Privacy Statement
This privacy statement will also help data subjects to better understand their rights.
This privacy statement is based on the European Union’s General Data Protection Regulation (hereinafter referred to as “GDPR”), for Swiss privacy law is influenced by EU law and companies outside the European Union or European Economic Area (EEA) must also comply with the GDPR under certain circumstances.
1. Name and address of the data controller and its representative (as per Article 27 of the GDPR)
The party responsible for the processing of personal data (“data controller”) is the natural or legal person who determines alone, or with others, how and for which reasons personal data is processed. Unless otherwise specified, the data controller (as per the General Data Protection Regulation (GDPR)) is the following:
Mondaine Watch Ltd.
Etzelstrasse 27, 8808 Pfäffikon SZ, Switzerland
CEO: Niels Møller
Telephone: +41 58 666 88 00
If you as a data subject have questions or suggestions with regard to data protection, please feel free to contact our Privacy Officer by email at:
Our representative (as per Article 27 of the GDPR) in the European Union is:
VGS Datenschutzpartner UG
Am Kaiserkai 69, 20457 Hamburg, Germany
info@datenschutzpartner.eu
https://datenschutzpartner.eu/
2. Collection and processing of personal data
First and foremost, we process the personal data that is received in the context of our online offer, when a purchase is made in our online store and a commercial relationship created with a customer. This personal data includes:
- Name
- Address (delivery and billing address)
- Telephone number(s)
- Email address(es)
- DOB and age
- Gender
- Language preference
- Customer account information
The following information is then collected in connection with the order and payment process:
- Credit card and account information
- Shopping cart information (including the order date and time, type, amount, and value of the ordered goods, shopping cart, abandoned shopping cart, order history, etc.)
- Payment information (payment method used, paying agent, invoice date, payment history, information on default actions or debt collection proceedings, etc.)
- Customer support information (correspondence, complaints, returns, etc.)
- Customer service information (correspondence, inquiries, interactions with the help desk, etc.)
Finally, we also collect the following data or information when you visit and use our website:
- IP addresses of your technical devices
- Data that arises from your use of our website (such as the time and date of your visit, the frequency and duration of your visits, your preferred default settings, and your search terms and results)
3. Purposes and legal bases of data processing
a) Completion of contractual services
The primary function of the personal data we collect is to allow us to enter into and fulfill contracts with our customers. We process personal data (e.g. the names, addresses, and contact information of users) and contractual information (e.g. services rendered, the names of contact people, payment details) to fulfill our contractual obligations and services, as per Article 6 (1) (b) of the GDPR.
You may opt to create a user account on our website. Such an account is useful, in particular, for viewing your orders. To create such an account, you will be asked to enter personal data. The form that is used during the registration process determines which personal data will be sent to the data controller. All data entered by a data subject is used for the data controller’s internal use and own purposes. The data controller may arrange for personal data to be transferred to one or more data processors (such as a parcel service), who likewise will only use the personal data for an internal purpose that is designated by the data controller. In general, we never transfer personal data to third parties, unless we are legally bound to do so or such a transfer is necessary for law enforcement purposes.
During the registration process, you will be informed of the personal data that is required. User accounts are not made public and cannot be indexed by search engines. If you delete your account, all data with regard to your account will also be deleted, unless such data is necessary for commercial or fiscal purposes (as per Article 6 (1) (c) of the GDPR).
When you create an account, log in, or use our online services, we save the IP address and time of each respective action. The saving of this information is based on our legitimate interest to protect you from fraud and any other unauthorized use of your account. In general, we never transfer personal data to third parties, unless such a transfer is necessary to meet our requirements or we are obligated to do so by law, as per Article 6 (1) (c) of the GDPR.
b) Data collection when visiting our website
Based on our legitimate interest (Article (6) (1) (f) of the GDPR) to provide our customers with a properly functioning website, we collect data regarding every request made to the server hosting our online offer (server log files). This data includes the name of the requested page, the file, the date and time of the request, the amount of data transferred, the successful request message, the browser type and version, the user’s operating system, the referrer (the previously visited page), the IP address, and the provider.
