if any), and the categories of recipients to whom the personal data were disclosed for these purposes;

o   The categories of personal data sold (if any) and the categories of third parties to whom the personal data were sold; and

o   For Oregon residents only, a list of specific third parties to whom personal data have been disclosed.

 

Access: You have the right to request that we disclose to you the personal information we have collected, used, disclosed and sold or shared about you. 

 

Correction: You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.

 

Deletion: You have the right to request that we delete certain personal information we have collected from you, subject to certain exceptions.

 

Opt-Out of Sale or Sharing: You have the right to opt-out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising purposes

 

How to Submit a Request: To submit an access, correction or deletion request, submit a request or opt-out of the sale or sharing of your personal information by emailing privacy@stellamccartney.com

To exercise your right to opt out of targeted advertising or "sales" or “share”of your personal information, please click on the “Do Not Sell or Share My Personal information” link at the bottom of our home page.

 

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

To submit a request as an authorized agent on behalf of a consumer, please email privacy@stellamccartney.com with the subject line “Authorized Agent Request.”

 

Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before complying with your access, deletion or correction request. If you request access to or deletion or correction of your personal information, we may require you to provide certain information, including:

 

Contact information (such as name, phone number, and address); and

Information about your transactions with Stella McCartney.

In addition, if you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. 

 

Additional Information: If you choose to exercise any of your rights, you have the right to not receive discriminatory treatment by us. 

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

-         Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

-         Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

-         Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

-         Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

-         Comply with a legal obligation.

-         Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.