This Privacy Policy (“Policy”) provides you with information about how DFS US and DFS Group Limited (“DFS”) collect your personal information (defined below), and about the cookies which are used by DFS on websites belonging to DFS. This Policy applies to you when you are located in the United States (including when you are traveling to our North American shops) and when you interact with us by visiting the DFS website(s) (www.dfs.com), make a purchase, visit a store, participate in our events, promotions, offerings or partner activities, or interact or communicate with us as part of our marketing practices or outreach. We offer a variety of products and services (collectively, the “Services”).

For the purposes of this Policy, DFS is a controller (i.e., responsible party) of your personal information when we administer the Services directly on our own behalf. In certain situations, we may also administer the Services on behalf of customers or other third parties. In those instances, DFS may act as a processor or service provider to such organizations, and you should review the privacy policy of such third parties with whom you are dealing directly, as they will be responsible for the handling of your personal information.

This Policy outlines the way in which the companies DFS US, DFS Group L.P. whose registered office is 1580 Francisco Street 90501, Torrance, California, USA, DFS Guam L.P. whose registered office is 1296 Pale San Vitores Road, Tumon Guam 96913, Tamuning Guam (hereinafter, and collectively “DFS US”), and DFS Group, whose registered office is at 15/F One Taikoo Place, 979 King’s Road, Quarry Bay, Hong Kong, as joint controllers (“DFS”), collect and process the personal information which concerns you. The provisions of, including but not limited to, the US Privacy Act of 1974, the California Consumer Privacy Act of 2018 “CCPA,” as amended by the California Privacy Rights Act (“CPRA”) apply to the processing of your personal information by DFS. Terms used for the purposes of this Policy have the meanings given to them by the Legislation.

DFS has appointed an internal Data Protection Officer. If you have any questions relating to the collection and/or processing of your personal information by DFS, please contact the data protection officer at the following address: dpo@dfs.com.

We collect your personal information in the following ways, pursuant to applicable law:

· Directly From You, we collect personal information you provide such as when you make a purchase, register for an account or create a profile, sign up for one of our program(s), contact us, respond to a survey, book a reservation, make an appointment for in-store or virtual services, register for an event, interact with us in store (including in-store digital experiences) or via DFS Customer Service, participate in a sweepstakes, contest, or other similar campaign or promotion, respond to a survey, or sign up to receive emails, text messages, and/or postal mailings. Your personal information is notably obtained from:

- DFS CIRCLE sign up and upgrade;
- Book an experience;
- Reservation and purchase of products,
- Product delivery;
- Click & Collect services;
- Refund tax services;
- Gift cards
- Loan of equipment
- in one of our stores

· Through Our Use of Cookies and Other Automatic Data Collection Technologies, when you visit our websites, use our mobile applications or DFS platform, open or click on emails we send you, or interact with our advertisements. We or third parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see the “Cookies and Similar Tracking Technologies” section below.

· Through in-store and other offline technologies. In some cases, we record customer service calls for quality assurance. We also use Closed Circuit Television or CCTV in our stores for safety, security, fraud, loss prevention, and operational purposes. In addition, some of our stores utilize technology that transmits a Bluetooth signal to and/or works with your mobile device running DFS websites and/or DFS platforms (e.g. the beacon). If you have enabled the beacon on your mobile device, we collect device information and other unique identifiers and location data when you visit our stores.

· From our third-party partners. We obtain information from third parties that we have partnered with, such as brands, application providers, third-party websites and other third parties we choose to collaborate or work with.

· From social media platforms and networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, You Tube, and Pinterest) in connection with our websites or DFS platforms, we collect information that you share with us, or that the social media platforms share with us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.

· From Other Sources, including data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.

Protecting the safety and privacy of children is very important to DFS. Our Services are not intended for persons under 18 years of age. We do not knowingly collect or maintain personal information from persons under 13 years of age. If you are under the minimum age requirement, please do not submit any personal information without the express consent and participation of your parent or guardian. If you believe that we have collected personal information about a minor without such consent, please contact us at dpo@dfs.com or refer to the information in the Contact Information section and we will delete this information.

