ZENITH PRIVACY POLICY
Exhibit A
(Note BCLP track changes are in the document)
This privacy policy (the “Policy”) is established by Zenith, Branch of LVMH Swiss Manufactures SA (BILLODES 34, 2400 LE LOCLE, SWITZERLAND) and its affiliated companies distributing the Zenith brand (collectively “Zenith”). Should you have any question about the collection and processing of your personal data by Zenith, please contact our Data Protection Officer at mydata@zenith-watches.com.
Please read this Policy carefully to understand our policies and practices regarding your personal data and how we will process and treat it. By using a Zenith website or app, by calling Zenith, by ordering in a Zenith boutique or by otherwise giving us your personal data (together “Reaching out”), you agree to this Policy. Overall, we respect the privacy rights of our clients and recognize the importance of protecting the information that is collected about them.
1. Acceptance of the Policy and consent
By Reaching out to Zenith, whatever the way and mean used, we may collect and process a certain number of personal data that relate to you.
The Policy shall apply to any case in which you Reach out to us, whatever the method or medium used. It details the conditions at which we may collect, keep, use and save information that relates to you, as well as the choices that you have in relation to the collection, utilization and disclosure of your personal data.
In any case in which you Reach out to us, you acknowledge that you have read and understood this Policy and agree to be bound by it and to comply with all applicable laws and regulations. You also acknowledge that you have read and understood any terms of use that apply to our website and agree to be bound by them.
The fact that you Reach out to us forms a valid consent to any and all processing of data as described and detailed in this Policy. You may withdraw your consent at any time, and request that we cease to process your data and/or delete it, although this will not affect the validity of any earlier processing. Please note that we may also process your personal data on other legal basis in particular to insure the good functioning of our website when you access it.
If you do not agree to this Policy or otherwise fail to provide some of the necessary personal data to us (we will inform you when this is the case, for example, by making this information clear in our registration forms), (a) you must not use our websites or apps, or benefit from the My Zenith membership and (b) we may not be able to provide you with our goods and/or services.
What are the sources of personal data?
This Policy applies to personal data that we collect from or about you from the following sources:
Zenith websites or mobile sites/apps. Client-directed websites operated by or for Zenith, including sites that we operate under our own domains/URLs and pages that we administer on third party social networks such as Facebook, Instagram, Twitter, etc. as well as Client-directed mobile sites or applications operated by or for Zenith, such as smartphone apps (together “Websites”).
E-mail, text and other electronic messages. Electronic communications between you and Zenith (together “E-mail”)
Zenith call center. Calls to any customer service number operated by or for Zenith.
Zenith boutiques and workshops. Stores and workshops managed by Zenith or any Zenith affiliates.
Zenith events and Zenith desks, counters or booths at fairs or events, in particular through any questionnaire, survey or forms that you would fill in.
Other online or offline registration forms, for example, contests and promotions.
Other sources when applicable, including through publicly available information as well as the use of CCTV cameras.
2. Which personal data we collect?
Depending both on (i) the services provided by Zenith and used by you, as well as (ii) the source from which originates the processed personal data and (iii) your choices and configuration of your terminal (with respect in particular to cookies and other tracers), the following personal data may be collected and processed by Zenith.
a. Data communicated by you
When you Reach out to us, we may ask you to supply personal information such as:
- Your name,
- Mailing address,
- E-mail address,
- Telephone number,
- Payment details, including any bank account details,
- Your preferences and interests,
- Your date of birth,
- Your gender,
- Your social media ID,
- Your watches,
- Your nationality.
This information is used to set up and manage your personal account with Zenith, your membership to My Zenith and/or any order that you may have placed or otherwise done with Zenith, as well as to contact you. It is also used to better identify your preferences and wishes in relation to products we offer.
Personal data that is indispensable for us to fulfil the purposes that are described in this Policy (see Clause 5) is marked with an asterisk on the various pages of the Websites and/or underlined as required upon any contact you have with Zenith. Should you not fill in these mandatory fields or otherwise provide us with this information, Zenith may not be able to take care of your requests and/or provide you with the requested products and services. Other personal data you would communicate to us is purely optional and allows us to know you better and to improve our communications and services accordingly.
We may also collect data from publicly available sources, which shall be considered as data having been communicated by you.
Payment details in particular: when you initially provide or update your payment information, we may transmit it via an encrypted connection to a third-party payment processor. Such a delegation is in particular justified in order to ensure compliance with security and legal standards.
E-mail address: we may use your E-mail address in order to send you our newsletter or other emails in relation to our products, in particular to inform you of any new products or services that may be of interest to you. You may at all time request to stop receiving such newsletters or E-mails by following the link that is given at the end of each newsletter.
