FOSSIL GENERAL PRIVACY NOTICE EU

Last Updated on May 25, 2018

At Fossil (Europe) GmbH, (“Fossil”, “we”, “us” or “our”) we value your data protection rights. In this Notice we provide you with both a brief summary​ of which personal data we use when you visit our website and purchase our products and about your rights, and an in depth explanation starting with section 1. below.

  • Service Provision
    We and our service providers process personal data related to you in order to provide you with the full range of services and features of our website. This includes data for the setting up of a customer account and data required to receive products and services.
  • Analytics
    We and our service providers track and run analyses of the usage of the website and, if you subscribed to it, of our newsletter to understand how they are used and improve them.
  • Marketing
    We can use your data for marketing purposes to provide you with personalized offers about our products and services, unless you opt-out.
  • Recipients
    Our service providers and Fossil Group members also access your data in order to provide services to you as described in this Privacy Notice.
  • Your rights
    Your rights include the right to access, correct, and delete your information, and, if applicable, withdraw your consent, object to, or restrict the processing.
  • Location of your data
    Data we use will be primarily stored in the United States with us and our cloud service providers, if necessary, either in accordance with the EU-, and the Swiss- U.S. Privacy Shield Framework or subject to other appropriate safeguards.

1. WHAT PERSONAL DATA DO WE USE FOR WHICH PURPOSES AND ON WHICH LEGAL BASIS?

In order to provide you with our services and the full range of features of our website we and our service providers use your data (including your name, email address, password and IP address for the following purposes:

  • When you create a customer account​ to manage your account, to provide access to your shopping cart, to display purchased, reserved and registered products, or to present other products presumably of interest to you, to verify your identity if you forgot your password and to process your product reviews.

  • When you choose to provide us further information​, such as date of birth, address, personal settings, a wish list and your gender to enable us to personalize both your profile and our recommendations for you.

  • When you order goods​ online, in this case we additionally need your address, telephone number and payment information, to process your purchase, send you confirmations, verify transactions for fraudulent activity, and to process returns, repairs and exchanges of products.

  • When you purchase a product in a Fossil retail store and request an e-receipt to process your request.

  • When you participate in loyalty programs, recommend our products​ to others, redeem a gift card, or when we offer you discounts and bonuses etc. we use this information in addition to purchase-related information to determine whether you are eligible for additional discounts and special offers.

  • When you ask us to forward a wish list​ to a friend or when you provide us the contact details of this friend we will use it as well to process your request.

  • When you contact us ​to answer your requests, provide customer support and handle your inquiry.

As far as this processing is necessary for the performance of the contract with you it is based on Art. 6 (1) b of the EU General Data Protection Regulation (GDPR). Voluntary information is processed under Art. 6 (1) f GDPR, our legitimate interest to offer a functionally appealing and user-friendly website. In addition, GDPR allows for the processing required by law, and, thus, e.g. to answer your inquiries via the means provided without undue delay.

In principle, we delete ​information related to your

  • account upon your request and after three years of inactivity,
  • purchase after expiry of the relevant legal retention period,
  • participation in loyalty programs, recommendations etc. after three years.

Certain of our processing activities we want to explain to you in more detail:

    • 1.1 Credit check

      We want to offer you the possibility to order on account. For this purpose CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München, Germany ("credit agency") runs a credit check for us, based on your name, date and place of birth, (previous) address, information about previous payment problems, references about fraudulent behaviour, information from public registers or bulletins. Using mathematical-statistical procedures the credit agency determines how likely it is that our customer will pay our bill. On the sole basis of an automated decision (without manual checking), only a positive result will make available the option "order on account". This processing is based on our legitimate interest (Art. 6 (1) f GDPR) to offer different ways for payment. We do not store this information.

    • 1.2 Interest based advertising

      To select which marketing information may be of interest to and to personalize ads and offers for you, on the grounds of Art. 6 (1) f GDPR, we

      • use publicly available information (e.g. from your social media profiles)
      • analyze your account information and how you use our services including our website, ads on third party websites and our newsletter
      • use information of your redemption of a gift card, entering of a sweepstake, contest, or competition, or of your participation in a survey
      • use information collected by our service providers (e.g. Adobe or Google)
      • send you promotional emails for products similar to your prior purchases, or contact you via other channels of electronic communications, unless you opted-out. For any other contact for direct marketing purposes (e.g. further emails, newsletter, SMS messages) we will ask for your consent.

