Alertline

Data Protection & Privacy Notice

The data privacy regulations of some countries/regions require that a person making a report containing personal data be notified of certain collection and retention practices regarding the information submitted by that person through this service.

You are being asked to read the terms outlined below. If you do not acknowledge that you have read the terms below, we are unable to accept any information through this system and suggest you contact your supervisor or manager to discuss the matter further.

1. General

This service is a web and phone-based intake system provided by Tiffany & Co. (together with its affiliates, “your organization”, “we”, “us”) to individuals for reporting suspected violations of laws or regulations or company policies.

The Tiffany & Co. affiliate that employs you (or for which you otherwise perform services) and Tiffany & Co. are primarily responsible for processing your personal data and investigating reports made through this service.

2. Use of this service

Use of this service is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager. If you feel that you are unable or do not wish to do so, you may use this service to make your report.

This service is a confidential online reporting system that allows you to report on certain matters related to suspected violations of law or company policies, as well as other concerns you may have, to your organization. Regulations in certain countries/regions may restrict or limit the types of matters that may be reported (for example, to concerns related to financial matters, accounting or auditing irregularities, bribery, competition law violations, discrimination or harassment, or impacts to the environment, health, hygiene or safety. If your concern pertains to a matter that your organization does not expressly provide for (the type of matter is not available to select), you may contact your supervisor or local management to report the matter.

Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from your organization for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially and will only be provided to authorized persons or where otherwise legally required or permissible. In all cases, the information you submit will be handled sensitively. We encourage you to identify yourself in order for us to follow up with questions we may have (but you are by no means required to do so).

3. What personal data and information is collected and processed?

This service captures the following personal data and information that you provide when you make a report: (i) your name and contact details (unless you report anonymously) and whether you are employed by the organization; (ii) the name and other personal data of the persons you name in your report if you provide such information (i.e.: description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the incident. Note that the laws of some countries/regions do not permit reports to be made anonymously; however, if that is the case for you, any personal data that you provide will be treated confidentially and will only be disclosed as set out below.

The service is not intended to collect or process sensitive personal data (i.e., information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation) or criminal convictions and prosecutions. To the extent such data is intrinsic to the facts that have been reported, we will seek to minimize any resulting collection and further processing of such data.

4. How will the personal data and information be processed after your report and who may access personal data and information?

The personal data and information you provide will be stored in a database which is located on servers hosted and operated by NAVEX in the United States. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement.

For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used by the relevant personnel of your organization, including Human Resources, Finance, Internal Audit, Legal, Corporate Compliance, management, external advisors (e.g. legal advisors), or, in limited circumstances, by technical staff at NAVEX. For purposes of human resource management of your organization, personal data may be provided to your organization or its subsidiaries (in the United States or elsewhere).

Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities. The relevant bodies that receive and process personal data can be located in the US or in another country/region that may not provide the level of data protection available in your country/region.

We process personal data from individuals submitting a report the extent necessary to comply with legal obligations established under applicable laws, or to pursue our legitimate interests in processing reports, conducting an investigation and responding to the relevant concern.

5. Accessing information concerning the report

Your organization may notify any person who is the subject of a report about the report except where notice needs to be delayed to ensure the integrity of the investigation and preservation of relevant information.

With some exceptions, the subject of the report may request access to information concerning the report (with the exception of the identity of the reporter) and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. Similarly, with some exceptions, reporters may also access information about the report and request corrections of their personal data in accordance with applicable law. To make any such corrections, please contact your organization.

6. Retention of the report and of your data

Your report and your personal data will only be retained for as long as they are needed for the investigation of your allegations and for any legitimate follow-up to the investigation.

If an allegation is considered unfounded, the personal data associated with the allegation will be promptly and securely destroyed or erased. Personal data contained in a report will be destroyed or de-identified (i.e., all personal identifiers will be removed) as soon as practicable after conclusion of the relevant investigation, unless the investigation leads to disciplinary or legal proceedings, in which case we may need to retain your personal data until the conclusion of those proceedings and the period permitted under applicable law.

7. Data transfers

We may transfer the personal data that we collect through this service to recipients in countries/regions other than the country/region in which the personal data originally was collected. Those countries/regions may not have the same data protection laws as the country/region in which the report was originally provided. When we transfer personal data to recipients in other countries/regions, we will protect that personal data as described in this Data Protection & Privacy Notice.

As Tiffany & Co. operates internationally and NAVEX is located in the United States, your personal data will be transferred to the United States and, depending on the issue reported or if the investigation so warrants, to other countries/regions where Tiffany & Co. operates. We will comply with applicable legal requirements by providing adequate protection for the transfer of personal data to recipients in other countries/regions.

To the extent you are submitting a report in the European Economic Area or the UK and the data recipients are in countries/regions that have not been recognized by the European Commission or UK Secretary of State as providing an adequate level of data protection, we ensure that appropriate safeguards aimed at ensuring such a level of data protection are in place. This may include our intra-group data transfer agreements (based on the EU/UK Standard Contractual Clauses) and a data transfer agreement incorporating the EU/UK Standard Contractual Clauses with NAVEX, a copy of which you can obtain by contacting us as indicated below.

8. Your rights

Your organization will fully support you in the rights you may have as a data subject under applicable law.

In accordance with applicable law, you have the right to request access to and rectification or erasure of your personal data, or restriction of the processing of your personal data. You may also object at any time, on grounds relating to your particular situation, to the processing of your personal data in the context of a report made through this service. Please note that the exercise of these rights may be subject to certain exemptions.

Please contact your organization if you wish to exercise any of these rights. If you are not satisfied with our response or if you consider that your data protection rights have been breached, you may also lodge a complaint with the data protection supervisory authority in your country/region. The exercise of your rights may be restricted as necessary to protect others in the context of a particular allegation.

You may also email us at privacy@tiffany.com or contact:

Data Protection Officer
c/o Legal Department
Tiffany & Co.
200 5th Avenue
New York, New York 10010
United States

9. Special country/region regulations

For certain countries/regions (including much of the European Union), local whistleblower protections may apply under applicable law. Depending on local law, such whistleblower protections may apply only to reports regarding a limited set of topics, such as misconduct or concerns related to accounting, auditing, bribery, competition law, discrimination, harassment, the environment, health, hygiene or safety. For more information regarding your rights under local whistleblower laws, review your organization’s local whistleblower policies. To do so, proceed to your organizations Ethics & Compliance Policy Intranet and click on the applicable local whistleblower policy.

In Australia, reports are made “in good faith” if you have reasonable grounds to make the report. While you are able to make a report on an anonymous basis, if you identify yourself, then you consent to your identity being shared as described in our Australia Whistleblower Policy.


Customer Service Issues:
If you are trying to report a problem or concern regarding a customer service issue e.g., to change or inquire about an order, merchandise inquiry or Web site feedback) please contact client care at 800-843-3269 or click here.