INTRODUCTION
Your privacy is important to Signify.
We have drafted this Privacy Notice (also referred to as “Notice”) in an easy and comprehensible way to help you understand who we are, what personal data we collect about you, why we collect it, and what we do with it. Keep in mind that personal data (in this Notice also referred to as “data” or “your data”) means any information or set of information from which we are able, directly or indirectly, to personally identify you, in particular by reference to an identifier, e.g. name and surname, email address, phone number, etc.
Please keep in mind that since Signify is an international company, this Notice may be replaced or supplemented in order to fulfill local requirements, as well as to provide you with additional information on how we process your data through specific Signify products, services, systems or applications. For products or services (including web or app-based functionality) that may involve specific processing of your data, this Notice might be supplemented by our product specific notices which provide additional information on the processing of your data related to the product or service.
For these specific privacy notices, please visit our Signify privacy center (see “Legal information” section).
We strongly encourage you to take some time to read this Notice in full. If you do not agree to this privacy notice, please do not provide us with your data.
We protect your personal in line with our Binding Corporate Rules (“Signify Privacy Rules”).
WHEN DOES THIS PRIVACY NOTICE APPLY?
This Notice covers how we collect and use your data, e.g.
- when you visit or use our consumer and customer-directed websites, applications or social media channels;
- purchase and use our products, services, systems or applications;
- subscribe to our newsletters or other marketing communications;
- provide to us your goods or services;
- contact our customer support;
- join our business events; or otherwise interact with us (directly or indirectly) in your capacity as consumer, business customer, partner, (sub) supplier, contractor or other person with a business relationship with us.
This Privacy Notice only applies to you in case we are considered to be the Data Controller for the processing of personal data. In case we are acting as a Data Processor, the Privacy Notice shared by the Data Controller will govern your personal data.
If you are a resident in the USA, Brazil or China, this Privacy Notice is supplemented by a Country Specific Privacy Notice, which also applies to you.
WHO IS SIGNIFY?
As Signify, we are a global organization leader in the general lighting market with a unique competitive position and recognized expertise in the development, manufacturing and application of innovative lighting products, systems and services.
When this Notice mentions “we,” “us,” or the “Company,” it refers to the controller of your data under this Notice, namely the Signify affiliate with which you had, have or will have a business relationship or that otherwise decides which of your data are collected and how they are used, as well as Signify Netherlands B.V. (Registration number 17061150 – High Tech Campus 48, 5656 AE, Eindhoven, The Netherlands). Please note that the Signify affiliates include the subsidiary companies in which Signify N.V. has control, either through direct or indirect ownership. You may obtain a list of Signify affiliates by contacting the Signify Privacy Office (you will find the contact details in the below section “what are your choices?”).
WHAT TYPES OF DATA WE COLLECT ABOUT YOU?
Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, over the phone, etc.) we may process different data about you. We may collect your data, for example, when you visit or use our consumer and customer-directed websites, applications or social media channels, purchase and use our products, services, web-based tools, mobile applications, systems, subscribe to our newsletters, install a software update, provide to us your goods or services, contact our customer support, join our business events, participate to our contests, promotions and surveys or otherwise interact with us. The data collected through your interaction with and use of our services and websites, may not, standing alone, reveal your specific identity or directly relate to an individual, but could, when combined with other data, link back to you.
Below you will find an overview of the categories of data that we may collect:
Information you provide to us directly
Categories of data | Examples of types of data |
Personal identification data | Name, surname, title, date of birth |
Contact information data | Email, phone number, address, country |
Account log in information | Log in ID, password or other security codes |
Images, quotes and/or videos from which you may be identified | Pictures uploaded to Signify accounts or otherwise provided to us for example in the context of a webinar or interview |
Financial data | Credit card data, bank account data |
Any other information that you decide to voluntarily share with Signify or its affiliates | Feedback, opinions, reviews, comments, uploaded files, interests, information provided for our due diligence process |
Lastly, if you visit our premises, for security reasons we might also record your data through video or other electronic, digital or wireless surveillance system or device (e.g. CCTV).
