FOSSIL GENERAL PRIVACY NOTICE EU
Last updated on May 25, 2018
At Fossil UK Ltd, (“Fossil”, “we”, “us” or “our”) we value your data protection rights. In this Notice we provide you with both a brief summary of which personal data we use when you visit our website and purchase our products and about your rights, and an in depth explanation starting with section 1. below.
✓ Service Provision
We and our service providers process personal data related to you in order to provide you with the full range of services and features of our website. This includes data for the setting up of a customer account and data required to receive products and services.
We and our service providers track and run analyses of the usage of the website and, if you subscribed to it, of our newsletter to understand how they are used and improve them.
We can use your data for marketing purposes to provide you with personalized offers about our products and services, unless you opt-out.
Our service providers and Fossil Group members also access your data in order to provide services to you as described in this Privacy Notice.
✓ Your rights
Your rights include the right to access, correct, and delete your information, and, if applicable, withdraw your consent, object to, or restrict the processing.
✓ Location of your data
Data we use will be primarily stored in the United States with us and our cloud service providers, if necessary, either in accordance with the EU-, and the Swiss- U.S. Privacy Shield Framework or subject to other appropriate safeguards.
1. What personal data do we use for which purposes and on which legal basis?
In order to provide you with our services and the full range of features of our website we and our service providers use your data (including your name, email address, password and IP address for the following purposes:
- When you create a customer account to manage your account, to provide access to your shopping cart, to display purchased, reserved and registered products, or to present other products presumably of interest to you, to verify your identity if you forgot your password and to process your product reviews.
- When you choose to provide us further information, such as date of birth, address, personal settings, a wish list and your gender to enable us to personalize both your profile and our recommendations for you.
- When you order goods online, in this case we additionally need your address, telephone number and payment information, to process your purchase, send you confirmations, verify transactions for fraudulent activity, and to process returns, repairs and exchanges of products.
- When you purchase a product in a Fossil retail store and request an e-receipt to process your request.
- When you participate in loyalty programs, recommend our products to others, redeem a gift card, or when we offer you discounts and bonuses etc. we use this information in addition to purchase-related information to determine whether you are eligible for additional discounts and special offers.
- When you ask us to forward a wish list to a friend or when you provide us the contact details of this friend we will use it as well to process your request.
- When you contact us to answer your requests, provide customer support and handle your inquiry.
As far as this processing is necessary for the performance of the contract with you it is based on Art. 6 (1) b of the EU General Data Protection Regulation (GDPR). Voluntary information is processed under Art. 6 (1) f GDPR, our legitimate interest to offer a functionally appealing and user-friendly website. In addition, GDPR allows for the processing required by law, and, thus, e.g. to answer your inquiries via the means provided without undue delay.
In principle, we delete information related to your
- account upon your request and after three years of inactivity,
- purchase after expiry of the relevant legal retention period,
- participation in loyalty programs, recommendations etc. after three years.
Certain of our processing activities we want to explain to you in more detail:
1.1 Credit check
We want to offer you the possibility to order on account. For this purpose CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München, Germany ("credit agency") runs a credit check for us, based on your name, date and place of birth, (previous) address, information about previous payment problems, references about fraudulent behaviour, information from public registers or bulletins. Using mathematical-statistical procedures the credit agency determines how likely it is that our customer will pay our bill. On the sole basis of an automated decision (without manual checking), only a positive result will make available the option "order on account". This processing is based on our legitimate interest (Art. 6 (1) f GDPR) to offer different ways for payment. We do not store this information.
1.2 Interest based advertising
To select which marketing information may be of interest to and to personalize ads and offers for you, on the grounds of Art. 6 (1) f GDPR, we
- use publicly available information (e.g. from your social media profiles)
- analyze your account information and how you use our services including our website, ads on third party websites and our newsletter
- use information of your redemption of a gift card, entering of a sweepstake, contest, or competition, or of your participation in a survey
- use information collected by our service providers (e.g. Adobe or Google)
- send you promotional emails for products similar to your prior purchases, or contact you via other channels of electronic communications, unless you opted-out. For any other contact for direct marketing purposes (e.g. further emails, newsletter, SMS messages) we will ask for your consent.
