2. PURPOSE OF DATA PROCESSING
The purpose of the Titoni website is to provide the user with information about Titoni and its watch products. In particular, it is possible for the user to view products, to obtain in-depth information about them, to purchase them in the online store and to register for guarantee- and after-sales services.
Against this background, the processing of the user's personal data has the main purpose of providing the user with the technically smoothest possible access to the relevant information, to offer an appealing user experience, to process purchases made by the user in a transparent manner and to ensure an efficient, digitalized after-sales support.
3. RESPONSIBLE DATA PROCESSOR / POINT OF CONTACT FOR PRIVACY CONCERNS
Legally responsible for the data processing on the Titoni website, in the Titoni online store and on the guarantee registration platform is Titoni Ltd, Switzerland. For the address and further details about Titoni, please refer to the imprint.
All privacy concerns in connection with the use of the Titoni website, the online store and the guarantee registration platform, in particular requests for information, deletion and correction as well as objection notices, are to be addressed to our data protection officer with the reference "privacy" via the contact form available on our website or via firstname.lastname@example.org.
4. LEGAL BASIS OF DATA PROCESSING
The processing of personal data by Titoni is primarily governed by the Swiss Law on Data Protection (LDP) and the EU's General Data Protection Regulation (GDPR). This guarantees a high level of protection and transparency by international standards. Insofar as other applicable national legislation provides for stricter regulations for data processing, Titoni will apply these stricter regulations in individual cases at the latest after receiving appropriate notification from the affected user.
Insofar as Titoni obtains the consent of the data subject for processing personal data, art. 6 para. 1 lit. a GDPR serves as the legal basis.
In case of processing personal data that is necessary for the performance of a contract to which the data subject is a party, art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to data processing operations that are necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary to comply with a legal obligation to which Titoni is subject, art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing of data is necessary to protect a legitimate interest of Titoni or a third party and the interests, fundamental rights and freedoms of the data subject do not prevail over such interest, art. 6 (1) f GDPR serves as the legal basis for the processing.
5. GENERAL INFORMATION ON DATA PROCESSING
In the case of disclosure to third parties who process the data independently or on behalf of Titoni (data centers, etc.), Titoni will ensure compliance with the data protection legislation by contractual means.
Titoni reserves the right to collect and store a limited amount of non-personal information about the users of the website for security reasons, for statistical purposes or for in-house promotional purposes.
Otherwise, personal user data is regularly deleted as soon as its processing purpose is fulfilled, with the exception of personal data related to the processing of specific transactions (e.g. purchase, warranty or service transactions), which we are obliged to keep for 10 years due to legal obligations.
6. INDIVIDUAL DATA PROCESSING STEPS / DATA WE PROCESS ABOUT YOU
Visiting our Website
When you visit our website, our online store or our guarantee registration platform, our system automatically collects the following data:
- type of device (computer, smartphone, tablet, etc.)
- information about the browser type and version used
- the operating system
- the internet service provider
- the IP address of the device
- date and time of access
- the page from which the file was requested
- names of the downloaded files
- volume of transferred data
- status codes of the access (http status codes)
This data is stored in the log files of our system. It is not stored together with other personal data of the user. The collection of this data by the system is necessary to enable the smooth transmission of information from the website to the user's device. In addition, we use the data to optimize the website, to ensure the security of our IT systems and to prevent misuse (e.g. through automated mass queries, spam, etc.).
The legal basis for the collection and storage of this data is art. 6 para. 1 lit. a and f GDPR.
Contacting Us via Contact Form
In the event of you contacting us via the contact form on the website, the personal data collected from you will be collected for the purpose of responding to your inquiry. Data is only passed on to third parties where this is necessary to deal with your inquiry, in particular in the case of warranty and service concerns, which we pass on to our service partners insofar as this is helpful to your request.
The legal basis for this data processing is art. 6 para. 1 lit. a GDPR.
Orders via Online Store
When you order products in our online store, we process the personal data that you provide to us as part of the respective order. Which data is concerned can be seen from the order form fields and includes in particular name, delivery address and billing address, payment method, email address and which products were purchased at what price. We use such data to process and invoice the order.
For payment processing, the required data is passed on to the respective payment companies. For payment processing as well as for the operation of our website and the online store and for the offered contact possibilities, we use various third party service providers such as hosting providers and email service providers. All these service providers only process the data on our behalf as mandated processors according article 28 GDPR.
The legal basis for this data processing is art. 6 para. 1 lit. a, b and f GDPR.
