KATE SPADE CONNECTED PRIVACY NOTICE
Contents
- Who are we?
- What data is covered by this Privacy Notice?
- What data do we collect from you?
- How do we use your personal data?
- With which third parties do we share your personal data?
- Do we transfer personal data outside the EEA?
- What are your rights?
- How do we protect your personal data?
- How long do we keep your personal data?
- Children's Privacy
- How can you contact us?
- Changes to this Privacy Notice
Tapestry Inc. and its affiliated companies (collectively "Tapestry", "we" or "us"), including Kate Spade LLC ("Kate Spade"), are committed to protecting your privacy and ensuring the highest level of security for your personal data.
We have prepared this Privacy Notice for customers including potential customers and consumers of the Kate Spade Connected App, Kate Spade Watch Apps, and Kate Spade Device. This Privacy Notice does not apply to your purchase transaction of the Device or to any purchase on our websites.
This Privacy Notice explains the types of personal data Tapestry and Kate Spade collect about you, how we use that data, who we share it with, and how we protect it.
Please read the following carefully to understand our views and practices regarding your personal data.
1. Who are we?
For the purposes of applicable data protection laws, the responsible party is Tapestry Inc. of 10 Hudson Yards, New York, NY, 10001 and Kate Spade of 2 Park Avenue, New York, New York, 10016.
2. What data is covered by this Privacy Notice?
This Privacy Notice covers all personal data processed by Tapestry and Kate Spade in relation to the Kate Spade Connected App, Kate Spade Watch Apps, and Kate Spade Device which means information (either in isolation or in combination with other information) that enables Tapestry to identify you directly or indirectly. This includes the types of information set out below.
3. What data do we collect from you?
We may collect data about you from the following sources:
1. Information we receive from you
We may collect personal data (such as your name, email address, date of birth, gender, height and weight, a photo, Device information, paired mobile device information and your personal account and App settings) that you provide when you interact with us such as when you:
- register to your personal account (through the App or through social media);
- input information relating to your activity and fitness through the App;
- sign up to our marketing lists or other marketing initiatives such as sweepstakes and surveys; and
- contact our Customer Services.
2. Information we collect about you
We collect information about you from the following sources:
- your use of the App - in particular, we may collect:
- information about your activities (e.g. sleep start time, sleep end time, the time you go to bed, and the time you wake up, the number of steps you have taken, travelled distance); and
- technical information, including your IP address, browser type and version, device identifier, location and time zone setting, network and/or service provider operating system and platform, page response times, and download errors;
- your social media account (e.g. if you log in through social media platforms);
- your interaction with our marketing emails to measure marketing effectiveness (for example, we collect information about whether / when you have opened an email from us, and if you have clicked a link in the email or forwarded the email);
- information we draw from our sources listed above and information we obtain from third parties (including publicly available information) where we have a legal basis to do so. We combine all this information to better understand who you are, your preferences etc. to enhance your customer experience with us (at "How do we use your personal data?").
- How do we use your personal data?
We use your personal data for the following purpose(s):
- Create your personal account on the App (including through your social media log in) and allow you to access your account and use all functionalities associated with having a personal account. This is necessary to perform your contract with us for the provision of the services (personal account). The personal data we use for this purpose:
- The personal data we use for each purpose are: Name, email address, date of birth, gender, height and weight, a photo, the App version, Device information (e.g. Device serial number), paired mobile device information (e.g. smartphone manufacturer, model, operating system) and your personal account and App settings (e.g. which features you want to use).
- Where your account is created through the App we will also store the password selected for your App account.
- When you log in through social media, we also collect publicly available information about you from your social media account.
- To help you understand your daily movement habits, your personal fitness and your sleeping habits. This is necessary to perform your contract with us for the provision of the services. Where this data includes sensitive data (e.g. health data) we will obtain your consent prior to the processing. The personal data we use for this purpose:
- Daily movement and personal fitness: calculated number of steps taken, heart rate, calories burned, mode of movement (e.g. running or walking), travelled distance, the time zone, and your goals for the day and whether you achieved them. In order to enable us to calculate calories burned we use your height, weight, and date of birth information. You may also choose to input information related to your activities through the App, such as updating information about your weight.
- Sleep habits: sleep start time, sleep end time, the time you go to bed, and the time you wake up.
- To customize the App or Watch Apps with location-based information and features. This is necessary for our legitimate interest to provide you with an enhanced customer experience on the App (e.g. automatically updating local weather information, tracing an activity route, or helping you locate your Device based on the last known location). It is also in your interest to benefit from an enhanced customer experience. The personal data we use for this purpose is your geolocation data.
- Provide you with customer support for any enquiry or request related to the App or Watch App. This is necessary to perform your contract with us (where customer support for certain enquiries or requests is envisaged in our contract with you). Also necessary to comply with a legal obligation we are subject to (where such obligation exists which requires us to respond to a specific enquiry from you or enable the exercise of your rights, for example under consumer law). The personal data we use for this purpose are contact details e.g. name, email and postal address and telephone number.
- Contact you with emails related to the administration of your account. This is necessary for our legitimate interest to provide you with alerts about updates for the Device, the App, or Watch Apps and to provide information on the administration of your account (e.g. welcome emails, confirmation of account deletion, assistance in relation to a forgotten password). With your consent where we send you push notifications. You can change your preferences at any time. The personal data we use for this purpose are contact details e.g. name, email and postal address and telephone number.
