Privacy Policy

Data privacy legislation protects your fundamental rights and freedoms with regard to the processing of your personal data and provides rules under which the use of your personal data is legally conceivable.

Under these rules, the processing of your personal data must comply with several important principles and with the respect of your various personal data rights.

As we are committed to protecting your personal data, we explain hereunder, in this privacy policy (“Privacy Policy”), for what purposes we process personal data and how your privacy rights protect you in the context of using our website and professional services (“Services”).

1/ Our role

This Privacy Policy covers all worldwide services. In providing our services to our clients, KCD, Inc. and its affiliates, KCD Paris s.a r.l. and KCD London Ltd (hereinafter “we,” “our” or “KCD Group”) act as data controllers, in the sense of article 4 of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“General Data Protection Regulation” or “GDPR”), which means we determine the purposes and means of the processing of personal data.

1.2 In some agreed and limited cases, we may act as a data processor when a client asks us to process personal data on its behalf (the client acting in this case as a controller). If it is the case, we commit to comply with GDPR rules relating to processing by a processor.

1.3 If, in the course of providing our Services, we include links to third-party websites or applications, these third-parties are solely responsible for the content- we advise you to review their privacy policies.

2/ Collection of your personal data

2.1 In this section, we explain how we collect personal data and what types of personal data are collected.

2.2 We collect your personal data directly from you when you interact with us (by phone, email or otherwise), in particular when it is necessary for taking steps prior to entering into a contract, for the performance of a contract, for responding to an information request, for registering you for an event, for trafficking samples and for giving us feedback. Where permissible, we may also collect, through cookies and similar technologies, usage information to help us analyze usage of our website, improve our Services and follow users’ experience.

We may also collect your personal data indirectly from certain third party sources: for example, publicly available sources, service providers who work with us in relation to the supply of the Services or an organization which provides you access to our Services. Such data may include identity data (first name, last name, username or similar identifier, marital status, title, date of birth and gender) and contact data (delivery address, email address and telephone numbers).

2.3 Personal data means not only any information relating to an identified natural person but also any information relating to an identifiable natural person. In the course of the supply of our Services, we may collect, store and use the following categories of data:Identity data: first name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact data: delivery address, email address and telephone numbers.
Device data: information about your device, such as IP address, location or provider;
Usage information: information about how you navigate within our website and your browsing history;
Marketing data: your preferences in receiving marketing from us and, if applicable, our partners;
CCTV data: video from CCTV if you visit us in our premises.

2.4 Our Services are not generally aimed at children and, unless in specific cases, we do not collect data relating to children for our activities.

2.5 We do not collect any special categories of personal data about you (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).

2.6 If you fail to provide personal data we need to collect for the enforcement of a contract or by law, we may not be able to perform the contract.

3/ Use of your personal data

3.1 In this section, we explain on which lawful grounds we process your personal data and for which purposes.

3.2 We will use your personal data on the following lawful grounds and for the following purposes:

The performance of a contract

We will process your personal data in order to provide you with Services, which includes registering you as a contact (identity, contact details), performing client contracts (identity, contact details), to manage invitations to you on behalf of clients (identity, contact details), to send samples to you and to receive samples from you (identity, contact details), to manage our relationship with you (identity, contact, marketing data).

The exercise of our legitimate interests, when your fundamental rights do not override those interests

We will process your personal data to protect our website, systems and property (in order to protect our assets, including via CCTV data), to provide technical and customer support, to send Service information, where permissible to personalize our Services (in order to better meet our client’ needs), to participate in any sale, merger, acquisition or restructure operation (in order to continue grow our business and allow a third party to analyze our assets), to analyze the data collected for research purposes (in order to assess our customer satisfaction), to stop or detect wrongdoings or other breach of law (in order to prevent customers or third parties to harm our rights), to comply with orders from courts, public authorities or enforcement agencies (in order to obey any injunction from these judicial or administrative bodies).

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information on such balancing tests by contacting us using the details set out below

The compliance with a legal or regulatory obligation

We will process your personal data in order to comply with any applicable legal or regulatory obligation such as in particular accounting and tax requirements, including internal and external audit requirements.

The compliance with your consent

Sometimes, we will process your personal data on the basis of your consent. In such cases, your consent is given in relation to specific uses. You may withdraw this consent at any time by contacting us at KCDPRIVACY@kcdworldwide.com.

For usage information through cookies, your consent is mandatory and we will apply the recommendations of the relevant data privacy enforcement agency (banner, purposes, configuration), as explained in article 10.

If we interact with you, in your capacity as an individual / consumer (B2C), by using automatic calling machines, fax or electronic mail for the purposes of direct marketing (e.g. email or SMS), we will ask you to give us your consent.

If we interact with you, in your capacity as an employee / representative of a company (B2B), by using automatic calling machines, fax or electronic mail for the purposes of direct marketing (e.g. email or SMS), we will give you the opportunity to object, free of charge by contacting us at KCDPRIVACY@kcdworldwide.com.

Please be aware that you have the right to object to receiving direct marketing and targeted online advertising at any time, free of charge by contacting us at KCDPRIVACY@kcdworldwide.com. However, even if you object to receiving marketing communications by email, we may still send you routine service emails. If you have any questions with regard to the right to object, contact us at KCDPRIVACY@kcdworldwide.com.

