PMI CORPORATE WEBSITE PRIVACY NOTICE
We take privacy seriously. This notice tells you who we are, what information about you we collect, and what we do with it. Click on “find out more” in each section for further information.
Who are we?
We are a member of Philip Morris International. Our details (name, address, etc.) will have been given to you separately at the time of (or to confirm) the collection of information about you, for example, in a notice on an app or a website, or in an e-mail or sms, containing a link to this notice.
Find out more…
- PMI: Philip Morris International, a leading international tobacco group. It is made up of a number of companies or “affiliates”.
- PMI affiliates: Each member of the Philip Morris International group of companies is a “PMI affiliate”. “We” (or “us” or “our”) refers to the PMI affiliate that first collected information about you.
- PMI product: means a product of ours or of another PMI affiliate.
How do we collect information about you?
We may collect information about you in various ways.
- You may provide us with information directly (e.g. for example if you register to receive PMI press releases or e-mail alerts; when you submit content to a digital PMI touchpoint, or fill in a form, or make a call to us).
- We may collect information automatically (e.g. when you use a PMI app or website).
In this notice, we refer to the methods by which you are in contact with us, i.e. apps and websites, as “PMI touchpoints”.
Find out more…
We may collect information that you provide directly. Typically this will happen when you:
- sign up to be a member of our databases (for example if you register to receive PMI press releases or e-mail alerts);
- submit content to a digital PMI touchpoint;
- contact us through a touchpoint, or by e-mail, social media or telephone; or
- participate in PMI surveys.
We may collect information about you automatically. Typically this will happen when you:
- communicate with us (for example, through a touchpoint; or social media platforms); or
- use PMI touchpoints (e.g. through tracking mechanisms in an app or a website).
We may also collect information in other contexts made apparent to you at the time.
What information about you do we collect?
We may collect various types of information about you:
- information necessary to provide you with press releases or e-mail alerts
- information you give us when you submit content to a digital PMI touchpoint
- information about your visits to PMI touchpoints
- information you give us in calls you make to switchboards or call centres
- information about your preferences and interests
- information necessary to verify your identity and age
find out more…
Information that we collect from you directly will be apparent from the context in which you provide it. For example:
- if you submit content to a digital PMI touchpoint, you may provide your name, username, contact, image, location, interests and preferences;
- you may provide information on your preferences and interests so that we can offer you updates and services that will interest you;
- we may collect information that enables us to verify your identity and age.
Information that we collect automatically will generally concern:
- details of your visit or call (such as time and duration);
- your use of digital PMI touchpoints (such as the pages you visit, the page from which you came, and the page to which you went when you left, search terms entered, or links clicked within the touchpoint); and
- your device (such as your IP address or unique device identifier, location data, details of any cookies that we may have stored on your device).
Information that we collect from third parties will generally consist of publicly-available profile information (such as your preferences and interests), for example from public social media posts.
For what purposes do we use information about you, and on what legal basis?
In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not use information about you for those purposes in that country.
Subject to the above, we use information about you for the following purposes:
- To comply with regulatory obligations, such as (where appropriate) verifying your age
- To administer our contract for user generated content with you (where you submit content to a digital PMI touchpoint)
- To provide you with press releases and e-mail alerts
- To enable you to use PMI touchpoints, and to customize your experiences of PMI touchpoints
- For general business administration, and to support all the above, including administering your accounts, corresponding with you, and administration and troubleshooting
- For business analytics and improvements, including improving PMI products, PMI touchpoints, and the information that we (or our affiliates) provide to those interested in our companies
- For other purposes that we notify you of, or will be clear from the context, at the point information about you is first collected
The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):
- compliance with a legal obligation to which we are subject;
- the performance of a contract to which you are a party;
- a legitimate business interest that is not overridden by interests you have to protect the information;
- where none of the above applies, your consent (which we will ask for before we process the information).
find out more…
The purposes for which we use information about you, with corresponding methods of collection and legal basis for use, are:
|Purpose||Method of collection and legal basis for Processing|
|Comply with regulatory obligations
||This information is generally provided to us by you directly.