When processing this data and information, Mondaine does not draw conclusions with regard to the data subject. Instead, we use this information to properly deliver content, optimize the website’s content and ads, ensure our IT systems and website technology remain functional for as long as possible, and provide information required by law enforcement agencies in the event of a cyberattack. We use this data to improve data privacy and data security at our company, and thus ensure an optimal level of protection for the personal data that we process. For security reasons (e.g. to detect unauthorized use or fraud), log file information is stored for a maximum of seven days and then deleted. Data that must be kept to serve as proof is not deleted until the respective incident has been resolved completely.
c) Correspondence
When making contact with us (via the contact form or by email), any information you enter will be used for the processing and resolution of your inquiry, as per Article 6 (1) (b) of the GDPR. The contact form fields determine which personal data will be sent to the data controller. We save and process this data to answer your inquiry or correspondence, as well as during the technical administration of the latter. Our legitimate interest (as per Article 6 (1) (f) of the GDPR) to provide you with a response to your inquiry serves as the legal basis for the processing of this data. If the purpose of your correspondence is to enter into a contract with us, then Article 6 (1) (b) of the GDPR is the legal basis for the use of your data.
Your information may be stored in our customer relationship management system (“CRM system”) or some similar customer support tool used to process your inquiry, as stipulated by Article 6 (1) (a) of the GDPR.
d) Comments and posts
If you leave a comment or any other type of message on our website, then these will be saved and published alongside other information including the time of the post and the username (pseudonym) you chose when creating your account. The IP address assigned to you by your Internet Service Provider (ISP) is also logged. Based on our legitimate interest (as per Article 6 (1) (f) of the GDPR), this data is saved for seven days. This serves as a security measure that protects us in the event that someone publishes illegal content in a comment or post (libel, forbidden political propaganda, etc.). In such a case, we can be sued for the comment and would therefore be interested in the identity of the author.
e) Newsletter subscription
Those who are interested in our offer will be granted the possibility to subscribe to our company newsletter. The form used during the newsletter subscription process determines which personal data will be sent to the data controller. In general, data subjects can only receive the newsletter if they have a valid email address, and have signed up to have the newsletter sent to this address. A confirmation email will be sent to the email address that is entered by a data subject when signing up for the newsletter. This email allows the owner of the email address to confirm that they, as a data subject, agree to receiving the newsletter (double opt-in).
When you sign up for our newsletter, we save your IP address and the time of your registration. This data is necessary for detecting any potentially unauthorized use of a data subject’s email address at a later time, and thus serves as legal protection for the data controller.
The personal data collected during the newsletter subscription process is used exclusively for the sending of our newsletter. We reserve the right to contact newsletter subscribers by email if such correspondence is necessary for the proper functioning of the newsletter service or we have questions regarding their registration. An example of such correspondence might involve informing data subjects of a modification to the newsletter offer or to its technical specifications. We never transfer personal data obtained via the newsletter service to third parties. Data subjects can cancel their newsletter subscription at any time. Furthermore, the consent to the storage of personal data (which the data subject granted to us for the sending of the newsletter) can be revoked at any time. Every newsletter contains a link for this purpose. Data subjects may also unsubscribe at any time via the data controller’s website, or convey this wish to the data controller in another manner.
f) Further purposes of data processing
In addition to the above-mentioned purposes, we also process personal data (as long as such processing complies with data protection regulations) for the following purposes, each of which is based on a legitimate interest as stipulated by Article 6 (1) (b) of the GDPR:- Development of our offer, services, websites, apps (e.g. Facebook Messenger, etc.), and the other platforms upon which we operate
- Advertising and marketing, provided you have not objected to the use of your data
- Marketing and opinion polling, media monitoring
If you have consented to the processing of your personal data for certain purposes (e.g. when signing for the newsletter), then we will be entitled to process your personal data on the basis of this consent, provided no other legal basis exists.
Examples:
- If you create a Wishlist and login, the Wishlist will be assigned to your customer account.
- If you purchase a product, we can send you promotional E-Mails, recommending similar products.
- If you place a product in the basket, we can send you promotional E-Mails, suggesting to finish the purchase, or adding additional, similar products to the basket.
You may revoke your consent at any time by sending us a message through our Contact Form.
4. Cookies
A cookie is a type of message that is sent from our web server (or the web servers of third parties) to your web browser, where they are saved for retrieval at a later time. Cookies can be small files or other kinds of stored information.