Registration on the Guarantee Registration Platform
When you register yourself and the products you have purchased from us on our guarantee registration platform, we process the personal data you provide to us through the registration process. This data is collected trough the input fields of the platform and includes name, email address, telephone number, date of birth, date of purchase, series and model number, point of sale, type of purchase, preferred language, gender, information on country of residence, municipality of residence and buyer satisfaction. We use this data for the purpose of providing after-sales services, namely for the extension of your guarantee, for targeted information and marketing in connection with our products, for processing product support orders and for optimizing the sales, advertising and product support processes of our company as well as its sales and service partners. Our sales and service partners are also entitled to use the data in their own responsibility for their own marketing activities in connection with our products and for related information and events. In doing so, they are obliged to respect the data protection regulations and to refrain from passing on the data to third parties for other processing purposes.
For the purpose of verifying your guarantee rights and for providing guarantee, product support and information services, we exchange your data with the sales and service partners responsible for your region of residence. They process the data for the mentioned purposes on our behalf as order processors in accordance with Art. 28 GDPR.
The legal basis for this data processing is Art. 6 para. 1 lit. a, b and f GDPR.
Further Use and Storage of User Data
We store user data collected via contact form, via the online store order process or via our guarantee registration platform in order to automatically fill in the information fields in case of future visits and in order to be able to display your order history. The legal basis for this data processing is art. 6 para. 1 lit. a and b GDPR.
We reserve the right to use your email address so that we can send you information about the products you have purchased. The legal basis for this data processing is art. 6 para. 1 lit. b GDPR.
Furthermore, we reserve the right to use your email address so that we can send you other information about Titoni and Titoni products. You have an "opt-out" right, i.e. you can inform us at any time to stop sending you such information. The legal basis for this data processing is art. 6 para. 1 lit. a GDPR.
We delete the user data collected in the context of contacting us via the contact form the latest upon expiry of the statutory period of 10 years. Excluded from the deletion is your email address, which we use as described above until an "opt-out" is declared, so that we can send you information about Titoni and Titoni products. The legal basis for this storage is art. 6 para. 1 lit. a and f GDPR.
After billing, payment and execution of an order obtained through our online store, after registration on our platform for an extended guarantee or after processing product support requests, we store the corresponding user data in our accounting system as long as we are obliged to do so due to tax, commercial or other regulations. As a rule, we keep such data on the basis of legal regulations for 10 years after the transaction, in case of repeated transactions of the same user for 10 years after the last transaction. After this period, the data will be permanently deleted. Excluded from the deletion is your email address, which we use as described above until an "opt-out" is declared, so that we can send you information about Titoni and Titoni products. The legal basis for this storage is art. 6 para. 1 lit. a and c GDPR.
Other data collected from you, in particular log files, are deleted after 2 weeks on our server and are then still available in the backup for 30 days before they are completely deleted. The legal basis for this is art. 6 para. 1 lit. a and f GDPR.
We use so-called cookies on our website. These are small files that are stored on your computer to track your website visit and your preferences as seen from your use of the website. Cookies show how you navigate on our website and may also be used to remember settings between your visits.
We use so-called session cookies, which are stored during your visit to our website and are deleted when you end your browser session. We also use permanent cookies, which remain on your computer even after the end of a browser session. The permanent cookie contains an identification number that allows us to identify your computer. We can use this to improve our services if you visit our website repeatedly. It is not possible for us to assign your other personal data to this identification number. More detailed information on cookies we use can be requested by email via email@example.com.
When accessing our website, you have the option of accepting or rejecting cookies via "privacy settings" banner. You can further set your web browser so that a warning appears on the screen before a cookie is saved or so that the creation of cookies is prevented altogether. You can also delete cookies subsequently via your web browser.
However, please note that disabling or deleting cookies may affect functionalities of our website. Some pages of our website may not function properly if you disable cookies. Below, you will also learn which third-party services using cookies are integrated in our website and how you can prevent certain third-party cookies from being set.
8. HOW WE SHARE YOUR PERSONAL DATA
As further described in Section 6, above, we may share your personal data with third party companies and individuals as needed for them to provide us with services that help us with our business activities and to promote our services to you. A list of our current service providers is available upon request.
Business Partners and Other Third Party Sites and Services
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") has committed to comply with the Privacy Shield Agreement between the EU and the US on the collection, use and retention of personal data from EU member states, as published by the US Department of Commerce. Google, including Google Inc. and its wholly owned subsidiaries in the US, has declared as part of the certification that it complies with the relevant Privacy Shield principles. This applies to all Google services listed below.
For the handling of cookies used within the framework of Google Analytics, please refer to the "cookies" section above. You can also prevent the collection and processing of data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information from Google on Google Analytics, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en.
We use the third-party services Google Fonts and Google Maps on our website. These exchange certain user data with Google Inc. as part of the creation of fonts and geographical maps. For more detailed information, please refer to https://policies.google.com/?hl=en.