      In principle, we delete such advertising related data after a maximum retention period of three years.

    • 1.3 Your reviews and shared content

      When you post a product review on, or upload an image or other material to our website or when you share content with us on third party websites, such as social networks, based on our legitimate interests (Art. 6 (1) f GDPR), we publish and use this information on our and third party websites. We delete such data after 5 years. We do not control and do not assume responsibility for the use of information by such third party websites. For information about their use of your information, please visit their privacy policies.

      Please also note​ that you must own the intellectual property rights in the content you upload to our website and share with us and must not violate rights of others (e.g. intellectual property or data protection rights). In uploading you grant us, and our respective service providers, a royalty-free, unrestricted, non-exclusive, perpetual, irrevocable, sub-licensable, transferable and worldwide license to use, edit, copy, adapt, translate, publish, display, make available, communicate and distribute the content partially or in whole, and to incorporate it in other works for any purposes such as advertising, marketing and promotions and in any form, media or technology known today or later developed.

    • 1.4 Cookies and Other Technologies

      Every time you visit our website, our system stores data related to your browser, its version, the operating system of your computer, your IP address, date, length and time of your visit, the website you accessed before and the one you visit following links on our website. We base this processing on our legitimate security interest (Art. 6 (1) f GDPR) and delete log files without undue delay, the latest after 6 months after the session has ended.

      In addition, we use cookies and other technologies such as pixel tags. Cookies are small files stored on your computer's hard drive. Pixel tags, also known as web beacons, are invisible files, which can be contained in web pages or emails, and which request information about your computer, such as e.g. the browser used. We base the processing on our legitimate interest (Art. 6 (1) f GDPR) in providing a website with special functionalities, optimizing it and ensuring the security of our IT. Cookies have an expiry date.

      Before we explain to you which categories of cookies and other technologies (all together we call "Cookies") we use, we want to point out that you can

      generally reject browser Cookies ​via the settings of your browser, or

      disable​ certain categories​ of Cookies​ under this link (If so, an opt-out cookie will be installed on your computer preventing all data traffic through the corresponding category of Cookies)

      Please note​ that certain functionalities of our website and services may not be accessible to you if you disable the use of certain Cookies.

    • 1.4.1 Functional Cookies and Plugins

      Based on our legitimate interest to improve our website (Art. 6 (1) f GDPR) we use Cookies to enable and facilitate the entry to and the use of our website, e.g. to optimize the display of country-specific content in your national language, including third party Cookies. Such a service we use for increasing functionality is the autocomplete function of Google Places, provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). When you type in an address at our website, Google will propose likely results. As to this Google places a Cookie allowing Google for example to use your IP address according and subject to Google’s Privacy Policy.

    • 1.4.2 Social Cookies

      On our US website we use Addthis plugins, a service provided by Oracle America, Inc. 500 Oracle Parkway, Redwood Shores, CA 94065, USA. (“Addthis”), to enable you to share our website and content such as information about our products on social media platforms such as Facebook, Pinterest and Google+. We base this processing on Art. 6 (1) f GDPR since we aim to make it easier for you to spread information about our content and products you like via social media. When you visit our website your browser establishes a direct connection to Addthis. Addthis collects your IP address, usage information and geo-location data. Addthis builds user profiles for advertising and marketing purposes as well as for optimization of their websites in order to inform other social network users of your activities on Fossil websites. The data will be transferred to the servers located in the United States. Oracle complies with both the EU-U.S. and the Swiss-U.S. Privacy Shield Framework. If you click on a such button you will be lead to the social media platform directly. At the same time due to a Cookie, Facebook, Pinterest, Twitter, and Google+ will know that the respective page on our website has been visit by you.You should exercise your right of objection directly to the respective Plug-in provider.

To opt-out from Addthis click here.

