除了以下「資料控制者及聯絡方式」章節提及的 La Prairie 公司，我們亦可能（在適用私隱法律允許的情況下）出於上述目的將您的個人資料與以下第三方分享：

• 我方集團公司。我方集團公司的完整名單請參見 此處；
• 銀行及我們的支付服務供應商（以處理交易）；
• 第三方（如我們獲您允許）（例如社交媒體供應商、禮賓服務或我方授權零售夥伴）。您的個人資料與第三方分享後，也將成為該等第三方私隱政策的管限對象；
• 我方業務的準買家或最終買家（如果我們或我方的大部分資產由第三方收購或與第三方合併（包括基於破產））；
• 任何執法機構、法庭、規管機構、政府機關或其他第三方（我們合理覺得為遵循法律或規管義務或另行為強制執行或應用我們的 使用條款 或任何其他協議或我們選定的分銷系統；或為保障 La Prairie、我方顧客或他人的權利、品牌、財產或安全而有所必要）。此包括為了防範欺詐和減少信用風險目的，而與其他公司及組織交換資料；或
• 按照我方指示代表我們履行服務的第三方服務供應商（以及集團公司及授權零售夥伴）。我們並不授權此等第三方服務供應商使用或披露資料，有需要代表我們履行服務或須遵循法律規定則另作別論。此等第三方服務供應商例如包括我方授權零售商和在店內為您提供服務的合作夥伴員工、資訊科技支援服務供應商、履行訂單和管理退款並提供資料託管和支援、內容個人化、廣告及促銷服務（包括數碼及個人化廣告）以及資料清理、管理、分段和分析的公司。

請注意，上述第三方可能位於您居住地以外的國家／地區，包括歐洲經濟區、英國或瑞士以外的國家／地區。請點撃此處，查看我方聯屬公司的地點列表。當該等第三方代表我們處理您的資料時，我們會與他們執行適當的合約安排，其中包括嚴謹的資料保護義務。更多有關國際資料轉移的詳情，請參閱下文「資料轉移」一節。

我們也會將資料分享予第三方，包括社交媒體及搜尋引擎合作夥伴：

我們會將您的個人資料與其他顧客的資料結合，以就我方平台使用情況、我方產品購買情況以及有關我方顧客的其他一般已分類的資料建立資料組。縱然此為綜合且匿名化的資料組（即無法直接或間接識別您的個人身分），但能向我們提供我方數碼平台及銷售點使用情況的重要信息，而我們將與指定第三方分享相關資訊，當中包括我們的集團公司。

此外，我們會將關於您的資料轉移至廣告技術供應商以及我們的社交媒體及搜尋引擎合作夥伴（包括 Meta、TikTok、Google 及 Twitter），讓其得以識別您的裝置，並傳遞您感興趣的內容及廣告。資料可包括您的姓名、郵寄地址、電郵、裝置 ID 或其他加密形式的識別碼。供應商常會以散列或反識別形式處理資料。此等供應商可向您收集額外資料（例如有關您的瀏覽器或操作系統的 IP 位址及資料），將有關您的資料與來自我們所參與資料分享合作的其他公司的資料合併；並可能在您的瀏覽器放置或辨識其獨有 Cookie。產生此等 Cookie 的第三方自設私隱政策。

對此，我們與 Meta 簽訂了相應的共同控管協議，您可在此處查閱：https://www.facebook.com/legal/controller_addendum。該協議界定在履行適用法律規定下有關共同控管義務的各方責任。有關控制者及 Meta 資料保護專員的聯絡資料，請參見此處：https://www.facebook.com/about/privacy。在不影響這一點的情況下，資料當事人權利的管轄權不受限制。我們已與 Meta 達成協議，Meta 可以作為行使資料當事人權利的聯絡方（請參閱 第 8 節）。

有關 Meta 如何處理個人資料的更多詳情，包括其法律依據以及有關資料當事人權利的進一步資料，請參見此處：https://www.facebook.com/about/privacy。我們基於合法權益在共同控管範圍內轉移資料。

有關資料安全條件的資料在此載列：https://www.facebook.com/legal/terms/data_security_terms，而有關根據標準合約條款處理資料的詳情，請參見此處：https://www.facebook.com/legal/EU_data_transfer_addendum。

資料轉移

您的個人資料主要儲存在位於歐盟的伺服器上。然而，我們在全球開展業務，並可能會將您的個人資料轉移予  La Prairie 集團內的其他公司（完整名單請參閱此處）、第三方服務供應商 或全球據點的授權零售夥伴，包括資料保護措施未達足夠保護程度的國家／地區。無論您在何處、以何種方式與我們互動，無論是在我方數碼平台還是在世界各地的銷售點，我們都希望您都能獲得最佳的服務和客戶體驗。為此，我們可能必須在您首次與我們分享個人資料的國家／地區以外的地方分享您的個人資料，此舉須始終出於本政策所述目的，並且在我們對第三方根據適用法律實施的保護和安全水平感到滿意的情況下進行。為了使我們能夠為您提供全球性且個人化的客戶體驗和服務，此類個人資料的分享實屬必要。