The types of personal information we collect about you depends on how you interact with us. “Personal information” refers to information that identifies, relates to, describes, or can be associated with you. Depending on the Services you use, the following are the categories and specific types of personal information that we may collect:

· Contact Information/Identifiers, including name, email address, postal address, phone number, username, date of birth, or other similar identifiers (such as for Loyal T).
· Government Identifiers, including driver’s license number, passport information, and social security number (in certain instances may be considered sensitive personal information).
· Information Specific to the Services, including, in certain instances, reservation history, order and purchase history, preferences and interests, and communications with us.
· Demographic Information, including age, gender, race, ethnicity, and household information, some of which may include characteristics of protected classifications under state or federal law.
· Device Information and Other Unique Identifiers, device identifier, internet protocol (IP) address, or similar unique identifiers.
· Internet or Other Network Activity, including browsing or search history, and information regarding your interactions with our websites, mobile applications, emails, or advertisements.
· Geolocation Data, including information that permits us to determine your location, such as if you manually provide location information or enable your mobile device to send us precise location information.
· Payment Information, including credit or debit card number, or other financial information.
· Inferences, inferences drawn from or created based on any of the information identified in this section.
· Sensitive Personal Information (where permitted and in accordance with applicable law), of the information listed above, passport number is also sensitive personal information.
· Image, video and other media.

The provision of the sensitive personal information listed above is voluntary. In certain instances, we will not be able to process your request for our Services without the requested personal information.

DFS relies on the following legal grounds for the collection, processing, and use of your personal information:
· As necessary to provide the Services or perform a transaction (such as when we respond to your requests);
· Consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies);
· As necessary for legitimate interests (such as when we act to maintain our global business generally, including maintaining the safety and security of the website(s)); and
· Compliance with legal obligations, particularly in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws.

Your Data is either:

· collected based on your consent; or
· required for the completion of your orders according to a contract; or
· collected for the purpose of pursuing a legitimate interest of DFS (e.g. the development of our
· commercial activity or to prevent fraud and counterfeiting)
· collected to fulfil DFS legal requirements.

Your personal information is therefore collected and/or processed notably for the following purposes (Processing Purposes”): View Details

In the particular case where you wish to communicate with DFS staff through third-party instant messaging services, DFS cannot guarantee the confidentiality and security of your personal information or any other information exchanged through such messaging services. Companies offering this type of messaging services are themselves responsible for processing of your personal information and comply with their own data protection and confidentiality policies. In this specific context, the processing of your personal information by third-party messaging services remains outside DFS’ control. DFS therefore declines any responsibility in the context of this use.

Every time you come to the website, our website’s web server automatically collects information, including, in some instances, personal information, through cookies, web beacons, and other similar tracking technologies (collectively “cookies”). Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies help the website remember information about your visit, which can make it easier to visit the website again and make the website more useful to you. Some cookies are deleted once you close your browser (session cookies), while other cookies are retained even after you close your browser so that you can be recognized when you return to a website (persistent cookies). More information about cookies and how they work is available at www.allaboutcookies.org. Generally, your email address and all other personal information is collected only when you voluntarily provide that data.

Cookies on our website are generally divided into the following categories:

Essential Cookies: These are cookies that our website needs in order to function and that enable you to move around and use the website and features. Without these essential cookies, the website will not perform as smoothly for you as we would like it to, and we may not be able to provide the website or certain services or features you request. Examples of where these cookies are used include: to determine when you are signed in, to determine when your account has been inactive, and for other troubleshooting and security purposes.

Analytics Cookies: Analytics cookies provide us with information regarding how visitors navigate and interact with our website. Such cookies allow us to understand, for example, more about how many visitors we have to our website, how many times they visit us and how many times a user viewed specific pages within our Site. Among other Analytics cookies, we use Google Analytics cookies for these purposes. For more information about Google Analytics, please refer to “How Google Uses Information From Sites or Apps that Use Our Services,” which can be found at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time.

