Safe Harbor and Intent
Policy Statement & Scope
"agent": means a third party that processes or otherwise uses personal data on behalf of and under the instructions of company.
"eu employee data": means personally identifiable human resource data about individuals who are employed or otherwise engaged by company or our affiliates, subsidiaries or business partners in the eu.
"personal data": means any information that identifies an individual, whether collected online or offline and regardless of format. personal data does not include information that is aggregated, pseudonymized, encoded or rendered anonymous, or publicly available personal information that has not been combined with non-public personal information, or information that pertains to a specific individual, but from which that individual could not reasonably be identified.
"sensitive personal data": means personal information that is not eu employee data and that reveals the individual's race, ethnic origin, political opinions, religious beliefs, criminal record or that concerns the individual's own health or sex life.
Safe Harbor Principles
company has adopted the seven safe harbor principles of notice, choice, onward transfer, access, security, data integrity and enforcement with respect to data that is collected in and transferred from countries in the eu to company in the united states.
- choice. before company uses personal data or eu employee data for a purpose that is incompatible with the purposes for which the personal data or eu employee data was originally collected or subsequently authorized, or transfers personal data or eu employee data to a non-agent third party for the purpose of allowing the non-agent third party to exercise independent control over the personal data or eu employee data, the affected individuals will be given an opportunity to decline (opt out) having their personal data or eu employee data so used or transferred. the same choice principle shall apply to sensitive personal data, but in the event that the data is sensitive personal data, the affected individual's explicit consent (opt in) will be obtained prior to such use or transfer.
- onward transfer. company may transfer data to its agents once it obtains assurances that the relevant agents will adequately safeguard the data that is transferred to them. such assurances may take the form of a contract obligating the agent to provide at least the same level of protection as is required by the relevant safe harbor principles, safe harbor certification by the agent, or the agent being subject to an eu data protection directive or adequacy finding. if company learns that an agent is using or sharing data in a way that is contrary to the assurances obtained, we will take reasonable steps to prevent or stop such activity. company may transfer personal data to a non-agent third party where such transfer is consistent with the notice and choice principles detailed above or as otherwise set forth in this policy.
- access. for those individuals who duly request it, company will provide such individuals with reasonable access to data that it holds about them, except in those circumstances that are set forth in the safe harbor principles, such as when the burden or expense of providing access would be disproportionate to the risks to the individual's privacy or when the rights of persons other than the data subject's would be violated and except in those instances where the access being requested relates to employee data and the person making the request is not otherwise entitled to such access under the local labor or employment laws governing such person's employment. for those individuals who receive access, company will take reasonable steps to permit such individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
- security. company will take reasonable administrative, technical and physical precautions to protect data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- integrity. company will take reasonable steps to ensure that data that is stored on its servers is used, processed and maintained in a condition that is compatible with the purposes for which it has been collected or subsequently authorized, subject to any deficiencies in the condition of the data that existed at the time company received such data.
How To Contact Us
company has a privacy officer ("privacy officer") who is responsible for company's compliance with and enforcement of this policy. company's privacy officer is available to any of its customers or others who may have questions concerning this policy. relevant contact details are as follows:
kate spade & company
5901 westside Ave.
north bergen, nj 07047
attention: privacy officer (office of the general counsel)
Limitation on Scope of Principles
company may disclose data as necessary in connection with the sale or transfer of all or part of its company to meet its legal, governmental, national security or public interest obligations or as otherwise permitted under the safe harbor principles.