Delta Germany Privacy and Data Protection Policy and Notice

Delta Brands (Germany) GmbH, a German company, a division of Delta Galil Ltd. (“Delta Germany”, “we”, “our” or the “Company”, and their cognates and affiliates) respects the privacy of its clients, suppliers, employees, employment candidates, sites and websites visitors, and is committed to protecting the personal information you may share with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “client” or “you” or “Data Subjects”).
Delta Germany sells fragrance-focused personal care and home products to individual and wholesale clients, both in physical stores and through its online platform (the “Services”).
This policy and notice (the “Privacy Policy”) explains the types of information we collect from you, that we receive about you or that you may provide in the course of your interest in our Services, in connection with business transactions, or when you visit our sites or in other ways. We are transparent about our practices regarding the information we collect, use, maintain and process and describe our practices in this Privacy Policy. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purposes of EU General Data Protection Regulation (the “GDPR”), UK, and other applicable privacy laws: Delta Germany is a data controller (the “Controller”) in relation to your personal data.

1. Which information may we collect?

Summary: we collect various categories of personal data in order to meet our contractual obligations, and also to meet various legitimate interests, such as fraud prevention and marketing.
We collect data about you in connection with your transactions with us. We also collect data about our suppliers and their representatives, our employees and candidates, and site and website visitors. One type of data collected is non-identifiable and anonymous information (“non-personal data”). We also collect several categories of personal data (“Personal Data”), as described below.
Personal Data which we collect consists of information from which are personally identifiable, and it has been provided consciously and voluntarily by you, or by an organization you represent or are associated with, or through your visiting of our sites and websites (as described below), by email, or other ways in which you communicate and interact with us. This may include your name (first and last), email address, phone number, postal address, position and organization name, payment details, purchase history and other information you may choose to provide to Delta Germany. For clients making in-store or online enquiries and purchases, we collect data that may include: name, email, phone, reference store; date of birth; first and last date of purchase, total transaction; address zip code; sign up date. Additionally, we may obtain location data related to the geographic location of your laptop, mobile device or other digital device on which the Delta Germany websites are used. Where you write reviews or otherwise add content on our site, that is collected too.
We also collect online identifiers and details when you access our websites. as such, when you are using the websites, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This includes technical information and behavioral information such as the Internet protocol (IP) address used to connect your device to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the user’s ‘clickstream’ on the websites, the period of time the user visited the websites, methods used to browse away from a page, and any phone number used to call our clients service number. We likewise may place cookies on your browsing devices (see 'Cookies' section below).
When you apply for a position at Delta Germany, we will collect your contact details, data regarding your qualifications and experience, references and evaluations, and additional data which you send us, or cause to be sent to us, or which we obtain from your former employer, referees or others where that is lawful.
You do not have any legal obligation to provide any information to Delta Germany, however, we require certain information in order to perform contracts, or to provide any Services, or to consider your employment. If you choose not to provide us with certain information, then we may not be able to provide you or your organization with some or all of the Services, fulfil our contracts, or consider your candidacy for employment.
Delta Germany also collects Personal Data through the use of CCTV cameras at our shops and offices and office entrance systems. This may consist of video images of you in the public spaces at Delta Germany sites, as well as records of your entrances and exits of the Delta Germany sites, buildings and office floors. Delta Germany may not be aware of the nature of the information collected through our Services (for example, through our CCTV systems), and such information may include sensitive or special categories of Personal Data, but we do not knowingly collect such data about our clients, employees, site visitors etc.

2. How do we collect personal data of yours on Delta Germany facilities and services?

Summary: we collect Personal Data when you send it to us, or when a vendor, distributor or other business partner, sends it to us so; we collect Personal Data through our websites and Services, and through our interactions with you; we also collect data in connection with employment.
We collect Personal Data required to provide Services when you register interest, or when you provide us with such information by entering it manually or automatically, or through your use of our Services, or in connection with site visits, in the course of preparing a contract on behalf of a business you are representing, subscribing to our mailing lists and newsletters, or otherwise in engaging with us. We collect data on paper or digital forms in our stores. We also collect Personal Data when you call us or otherwise contact us for support, in which case we collect the information you provide us. We also collect Personal Data through our CCTV recordings which automatically collect information about your presence in the Delta Germany facilities.
We also collect Personal Data through your use of our websites, as described above.

