DATA PROTECTION POLICY

1. Name and contact details of the controller responsible for processing and the company data protection officer

This Data Protection Policy applies to data processing by:

Controller: stefanobragawatches.com
Rue du Nord 47, 2720, Tramelan - Swiss (CH)

E-mail: info@stefanobragawatches.com
Phone: +41 (0) 79 891 03 75

2. Collection and storage of personal data and the nature and purpose of its use

a) When visiting the website

When you visit the SBW website, the browser you are using on your device automatically sends information to the server for our website. This information is temporarily stored in a log file. The following information is automatically collected and subsequently automatically deleted after a period of 20 weeks:

- the IP address of the querying computer
- the date and time of access
- the name and URL of the retrieved file
- the website from which access is occurring (referrer URL),
- the session ID
- the user agent
- the browser used and in some cases the operating system of your computer and the name of your access provider.

    We process the aforementioned data for the following purposes:

    - to ensure a trouble-free connection with the website
    - to ensure convenient use of our website and optimise our platform
    - to monitor and ensure system security and stability.
    - to detect and prevent attacks on our website, and for other internal statistical and administrative purposes.

      We never use collected data to reference you as a person. In the event of an attack on our network infrastructure however, your IP address will be identified in order to assert or defend against legal claims.

      We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f of the General Data Protection Regulation (GDPR). Our legitimate interests proceed from the data collection purposes specified above.

      We also use cookies and analytics services when you visit our website. For further details see points 5. and 6. of this Data Protection Policy.

      b) Registering as a user on our platform

      Buyers, private sellers and commercial merchants can create a user account on our platform. The mandatory data required to set up a user account must be entered under i), ii) and iii). This data is processed

      - to identify you as our contract partner
      - to enter into, structure, execute and amend contracts with you governing the use of our platform and services offered thereupon
      - to assess the plausibility of the data entered
      - to contact you as necessary for with any questions, and
      - to assert any claims against you as necessary.

        The data specified under points I), II) and III) are processed upon your placement of an inquiry for the purposes outlined above and are required for use of the platform in accordance with Article 6 para. 1 sentence 1 item b of the GDPR, and thus required for fulfilment of the contract and of pre-contractual actions.

        You may have the option of providing voluntary information/data depending on the type of user account. We process voluntarily provided information/data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. This information/data is used to facilitate contact with you and ensure rapid clarification of any questions.

        After deletion of your user account your data are automatically deleted to prevent further use unless, in accordance with Article 6 para. 1 sentence 1 item c GDPR, it must be stored for a longer period of time pursuant to retention and documentation requirements under tax or commercial code (HGB, StGB, AO), or if you have consented to storage for a longer period of time in line with Article 6 para. 1 sentence 1 item a GDPR.

        I) my SBW user accounts (where exist)

        The following mandatory data must be entered to register as a user (buyer) and set up a user account:

        • a valid email address

        • a password of your choice.

        These constitute the login data for your user account.

        You can also provide this voluntary user data:

        • Your first and last name

        • A profile picture

        • Your address (street, post code, city/town, country)

        • Your phone number.

         

        c) Automated customer profile creation

        We create a customer profile for your user account in order for you to use our platform as a registered user. We categorise your customer profile and supplement it with additional data so that you only receive information likely to be of interest to you. To do so we utilise this data:

        • Information about your person (e.g. basic data from your customer profile)

        • The length of your membership

        • Statistics (such as on the manner, frequency and intensity of use of the website), and

        • Your history of retrieved offers, manufacturer brands and sellers.

        We process the aforementioned data for the following purposes:

        • For statistical evaluation

        • For market research

        • To ensure smooth functioning of the platform and to design the platform around user needs

        • To personalise our services, and

        • To deliver advertising to you which is exclusively targeted to your actual or predicted needs so as to eliminate irrelevant advertising.

        We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognised legitimate interest in accordance with the GDPR.

        You may alternatively file objection at any time via e-mail to info@stefanobragawatches.com

        d) Registering for our newsletter

        We use your e-mail address to send you our personalised regular newsletter if you have expressly consented thereto in accordance with Article 6 para. 1 sentence 1 item a GDPR. To receive the newsletter it suffices to provide your e-mail address.

        To receive more personalised newsletter content you can create a customer profile about you based on your collected personal data. This data relates to personal preferences such as product affinities observed on the basis of orders, interests, purchase decisions, preferred shopping time, etc. and is automatically processed and analysed so that relevant offers are predicted for you. Profiling may also be performed without consent on the basis of Article 6 para. 1 item f GDPR given a legitimate interest (see item 2.c) ).

