Binding Corporate Rules (BCRs)
Binding Corporate Rules (BCRs) for intra-group transfers of personal data to non-EEA countries
The protection of personal data and the respect for people's privacy are major challenges for the Hermès Group and essential elements in maintaining a relationship of trust.
In this context, the Hermès Group has adopted and implemented Binding Corporate Rules (BCR).
BCRs are a data protection policy to ensure an appropriate level of protection for personal data transferred throughout Hermès Group entities, wherever they are located. You can access the list of our entities and their location in Appendix 3 of our BCRs.
BCRs are a tool recognized in Article 47 of the General Data Protection Regulation (""GDPR"")*. They are legally binding and must be respected by all signatory entities of the Hermès Group, regardless of their country of establishment, as well as by all their employees.
Our BCRs include:
- The appointment of a data protection officer;
- Commitments to data security;
- An audit program to verify the application of BCRs;
- An internal program to manage customer requests for their data;
- A training program for our employees involved in the processing of our customers' personal data;
- The publication of the BCRs on the Internet and on our Intranet, and the provision of a copy of them on request.
* The GDPR is a European regulation that regulates the processing of personal data within the European Union. It was adopted on April 27 2016 and became mandatory on May 25 2018. The GDPR rules include giving individuals more control over their personal data and strengthening the role of national data protection authorities.