如果您的個人資料被轉移至您瀏覽網站的所在地、歐盟或瑞士以外的司法管轄區，以及根據歐盟委員會、瑞士當局或相關適用法律未達足夠保護程度的司法管轄區，我們將採取措施，根據 GDPR 第 46 (2) 條簽訂歐盟委員會和瑞士批核的標準合約條款，以確保您的資料得到充分保護，或根據適用法律制定其他措施，以確保此類轉移提供妥善保障。更多有關歐盟及瑞士用戶的資訊，請參閱：https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en

您可透過 第 10 節提供的聯絡資料，索取相關機制的資料副本。

您的個人資料將按照以下準則保存一段特定時間：(i) 履行本政策而必需的時長；(ii) 任何適用的法律規定；或 (iii) 您在適用情況下提出的任何刪除要求。

在適用法律允許的範圍內：

• 就我們的客戶而言，我們將在合約關係期間及其後 7 年內保存您的資料。
• 就我們的潛在客戶而言：您的資料將自您上次與我們互動後起保存 3 年。

請注意，法律（例如稅務、會計或法律義務）可能規定我們將特定資料保存更長時間。如欲了解更多，請透過 第 10 節所載資訊聯絡我們。

Cookie 是甚麼？

Cookie 是網站發送至您的電腦、流動裝置或其他連網裝置的小型文字檔案，唯一地識別您的瀏覽器，或在您的瀏覽器儲存資料或設定。

我們聘用第三方服務供應商，讓其在我方平台、社交媒體頁面及通訊中使用 Cookie、網絡信標及其他類似技術。此旨在了解您使用我方服務的情況、改善您的用戶體驗、啟用個人化功能及內容、優化我方廣告及促銷，並讓第三方廣告公司得以協助我們在互聯網提供您感興趣的廣告。您可在  Cookie 設定中檢視完整的 Cookie 列表並更新您的偏好設定。

我們使用的 Cookie 分類如下：

• 必要的 Cookie

此為網站運作所必要的 Cookie，並且在我們的系統中無法關閉。它們通常只在您採取行動提出服務要求時才會設置，例如設定您的私隱偏好、登入或填寫表格。您可以將瀏覽器設定為阻止或提醒您注意此類 Cookie，惟網站的某些部分將無法運作。此類 Cookie 並不會儲存任何可識別個人身分的資料。

• 分析∕功能 Cookie

此類 Cookie 可讓我們可以計算造訪次數和流量來源，以便我們衡量和改善網站效能。它們有助於我們了解哪些頁面最受歡迎和最不受歡迎，並了解訪客在網站上的活動情況。在技術上可行的情況下，此類 Cookie 收集的所有資料都會經過綜合彙整，即以匿名方式處理。
如果您不允許此類 Cookie，我們將不會知道您何時瀏覽我們的網站。經您同意後，我們為此而使用 Google Inc 操作的 Google Analytics。如您拒絕被 Google Analytics 追蹤，您可以前往  Cookie 設定或瀏覽  https://tools.google.com/dlpage/gaoptout。

• 功能 Cookie

此類 Cookie 讓網站能夠提供強化的功能和個人化服務。它們可能由我們或我們已將其服務添加至我方頁面的第三方供應商設置。如果您不允許此類 Cookie，則部分或全部服務可能無法正常運作。

• 目標∕廣告 Cookie

此類 Cookie 可能由我們的廣告合作夥伴透過我們的網站設置。它們可能會被該等公司用以建立您感興趣的資料檔案，並在其他網站上向您展示相關廣告。它們不會直接儲存可識別身分的個人資料，而是基於唯一識別您的瀏覽器和互聯網裝置。如果您不允許此類 Cookie，您將體驗到較少的目標廣告。

網絡伺服器日誌及網絡信標

除了透過 Cookie 獲取資訊，我們的網絡伺服器亦可能記錄詳情，例如您的操作系統類型、瀏覽器類型、網域和其他系統設定，以及您的系統所用的語言，和您裝置所在地點的時區。此外，網絡伺服器日誌可能記錄其他資訊，例如將您連結至我方網站的網址，以及您用於上網的裝置的 IP 位址。此類資訊有助我們排除故障、改善功能和維持我方數碼平台的安全性。為控制哪些網絡伺服器收集此類資訊，我們可能在網頁放置稱為「網絡信標」的標籤。此為將網頁連結至特定網絡伺服器及其 Cookie 的電腦指令。我們也可能使用 Cookie 及類似技術（例如網絡信標），以了解您已否打開我們發送給您的電郵並按其行事，以及我們的郵寄工具是否正在正常運作，或衡量功能並提供與您更加貼切相關的內容及廣告。

我可否拒絕 Cookie 及類似技術？

您可以在  Cookie 設定中隨時選擇接受或拒絕我們的 Cookie。

拒絕接受或停用 Cookie 可能令您無法獲得本網站的某些內容或功能。

網絡信標就如任何其他內容一樣屬於網頁的構成部分，因此您不能拒絕或免除網絡信標。然而，您或許可以透過避免下載所收電郵訊息中的圖片，而停用訊息中的網絡信標（此功能因個人電腦上所用的電郵軟件而有所不同）。但是，基於特定的電郵軟件性能，這種操作不一定可以停用電郵訊息中的網絡信標或其他類似技術。如欲就此了解更多，請參閱您的電郵軟件或服務供應商提供的資料。如您拒絕 Cookie 或修改瀏覽器的 Cookie 設定，亦可能會在某些情況下令網絡信標失效。