        We may also use your e-mail address without your express consent to send you information about similar products of our company if you are an existing customer and have not objected to the use of your e-mail address. Processing for purposes of marketing to existing customers is done on the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR. Processing of your e-mail address for the purpose of direct marketing is a statutorily recognised interest under the GDPR.

        In either case you can unsubscribe at any time, such as via link at the end of each newsletter. Alternatively, you can unsubscribe at any time by e-mail to info@stefanobragawatches.com

        e) Using our contact form

        You can use a form provided on the website to contact us with questions or contact a merchant or private seller. If you wish ask your question to a merchant or private seller, we forward your contact inquiry to them. For the use of the contact form, the following data is required, without exception:

        • a valid e-mail address and

        • Your specific question or message.

        We process the aforementioned data for the following purposes:

        • to identify you

        • to answer your question, and

        • for forwarding to the relevant merchant or private seller as necessary.

        Additionally, you can voluntarily provide your name and telephone number to enable quicker contact.

        When you use our contact form, we may scan and analyse your message. This is done for fraud prevention purposes and to generally improve communication and customer service.

        Data is processed upon placement of your inquiry, and such processing is required for the above purposes to fulfill the contract and pre-contractual actions in accordance with Article 6 para. 1 p. 1 item b GDPR. Data from contact inquiries is also processed on the basis of our legitimate interests per Article 6 para. 1 sentence 1 item f GDPR. These interests proceed from the aforementioned purposes.

        Personal data we collect when you use the contact form is automatically deleted upon completion of your inquiry.

        3. Disclosure of data

        We only disclose your personal data to third parties if:

        • you have expressly consented thereto in accordance with Article 6 para. 1 p. 1 item a GDPR

        • there is a legal disclosure obligation pursuant to Article 6 para. 1 sentence 1 item c GDPR

        • disclosure is required pursuant to Article 6 para. 1 sentence 1 item f GDPR in order to assert or defend against claims or exercise legal rights and there are no grounds to assume that you have a prevailing legitimate interest in non-disclosure of your data.

        4. Visibility of your data to third parties

        As user and private seller

        Personal data stored in connection with your user account (my account on stefanobragawatches, see items 2.b) I) and II) ) cannot be viewed by third parties unless you have published offers on the platform. When you publish an offer on the platform as a private seller, registered and unregistered users will only be able to see your provider data on the platform if have expressly consented to their publishing in accordance with Article 6 para. 1 sentence 1 item a GDPR.

        5. Cookies and pixels

        We utilise ‘cookies’ and ‘pixels’ or ‘tracking pixels’ on our website to record statistics on website usage and evaluate these for the purpose of optimising our offering (see item b).). These enable us to automatically recognise you have previously visited our website when you revisit it.

        Your data are processed using cookies and pixels for the purposes specified above on the basis of our legitimate interests and those of third parties, in line with Article 6 para. 1 sentence 1 item f GDPR, according to which these interests qualify as legitimate.

        a) Cookies

        Cookies are small files automatically created by your browser which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, Trojans or other malicious software.

        Cookies store data about the specific device used for the respective website visit. This does not mean that we are able to directly discern your identity.

        Cookies are in part utilised to enable us to enhance our offer for you. For example, we utilise what are known as ‘session cookies’ to recognise that you have already visited individual pages of our website, or have already logged in to your user account. These cookies are automatically deleted when you leave our website.

        We also use temporary cookies which are stored on your device for a specific period of time in order to improve the user experience. When you revisit our site to utilise our services, these automatically register that you have visited before and the entries and settings you have made so that you do not have to re-configure these.

        Most browsers are configured by default to accept cookies. You can configure your browser so that cookies are not stored on your computer, or so you receive notification before each new cookie is created. Disabling cookies can however mean that you are unable to utilise some features of our website.

        b) Pixels

        Tracking pixels or just ‘pixels’ are small 1x1-pixel GIF files that can be hidden in graphics, e-mails, etc. when visiting a website. Pixels do not harm your device and do not contain viruses, Trojans or other malware.

        Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us measure reach and conduct other statistical analyses for the purpose of optimising our platform and offerings.

        Most browsers automatically accept pixels. You can use certain tools and browser add-ons to block the use of pixels on our webpages (like the AdBlock add-on for the Firefox browser).

        6. Analysis tools

        a) Tracking tools

        We utilise the tracking tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. We deploy these tracking tools to optimise our website design on an ongoing basis to better meet user needs. In addition we use tracking tools to record website usage statistics which we analyse in order to optimise our offering for you. These interests qualify as legitimate under the provision cited above.