Information we collect automatically
When you visit or use our websites or applications, subscribe to our newsletters or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:
Categories of data | Examples of types of data |
Device information | Hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, device settings used to access the services, and device configuration |
Log information | Time, duration and manner of use of our products and services or products and services connected to ours |
Location information | Your location (derived from your IP address, Bluetooth beacons or identifiers, or other location-based technologies), that may be collected when you enable location-based products or features such as through our apps |
Luminaire information | Luminaire unique identifiers, luminaire information stored in the device |
Other information about your use of our digital channels or products | Apps you use or websites you visit, links you click within our advertising e-mail, motion sensors data |
Information we may collect from other sources
To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties.
Information we may aggregate from different sources to your profile
If you have indicated to us that you wish to receive personalized direct marketing communications, we might aggregate data from different sources (both internally and externally) to have a better understanding of your preference and interests, and be able to serve you with more relevant communications. You can always object to these activities by opposing this. In particular, you can always opt-out from receiving marketing-related emails by following the unsubscribe instructions provided in each email. If you can sign-in to a Signify account, you might be given the option to change your communication preferences under the relevant section of our website or application. You can always contact us (you will find the contact details in the below section “What are your choices?”) to opt-out from receiving marketing-related communications.
HOW DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
When you visit or use our websites and/or apps we may register your IP address, browser type, operating system, referring website, your general geographic location as indicated by your IP address, web-browsing behaviour, app behavior and whether and how you interact with content available on our websites and within our apps. We use different methods to collect this information, including our own cookies and third-party cookies. For more information on how we use cookies and other tracking technologies, read our Cookie Notice. To the extent you have shared your consent, we may receive your location data or gain access to certain data stored on your mobile phone, such as photographs, voice instructions and contacts.
For more information on how we use cookies and other tracking technologies, read our Cookie Notice (which can be found in the website of the Signify Privacy Center, see “Legal information” section). Via our cookie preference functionality, you are in control of your preferences.
HOW DO WE USE YOUR DATA?
We may use your data for different legitimate reasons and business purposes.
Below you will find an overview of the purposes for which we may process your data:
Purposes | Examples |
Assessment and (re)screening of (potential) Customers, Suppliers and/or Business Partners | Conducting due diligence |
Conclusion and execution of agreements | Sales, billing, shipment of products or services, registration to mobile applications or websites, participation in training, warranty, service communications, account management |
Providing support (upon your request) | Providing support via communication channels, such as customer or contact center support |
Direct marketing | Promoting contact with consumers and/or business customers (only in certain countries), including prospective customers, email and/or electronic marketing, market surveys, personalizing your experience by presenting products and offers tailored to your preference, interests or profile (such as on our sites, applications or in other communication channels) |
Security and protection of our interests/assets | Deploying and maintaining technical and organizational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests |
Compliance with legal obligations | Disclosing data to government institutions or supervisory authorities as applicable in all countries in which we operate, such as tax and national insurance deductions, record-keeping and reporting obligations, conducting compliance audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, and managing any internal complaints or claims |
Defense of legal claims | Establishment, exercise or defense of legal claims to which we are or may be subject to |
Product development | To improve the services, products, online services, mobile applications and communications we provide towards you or others |
You may choose to participate in sweepstakes, contest games or other competitions (“Competition”) via our website. When you participate in a Competition, we use your data to allow you to participate, to identify you, to prevent/detect fraud and to fulfill the prize to you (if you win) and we consider the processing of this data in the above context to be necessary for the performance of the contract. Please read the terms and conditions of the respective Competition for further information.
If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.
It is your responsibility to ensure that information you share with us does not violate any third party’s rights.
HOW DO WE USE YOUR DATA FOR MARKETING?
