If you have any questions about this Policy, please contact our data privacy manager (“DPM”) at firstname.lastname@example.org.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AND HOW DO WE COLLECT IT?
Personal data or PII means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history (“Personal Data”).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name, last name, marital status/salutation, username or similar identifier, title, date of birth, gender, photograph and nationality.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We collect your Personal Data when you give it to us by filling in forms and questionnaires on our website or corresponding with us in-store, on the website, by phone, post or email. As you interact with our website we may also collect Technical Data about how you use our website and interact with us. We collect this data by using cookies and other similar technologies.
PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
We will only process your Personal Data, in accordance with applicable law, for the following purposes:
(a) creating and maintaining your Customer account, if you become our registered Customer;
(b) offering our goods and providing our services to you in a personalised way, for example, we may provide suggestions based on your previous searches to enable you to identify suitable goods and services quicker. This may also include, where legally permitted, processing data related to your location;
(c) handling and fulfilling your orders and booking requests, if you request goods or services from us. This may also include processing of information that we receive from third parties, for example, address data to verify your correct address;
(d) obtaining payment from you, if you purchase any of our goods and/or services;
(e) enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order to fulfil your orders;
(f) resolving any returns, refunds or disputes and processing VAT refunds, if you lawfully exercise your rights or if you wish to dispute any part of our offering;
(g) sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our and our selected partner’s products and services, which we consider may be of interest to you. You can ask us to stop sending you marketing messages at any time by contacting us at email@example.com;
(h) serving personalised advertising to your devices; delivering ads based on your interests ascertained from your past searches, visits of subpages and purchases on our websites, and other data obtained through the use of "cookies" placed on your devices. Please see our Cookie Statement;
(i) ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
(j) developing and improving our products and services, for example, by reviewing visits to our website and its various subpages, demand for specific goods and services and User comments; and
(k) to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
Your consent, as the Data Subject, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:
your request for content, goods or services necessitating steps including processing of your Personal Data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract; and legitimate interests pursued by usas a business, except where such interests are overridden by your interests and fundamental rights. We will rely on this legal ground in relation to the processing set out in paragraphs 3(i) and 3(j), in which we have a legitimate interest;and compliance with a legal obligation to which we are subject, such as, for example, the processing for the purposes set out in paragraph 3(k).
DISCLOSURE OF CUSTOMER INFORMATION
There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
- to our subsidiaries, branches or associated offices;
- to our outsourced service providers or suppliers to facilitate the provision of our services or goods to our Users, for example, the disclosure to our payment and logistics service providers to ensure your orders are successfully processed and delivered;
- to our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by sending an e-mail to firstname.lastname@example.org;
- to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
- to public authorities where we are required by law to do so; and
- to any other third party where you have provided your consent.
NTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in paragraph 3 above. In particular, your Personal Data may be transferred throughout the Watches of Mayfair group and to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means.
RETENTION OF PERSONAL DATA
Your Personal Data will be retained until your last use or purchase of our services or goods and normally for a period of six years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.
We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
DATA SUBJECT RIGHTS
Data protection law provides Data Subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data. Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.
- Right to make subject access request (SAR). Data Subjects may, where permitted by applicable law, request copies of their Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to the DPM whose contact details are above. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
- Right to rectification. Youmay request that we rectify any inaccurate and/or complete any incomplete Personal Data.
- Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
- Right to object to processing. Youmay, as permitted by applicable law, request that we stop processing your Personal Data.
- Right to erasure. Youmay request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
- Right to data portability. In certain circumstances, youmay request that we provide your Personal Data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your Personal Data which may still be required for legitimate and lawful purposes.
- Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
Please note that this website is not intended for children under the age of 16.