Employees Privacy Notice
SEPHORA GREECE, a Group LVMH subsidiary, located at 7, Dionysiou Areopagitou str.11742, Athens Greece (hereinafter ‘ Sephora ’,‘ we ’ or ‘our ’), attaches great importance to the protection of personal data relating to its employees, apprentices, interns, work-experience students, temporary works and representatives (hereinafter ‘ you ‘).
Sephora respects your concerns relating to the protection of your privacy and your personal data. This Employees Fact Sheet (hereinafter referred to as the “Fact Sheet”) complements the ‘ IT Charter ’ appended to the Sephora Rules of Procedures, and describes the ways in which we use information about you collected within the framework of your employment relationship with Sephora.
This Employees Fact Sheet contains information regarding the nature and the use we make of your personal data, as well as your rights relating to this use. This Employees Fact Sheet is therefore an important resource for you, helping to ensure that you have a positive and confident experience of Sephora’s handling of your personal data and enabling us to provide accurate and complete answers to any questions you may have and to take account of your wishes in this area.
In order to give this requirement to ensure protection of your personal data - and that of our clients - the priority it deserves, Sephora has decided to designate a Data Protection Officer (hereinafter ‘ DPO ’), with effect from the 25th May 2018, who may be contacted at the following address : email@example.com .
1. Modification of the Fact Sheet
We may occasionally wish to modify the terms of this Fact Sheet. In such an event, we shall notify you of this by changing the date indicated at the beginning of this document, which is permanently available for consultation through posters in your workplaces (the network of physical stores) and on your extranet (Sephora Inside). We would encourage you to consult the Employees Fact Sheet on a regular basis, in order to keep abreast of the procedures implemented by your employer for processing your personal data, as well as the methods by which you can send us inquiries regarding our use of the data.
2. Principles relating to processing of personal data
SEPHORA GREECE applies the following principles relating to the process of personal data:
2.1. Personal data are processed lawfully, fairly and in a transparent manner in relation to its employees.
2.2. Collects and process personal data for specified, explicit and legitimate purposes as provided herein and does not process them for purposes incompatible with the initial ones.
2.3. Processes personal data to the extent they are necessary and relevant to the aforementioned purposes, limiting the relevant process to what is necessary for the purposes for which they are processed.
2.4. Makes reasonable effort with the assistance of data subjects, so processed data to be accurate and where necessary up to date, taking every reasonable step to immediately erase or rectify such data, in case of inaccuracy.
2.5. Keeps personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
2.6. Processes personal data in way which safeguards their security, by receiving proper technical or organizational measures.
2.7. Does not process personal data for another purpose in relation to the purpose for which they have been processed.
2.8. Does not use personal data for automated individual decision-making, including profiling.
2.9. Takes into account proportionate restrictions for the process of data in relation to employment agreement so as to guarantee its employees’ privacy and in particular restrictions with regard to tis premises (.e.g. proportionate CCTV solely to certain premises), restrictions depending on the type of data (e.g. personal space for electronic filing of data and personal communications) and time restrictions, (eg. sample process instead of continuous process)
2.10. Complies with the legislation as in force from time to time and its obligations arising from such legislation under its capacity as data controller.
3. Why do we collect your personal data ?
Sephora collects and processes your personal data for the following purposes:
(i) onboarding and administrative management of personnel ;
(ii) payroll management (ICR) and employees benefits, including bonus and profit-share schemes;
(iii) career management, including performance and career reviews (PCRs), OMRs, as well as statistical analyses relating to personnel management;
(iv) employees mobility;
(v) expatriate management ;
(vi) monitoring and management of access to Sephora premises ;
(vii) video surveillance of Sephora premises ;
(viii) vehicle tracking ;
(ix) professional whistleblowing mechanism ;
(x) vocational training ;
(xi) employees welfare and representation ;
(xii) provision of IT resources ;
(xiii) provision of landline and mobile telephone services ;
(xiv) managing benefits obtained through employee card.
(xv) working time management, absences and leaves,
(xvi) keeping of organisational charts, agendas and IT directories?
(xvii) HR reporting and statistics.
Sephora processes your personal data in order to fulfill its contractual obligations under the employment contract, to comply with its legal obligations, to process such information resulting from the fulfillment of Sephora's legal and contractual obligations and of Sephora's legitimate interests in its capacity as an employer, to fulfill the legal interests which it seeks if, in that case, those interests take precedence over the interests or fundamental rights and freedoms of the employee.
4. What type of personal data do we process ?
We only process data that is strictly necessary for the purposes described in paragraph 3.
For your information there follows a list of the categories of your personal data that we may process, depending on the purposes to be achieved by this processing:
• data relating to your civil status and identity, such as : surname and forename, personnel number or system ID reference, date and country of birth and nationality ;
• your social security number for payroll management purposes and where required your national identification number;
• data relating to your private life, such as your family circumstances or evidence justifying absence on medical grounds ;
• data relating to your professional life and information of an economic and financial nature, such as : starting date of contract, end date of contract, length of employment, details of work and position, work email address, remuneration, allowances, salary level and details of wage component, department, scheduled working hours, absences and leaves, data regarding career path, succession and information on career plans, objectives and targets, performance assessments and grading ;
• data relating to the protection of individuals and property, such as video recordings ;
• data enabling control of access to premises, such as : badge number and vehicle registration number for access to car park ;
• data relating to use of employee card, in accordance with the applicable General Terms and Conditions of Use ;
• data enabling your identification within the Group Sephora and Group LVMH IT network, as well as your connection data to IT equipment ; and
• data relating to use of telephone services, such as : telephone numbers, length of calls, date and time the calls began and ended.