Signify Netherlands B.V. and other relevant Signify affiliates may send you regular promotional communications about their products, services, events and promotions.
Such promotional communications may use, amongst others, the “PHILIPS”, “HUE”, “SIGNIFY” and/or “INTERACT” brand and may be sent to you via different channels such as: email, phone, SMS text messages, postal mailings, third party social networks. Please find our current list of brands here.
We may also contact you regarding information, products, services, events and promotions from Signify as well as from other third-parties providers of products and services complementing our products and services that we believe can be relevant to you because of your usage of our products or to expand your functionality; mainly when we find this third-party has specific services or solutions to meet your needs, or to optimize your use of our products and services. We will not share your registration data with our trusted partner unless we have sufficient grounds to do so.
When permitted and/or required by applicable law or where we have your consent, to be able to tailor the communications to your preferences and behavior and provide you with the best, personalized experience, we may analyze and combine all information associated with your data and data about your interactions with us. We may also use this information to create segments of our audience showing which of our products and/or services users are interested in and track success of our marketing efforts. We may keep records of whether you open our electronic communication, as well as the links you click on our electronic communication.
WHAT ARE YOUR CHOICES ON SOCIAL MEDIA?
When you interact or communicate on social media channels/pages/promotions and blogs (e.g. when you click on ‘like’ or ‘share’, when you post and share comments and when you submit ratings and reviews) your data is processed by a third party that provides social listening services to us. This means that the third party that provides social listening services will retain a copy of your online publicly available interactions to which the third party has provided us access. Your data we collect includes publicly available data provided in the social media context by you from the relevant social media provider via a third party that provides social listening services. We use your data to gain a general view of the opinion of people about us and our brands, to resolve issues and/or improve our products and services and/or start a promotional conversation with you. If you do not want to share this information with us as described above, do not interact with us on social media channels.
From our social media pages and campaigns, we receive visitor statistics. Although Signify and our social media service provider are responsible for those visitor statistics, the respective social media service provider is your primary point of contact and handles requests to exercise your rights and any complaints you may have. Where necessary, we assist, the respective social media service provider in responding to your requests or complaints. For more information on the personal data that we receive from social media network providers and how to change your settings, please check the websites and privacy policies of the social media network providers.
HOW DO WE USE YOUR DATA IN OTHER COMMUNICATIONS?
Customer Survey communications: We are constantly working to improve our services and to make them more in line with what customers want. That is why we can use your data (customer ID and e-mail address) to invite you for a customer or market research campaign. We can also have these investigations carried out by third parties. In this way you help us to become even better. We only send you these types of communications with your prior consent, unless this is not necessary according to the applicable law.
Solicited communications: In some instances, you might want Signify to inform you about a specific matter via electronic communications – but do not want to consent to our marketing communications. In these cases, we will communicate with you in regards to the solicitude you have made.
Administrative, service and transactional communications: You will always receive administrative, service and transaction communications from us, such as technical and/or security updates of our products, order confirmations, notifications about your account activities, and other important notices. You cannot opt-out from this type of communication.
ON WHAT LEGAL BASIS DO WE USE YOUR DATA?
To be able to process your data, we may rely on different legal bases, including:
- Your consent (only when legally required or permitted). If we rely on your consent as a legal basis for processing your data, you may withdraw your consent at any time;
- The necessity to establish a contractual relationship with you and to perform our obligations under a contract;
- The necessity for us to comply with legal obligations and to establish, exercise, or defend against legal claims;
- The necessity to pursue our legitimate interests, including:
o To ensure that our networks and information are secure
o To administer and generally conduct business within the Company
o To prevent or investigate suspected or actual violations of law, breaches of a business customer contract, or non-compliance with the Signify Integrity code or other Signify policies;
o To optimize or extend our marketing reach and communication relevance;
- The necessity to respond to your requests;
- The necessity to protect the vital interests of any person;
- Any other legal basis anyhow permitted by local laws.
