Safe Harbor Policy
Gilt Holdings, Inc. and its subsidiaries and affiliates (collectively, “GILT”) respect your concerns about privacy. The following GILT entities have certified compliance with the Safe Harbor privacy framework for the handling of Customer Personal Information the entities receive in the United States from the European Union, Iceland, Liechtenstein, Norway or Switzerland (collectively, “EEAS”):
- GILT Groupe, Inc.
- GILT Global Trading & Procurement Company Limited
- GILT City Limited
- GILT City, Inc.
- GILT Travel, Inc.
- Park & Bond, Inc.
This policy describes how GILT complies with the Safe Harbor privacy principles of Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement.
For purposes of this policy:
- “Customer” means any individual located in the EEAS who is GILT’s potential or actual customer, such as a website user or member, or an individual who provides information to GILT at a promotional event.
- “Personal Information” means information that (i) is transferred to GILT in the U.S. from EEAS, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable customer, and (iv) can be linked to that individual.
GILT provides information in each entity’s Privacy Notice regarding the company’s Customer Personal Information practices. The Privacy Notice describes:
- The purposes for which we collect and use the information;
- The types of third parties to which we disclose the information;
- The choices we offer Customers for limiting our use and disclosure of their Personal Information;
- How to exercise these privacy choices; and
- How to contact GILT about the company’s Customer Personal Information practices.
In addition, GILT provides a privacy notice to Customers when they submit their Personal Information to the company at promotional events or by calling customer service.
We offer Customers the choice to direct GILT not to (i) disclose their Personal Information to third parties (other than GILT’s services providers and affiliates) or (ii) use the information for a purpose incompatible with the purposes for which the information was originally collected (as described in each entity’s Privacy Notice or subsequently authorized by the Customer. Customers may contact GILT as indicated below to exercise their choices regarding the company’s use or disclosure of their Personal Information.
We may disclose Customer Personal Information without offering Customers an opportunity to opt out (i) if we are required to do so by law or legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. We also reserve the right to transfer Personal Information we have about Customers in the event we sell, merge or transfer all or a portion of our business or assets. Following such a sale, merger or transfer, Customers may contact the entity to which we transferred your the information with any inquiries concerning the processing of that information.
GILT shares Customer Personal Information with service providers that perform services on the company’s behalf. Except as described below, GILT requires such services providers to either (i) certify compliance with the Safe Harbor framework to the U.S. Department of Commerce, or (ii) contractually agree to provide at least the same level of privacy and security protection for the Personal Information as is required by the Safe Harbor privacy principles relevant to the business functions the service provider performs. These requirements do not apply to service providers that are (i) subject to the European Union Data Protection Directive 95/46 or the Swiss Federal Data Protection Law, (ii) located in a country deemed by the European Commission to adequately safeguard personal information, or (iii) subject to another data protection adequacy basis.
As described in the “Access and Correction” section of our Privacy Notice, GILT provides Customers with reasonable access to the Personal Information the company maintains about them, including a reasonable opportunity to correct, amend or delete the information where it is inaccurate. GILT may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive or as otherwise permitted by the Safe Harbor framework. Customers may access and correct their personal information using accounts they maintain on GILT’s websites or ask GILT to correct or amend their Personal Information by contacting the company as indicated below.
As described in GILT’s Information Security Policy, the company takes reasonable precautions to protect Customer Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
GILT takes reasonable steps to ensure that Customer Personal Information it obtains is relevant for the purposes for which the company uses the information, and that the information is reliable, accurate, complete and current. GILT requires its Customers to update and correct their Personal Information as necessary using the accounts Customers maintain on GILT’s websites.
Customers may file a complaint with GILT regarding the company’s handling of their Personal Information by contacting the company as indicated below. If the complaint cannot be resolved through GILT’s internal complaint resolution processes, the company will cooperate with JAMS pursuant to the JAMS International Mediation Rules. GILT will take steps to remedy any issues arising out of the company’s failure to abide by the Safe Harbor framework.
How to Contact Us
GILT Groupe, Inc.
Attn: Legal Department
2 Park Avenue, 4th Floor
New York, New York 10016