Collection of this data is strictly necessary to enable performance of your contract and ensure the satisfactory management of Sephora’s human resources.
5. Who can access your personal data ?
Within the Group Sephora, your personal data are only accessible to individuals who need to use it in order to carry out their respective duties.
More specifically :
Within the company :
Employees in Sephora’s HR department ;
Sephora’s payroll staff ;
First and second-level management, in the case of data relating to employee performance in carrying out duties ;
Sephora’s IT department, for the purposes of maintenance ;
Organizations representing employees for management of cultural and social activities ;
Outside the company :
Group LVMH’s HR department ;
Group Sephora and Group LVMH IT department in charge of IT directories, IT equipment and intranet, The HR departments of the other Group Sephora subsidiaries and / or of Group LVMH in charge of international careers and mobility ;
The appropriate public authorities ; and
Service providers working for Sephora and / or for Group LVMH and involved in achieving all or some of the purposes set out in paragraph 3.
In particular, we rely on third party processors to provide you the MySephoraCareer application. These third-party processors are only allowed to process your personal data on our behalf and upon our explicit written instruction.
In addition, for purposes connected to maintenance of the IT systems, your personal data may be accessible to Sephora employees or to the employees of external providers of certain IT services. These employees shall only be able to access your data in order to carry out maintenance activities on the IT systems. They shall carry out their duties in accordance with Sephora’s instructions and in total compliance with the legislation on personal data.
6. Where are your personal data stored and processed?
We process your personal data first and foremost within the European Economic Area (EEA).
As Sephora is part of an international group, in order to process your personal data for the purposes outlined in article 3 above your personal data (as described in paragraph 4) may be transferred to organizations within Groupe Sephora or the Groupe LVMH (parent company in France and subsidiaries wordlwide), and to external service providers helping Sephora entities in dealing with HR which may be located worldwide, including outside the European Union, and more specifically, regarding Groupe Sephora entities,in the following countries : Monaco, Turkey, Serbia, Switzerland, Russia, Kuwait, Saudi Arabia, United Arab Emirates, Qatar, Bahrain, China, Singapore, Hong Kong SAR, Thailand, Malaysia, Indonesia, New Zealand, Australia, India, Philippines, Brazil, Canada and the United States of America.
Given the fact that some of these countries does not ensure an adequate level of protection of personal data as in the European Union, Sephora shall in accordance with applicable regulations, ensure the protection of your personal data as follows:
- The country of the recipient having legislation in place which is considered equivalent to the protection offered within the EEA
- The Binding Corporate Rules (or ‘ BCR ’) applicable in each of LVMH Group subsidiaries ; and
- The contractual arrangements with our external service providers, through the implementation of standard contractual clauses published by the European Commission.
Copies of these documents may be obtained by sending an email to the following address: privacyHR@sephora.gr.
7. How long do we store your personal data ?
Sephora stores your personal data for the entire duration of our contractual relations with you, and then for an additional period, the length of which depends on the category of data concerned, for the purposes set out in paragraph 3. There follow details of the length of time your data are stored:
Your employment contract data is stored for as long as required by labor, social security and tax laws to fulfill our obligations under the above laws
- Video recordings made for security purposes within the context of your time working in our premises are stored for a maximum period of 1 month.
At the end of the abovementioned periods, your personal data are deleted.
8. Your rights
As provided by Greek and EU legislation on the protection of personal data, ,you have the right to request access to data relating to you, and if applicable to request their rectification and deletion.
You have the right to request that any personal data pertaining to you that are inaccurate, be corrected free of charge.
You have the right to request that personal data pertaining to you be deleted if these data are no longer required in the light of the purposes outlined in Article 3 above. However, we will evaluate a request for deletion against:
- overriding interests of Sephora or any other third party;
- Any legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
Instead of deletion you can also ask that we limit the processing of your personal data if you contest the accuracy of the data, or the processing is illegitimate, or the data are no longer needed for the purposes mentioned in Article 3.
You may exercise your right to object to the processing of personal data that relates to you on grounds of your specific situation, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims or to seek a restriction on the processing of your data.
You are also entitled to request a copy of your the personal data you have directly provided to us through automated means in a format that is structured, commonly used and machine-readable. Furthermore, you have the right to issue advance instructions regarding use or disposal of your personal data after your death.
We would invite you to exercise these rights by writing to the following address: privacyHR@sephora.gr by contacting the DPO at this address: firstname.lastname@example.org.
Finally, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr). We would however suggest that you first send us any claims via the DPO, so that we can deal with your questions and work together to find solutions that will resolve any issues you may have.
9. Notification of changes
We will keep you informed of any modifications to our Employees Fact Sheet.
This Employees Fact Sheet was last updated and revised on the [1.11.2019].