WHEN DO WE SHARE YOUR DATA?
We do not sell your personal data. We also do not share any of your personal data except in the limited cases described here. If it is necessary for the fulfillment of the purposes described in this Notice, we may disclose your data to the following entities:
- Signify affiliates: due to our global nature, your data may be shared with certain Signify affiliates. Access to your data within Signify will be granted on a need-to-know basis;
- Service providers: like many businesses, we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers, shipping providers, payment providers, electronic communication service platforms, Competition service providers;
- Business partners: we may share your data with trusted business partners so they can provide you with the services you request, including chat service providers;
- Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Signify.
- Professional advisors and others: we may share your data with other parties including professional advisors, such as banks, insurance companies, auditors, lawyers, accountants, other professional advisors.
- Other parties in connection with corporate transactions: we may also, from time to time, share your data in the course of corporate transactions, such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding);
- Upon your request in case of a personal data portability request.
We may share anonymized information, reports and analyses based on anonymized information. We may disclose aggregated, anonymized information, and analyses and reports derived from such information with our service providers, suppliers, advertisers, merchants, consumer and market research companies and other organizations. This anonymized, non-personal information, may also be shared with other users to help them better understand their lighting usage compared to others in our community, raise awareness about safety issues, help us generally improve our system, or other informational purposes. We take steps to keep this non-personal information from being associated with you, and we require our partners to do the same.
WHEN DO WE TRANSFER YOUR DATA ABROAD?
Due to our global nature, data you provide to us may be transferred to or accessed by Signify affiliates and trusted third parties from many countries around the world. As a result, your data may be processed outside the country where you live, if this is necessary for the fulfillment of the purposes described in this Notice.
If you are located in a country member of the European Economic Area, we may transfer your data to countries located outside of the European Economic Area. Some of these countries are recognized by the European Commission as providing an adequate level of protection. With regard to transfers from the European Economic Area to other countries that are not are recognized by the European Commission as providing an adequate level of protection, we have put in place adequate measures to protect your data, such as organizational and legal measures (e.g. binding corporate rules and approved European Commission standard contractual clauses). You may obtain a copy of these measures by contacting the Signify Privacy Office (you will find the contact details in the below section “What are your choices?”).
HOW LONG DO WE KEEP YOUR DATA?
We keep your data for the period necessary to fulfill the purposes for which it has been collected (for details on these purposes, see above section “How do we use your data?”). Please keep in mind that in certain cases a longer retention period may be required or permitted by law. The criteria used to determine our retention periods include:
- How long is the data needed to provide you with our products or services or to operate our business?
- Do you have an account with us? In this case, we will keep your data while your account is active or for as long as needed to provide the services to you.
- Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation, or protection against a possible claim.
HOW DO WE SECURE YOUR DATA?
To protect your data, we will take appropriate measures that are consistent with applicable data protection and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Depending on the state of the art, the costs of the implementation and the nature of the data to be protected, we put in place technical and organizational measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data. If you have reason to think that your interaction with us or your Data is no longer processed in a secure manner, please reach out to the Signify Privacy Office immediately in accordance with “What are your choices?” as described below.
WHAT ARE YOUR RESPONSIBILITIES?
We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide us, are accurate, complete and up-to-date. Furthermore, if you share with us data of other people, it is your responsibility to collect such data in compliance with local legal requirements. For instance, you should inform such other people whose data you provide to us, about the content of this Notice and obtain their prior consent.
WHAT ARE YOUR CHOICES?
You have the right to:
- Confirmation: Obtain confirmation from us as to whether we process your personal data.
- Access: Obtain a copy of your personal data being processed by us.
- Rectification: Have your personal data rectified.
- Erasure: Have your personal data anonymized or erased.
- Restriction: Have your personal data restricted.