  • 1.4.3 Analytical Cookies

    Without linking it to your name, but storing it with an ID number on the basis of Art. 6 (1) f GDPR we use information about our services you use and how you use them (e.g. articles you clicked on in our emails or on our website). We use this information to learn about shopping preferences to tailor our offers and websites, to resolve problems with websites, products and services, to analyze trends and statistics and to present our content in the most appealing and user-friendly way for you.

    We use Hotjar Heatmaps, a customer experience analytics service provided by Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”). Hotjar Heatmaps helps us to better understand our users’ experience (e.g. how much time they spend on which pages, which links they click, what they do and don’t like). Hotjar uses Cookies to get information in particular about the device's IP address (only in anonymized form), the browser and country of the user and stores it in a pseudonymized user profile. Neither Hotjar nor we will use this information to identify individual users or to match it with further data on an individual user. All data Hotjar collects is stored in Ireland on the Amazon Web Services infrastructure, eu-west-1 datacenter. For further details, please see Hotjar’s privacy policy by clicking on this link.

    To opt-out from Hotjar, click here.

    We use UTM source capture in Google Analytics, an analysis service provided by Google which stores "analytical cookies" on your computer on our behalf. We transmit your IP address after it has been anonymised by the generation of random user IDs. These Cookies send anonymized information about your usage of our website and the terminal device used to Google, where the data is aggregated and analyzed to provide meaningful reports for us. We do not combine data from Google Analytics with any of your personal information; neither does Google merge them with data about you. As it can occur that your personal data is transferred to the USA, Google self-certified its adherence to the EU-U.S. Privacy Shield Framework.

    You can object by installing a browser plugin clicking here.

  • 1.4.4 Marketing Cookies

    We cooperate with third party service providers placing ads on our behalf on their websites. These providers use Cookies to monitor your usage of and interaction with our website and ads. We base the use of this kind of Cookies exclusively on your consent (Art. 6 (1) a GDPR).

    Please note​ that if you maintain a user account with third party service providers (e.g. facebook) they may be able to identify you.

    We use Adobe Media Optimizer, an advertising service provided by Adobe Systems, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA ("Adobe"). Adobe stores Cookies on your computer to process information about you and your usage of our website on our behalf by collecting your IP address and providing us with information about your online-behaviour. In case personal information is transferred to the United States, Adobe has self-certified to the EU-U.S. Privacy Shield Framework.

    To opt-out from Adobe Media Optimizer, click here.

    We use Bing Ads and Bing Universal Event Tracking (UET), marketing services provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”). By creating an UET Tag, Microsoft will collect data which allows us to process information about your usage of our website. UET collects your IP address and information collected by the Microsoft Cookie (with an expiration date of 13 months). This Cookie contains a globally unique identifier assigned to your browser, and/or an ID assigned to you as long as it is authenticated through your Microsoft account. If you do not want the UET tag to set any first-party Cookies, you can deactivate it via your browser settings.

    We use CJ Affiliate by Conversant, a marketing service provided by Commission Junction LLC, 530 East Montecito Street, Santa Barbara, CA 93103, USA (CJ). CJ uses Cookies and pixel tags to collect your IP address, browser information, purchase information and in some cases also pseudonomized information from third party providers in order to help us to generate consumer interest or inquiry for our products and services via our display, search and email distribution channel. As your data can be processed in the USA or India, the processing is based on Standard Contractual Clauses.

    To opt-out from CJ Affiliate, click here.

    We use Criteo​ Dynamic Retargeting​, an analysis and advertising service provided by Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo"). Criteo places Cookies on your browser allowing for the analysis of trends and the identification of your interests. Criterio processes your IP address for e.g. fraud prevention. If also processes your email address, creating an individual code ("hash") from it when you log in to your customer account for the purpose of cross-device-identification. Criteo displays our ads on websites of its business partners that may also place Cookies on your browser. It cooperates with different platform providers (e.g. Adform, Adscale or Improve Digital) which also may set respective Cookies.

    ​To opt-out ​from Criteo click on this link.

    We use DoubleClick Campaign Manager​, an analysis service provided by Google to improve advertising based on what is relevant to you, to improve reporting on campaign performance and to avoid showing ads you have already seen. DoubleClick places a Cookie on your browser. Depending on your settings, information associated with Cookies used in advertising may be added to your Google account. For detailed description of Google's processing go to "Google Analytics".

