MISFIT PRIVACY NOTICE

Last Updated: May 25, 2018

At Fossil Group, Inc. (“Fossil Group” or “Fossil”), owner, manufacturer, and distributor of the Misfit Brand (“Misfit”, “we” or “us”) we value and protect your privacy rights to data protection and privacy. This Privacy Notice describes:

  • What Personal Information we collect from the Misfit App (Misfit Home, Misfit Cycling, Misfit Link) Misfit Watch Apps and Misfit Device and the purposes for which we use it.
  • What Personal Information we transfer to third parties.
  • Your rights and how you execute such rights.
  • How you can contact us.

1. Summary

In the following we will provide you a quick summary of which personal information we use for which purposes and about your rights. For more details go to the relevant Sections below.

  • 1.1 Service Provision

    We process Personal Information about you in order to provide you with the full range of services and features of your Misfit App, Misfit Watch Apps, and Misfit Device. This includes data you enter when setting up your user account and information required in order to receive specific features. For example, for distance and pace measuring, or calculation of calories burned, we might require information about your height, weight, heart rate, and geolocation. (For further information go to sections 3.1-3.7 below)

  • 1.2 Analytics

    We and our service providers track and run analyses of the usage of the App, Watch Apps, and Device (to determine which functionalities are used more often than others) to understand how they are used and improve them. (For further information go to Section 3.8 below)

  • 1.3 Marketing

    We can use your Personal Information for marketing purposes to provide you with offers about our products and services, unless you opt-out. (For further information go to Section 3.9 below)

  • 1.4 Data access by recipients

    Our service providers and other Fossil Group companies also access your information in order to provide services to you and handle your data as described in this Privacy Notice. (For further detail go to Section 5 below)

  • 1.5 Your rights

    Your rights may include the right to access, correct, and delete your Personal Information. You may also request the restriction of and, if applicable, withdrawal of your consent or objection to the processing (please proceed to Section 8 for a detailed description of your rights).

  • 1.6 Location of your information

    Personal Information we collect will be primarily stored in the United States with us and our cloud service providers, if necessary either in accordance with the EU – and Swiss – U.S. Privacy Shield Framework or subject to other appropriate safeguards. (For further information go to Section 9 below).

2. When does this Privacy Notice apply?

This Privacy Notice applies to the Misfit App, Misfit Watch Apps, and Misfit Device. For further information about what these terms comprise please see Section 12.

This Privacy Notice does not apply to your purchase transaction of the Device or to any purchase on our websites.

3. What Personal Information do we collect on which legal basis and what do we use it for?

In order to provide you with our services and the full range of features of our App, Watch Apps, and Device, we use Personal Information.

We receive Personal Information collected by third party services (e.g. Google Fit). You can deactivate such an App data sharing using the settings of the third party service.

The Personal Information that we collect include the following (please note: As the availability of functionality may vary, depending on your App, Watch Apps, and Device, not every one of the followings sections may apply to you):

  • 3.1 General Account data

    When you use the App, Watch Apps, and Device we will collect general account data, including examples such as your first and last name, your email address, your date of birth, your gender, your height and weight, a photo, the password selected for your App account, the App version, Device information (e.g. Device serial number), paired mobile device information (e.g. smartphone manufacturer, model, operating system) and your personal account and App settings (e.g. which features you want to use).

    We will also collect this information when you sign-up using a social media login, such as via Facebook or Google+. In this and other cases we collect publicly available information about you on your social media account. We do not collect or store your social media password if you sign up using a social media login.

  • 3.2 Activity and sleep data

    In order to help you understand both your daily movement habits and your personal fitness, we use additional Personal Information. Examples include the calculated number of steps you have taken, your heart rate, calories burned, your mode of movement (e.g. running or walking), travelled distance, the time zone, and your goals for the day and whether you achieved them. In order to enable us to calculate calories burned we use your height, weight, and date of birth information. You may also choose to input information related to your activities through the App, such as updating information about your weight.

    With the aim of enabling you to understand and to improve your sleeping habits, some Devices collect sleep start time, sleep end time, the time you go to bed, and the time you wake up. We also collect details of sleep, such as when light sleep or restful sleep occur, to show you data and insights about your sleeping patterns.