- Object to:
o (General) the use of your personal data on grounds relating to your situation, unless we can demonstrate prevailing compelling legitimate grounds for the processing of your personal data.
o (Direct marketing) receiving direct marketing communications. If you object to the processing of your personal data for direct marketing purposes, the relevant personal data shall no longer be processed for such purposes.
o (Automated decision making) the use of your personal data which is based solely on automated personal data (including profiling), and which produces adverse legal or similarly significant effects concerning you.
- Data Portability: the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that personal data to another company.
- File a complaint or contact us at any time: with privacy-related questions and/or complaints regarding the application or violation of our Privacy Rules or Privacy Notice by us.
To exercise your rights use ourprivacy request form or contact us.
You also have the right to obtain a copy of our Signify Privacy Rules and make use of your third-party beneficiary rights and/or claim damages. Additionally, the General Data Protection Regulation also gives you right to lodge a complaint with your local supervisory authority. For more detailed information on your rights, please see our Signify Privacy Rules.
The above rights are not absolute and can be reasonably limited, for example when the exercise of such right by the adversely affects the rights and freedoms of others.
For any questions or reasonable inquiry related to the protection of your data in Signify or regarding this Notice in general, you can contact the Signify Privacy Office:
- Mail: Signify – Attn: Privacy Office – Basisweg 10, 1043 AP Amsterdam, the Netherlands; or
- Online: privacy request form
DO WE COLLECT DATA FROM CHILDREN?
We do not intentionally collect information from children under the age of 16.
- Special note to Children under the age of 16: if you are under the age of 16, we advise that you speak with and get your parent or guardian’s consent before sharing your data with us;
- Special note to Parents of Children under the age of 16: we recommend you to check and monitor your children’s use of our products, systems, services, applications (including websites and other digital channels) in order to make sure that your child does not share personal data with us without asking your permission.
COUNTRY SPECIFIC PRIVACY NOTICES
In case of applicability to you of the provisions below and in case of conflict between what is contained in this Country Specific privacy notice and the overall Privacy Notice, what is contained in this Country Specific privacy Notice will prevail.
BRAZIL PRIVACY DISCLOSURES
The Brazilian General Law on Data Protection (the “LGPD”) provides any person located in Brazil and/or any personal data that has been collected or is processed within Brazil with specific rights over their personal data. In addition to the above, this section describes your LGPD rights and explains how to exercise those rights.
The following does not apply to information or data that cannot identify you or another person, taking into account the use of reasonable and available technical means at the time of its processing.
CONSENT
Whenever necessary, Signify will obtain your consent in advance through a prior, free, informed, unequivocal expression of will, provided by you, and consent may never be obtained in a tacit or implicit manner. Consent for the treatment of sensitive personal data must always spell out the purpose of their treatment in a prominent way.
If there is a change in the purpose of the treatment for which consent obtained, Signify will contact you to obtain new consent regarding the processing of your personal data related to the new purposes. You can revoke the consent if you disagree with the changes made.
INTERNATIONAL TRANSFER OF PERSONAL DATA
As described above in this Notice, it may be necessary for Signify to transfer your Personal Data internationally.
We may transfer your Personal Data to countries located outside of Brazil. Some of these countries do not have an adequate level of protection for personal data, as determined by the General Data Protection Law. If the international transfer of Personal Data occurs to countries that do not have personal data protection laws at the same level as the LGPD, we will adopt appropriate measures to protect your Personal Data, such as organizational and legal measures (e.g. binding rules and standard contractual clauses for such transfer).