    ​To opt-out ​from receiving personalized ads from Google click here.

    We partner with Google Remarketing​ Adwords​ to display ads to visitors of our website on third party websites. To avoid repetition in displaying ads, to stop and detect click fraud and to show you relevant ads, based on websites you have visited before, Google uses Cookies. Google stores i.a. your web request, IP address, browser type and language, date and time of your request. Google also places one or more Cookies uniquely identifying your browser. Google stores your data mainly for improvement of the services and for security reasons.This data is being anonymized by removing part of the IP address (after 9 months) and cookie information (after 18 months).

    ​To prevent​ Google from collecting data for behavioral advertising you may change the settings on this page.

    We integrate a so-called custom audience pixel​ provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") into our websites ("pixel"). The pixel collects data about the usage of our websites (e.g. which pages you have visited) and sends them in hashed form to Facebook. The data are used for statistical and market research purposes to understand how users behave after clicking on an ad placed on the Facebook website. This enables us to measure the effectiveness of our marketing campaigns run on Facebook websites (conversion tracking) and target our advertising to groups created by Facebook. We can also show you advertisements via your Facebook feed, according to your website usage you may find interesting. If you visit our website after you visited Facebook we can only identify you and assign this information to your customer account if you, e.g., place an order.

    We use Mailchimp, a service provided by Rocket Science Group, LLC, 675 Ponce de Leon, Avenue NE Suite 5000, Atlanta, GA 30308, USA (“Rocket Science”). MailChimp helps us to manage and orchestrate our marketing interaction with you across email, mobile, social, display and the internet. We use MailChimp to send you newsletter or e-receipts. MailChimp collects information about your device such as your IP address, product usage data whenever you interact with emails the service sent on our behalf, name and email address.

    You can opt-out from this analysis by clicking the unsubscribe link on each email or under this link.

    We integrate a so-called YouTube Conversion Pixel provided by Google. Since on our website we integrate Youtube videos in a data protection mode, personal information about you will be processed and transmitted to Youtube only in case you play a Youtube video. When you are logged in to your Google account, Google will allocate to it the information that you watched the video, your IP address, information about your browser, time and duration of the access etc. To prevent that from happening you need to log out from your Google account before you play a video on our website. Youtube will use your personal data to build user profiles for advertising and marketing purposes, and to orchestrate its website. You should exercise your right of objection regarding the creation of user profiles directly to Google.

2. WHERE DO WE GET PERSONAL INFORMATION FROM?

Most of the personal data we process we received by you, be it because you entered it during the registration process, placing an order, or because we tracked your usage of our website or newsletter etc. However, we also may receive information about you from other sources, such as, Fossil Group member companies, and, if publicly available, from third party websites. In some cases we receive personal information about you from our service providers e.g. from FullContact Inc., Facebook, Google, Responsys.

3. WHEN DO WE SHARE PERSONAL INFORMATION?

We will share your personal information in the following cases:

  • 3.1 Legal obligation and internal purposes

    We disclose your personal information (i) in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements; (ii) in order to protect and defend the rights or property of us or third parties; or (iii) in an emergency, in order to protect the safety of our employees or any person.

  • 3.2 Joint processing within Fossil Group

    Your information will be combined with other personal information that Fossil Group companies have obtained about you (e.g. wearable data, purchase details of your wearable device, other goods you have purchased on a company website). We will also make your data available to Fossil Group companies if required to provide warranty and other after-sale services to you (for information about Fossil Group member companies click here).

  • 3.3 Sharing with third parties

    We involve other companies for the provision or the hosting of services, who are permitted to use personal information only on our behalf and must not use it for their own purposes, unless permitted by law.

    We share the data with service providers

    • providing customer care services (e.g. Zendesk In
    • for functional, social, analytical technologies and technologies enabling behavioral marketing (1.4)
    • using data cleansing techniques in order to ensure that your data such as your address are correct (e.g. Acxiom Corporation)
    • providing payment services (e.g. PayPal S.à r.l, et Cie, S.C.A)
    • for transport and logistic services (e.g. Deutsche Post DHL Group)
    • providing hosting and general IT services (e.g. Amazon Web Services, Inc. and Google, Inc.)
    • for social media services (e.g. Facebook or Google)
    • providing credit checks (1.1)
    • for direct marketing campaigns (e.g. Oracle, Google, Facebook).

