PRIVACY POLICY
Date of last update: January 10, 2022
Your Personal Data may be processed by TOMILLIE, a société à responsabilité limitée incorporated under French law, registered with the Paris Trade and Companies Register under number 832 898 837, having its registered offices at 350 rue Saint Honoré 75001 Paris, France, operating under the trade name “Pernille Christiansen” (hereinafter referred to as “PERNILLE CHRISTIANSEN”).
PERNILLE CHRISTIANSEN processes Personal Data (or “Data”) in accordance with the legal obligations relating to the Processing of Personal Data, in particular French Law No. 78-17 dated 6 January 1978 relating to information technology, files and civil liberties and European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as the General data protection regulation or “GDPR”), which entered into force on 25 May 2018.
All capitalised terms used in this policy, with the exception of those that it explicitly defines, refer to the concepts defined by the GDPR. PERNILLE CHRISTIANSEN constantly monitors compliance with the legal rules on the protection of Personal Data and intends to ensure responsible and transparent governance of the Data Processing that it operates.
The purpose of this notice (hereinafter referred to as “Privacy Policy”) is to define the terms and conditions for the Processing of personal Data (hereinafter referred to as “Personal Data”) carried out by PERNILLE CHRISTIANSEN through its website and the provision of its services.
1. PROCESSING CARRIED OUT BY PERNILLE CHRISTIANSEN ON ITS OWN BEHALF
For all the Processing mentioned below, PERNILLE CHRISTIANSEN assumes the role of Data Controller.
1.1. YOU ARE A USER OF THE SITE
When you enter your e-mail address in the field dedicated to this purpose in order to receive press releases from PERNILLE CHRISTIANSEN, you agree that this Personal Data may be used by PERNILLE CHRISTIANSEN to send you press releases by e-mail. This Processing is based on your Consent (article 6.1. a) of the GDPR), which you may withdraw at any time by clicking on the link in each e-mail or by contacting PERNILLE CHRISTIANSEN.
1.2. YOU ARE A CO-CONTRACTOR OF PERNILLE CHRISTIANSEN
If you contract with PERNILLE CHRISTIANSEN, PERNILLE CHRISTIANSEN is likely to process on its own behalf Personal Data relating to the people whom you employ or who are involved or who carry out assignments on your behalf, including employees and influencers who provide their services to brands. The categories of Data concerned, mentioned below, are collected directly by PERNILLE CHRISTIANSEN when the contract is concluded:
– Personal identification Data (surname, first name, pseudonym); – Contact Data (address, telephone number, email); – Banking Data; – Data relating to the Influencer’s profile (age, gender (if applicable), social network accounts and channels, number of followers, type and number of posts, etc.).
Personal identification, contact and banking Data are first processed by PERNILLE CHRISTIANSEN in order to ensure the proper performance of the contract (Article 6.1. b) of the GDPR), in particular to communicate with you and to ensure the payment of services.
Such Personal Data may also be processed by PERNILLE CHRISTIANSEN in order to analyse the suitability of your profile with that of other contracting parties and to offer you new opportunities. Such Processing is justified by PERNILLE CHRISTIANSEN’s legitimate interest in the development of its public relations and communication consultancy activities and in building up customer loyalty (Article 6.1. f) of the GDPR).
2. GENERAL PROVISIONS APPLICABLE TO ANY PROCESSING CARRIED OUT BY PERNILLE CHRISTIANSEN
2.1. PERSONAL DATA PROCESSED
The categories of Data processed by PERNILLE CHRISTIANSEN are specified in the present Privacy Policy and/or, where applicable, in the contract on which the Processing is based. PERNILLE CHRISTIANSEN collects this Data directly from you.
PERNILLE CHRISTIANSEN does not process special categories of Data within the meaning of the GDPR, known as “sensitive”, relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic Data, biometric Data or Data relating to health, life or sexual orientation, nor Data relating to criminal convictions and offences, except where necessary and required or permitted by applicable legislation.
2.2. PURPOSES AND LEGAL BASES OF THE PROCESSING
Personal Data is collected and processed for specific purposes and is not further processed in a manner that is incompatible with these purposes, except in cases provided for by law. PERNILLE CHRISTIANSEN ensures that the Data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Each Processing is based on a legal basis clarified in the present Privacy Policy and/or, where applicable, in the contract on which the Processing is based.
2.3. RECIPIENTS OF THE PERSONAL DATA
All of the above categories of Personal Data may be communicated to PERNILLE CHRISTIANSEN’s technical, customer, administrative, accounting and financial, marketing and sales service providers. PERNILLE CHRISTIANSEN may also communicate this Data where there is a legal or contractual obligation incumbent on it, in particular to comply with administrative and legal procedures.
2.4. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
When communication to these Recipients implies a transfer of your Data outside the European Union, to a State that does not offer a level of guarantees similar to that recognised by the GDPR (list available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en) and that is not subject to an adequacy decision, PERNILLE CHRISTIANSEN ensures the existence of appropriate guarantees, within the meaning of Articles 45 et seq. of the GDPR.
