FOOT LOCKER, INC. DATA PRIVACY FRAMEWORK POLICY
Introduction
Foot Locker, Inc., a corporation organized under the laws of the state of New York, United States of America, and its U.S. subsidiaries, including Foot Locker Retail, Inc. and Foot Locker Corporate Services, Inc. (the "Company"), is committed to protecting the personal information of its associates, customers, suppliers and business partners. The protection of personal data and its confidential treatment is of central concern to the Company, and we conduct our business in compliance with applicable laws on data privacy protection and data security.
The Company complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “DPF”). The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. The Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Collection of Personal Data
Information regarding Foot Locker associates
Foot Locker is committed to maintaining an environment that is free of discrimination based on race, ethnic origin, religious or philosophical belief, sex life or sexual orientation, age, gender identity or gender expression, political opinions or trade union membership, national origin, disability or other factors that are unrelated to the Company's legitimate business interests. It is our policy to apply fair and lawful human resource policies and practices in all aspects of employment, including recruiting, hiring, evaluation, training, discipline, career development, compensation, promotion and termination.
The Company centralizes the human resources and compensation information for associates of the Company and its subsidiaries and affiliates worldwide on the PeopleSoft Human Resources Management System. The Company automated the performance appraisal and executive development review process for its associates globally. In addition, the Company receives information provided by individuals applying for employment with the Company’s European subsidiaries and affiliates. As a result of these initiatives, the Company can receive personal data on associates and applicants from its Foot Locker subsidiaries in Europe.
Foot Locker associates in Europe, the United Kingdom, or Switzerland can review the Company’s employee privacy notice by contacting Louis Requena, our VP HR EMEA at lrequena@footlocker.com, who can provide you additional information on the processing of your personal data.
Information regarding customers and sneaker enthusiasts
Foot Locker Europe’s website www.footlocker.eu is currently operational in various EEuropean countries (Austria, Belgium, Czech Republic, Denmark, France, Germany, Greece, Hungary, Ireland, Italy, Luxemburg, Netherlands, Norway, Poland, Portugal, Spain, Sweden and the United Kingdom), with websites in other European countries expected to follow, and information regarding customers who place orders through this website and/or who can subscribe to newsletters and promotional initiatives may be received by the Company. Foot Locker Europe also operates a pan european marketing website where visitors can subscribe to newsletters and participate in various marketing initiatives. The Company may have access to personal data thus captured, as detailed at https://www.footlocker-emea.com/content/footlocker-corp-eu/eu/en/privacy/customer-privacy-statement-europe-.html.
Foot Locker’s U.S.-based websites receive information regarding customers who place orders through our U.S.-based websites and/or who subscribe to newsletters and promotional initiatives.
Treatment and Use of Information
The Company's policy is to treat all individually identifiable personal data of associates employed by the Company or its subsidiaries or affiliates, and applicants seeking employment through Foot Locker’s career website, careers.footlocker.com, with great care in order to safeguard the privacy of such individuals. Personal data concerning associates that is transmitted from Foot Locker subsidiaries in Europe to the United States to the Company's Corporate Human Resources Department, as well as to its Finance and Information Technology Departments, shall be used solely in connection with an associate's employment in accordance with the Company's policies and practices and in connection with the administration of the Company's compensation, benefits, and other human resources programs as well as information security programs. Personal data concerning applicants obtained through Foot Locker’s careers.footlocker.com website is initially transmitted to a third-party computer server in the United States and then directed to the appropriate responsible HR and Operations person or recruiter, who may be based in Europe or the United States, depending upon the location of the position for which the applicant is applying. Applicants that provide consent may receive email marketing communications relative to open career opportunities and branded Foot Locker employment content.
Customer and site visitor information obtained from customers who order through Foot Locker Europe’s websites, Foot Locker’s U.S. based websites, or by participating in marketing initiatives and subscribing to newsletters on the various Foot Locker operated websites, is used to (i) process orders, (ii) communicate with customers regarding their orders, and (iii) communicate with customers and subscribers regarding relevant promotions, competitions, marketing initiatives, merchandise releases, and offers or other relevant information. The information may also be used for statistical and market research purposes, and, in addition, for developing and improving our Services through surveys, product reviews, any other customer feedbacks. Only certain associates in the following departments within the Company will have access to customer and visitor information: Accounting and Financial Reporting, Information Technology, Marketing, and Footlocker.com/Eastbay and its customer service call centers.
Disclosure of Information
We may share personal data with affiliates, agents, contractors, or business partners so that they may perform services for us. The Company remains liable under DPF if the third-party handles personal data in a manner inconsistent with the Framework.
In addition, we may disclose personal data as required by law or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as is otherwise described in this Policy.
Your Rights and Choices
Under the DPF and this Policy, you have the right to request access to personal data about yourself and to request limitations on how the Company uses or discloses personal data about you. With our DPF certification, the Company has committed to respect these rights. To exercise these rights, please contact the Associate General Counsel as indicated below. We will respond to such requests within a reasonable timeframe.
Questions or Complaints
You can contact us with any DPF related question or complaint regarding Foot Locker’s certification. Please address these to:
Richard Cohen Chief Privacy Officer and Associate General Counsel
telephone: 717-919-7980 or e-mail: richard.cohen@footlocker.com or privacyteam@footlocker.com
All complaints will be investigated.
For employee personal data, please contact Luis Requena, VP - Human Resources EMEA (telephone: +44 203963272 lrequena@footlocker.com or Emanuela Hernandez , VP-Legal (telephone: 31-3478-05263, e-mail: Emanuela.Hernandez@footlocker.com at Foot Locker Europe in Vianen, The Netherlands; or or Lori Topper, Vice President, Corporate Human Resources (telephone: 212-720-3877; e-mail: lori.topper@footlocker.com.
In compliance with the DPF, the Company commits to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles- related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please contact or visit: https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
An individual may, under certain conditions, invoke binding arbitration. Please see Annex I to the DPF for more information on conditions giving rise to binding arbitration.
In compliance with the DPF, Foot Locker commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and
Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the DPF in the context of the employment relationship.
If you have a complaint involving employee personal data as described above, you may contact the Data Protection Authority (DPA) in your country. The list of DPAs in the European Union is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-ie. If you are a resident of the United Kingdom, please contact the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/. If you are a resident of Switzerland, please contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html. The Company agrees to cooperate with the DPAs in the European Union, the United Kingdom, and Switzerland and comply with the advice of such authorities with regard to employee personal data.
The Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Amendment or Termination of Policy
The Company reserves the right to amend, terminate or suspend this Policy at any time. Any changes will be communicated to associates and will be posted on the Company’s website in a timely manner.
Updated: March 2024