PRIVACY POLICY

With this privacy policy, we inform you about the processing of your personal data in connection with the offer and provision of our services (hereinafter also referred to as "services"). These include, in particular, your use of our online presences such as websites, mobile applications ("apps") and other digital platforms (collectively "online platforms") , your visits to our sales stores and participation in events, your contacts with our customer service and your communication with us via social media platforms. Furthermore, we inform you about the use of cookies and similar technologies as well as about the data subject rights to which you are entitled under data protection law and the corresponding contact options.

In other situations of contact or data processing, different or supplementary privacy policies (also from third parties) may apply. Therefore, please always take note of the current privacy policies provided at the respective point of contact.

1. RESPONSIBLE ENTITIES AND CONTACT ADDRESSES
Responsible handling of customer data is an important concern for Bucherer. We continuously make adjustments to protect your personal data in accordance with the requirements of the currently applicable data protection laws.

Depending on the contractual partner and/or the location of the customer, the respective Bucherer Group company shall generally be responsible for the processing of your personal data: 

• Bucherer Switzerland: Bucherer AG, Langensandstrasse 27, CH-6005 Lucerne  
• Bucherer Germany: Bucherer Deutschland GmbH, Ridlerstrasse 57, D-80339 Munich, Germany
• Bucherer Austria: Anton Haban Gesellschaft mbH, Kärntner Straße 2, A-1010 Vienna
• Bucherer France: Bucherer France S.A.S., 12, boulevard des Capucines, F-75009 Paris
• Bucherer Denmark: Bucherer Denmark ApS, c/o Aagaard & Partnere Advokatanpartsselskab AUMENTO, Ny Østergade 3, DK-1101 København K
• Bucherer United Kingdom: Bucherer UK Limited, 8-9 Frith Street, GB-London W1D 3JB

hereinafter collectively referred to as "Bucherer Group" or "Bucherer", "we", "us", "our".

Certain data processing operations are carried out by the respective Bucherer Group company together with its parent company Bucherer AG, which is domiciled in Switzerland, as joint responsible entities (cf. section 4), provided that they have a joint decision on the design or purpose of the data processing in question. 

If you have any questions regarding how we process your personal data and the rights associated therewith, as well as any other comments or suggestions, you may at any time contact the relevant data protection contact person or, where appointed, the data protection officer (currently for Bucherer Deutschland GmbH), who can be reached by e-mail at data-privacy@bucherer.com or by post at the address given above with the addition of "Data Privacy". 

The contact details and further information on the companies participating in data processing can also be found at  https://www.bucherer.com/ch/en/imprint.html. 

2. SCOPE, PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF YOUR DATA

Personal data is processed when you use our services and the functionalities made available through them. Personal data are all individual details that relate to you personally or can be assigned to you (hereinafter also referred to as "data"). This includes, for example, your name, address, e-mail address, telephone number or the number or other information of your ID card. Information that does not enable a natural person to be identified does not constitute personal data.

We process personal data in compliance with the applicable data protection laws (such as the Federal Act on Data Protection (FADP), the General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018 ) and all other applicable local laws and regulations.

Processing includes any handling of personal data, in particular the collection, storage, aggregation, anonymisation, use, transmission or deletion.

Your personal data will only be processed if permitted by an applicable legal provision. We will base the processing of your data on the following legal bases, among others:

• Fulfillment of a contract or implementation of pre-contractual measures: In particular, we require certain data from you for the initiation or execution of your contractual relationship with Bucherer. 
• Safeguarding legitimate interests: Bucherer will process certain data in order to protect its interests or the interests of third parties, insofar as your interests as a data subject do not prevail in the individual case.
• Consent: We will only process certain data on the basis of your previously given voluntary consent, which you can revoke at any time with effect for the future.
• Fulfillment of a legal obligation: In addition, we process your personal data to fulfill legal obligations, such as data retention requirements under money laundering law or obligations under commercial and tax law.

In connection with the provision of certain services, it may be necessary to provide certain data. We will inform you in an appropriate manner which data this is in each case (e.g. by identifying *mandatory fields). Without this personal data, we are generally not in a position to offer our services to you. In addition, you can provide voluntary information that is not mandatory for the performance and execution of the order. The storage of the voluntary information is based on our legitimate interests. 

Personal data is processed in detail when using our services for the following purposes and on the basis of the following legal grounds:

2.1 ORDER EXECUTION AND CONTRACT PERFORMANCE
W For the preparation, implementation and processing of our services and contracts (purchase or service request, (guest) order, purchases, purchase and trade-in (esp. Certified Pre-Owned), purchase and use of vouchers, manufacturing, repair and service, exchange, inclusion in product interest and waiting lists, implementation of competitions, events, appointment bookings, use of concierge services, etc.) and communication in this regard, we collect personal data from you and process it in the central customer relationship management database (hereinafter "CRM") of the Bucherer Group for the purpose of customer support, service and contract processing (cf. also section 4). In particular, this also includes the processing of your data for the purposes of invoicing and payment processing, customer advice, delivery of goods, returns as well as the processing of any warranty / guarantee cases and mutual legal claims. 