    Certain activity and sleep data might be regarded as "health related data" in certain jurisdictions.

  • 3.3 Notifications and alerts

    If you want to be notified by your Device when you receive a text message, email, app alert, or when there is an upcoming event in the calendar of your mobile device, you need to activate this in the App settings. We do not store content of the notifications, we only track that a notification occurred.

  • 3.4 Location information

    When you install the App, you will be asked to grant access to your geolocation data. When you install or use Watch Apps for the first time, including on devices powered with Wear OS by Google, you will be asked to grant the Watch App access to your Device’s geolocation data (if equipped) or the paired mobile device’s geolocation data. We can use that information to customize the App or Watch Apps with location-based information and features; examples may include automatically updating local weather information, tracing an activity route, or to help locate your Device based on last known location.

  • 3.5 Performance report and customer support

    In the event our App or Watch Apps stop working we will receive information about your paired mobile device and Device (e.g. model, software version, mobile device carrier) and any additional information you share with us, which allows us to identify and fix bugs and otherwise improve the performance of our App and Watch Apps.

    In the event you contact us for customer support also we will process your Personal Information.

  • 3.6 Watch Apps

    When you install or use one of our Watch Apps, you will be asked to grant the Watch App access to certain types of information from your Device and/or a paired mobile device (e.g. geolocation data, events on your personal calendar, or fitness activity data). If you grant such permission, the Watch App can collect information and use that information to provide specific features or services; for example to allow you to display a pre-selected watch face during a specific event, to download photos from social media, or to help locate your Device based on last known location.

  • 3.7 Emails and other communications

    We send you push notifications to provide you with information about your personal goals and alerts about updates for the Device, the App, or Watch Apps.

    We will send you emails related to the administration of your account, such as a welcome email when you create your account, a confirmation email if you delete your account, emails if you forgot your password and need assistance changing it, or a reminder that your account may be deactivated after a period of inactivity.

    For paired mobile devices, you can at any time stop transfer of data from the paired mobile device to the App or Watch Apps by disabling the Bluetooth connection between the Device and the mobile device; however, in this case the functionalities described above may not work.

  • 3.8 Analytics

    We aggregate and de-identify data (so that the data is not associated with an individual’s name or other personally identifiable information) collected through the App, Watch Apps, and Device and use it for a variety of analytical purposes, such as determining the average daily steps taken by App users, analyzing fitness trends, watch faces selected by Watch App users, or obtaining other information to improve our products and services.

    We use your Personal Information for other marketing, statistical, and market research purposes to learn more about our customers and users. For these purposes we also use publicly available Personal Information about you (e.g. from your social media profiles).

    We use Google Analytics to track and examine how our App and Watch Apps are used and how we may improve them to enhance and improve our services. Google Analytics is an analysis service provided by Google Inc., located in the USA. In order to use Google Analytics, our App is sending anonymized information about your usage of our App to Google Analytics, where the data is aggregated and analysed to provide meaningful reports for us. We do not connect data from Google Analytics with any of your Personal Information. You can opt-out from our collection of data by Google Analytics at any time in the App's settings.

  • 3.9 Marketing

    We can use your Personal Information for marketing purposes to provide you with offers about our products and services. By analysing your general contract information (3.1) and how our services are used we select which marketing information may be of specific interest for you. We might also send you promotional emails (in the EU: only for products similar to your purchases). At any time you can opt-out from the use of your Personal Information for marketing purposes as described under Section 8.1.

    We will not use data relating to your health for marketing purposes.

    If you enter a global sweepstake, contest, or competition we sponsor, we use your Personal Information to enable your participation.

  • 3.10 Legal Basis (EU)

    EU law obliges us to name the legal basis for the processing activities described in this chapter 3.

    • 3.10.1 Performance of a contract: Most of our processing activities are necessary for the provision of our services (legally: performance of our contract with you - Sections 3.1 to 3.3, 3.5 to 3.7).

    • 3.10.2 Consent: For geolocation data (Section 3.4) and for some marketing activities (Section 3.9) we require your prior explicit consent. As far as activity data (Section 3.2. above) may be considered health-related data we require your explicit consent for the processing.