Advertising Cookies: Advertising cookies may be placed by us or third parties to enable third party ad networks to recognize a unique cookie on your computer or mobile device. The information that is collected and shared by these types of cookies may also be linked to the device identifier of the device you are using to allow us to keep track of all the websites you have visited that are associated with the ad network. This information may be used for the purpose of targeting advertisements on our website and third party sites based on those interests.

In addition to the specific situations discussed elsewhere in this Policy, the below information indicates the instances where we may disclose information when requested to government entities, auditors, lawyers, consultants, and other parties as required by law concerning any category (e.g. in response to a subpoena).

· Within DFS. We may share your personal information with our corporate affiliates (e.g., parent company, sister companies or subsidiaries, and other companies under common control) or joint ventures to which we are a party.

· Partners. We may disclose your personal information (including sensitive personal information) to our partners with your consent, where required.

· Third Parties. Certain Services are provided by third parties on the DFS websites. By selecting or purchasing a third-party service, you instruct DFS to disclose your name, email address, and other contact information with the applicable third party. If you do not desire for DFS to disclose your personal information to these third parties, do not select or purchase these third-party services. Their use of your information is not governed by this Policy.

· Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy.

· Service Providers. We disclose information to service providers as necessary for them to assist us with our business operations and provide services to us, subject to appropriate confidentiality and data protection agreements. Among other things, service providers assist us with website hosting, data storage, data analytics, helping with addressing security, fixing errors, processing payments, providing identity verification services, providing technical support, sending communications (including SMS/text messages), providing assessments, fulfilling user requests, and other activities related to the management of our business and services.

· Government Entities or Regulators. We may disclose information for legal reasons as we believe to be necessary or appropriate to: (a) satisfy any applicable law, legal process, or proper governmental request; (b) enforce any agreement we may have entered into with you or your organization, including investigating any violations or asserting remedies; (c) detect, prevent, or otherwise address fraud, security or technical issues; (d) protect against harm (whether tangible or intangible) to the rights, property, or safety of DFS, our users, or the public as required or permitted by law; and (e) establish or exercise our rights, defend against a legal claim, and investigate, prevent, or take action regarding possible illegal activities or a violation of our policies.

· Business Transaction. We may disclose personal information to a potential or actual buyer in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), including any due diligence related to such a transaction.

· Social Media Platforms and Networks: Some of our Services have features such as, plugins, widgets, or and other tools made available by third parties that may result in information being collected or shared between us and the third party. The third party’s use of your information is not governed by this Policy. You may have the right to opt out of our use of these technologies, as further described in this Policy.

· De-identified or Aggregate Information. We may aggregate and anonymize information you provide to us in such a way as to ensure it will no longer be identifiable to you. This data may be used for statistical, analytic, and administrative purposes, including analyzing our website traffic and trends, tailoring our Services, or conducting product analysis. We may share anonymized or aggregated data at our discretion, in accordance with applicable laws.

If you have any questions, comments, or complaints concerning our privacy practices please contact the DPO at dpo@dfs.com. Except for these cases, your personal information will not be transferred or made accessible to any third parties, subject to any restructuring of DFS, including a total or partial asset transfer, merger, absorption, acquisition, demerger and in general any reorganisation operation, subject to appropriate security and confidentiality measures.

Since DFS is an international group and works with data processors located abroad, you should be aware that your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected, including the United States, Singapore, the People’s Republic of China (PRC), Hong Kong, and Japan, and the laws may be less stringent than the laws in your country. Where required by applicable law, we will provide appropriate protections for personal information transferred, including by implementing appropriate contractual controls.

You may have certain rights regarding your personal information. The rights available to you depend on our reason for processing your personal information and the requirements under applicable law (i.e., your rights will vary depending on whether you are located in, for example, California, the European Union, or United Kingdom). Specifically, you may have the following rights:

· Access: You have the right to request access to the personal information we hold about you, along with other information such as the purposes of the processing, the recipients or categories of recipients to whom the personal information has been or will be disclosed, the sources of the personal information, retention, and transfers of personal information.