您的權利

根據適用法律，您可能擁有以下權利：

• 存取權及知情權： 您有權以簡潔、透明、易懂且容易獲得的方式了解我們處理與您有關的個人資料以及我們處理資料的方式。您亦有權向我們確認我們是否有處理您的個人資料，如果是，則您有權存取這些個人資料並取得副本。
• 更正權： 如我們所持有您的個人資料有不完整或不準確之處，您有權作出更正並使其完整。
• 刪除權： 您有權要求我們刪除您的個人資料。我們將刪除您的個人資料或予以匿名，除非適用的資料保護法律另有規定，或 La Prairie 擁有合法權益予以保留。
• 限制處理的權利： 在某些情況下，您有權限制處理您的個人資料。
• 停止收集、使用和／或處理的權利： 如果您是台灣居民，您有權根據 PDPA 規定，要求我們停止收集、使用和／或處理您的個人資料。
• 資料可攜權： 您有權以結構化、常用且機器可讀格式接收您向我們提供的個人資料，且您有權將此類個人資料傳送予另一位控制者。
• 撤回同意的權利： 如果您已同意資料處理活動，您可以隨時按照「您的偏好」項下的規定撤回有關同意。請注意，撤回同意並不會影響在撤回同意之前根據有關同意進行處理的合法性。

此等權利在某些情況下可能有所限制，例如若我們能證明具有法律規定或合約義務而須處理您的個人資料。在某些情況下，這可能代表即使您撤回同意，我們仍能保留您的個人資料。在這種情況下，我們將採用適當的措施及防範以保護您的個人資料。

反對權

若有關個人資料的處理乃依據合法權益進行時，您有權提出反對。儘管如此，我們可能有正當理由繼續處理您的個人資料。

如欲行使任何此等權利，請透過 第 10 節所載資訊聯絡我們。

您的偏好

我們致力就著您向我們提供的個人資料提供選擇權。您可透過以下機制控制您的個人資料：

廣告、促銷及個人化（線下及線上）： 如欲取得我方產品及服務、活動、會員和其他顧客計劃以及其他推廣活動的相關通知，可透過我方數碼平台及銷售點上的相關剔選方格或透過回應美容顧問或店舖代表的問題，表達您的通訊偏好。我們的某些活動及通訊可能按照您的特定興趣及偏好進行個人化處理（我們將依照法律規定向您徵求許可）。

若您希望停收我們的促銷通訊（和∕或希望僅拒絕某種類型的個人化促銷通訊），只需按照相關通訊中的拒絕指示或參閱 第 10 節所列的詳情，即可隨時向我們告知。請注意，我們會發送不同類型的個人化促銷通訊（例如電子報、來自美容顧問的電郵、問卷調查等），您可以選擇拒絕接收所有或部分此類通訊。您不會因拒絕個人化促銷通訊而停止收到我們的服務訊息（即非促銷通訊，例如有關訂單狀態的電郵消息，或有關賬戶活動的通知）。

請注意，您可能會被問及接收我方通訊的偏好渠道，您可以聯絡我們的美容顧問或透過 第 10 節所載的聯絡方式，以隨時變更或更新有關選項。

在適用法律規定的情況下，我們僅在經您同意下方進行直銷活動。如果您在我方數碼平台上擁有 La Prairie 賬戶，您可以在登入後，於賬戶個人檔案下撤回同意和／或更新您的通訊偏好設定。

Cookie／類似技術及興趣導向廣告： 您可以隨時在  Cookie 設置中設定您的 Cookie 偏好。

如果您是加州居民，您可以利用下列私隱權：

• 知情權： 您有權知道我們收集了哪些有關您的個人資料，包括個人資料的類別；個人資料收集來源的類別；收集、出售或分享個人資料的業務或商業目的；我們向其披露個人資料的第三方類別；以及我們收集哪些有關您的特定個人資料。
• 刪除權： 您有權刪除我們向您收集的個人資料，惟部分除外。請注意，由於某些原因，我們無法完全處理您的要求，例如，我們需要為您完成交易、偵測並防範欺詐和非法活動、行使我們的權利、出於內部用途或遵循法律義務。
• 更正權： 您有權更正我們可能保留關於您的不準確個人資料，惟須經過適當的核實。
• 拒絕售賣或分享個人資料的權利： 根據加州私隱法規對「出售」和「分享」此類詞彙的定義，您有權拒絕不允許您的個人資料被「出售」或與第三方以及非使用同一品牌名稱的聯屬公司「分享」。這意味著，如果您選擇拒絕，今後我們將不會出售您的個人資料，或將個人資料與此類第三方分享以用於其目的，包括跨情境行為廣告，除非您稍後指示我們這樣做。

如果您是維吉尼亞州居民，您可以根據維吉尼亞州法典第 59.1-577 節享有某些私隱權。例如，您可以要求存取、改正或刪除您的個人資料。由於我們「出售」個人資料並參與「目標廣告」，而根據維吉尼亞州法規此類詞彙的定義，您亦可以行使選擇以拒絕此類銷售或目標廣告。您有權就您的私隱權被剝奪而提出上訴。

