FOOT LOCKER, INC. PRIVACY SHIELD POLICY
Introduction
Foot Locker, Inc., a corporation organized under the laws of the state of New York, United States of America, and its U.S. subsidiaries, including Foot Locker Retail, Inc. and Foot Locker Corporate Services, Inc. (the "Company"), is committed to protecting the personal information of its associates, customers, suppliers and business partners. The protection of personal data and its confidential treatment is of central concern to the Company, and we conduct our business in compliance with applicable laws on data privacy protection and data security.
Information regarding Foot Locker associates
Foot Locker is committed to maintaining an environment that is free of discrimination based on race, ethnic origin, religious or philosophical belief, sex life or sexual orientation, age, gender identity or gender expression, political opinions or trade union membership, national origin, disability or other factors that are unrelated to the Company's legitimate business interests. It is our policy to apply fair and lawful human resource policies and practices in all aspects of employment, including recruiting, hiring, evaluation, training, discipline, career development, compensation, promotion and termination.
The Company centralizes the human resources and compensation information for associates of the Company and its subsidiaries and affiliates worldwide on the PeopleSoft Human Resources Management System. In 2011, the Company automated the performance appraisal and executive development review process for its associates globally. In addition, the Company receives information provided by individuals applying for employment with the Company’s European subsidiaries and affiliates. As a result of these initiatives, the Company can receive personal data on associates and applicants from its Foot Locker subsidiaries in Europe.
Information regarding customers and sneaker enthusiasts
Foot Locker Europe’s website www.footlocker.eu is currently operational in various European countries (Austria, Belgium, Czech Republic, Denmark, France, Germany, Greece, Hungary, Ireland, Italy, Luxemburg, Netherlands, Norway, Poland, Portugal, Spain, Sweden and the United Kingdom), with websites in other European countries expected to follow, and information regarding customers who place orders through this website and/or who can subscribe to newsletters and promotional initiatives may be received by the Company. Foot Locker Europe also operates a paneuropean marketing website where visitors can subscribe to newsletters and participate in various marketing initiatives. The Company may have access to personal data thus captured.
Foot Locker’s U.S.-based websites receive information regarding customers who place orders through our U.S.-based websites and/or who subscribe to newsletters and promotional initiatives. Effective December 2010, Foot Locker launched a social network site regarding sneakers, where subscribers can also register to obtain newsletters and promotional initiatives, which data may be received by the Company.
Privacy Shield Principles
The Company complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the United Kingdom, Norway, and Switzerland to the United States. The Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Treatment and Use of Information
The Company's policy is to treat all individually identifiable personal data of associates employed by the Company or its subsidiaries or affiliates, and applicants seeking employment through Foot Locker’s career website, careers.footlocker.com, with great care in order to safeguard the privacy of such individuals. Personal data concerning associates that is transmitted from Foot Locker subsidiaries in Europe to the United States to the Company's Corporate Human Resources Department, as well as to its Finance and Information Technology Departments, shall be used solely in connection with an associate's employment in accordance with the Company's policies and practices and in connection with the administration of the Company's compensation, benefits, and other human resources programs as well as information security programs. Personal data concerning applicants obtained through Foot Locker’s careers.footlocker.com website is initially transmitted to a third-party computer server in the United States and then directed to the appropriate responsible HR and Operations person or recruiter, who may be based in Europe or the United States, depending upon the location of the position for which the applicant is applying. Applicants that provide consent may receive email marketing communications relative to open career opportunities and branded Foot Locker employment content.
Customer and site visitor information obtained from customers who order through Foot Locker Europe’s websites, Foot Locker’s U.S. based websites, or by participating in marketing initiatives and subscribing to newsletters on the various Foot Locker operated websites, is used to (i) process orders, (ii) communicate with customers regarding their orders, and (iii) communicate with customers and subscribers regarding relevant promotions, competitions, marketing initiatives, merchandise releases, and offers or other relevant information. The information may also be used for statistical and market research purposes, and, in addition, for developing and improving our Services through surveys, product reviews, any other customer feedbacks. Only certain associates in the following departments within the Company will have access to customer and visitor information: Accounting and Financial Reporting, Information Technology, Marketing, and Footlocker.com/Eastbay and its customer service call centers.
Disclosure of Information
We may share personal data with affiliates, agents, contractors, or business partners so that they may perform services for us. The Company remains liable under the Privacy Shield Framework if the third-party handles personal data in a manner inconsistent with the Framework.
In addition, we may disclose personal data as required by law or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as is otherwise described in this Policy.
Your Rights and Choices
Under the Privacy Shield Framework and this Policy, you have the right to request access to personal data about yourself and to request limitations on how the Company uses or discloses personal data about you. With our Privacy Shield certification, the Company has committed to respect these rights. To exercise these rights, please contact the Associate General Counsel as indicated below. We will respond to such requests within a reasonable timeframe.
Questions or Complaints
You can contact us with any Privacy Shield related question or complaint regarding Foot Locker’s certification. Please address these to:
Joy Echer, Associate General Counsel
telephone: 212-720-4693 or e-mail: jecher@footlocker.com or privacyteam@footlocker.com
All complaints will be investigated.
For employee personal data, please contact Barbara van Campen, VP - Human Resources (telephone: 31-3478-05217, e-mail: bvancampen@footlocker.com) or Ivar Oosterveld, VP-Legal (telephone: 31-3478-05263, e-mail: ioosterveld@footlocker.com) at Foot Locker Europe in Vianen, The Netherlands; or Elizabeth Norberg, Senior Vice President and Chief Human Resources Officer of the Company in the New York Office (telephone: 212-720-4417; e-mail: elizabeth.norberg@footlocker.com or Lori Topper, Vice President, Corporate Human Resources (telephone: 212-720-3877; e-mail: lori.topper@footlocker.com. The Company has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit: https://www.jamsadr.com/eu-us-privacy-shield [jamsadr.com]. The services of JAMS are provided at no cost to you.
If you have a complaint involving employee personal data as described above, you may contact the Data Protection Authority (DPA) in your country. The list of DPAs in the European Union is available here:
(http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm) and information about the Swiss Federal Data Protection and Information Commissioner is available here: (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html). The Company agrees to cooperate with the DPAs in the European Union and Switzerland and comply with the advice of such authorities with regard to employee personal data.
As further explained in the Privacy Shield Framework, a binding arbitration option will also be made available to address complaints not resolved by any other means. The Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Amendment or Termination of Policy
The Company reserves the right to amend, terminate or suspend this Policy at any time. Any changes will be communicated to associates and will be posted on the Company’s website in a timely manner.
Updated: March 2021