Content
CCTV STATEMENT
Europe
This CCTV Statement forms an integral part of the Customers Privacy Statement. For reasons of readability and transparency, we are addressing the use of the CCTV in this separate document. Definitions are used as defined in the Customers Privacy Statement.
This Statement has the following chapters:
1. Who are we?
2. What Personal Data do we collect from you?
3. Why do we use your Personal Data?
4. How long do we retain your Personal Data?
5. Who do we disclose your Personal Data to?
6. Do we transfer your Personal Data outside of the European Economic Area (“EEA”)?
7. How do we protect your Personal Data?
8. What are my rights?
9. How can I file a complaint?
10. Updates to this CCTV Statement
11. Contacts
1. Who are we?
Foot Locker Europe B.V. is the Data Controller responsible for Personal Data in respect of Customers that are subject to the EU General Data Protection Regulation (“GDPR”).
Foot Locker Europe B.V. is incorporated under Dutch law and has its principle address at Ir. D.S. Tuijnmanweg 3-5, 4131 PN, Vianen, The Netherlands. Foot Locker Europe B.V. is registered at the Dutch chamber of commerce under the registration number 23067735.
2. What Personal Data do we collect from you?
Personal Data we collect from you: we collect your image(s) from you when you visit our Stores to record you on video through the use Closed-Circuit Television (“CCTV”).
3. Why do we use your Personal Data?
We use your collected Personal Data for the following specific purposes and categories of use:
3.1 To prevent and detect offences and to protect you, our employees and your and our property
We record you for your and our safety, the protection of property, the detection and prevention of offences, such as fraud, abuse, illegal use, and the collection of evidence in relation thereto.
Ground for processing: the processing of your Personal Data is based on our legitimate interest to prevent and detect offences which may affect you, our employees and your/our property. We consider that it is reasonable for us to process your Personal Data. As such this processing does not unreasonably intrude on your privacy in relation to the purpose. And the protection and detections with in-store CCTV has become an accepted and widely used phenomenon.
3.2 For litigation case management and evidentiary purposes
We may store your Personal Data if relevant for any dispute.
Ground for processing: the processing of your Personal Data is based on our legitimate interest to manage litigation cases and to defend Foot Locker against any possible (third party) claims. We consider that it is reasonable for us to process your Personal Data. As such this processing does not unreasonably intrude on your privacy in relation to the purpose.
3.3 Or otherwise as described to you at the point of Personal Data collection
4. How long do we retain your Personal Data?
We retain your Personal Data for as long as is necessary to fulfil the relevant purposes we collected it for, as described in this Statement, unless a longer retention period is required by the applicable law.
To be comply to each national legislation, we have different retention periods for each Country; we typically keep CCTV footages between 24 hours and 1 month depending on your country of residence, from the day of the collection. After this period CCTV footages are automatically deleted. Automatic deletion may also occur sooner as per the individual settings of the hardware and data storage capacity. We may for that reason not be able to fulfil a CCTV data request.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, we can keep CCTV footages even longer than needed to provide our services to you.
5. Who do we disclose your Personal Data to?
We may disclose your Personal Data in the following ways:
5.1 With third party vendors
We use third party vendors for business, professional and technical support, such as installation and maintenance of systems, as Processors (as meant in the GDPR). These companies only use your Personal Data on behalf of us and under our written instructions. In limited circumstances these vendors might have access to your Personal Data when this required for maintenance or problem solving.
We have data processing agreements in place with such vendors where required by law.
5.2 With a competent public authority
In order to comply with a subpoena or other legal process or obligations, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
6. Do we transfer your Personal Data outside of the European Economic Area (“EEA”)?
We do not transfer your images outside of the EEA.
7. How do we protect your Personal Data?
Foot Locker has implemented appropriate physical, administrative and technical security measures to protect your Personal Data against unlawful access, loss, misuse or alteration. The measures in place include:
7.1 CCTV systems are in restricted access areas;
7.2 CCTV systems are password protected;
7.3 Access of the footage is restricted to the Foot Locker’s management team in Stores (Store Manager and Assistant Manager), to the Foot Locker’s Security Team in the Risk Management department, located at our European Headquarter in the Netherlands and, where applicable, to the Legal and HR departments. Access is allowed exclusively to fulfil the purposes previously indicated and no other individual has access unless it is necessary to carry out the purposes previously indicated;
7.4 Restriction of the ability to make copies;
7.5 No sound recordings are being made or stored; and
7.6 Motion recording (CCTV record only in case of activity and movement in the area monitored).
CCTV are placed in such a way as to meet the purposes of this Statement and in prominent positions where they are clearly visible to staff and store visitors. In order to protect and respect the right of privacy, CCTV are not located in areas where individuals would have a reasonable expectation of privacy, such as in toilets and changing rooms.
In addition, CCTV servers are located in European Union: the actual hosting is at the respective Store itself. Our Security Team, located at our European Headquarter, can connect remotely to the system at the Store in case needed to fulfill the purpose under paragraph 3 in relation to the ground for processing (see paragraph 3 above).
8. What are my rights?
You have the right:
8.1 Of access to your Personal Data that we process on you;
8.2 To rectification of inaccurate or incomplete Personal Data;
8.3 Of erasure of your Personal Data;
8.4 To restrict of processing of your Personal Data;
8.5 To move, copy or transfer your Personal Data (data portability). This right only applies when you have directly provided the Personal Data and where the processing relies on consent or where it is necessary for entering into, or performance of, a contract between us;
8.6 To object to:
a. processing based on legitimate interests (including profiling);
b. direct marketing (including profiling); and
c. processing for purposes of scientific/historical research and statistics.
8.7 Not to be subjected to a decision based solely on automated processing, including profiling: (e.g. automated processing of Personal Data to evaluate certain aspects about you), which produces legal effects concerning you or similarly significantly affects you, unless it is:
a. necessary for entering into, or performance of, a contract between us; or
b. authorized by law (e.g. for the purposes of fraud or tax evasion); or
c. you provide your explicit consent; and
8.8 To revoke your consent for further processing of your Personal Data when such processing is based on your consent.
To exercise any of these rights, please use the following webpage www.footlocker-emea.com/privacy. We will provide you with information on the action taken within one month after the successful submission of your request via this webpage.
We are required to verify your identity including, but not limited to, the verification of your email address. If you do not allow us to verify your identity, we cannot proceed to process your request.
Please note that the above-mentioned rights, with the exception of the right to object to direct marketing, are not absolute. Under certain conditions and in line with applicable data protection legislation, we may refuse a request. When such a restriction (partially) applies to your request, we will inform you on the reason of our refusal to comply to your request.
9. How can I file a complaint?
If you are unsatisfied with the way we have handled your Personal Data, please contact us at: privacy@footlocker.com.
Please note that you also have the right to lodge a complaint with the competent Data Protection Authority.
10. Updates to this CCTV Statement
We amend this Statement from time to time to keep the information provided up to date. We encourage you to review this Statement periodically.
Last Updated: June 2020
11. Contacts
If you have any questions, concerns or complaints regarding this Statement or the processing of your Personal Data, please contact us at: privacy@footlocker.com.
In case you desire to exercise any of your rights, please use the following webpage www.footlocker-emea.com/privacy.