4/ Recipients of your personal data

4.1 Your personal data will be shared with our trusted service providers, on a ‘need to know’ basis only, in order that they can assist us in achieving the purposes described above. Our accounting service providers will for example be the recipient of the financial and transactional data. Our marketing service providers will be the recipient of your identity and contact data. Our operational or press relation service providers will be the recipient of the transactional data in order to provide the Services you asked for. Where processing is to be carried out by our processors, we ask them to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the relevant data privacy laws.

4.2 With regard to third parties, we will not share your personal data unless it is necessary for the performance of a contract, for the exercise of our legitimate interests, for the compliance with a legal or regulatory obligation or for the compliance with your consent.

We will not share/sell/make available your personal data for marketing purposes by third parties, unless you gave us your consent to do so.

We also share your personal data for the purposes set out in this Privacy Policy within KCD Group, with third parties in accordance with law, where permissible with our business partners (including third parties involved in sale, merger, acquisition or restructure operation), with third parties required to protect our rights and with any third party you asked us to share personal data with (in particular for the performance of a contract).

We require all third parties to respect the confidentiality and security of your personal data and to process it in accordance with the relevant laws.

5/ Retention of your personal data

5.1 We will retain your personal data in a form which permits identification for no longer than is necessary for the purposes for which the personal data are processed. We retain your data as long as we have an ongoing relationship with you (personal data may be stored for a longer period corresponding to the contractual limitation period or any legal, accounting or reporting requirements, insofar as the personal data will be processed solely for archiving purposes compliant with the original purpose).

5.2 We compute retention periods with regard to the purposes for which we process your personal data, the applicable legal requirements, the retention periods recommended by regulators, the amount, nature and sensitivity of your personal data and the potential risk for your fundamental rights and freedoms.

6/ Your privacy rights

6.1 You have different rights as regards your personal data, under data protection legislation.

6.2 You have the right to:

access the personal data we process about you: this right entitles you to know whether we are processing personal data about you and, if we do, to obtain information about, and a copy of, that personal data;
rectify your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete (please keep us informed of any change to your personal data so we keep accurate records);
erase your personal data: this right entitles you to request the deletion of your personal data under specific conditions, in particular if the personal data is no longer necessary to achieve the processing purpose(s) or if the personal data is unlawfully processed;
restrict the processing of your personal data: this right entitles you to request restriction of the processing when you challenge the accuracy of your personal data, or lawfulness of the processing, when we no longer need the personal data for the processing purposes or when we are investigating an objection you have raised as regards the processing;
receive the personal data you have provided to us, in a structured, commonly used and machine-readable format (i.e. to have your personal data ‘ported’), when we have processed that personal data with your consent or for the performance of a contract (if this right to data portability is not applicable, please be aware that you still have a general right of access);
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you; and
lodge a complaint with a supervisory authority, even though we encourage you to firstly contact us to deal with your questions or worries in the best possible way.

Right to object: where we are relying on a legitimate interest, you also have a right to object to the processing of your personal data. This right to object also applies at any time when your personal data are processed for direct marketing purposes (as described above).

6.3 Please note that whenever you provide your consent for a processing (or if you provided consent for a natural person aged under 15), you are free to withdraw your consent at any time.

6.4 You will not have to pay a fee to exercise any of your rights, in particular your right of access (but, in this case, we may charge a reasonable fee for additional copies).

6.5 If you wish to exercise any of the rights set out above, please contact KCDPRIVACY@kcdworldwide.com. Please note that, for security reasons, we may request from you specific information in order to verify your identity.

7/ International transfers of your personal data

Your personal data may be stored and processed in any country where we have facilities, including USA, or in which we engage service providers. By using the Services, you understand that your information will be transferred to countries outside of your country of residence, including countries which may have data protection rules that are different from those of the European Union.

8/ Security of your personal data

8.1 We use appropriate technologies and procedures to protect your personal data from being accidentally lost, used, altered or disclosed (including technical and physical safeguards), according to the risk level and the Service provided. Our security policies are revised recurrently and updated as necessary with regard to our business needs, to the sensitivity of your personal data and to the changes in tools we use to provide the Services.

8.2 We limit access to your personal data to those employees, agents, processors and other third parties who have a need to know in relation with our Services provided to our clients.

9/ Changes to the Privacy Policy

9.1 We may review and update our Privacy Policy to reflect changes in our Services, technologies and uses of personal data. In such a case, we will notify you of such changes.

10/ Cookies

Our website uses cookies (small files placed on website users’ hard drive) to distinguish you from other users. This helps us to provide you with a high quality experience when you browse our website and also allows us to improve our Services.

We use the following categories of cookies on the website:

A/ Strictly Necessary Cookies
Some cookies are essential for the operation of the website. If a registered user opts to disable these cookies, the user may not be able to access all of the content of the website.

B/ Performance Cookies
Other cookies may be used to analyse how users use the website and to monitor its performance. This allows us to provide a high quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.

Google Analytics is a web analysis service provided by Google, Inc. We use Google Analytics to monitor how visitors use the website, to compile reports and to help us improve the website. Please see Google’s privacy policy for further information on the data Google collects and how it is processed. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On. You may opt out of Google’s use of tracking technologies by visiting the Google advertising opt-out page.

For retention periods, see section 5 above.

11/ Contact Us

If you have any questions about this Privacy Policy or the processing described in it, please contact us at kcdprivacy@kcdworldwide.com.