· Correction: You have the right to request correction of inaccurate personal information we have about you. Depending on the purposes of the processing, you may have the right to have incomplete personal information completed, including by means of providing a supplementary statement. As noted above, you may also be able to correct your information in your account or profile.

· Deletion: You have the right to request that we delete your personal information.

· Data Portability: Under certain circumstances, you have the right to receive the personal information about you that you have provided to us, in a structured, commonly used, and machine-readable format.

· Opt Out of the “Sale” or “Sharing” of Personal Information: Our use of cookies or other tracking technologies is deemed a “sale” or “sharing” under California law (in this context “sharing” means cross contextual behavioral advertising) of personal information. As such, you can opt out of our use of tracking technologies and cookies by clicking the “Do Not Sell or Share My Personal Information” button at the bottom of the DFS website.

o The following categories of personal information disclosed are considered “sale”/ “sharing” under California law: direct identifiers, device information, and geolocation data.

o The following categories of third parties to whom personal information was disclosed are considered “sale”/ “sharing” under California law: social media platforms and networks.

· Automated Processing: Under certain circumstances, you have the right to object to a significant decision based solely on automated processing (i.e., without human intervention) unless that decision is required or authorized by law.

· Right of Non-Discrimination/Retaliation: We do not discriminate against individuals who exercise any of their rights described in this Policy, nor do we retaliate against individuals who exercise these rights.

· Right to Opt Out of our Use of your Sensitive Personal Information (in certain instances and if permissible under applicable law). We do not disclose Sensitive Personal Information for purposes other than those which cannot be limited under applicable law.

Please note that many of the above rights are subject to exceptions and limitations. Your rights and our responses will vary based on the circumstances of the request. If you choose to assert any of these rights under applicable law, we will respond within the time period prescribed by such law.

Note that, as required by law, we will require you to prove your identity. We may conduct an identity verification by phone call or email. Depending on your request, we will ask you to confirm your email address and may request additional information such as your name, the last item you purchased from us, or the date of your last purchase from us. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.

If you are located in the State of California in the United States, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. Where required, you must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.

In any circumstances, your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:

1. A completed Authorized Agent Designation Form indicating that you have authorization to act on the consumer’s behalf. Upon request, we can provide a copy of such Authorized Agent Designation Form.

2. If you are a business, proof that you are registered with the Secretary of State to conduct business in California.

If we do not receive both pieces of information, the request will be denied.

For more information or to exercise your rights, please contact us as stated in the “Contact Information” section of this Policy.

If you are a current or former DFS employee, please reference our DFS Employee Policy. If you are a California applicant, please reference our DFS Applicant Policy.

We offer our customers a rewards program that provides certain perks, such as rewards, promotions and exclusive offers or events (“DFS CIRCLE”). when you sign up for DFS CIRCLE we will ask you to provide your name and email address. The value of your personal information to us is related to the value of the offers, events, products and services that you obtain when you redeem points. This value is based on the expense related to offering those offer, events, products and services.

You may withdraw from participating in DFS CIRCLE at any time by contacting customer service at clientservice@dfs.com. Visit the Terms and Conditions page (here) to view full program rules, including how to join.

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

Some of our Services may permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account by using one of the methods listed below under “Contact Information.”

DFS generally recognizes commercially recognized opt-out preference signals (e.g., Global Privacy Controls, Do Not Track). Recognition of this signal applies only to the specific device and/or browser that communicates the signal and does not cross over to all devices/browsers you use to access the Services.

Our Services may contain links to websites, content, or services owned or operated by third parties. Please note, we have no control over the privacy practices of websites or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about what information is collected and how it is used and/or disclosed.

In the event of a change to this Policy, DFS will inform you of the update of the Policy, by mentioning it on the DFS website and/or by email.

If you have any questions, comments, or complaints concerning our privacy practices, or, where required by law, if you would like to submit a request based on a right listed in this Policy, please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

DFS Limited
dpo@dfs.com.

This Policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

Last Updated Date. 20st of March, 2024