The information collected about you usually concerns your master data (in particular title, first and last name, address, telephone number, e-mail address) as well as the required service-related information (e.g., desired goods, product data, order data, purchase contract data, service data) and payment data (in particular billing address, means of payment, payment details, bank account data for purchases). We collect the data directly from you when you place an order or initiate and execute a contract in one of our branches, when you make corresponding inquiries via our online platforms (e.g. via contact forms or live chat) or by e-mail, telephone, messanger or mail. Insofar as this is necessary for the provision of our services, we pass on certain master and order/contract data to third parties (cf. Section 6).

In connection with the execution and processing of certain orders/contracts (e.g. in the case of personalised engravings, uploading of information and documents in your customer account), you may disclose personal data of third parties to us. In this case, you are responsible for the lawful disclosure of such data to the respective Bucherer company. We will process this data solely for the purpose of the service you have ordered. 

The legal basis for the aforementioned data processing is the preparation and execution of a contract or the protection of the legitimate interests of Bucherer or a third party.

2.2 PAYMENT, SHIPPING AND INSURANCE
For payment processing and shipping, depending on the contractual partner of your order, we cooperate with the service providers that you can access in the website footer of the respective country website under "Payment" or "Shipping". For the purpose of payment and shipping processing, your payment and master data will be transferred to the respective service provider. For example, for certain types of delivery, we transmit your e-mail address and/or telephone number specified in the ordering process to the shipping service provider for the purpose of tracking the delivery or coordinating the delivery date (especially for express delivery). We do not store any payment data ourselves. 

Particularly via our online platforms, we can offer you insurance solutions, which you conclude directly with the respective provider. For this purpose, we transmit the information specified for the conclusion of the desired insurance to the respective service provider.  

Please also note the applicable privacy policies and security notices of these third-party service providers.

The legal basis for this data processing is usually the performance of a contract with you or our legitimate interests. We have a legitimate interest in enabling communication between you and the respective service provider so that the proper execution of the corresponding contract can be ensured. You can generally object to the processing of your data on the basis of our legitimate interests. For this purpose, please refer to section 8 and send a message to the contact details mentioned in section 1.

2.3 CONTACT AND CUSTOMER SERVICE
We collect and process data in the context of contacts and customer service and other interactions with us. The information collected concerns your basic and contact information (title, name, address, date of birth, e-mail address, telephone number) and any other information you may voluntarily provide (e.g., interests and preferences regarding product assortment; preferred brands, models and materials; precious metal allergies; hospitality preferences; hobbies; family event information such as wedding date and family circle; nationality; event attendance; social media profiles) and responses to contact activities and sales. nationality; participation in events; social media profiles) as well as responses to contact activities and sales and other business data at Bucherer (reservations, orders, purchases, exchanges, repairs, merchandise, price, place of sale, time, etc.), which are transmitted to and recorded by us in the sales transaction or by e-mail, telephone or otherwise electronically (e.g. by messenger or via social media channels). 

This data is used to contact you in this context, to provide you with the best possible advice when making purchases in Bucherer sales stores or via our online platforms, to evaluate it for internal analysis purposes or for personalised marketing purposes and, on this basis, to address you in a targeted manner – by e-mail, post, telephone or messenger – within the scope of the statutory provisions (cf. section 3). 

If the legal basis for data processing in connection with contacts and customer care is not the preparation and execution of a contract or the protection of the legitimate interests of Bucherer or a third party, it shall be based on your consent.  Your consent is valid until revoked. You may revoke your consent at any time with effect for the future (cf. section 3).

2.4 PLATFORM VISITS
By visiting our online platforms, information regarding your access such as the IP address of the requesting end device; the name of the retrieved website/file; the website from which you visit the online platform (referrer URL); date and time of the server request; browser type and version; operating system used by the requesting end device; search term with which the website was found, for example via Google, may be stored.

We process this data on the basis of our legitimate interests to provide the online platforms, to ensure the technical operation and security of our information technology systems. In doing so, we pursue the interest of enabling and permanently maintaining the use of our online platforms and their technical functionality. When you access our online platforms, this data is automatically processed. We do not use this data for the purpose of drawing conclusions about your identity.

The automatically collected data is usually deleted after 14 days, unless there is another legal basis. If the latter applies, we shall delete the data after the other legal basis ceases to apply.

We cannot comply with an objection to the collection and storage of your server log data, as this data is absolutely necessary for the smooth operation of the online platforms.

Furthermore, we may analyse and process data in connection with your use of the platform by using cookies and other tracking technologies (cf. sections 2.9-2.11 and our Cookie Policy) and, if technically possible, assign it to an existing user profile (cf. section 2.8 below). 