Data within E-mails: Should you send us an E-mail or should we send you an E-mail, we may keep all information contained in the E-mail, especially in order to resolve your inquiries or otherwise assist you.
Data within other communication means: Should you communicate with Zenith or should Zenith communicates with you, we may keep all information contained in this communication, especially in order to resolve your inquiries or otherwise assist you.
b. Data collected in relation to the use of the Websites or through E-mails
When you access, visit or browse the Website, or receive and/or answer to E-mails from us, the Web server automatically registers details of your access and actions. This includes information about your activity on and interaction with the Websites and/or E-mail, such as your IP address, your device or browser type, the webpage you visited before coming to the Websites and identifiers associated with your devices, as well as any log information. This information enables us to analyse how the Websites are being accessed and used, and to track performance of the Websites as well as of any service offered on or through the Websites.
Location Information in particular: your devices (depending on your settings) may transmit location information to us, in particular through the Websites. We use this information to customize, improve and protect the Websites. For example, we may use your location information to determine local language preferences, or to geotag a post.
Hypertext links to third-party websites or sources: we may propose hypertext links from our Websites to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal information
Cookies and similar technologies: All this information and data is collected automatically in particular through cookies (performance and tracking cookies, functional cookies, technical cookies, browser cookies, etc.) and Web beacons (see Clause 3). We also use Google analytics (see Clause 4).
c. Data collected from a social network
When you authorize a third party social network (Facebook, Instagram, etc.) to share information and data with us, we may receive any data that you publicly share on the social network as well as any information that is part of your profile or that you allow the social network to share (name, electronic address, gender, profile picture, user code, list of friends or contacts, etc.).
We also receive information pertaining to your profile when you use a social network functionality integrated to the Websites or that you interact with us through the social network. You should at all time be aware of the terms of use and privacy policy that applies to the third party social network and are of its exclusive responsibility.
3. Cookies
3.1 What are cookies?
Cookies are small text files which are placed on your computer or mobile phone when you visit a website. They are widely used in order to make websites work or to work more efficiently. The cookies help website to recognize your device and remember information about your visit (e.g., your preferred language, font size and other preferences). Most Web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent, as mentioned under par. 3.3 hereunder. Note, however, that some portions of the Websites may not work properly if you refuse cookies.
We also use web beacons (also known as an "action tag" or "clear GIF technology"), or similar technology, which helps analyse the effectiveness of websites by measuring, for example, the number of visitors to a site, how many visitors clicked on key elements of a site or what Web pages were visited.
3.2 How we use cookies?
Cookies allow us to operate the services as you have requested, facilitate your navigation on our Websites and the use of their features, so as to provide you with a seamless experience and relevant ads.
We may collaborate with other companies, including social or advertisement networks, which place cookies, Web beacons or other tracking technology on the Websites to collect or receive information from our Websites and elsewhere on the internet and use that information to provide measurement services and target ads.
3.3 How to manage your cookies preferences?
Most browsers allow you to manage your cookies preferences by changing your browser settings. If you consent to our use of cookies but later wish to opt out, you may delete the cookies which have been set and change your browser settings to block any further cookies. The “Help” function of your browser should tell you how. Alternatively, the following links provide instructions for managing cookie settings of commonly used browsers:
· Chrome (https://support.google.com/chrome/answer/95647?hl=en )
· Internet Explorer (http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies )
· Mozilla Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies )
· Safari (https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=fr_FR)
In addition, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers.
Please note that if you block cookies, your experience on our Website may be impacted.
We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "Do Not Track" instructions.
4. Google Analytics
It is possible that some or all of the Websites use Google Analytics, an internet site analysis service supplied by Google Inc. (“Google”). Google Analytics uses cookies which are text files placed on your computer to help to analyse the use made of the Websites by its users. The data generated by the cookies concerning your use of the Websites (including your IP address) will be forwarded to, and stored by, Google on servers located in the United States. Google will use this information to evaluate your use of the Websites, compile reports on site activity for its publisher and provide other services relating to the activity of the Websites and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties process these data for the account of Google including, in particular, the publisher of the Websites. Google will not cross-reference your IP address with any other data held by Google.
As mentioned under clause 3 above, you may deactivate the use of cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of the Websites. By using the Websites, you specifically consent to the processing of your personal data by Google under the conditions and for the purposes described above.
If you do not want Google Analytics to be used in your browser, you can install the Google Analytics browser add-on at https://tools.google.com/dlpage/gaoptout.