- Monitor the effectiveness of our products and services and perform data analytics for other marketing, statistical, and market research purposes to learn more about our customers and users. This is necessary for our legitimate interest to improve our products and services (e.g. by analysing fitness trends) and to provide you with a more tailored service. The personal data we use for this purpose:
- Aggregated and de-identified data (including publically available information about you) in relation to marketing, statistical and market research purposes.
- Publically available information about you from your social media account.
- Offer targeted advertising and push notifications to you which are tailored to your needs, preferences, tastes and habits. This is necessary for our legitimate interest to show you the products we think you will mostly like from us. It is also in your interest to receive customised offers so you do not have to spend too much time browsing our broad range of products. Where your consent is not required by law (depending on the means of communications used), this data use is necessary for our legitimate interest to let you know about us and our products. The personal data we use for this purpose:
- Name, email address, date of birth, gender, height and weight
- Your personal account and App settings (e.g. which features you want to use), preferences and how you use our services.
- Enable you to take part in our contests, sweepstakes, competitions, promotions and similar events and initiatives for customers. This is necessary to perform your contract with us (based on your written acceptance of our terms and conditions of entry to participate to such contests, sweepstakes, competitions and other promotions). This is also necessary for our legitimate interest to engage and retain customers, incentivise customers to buy our products or reward our customers. The personal data we use for this purpose:
- Name, email address, date of birth, gender, height and weight
- Your personal account and App settings (e.g. which features you want to use), preferences and how you use our services.
- Fraud detection in relation to any illegal activity. This is necessary to perform your contract with us. This is also necessary for our legitimate interest to prevent illegal activities which could harm you and us. The personal data we use for this purpose is personal data collected about you as set out in section 3 above ("What data do we collect from you?") in relation to this fraud detection exercise.
- Respond to or address enquiries or requests from law enforcement bodies, regulators or other public authorities. This is necessary for the purposes of complying with legal requirements to which we are subject. The personal data we use for this purpose depends on the scope of the relevant enquiry / request.
Where we rely on the necessity for a legitimate interest to use your personal data, we will do so solely on the basis of a previous thorough assessment of our legitimate interest against your privacy rights and we will carefully conduct a balancing exercise to ensure that our data processing is proportionate to your rights.
5. With which third parties do we share your personal data?
Your personal data may be shared with third parties in certain circumstances:
Tapestry's group of companies: We may share your personal data (e.g. purchase details of your Device, other goods you have purchased on a company website) among our group of companies, including our subsidiaries, head office and branches, in order to open your personal account with us, administer our services and products, provide you with customer support, process your payments, understand your preferences, offer targeted advertising, send you information about products and services that may be of interest to you and conduct the other activities described in this Privacy Notice.
Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of the Tapestry services and products to you. We may share personal data with the following categories of service provider:
- infrastructure and IT service providers, including cloud service providers;
- marketing, advertising and communications agencies;
- fraud prevention service providers;
- external auditors and advisers (e.g. social media consulting);
- customer care providers;
- cookie analytics providers; and
- providers of App testing / analytics services.
In the course of providing such services, these service providers may have access to your personal data. However, we will only provide our service providers with personal data which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal data secure.
Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
Please note our App may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.
6. Do we transfer personal data outside the EEA?
Your personal data may be transferred to and processed in the U.S. or other countries located outside the European Economic Area ("EEA") including Hong Kong by our affiliates and our service providers. We will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA.
You may ask for further information on the safeguards that we have put in place to safeguard the transfer of your data to outside of the EEA by contacting us as indicated below at "How can you contact us"?
7. What are your rights?
If you are in the European Economic area, you have the following rights:
- Access. You have the right to request a copy of the personal data we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
- Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.
- Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
You can make a request to exercise any of these rights in relation to your personal data by contacting us as indicated below at "How can you contact us?".
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. Please click here for a list of local data protection authorities in the EEA countries.
8. How do we protect your personal data?
We have implemented technical and organisational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice, as well as other administrative, technical and physical safeguards.
While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
9. How long do we keep your personal data?
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal data (e.g. if you delete your account or if we disable it after a period of inactivity), we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
10. Children's Privacy
We do not knowingly collect, maintain, or use Personal Information via the App or Watch Apps about children under the age of 16. Persons under the age of 16 may not use the App or Watch Apps, and their request for accounts will be denied. If we become aware that a child under the age of 16 has sent Personal Information to us without prior parental consent, we will remove his or her Personal Information from our files. Please note that outside the US other age thresholds may apply.
11. How can you contact us?
If there are any questions or concerns regarding this Privacy Notice or the data collection practices outlined herein, or if you want to exercise any of your rights, please contact us as follows:
by email: privacy@tapestry.com and katespadenewyorkconnected@wearablessupport.com
by post: Tapestry, Inc., Legal Department, 19th Floor, 10 Hudson Yards, New York, NY 10001
Alternatively, you can contact our Data Protection Officer:
by email: privacy@tapestry.com
by post: The Legal Department, Coach Europe, 2 Cavendish Square, London, W1G0PU.
12. Changes to this Privacy Notice
This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
We reserve the right to change our Privacy Notice from time to time including where this is necessary due to changes to our data processing practices or activities. If we decide to change our Privacy Notice we will notify you of these changes via email and post an alert on the homepage of the App.
Last revised date: April 25, 2019