如何提交請求

要利用您在加州或維吉尼亞州法規下享有的知情權、刪除權或改正權，或就您的私隱權被剝奪而提出上訴，請透過我們網站的 客戶服務 頁面向我們發送訊息，或致電 1 800 821 5718 或透過下文「資料控制者及聯絡方式」一節所載資料與我們聯繫。在回應您的存取和刪除請求之前，我們可能會要求您提供某些資訊以驗證您的身分。我們將在 10 個工作日內確認收到您的請求，並在進行適當身分驗證後的 45 個曆日內回覆您的請求，除非我們需要額外時間處理，倘若出現這種情況，我們將通知您。

要行使您拒絕出售或分享個人資料的權利，請點擊我方網站頁尾 「請勿出售或分享我的個人資料」 連結，或透過下文「資料控制者及聯絡方式」一節所載資料與我們聯繫。

我們不會因為您行使私隱權政策本節規定的權利而對您有所歧視。

代理人請求

您可以授權某人代表您（授權代理人）提出有關私隱權的要求。授權代理人將需要證明您已授權其代表您行事，或須證明他們根據適用的遺囑認證法擁有授權書。La Prairie 保留直接向您要求確認的權利，以確認該代理人有權提出此類要求，或要求提供額外資訊以確認代理人的身分。禁止授權代理人將消費者的個人資料或向消費者收集所得或關於消費者的任何資料用於滿足消費者的請求、核實身分或防範欺詐以外的任何目的。

簡訊

您可以傳送簡訊「 SIGNUP 」至 48442 以接收關於 La Prairie 的獨家消息，或在我方網站註冊，即表示您透過您提供的手機號碼訂閱來自 La Prairie 的促銷簡訊。同意接收促銷簡訊與否並非購買任何商品或服務的條件。對於您收到的 SMS 訊息，您的流動服務或無線網絡營辦商可能會收取標準訊息、數據、語音或其他費用。訊息接收次數或有所不同。

您可以隨時向任何簡訊回覆「 STOP 」或文字「48442」以表示拒絕接收簡訊。您可能會收到一則關於您的拒絕請求的最終確認 SMS 訊息。如需協助，請向任何簡訊回覆「 HELP 」或文字「48442」。您亦可以透過 第 10 節所載資訊聯絡我們。

在美國支援的營辦商包括：AT&T、Sprint、T-Mobile®、Verizon Wireless、Boost、Cricket、MetroPCS、U.S. Cellular、Virgin Mobile、ACS Wireless、Appalachian Wireless、Bluegrass Cellular、Carolina West Wireless、Cellcom、C-Spire Wireless（前稱 Cellsouth）、Cellular One of East Central Illinois、Cincinnati Bell Wireless、Cross (dba Sprocket)、Duet IP、Element Mobile、EpicTouch、GCI Communications、Golden State、Hawkeye (Chat Mobility)、Hawkeye (NW Missouri Cellular)、Illinois Valley Cellular、Immix (Keystone Wireless/PC Management)、Inland Cellular、iWireless、Mobi PCS (Coral Wireless LLC)、Mosaic、MTPCS/Cellular One (Cellone Nation)、Nex-Tech Wireless、nTelos、Panhandle Telecommunications、Peoples Wireless、Pioneer、Plateau、Revol Wireless、Rina - Custer、Rina - All West、Rina - Cambridge Telecom Coop、Rina - Eagle Valley Comm、Rina - Farmers Mutual Telephone Co、Rina - Nucla Nutria Telephone Co、Rina - Silver Star、Rina - South Central Comm、Rina - Syringa、Rina - UBET、Rina - Manti、South Canaan/CellularOne of NEPA、Thumb Cellular、Union Wireless、United、Viaero Wireless、West Central Wireless、Leaco、Nemont/Sagebrush。T-Mobile 對延遲或未傳送的訊息概不負責。

資料保障披露

出於商業目的而披露的個人資料類別

在過去 12 個月，La Prairie 出於商業目的披露了以下類別的個人資料（例如與我們的服務供應商或處理者，其對我們披露的個人資料的使用僅限於根據書面合約向我們提供特定服務）：

• 向我們的聯屬公司、我們的第三方服務供應商、付款處理商、電郵／SMS 服務供應商、客戶服務和智慧平台、雲端資料儲存供應商以及打擊欺詐及防偽服務供應商披露的標識符、賬單資料和商業資料。
• 向雲端資料儲存供應商披露的網站註冊憑證。
• 向我們的聯屬公司、我們的第三方服務供應商、電郵／SMS 服務供應商、客戶服務和智慧平台，以及雲端資料儲存供應商披露的偏好設定。
• 向我們的聯屬公司、我們的第三方服務供應商、客戶服務和智慧平台，以及雲端資料儲存供應商披露的個人生活資料。
• 向我們的聯屬公司、我們的第三方服務供應商以及雲端資料儲存供應商披露與您之間的通訊。
• 向我們的聯屬公司、我們的第三方服務供應商以及雲端資料儲存供應商披露您所提供的內容。
• 向我們的聯屬公司、我們的第三方服務供應商、付款處理商、電郵／SMS 服務供應商、客戶服務和智慧平台、雲端資料儲存供應商以及打擊欺詐及防偽服務供應商披露的互聯網或電子活動資料。
• 向我們的聯屬公司、我們的第三方服務供應商、付款處理商、電郵／SMS 服務供應商、客戶服務和智慧平台、雲端資料儲存供應商以及打擊欺詐及防偽服務供應商披露的人口統計資料。
• 向我們的聯屬公司、我們的第三方服務供應商、電郵／SMS 服務供應商、客戶服務和智慧平台，以及雲端資料儲存供應商披露的敏感個人資料 。
• 向我們的保安服務供應商披露的音像資料 。
• 向我們的聯屬公司、我們的第三方服務供應商、付款處理商、電郵／SMS 服務供應商、客戶服務和智慧平台、雲端資料儲存供應商以及打擊欺詐及防偽服務供應商披露從上述類別得出的推論。