    • 3.10.3 Legitimate Interests: The processing for analytical (Section 3.8) and for marketing purposes is based on our legitimate interests.

    • 3.10.4 Legal obligation: In some cases we process your Personal Information due to a legal obligation (for further information go to Section 6. below).

4. Can you share your Personal Information?

The App allows you to share Personal Information from the App on social networks like Facebook or transfer Personal Information to other apps like Apple Health or Google Fit. You can deactivate such an App data sharing using the settings of your App.

We do not control and do not assume any responsibility for the use of Personal Information by such third parties. For more information about the third party’s purpose and scope of their use of Personal Information in connection with sharing features, please visit the privacy policies of such third party apps and their providers.

5. When do we share Personal Information?

We will share your Personal Information in the following cases.

  • 5.1 Legal obligation and internal purposes

    We disclose your Personal Information (i) in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements; (ii) in order to protect and defend the rights or property of us or third parties; or (iii) in an emergency, in order to protect the safety of our employees or any person.

    Additionally in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation, or other similar corporate reorganization, your Personal Information may be part of the transferred assets. Where required by applicable law (such as in the EU) or the Privacy Shield Principles we will inform you about and ask for your permission for the transfer of your Personal Information.

  • 5.2 Joint processing within Fossil Group

    Your Personal Information will be combined with or connected to other Personal Information that Fossil Group companies have obtained about you (e.g. purchase details of your Device, other goods you have purchased on a company website). We will also make your data available to Fossil Group companies if required to provide warranty and other after-sale services to you (please visit www.fossilgroup.com for information about Fossil Group member companies).

  • 5.3 Sharing with third parties

    We involve other companies for the provision of services or for hosting Personal Information. These companies are only permitted to use Personal Information on our behalf; they must not use such data for their own purposes except as permitted by law. Examples of subcontractors are hosting or other service providers such as Amazon Web Services, Inc. and Google Inc., and service providers we use for customer care such as Zendesk, Inc.

    We contract with service providers using data enrichment technologies (this does not apply to the EU, where we only use data cleansing techniques, i.e. ensuring that your data such as your address are correct).

    Provided your Personal Information is subject to the Privacy Shield agreement, we will remain liable that processing of Personal Information by service providers or subcontractors is consistent with our instructions, unless we are not responsible for such inconsistent processing. See Section 8 below for additional information related to the Privacy Shield agreement.

  • 5.4 Sharing de-identified information with third parties

    We may share aggregated and de-identified data (which is not associated with an individual’s name or other personally identifiable information) collected through the App or Watch Apps with third parties for any lawful purpose.

6. Children's online privacy protection

We do not knowingly collect, maintain, or use Personal Information via the App or Watch Apps about children under the age of 14. Persons under the age of 14 may not use the App or Watch Apps, and their request for accounts will be denied. If we become aware that a child under the age of 14 has sent Personal Information to us without prior parental consent, we will remove his or her Personal Information from our files. Please note that outside the US other age thresholds may apply.

7. How long do we store and how do we secure Personal Information?

We will retain your Personal Information as long as necessary to provide you with App, Watch Apps, and Device functionality and services but in any event only as long as your account is active. When you delete your account or we disable it after a time of inactivity and notification from us, we will also delete your Personal Information obtained from the App, Watch Apps, or Device from our systems (excluding any information we have de-identified).

However, to the extent necessary we may keep some of your Personal Information for legal reasons (e.g. tax law, the defense against, or the establishment of, legal claims, and in order to demonstrate that our processing complies with data protection law requirements). We also keep your opt-in or opt-out requests for marketing emails (even if such request is made in or through the App).

8. What are your rights?

  • 8.1 Your rights

    We encourage you to address any inquiries or concerns you may have regarding our use of your Personal Information by using the contact details provided in Section 11 below.

  • 8.2 Your additional rights provided by EU law

    By contacting us as set forth in Section 11 below in the EU you may exercise your rights, including the right to request from us access to, correction of, deletion of, and restriction of the Personal Information we hold about you. You also have the right to data portability (to receive data you provided in a machine readable format).

    You may at any time object to our processing based on legitimate interests and to receiving marketing notifications or emails as described above under 8.1.