YOUR RIGHTS
You have the right to request: (i) confirmation whether we process (or not) your Personal Data; (ii) access to your Personal Data processed by us; (iii) rectification of your Personal Data; (iv) portability of your Personal Data; (v) anonymisation, blocking or deletion (erasure) of unnecessary or excessive data or data processed in breach of the provisions of the LGPD; (vi) deletion of personal data processed based on your consent, with the exceptions provided for in the LGPD; (vii) the information of the public and private entities with which Signify has carried out shared use of personal data; (viii) information on the possibility of not providing consent and the consequences of refusal; (ix) revocation of consent, under the terms of the LGPD. In certain circumstances, you have the right to object and restrict the processing of your personal data and/or request a review of automated decisions affecting your interest. Our Privacy Notices set out full information on how you can exercise these rights, how we share personal data with third parties, how we protect your personal data and how we ensure that your data is adequately protected if it is processed outside of Brazil. To contact Signify, please check the “What are your choices” section in the Notice above. You also have the right to contact the National Data Protection Authority (“ANPD”) directly.
USA SPECIFIC PRIVACY DISCLOSURES
If you are a resident in California or Virginia, this Privacy Notice is supplemented by a US State Specific Privacy Notice, which also applies to you.
CALIFORNIA PRIVACY DISCLOSURES
The California Consumer Privacy Act (hereafter: ‘CCPA’) and the California Privacy Rights Act (hereafter: ‘CPRA’) provide California consumer residents who reside in California with specific rights regarding their personal information (which we also refer to as personal data). In addition to the above this section describes your CCPA/CPRA rights and explains how to exercise those rights.
The following does not apply to de-identified or aggregated personal data or data publicly available.
INFORMATION WE COLLECT
In the execution of our services and/or when visiting our websites, we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The purposes for which we process your personal data can be found above under the section ” HOW DO WE USE YOUR DATA?”. Information about retention periods can be found under the section “HOW LONG DO WE KEEP YOUR DATA?”.
We might have collected and/or disclosed for an aforementioned purpose the following categories of personal data from our consumers in the last twelve (12) months before the effective date of this Notice the following categories of personal data from you:
Category | Examples | We Collected | We Disclosed |
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal data included in this category may overlap with other categories. | NO | NO |
C. Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO | NO |
D. Commercial information | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
E. Biometric information | Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | NO |
F. Internet or other similar network activity | Browsing history, search history, and information on a consumer’s interaction with a website, application, advertisement, or other content. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
G. Geolocation data | Physical location or movements, or the location of your device or computer. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
H. Sensory data | Audio, electronic, visual, or similar information. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
I. Professional or employment-related information | Current or past job history or performance evaluations. | NO | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO | NO |
K. Inferences drawn from other personal data | Profile reflecting a person’s preferences, characteristics, or behavior. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
L. Sensitive personal information | Personal information that reveals account log-in, password, or credentials allowing access to an account, the contents of a mail, email, and text messages. | YES | YES, to affiliates, service providers, and other vendors mentioned in this Notice |
We disclose your data for a business purpose to the following categories of third parties:
- Signify group companies.
- Service providers.
- Third parties to whom we disclose your personal data in connection with products or services we provide to you, and to accomplish our business purposes and objectives as outlined in the notice.
DATA FROM CHILDREN
We do not intentionally collect information from children under the age of sixteen (16) years as we do not offer services to them. Parents who set up a profile holding information about children under the age of sixteen (16) years can only do so by granting parental consent which consent choices can be changed by the adults in the family. We do not direct services to children under the age of thirteen (13) years old. As a result, we do not knowingly process data or information from children under thirteen 13 years old.
DO NOT SELL OR SHARE PERSONAL DATA?
We do not respond to “Do Not Sell” requests as we do not sell your personal data to third parties. In the twelve months before the effective date of this Privacy Notice, we have not sold any personal data of Customers, as per the definition of the CCPA/CPRA.
After receiving your opt-in consent, we sometimes disclose personal data collected via cookies for cross-contextual behavioral advertising purposes, which may qualify as sharing your personal data under the CCPA/CPRA. To opt out, you can adjust your cookie preferences on our website to block our advertising cookies, or you can change your device settings to block cookies or install a third-party plugin to control how cookies interact with your device. For more information on how we use cookies and other tracking technologies, read our Cookie Notice.