In principle, we delete such advertising related data after a maximum retention period of three years.
1.3 Your reviews and shared content
When you post a product review on, or upload an image or other material to our website or when you share content with us on third party websites, such as social networks, based on our legitimate interests (Art. 6 (1) f GDPR), we publish and use this information on our and third party websites. We delete such data after 5 years. We do not control and do not assume responsibility for the use of information by such third party websites. For information about their use of your information, please visit their privacy policies.
Please also note that you must own the intellectual property rights in the content you upload to our website and share with us and must not violate rights of others (e.g. intellectual property or data protection rights). In uploading you grant us, and our respective service providers, a royalty-free, unrestricted, non-exclusive, perpetual, irrevocable, sub-licensable, transferrable and worldwide license to use, edit, copy, adapt, translate, publish, display, make available, communicate and distribute the content partially or in whole, and to incorporate it in other works for any purposes such as advertising, marketing and promotions and in any form, media or technology known today or later developed.
1.4 Cookies and Other Technologies
Every time you visit our website, our system stores data related to your browser, its version, the operating system of your computer, your IP address, date, length and time of your visit, the website you accessed before and the one you visit following links on our website. We base this processing on our legitimate security interest (Art. 6 (1) f GDPR) and delete log files without undue delay, the latest after 6 months after the session has ended.
Before we explain to you which categories of cookies and other technologies (all together we call "Cookies") we use, we want to point out that you can
generally reject browser Cookies via the settings of your browser, or
disable certain categories of Cookies under this link (If so, an opt-out cookie will be installed on your computer preventing all data traffic through the corresponding category of Cookies)
Please note that certain functionalities of our website and services may not be accessible to you if you disable the use of certain Cookies.
1.4.1 Functional Cookies
Other services we use for increasing functionality are e.g. Adobe Scene 7 by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe"), Youtube and Google Maps, both provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google").
1.4.2 Social Cookies
1.4.3 Analytical Cookies
Without linking it to your name, but storing it with an ID number on the basis of Art. 6 (1) f GDPR we use information about our services you use and how you use them (e.g. articles you clicked on in our emails or on our website). We use this information to learn about shopping preferences to tailor our offers and websites, to resolve problems with websites, products and services, to analyze trends and statistics and to present our content in the most appealing and user-friendly way for you.
You can disable analytical Cookies under this link.
● We use Google Analytics, an analysis service provided by Google to store "analytical cookies" on your computer on our behalf. In order to use Google Analytics, we send anonymized information about e.g. your usage of our website and the terminal devices used to Google, where the data is aggregated and analyzed to provide meaningful reports for us. We do not combine data from Google Analytics with any of your personal information, neither does Google merge them with data about you. As it can occur that your personal data is transferred to the USA, Google self-certified its adherence to the EU-U.S. Privacy Shield Framework.
You can object by installing a browser plugin clicking here [ http://tools.google.com/dlpage/gaoptout?hl=en ].
● We use Adobe Analytics (Omniture), an analysis service of Adobe. Adobe stores Cookies on your computer to process information about you and your usage of our website on our behalf. We transmit your IP address after it is pseudonymized prior to the geolocalization and replaced by a generic IP address before storage. For the exceptional cases in which personal information is transferred to the United States, Adobe has self-certified to the EU-U.S. Privacy Shield Framework.
You can object following this link [ http://www.adobe.com/de/privacy/opt-out.html ].
Click here [ http://www.clicktale.net/disable.html ] to disable ClickTale.
1.4.4 Marketing Cookies
You can disable marketing Cookies under this link.
Please note that if you maintain a user account with third party service providers (e.g. facebook) they may be able to identify you.
● We use Bluecore, a retail marketing platform for performance-driven email provided by Bluecore, Inc., 116 Nassau Street, 10038 New York, USA (“Bluecore”). Bluecore collects your email address, IP address, customer ID, purchase history data and other profile information when you visit our website, or when we share historical information about a user by using Cookies. Bluecore may also collect information about your physical location (e.g. geolocation of IP, postal code) when you visit our website via your mobile device or computer. Bluecore creates a single unified user view by mapping your on-site behavior and email engagement activity to the email address and Cookie ID. Bluecore complies with both the EU-U.S. and the Swiss-U.S. Privacy Shield Framework.