2.5 CUSTOMER ACCOUNT AND LOGINS
On our online platforms, it is possible to create a password-protected, personal customer account or, if offered, to register by means of a social login (such as offered by Google, Twitter or Facebook). During this registration, a user profile is created from the data collected on the registration form or shared by the respective social login provider, as well as any data updated and additionally collected in the course of a subsequent interaction, or assigned to an already existing user profile and stored and managed in the central CRM database of the Bucherer Group (cf. section 4). In your customer account, where offered, you have the possibility to manage your contact data, view transactions, create and manage digital watch collections, specify preferences and change marketing settings (cf. also section 3). Depending on the online platform, the range of functions of the customer account may vary. As a rule, you have access to your customer accounts (e.g. web and app) with the same password.

The information collected in the context of the creation of a customer account is generally your master and contact data (in particular title, first and last name, address, telephone number, e-mail address, password) as well as any other information and data voluntarily provided or uploaded in the customer account (e.g. on interests and preferences regarding the product range, preferred brands/models, preferences regarding hospitality, birth and wedding date, watch (collections) and corresponding photographs) as well as sales and other business data at Bucherer (reservations, orders, purchases, exchanges, repairs, goods, price, place of sale, time, etc.), which are transmitted and recorded in the sales transaction or by e-mail, telephone or otherwise electronically. 

In the case of a social login, certain information such as name, e-mail address, and other public information is retrieved from your social media profile to provide you with a simplified login and personalised user experience. This information is used by us solely to authenticate and manage your account. Please note that we do not have access to your password and have no control over your social media account. We recommend that you regularly check the privacy policy and privacy settings of your social media provider to be aware of how they use your information.

If you are logged into your customer account at the same time as you visit the online platform, information about your behaviour (e.g. shopping cart information and wish lists) can be processed and assigned to your user profile. 

Within the scope of registration and renewed registrations as well as the use of our online platforms, we reserve the right to store the IP address and the time of the respective access. The storage is based on our legitimate interests in protecting against misuse and other unauthorised use of our online platforms. This data will only be passed on to third parties if this is necessary to pursue our claims or if there is a legal obligation to do so.

The registration of a customer account is in principle voluntary, unless it is intended for the use of certain services. If the legal basis for data processing in connection with a customer account is not the preparation and execution of a contract or the protection of the legitimate interests of Bucherer or a third party, this will be based on your express consent.  Your consent shall be valid until revoked. You may revoke your consent at any time with effect for the future (cf. section 3).

2.6 LOCATION DATA
Some of the services we offer (especially when using our online platforms) may access and process location data. This happens, for example, when you use the localisation function to find a sales location near you. Location data may be collected via your IP address, browser, GPS, sensors, signals or Wi-Fi access points and is used to provide you with a personalised and optimised service.

The processing is generally based on your consent. You have the option to revoke your consent to the processing of location data at any time by making the appropriate settings on your device and/or revoking your consent via the respective cookie settings (cf. also our Cookie Policy). Please note that in this case, some functions of our services may no longer be fully available.

2.7 DATA FROM THIRD-PARTY SOURCES
We may use data about you from public sources (such as social media profiles) to optimise our services (such as providing more targeted advice). The data from third-party sources may include information about your preferences, interests, and demographic characteristics. The processing of this data is based on our legitimate interests. 

In principle, you have the right to object to the processing of your data from third-party sources. Please refer to section 8 for the right to object to data processing based on our legitimate interests.

Based on your consent (cf. section 3), we may also use data in the context of a so-called customer match (cf. also section 2.11). In this case, we transmit data (such as an e-mail address, telephone number or other identification features) in encrypted form to social media platforms (such as Facebook) or advertising platforms (e.g. Google), which match this data with data that you have accordingly. If this results in a match, this means that the user is also active on this third-party platform. Based on the matched customer data, a target group is created, which enables us to target advertising campaigns to this target group, resulting in a higher relevance and effectiveness of the advertising. Depending on the third-party platform, different advertising formats such as social media ads or search engine advertising can be used.

You have the option to revoke your consent to customer match at any time by revoking your overall consent via the preference centre (cf. section 3). 

2.8 USER PROFILES
In the context and scope of the interactions with us as described in section 2, we create a user profile and maintain it in our CRM database (cf. section 4). 

User profiles help us to better understand the behaviour and interests of our customers. This enables us to continuously improve our services and, if you wish, to address you individually, i.e. based on your interests and usage.

We may merge user profiles with other customer data we lawfully process (e.g., name, contact information, user and purchase behaviour including purchase history, demographic data, interests and preferences regarding product assortment such as preferred brands, models and materials, hospitality preferences) or associate them with an existing one.