We use it because it is necessary for us to comply with legal obligations, in certain areas of our business, to deal only with adults, or, in countries where there is no such legal obligation, because we have a legitimate business interest to deal only with adults, that is not overridden by your interests, rights and freedoms to protect information about you.
|Deliver PMI touchpoints, press releases and mail alerts
||This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); and information that we collect automatically (for example, using technology to monitor use of PMI touchpoints).
We use it on the grounds that we have a legitimate business interest to operate PMI touchpoints, and to customize your experiences, in these ways that is not overridden by your interests, rights and freedoms to protect information about you.
|Administer our contract for user generated content with you (where applicable)
||This information is generally provided to us by you directly.
We use it because it is necessary for us to fulfil our contract with you and because we have a legitimate business interest to administer our relationship, market our products (including by using any content you submit to a digital PMI touchpoint), and to operate PMI touchpoints that is not overridden by your interests, rights and freedoms to protect information about you.
||We will generally receive the information from you directly.
We use it because we have a legitimate business interest to run our business, manage our relationship with you and maintain the security and integrity of our IT systems that is not overridden by your interests, rights and freedoms to restrict use of information about you.
|Security and systems monitoring
||This information is collected automatically through various means such as automated systems and device monitoring.
We use it because we have a legitimate business interest in ensuring the confidentiality, integrity and security of our digital infrastructure that is not overridden by your interests, rights and freedoms to protect information about you.
|Business analytics and improvements
||This will typically be a combination of information that you provide to us; information that we collect automatically; and (where permitted by law) information that we acquire from third parties.
We use it on the grounds that we have a legitimate business interest to analyze and to improve our business performance, our products, PMI touchpoints, outlets and events, and to invite others to get involved in promoting PMI products, that is not overridden by interests, rights and freedoms to protect information about you.
Where we do not base our use of information about you on one of the above legal bases, we will ask for your consent before we process the information (these cases will be clear from the context).
In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.
Who do we share your information with, and for what purposes?
We may share information about you with:
- PMI affiliates;
- third parties who provide PMI affiliates or you with products or services;
- other third parties, where required or permitted by law.
find out more…
Sharing data with other PMI affiliates
- Information about you will be shared with Philip Morris International Management SA (based in Lausanne, Switzerland), which is the place of central administration of personal data processing for PMI affiliates. Philip Morris International Management SA processes the information about you for all the purposes described in this notice.
- Information about you may be shared with the PMI affiliate that is responsible for the country in which you live (if it wasn’t the PMI affiliate that first collected the information) for all the purposes described in this notice.
- Information about you may be shared with any other PMI affiliate that you contact (for example, if you travel and you want to know about a PMI affiliate’s activities in another country) in order to enhance our service to you.
Details of PMI affiliates and the countries in which they are established are available here.
Sharing data with Third Parties
- We may share information about you with third parties who provide PMI affiliates or you with products or services (such as advisers, payment service providers, delivery providers, information services providers and age verification providers).
- We may share information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; and in the context of organisational restructuring.
Where might information about you be sent?
As with any multinational organisation, PMI affiliates transfer information globally. Accordingly, information about you may be transferred globally (if your information is collected within the European Economic Area, this means that your information may be transferred outside it).
find out more…
When using information as described in this notice, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards.
For example, PMI affiliates within the European Economic Area (“EEA”) may transfer personal information to PMI affiliates outside the EEA. In all cases, the transfer will be:
- on the basis of a European Commission adequacy decision;
- subject to appropriate safeguards, for example the EU Model Contracts; or
- necessary to discharge obligations under a contract between you and us (or the implementation of pre-contractual measures taken at your request) or for the conclusion or performance of a contract concluded in your interest between us and a third party, such as in relation to travel arrangements.
In all cases, appropriate security measures for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.
How do we protect information about you?
We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.
How long will information about you be kept?