Our websites and apps use “session cookies,” which are only stored on your computer for the time that you spend on our website (e.g. to save your login status or shopping cart and thus facilitate the use of our online offer). Each session cookie contains a unique, randomly-generated identification number called a “session ID.” Session cookies also contain information on their origin and the maximum time they can be stored. These cookies cannot save other types of data. Session cookies are deleted once you have navigated away from our website, logged out, or closed your browser window.
If your personal data is processed by our cookies, then this processing is done in accordance with Article 6 (1) (b) of the GDPR, either for the fulfillment of a contract or based on our legitimate interest (as per Article 6 (1) (f)) to provide a user-friendly website.
We work with partner companies who help us to optimize the performance of our website. As a result, cookies from these partner companies (third-party cookies) are also stored on your hard drive when you use our online offer.
If you wish to prevent our website from installing cookies on your computer (and thus object to cookies indefinitely), you may do so in the system settings of your Internet browser. If you would rather cookies not be stored on your computer, you will be asked to disable the cookies option in the settings of your browser. While in these settings, you can also delete any cookies which have been saved on your computer. Please note, however, that by disabling cookies, you may not be able to benefit from the full range of features offered by our website.
5. Web analysis services
Before describing the web analysis services offered by Google LLC (with headquarters in the USA), it should first be noted that Google is EU–US Privacy Shield-certified, which means it maintains the same high level of data protection that is required of companies in the European Union (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
a) Google Analytics
Our use of Google Analytics, a web analysis service provided by Google Inc. (“Google”), is based on our legitimate interest (as per Article 6 (1) (f) of the GDPR) to analyze and optimize our online offer. Google uses cookies. The information gathered by these cookies with regard to your use of this Website is usually transmitted to a Google server in the USA, where it is stored.
As per our request, Google uses this information to evaluate the use of our website, compile reports on the activities included in our online offer, and provide us with additional services related to the use of our website and the Internet. This data can also be used to create anonymized user profiles.
b) Google Remarketing Services
Our use of “Google Marketing Services,” a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA (“Google”), is based on our legitimate interest in marketing services.
Certain information with regard to your use of our online offer is collected each time you visit our website. This information, generally collected as “traffic data,” cannot be used to establish your identity. Mondaine collects and saves this data automatically, as soon as you begin to interact with our website. For example, every time you visit our website, we collect your IP address, the hostname of your computer, information on your browser, and the domain name of the website you were visiting before accessing our own. We also collect data on customer traffic patterns and the use of this website. This information cannot be used to identify you personally; it only serves to analyze and improve our website and thus optimize the user experience. We may however transfer non-personal, statistical, or demographic data in aggregate form to our marketing and advertising partners or other third parties for the purpose of research.
Google Marketing Services lets us display ads for and on our website in a more targeted manner, by only presenting those ads which may match the user’s interests. If users are shown ads for products that aroused their interest on other websites, then this is known as “remarketing.”
Google Marketing Services only works with anonymized user data. This means, for example, that Google will not save or process the name or email address of the user, but only the relevant cookie-related data obtained from the pseudonymous user profile. It also means that from Google’s point of view, ads are not run for an identifiable person but for the owner of the cookie, whoever that happens to be. The above does not apply if users have explicitly authorized Google to process their data in a non-anonymized fashion. The user information collected by Google Marketing Services is transferred to Google’s servers in the USA, where it is stored.
Google’s privacy policy is available at: https://www.google.com/policies/privacy.
You can always disable cookies in your browser’s settings; please note, however, that you may not be able to make full use of all the functions of our website if you do so. You can also prevent Google from collecting and processing data generated by cookies with regard to your use of our website (including your IP address) by downloading and installing the following browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
6. Facebook Social Plugins
Facebook is Privacy Shield-certified, which means it is committed to complying with all European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Our use of the social plugins ("plugins"), custom audiences, and marketing services of the social networking site facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is based on our legitimate interest (as per Article 6 (1) (f) of the GDPR) to analyze and optimize our online offer. Facebook plugins can be interactive elements or content (e.g. videos, graphics, or text posts), and are recognizable by their Facebook logo (white “f” on a blue background, the “Like” button, or a “thumbs up” sign) or equipped with an additional “Facebook Social Plugin” label. A list of Facebook’s social plugins (with images) can be found at: https://developers.facebook.com/docs/plugins/. If you visit a page that contains such a plugin, your browser will establish a direct connection to Facebook’s servers. Facebook will then transmit the content of the plugin directly to your browser, and incorporate this content into the page. As a result, Facebook will learn which of our pages you visited, even if you do not have a Facebook profile or are not logged into your Facebook account.