If the legal basis of the data processing in connection with the creation of a user profile is not the preparation and execution of a contract or the protection of the legitimate interests of Bucherer or a third party, it will be based on your consent. Your consent is valid until revoked. You may revoke your consent at any time with effect for the future (cf. section 3 and section 8).

2.9 COOKIES AND TRACKING TECHNOLOGIES
We use cookies and other tracking technologies (collectively "cookies") on our online platforms. Please refer to the relevant Cookie Policy, which is also linked on the respective online platform. 

2.10 PLATFORM USAGE AND BEHAVIOUR
When you use our online platforms, we collect, analyse and use data regarding this usage and generally regarding your behaviour. This is the case, for example, when you shop in our online store or when you use our websites and apps (e.g., shopping carts created and abandoned, watch lists, items viewed, search terms and results, ratings given and comments).  We use various technologies for this purpose, the most important of which are mentioned below.

2.10.1 GOOGLE ANALYTICS / GOOGLE FIREBASE
If you have consented or if we can claim legitimate interests in the use of specific functions, we use Google Analytics and/or Google Firebase (cf. below), web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").

Google Analytics uses so-called cookies. The information generated by the cookie about your use of our online platforms is usually transferred to a Google server in the USA and stored there. The legal basis is your consent. We expressly reserve the right of recourse to other legal bases. Any data transfers to the USA are subject to the EU standard contractual clauses concluded with Google's parent company Google LLC.

On our behalf, Google will use this information for the purpose of evaluating your use of the online platforms, compiling reports on online activities and providing us with other services relating to platform usage. Pseudonymous usage profiles can be created from the processed data.

We only use Google Analytics with IP anonymisation enabled. This means that the IP address of the user is shortened by Google within member states of the European Union (EU) or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases shall the full IP address be transferred to a Google server in the USA and shortened there. 

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is usually after 14 months.

You can revoke any consent you may have given to the use of Google Analytics via the respective cookie settings at any time. Furthermore, you can also technically prevent the storage and use of cookies through appropriate browser settings or browser add-ons (cf. also our Cookie Policy). You can also prevent the collection of data generated by cookies and related to your use of our online platforms (including your IP address) and the further processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can learn more about Google's use of data, setting options and objection options on Google's websites under the following links:

• https://policies.google.com/technologies/partner-sites?hl=en ("How Google uses information from sites or apps that use our services"),
• https://policies.google.com/technologies/ads?hl=en ("How Google uses cookies in advertising"),
• https://www.google.de/settings/ads?hl=en ("Settings for personalized ads").

We also use Firebase, an analytics and monitoring tool for mobile and web apps, from Google. By using Google Firebase, certain information about your use of our online platforms (such as device information, IP addresses, app usage data) may be collected and processed. 

Google Firebase services can use so-called "Instant IDs". Instant IDs are uniquely assigned identifiers that are provided with a timestamp and enable the linking of different events or processes in connection with the app. This data is used to analyse and optimise user behaviour, such as evaluating crash reports. According to Google, these Instant IDs do not process any personally identifiable data. For Firebase Analytics, Google also uses the advertising ID of the end device.

You can object to data collection by Google Firebase at any time with future effect by deactivating data collection for Firebase Analytics in the app settings or restricting the use of the advertising ID in the device settings of your mobile device.

For Android: Settings > Google > Ads > Reset Ad ID

For iOS: Settings > Privacy > Advertising > No ad tracking

You can view Google Firebase's privacy policy here: https://firebase.google.com/support/privacy?hl=en

2.10.2 MOUSEFLOW
If you have consented to the corresponding use of cookies, we use Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, on our website.

Mouseflow uses cookies through which we can track the activity of randomly selected website visitors. In particular, the following data is processed:

Mouse movements, clicks, scroll movements, information about your browser, type of terminal device, operating system, language, screen resolution, IP address (anonymised).

This tracking is done anonymously or pseudonymously, i.e. there is no possibility for us to clearly identify the respective website visitors at any time.

The web analysis by Mouseflow is based on your consent for the purpose of optimising our website according to your needs. 

You can revoke your consent to web analysis by using Mouseflow at any time via the respective cookie settings. Furthermore, you can also technically prevent the storage and use of cookies through appropriate browser settings or browser add-ons (cf. also our Cookie Policy). You can also prevent web analysis via Mouseflow using the following link: https://mouseflow.com/opt-out/

We cannot exclude that data may be transferred to the Mouseflow parent company (Mouseflow Inc.) in the USA within the context of the use of Mouseflow. Any data transfers to the USA are subject to the EU standard contractual clauses.

Further information and Mouseflow's privacy policy can be found at https://mouseflow.com/legal/visitor/ and at https://mouseflow.com/legal/gdpr/.