更多有關我們披露個人資料的業務目的詳情，載列於上文「我們如何披露和轉移您的個人資料」一節。

出售或分享的個人資料類別

在過去 12 個月中，La Prairie 出於本私隱政策所述目的，向廣告網絡、廣告平台和社交媒體公司出售或分享了以下類別的個人資料，包括目標廣告：

• 識別碼
• 商業資料
• 偏好
• 個人生活資料
• 互聯網或電子活動資料
• 社交媒體資料
• 人口統計資料
• 從上述類別得出的推論

我們不會故意出售或分享未滿 16 歲人士的個人資料。

如對本政策或一般的私隱事宜有任何問題，或希望就著我們遵循適用私隱法律的情況提出投訴，請參閱我方網站的「 聯絡我們 」頁面聯繫我們，我們的客戶服務團隊將樂意為您提供協助。

另外亦可前往「 聯絡我們 」頁面，以行使上述的偏好設定及權利。
我們將確認和調查您提出的任何投訴（包括根據適用的私隱法律觸犯到您的權利的投訴）。我們期望能夠回應您的查詢。您可透過以下方式聯絡 La Prairie Group AG（及其聯屬公司）指定的資料保護專員 (DPO)：Data.Privacy@LaPrairieGroup.ch

然而，您有權向相關的資料保護主管機關提出投訴，特別是在您的慣常居住地或涉嫌違規地點的成員國／地區。

如果您身處澳洲，您的資料保護主管機關為澳洲資訊專員辦公室(www.oaic.gov.au)。

如果您身處香港，您的資料保護主管機關為個人資料私隱專員公署(https://www.pcpd.org.hk/)

如果您身處日本，您的資料保護主管機關為個人情報保護委員會(https://www.ppc.go.jp/)。

PRIVACY POLICY - 18 DECEMBER 2024

1.General Information

1.1 Processing of Personal Data

The purpose of this privacy policy is to provide you with information concerning the processing of personal data when using our corporate and careers websites, and for related services if you are a service provider, business partner, or third-party vendor. This privacy policy applies to all websites or services that feature this privacy policy.

For more information about our data processing activities related to our application process, employees and contingent workers, please visit our dedicated Privacy Notice for Employees, Job Applicants and Contingent Workers, also available on our corporate careers website. 

For more information about our data processing activities related to our clients, clienteling activities and our e-commerce platforms, please visit our dedicated Privacy Policy, also available in all relevant languages depending on your region.

Personal Data refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, information such as name, address, email address, phone number, or any other data that can be used to directly or indirectly identify an individual. The definition and treatment of personal data are governed by applicable data protection laws and regulations in the relevant jurisdiction, which may include specific rules regarding the collection, processing, storage, and transfer of such data. 

1.2. Controller

Responsible for the processing of personal data is: 

La Prairie Group AG

Bellerivestrasse 36, 8008, Zürich Switzerland

Info[at]LaPrairieGroup.ch

+41 44 947 82 10

Contact details of the Data Protection Officer: 

Data.Privacy[at]LaPrairieGroup.ch, or under the postal address of the controller for the attention of the “Data Protection Officer”.

Specific data processing activities might occur under the responsibility of other controllers, including our local affiliates, in connection with local processing activities. It is indicated in the respective description of those activities below, where this is the case. For a list of contact details for all La Prairie affiliates, please visit our dedicated page here.

1.3. Rights of the Data Subject

As a data subject affected by the data processing activity, you have the following rights with regard to your personal data, subject to the applicable data protection laws and regulations in your relevant jurisdiction:

• Right of access;
• Right to rectification and to erasure;
• Right to restriction of processing;
• Right to data portability; and 
• Right to object. 

1.4 Recipients (general information)

Furthermore, you have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data.

When we work on your above-mentioned right, we may ask you for proof of your identity. For more information on how we process your data in this context, see Section 3.1.

In addition to the recipients that are listed within the recipients paragraph of each section below, we transfer the collected data to the relevant internal departments for processing and to other affiliated companies within the La Prairie and Beiersdorf Group or to external service providers, contract processors in accordance with the purposes required. We also forward the data to the following recipients:

• Platform/hosting providers may have access to personal data from jurisdictions outside of your own. In such cases, appropriate safeguards are implemented, including legally binding agreements or contractual mechanisms that comply with applicable data protection laws and regulations. Where personal data is transferred to jurisdictions covered by specific adequacy decisions or similar rulings, those rulings will apply. For more information (such as a copy of the safeguards), you can contact us as outlined under Section 1.2.