3. What ar the purposes of personal data we collect?

Summary: we process Personal Data to meet our obligations, protect our rights, provide our Services and manage our business.
We will use Personal Data to provide and improve our Services to our clients and others and meet our contractual, ethical and legal obligations. This includes:
Processing which is necessary for the performance of a contract to which you or your organization are a party or in order to take steps at your request prior to entering into a contract:

• carrying out our obligations arising from any contracts entered into between you or your employer or organization and Delta Germany and to provide you with the information, products, support and Services that you request from Delta Germany;
• verifying and carrying out financial transactions in relation to payments you make in connection with the Services, including fraud prevention;
• processing your data in the recruitment process, with a view to ascertain whether you are a suitable candidate to work for us.

Processing which is necessary for the purposes of the legitimate interests of Delta Germany or a third party, including in particular providing the Services in an efficient and optimal manner, including:

• notifying you about changes to our Services;
• contacting you to give you commercial and marketing information about promotions or additional products or Services offered by Delta Germany which may be of interest to you;
• soliciting feedback in connection with the Services;
• providing support to clients, website and site visitors, and other;
• providing discounts, notifications (e.g. back in stock, abandoned cart), reminders, or special offers to new and existing clients, and to tailor those (e.g. a discount valid on a client’s birthday) online and in-store;
• managing our business and that of our affiliates effectively;
• tracking use of Delta Germany facilities and Services to enable us to optimize them.

Processing which is necessary for compliance with a legal obligation to which Delta Germany is subject:

• compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, anti-money laundering, tax related obligations, and for crime prevention and prosecution in so far as it relates to our staff, clients, service providers, facilities etc.;
• if necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required or permitted by law, to collect debts, to prevent fraud or any harm to our rights and the rights of our staff and others, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding;
• for security purposes and to identify and authenticate your access to our sites and websites.

4. Sharing data with third parties

Summary: we share Personal Data with our service providers, partners, and group companies, and authorities where required.
We transfer Personal Data to:
Members of our Group: This includes individual or corporate representatives of Delta Galil Ltd and any members of our group, which means our affiliate companies - whether wholly or partially owned by Delta Galil Ltd., and co-owned companies, joint-ventures, franchisees and business partners.

Third Parties: We transfer Personal Data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents, and sub-contractors for the performance of any contract we enter into with you. They assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services, customer support, fulfilment and shipping, marketing, or in other tasks, from time to time. These third parties may also include analytics, website and marketing providers that assist us in the improvement and optimization of our websites, and our marketing.

We periodically add and remove third party providers. At present services provided by third-party providers to whom we transfer Personal Data include also the following:
- Website analytics;
- Data analytics and business intelligence;
- Client support;
- Online Payment Services;
- Marketing, mailing list;
- On-site and cloud-based database services, cloud storage and processing;
- Membership, client and loyalty program solutions;
- Shipping, fulfilment and logistics;
- Warehouse management solutions;
- CRM software;
- Data security, data backup, and data access control systems;
- Website cookie management and data subject request management tools;
- Our lawyers, accountants, and other standard business software and partners.

In addition, we will disclose your Personal Data to third parties if some or all of our equity, companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case Personal Data will be one of the transferred assets and may be examined in preparation for such transaction. Likewise, we transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Delta Germany, our clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
For avoidance of doubt, Delta Germany may transfer and disclose non-personal data to third parties at its own discretion.

5. Where do we store your data?

Summary: we store your Personal Data across multiple locations globally
We store your Personal Data on servers managed by Delta Germany and its affiliates in the EU, Switzerland, Israel, and the USA. Also, we store Personal Data on a number of third-party services (see section 4 above), which includes reputable cloud-service providers hosted in the EU (Ireland), Israel and USA. See the following section regarding international transfers.

6. International Data Transfers

Summary: we transfer Personal Data within and to the EEA, Switzerland, USA, Israel and elsewhere, with appropriate safeguards in place.
EU Personal Data is transferred to, and stored and processed at, destinations outside the European Economic Area (EEA). This includes transfers to Switzerland and Israel, jurisdictions deemed adequate by the EU Commission, and to the USA, not currently deemed adequate. Where your Data is transferred outside of the EEA, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU law, and that it is treated securely and in accordance with this Privacy Policy. Transfers to Israel and Switzerland are made based on an adequacy ruling by the EU Commission. Transfers to the USA are made based on the Standard Contractual Clauses published by the EU Commission, or on the Data Privacy Framework certification of the recipients. For more information about these safeguards, please contact us as set forth below.
We transfer Personal Data to locations outside of the EEA, including in particular Israel, Switzerland, and USA, in order to:
- store or backup the information;
- enable us and our affiliates to provide you with the Services and products and fulfil our contract with you;
- fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
- facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
- to serve our clients across multiple jurisdictions; and
- to operate our affiliates in an efficient and optimal manner.