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.
find out more…
Typically, we retain data based on the criteria described in the table below:
||If you have signed up to receive e-mail alerts (and similar) or to use a PMI digital touchpoint, most of the information in your profile is kept for the duration of the period you continue to receive the alerts, use the digital touchpoint, or respond to our communications. However, some elements of your profile, such as your history of use of the PMI digital touchpoint, naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them.|
||System audit logs are retained typically for a period of only a few months.|
||Business analytics data is typically collected automatically when you use PMI touchpoints and anonymised/aggregated shortly afterwards.|
What rights and options do you have?
You may have some or all of the following rights in respect of information about you that we hold:
- request us to give you access to it;
- request us to rectify it, update it, or erase it;
- request us to restrict our using it, in certain circumstances;
- object to our using it, in certain circumstances;
- withdraw your consent to our using it;
- data portability, in certain circumstances;
- opt out from our using it for direct marketing; and
- lodge a complaint with the supervisory authority in your country (if there is one).
We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.
Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.
find out more…
The rights you have depend on the laws of your country. If you are in the European Economic Area, you will have the rights set out in the table below. If you are elsewhere, you can contact us (see the paragraph “who should you contact with questions?” at the end of this notice) to find out more.
|Right in respect of the information about you that we hold||Further detail (note: certain legal limits to all these rights apply)|
||This is confirmation of:
On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others).
||This applies if the information we hold is inaccurate or incomplete.|
||This applies if:
||This right applies, temporarily while we look into your case, if you:
This right applies also if:
||You have two rights here:
(i) if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
(ii) if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
||This applies if the legal basis on which we use the information about you is consent. These cases will be clear from the context.|
(i) you have provided data to us; and
(ii) we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,
then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so.
||Each European Economic Area country must provide for one or more public authorities for this purpose.
You can find their contact details here:
For other countries please consult the website of your country’s authority.
Country-specific additional points
According to which country you are in, you may have some additional rights.
If you are in France, find out more…
- If you are in France, you have the right to give us instructions regarding information we hold about you in the event of your death (specifically, whether we should store or delete it, and whether others should have the right to see it). You may:
(A) issue general instructions to a digital service provider registered with the French data protection supervisory authority (called “CNIL”) (these instructions apply to all use of information about you); or
(B) give us specific instructions that apply only to our use of information about you.
Your instructions may require us to transfer information about you to a third party (but where the information contains information about others, our obligation to respect also their privacy rights might mean that we can’t follow your instructions to the letter). You may appoint a third party to be responsible for ensuring your instructions are followed. If you do not appoint a third party in that way, you successors will (unless you specify otherwise in your instructions) be entitled to exercise your rights over information about you after your death:
(i) in order to administer your estate (in which case your successors will be able to access information about you to identify and obtain information that could be useful to administer your estate, including any digital goods or data that could be considered a family memory that is transferable to your successors); and
(ii) to ensure that parties using information about you take into account your death (such as closing your account, and restricting the use of, or updating, information about you).
You may amend or revoke your instructions at any time. For further information on the processing of information about you in the event of your death, see Article 40-1 of the law 78-17 dated 6 January 1978. When you die, by default, you will stop using your account and we will delete information about you in accordance with our retention policies (see the paragraph “How long will information about you be kept?” for details).
Who should you contact with questions?
If you have any questions, or wish to exercise any of your rights, you can find contact details for the relevant PMI affiliate, and if applicable data protection officer, here. Contact details will also be given in any communications that a PMI affiliate sends you.
If your country has a data protection authority, you have a right to contact it with any questions or concerns. If the relevant PMI affiliate cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
Changes to this notice
We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of the changes where required by law to do so.
Last modified 27 June 2018. You can find previous versions of this notice here.
Cookies are small text files saved to a user’s device by a web browser in order to store certain information.
With respect to the duration of data storage, most of the cookies we use are so-called session cookies. They save a so-called session ID, which is used to recognize the various requests from your browser in a single session. After closing the browser, all session cookies are deleted.