Please refer to Facebook’s data policy for more information on the purpose and scope of data collection, the use and processing of data by Facebook, and the rights and configuration options for protecting the privacy of users: https://www.facebook.com/about/privacy/.
If you have a Facebook account and do not wish for Facebook to collect data about you via our website and link this information to your Facebook membership data, then you must log out of your Facebook account and delete your cookies before using our website. In your Facebook profile settings, you can configure your preferences with regard to the use of data for advertising purposes: https://www.facebook.com/settings?tab=ads. This can also be done via http://www.aboutads.info/choices/ (in the US) or http://www.youronlinechoices.com/ (in the EU). These settings are platform-independent, which means they will be applied to all your devices (e.g. a desktop computer or smartphone).
7. Instagram
Our website integrates components from the social networking service Instagram (Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA). Instagram allows its users to share photos and videos, as well as publish such data on other social networks.
If data subjects are logged into their Instagram account while visiting our website, then Instagram will be able to recognize every page and subpage they request for the entire duration of their visit. Instagram collects this information and links it to the data subject’s Instagram account. Whenever a data subject clicks on one of our website’s built-in Instagram buttons, all data and information transmitted with the button are linked to the data subject’s Instagram account and saved and processed by Instagram.
Instagram is automatically informed when data subjects access our online offer if the data subjects are simultaneously logged in to their Instagram account at the time they visit our website. Data subjects can prevent this information from being transferred to Instagram by logging out of their Instagram account before visiting our website.
For more information (including Instagram’s privacy policy), please visit: https://help.instagram.com/155833707900388
8. Transfer and transmission of data abroad
While conducting our business activities (or in the context of the purposes listed in Section 3 of this statement), we only disclose collected or saved data to third parties if such disclosure seems necessary and is required by law.
We make use of the offers (e.g. videos or fonts) of third-party providers to incorporate content and services (hereinafter referred to collectively as “content”) into our website. This use is based on our legitimate interest (as per Article 6 (1) (f) of the GDPR) to analyze and optimize our online offer. For such content to be displayed, the third-party provider must always be given the IP address of the user. Without this information, the third-party provider will be unable to send the content to the user’s browser. We do our utmost to only use the content of providers who solely use this IP address to deliver the content. Third-party providers may also use "pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags make it possible to analyze a variety of information, including visitor traffic on the pages of our website. This anonymized information can also be saved in cookies on the device of the user, and contain, among other things, technical data on the user’s browser and operating system, referring websites, the time of the visit, and other details regarding the use of our online offer, or be combined with similar information from other sources.
The illustration below provides an overview of third-party providers with links to their privacy statements, where you can find additional information on the collection of data generated by cookies as well as instructions for preventing this data from being processed by third-party providers (opt-out options).
- Payment service providers
- Facebook (https://www.facebook.com/privacy/explanation)
- Newsletter
- Google (https://policies.google.com/privacy?hl=de&gl=ch)
- YouTube (https://policies.google.com/privacy?hl=de&gl=de)
- Instagram (https://help.instagram.com/155833707900388)
- Twitter (https://twitter.com/privacy)
Data is only transferred to third parties if such a transfer is required by law. We never pass on personal data to third parties unless data subjects have given us their consent to do so (Article 6 (1) (a) GDPR), the data is required to complete the data subject’s contract (Article 6 (1) (b) GDPR), the data is necessary for the establishment, exercising, or implementation of legal claims or for overriding public interests (Article 6 (1) (e) GDPR), or such a transfer is necessary to protect the vital interests of the data subject and others (Article 6 (1) (d) GDPR).