• Analytical service providers may have access to personal data from jurisdictions outside of your own. In these instances, appropriate safeguards, such as legally binding agreements or other contractual mechanisms, are in place to ensure compliance with the relevant data protection laws and regulations. If the transfer is made to jurisdictions with recognized adequacy decisions or similar provisions, those rulings apply. For further details, including information about these guarantees, please contact us as mentioned under Section 1.2.

• IT support service providers may have access to personal data from jurisdictions outside of your own. To protect this data, legally binding agreements or similar mechanisms are used to ensure the protection of personal data in line with applicable data protection laws. In cases where an adequacy decision or equivalent applies, that decision will govern the transfer. More information, including copies of guarantees, is available upon request, as outlined in Section 1.2.

• Authorities: In the event of a legal obligation, we reserve the right to disclose your information if required to do so by competent authorities or law enforcement bodies in accordance with applicable data protection laws and regulations.

Further information can be found within the recipients paragraph of each section.

2. Collection and Processing of Personal Data when visiting our Website

When visiting and using our website we already collect personal data. You can find within this section more information about website specific processes and tools especially from external partners. Further information about processes which can also occur in an offline context can be found in Section 3.

2.1.Hosting

Purpose/Information:
When visiting and using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

Used Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
-Platform/hosting providers

-IT support service providers

Further recipients can be found in the general recipients Section 1.4.

Deletion:
The deletion of the log files takes place after 7 days.

2.2. Login functionalities

Our careers website might provide different login functionalities as described below.

2.2.1 Career Opportunities Login Profile

Purpose/Information: 
Our careers website allows you to create a centralised login profile and includes a separate consent during the registration process: When registering, La Prairie Group AG provides you with the opportunity to create an account with a password (login profile). This login profile will be created within the centralised login profile database and shall verify that you are the valid owner of the account and/or email address. This login database is in general only connected to the service you are registering to and handles only the verification part of your login profile. You will be asked to read and agree to our Privacy Notice for job applicants, a copy of which is also available under Section 3.4. The login profile will therefore also be accessible to the respective local La Prairie affiliate company from which you are demanding the service.   

Used Cookies: Type A. More information can be found in the “Cookies/Tools” section.

Controller: 
See Section 1.2 above.

Recipients: 
Platform/Hosting providers

Further recipients can be found in the general recipients Section 1.4.

Deletion / Withdrawal:  
Your login profile will be automatically deleted as soon as you have deleted your account on our careers website, unless this conflicts with legal storage obligations or statutes of limitations. An automatic deletion of candidate accounts in general take place after 12 months of inactivity.  

2.3. Cookies/Tools

This website uses cookies or other technologies/tools like pixels, local storage, tags, IDs or external services (hereinafter referred to as “Cookies/Tools”) and are used on when visiting and using our website. Cookies are small text files that are stored by your browser on your device to save certain information or image files, such as pixels. The next time you visit our website on the same device, the information saved in the cookies will subsequently be accessed on your device and transmitted either to our website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”). 

Through the information saved and returned, the respective website can recognise that you have already accessed and visited it with the browser you use on that device. We use this information to be able to design and display the website in an optimum way in line with your preferences. In that respect, only the cookie itself is identified on your device. Beyond this extent, your personal data will only be saved upon your express consent or if it is strictly necessary to be able to use the service offered to and accessed by you accordingly.

This website uses the following types of cookies/tools, the scope and functionality of which are explained below:

• Type A: Technical/Audience Measurement – to ensure that the demanded service can be provided including basic analysis. 
• Type B: Functional and Performance – Additional tools to measure the performance/attractiveness of our website and to provide further additional (personalised) functionalities.
• Type C: Marketing/Advertising – Cross websites tools for marketing profiling based on user behaviour.

You can find more information on in the description of the tools implemented on our websites in this privacy policy.

For additional cookies relevant to this website that are not listed below, please refer to our Privacy Preference Center which is accessible by clicking “Cookies Settings” at the bottom of the page. This will allow you to review and manage your cookie preferences, including detailed information about the types of cookies used, their purposes, and the ability to opt in or out of specific categories of cookies, where applicable.

Please note that the tools listed in the following subsection might not be constantly in use.

2.3.1 OneTrust Cookie Consent – Central cookie management platform

Purpose/Information:
This website is using the consent management tool “OneTrust Cookie Consent” (www.onetrust.com) to obtain consent for data processing and use of cookies or comparable functions. "OneTrust Cookie Consent“ stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the user’s browser, when consent is not given. 

By processing the data, OneTrust Cookie Consent helps us to fulfil our legal obligations (e.g. obligation to provide evidence). Our interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "OneTrust Cookie Consent" stores your data as long as your user settings are active.

The provision of your personal data is required for the performance of the contract or a situation similar to a contract. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service.

Cookies/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider is OT Technology Spain, Passeo de la Castellana 77, 28046 Madrid, Spain.

Further recipients can be found in the general recipients Section 1.4.

Deletion:
The data will be stored for up to one year The choice you have made (consent/setting) will be stored for one year and can be viewed within the Cookie Settings. The Cookie Settings are located on the bottom of the main page. You can always delete your choice by deleting the cookies within your browser.