● We use Certona Product Recommendations, an advertising service for customized product discovery provided by Certona Corporation, 10431 Wateridge Circle, Suite 200, San Diego, CA 92121, USA (“Certona”). Via your use of our website Certona collects your IP address, products viewed and purchased and your opt-in/out preference to help us personalize your experience on our w ebsite, giving you relevant product recommendations and targeted emails. Certona also collects your email address shared with us with our explicit approval. Your data will be transferred to Certona’s servers located in the United States. The transfer is based on a contract including EU Commission’s standard contractual clauses.
● We use Criteo Dynamic Retargeting, an analysis and advertising service provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo"). Criteo places Cookies on your browser allowing for the analysis of trends and the identification of your interests. Criterio processes your IP address for e.g. fraud prevention. If also processes your email address, creating an individual code ("hash") from it when you log in to your customer account for the purpose of cross-device-identification. Criteo displays our ads on websites of its business partners that may also place Cookies on your browser. It cooperates with different platform providers (e.g. Adform, Adscale or Improve Digital) which also may set respective Cookies.
To opt-out from Criteo click on this link[ http://www.criteo.com/privacy/ ].
You can install an opt-out cookie following this link[ https://www.oracle.com/legal/privacy/privacy-choices.html#iba ].
● We use DoubleClick Campaign Manager, an analysis service provided by Google to improve advertising based on what is relevant to you, to improve reporting on campaign performance and to avoid showing ads you have already seen. DoubleClick places a Cookie on your browser. Depending on your settings, information associated with Cookies used in advertising may be added to your Google account. For detailed description of Google's processing go to "Google Analytics".
To opt-out from receiving personalized ads from Google click here.
To prevent Google from collecting data for behavioral advertising you may change the settings on this page [ https://policies.google.com/technologies/ads?hl=en ].
● We integrate a so-called custom audience pixel provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") into our websites ("pixel"). The pixel collects data about the usage of our websites (e.g. which pages you have visited) and sends them in hashed form to Facebook. The data are used for statistical and market research purposes to understand how users behave after clicking on an ad placed on the Facebook website. This enables us to measure the effectiveness of our marketing campaigns run on Facebook websites (conversion tracking) and target our advertising to groups created by Facebook. We can also show you advertisements via your Facebook feed, according to your website usage you may find interesting. If you visit our website after you visited Facebook we can only identify you and assign this information to your customer account if you, e.g., place an order.
● We use Responsys, a service provided by Oracle (more information above under “Datalogix”). Responsys helps us to manage and orchestrate our marketing interaction with you across email, mobile, social, display and the web. We use Responsys to send you newsletter or e-receipts. Responsys may collect your personal information, contact and purchases data, usage information and your IP address.
You can opt-out from this analysis by clicking the unsubscribe link on each email.
2. Where do we get personal information from?
Most of the personal data we process we received by you, be it because you entered it during the registration process, placing an order, or because we tracked your usage of our website or newsletter etc. However, we also may receive information about you from other sources, such as, Fossil Group member companies, and, if publicly available, from third party websites. In some cases we receive personal information about you from our service providers e.g. from FullContact Inc., Facebook, Google, Responsys.
3. When do we share personal information?
We will share your personal information in the following cases:
3.1 Legal obligation and internal purposes
We disclose your personal information (i) in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements; (ii) in order to protect and defend the rights or property of us or third parties; or (iii) in an emergency, in order to protect the safety of our employees or any person.
3.2 Joint processing within Fossil Group
Your information will be combined with other personal information that Fossil Group companies have obtained about you (e.g. wearable data, purchase details of your wearable device, other goods you have purchased on a company website). We will also make your data available to Fossil Group companies if required to provide warranty and other after-sale services to you (for information about Fossil Group member companies click here [ www.fossilgroup.com]).
3.3 Sharing with third parties
We involve other companies for the provision or the hosting of services, who are permitted to use personal information only on our behalf and must not use it for their own purposes, unless permitted by law.
We share the data with service providers
- providing customer care services (e.g. Zendesk Inc.)