Third parties, in particular, include the following;
- Our service providers (banks, insurance companies), including the processor (IT provider)
- Retailers, suppliers, and subcontractors
- Domestic and international authorities, government agencies, and courts
- Purchasers or those interested in purchasing our business units
The headquarters, subsidiaries, or agencies of these third parties may be located both in Switzerland or abroad. You must therefore anticipate that your data will be transmitted to other European countries as well as to the USA, which is home to many of our service providers (Microsoft, SAP, Amazon, shopify). Provided the content, tools, or other resources of third-party providers (hereinafter referred to collectively as “third-party providers”) are used in the context of this privacy statement, or data is transmitted to third parties in countries without adequate data protection laws, we will ensure, as required by the law, to use corresponding contracts (in particular, those based on the standard contractual clauses of the European Commission) that provide for an adequate level of protection, or solely transfer personal data if such a transfer is justified by the legal exceptions of consent (Article 6 (1) (a) GDPR), contract completion (Article 6 (1) (b) GDPR), overriding public interests or the establishment, exercising, or implementation of legal claims (Article 6 (1) (e) GDPR), or the protection of the vital interests of the data subject and others (Article 6 (1) (d) GDPR). A copy of the above-mentioned contractual guarantees may be requested from the contact person listed in Section 1 of this statement. For data protection reasons, we reserve the right to black out certain areas or omit sections/pages.
9. Duration of the storage of personal data (retention periods)
We save and process personal data only for as long as required to honor our contractual and legal obligations, or for any other purpose associated with the processing, i.e. during an entire business relationship (from the contractual negotiations to the conclusion, completion, and termination of a contract), as well as to comply with legal retention and documentation requirements. This applies, for example, to a data subject’s personal information that must be kept for commercial or fiscal purposes. We may also store personal data for a sufficient amount of time to allow for any possible claims to be filed against our company, or if we are required by law to keep the data or have legitimate business reasons for doing so (e.g. for proof and documentation purposes). As soon as the personal data we obtain, collect, or save is no longer required for the above-mentioned purposes, it is usually (and whenever possible) deleted or anonymized.
10. Data security
We implement state-of-the-art organizational, contractual, and technical security measures to guarantee our compliance with data protection laws, and thus protect the personal data we process against accidental or deliberate manipulation, loss, destruction, or access by unauthorized parties.
If subcontractors are used to supply our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure personal data is protected in accordance with all statutory regulations.
11. Profiling
At times, your personal data is processed automatically (profiling) to help us evaluate certain personal aspects of our users. Profiling is performed by evaluation tools that allow us to create needs-based communication and advertising (including market research). As a result, we are able to provide you with personalized advice and information regarding our products.
12. Rights of the data subject
When it comes to your personal data, you have the right of access (Article 15, GDPR), the right to rectification (Article 16, GDPR), the right to erasure (Article 17, GDPR), and the right to the restriction of processing, as well as – provided you have exercised the right to rectification, erasure, or the restriction of processing – the right to have your decision to exercise any of these three rights communicated to each of the parties to whom your personal data has been disclosed, unless this proves to be impossible or requires disproportionate effort (Article 19, GDPR). In addition, you have the right to receive your personal data for the purpose of transmitting this data to another data controller (data portability, Article 20, GDPR). As per Article 7 (3) of the GDPR, you can revoke a previously granted consent at any time and thus prevent your personal data from being processed in the future. In the event that you revoke your consent, we will immediately go about deleting your personal data - provided there are no legal grounds which justify the further, non-consensual processing of this data. Please note that we reserve the right to impose certain legal limitations, e.g. when we are obligated to store or process certain data, have an overriding reason for doing so, or must do so to meet specific requirements. You also have the right to object to our processing your personal data. If you wish to exercise this right, we will cease processing this data. However, we will continue to reserve the right to process your data if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is required for the establishment, exercise, or defense of legal claims.
13. Legal or contractual requirements for the supplying of personal data
Please note that the supplying of certain personal data is required by law (e.g. tax regulations) or necessary for the sake of a contract (e.g. information on the contracting party). To enter into a contract with us, data subjects must provide us with certain personal data which subsequently must be processed by us. If the data subjects do not provide us with this personal data, they will not be able to enter into a contract with us.
14. Modifications to our privacy statement
This privacy statement can be modified at any time and without any prior notice. The latest version (published on our website) always applies. If the privacy statement is part of an agreement we have with you, then we will inform you of any modifications by email (or another suitable channel) in the event the statement is updated.
Pfäffikon, October 31, 2018