2.3.2 Google Analytics

Purpose/Information:
This website uses Google Analytics, a web analysis service of Google Ireland Ltd. (“Google”). 

Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. The cookies set by Google Analytics for measurement are first party cookies, which means that data subjects’ cookie values will be different for each customer (i.e. there is not a single Google Analytics cookie ID that is used on all sites using Google Analytics). The information about your use of this website generated by the cookie is generally transmitted to a Google server in the USA and stored there. 

Google uses this information on our behalf to analyse your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. 

We use Google Analytics to analyse and regularly improve the usage of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. In addition, we gain information about the functionality of our site (for example to detect navigation problems).

In the configuration of Google Analytics, we ensured that Google receives this data as a processor and is therefore not allowed to use this data for its own purposes. The "Google Analytics Advertising Features" configuration is independent from this and is described in the appropriate section below, provided it is also used on this website. 

Cookies/Tools: Type B. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd., Ireland. 

Transfers of personal data to third countries as defined by applicable data protection legislation may occur. Where required, appropriate safeguards are implemented to ensure an adequate level of data protection. For countries covered by an adequacy decision under applicable data protection legislation, the adequacy decision applies. For more information, including details about applicable safeguards, you can contact us as mentioned in Section 1.2.

Further recipients can be found in the general recipients Section 1.4.

Deletion/Withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page.

Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website)

2.3.3 Google Analytics Advertising Features

This website also uses the extended functions of Google Analytics (Google Analytics Advertising Features) in addition to the standard functions. The Google Analytics Advertising Features implemented on this website include:

• Google Display Network Impression Reporting
• Google Analytics Demographics and Interest Reporting
• Remarketing Audiences based on specific behaviour, demographic, and interest data, sharing those lists with Google Ads
• Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
• Google Signals in order to receive more insights about you when you are signed in to your Google account in the browser with which you are accessing this website. This feature is only active if you have additionally consented within your Google settings to the data sharing/Ads Personalisation.

We therefore use first-party cookies (e.g. Google Analytics cookies) and Google advertising cookies and identifiers together in order to optimise our website.

Cookie/Tools: Type C. More information can be found in the “Cookies/Tools” section.

Information about Google Consent Mode:

Additionally, this website uses Google Consent Mode. Consent Mode sends statistical data via cookie-less pings about whether a user has clicked on an ad or link and has landed on our website (conversion). The statistical data is then used with a mathematical modelling to enhance the internal reporting. A ping contains by default technical information like the IP-address, platform type or screen resolution. As these data or the combination of it might theoretically be considered as personal data by Google Ireland Ltd, additional measures have been implemented to ensure that the ping data is not personal data: Certain information of the ping are being set to a default value by our server before sending it to Google analytics.

Recipients/Source:
Main service provider and source: Google Ireland Ltd., Ireland. 

Transfers of personal data to third countries as defined by applicable data protection legislation may occur. Where required, appropriate safeguards are implemented to ensure an adequate level of data protection. For countries covered by an adequacy decision under applicable data protection legislation, the adequacy decision applies. For more information, including details about applicable safeguards, you can contact us as mentioned in Section 1.2.

Further recipients can be found in the general recipients Section 1.4.

Deletion/Withdrawal:
You can deactivate this tool via the Cookie Settings. The Cookie Settings are located on the bottom of the main page. 

Cookie lifetime: event data is stored for up to 50 months; your personal data as a user is stored for up to 14 months (this applies only for cookies which have been set by this website).

2.3.4 Google Tag Manager

Purpose/Information:
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data are stored. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.

Cookie/Tools: Type A. More information can be found in the “Cookies/Tools” section.

Recipients:
Main service provider: Google Ireland Ltd, Ireland. 

Transfers of personal data to third countries as defined by applicable data protection legislation may occur. Where required, appropriate safeguards are implemented to ensure an adequate level of data protection. For countries covered by an adequacy decision under applicable data protection legislation, the adequacy decision applies. For more information, including details about applicable safeguards, you can contact us as mentioned in Section 1.2.

Further recipients can be found in the general recipients Section 1.4.

Deletion:
Aggregated event data is stored for up to 50 months; your personal data as a user is not stored in Google Tag Manager and therefore no retention period applies.

3. Further services offered (on- and offline)

In addition to the online use of our website, we offer various other services, for which we process your personal data also in an offline context. 

Contrary to Section 1.2, in some cases a legal entity within the La Prairie corporate group is the Controller for the services offered below; this will have already been identified within the communication itself. If reference is therefore made to sections of this privacy policy, and a Controller has already been named, e.g. in the footer/signature of an email or campaign card, this legal entity is the Controller in accordance with applicable data protection laws and regulations.  

3.1. Contacting/Communication/Collaboration

Purpose/Information:  
When communicating and/or collaborating with us, e.g. by email or via contact form on our website, or data exchange platform, be it e.g. as a business partner or customer, the data you provide (including but not limited to your email address, your name and your telephone number, or personal data submitted during the conversation) will be stored and processed by us in order to e.g. answer your questions, requests or for the purpose of business related correspondence.

With regard to the cooperation with our suppliers, we have implemented an internal evaluation process of due diligence which, in our legitimate interest, is intended to improve the business relationship. As a rule, we only process information about the company, but conclusions can be drawn about you as the contact person of that company, if the communication with suppliers is examined with regard to response times, reliability and transparency.