4. FOR HOW LONG DO WE USE PERSONAL INFORMATION?

We will retain your personal information as long as necessary to provide you with functionality and services as described above under chapter 1. In some situations and to the extent necessary, however, we may keep some of your personal information for longer. Examples include the defense against, or the establishment of, legal claims and legal obligations (e.g. tax law, or the principle of accountability, which requires us to demonstrate that our processing complies with applicable data protection laws). In order to verify whether you opted out or in to marketing activities, we e.g. store your respective choice (e.g. via a cookie or a declaration).

5. WHAT ARE YOUR RIGHTS?

On our website you will find the section "My account", where you can change your personal data stored with us

We encourage you to address any inquiries or concerns regarding our use of your information using our contact details displayed in 10. Like this you also may exercise your right to request (i) access to, (ii) correction of, (iii) deletion of, and (iv) restriction of personal information we hold about you. You also have the right to (v) data portability (to receive data you provided in a machine readable format) and, where applicable, (vi) withdrawal of your consent, (vii) opt-out from receiving marketing notifications, and (viii) object to the processing we base on our legitimate interests. Apart from this you have to right to (ix) lodge a complaint with the responsible data protection authority.

6. DATA STORAGE IN THE U.S.

Personal information we collect will be primarily stored in the United States with Fossil Group member companies and our cloud service providers in accordance with the EU-, and Swiss-U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer personal information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.

In order to provide an adequate level of protection, Fossil Group, Inc., complies with the EU-U.S.- and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, to which Fossil Group has certified that it adheres to the Privacy Shield Principles. As a consequence, Fossil Group is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is a conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/welcome. To view Fossil Group’s certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group’s subsidiaries, including Fossil Partners, LP and Misfit, Inc., also adhere to the Privacy Shield Principles.

If your information is subject to the Privacy Shield, and you do not believe Fossil Group has adequately addressed your privacy concerns, you can address your concerns to the DMA free of charge as follows:

DMA, ​Privacy Shield, 1333 Broadway, Suite #301, New York, NY 10018

To file a complaint/inquiry:
https://thedma.org/resources/consumer-resources/privacyshield-consumers/

For information about the DMA and their Privacy Shield program visit:
https://thedma.org/resources/consumer-resources/privacyshield-consumers/

In cases where the issue cannot be resolved by us or through the DMA you may invoke binding arbitration as further described in the Privacy Shield.

7. INTERNATIONAL TRANSFERS

In addition to the service providers described under chapter 1.4 we cooperate with service providers located outside the EU or the EEA (see e.g. the list in chapter 3.3), all of which are Privacy Shield certified. Where this is not the case we make sure we base our contract upon standard contractual clauses, which grant an adequate level of data protection, unless another adequacy decision applies.

8. WHAT HAPPENS IF WE CHANGE THIS PRIVACY NOTICE?

This Privacy Notice is effective as of May 25, 2018 and may be updated from time to time. We will notify you of material changes by posting a prominent notice on our website or by sending you an email. If your personal information is subject to the Privacy Shield, and if we decide to use your information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify and provide you with the opportunity to opt-out of our use of your information for that purpose.

9. OUR REFERRAL TO OTHER WEBSITES

Whenever we provide links to other websites on our website, this is in the interest of our users or should be understood as a courtesy to the third party provider. Pages to which we link and pages that link to our website are not under our control. In such cases we are neither responsible for the content of these pages nor for compliance with the applicable data protection regulations of those providers. We recommend that you carefully read the privacy statements of these third parties to learn how your personal information is stored, used or shared.

10. WHO ARE WE AND HOW CAN YOU CONTACT US?

This website is provided by Fossil (Europe) GmbH
Oberwinkl 1, D-83355 Grabenstätt, Germany
T.: +49 (0) 8661-622-6000
Fax: +49 (0)8661-622-7000
E-mail: info@fossil.de

You can get in touch with our data protection team and the responsible data protection officer we designated in every case required by law per email using privacy@fossil.com.