- for functional, social, analytical technologies and technologies enabling behavioral marketing (1.4)
- using data cleansing techniques in order to ensure that your data such as your address are correct (e.g. Acxiom Corporation)
- providing payment services (e.g. PayPal S.à r.l, et Cie, S.C.A)
- for transport and logistic services (e.g. Deutsche Post DHL Group)
- providing hosting and general IT services (e.g. Amazon Web Services, Inc. and Google, Inc.)
- for social media services (e.g. Facebook or Google)
- providing credit checks (1.1)
- for direct marketing campaigns (e.g. Oracle, Google, Facebook).
4. For how long do we use personal information?
We will retain your personal information as long as necessary to provide you with functionality and services as described above under chapter 1. In some situations and to the extent necessary, however, we may keep some of your personal information for longer. Examples include the defense against, or the establishment of, legal claims and legal obligations (e.g. tax law, or the principle of accountability, which requires us to demonstrate that our processing complies with applicable data protection laws). In order to verify whether you opted out or in to marketing activities, we e.g. store your respective choice (e.g. via a cookie or a declaration).
5. What are your rights?
On our website you will find the section "My account", where you can change your personal data stored with us.
We encourage you to address any inquiries or concerns regarding our use of your information using our contact details displayed in 10. Like this you also may exercise your right to request (i) access to, (ii) correction of, (iii) deletion of, and (iv) restriction of personal information we hold about you. You also have the right to (v) data portability (to receive data you provided in a machine readable format) and, where applicable, (vi) withdrawal of your consent, (vii) opt-out from receiving marketing notifications, and (viii) object to the processing we base on our legitimate interests. Apart from this you have to right to (ix) lodge a complaint with the responsible data protection authority.
6. Data Storage in the U.S.
Personal information we collect will be primarily stored in the United States with Fossil Group member companies and our cloud service providers in accordance with the EU-, and Swiss-U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer personal information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.
In order to provide an adequate level of protection, Fossil Group, Inc., complies with the EU-U.S.- and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, to which Fossil Group has certified that it adheres to the Privacy Shield Principles. As a consequence, Fossil Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is a conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/welcome . To view Fossil Group’s certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group’s subsidiaries, including Fossil Partners, LP and Misfit, Inc., also adhere to the Privacy Shield Principles.
If your information is subject to the Privacy Shield, and you do not believe Fossil Group has adequately addressed your privacy concerns, you can address your concerns to the DMA free of charge as follows:
DMA, Privacy Shield, 1333 Broadway, Suite #301, New York, NY 10018
For information about the DMA and their Privacy Shield program visit: https://thedma.org/resources/consumer-resources/privacyshield-consumers/ [ https://thedma.org/resources/consumer-resources/privacyshield-consumers/ ]
In cases where the issue cannot be resolved by us or through the DMA you may invoke binding arbitration as further described in the Privacy Shield.
7. international Transfers
In addition to the service providers described under chapter 1.4 we cooperate with service providers located outside the EU or the EEA (see e.g. the list in chapter 3.3), all of which are Privacy Shield certified. Where this is not the case we make sure we base our contract upon standard contractual clauses, which grant an adequate level of data protection, unless another adequacy decision applies.
8. What happens if we Change this Privacy Notice?
This Privacy Notice is effective as of May 25, 2018 and may be updated from time to time. We will notify you of material changes by posting a prominent notice on our website or by sending you an email. If your personal information is subject to the Privacy Shield, and if we decide to use your information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify and provide you with the opportunity to opt-out of our use of your information for that purpose.
9. Our referral to other websites
Whenever we provide links to other websites on our website, this is in the interest of our users or should be understood as a courtesy to the third party provider. Pages to which we link and pages that link to our website are not under our control. In such cases we are neither responsible for the content of these pages nor for compliance with the applicable data protection regulations of those providers. We recommend that you carefully read the privacy statements of these third parties to learn how your personal information is stored, used or shared.
10. Who are we and how can you contact us?
This website is provided by Fossil UK Ltd, Featherstone House, Featherstone Road, Wolverton Mill, Milton Keynes, MK12 5TH , United Kingdom, T.: +44 (0) 2038685986 , e-mail: firstname.lastname@example.org.
You can get in touch with our data protection team and the responsible data protection officer we designated in every case required by law per email using email@example.com.