We may ask you when you contact us by telephone as a customer whether the telephone call may be recorded for quality assurance and training measures. If you agree to the recording, we will process all information that you share with us during the call (communication content, possibly also sensitive (health) data, as well as your phone number and other personal data).

When processing data arising in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification or in accordance with the respective communication request.

In certain cases, the provision of your personal data as a business partner or customer is required for the performance of the contract or a situation similar to a contract. Additionally, your personal data may be required for related purposes, such as compliance with legal obligations, responding to or conducting investigations, or handling legal or regulatory proceedings. You are not obliged to provide your personal data. If your personal data is not provided, you cannot use the described service. 

Recipients and sources:
If you are a business partner, we will regularly check your creditworthiness in certain cases (e.g. when concluding contracts). Our legitimate interest is the minimization of our financial risk. For this purpose, we cooperate with credit agencies from which we receive the necessary data. For this purpose we transmit your name and your contact data to the credit agencies.

If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a company transaction. In the course of due diligence, usually anonymised data is processed. However, it may be necessary in specific individual cases to process personal data. Our legitimate interest lies in the execution of the company transaction.

We may transfer your collected data to our relevant internal departments for processing and to other affiliated companies within the La Prairie and Beiersdorf Group, to external service providers, contract processors, or, where necessary, to public authorities in compliance with legal obligations, regulatory requirements, or in response to lawful requests, all in accordance with the purposes required.

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to surrender it to competent authorities or law enforcement bodies.

Additionally, we also forward the data to the following recipients:

• Platform/hosting providers;
• Analytical service providers; and/or,
• IT support service providers.

3.2. Job posting updates

For all recipients listed above, transfers of personal data to recipients in countries outside of the applicable jurisdiction may occur. Where required by law, appropriate safeguards, such as standard contractual clauses or other legally recognized mechanisms, are implemented to ensure adequate protection of personal data. For countries or entities subject to an adequacy decision, such a decision will apply. For more information or to request a copy of the relevant safeguards, please contact us at Data.Privacy[at]LaPrairieGroup.ch.

Further recipients can be found in the general recipients Section 1.4.

Deletion /Objection:
Your data will be retained only for as long as necessary to fulfil the purposes for which it was collected, unless statutory retention obligations exist or periods of limitation must be observed.

Call recordings are stored for a maximum of 90 days. 

You can object to these processes according to the requirements under Section 4.

Purpose/Information: 
Job posting updates provide candidates with notifications about new job opportunities and relevant updates tailored to their preferences. By subscribing to these updates, candidates receive notifications based on their selected interests and preferences, such as keywords for specific roles, locations, or departments.

The updates are customized based on the preferences candidates set in their profiles. Candidates can adjust the frequency of these notifications through their candidate profiles under “Job Alerts” to receive updates every set amount of days on a recurring basis.

Recipients: 
-Platform/hosting provider

Transfers of personal data to third countries as defined by applicable data protection legislation may occur. Where required, appropriate safeguards are implemented to ensure an adequate level of data protection. For countries covered by an adequacy decision under applicable data protection legislation, the adequacy decision applies. For more information, including details about applicable safeguards, you can contact us as mentioned in Section 1.2.

Further recipients can be found in the general recipients Section 1.4.

Deletion / Withdrawal: 
Candidates can unsubscribe from job posting updates at any time by logging into their candidate profile and updating their notification preferences. Job alerts and subscriptions will also be automatically deleted after 12 months of inactivity, at which point the entire candidate profile will be deleted.

3.3. Postal mailings

Purpose/Information:
As a selected customer or business partner, you may receive shipments from us by post (letter), including documents, products, or other materials necessary for the performance of a contract or based on our legitimate interests in facilitating business operations. These shipments are provided in the context of our professional relationship.

Recipients:
-Platform/hosting provider

-Communication service provider

-Shipping service provider 

Transfers of personal data to third countries as defined by applicable data protection legislation may occur. Where required, appropriate safeguards are implemented to ensure an adequate level of data protection. For countries covered by an adequacy decision under applicable data protection legislation, the adequacy decision applies. For more information, including details about applicable safeguards, you can contact us as mentioned in Section 1.2.

Further recipients can be found in the general recipients Section 1.4.

Deletion / Objection:
Your data will be deleted as soon as the purpose for the shipment has been fulfilled unless legal storage obligations or statutes of limitations require otherwise. You can object to further postal mailings as described in the Section 4 below. We further delete your personal data after the contractual relationship between us has been terminated.

3.4. Data Privacy Statement for applicants (recruitment)

For more information about the application process please go to our dedicated Privacy Notice for Employees, Job Applicants and Contingent Workers, also available on our corporate careers website. 

4. Objection or Withdrawal of your consent to the Processing of Personal Data

If you have given your consent to the processing of your data, you can withdraw your consent at any time. Such a withdrawal influences the permissibility of processing your personal data after you have given it to us. Withdrawing consent does not affect the lawfulness of any data processing that occurred prior to the withdrawal.

If we base the processing of your personal data on our legitimate interests, if relevant and as permitted by applicable law, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the description of the functions/services. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing. 

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection under the above-mentioned contact details for the controller.