5. How we use your personal data?
We use the data and information collected on you to:
- Offer you all functions of the Websites;
- Allow the correct execution of all functions of the Websites;
- Personalize your use of the Websites as well as enhance the Websites and all of its functions;
- Interact with you and answer any of your questions or remarks, including by notifying you of any changes in relation to our services and/or products;
- Answer as well as fulfil any contract with you, especially in relation to any products that you may have purchased or otherwise received, in particular through our customer service for repairs;
- Manage your membership and/or client account, including on our online shop to pass and/or manage any order, especially in order to offer you the best customer service and provide you with any information that you may request;
- Proceed to anti-fraud and blacklist management for any case in which a person has been implicated in fraud regarding our products, services or trademarks, essentially in view of allowing, modifying or refusing that person’s access to services or products as well any entry into a contact with Zenith, and to communicate with and defend Zenith’s rights before state authorities;
- With your consent or within the applicable rules and regulations, provide you with any information that could otherwise be useful or of interest to you, especially regarding our products as well as promotional opportunities, especially through newsletters, invitations and other publications;
- Take all required measures in relation to your online transactions, especially to prevent fraud and payment defaults.
6. Data retention
We do not, as a matter of business practice, retain personal data longer than necessary for the purposes stated and to comply with legal requirements, unless otherwise agreed to by you. Your data may however be stored and/or archived for a limited period, which shall not exceed 10 years of time (unless legal obligations or regulations require or allow a longer retention period). At the end of the applied retention period, we shall delete your data without it being required that any further information be provided to you.
7. How do we share and/or transfer your personal data?
Your personal data shall be processed by Zenith, Branch of LVMH Swiss Manufactures SA and/or by any of its affiliates distributing Zenith products and services. It may be transferred or otherwise shared Zenith, Branch of LVMH Swiss Manufactures SA and its affiliates distributing Zenith products and services, for purposes of management and optimization of the customer relationship, as well as to send you information about the offers and news in the limits of your consent or applicable lawful grounds.
It may also be transferred in case of a reorganization of Zenith, including merger, takeover, de-merger, and in general any reorganization operation.
Your personal data may also be transferred to the following third-parties:
- Third-party providers in relation to the services offered on the Websites, especially any IT service suppliers, consultants, providers of hosting and maintenance services of the Websites and any other third party processing personal data on our behalf, as well as any postal and payment service providers, in order to fulfil and execute any order that you have placed on or through the Websites, or more generally intervene in the context of your Reaching out to us.
- Third-party subcontractors, in order to provide you with the product, service or information you asked for, as well as any customer service, or for interest-based advertising based on the data collected from you and/or through your use of the Websites; such third-parties include carriers as well as payment and fraud management service providers.
- Any person or entity required by law or judicial order: we may disclose your data to third parties if we determine that such disclosure is reasonably necessary to comply with the law, protect our rights or prevent fraud or abuse. When we receive law enforcement or national security requests for information, we scrutinize such requests carefully, especially if they are vague, overbroad or otherwise unlawful. And when legally permitted and reasonably possible, we may provide you with notice that your information is being requested. In any case, both the assessment of the request as well as the possibility to inform you of it are at the our sole discretion and may not make us liable from a civil, criminal or administrative point of view.
- Persons or entity that you direct us to share your information with.
We may transfer personal data to third parties when and only when it is necessary to provide the product or service to you. In such cases, these third parties are prohibited to use these data beyond what is necessary to provide those product or service to you.
In any case where cross-border transfer is done, we ensure that an adequate protection is guaranteed for personal data to be transferred outside of Switzerland and the EEA. In some specific cases when this level of protection is not guaranteed, we will obtain your prior consent or establish with the recipient of personal data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting us.
8. Security measures
We apply strictly the principles of data protection by design and by default and implement appropriate technical and organizational measures to limit to the maximum the processing of your data as well as ensure its security. In particular, and by default, only personal data which are necessary for each specific purpose of the processing are processed by us and all accesses to your personal data are limited to what is required for the purposes detailed under clause 5 of this Policy. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Regarding specifically any payment transactions that are done with your payment details, they are encrypted using SSL technology.
9. Your choices
We strive to provide you with choices regarding the personal data that you provide to us or that is otherwise collected on you, in particular through our Websites. The following mechanisms give you the following control over your personal data.
Regarding Cookies and similar technologies: you can set your browser to refuse all or some browser cookies, or to alert you when cookies are being used, as mentioned under Clauses 3 and 4 above.
If you agree to receive information on Zenith offers and news you can indicate so through the relevant tickbox(es) located on the registration form(s) or by answering favorably to the question(s) presented by our Zenith Boutique representatives.
If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe as follows:
- By following the instructions provided in every emailing communication
- Through your My Zenith account
- By contacting us at mydata@zenith-watches.com
- Through the CONTACT US page on the Zenith web site
Please note that, even if you opt-out from receiving marketing communications, you may still receive administrative communications from us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.).
