Although there is good reason to be "cautious" with respect to credit card information, etc., retail chains that have European parents are more scrupulous regarding retention of customer information than US stores can be. And, Visa and Mastercard do require that retailers that accept their cards adhere to certain levels of security and one of the requirements is that credit card information is not stored for longer than 30 days. Now, I know that there have been some very public incidents recently where retailers did not adhere to the Visa/MC standards, but that's changing --- and fast.
As far as I understand it, Hermes maintains "customer profiles" for repeat customers and customers are assigned customer IDs within the computer system. When the last name of the customer (not the credit card), is input by the SA, profiles pop up. I am occasionally asked in stores other than my "local" (where I am known) to confirm my address -- because there are least three other customers in the system with my last name (my mother, my sister-in-law, and my brother). I use different credit cards, so I know that it is not attached to the credit card.
They're no longer allowed to link customer IDs to the CC's. This has to do w/ the lawsuit that occured last year (in the US). In order to keep track of your purchase, the SA has to call up your profile manually.
This is also why you no longer see your name on top of the receipt.