2.10.3 ROLEX RANGE
When you visit the Rolex section of our website, some cookies are controlled by ROLEX SA ("ROLEX"). 

Where you have consented or a legitimate interest in the use of specific features can be claimed, ROLEX uses performance and tracking solutions to improve your experience and provide you with the best possible online experience that meets your needs. Adobe Experience Platform Launch (Tag Manager), Adobe Analytics, and Content Square are used to analyse and track user behaviour on the Rolex site. You can find the relevant Rolex cookie policy and Adobe and Content Square privacy notices at the following links:

• ROLEX Cookie Policy: https://www.rolex.com/en-us/legal-notices/cookies
• Adobe privacy notice: https://www.adobe.com/en-us/privacy/policy.html
• Content Square Privacy Notice: https://contentsquare.com/privacy-center/

You can revoke your consent to web analysis and tracking by ROLEX at any time via the cookie settings. Furthermore, you can also technically prevent the storage and use of cookies through appropriate browser settings or browser add-ons (cf. also our Cookie Policy).

2.11 RETARGETING/REMARKETING
On our online platforms, we use so-called retargeting/remarketing services from third-party providers. Based on your consent, data is collected by means of cookie/tracking technologies for the purpose of optimising our advertising and our online offer. This data is not used by us to identify you personally, but is used to evaluate the use of our online platforms and to target users who have already shown interest in our content and offers with interest-based advertising on our own or third-party online platforms (such as social media platforms). The insertion of advertising on our online platforms or on the websites of our partners is based on an analysis of previous usage behaviour. According to the providers of the retargeting/remarketing services we use, the creation of usage profiles is generally anonymised or pseudonymised. You can find out which key third-party providers we work with, how your data is processed in this context, and how you can deactivate retargeting/remarketing technologies in the following sections:

2.11.1 GOOGLE MARKETING PLATFORM / GOOGLE ADS
We use the remarketing or "similar target groups" function in Google Ads/Google Marketing Platform (formerly DoubleClick by Google) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our online platforms.

Google uses cookie/tracking technologies that are stored on your terminal device to enable an analysis of your use of the online platforms and to display ads for products or services that may be of interest to you. According to Google, the cookies used for this purpose do not contain any personal information. The information generated by the cookie/tracking technologies about your use of the online platform(s) will be transmitted to and stored by Google on servers in the United States. If you are registered and logged in to a Google service, Google can associate your visit to our online platforms with your account. Even if you are not registered with Google, Google may learn your IP address and create and store personal usage profiles. We only use the function offered by Google for matching with customer lists with your prior consent (cf. section 2.7). 

For more information on the analysis of your search/surfing behaviour, click here:

• https://www.google.com/intl/en/policies/privacy/ and
• https://policies.google.com/technologies/ads?hl=en and
• https://marketingplatform.google.com/about/enterprise?hl=en

You can disable Google's interest-based advertising at the following link: http://www.google.com/settings/ads/plugin?hl=en

2.11.2 FACEBOOK PIXEL
We also use services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook"), such as the Facebook pixel, on our online platforms for retargeting/remarketing purposes.

When you visit certain of our online platforms and insofar as you have given us your consent to do so, a direct connection is established between your browser and the Facebook server via the Facebook pixel. Facebook thereby receives the information that you have visited our online platform(s) and we can thus design our Facebook activities more effectively and, for example, display posts or ads only for visitors to our online platforms or predefined customer groups (so-called "custom audiences"). In addition, the Facebook pixel enables us to analyse the use of the online platform(s) and to display ads about content and offers that might interest you. The data collected is only transmitted to Facebook in encrypted form and is anonymous for us, i.e. the personal data of individual users is not visible to us. We only use the custom audience "Advanced Matching" function to match customer lists with your prior consent (cf. section 2.7).

We are jointly responsible with Facebook for the exchange of data that Facebook collects or receives via the pixel or comparable functions, for the display of advertising information that corresponds to the interests of users, the improvement of ad delivery and personalisation of functions and content (but not further processing). We have therefore concluded a corresponding supplementary agreement with Facebook. Users can therefore submit requests for information and other data subject requests related to shared responsibility directly to Facebook.

For more information on the Facebook pixel, the type, scope, purposes, legal basis and objection options to data processing by Facebook, as well as your settings options to protect your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy/ and at https://www.facebook.com/business/learn/facebook-ads-pixel.

You can revoke any consent you may have given to our storage and use of cookies (including the Facebook pixel) for retargeting/remarketing purposes at any time with effect for the future via the respective cookie settings. In addition, you can technically prevent the storage and use of marketing cookies (including the Facebook pixel) through appropriate browser settings or browser add-ons (cf. our Cookie Policy).

2.11.3 TIKTOK PIXEL
We use the services of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter "TikTok"), such as the TikTok pixel, on our online platforms for retargeting/remarketing purposes.