        The data processing purposes and data types are as per the respective tracking tools.

        I) Google Analytics

        We utilise Google Analytics, a web analytics service provided by Google LLC.(1600 Amphitheater Parkway, Mountain View, CA 94043, hereinafter "Google") for the purpose of customising and continuously optimising our webpages. This service involves the creation of pseudonymised usage profiles and use of cookies (see item 5). The information generated by the cookie about your use of this website, such as

        • Browser type/version

        • Operating system used

        • Referrer URL (page last visited)

        • Host name of accessing computer (IP address)

        • Server query time

        are transmitted to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.

        This information is used to analyse use of the website, compile reports on website activity and provide additional services related to website activity and internet usage for the purposes of market research and website design in accordance with user needs. This information may be forwarded to third parties as required by law, and to third parties functioning as data processors. Your IP address will never be compiled with any other data held by Google. IP addresses are anonymised to render cross-referencing impossible (IP masking).

        You may refuse to accept cookies by changing the settings on your browser accordingly; in such case however you may not be able to fully utilise the entire range of the features of this website.

        You can also block the recording of data generated by the cookie concerning your use of the website (including your IP address) and prevent processing by Google by downloading and installing a browser add-on.

        As an alternative to the browser add-on, particularly for browsers on mobile devices, you can opt out of data collection by Google Analytics by clicking on this link. An opt-out cookie is set which blocks future collection of your data when visiting this website. The opt-out cookie is stored on your device and is only valid in that browser and for our website. If you delete the cookies for that browser, the opt-out cookie has to be reset.

        For more information about privacy related to Google Analytics, see the Google Analytics Help Centre.

        II) Google Adwords Conversion Tracking

        We utilise Google conversion tracking to record website usage statistics and analyse these for the purpose of optimising our offerings. Google Adwords places a cookie on your computer (see item 5) when you navigate to our website via a Google ad. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.

        These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages of the website of the Adwords customer and the cookie has not yet expired, Google and the customer can observe that the user clicked on the ad and was redirected to this page.

        Every Adwords customer receives a different cookie. Cookies thus cannot be tracked via the websites of Adwords customers. Information obtained via conversion cookie is used to prepare conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers receive information on the total number of users who have clicked on their ad and were redirected to a page bearing a conversion tracking tag. They do not however receive any information with which the user can be personally identified.

        If you wish to opt out of tracking you can reject cookie placement, for example by configuring your browser to disable the automatic placement of any cookies. You can also disable conversion tracking cookies by configuring your browser to block cookies at "www.googleadservices.com". The Google conversion tracking privacy policy can be found here.

        7. Social Media Plug-ins

        We utilise social plug-ins of the social media networks Facebook, Twitter, Google+ and Instagram to promote our company on our website on the basis of Article 6 para. 1 sentence 1 item f GDPR. This promotional purpose is a legitimate interest within the meaning of the GDPR. The respective providers are responsible for ensuring operation in conformance with data protection laws.

        The social media buttons are integrated with a self-developed solution. This solution prevents you from connecting to a social media network just by opening a web page with a social media button on it without pressing the button, i.e. data are not sent to the social media network unless you hit the button.

        a) Facebook

        Our platform uses social media plug-ins of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) to personalise the experience through usage of "LIKE" and "SHARE" buttons. These are a Facebook offering.

        When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Facebook servers. The plug-in content is sent by Facebook directly to your browser and integrated into the page.

        When a plug-in is integrated, Facebook receives the data the browser you used to access the page of our website in question even if you do not have a Facebook account or are currently not logged in to Facebook. This data (including your IP address) is transmitted by your browser directly to a Facebook server in the US and stored there.

        If you are logged into Facebook, Facebook can directly reference your visit to our website your Facebook account. If you interact with a plug-in such as by pressing a "LIKE" or "SHARE" button, the corresponding information data is also transmitted directly to a Facebook server and stored. This data is posted on Facebook and displayed to your Facebook friends.

        Facebook can use this data for the purposes of advertising, market research and structuring Facebook pages in line with user needs. This involves Facebook creating user, interest and relationship profiles, for example to evaluate your use of our website in relation to advertisements displayed on Facebook, to inform other Facebook users of your activities on our website and to provide other services related to use of Facebook.

        If you do not want Facebook to reference information about you from our website to your Facebook account, you must log out of Facebook before visiting our website.

        Please see the Facebook data privacy noticesfor information regarding the purpose and scope of data collection, further processing and use of data by Facebook, your data privacy rights and data privacy configuration settings.

        b) Twitter

        Plug-ins of the news and social networking firm Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, hereinafter "Twitter") are integrated into our web pages. Twitter plug-ins (Tweet button) bear the Twitter logo, making them identifiable on our website. An overview of Tweet buttons can be found here.