    If your Personal Information is subject to the Privacy Shield agreement, further rights are described in Section 9 below. Apart from this you have to right to lodge a complaint with the responsible data protection authority.

  • 8.3 California

    California law requires certain businesses to respond to requests from California residents asking about the disclosure of Personal Information to third parties for marketing purposes. Alternatively, such businesses may adopt a policy of not disclosing Personal Information to third parties for marketing purposes if a California resident opts-out. We have an opt-out policy as described under Section 8.1. If you wish to opt-out of our sharing your Personal Information for marketing purposes (either with companies related to us or if you previously consented to our sharing information with unrelated third parties for marketing purposes), please contact us by email or mail at the addresses in Section 11 below.

9. Data Storage in the U.S. and Privacy Shield

Personal Information we collect will be primarily stored in the United States with us and our cloud service providers in accordance with the EU – and Swiss – U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer Personal Information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.

In order to provide an adequate level of protection according to EU laws, Fossil Group, Inc., complies with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal information transferred from the EU, EEA member countries and Switzerland to the United States, respectively. Fossil has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. As a participant in the Privacy Shield, Fossil is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Fossil's certification, please visit https://www.privacyshield.gov/welcome. To view Fossil’s certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group’s subsidiaries, including Fossil Partners, LP and Misfit, Inc., also adhere to the Privacy Shield Principles.

If your Personal Information is subject to the Privacy Shield, and you do not believe Fossil has adequately addressed your privacy concerns, you can also address your concerns regarding the use of your Personal Information to the DMA free of charge as follows:

DMA

Privacy Shield

1333 Broadway

Suite #301

New York, NY 10018

To file a complaint/inquiry: https://thedma.org/resources/consumer-resources/privacyshield-consumers/

For information about the DMA and their Privacy Shield program visit: https://thedma.org/resources/consumer-resources/privacyshield-consumers/

In cases where the issue cannot be resolved by us or through the alternative dispute resolution proceedings you may invoke binding arbitration as further described in the Privacy Shield.

10. Changes to this Privacy Notice or how we use Personal Information

This Privacy Notice is effective as of May 25, 2018 and may be updated from time to time. We will notify you of material changes to our Privacy Notice by posting a prominent notice in the App, or by sending you an email or a notification in which we may also seek your consent. If your Personal Data is subject to the Privacy Shield, and if Fossil decides to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify you, and in the case of health related information, ask for your consent; or in all other cases, provide you with the opportunity to opt-out of our use of your Personal Information for that purpose.

11. Who we are and how to contact us

The App, Watch Apps, and Device are provided to you by Fossil Group, Inc., 901 S. Central Expy, Richardson, Texas 75080, USA.

Please contact us if you wish to opt-out of marketing notifications or emails or if you want to exercise your further rights via email at privacy@fossil.com or mail us at Fossil Group, Attention: Chris King, Chief Compliance & Risk Officer, 901 S. Central Expressway Richardson, TX 75080, USA. Please also contact us at either of these addresses if have any questions regarding privacy and data protection in connection with the App, Watch Apps, or Device.

Our EU representative is FESCO GmbH, Natzing 2, 83125 Eggstätt, Germany. You can either contact our EU representative sending an email to eu-privacy@fossil.com or calling +49-89-7484 6815.

12. Definitions

"Personal Information" is information that can be used either directly or indirectly (in combination with other information) to identify you, or something about you. Examples of Personal Information include your name, email address, Device serial number, your activities and other details we collect via the App, Watch Apps, or Device.

Misfit App (“App”) is the app you install on your mobile device for the use of our services. The Misfit App is not compatible with touchscreen devices.

Misfit Watch Apps (“Watch Apps”) are applications we designed to be used with Devices to expand the personal features and services available to you. Watch Apps may come preinstalled on some Devices or may be downloaded to your Device.

Misfit Device (“Device”) is a Misfit wearable. Hybrid devices run through the Misfit app, while touchscreen devices are powered with Wear OS by Google. Touchscreen devices do not pair to the Misfit App and must be registered through Google. Collection and use of your Personal Information on a touchscreen smartwatch through Google services is subject to Google's privacy policy.