When you visit certain of our online platforms, and to the extent that you have given us your consent to do so, a direct connection is established between your browser and the TikTok server via the TikTok pixel. TikTok thereby receives information about your visit to our online platforms, such as information about certain interactions with our online platforms (clicks or product views), your IP address, and device and browser information. This allows us to make our TikTok activities more effective and, for example, to display posts or ads only to visitors of our online platform(s). In addition, the TikTok pixel enables us to analyse the use of the online platforms and to display ads about content and offers that may be of interest to you. The collected data is anonymous for us, i.e. the personal data of individual users is not visible to us. We only use the custom audience "Advanced Matching" function to match customer lists with your prior consent (cf. section 2.7).

For more information on the TikTok pixel, the nature, scope, purposes, legal basis and objection options of data processing by TikTok, as well as your settings options for protecting your privacy, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=en and at https://ads.tiktok.com/help/article?aid=6669727593823993861.

You can withdraw your consent to our storage and use of cookies (including the TikTok pixel) for retargeting/remarketing purposes at any time with effect for the future via the respective cookie settings. In addition, you can technically prevent the storage and use of marketing cookies (including the TikTok pixel) through appropriate browser settings or browser add-ons (cf. our Cookie Policy).

2.12 SOCIAL MEDIA FUNCTIONALITIES
On our online platforms you will find links (hyperlinks) to our social media profiles of the social networks and platforms of Facebook, LinkedIn, Instagram, Twitter, YouTube and Pinterest. These services are offered by the companies listed below (hereinafter also "social media providers"):

• Facebook and Instagram are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook", "Instagram"); Privacy Policy: https://www.facebook.com/privacy/explanation
• LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"); Privacy Policy: https://www.linkedin.com/legal/privacy-policy
• Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"); Privacy Policy: https://twitter.com/en/privacy
• YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube" or "Google"); Privacy Policy: https://www.google.de/intl/en/policies/privacy/
• Pinterest is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"); Privacy Policy: https://policy.pinterest.com/en/privacy-policy

For the purpose and scope of the data collection and further processing and use of the data by these social media providers, as well as your rights in this regard and the available settings options to protect your privacy, please refer to the privacy notices of the relevant social media provider linked above.

If you press on the relevant icons of these social media providers, you will automatically be redirected to our profile with the relevant network. In order to use the functions of the relevant network there, you must, in individual cases, log in to your user account with the relevant network. If you do not want a social media provider to be able to assign the click of a link leading to its offer to your user account there, you must log out of the respective service before clicking such a link. Even if you are not logged in to the social media provider, data may be sent to the social media provider via the use of cookies after clicking on a link. Insofar as we are jointly responsible with the provider for certain processing, we shall enter into a corresponding agreement with the provider, the main content of which you can find out from the provider. For more information on data processing by the corresponding social media providers, please refer to their privacy policies.

Furthermore, our online platforms may contain so-called plugins from social media providers (such as Facebook, Twitter, Pinterest and Google+) (such as "Share" or "Like" buttons). These buttons are backed by a link to the corresponding social media platform. 

If you select one of the functionalities provided and click on the icon of the relevant social media provider, a direct connection is established between your browser and the server of the relevant social media platform. This provides the social media provider with the information that you have visited our platforms with your IP address and called up the link. If you call up a link to a social media platform while logged into your account with the provider in question, the content of our site can be linked to your profile with the corresponding social media provider, which means that the provider can assign your visit to our website directly to your user account. If you would like to prevent this, you should log out before activating corresponding links. An assignment will take place in any case if you log in to the relevant social media provider after activating the link.

2.13 ABUSE CONTROL
Due to manufacturer specifications, we are contractually obligated to sell watch models only to end customers and authorised distributors. In addition, the sale of specific models to the same customer is limited to a certain number of units. In order to verify compliance with these requirements and to prevent abusive inquiries and unauthorised trading (e.g., receiving stolen goods and plagiarism), we match order-related data with any information already stored about the customer in our CRM database. This may include identification by means of presentation and, if necessary, copy of a valid identification document.  In the event of suspected misuse, we may also undertake appropriate investigations to the extent necessary (e.g. comparison of the personal details provided with an identification document, comparison with data from public sources and information files). For the aforementioned purposes, it may also be necessary to pass on your master data to the respective manufacturer of the product.

Furthermore, we process data from surveillance systems (e.g. video surveillance) in our sales stores to protect our employees, our customers and our property. In addition, any separate privacy policies communicated in the respective sales transaction regarding the use of such surveillance systems apply.

The legal basis for this processing is the protection of the legitimate interests of Bucherer or a third party. Both the respective manufacturer and we have a legitimate interest in the prevention of unauthorised trade/resales and abusive inquiries as well as the prevention and investigation of criminal offences and the safeguarding of secure business operations. You may object to this processing of your data under the conditions set out in section 8.