        When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, a direct connection is established between your browser and a Twitter server. Twitter then receives the information that you have visited our page, and your IP address. You can link content from our webpages with your Twitter account by clicking on the Twitter "Tweet" button while logged into your Twitter account. This enables Twitter to cross-reference your visit to our webpages to your user account. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Twitter.

        You should log out of your Twitter account first if you do not want Twitter to be able to cross-reference your visit to our webpages to your Twitter user account.

        For further information see the Twitter data privacy policy.

        c) Google+

        Our website uses plug-ins of Google Plus, social media network operated by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). The plug-ins are recognisable on buttons, for example, by the characters "+1" appearing on a white or coloured background. An overview of Google plug-ins and their appearance can be found here.

        When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Google servers. The plug-in content is sent by Google directly to your browser and integrated into the page. When a plug-in is integrated, Google receives the data the browser you used to access the page of our website in question even if you do not have a Google Plus profile or are currently not logged in to Google Plus. This data (including your IP address) is transmitted by your browser directly to a Google server in the US and stored there. If you are logged in to Google Plus, Google can directly reference your visit to our website to your Google Plus profile.

        If you interact with a plug-in such as by pressing a "+1" button, the corresponding information data is also transmitted directly to a Google server and stored. This data is also published on Google Plus and displayed to your contacts there.

        Please see the Google data privacy noticesfor information regarding the purpose and scope of data collection, further processing and use of data by Google, your data privacy rights and data privacy configuration settings.

        d) Instagram

        Our website utilises Instagram social plug-ins ("plug-ins") operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").

        The plug-ins bear an Instagram logo, such as the “Instagram camera".

        When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Instagram servers. The plug-in content is sent by Instagram directly to your browser and integrated into the page. When a plug-in is integrated, Instagram receives the data the browser you used to access the page of our website in question even if you do not have an Instagram profile or are currently not logged in to Instagram.

        This data (including your IP address) is transmitted by your browser directly to an Instagram server in the US and stored there. If you are logged into Instagram, Instagram can directly reference your visit to our website your Instagram account. If you interact with a plug-in such as by pressing an Instagram button, the corresponding information data is also transmitted directly to an Instagram server and stored.

        This data is also published on your Instagram account and displayed to your contacts there.

        If you do not want Instagram to directly reference information about you from our website to your Instagram account, you must log out of Instagram before visiting our website.

        For further information see the Instagram data privacy policy.

        8. Rights as data subject:

        You have the right:

        • to revoke consent you have granted us at any time in accordance with Article 7 para. 3 GDPR. This applies non-retrospectively, so that without your consent we are no longer allowed to process data thereafter

        • to request information about the personal data of yours which we are processing in accordance with Article 15 GDPR. In particular, you are entitled to receive information about the processing purposes, the types of personal data, the types of recipients to whom your data has been disclosed, the intended storage retention period, about your rights to demand correction, deletion, processing restriction and to file objection, about your complaint rights, the source of your data if not collected by us, and whether automated decision-making is utilised, including profiling, along with relevant details as appropriate

        • to demand the correction of incorrect personal data and the addition of incomplete personal data we have stored, in line with Article 16 GDPR

        • to demand the deletion of your personal data stored by us, except if processing is necessary to exercise freedom of expression speech and information rights, to fulfil a legal obligation, for reasons of public interest or to assert or defend against legal claims or exercise rights, in line with Article 17 GDPR

        • to demand the restriction of your personal data from processing in accordance with Article 18 GDPR if you dispute the correctness of the data or processing is unlawful but you reject its deletion and we no longer need the data yet you require the data in order to assert or defend against legal claims or exercise rights, or if you have filed objection to processing in accordance with Article 21 GDPR

        • to receive your personal data from us in a commonly used, structured, machine-readable format, and to request such to be sent to a different data controller in line with Article 20 GDPR

        • to lodge complaint with a supervisory authority in line with Article 77 GDPR. Generally you should contact the supervisory authority for your primary place of residence, your place of work or our company headquarters.

        9. Right to file objection

        If your personal data are processed on the basis of on legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR, you have the right to file an objection against the processing of your personal data pursuant to Article 21 GDPR given reasons for doing so which pertain to your special circumstances or the objection pertains to direct advertising. In the latter case you enjoy a general right to file objection which we will act upon without your having to outline any special circumstances.

        To exercise your right to file objection it suffices to send a corresponding e-mail to info@stefanobragawatches.com