2.5. RETENTION PERIOD OF PERSONAL DATA
For all other Processing, PERNILLE CHRISTIANSEN shall keep the Personal Data for the entire duration of the services covered by the contract, and for a maximum of three (3) years after your last contact with PERNILLE CHRISTIANSEN. On the other hand, the Data relating to payment methods will not be retained. It is only collected during the transaction and is immediately deleted once the services have been paid for. Some of the Data may be retained for an additional period of time for the management of complaints, the management of pre-litigation and/or litigation, to meet PERNILLE CHRISTIANSEN’s legal or regulatory obligations, or to respond to requests from authorised authorities. For example, the Data necessary for billing will be retained for ten (10) years in order to meet its accounting obligations.
2.6. SECURITY OF PERSONAL DATA
PERNILLE CHRISTIANSEN shall take the necessary measures to guarantee the security of the Data collected and in particular their confidentiality, i.e. to ensure that only authorised persons have access to them.
When the Data are no longer necessary for pursuing the associated purpose, PERNILLE CHRISTIANSEN shall destroy them securely or make them anonymous.
2.7. RIGHTS OF THE DATA SUBJECT
Within the limits and conditions authorised by the legislation in force, you have the rights of access, rectification and updating, erasure, objection, portability, limitation of Processing, as well as the right of withdrawal of your Consent when Consent is the legal basis for the Processing carried out, and this within the limits and conditions laid down by Chapter III of the GDPR.
These rights may be exercised by contacting PERNILLE CHRISTIANSEN by email at the following address: [email protected] or by post at the following address: PERNILLE CHRISTIANSEN, 350 rue Saint Honoré 75001 Paris (France). A complaint may also be lodged with the French data protection agency “CNIL” (www.cnil.fr).
3. PROCESSING CARRIED OUT BY PERNILLE CHRISTIANSEN ON BEHALF OF ITS CLIENTS
Within the framework of the services it provides, PERNILLE CHRISTIANSEN is led to directly collect and process Personal Data concerning persons performing duties for its clients or carrying out missions on their behalf, including employees and service providers lending their services. For these Processing operations, based on the performance of a contract (Article 6.1. b) of the GDPR), PERNILLE CHRISTIANSEN acts as a Data Processor, on behalf of each client, sole Data Controller. The details of these Processing, and in particular the categories of Data processed, are specified in each contract concerned. In addition to the general terms applicable to all Processing carried out by PERNILLE CHRISTIANSEN (see §2 above), the following terms are intended to apply to the relationship between PERNILLE CHRISTIANSEN and each client:
- • PERNILLE CHRISTIANSEN only processes Personal Data upon documented instruction from its clients, including transfers of Personal Data to a third country or to an international organisation, unless PERNILLE CHRISTIANSEN is obliged to do so under Union law or the law of the Member State to which it is subject; in this case, PERNILLE CHRISTIANSEN informs its client of this legal obligation prior to Processing, unless the law concerned prohibits such information on significant grounds of public interest. If an instruction appears to be unlawful, PERNILLE CHRISTIANSEN shall immediately inform the client. PERNILLE CHRISTIANSEN ensures that the persons authorised to process Personal Data undertake to preserve confidentiality or are subject to an appropriate legal obligation of confidentiality. In general, PERNILLE CHRISTIANSEN undertakes to implement appropriate technical and organisational measures to guarantee a level of security appropriate to the risks incurred by the Processing.
- Each client acknowledges and accepts that PERNILLE CHRISTIANSEN may use Sub-Processors to carry out its activities, and PERNILLE CHRISTIANSEN undertakes to inform the client prior to the recruitment of new subcontractors in order to enable the client to object. In the absence of objection within a period of ten days, the sub-processor shall be deemed to have been accepted by the client. PERNILLE CHRISTIANSEN undertakes to impose the same obligations upon the sub-processor as those set out in the present Privacy Policy, and remains fully responsible to the client for their performance.
- As far as possible and depending on its available means, PERNILLE CHRISTIANSEN undertakes to assist the client in responding to requests from Data Subjects wishing to exercise their rights. Within the same limits, PERNILLE CHRISTIANSEN helps the client to ensure compliance with the obligations set out in Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information at its disposal.
- At the end of its mission, PERNILLE CHRISTIANSEN undertakes, at the client’s choice, to delete the Personal Data processed exclusively on behalf of the latter, or to return them to the client, and to delete existing copies, unless the law of the Union or the law of the Member State requires the Data to be retained.
- Finally, PERNILLE CHRISTIANSEN provides the client with all the information necessary to demonstrate compliance with its obligations, in particular in the context of an audit, provided that: (i) PERNILLE CHRISTIANSEN is informed in writing thirty days in advance, (ii) this audit does not take place more than once a year, and (iii) the client undertakes to respect the confidentiality and security of the data relating to PERNILLE CHRISTIANSEN and its activity, and more generally to take the same care of all PERNILLE CHRISTIANSEN’s materials and resources as it would for its own activity.