2.14 FULFILMENT OF LEGAL OBLIGATIONS
Under certain circumstances, we are obliged to collect information on the identity of a contracting party or the persons or beneficial owners acting on its behalf for the purposes of identification pursuant to money laundering law (in general this includes name, place and date of birth, nationality, residential address, information on the business relationship and, where applicable, further information on the contracting party) and to carry out an identity check using a valid identification document. In this context, it may also be necessary to collect and process information from publicly accessible sources (e.g. public registers, Internet) and to obtain and retain a copy of a valid identification document. The legal basis for this data processing is the fulfilment of legal obligations in conjunction with the provisions from the relevant money laundering regulations. 

Furthermore, we process personal data for the fulfilment of other legal obligations, such as for the fulfilment of documentation and storage obligations under commercial or tax law. The legal basis is the fulfilment of the respective legal obligations.

3 MARKETING

3.1 COMPREHENSIVE MARKETING APPROACH
Via contact and registration forms, you have the option of giving us your consent to comprehensive processing and use of your data for marketing purposes and corresponding contact via the communication channels you have specified - in particular by e-mail, telephone (incl. messenger services), online platforms (e.g. push notifications) and/or social media ("overall consent"). For this purpose, we initially collect and store the following data (* mandatory data):

E-mail address*, title*, first name*, last name*, phone number, address, country.

As part of the comprehensive marketing approach, you will receive interest-based information on our products, services and benefits as well as recommendations in this regard based on your consent and the information stored by us and created in the future in your user and/or customer profile (cf. section 2.8 and section 2.5). In doing so, we pursue the following purposes in particular:

• To analyse, evaluate and optimise the use of our services;
• To provide you with personalised content as well as product recommendations and exclusive offers based on your transactions, service usage and individual interests;
• To make you aware of services related to purchased products;
• To invite you to exclusive events;
• To measure the use and success of marketing activities;
• To make our own and partner advertisements more interesting and thus also address you on other channels (such as social media platforms and advertising networks) (remarketing/retargeting);
• To offer you social media services;
• To conduct and evaluate e-mail campaigns;
• To provide you with customer surveys and evaluate them

The consent to the comprehensive marketing approach is logged by us in order to be able to prove the registration process and the consent therein pursuant to the legal requirements. The logging of consent and the processing of the data entered by you during consent that is necessary for this is accordingly based on our legitimate interests.

If, at a later date, you wish to revoke your consent to the collection, processing and use of your data for marketing purposes and the related contacts by Bucherer in whole or in part, you may do so at any time via the preference centre using preference settings in your Bucherer customer account as well as via the unsubscribe link in our e-mail communication or by contacting our customer service (cf. contact details under section 1) / your sales consultant. 

We would like to point out that in the context of sending promotional e-mails, we evaluate your user behaviour with regard to our promotional e-mails. For this evaluation, the e-mails sent contain so-called web beacons, also called tracking/counting pixels, as well as correspondingly coded links. Web beacons are single-pixel image files that link to our online platforms and, together with coded links, enable us to evaluate your user behaviour with regard to our promotional e-mails (so-called open or click tracking). This is done by collecting technical information, e.g. regarding your browser, your system, your IP address and the time of the retrieval of the e-mail or the retrieval of the link by means of web beacons and coded links, which can be assigned to your e-mail address and linked to an own ID and assigned to your user profile. 

So-called open tracking by means of web beacons is not possible if you have deactivated the display of images by default in your e-mail program. In this case, however, our promotional e-mails will not be displayed to you in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place. You can only prevent so-called click tracking by not clicking on links in the respective e-mail. 

3.2 ADVERTISING APPROACH TO EXISTING CUSTOMERS
If we have received your data in connection with an order/purchase you have made, we may send you promotional e-mails with information about similar goods and services from us, provided that a legal requirement for permission is met. In doing so, we usually process the following data: e-mail address, title, first name, last name and/or address.

This is done for advertising purposes on the basis of a legal authorisation as well as to protect our legitimate interests in maintaining existing customer relationships and the associated advertising approach.

Furthermore, we reserve the right to address you as an existing customer by post, unless you have objected to such an approach.

As an existing customer, you can object to being contacted by us for advertising purposes at any time. In this case, you will not receive any further promotional information about our goods and services from us based on our legitimate interests. To exercise your right to object, it is sufficient to send a message in text form (e.g. by e-mail) to the contact details listed under point 1. Of course, you will also find an unsubscribe link in every promotional e-mail.

4 CRM DATABASE AND SHARED RESPONSIBILITY INFORMATION
For the purposes of the uniform provision of the online platforms, financial and resource planning, customer management, marketing activities, order processing and data analysis, Bucherer uses centrally managed systems throughout the Group. These systems are used to manage, maintain and process customer, order/contract and other data from various sources (e.g. data on the use of the online platforms and your interactions with us) uniformly throughout the Group to the extent and for the purposes described in section 2. 