10. Your rights
You have the right to request access to or information about the personal data related to you which are processed by us. Should you have a My Zenith membership account, you can access, review, correct and update your personal data at any time by accessing such account on the Websites. Alternatively in any case you can contact us at mydata@zenith-watches.com.
You may also have the right to request that we:
- Correct or erase your personal data or restricts the processing of your data;
- Transfer your personal data to a third-party; or
- Stop processing your personal data, for the case in which we rely on your consent and do not have another legal basis to continue processing your data.
- Stop using your personal data to build up your client profile; in this case you will no longer benefit from customized offers or services.
- Stop sending you information about our offers and news
All access, correction and deletion requests can also be sent by regular mail along with your contact details (phone number and email) to the address referred to at the beginning of the Policy. We may ask you for a proof of identity (copy of official Identification Document with a photo mentioning your date & place of birth).
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable data protection legislation.
We encourage you to contact us if you feel your personal data has been mishandled or if we have failed to meet your expectations.
In addition to the rights identified above, California Civil Code Sections 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information about Californians are collected, “sold” or transferred for an organization’s business purpose (as those terms are defined under California law). You can find a list of the categories of information that we collect and share about Californians here[ZD1] . Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing please submit a written request to us using the information in the "Contact Information" section below. We do not discriminate against California residents who exercise any of their rights described in this Privacy Policy.
11. Updates to the Policy
We may revise or update this Policy from time to time. Any changes to this Policy will become effective upon posting of the revised Policy on the Websites.
12. Jurisdiction and applicable law
This Policy and all matters arising out of or related to this Policy shall be governed by the substantive laws of Switzerland, without regards to conflicts of laws and principles thereof.
Any controversy, claim or dispute between you and us arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the Courts of Neuchatel, Switzerland, and each party hereby irrevocably consents to the jurisdiction and venue of such Court.
13. Contact
For any question or request regarding your personal data, please contact our Data Protection Officer at mydata@zenith-watches.com.
Please note that the representative of Zenith, Branch of LVMH Swiss Manufactures in the European Union is: ZENITH FRANCE SUCCURSALE, 11 rue Alfred de Vigny, 25000 Besançon
If you are a California resident you can also contact us by calling 1-866-309-3467.[PM2]
Effective: January 1, 2020
Last Updated: January 23, 2020
*******Separate page to be linked from the Information for California Residents Section*********
California Information Sharing Disclosure
California Civil Code Sections 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether the following categories of personal information are collected, transferred for “valuable consideration,” or transferred for an organization’s “business purpose” (as those terms are defined under California law) about Californians. The table below indicates the categories of personal information we collect and transfer in a variety of contexts. Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer credit card or debit card numbers for our business purpose in order to process payments for orders placed with us, we do not collect or transfer credit card or debit card numbers of individuals that submit questions through our website’s “contact us” page.
Category of Personal Information | Is information collected by us? | Is information transferred for valuable consideration? | Is information transferred for business purposes? |
---|---|---|---|
Audio, electronic, visual, thermal, olfactory, or similar information | ☑ | ☐ | ☑ |
Bank account number | ☐ | ☐ | ☐ |
Biometric information | ☐ | ☐ | ☐ |
Characteristics of protected classifications (e.g., age, sex, race, ethnicity, physical or mental handicap, etc.) | ☐ | ☐ | ☐ |
Commercial information (e.g., products or services purchased, or other purchasing or consuming histories or tendencies) | ☑ | ☐ | ☑ |
Credit card number | ☑ | ☐ | ☑ |
Debit card number | ☑ | ☐ | ☑ |
Driver’s License Number / State ID | ☑ | ☐ | ☑ |
Education | ☐ | ☐ | ☐ |
Electronic network activity (e.g., browsing history) | ☑ | ☐ | ☑ |
Email address | ☑ | ☐ | ☑ |
Employment | ☐ | ☐ | ☐ |
Employment history | ☐ | ☐ | ☐ |
Geolocation data | ☑ | ☐ | ☑ |
Health insurance information | ☐ | ☐ | ☐ |
Identifiers (e.g., name or alias) | ☑ | ☐ | ☑ |
Insurance Policy Number | ☐ | ☐ | ☐ |
Medical information | ☐ | ☐ | ☐ |
Online identifier (e.g. IP address) | ☑ | ☐ | ☑ |
Other financial information | ☐ | ☐ | ☐ |
Passport Number | ☑ | ☐ | ☑ |
Physical Characteristics | ☐ | ☐ | ☐ |
Postal address | ☑ | ☐ | ☑ |
Signature | ☑ | ☐ | ☑ |
Social Security Number | ☐ | ☐ | ☐ |
Telephone Number | ☑ | ☐ | ☑ |
Transaction information | ☑ | ☐ | ☑ |