Persistent cookiesare also used, which remain on your device according to the confirmation in the cookies themselves or until you delete them using your browser’s security settings. These cookies become active again every time you access this website using the same device. The information stored in cookies is sent back to our website (first party cookies) or to another website the cookies belong to (third party cookies). The information saved and sent back by a cookie makes it possible to recognize when a user has already accessed and visited this website. Based on that information, we can display this website to the user in an optimal manner in line with his or her preferences.
The following cookies are used on our website:
- Technically required cookies;
- Performance cookies;
Technically required cookies
Technically required cookies ensure that this website is working properly. Without these cookies, the website cannot be used as intended or can’t deliver the attributes you’d like. This kind of cookie is used exclusively by the website operator (first party cookie) and all information stored in the cookies is sent exclusively to this website. This website’s use of technically required cookies is possible without user consent. For that reason, it is not possible to deactivate or activate these cookies individually.
However, users do have the ability to configure their browsers at any time such that all cookies will be blocked in general. In that case, the site may not display correctly and features you’ve selected may not be available.
This website uses performance cookies (Google Analytics cookies). We use these cookies to log information such as number of visits to a page, number of sub-pages visited, the order of pages visited, the amount of time spent on our site, how long each session lasts, and, as applies, which error messages are shown.
Performance cookies help us to collect information about how usersare using our website and how well it works. They support us in answering the question of which pages are particularly popular, which are used the least, and how users navigate around the website. That enables us to better align our website’s content with user needs and improve our service.
All of the information collected in these cookies is aggregated and therefore anonymous. The IP address of the user’s computer transmitted for technical reasons is automatically anonymized so that we are unable to draw any conclusions about the individual user.
The use of performance cookies on this website takes place exclusively in conjunction with user consent.
Deactivation or deletion of cookies
You can configure your browser so that you will be notified when cookies are set, and in a way that you can allow cookies on a case-by-case basis or exclude them in general. You can also activate automatic deletion of cookies whenever the browser closes. You can delete any cookie that has been set using your browser’s security settings.
Please note that general deactivation of cookies can restrict the functionality of this website.
Use of Google Analytics
If you have provided consent accordingly, this website will use Google Analytics, a web analytics service by Google Ireland Limited (“Google”).
Google Analytics uses “cookies,” which are text files placed on a user’s computer to enable analysis of how the website is used. When individual pages on this website are accessed, the following data is stored:
- Three bytes from the IP address of the system used for access (anonymized IP address)
- The webpage visited
- The webpage via which the user landed on this website’s page (referrer)
- The sub-pages accessed from the visited page
- The duration of stay on the website
- The frequency of visits to this website
and at https://policies.google.com/?hl=de.
For the exceptional cases where personal data is transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Legal basis for data processing
The legal basis for processing personal user data is Art. 6 para. 1 line 1 lit. a) GDPR(Consent).
Purposes of processing
On behalf of this website’s operator, Google will use such information to assess how users navigate around the website in order to create reports on website activity as well as to provide further services to the website operator in association with website usage and Internet usage. Analysis of the garnered data makes it possible to improve individual functions and content as well as the user experience of this webpage.
Duration of data storage
The data stored via tracking will be deleted as soon as it is no longer needed for our record requirements. In our case, that means 14 months.
Opt-out for data collection
You can withdraw your consent at any time by blocking cookie storage using the corresponding settings in your browser software.
Users can furthermore opt out of Google’s collection of the data generated by a cookie and related to website usage (including IP address) as well as Google’s processing of that data by downloading and installing the browser plug-in. Opt-out cookies will block future logging of data when visiting this website. In order for this add-on to work, it has to be installed in the browser and executed correctly.
You can opt-out of Google Analytics’ and block collection of your data by clicking on the following link. An opt-out cookiewill be set to hinder your data from being collected during future visits to this website: Deactivate Google Analytics
However, please note that if you do so, then you may not be able to use the full functionality of this website.