Privacy Policy

Here at HS Brands we’re committed to protecting the Personal Data and privacy rights of our Data Subjects; Mystery Shoppers, Employees, Independent Contractors, Clients or Vendors. As a global company we maintain compliance with data protection laws, rules and regulations; including EU’s General Data Protection Regulation (GDPR).

HS Brands is considered the Data Controller of a Data Subject’s Personal Data.  Your Personal Data is collected when you create a mystery shopper account or enter into a contractual agreement with HS Brands as an Employee, Independent Contractor, Client or Vendor.  By using this site and/or registering to become a mystery shopper with us, you acknowledge you’ve read, understand and accept the practices we’ve outlined for you here in this policy.

GDPR requires us to implement and adhere to strict technological and organizational controls. Our main SAS provider; SurfMerchants, has implemented state of the art IT technologies to ensure GDPR compliance. SurfMerchants adheres to a “Privacy Shield Policy” which can be reviewed by visiting http://surfmerchants.com/privacyshield/.  This policy allows SurfMerchants to establish and maintain an adequate level of Personal Data privacy protection.  For additional information or to view SurfMerchants certifications through Privacy Shield please visit https://www.privacyshield.gov. Surf Merchants will continue to review and update the security controls necessary to protect the personal data of employees, customers, field agents and partners from unauthorized access or loss.

Below are the six (6) GDPR principles that companies must adhere to regarding the processing of Personal Data.  The Personal Data we hold about you must be:

1. Processed lawfully, fairly and in a transparent manner.
2. Collected for legitimate purposes that have been clearly explained to you and not processed in a way that is incompatible with those purposes.
3. Adequate, relevant and limited to what is necessary in relation to the purposes.
4. Accurate and, where necessary, kept up to date.
5. Kept in form which permits identification for no longer than is necessary for the purpose of use.
6. Processed in a manner that ensures appropriate security of the Personal Data.

إذا قمت بالتسجيل كمتسوق أو قمت بتسجيل الدخول كعميل أو بائع ، فسنقوم بتعيين ملف تعريف ارتباط (كوكيز) مؤقت للتأكد من ان المتصفح الذي تستعمله يقبل ملفات تعريف الارتباط (كوكيز). لا يحتوي مِلَفّ تعريف الارتباط (كوكيز) على بيانات شخصية ويتم تجاهله عند إغلاق المتصفح الخاص بك.

HS Brands collects a variety of personal information which may include the following:

1. Personal identification (Name, date of birth, gender, height, weight, sex, income etc.)
2. Contact details (address, email, telephone number)
3. Membership/Work card numbers
4. Electronic (IP address)
5. Financial (bank name, account and routing numbers)
6. Professional competencies, and previous experience)
7. Your photo
8. Performance rating (based on work completed)

Special categories of Personal Data may disclose a Data Subject’s convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data, or sexual orientation, and is prohibited unless one of the allowable exceptions applies:

1. Explicit consent is given except where Union or Member State law provides that the prohibition may not be lifted by the Data Subject.
2. Processing is necessary for carrying out the obligations of the Controller regarding employment.
3. To protect the vital interests of the Data Subject or another natural person if the Data Subject is physically or legally incapable of giving consent.
4. Processing of Personal Data which was made public by the Data Subject.
5. Legal claims
6. Processing is necessary for preventive or occupational medicine
7. Processing is necessary for the reasons of public health.

The Data Subject shall have the right not to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning the Data Subject. This shall not apply if the decision is:

1. Necessary for entering into a contract between Data Subject and Data Controller
2. Authorized by Union or Member State Law which lays down suitable measures to safeguard the Data Subjects rights.
3. Based on the Data Subjects Consent
4. Shall not be based on Special Categories of Personal Data

HS Brands may collect your Personal Data in a variety of ways.  The Personal Data we collect will vary depending upon your status with us.

As a Mystery shopper, Personal Data may be collected:

1. During the initial shopper sign-up
2. When you request an assignment
3. During your mystery shopping assignments and/or upon completion of an assignment

As an Employee, Personal Data may be collected:

1. During the application and on-boarding process
2. Throughout your employment with HS Brands to keep your personnel files accurate.

As a Client, Personal Data may be collected:

1. When you inquire about services
2. During the client set-up phase.

Your Personal Data is collected and used for a variety of legitimate business purposes.

1. Legal obligations required by civil, fiscal and accounting roles
2. Administrative management of the relationship
3. Obligation fulfillment
4. Management of archives and correspondence
5. Gathering additional data for assigning appropriate shops
6. Satisfying governmental reporting, tax and other requirements
7. Verifying identity
8. Other business-related purposes permitted or required under applicable local law and regulation
9. As required by law

In order to ensure we’re taking every step necessary to protect your personal data, we have implemented, and adhere to strict technological and organizational measures designed to protect any Personal Data we process.