Apart from the third-party services expressly mentioned here, which are not used by Titoni to evaluate the individual behavior of persons, Titoni does not use any automated tools in the sense of "spyware" to draw conclusions about the behavior of individual users.
Security, Compliance, Fraud Prevention, Safety; Compliance with Law.
We may disclose your personal data as required or allowed by applicable law to protect our, your or others’ rights.
We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy.
9. USER RIGHTS
If your personal data is processed, you are a data subject according to data protection legislation. As such, you are entitled to the following rights vis-à-vis the data controller:
- The right of access according to art. 15 GDPR
- The right to rectification according to art. 16 GDPR
- The right to deletion ("right to be forgotten") according to art. 17 GDPR
- The right to restriction of processing according to art. 18 GDPR
- The right to be notified according to art. 19 GDPR
- The right to data portability according to art. 20 GDPR
- The right to object according to art. 21 GDPR
- The right not to be subject to automated decision-making under art. 22 GDPR
- The right to withdraw consent to the processing of personal data in accordance with art. 7(3) GDPR
To assert these rights, please contact the data controller using the contact details provided in Section 3.
Without prejudice to any other administrative or judicial remedy, you also have the right to involve the competent data protection authority, in particular in the country of your residence, your place of work or in the place of the alleged infringement, if you believe that the processing of your personal data infringes data protection legislation.
Right to Object (art. 21 GDPR)
As far as we process personal data as explained above in order to protect our legitimate prevailing interests, you may object to this processing with effect for the future, but only if there are reasons arising from your particular situation. If the processing is carried out for direct marketing purposes, you may exercise this right at any time, even if there are no grounds for doing so.
After you have legitimately exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that prevail over your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. This restriction does not apply if the processing is for direct marketing purposes.
10. YOUR CHOICES
Opt Out of Marketing Communications
You may change your subscription preferences or opt out of marketing-related emails by following the opt-out prompt in the email. To opt out of other forms of marketing communications, please contact us using the contact information provided in Section 3.
Consequences of Not Providing Personal Information
11. NOTICE TO CALIFORNIA RESIDENTS
Personal Information We Collect
In the past 12 months, we may have collected the following categories of personal information: identifiers (real name, mailing address, email address, telephone numbers, date of birth, date of purchase, series and model number, point of sale, type of purchase, preferred language, gender, information on country of residence, municipality of residence, buyer satisfaction and online identifiers and IP address), financial information (credit/debit card numbers); geolocation data, and internet or other electronic network activity information (browsing history, search history, and information regarding an individual’s interaction with an internet site or application, or advertisement). We have used this information to respond to your requests, process your orders, optimize your website experience, and ensure the website and our systems are properly functioning.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible business purposes without providing you notice.
Sharing Your Information
We do not sell your personal information, but may disclose it to third parties for a business purpose. Specifically, in the past 12 months we have disclosed the personal information described above to our website and internet service providers, payment processors, order fulfillment providers, and marketing intelligence service providers.
Source of Information
We obtain the categories of personal information that are listed above when you provide it to us directly and passively when you visit our Site. Please see Section 6 above for more details about the ways in which we obtain your information.
California gives you certain rights regarding your personal information:
- Right to Know: You may request no more than twice in a 12-month period that we provide you with copies of specific personal information we have collected or disclosed about you. However, under California law, we cannot provide you with certain sensitive information, despite your request (for example, we will not send you copies of your social security number even if it is something we collected).
- Right to Delete: You may request that we delete certain personal information we have collected about you, with certain exceptions.
-Right to Opt-Out: If we sell your data to third parties, you have the right to opt out of this sale.
-Shine the Light: California’s “Shine the Light” law gives you the right to ask us once a year if we have shared your personal information with third parties for direct marketing purposes.
To exercise your rights above, please submit a request to us at firstname.lastname@example.org. Please describe your request with sufficient detail so we can properly respond to your request. We may ask for additional information to verify your identity. The information you provide in your request and any follow up information we ask for from you will be used solely to verify your request. After receiving your request, we may need to contact you for further information and will notify you if your request has been granted or declined, or if an exception applies to your request. Only you or an individual designated as your authorized agent to act on your behalf may make a request related to your personal information. We may not discriminate against you if you choose to exercise your rights.
Responding to Your Rights Request
We will try to respond to your request within 45 days. If we need more time, we will contact you with the reason we need more time and the extension period. We will deliver our written response by mail or electronically, at your option. In response to your request to know, we will only disclose the information we have collected in the 12 months prior to our receipt of your request. Our response will also explain the reasons we cannot comply with any request, if applicable. We do not charge a fee to process or respond to your request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate prior to completing your request.
12. CHANGES TO THIS POLICY
Grenchen, Switzerland, September 2022