Softline (its subsidiaries, including each Softline operating company - together, “Softline”) is committed to ensure the protection of Personal Data of its Customers, Employees, Business Partners and any other individual.
The Data Protection Policy (hereinafter, the “Policy”) shows how Softline process the personal data of clients, suppliers, employees and other categories of natural persons, namely describe the principles applicable to the personal data processing within Softline.
Softline’s mission and objective is to observe privacy/data protection legal obligations and highest standards in all data processing instances, throughout the entire personal data life cycle.
The Policy is the document that provides a high-level guidance on Softline’s actions relating to personal privacy and data protection and it is the statement of the management of Softline of the standards that need to me met.
Any information regarding an identified or identifiable natural person
The natural person identified or identifiable through the personal data processing. An identifiable natural person is a person who can be identified, directly or indirectly, especially through referral to an identification element, such as a name, an identification number, localization data, an online identifier or one or more specific elements, characteristic to their physical, physiological, genetic, psychic, economic, cultural or social identity
Any operation or set of operations performed on personal data or personal data sets, with or without the use of automatic means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, usage, disclosure through transmittal, dissemination or making available through any other means, alignment or combination, restriction, erasure or destruction
The natural person or legal entity, public authority, agency or other organism to which (whom) the personal data is disclosed, regardless if it is a third party or not
Personal Data Protection Officer/Responsible
The person in Softline responsible for meeting the demands regarding personal data protection, whether they were appointed Personal Data Protection Officer in the sense of the Regulation or was only assigned certain tasks in this sense, if there is not a Personal Data Protection Officer
Record of processing activities” or Personal Data Registry
Registry created by Softline according, in order to keep the record of the processing activities performed by Softline
Company or person mandated by the controller/operator” means the natural person or legal entity, public authority, agency or other organism that processes personal data on behalf of the controller/operator
The natural person or legal entity, public authority, agency or other organism which, alone or together with others, establishes the purposes and means of the personal data processing
A natural person or legal entity, public authority, agency or organism, other than the data subject, the operator, the assignee and the people who, under the direct authority of the person mandated by the controller/operator, are authorized to process personal data
All Softline operating companies partially or wholly owned unless specifically excluded
Middle East and North Africa
Asia Pacific region
Commonwealth of Independent States
Softline processes personal data from several general purposes, which are listed in the record of personal data processing activities, under the form of a registry. This Policy applies to any Personal Data Processing that is done for or by Softline.
This Policy shall be complied with by all employees, contractors, consultants, including all personnel affiliated with third parties who may have access to any Softline resources.
4. Application of national law
The present Policy presents the principles applicable to personal data processing, which must be observed within Softline, without replacing the legislation on data protection applicable in all countries where Softline is established or does business in. The legislation prevails over this Policy, if it contains divergent provisions or additional conditions. In particular, any conditions regarding reporting and authorization existing in the legislation concerning data processing based in the national legislation must be observed.
5. Principles of data processing
Each personal data processing must observe the rights and freedoms of the data subject, in accordance with the principles stated below. These must be observed even when new data processing is initiated or when the existing ones are extended or diversified.
Personal data processing is fair and lawful, meaning Softline has a legitimate business purpose (and, where required, a legal basis) for processing personal data. Where Softline acts as a processor, it will generally rely on the controller to establish this legal basis.
Personal data processing is limited to the minimum necessary, meaning Softline collects and retains the minimum amount of personal data necessary for the business purpose. Where Softline acts as a processor, it must also process personal data only as directed by the controller.
Softline is transparent with data subjects how and why their personal data will be processed. Where Softline is a processor, this information is likely to be provided to the data subjects by the controller.
Personal data is processed in accordance with the rights of data subjects (e.g. to access, erase or correct personal data). Where Softline acts as a controller, it must respect and observe any exercise of these rights, and where it is a processor it will be required to assist the controller in responding.
Personal data is accurate, up-to-date and complete. Where it acts as processor, Softline will assist the controller to ensure this.
Personal data is kept secure, meaning Softline applies appropriate security safeguards to personal data, including where processed by third parties. Where Softline acts as a processor, it will be required to implement its own appropriate safeguards and provide assistance to the controller in doing the same.
Personal data is transferred internationally in accordance with applicable law.
Softline is accountable and can demonstrate compliance with its obligations under applicable data privacy laws.
6. Rights of the data subject
Together with the principles mentioned above, Softline keeps in mind and observes the rights of the data subject in all personal data processing according with the applicable law, which might include:
Right to information and transparency - Softline ensures that the data subject is informed with regard to the personal data processing;
Right to access - Softline observes the procedure in order to ensure the access of data subject s to information regarding their data processing.
Right to rectification - Regardless of the grounds for the processing, the data subject s have the right to request Softline to rectify or complete their data, as the case may be, on the basis of an additional statement.
Right to restrict the processing - The data subjects can request Softline to restrict the processing of the personal data concerning them.
Right to erasure („right to be forgotten”) - The data subjects have the right to request and obtain the erasure of personal data in some cases;
Right to data portability – The data subjects have the right to request Softline to provide a copy of their personal data to the data subject or a Third Party in some cases.
Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: Softline shall not make decisions about data subjects based solely on automated processing.
7. Disclosure of personal data. Assignees. Transfer to Third-Party Countries
Type and purposes of personal data disclosures
Personal data shall only be disclosed if the party that receives it is personally liable for the data it has received or only if the party that receives them will use it in accordance with the instructions obtained from the party that discloses it.
Personal data can shall be disclosed for allowed purposes, mentioned in Softline’s records, in view of the performance of Softline’s activity, for observing legal obligations or if there is consent from the data subject.
In situations in which the processing will be performed by another natural person or legal entity in the name of Softline, they will be an processor/data importer in the sense of the applicable law and must offer enough guarantees for the application of adequate technical and organizational measures for personal data protection, which it will process in the name of Softline and by observing the rights of the data subjects.
Transfer of data to a third-party country
There is a transfer to another country when the personal data is transmitted, visualized or accessed by persons who are in another country.
If the personal data collected and stored by Softline is transferred to a person situated in a different country than the one where Softline has its registered office, the person who received the data must guarantee a personal data protection level equivalent to the level ensured by Softline.
8. Contact points
For inquiries on this Policy contact our Global DPO
Derbenevskaya emb. 7, Building 8, Business Quarters "Novospassky", Moscow, Russia, 115114
The Global Data Protection Officer is owner of this Policy. Softline is committed to ensuring that this Policy is observed by all employees, contractors, consultants, including all personnel affiliated with third parties who may have access to any Softline resources.
Compliance with this Policy is verified by various means, including reports from available business tools, internal and external audits, self-assessment, and/or feedback to the policy owner(s). Softline monitors its compliance with this Policy on an ongoing basis. Any exceptions to this Policy requires the written approval of the Global Data Protection Officer.
Failure to comply with this Policy, including attempts to circumvent it may result in disciplinary actions, including termination, as allowed by local laws.
Violations of regulations designed to protect Personal Data may result in administrative sanctions, penalties, claims for compensation or injunctive relief, and/or other civil or criminal prosecution and remedies.