Safe Harbor Policy

Gilt Groupe Holdings, Inc. and its subsidiaries and affiliates (collectively, “GILT”) respect your concerns about privacy. The following GILT entities have certified compliance with the U.S.-EU and U.S.-Swiss Safe Harbor privacy frameworks for the handling of Personal Information the entities receive in the United States from the European Union, Iceland, Liechtenstein, Norway or Switzerland (collectively, “EEAS”):

  • GILT Groupe Holdings, Inc.
  • GILT Groupe, Inc.
  • GILT City, Inc.

This policy describes how GILT complies with the Safe Harbor privacy principles of Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement.

For purposes of this policy:

  • “Customer” means any individual located in the EEAS who is GILT’s potential or actual customer, such as a website user or member, or an individual who provides information to GILT at a promotional event.
  • "Employee" means any prospective, current or former GILT employee located in the EEAS.
  • “Personal Information” means information that (i) is transferred to GILT in the U.S. from EEAS, (ii) is recorded in any form, (iii) is about, or relates to, an identified or identifiable Customer or Employee, and (iv) can be linked to that individual.
GILT's Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles, please visit www.export.gov/safeharbor. 

Notice

GILT provides information in each entity’s Privacy Notice regarding the company’s privacy and data security practices regarding Customer Personal Information. The Privacy Notice describes:

  • The purposes for which we collect and use the information;
  • The types of third parties to which we disclose the information;
  • The choices we offer Customers for limiting our use and disclosure of their Personal Information;
  • How to exercise these privacy choices; and
  • How to contact GILT about the company’s Customer Personal Information practices.

In addition, GILT's employment contract informs Employees about the company's privacy and data security practices regarding Employee Personal Information.

Choice

We offer Customers the choice to direct GILT not to (i) disclose their Personal Information to third parties (other than GILT’s services providers and affiliates) or (ii) use the information for a purpose incompatible with the purposes for which the information was originally collected (as described in each entity’s Privacy Notice or subsequently authorized by the Customer. Customers may contact GILT as indicated below to exercise their choices regarding the company’s use or disclosure of their Personal Information.

Except as described below, we do not disclose Employee Personal Information to third parties for those third parties' own purposes, or use the information for any purpose other than the purposes for which the information was collected (as described in the employment contract for GILT Employees) or to which the Employee subsequently consented.

We may disclose Personal Information without offering Customers an opportunity to opt out (i) if we are required to do so by law or legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. We also reserve the right to transfer Personal Information in the event we sell, merge or transfer all or a portion of our business or assets. 

Onward Transfer

GILT shares Personal Information with service providers that perform services on the company’s behalf. Except as described below, GILT requires such services providers to either (i) certify compliance with the Safe Harbor frameworks to the U.S. Department of Commerce, or (ii) contractually agree to provide at least the same level of privacy and security protection for the Personal Information as is required by the Safe Harbor privacy principles relevant to the business functions the service provider performs. These requirements do not apply to service providers that are (i) subject to the European Union Data Protection Directive 95/46 or the Swiss Federal Data Protection Law, (ii) located in a country deemed by the European Commission to adequately safeguard personal information, or (iii) subject to another data protection adequacy basis.

Access

As described in the “Access and Correction” section of our Privacy Notice, GILT provides Customers with reasonable access to the Personal Information the company maintains about them, including a reasonable opportunity to correct, amend or delete the information where it is inaccurate. GILT may limit or deny Customers' access to their Personal Information where providing such access is unreasonably burdensome or expensive or as otherwise permitted by the Safe Harbor frameworks. Customers may access and correct their personal information using accounts they maintain on GILT’s websites or ask GILT to correct or amend their Personal Information by contacting the company as indicated below.

GILT's employment contract describes how Employees may submit requests to access the Personal Information the company maintains about them, or to request that we correct, amend or delete the information if it is inaccurate. We may deny an Employee's access request if we determine that the burden or expense of providing access would be disproportionate to the risks to the Employee's privacy under the circumstances, or where the rights of individuals other than the Employee requesting access would be violated, or in other circumstances the company deems appropriate. 

Security

The company takes reasonable precautions to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

GILT takes reasonable steps to ensure that the Personal Information the company maintains is relevant for the purposes for which the company uses the information, and that the information is reliable, accurate, complete and current. GILT requires its Customers to update and correct their Personal Information as necessary using the accounts Customers maintain on GILT’s websites.  In addition, GILT requires its Employees to update and correct the Personal Information they have provided to the company in the event the information has changed and is no longer accurate, complete or current.

Enforcement

GILT conducts an annual self-assessment to verify that this Safe Harbor Privacy Policy is accurate, comprehensive, prominently displayed, implemented, accessible and conforms to the Safe Harbor frameworks, and that the company has put in place appropriate employee training and Safe Harbor compliance review procedures.

Customers and Employees may file a complaint with GILT regarding the company’s handling of their Personal Information by contacting the company as indicated below. If a Customer complaint cannot be resolved through GILT’s internal complaint resolution processes, the company will cooperate with JAMS pursuant to the JAMS International Mediation Rules.  Where an Employee complaint cannot be resolved through GILT's internal complaint resolution processes, the company will cooperate with the relevant data protection authorities in the EEAS, in investigating and resolving the complaint.

In all events, GILT will take steps to remedy any issues arising out of the company’s failure to abide by the Safe Harbor frameworks.

How to Contact Us

Customers who have any questions or comments about this Safe Harbor Privacy Policy should contact us by email at [email protected]. You also may write to us at:

GILT Groupe, Inc.
Attn: Legal Department
2 Park Avenue, 4th Floor
New York, New York 10016

Employees who have any questions or comments about this Safe Harbor Privacy Policy should contact Fidelma Healy at [email protected].