YOUR RIGHTS
- “Right to Know”: You may have the right to request that we disclose to you what personal data of yours we collect, use, and/or disclose.
- “Right to Delete”: You may have the right to request the deletion of your personal data collected or maintained by us. Depending on your Choices, certain offerings may be limited or unavailable. Upon verifying the validity of a deletion request, we will delete your personal data from our records and instruct any service providers or third parties to delete your information, when applicable.
- “Right to Control Use”: You may have the right to control or limit the use of your personal data, including:
- Right to Opt-Out of Sales/Sharing/cross-context behavioral advertising.
- Right to Object to or Opt Out of automated decision-making/profiling.
- Right to Opt-Out of processing/Limit Use of Sensitive personal data.
- “Right of Access”: You may have the right to access your personal data, and to transmit it to another entity.
- “Right of Correction”: You may have the right to request amendments to your personal data if it is inaccurate or outdated in any way. Upon verifying the validity of a verifiable correction request, we will use commercially reasonable efforts to correct your personal data as directed, considering the nature of the personal Data and the purposes of maintaining your personal data.
You may also make a verifiable request to exercise your rights by contacting us via this link or the toll-free telephone 1-800-555-0050.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. If you have questions about the foregoing or how to execute your rights in our Notice or specifically with regard to categories and specific data processed, categories of sources from which your data is collected by us, categories of Third Parties with whom we share your data, and/or the business or commercial purpose for collecting please contact our Privacy Office (see section “WHAT ARE YOUR CHOICES?”).
If we cannot verify you (or your authority to act on behalf of another person) we have the right to deny the requests. While verifying your identity we shall generally avoid requesting additional information from you for verification purposes. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used to verify your identity while you are seeking to exercise your rights under the CCPA/CPRA, and for security or fraud-prevention purposes. We shall delete any new personal data collected for verification as soon as practical after processing your request, except as required to comply with applicable legislation.
An “authorized agent” means a natural person, or a business entity registered with the Secretary of State that you have authorized to act on your behalf, conditioned you have:
- Provided the authorized agent written permission to do so, and we could verify this; and
- Verified your own identity directly with the business.
Subsection 1 does not apply when you have provided the authorized agent with a valid power of attorney.
We do our utmost to timely respond to a verifiable Individual, and in a portable format unless it is excessive, repetitive, or materially unfounded. If we require more time, we will inform you of the reason thereof and the extension period in writing.
NON-DISCRIMINATION
We will not discriminate against you for exercising your rights under the CCPA/CPRA.
Based on the complexity of the request and the applicable regulations, we may charge a fee for your request. We may offer a CCPA/CPRA-permitted financial incentive, participation in a financial incentive program requires your prior opt-in Consent, which you may revoke at any time.
VIRGINIA PRIVACY DISCLOSURES
The Virginia Consumer Data Protection Act (hereafter “VCDPA”) provides Virginian consumer residents who reside in Virginia with specific rights regarding their personal data. In addition to the general privacy notice, this section supplements it, describes your VCDPA rights and explains how to exercise those rights.
The following does not apply to de-identified or aggregated personal data or data publicly available.
As a Virginia resident, you have the following rights, subject to some exceptions, regarding your personal data effective as of January 1st, 2023:
- Right to Confirm if a Controller is processing your personal data and to access personal data.
- Right to Correct inaccurate personal data.
- Right to Delete.
- Right to Obtain a copy of personal data in a portable format.
- Right to Opt-Out of the processing of personal data for purposes of targeted advertising, sale, or profiling with legal or other significant effects.
- Right to Appeal – Consumers have the right to appeal a controller’s (i.e., business) denial to act within the time outlined in the VCDPA.