As an example, we have the following methods of protection in place:

1. SurfMerchants (SM); our software provider adheres to a “Privacy Shield Policy” which allows them to establish and maintain an adequate level of Personal Data privacy protection.
   • For additional information or to view SM certifications regarding Privacy Shield please visit https://www.privacyshield.gov.
2. Having documented data security procedures
3. Clearly defined staff responsibilities; Data Protection Officer
4. Verification, continuous monitoring and audit of the compliance
5. Initial and refresher Data Protection training and compliance audits for Data Users

بشكل عام ، سوف تحتفظ HS Brands ببياناتك الشخصية طالما أنك تتسوق بنشاط معنا أو طوال مدة الاتفاقيات التعاقدية. مطلوب فترة احتفاظ أخرى تصل إلى 7 سنوات بعد آخر عقد / طلب للإزالة من قاعدة البيانات الخاصة بنا لإعداد التقارير المالية والمحاسبة المالية.

تتم معالجة البيانات الشخصية ورقياً، عبر الحاسوب أو أي طرق تواصل أخرى من أجل ضمان أمن وسرية البيانات وكذلك الامتثال الكامل للقانون.

As a Mystery Shopper you have the ability to update and/or change your Mystery Shopper profile by logging into the appropriate Sassie site and updating your data.  For any updates to Personal Data not found within your Mystery Shopper profile you may email privacy@hsbrands.com to request updates.

As an Employee, Independent Contractor, Client or Vendor who wishes to update and/or change your Personal Data you may do so by emailing privacy@hsbrands.com.

There are a variety of rights a Data Subject is entitled to regarding how their Personal Data is handled as determined by GDPR.

1. Right of access: Data Subjects may request details about information about them, how the data was collected and the reason the data has been collected. If Personal Data is transmitted to third parties, information must begiven about the identity of the recipient or the categories of recipients, including other HS Brands companies.
2. Right to rectification: If Personal Data is incorrect or incomplete, the Data Subject may request the information be corrected.
3. Right to withdraw consent: Data Subjects can object to the processing at any time. Personal Data must be blocked from the processing that has been objected
4. Right to erasure. Data Subjects may request their data be deleted if the processing has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be
5. Right to object: Data Subjects have the right to object to his/her data being processed. This does not apply if legal provisions require that Personal Data are to be processed.
6. Right to data portability. Data Subjects have the right to request for the Personal Data provided by him/her to be made available to such Data Subject in an easily readable format, like a Word or Excel

As a Data Subject your consent is required in order for us to process your Personal Data.  You are in control of whether or not to provide consent to us to use your data in the manner requested. There will be no repercussions if you choose to withhold consent; however, without some data we may not be able to determine your suitability as a Data Subject for HS Brands.

1. Data can only be processed upon consent of a Data Subject
2. Consent must be provided voluntarily and may be withdrawn at any time with or without reason.
3. If you do not consent to share certain data this may eliminate you from being a mystery shopper, Employee, Independent Contractor, Client or Vendor with HS Brands.
4. The data provided to you must be clear, have a specifically stated purpose and involve an action on your behalf as a clear indication of your consent.

إذا قدمت لنا موافقتك مسبقًا ، فيحق لك سحب موافقتك على معالجة بياناتك الشخصية في أي وقت. إذا اخترت سحب موافقتك ، فيمكنك تقييد أو إلغاء قدرتنا على تحديد مدى ملاءمتك كصاحب بيانات في شركة HS Brands. إذا كنت ترغب في سحب الموافقة ، يمكنك القيام بذلك عن طريق البريد الإلكتروني: privacy@hsbrands.com.

تحتفظ HS Brands بالحق في تحديث أو تغيير سياسة الخصوصية هذه في أي وقت. يجوز تعديل هذه السياسة بما يتوافق مع مبادئ القانون العام لحماية البيانات (GDPR) ، وقوانين ومبادئ الخصوصية. إذا تم إجراء تغييرات ، فسنقوم بتبليغ الأطراف المعنية ونشر إشعار خصوصية جديد. في حال قمنا باجراء تغييرات تؤثر على الطريقة التي نتعامل بها مع البيانات الشخصية التي تم جمعها مسبقا، سنقوم باراسل تنبيه لك للموافقة على استخدام بياناتك بالطريقة الجديدة.

يمكنك الاتصال بـ HS Brands لطرح أسئلة بخصوص هذه السياسة ، لتحديث أي بيانات شخصية لا يمكنك الوصول إليها ، أو لسحب الموافقة عن طريق البريد الإلكتروني: privacy@hsbrands.com.

Below you will find a list of terms and their definitions.  These terms are mentioned throughout the Privacy Policy.

1. Controller: Determines the purposes and means of processing personal data. They are also responsible for establishing policies that align with legal requirements.
2. Data Users: Employees that process Personal Data. Any employee processing Personal Data has received training and understands they must handle the data in accordance with HS Brands security policy.
3. Data Subject: Identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. Data Subjects have legal rights regarding their Personal Data rights (see “Rights of Data Subject”).
   • Data Subjects could be Mystery Shoppers, Employees, Independent Contractors, Clients or Vendors.4.
4. Personal Data: Any data that can be identifiable directly or indirectly by referring to an identifier such as a name, id number, location, online identifier or, to one or more factors specific to: the physical, physiological, genetic, mental, economic, cultural or social identity.
5. Processing: Any operation or set of operations which is performed on Personal Data, whether or not by automated means.
6. Processor: A person/organization that processes Personal Data on behalf of and at the direction of the Controller. A Processor is not considered a Data User but more typically a Third Party.
7. Third party: Any individual or entity that is neither HS Brands nor an HS Brands employee, agent, contractor, or representative.