7. Data Retention

Summary: we retain Personal Data according to our data retention policy, as required to meet our obligations, protect our rights, and manage our business.
Delta Germany will retain Personal Data it processes only for as long as required in our view and in accordance with our data retention policy, to provide the Services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.
Data that is no longer retained will be anonymized or deleted. Likewise, non-personal data, metadata and statistical information concerning the use of our Services are not subject to the deletion procedures in this policy and will be retained by Delta Germany. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten.

8. Websites Data Collection and Cookies

Summary: we place cookies on your device, with consent where required. You control our use of cookies through a cookie management tool on our websites, or through your device and browser.
Delta Germany uses cookies, pixel tags and other forms of identification and local storage (together referred to as “Cookies” hereunder) to distinguish you from other users of the website. This helps us to provide you with a good user-experience when you browse the website and also allows us to improve our websites and our Services and to promote our marketing efforts.
In many cases, these Cookies lead to the use of your device’s processing or storage capabilities. Some of these Cookies are set by Delta Germany itself, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time.
These Cookies can fall into several categories: (i) those that are necessary for functionality or Services that you request or for the transmission of communications (functionality Cookies); (ii) those that we use to carry out website performance and audience metrics (analytics Cookies) and (iii) the rest, used for such purposes as tracking across a network of other websites, advertising, etc. (targeting Cookies).
Internet browsers allow you to change your cookie settings, for example to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website, due to the fact that some may be functionality cookies. For further information about deleting or blocking cookies, please visit: https://www.aboutcookies.org/how-to-manage-and-delete-cookies
Functionality Cookies do not require your consent. For analytical and targeting Cookies, however, we request your consent before placing them on your device. You can allow Cookies in your browser settings and use our website cookie management tool to set which types of cookies may be placed on your browser, and you may change your settings in the future using that same tool. To consult the list of cookies which we use on our website, please check your browser's settings. Instructions: https://www.wikihow.com/View-Cookies

9. Security and Storage of Information

Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.
We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Delta Germany implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data. Likewise, we take industry standard steps to ensure our websites and Services are safe.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.
Within Delta Germany, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Delta Germany to fulfil its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.
Delta Germany shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Delta Germany is breached, all in accordance with applicable law and on the instructions of qualified authority. Delta Germany shall promptly take reasonable remedial measures.

10. Data Subject Rights

Summary: depending on the law that applies to your Personal Data, you may have various data subject rights, such as rights to access, erase, and correct Personal Data, and information rights. We will respect any lawful request to exercise those rights.
Data subjects with respect to whose data GDPR applies, have rights under GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where Personal Data is provided by a client being the data subject's employer, such data subject rights will have to be affected through that client, the data subject’s employer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Delta Germany employees and staff, with Delta Germany proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, or other people’s personal data, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects have a right to withdraw their consent.
A data subject who wishes to modify, delete or retrieve their Personal Data, may do so by contacting Delta (customer.service@www.bathandbodyworks.de). Note that Delta Germany may have to undertake a process to identify a data subject exercising their rights. Delta Germany may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Delta Germany.
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.

11. General

Minors. We do not knowingly collect or solicit information or data from or about children under the age of 16 or knowingly allow children under the age of 16 to register for Delta Germany Services. If you are under 16, do not register or attempt to register for any of the Delta Germany Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16, we will delete that Personal Data as soon as reasonably practicable without any liability to Delta Germany. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: customer.service@www.bathandbodyworks.de, as soon as possible.
Changes to this Privacy Policy. The terms of this Privacy Policy will govern the use of the Services, websites, and any information collected in connection with them. Delta Germany may amend or update this Privacy Policy from time to time. Changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of our Services will constitute your active acceptance of the changes to and terms of the Privacy Policy. To join an email list for prior notification of changes to our Privacy Policy, please send your email address to: customer.service@www.bathandbodyworks.de.
Delta Germany aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfill the purpose for which the data is gathered. Delta Germany only collects data in connection with a specific lawful purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving, and we invite any suggestions for improvements, questions, complaints or comments concerning this Privacy Policy, you are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.
Delta Germany data protection officer (DPO) may be contacted at: customer.service@www.bathandbodyworks.de.