You may also make a verifiable request to exercise your rights by contacting us via this linkor the toll-free telephone 1-800-555-0050.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. If you have questions about the foregoing or how to execute your rights in our notice or specifically concerning categories and specific data processed, categories of sources from which your data is collected by us, categories of third parties with whom we share your data, and/or the business or commercial purpose for collecting please contact our privacy office (see section ” WHAT ARE YOUR CHOICES?”).
We do not respond to “Do Not Sell” requests as we do not sell your personal data to third parties. In the twelve months before the effective date of this notice, we have not sold any personal data of customers, as per the definition of the VCDPA.
After receiving your prior consent, we sometimes disclose personal data collected via cookies for cross-contextual behavioral advertising purposes, which may qualify as sharing your personal data under the VCDPA. To opt out, you can adjust your cookie preferences on our website to block our advertising cookies, or you can change your device settings to block cookies or install a third-party plugin to control how cookies interact with your device. For more information on how we use cookies and other tracking technologies, read our Cookie Notice.
CHINA PRIVACY DISCLOSURES
The Chinese Personal Information Protection Law (the “PIPL”) provides any person located in China and/or any personal data that has been collected or is processed within China with specific rights and obligations aimed at protecting the rights and interests of individuals, regulating personal data processing activities, and facilitating reasonable use of personal data. The following does not apply to information or data that cannot identify you or another person, considering the use of reasonable and available technical means at the time of its processing. Meanwhile, in addition to the information listed under “WHAT TYPES OF DATA WE COLLECT ABOUT YOU?”, we may also collect the order-related data (including order number, order time, order status, logistic status, product information, invoice data, related customer enquiry, account name, profile and account ID) when you visit or use our online store or obtained from e-commerce platforms operators.
Where conflicting, what is contained in this disclosure will supersede any other provisions contained in this Privacy Notice contrary to or inconsistent with the below. For purpose of this Notice, “China” refers to mainland China, excluding Hong Kong Special Administrative Region (“SAR”), Macau SAR, and Taiwan Region. The following is not applicable to anonymized personal data or data publicly available.
YOUR RIGHTS
In addition to the rights mentioned in the section “What are your choices?”, for situations where the PIPL applies, you have the right to (i) cancel your account with us, and (ii) request us to explain decisions that have significant impact on your rights and interests and are made through automated decision-making technologies, and to refuse decisions made solely via automated decision-making technologies.
INTERNATIONAL TRANSFER OF PERSONAL DATA
As described above in this Notice, due to our global nature, it may be necessary for Signify to transfer your data internationally to Signify affiliates (including, but not limited to Signify Netherlands B.V. in the Netherlands, and other Signify Affiliates, a list of our affiliates can be found here or published on our website) and trusted third parties located outside of China (e.g. Microsoft Office (www.office.com), SAP (www.sap.com), Jaggaer (www.jaggaer.com/), GEP (www.gep.com), Webhelp (https://webhelp.com/)). The purpose, scope, method, as well as the data recipient of the transfer of your data, may vary depending on which product or service you use and/or how you interact with us. You can always contact us via the contact details in the section “What are your choices?” described above to get more details about how we transfer your Personal Data internationally.
For transfers of personal data outside China, Signify will, (i) provide you with the necessary information about the cross-border transfer and obtain your separate consent, where necessary, (ii) adopt necessary measures to ensure that the overseas recipients can provide the same level of protection as required under the PIPL including entering into standard contractual clauses with the overseas recipient specifying the rights and obligations of the respective parties, applying for certification with qualified institutions or where applicable, fulfil the security assessment process of the competent authorities.
If you wish to exercise your rights in relation to your personal data with us, or have any questions in relation to this Privacy Disclosure, please contact us via the contact details in the section “What are your choices?” described above.
WHEN WILL THERE BE UPDATES TO THIS PRIVACY NOTICE?
This privacy notice might change from to time.
The most current version of this Notice will govern our use of your data and can be found in the website of the Signify Privacy Center, see “Legal information” section.
– Signify –