Within this framework, other Group companies may have access to the information stored therein to the extent that this is necessary, in particular, for internal administrative and customer service purposes or for purposes of abuse control.

The legal basis for the associated intra-Group transfer of personal data is generally the protection of the legitimate interests of Bucherer or a Bucherer Group company. Bucherer has a legitimate interest in processing this data in central systems in order to enable cross-branch and cross-company customer care and better customer service by Bucherer, to prevent unauthorised trading and abusive inquiries, and to implement uniform technical and organisational security measures. The use of these systems by the companies of the Bucherer Group listed under section 1 shall be carried out in each case under joint responsibility with Bucherer AG. Against this background, the companies of the Bucherer Group have concluded an agreement on joint responsibility. The agreement essentially contains the following:

• Areas of responsibility: Responsibility for the operation and administration of the systems and the management of the customer and order data stored therein as well as for related data protection concerns (e.g. requests for information or deletion by customers) is primarily the responsibility of Bucherer AG with its registered office in Switzerland (parent company). The collection and updating of data in the systems, e.g. in the context of customer registration, order execution or contract fulfilment, as well as related customer communication, is generally carried out via the respective branches or online platforms of the individual Bucherer Group company, which is responsible in this respect. All companies process personal data in accordance with the relevant statutory data protection provisions.
• Data security: Bucherer AG with its registered office in Switzerland (parent company) is primarily responsible, in addition to the respective responsible Group companies (cf. section 1), for ensuring adequate security of personal data in the context of processing in the centralised systems and for implementing appropriate protective measures and the fundamental data protection principles (e.g. through authorisation management and access control, implementation of a deletion concept, privacy by design). 
• Information and notification obligations: The information obligations are fulfilled by the respective responsible Bucherer Group company (cf. section 1) with this Privacy Policy itself. The fulfilment of any reporting obligations in the event of a data protection incident shall also be the responsibility of the respective responsible Bucherer Group company, whereby all companies shall support each other to the best of their ability and provide each other with all information necessary for this purpose.
• Data subject rights / contact person: Each company of the Bucherer Group is responsible for processing and responding to data protection inquiries and concerns of its own customers. This means that your contact person in all data protection matters is the respective Bucherer company (cf. section 1). Insofar as you wish to make use of your data protection rights (e.g. request for information or deletion), you may contact the respective data protection contact person or the data protection officer at any time using the contact details provided in section 1. Insofar as this should be necessary to implement your request, the companies of the Bucherer Group will inform and support each other without delay and provide each other with all information necessary to respond to requests for information and other requests.

If you have any further questions about the shared responsibility agreement, you can contact the relevant data protection contact person or the data protection officer at any time (cf. section 1).

5 DURATION OF DATA STORAGE
Unless otherwise specified, your personal data shall be deleted or, in individual cases, anonymised as soon as it is no longer required for the purposes stated in each case within the scope of the individual services, there is no other legal basis for further processing, or deletion is necessary for us to fulfil a legal obligation. In addition, a longer storage of your data may be necessary if and insofar as this is required for the fulfilment of a legal obligation (e.g. commercial and tax retention obligations, which may amount to 10 years, for example, depending on the local legal regulation) or for other legitimate reasons (e.g. for the enforcement of legal claims). The customer data collected based on your consent shall be deleted, unless there is a legal basis for further processing of this data, insofar as you revoke your consent. 

6 DATA RECIPIENT
In addition to the cases of transfer of certain customer data to other companies of the Bucherer Group and service providers mentioned in this data protection information, your data will be transferred to the following recipients if this is necessary for the performance of our services, if we have your consent for this or if another legal permission exists:

In particular, your data may be disclosed to the following recipients: 

• In the context of contract processing and the provision of the services offered, as well as to fulfil legal obligations, it may be necessary for us to use other external service providers (such as, in particular, postal and shipping service providers, credit institutions and payment service providers, insurance providers, travel providers, credit check and collection service providers, marketing agencies, mailing providers, web, cloud and IT service providers, data destruction companies) as well as external consultants (e.g. lawyers, money laundering officers, auditors, tax consultants). A transfer of your data to these service providers shall only take place in accordance with the relevant legal provisions, in the case of commissioned processing under the application of appropriate contracts. In certain situations, you may enter into separate contracts with individual service providers (e.g. payment and insurance providers). Please also note their privacy policies and security notices linked at the respective point of contact. 
• For the fulfilment of warranty services of the respective manufacturer or in the context of joint events or promotions as well as in connection with limited goods, waiting lists, certificates and custom-made products it may be necessary for us to share your personal data with manufacturers or brand partners. The legal basis for such disclosure is usually the requirement for contract performance or a legitimate interest arising from the aforementioned purposes.
• To companies of the Bucherer Group.
• Disclosure of personal data in connection with company acquisitions, mergers and sales. 
• In addition, we may be required to disclose your personal data to other recipients in the course of fulfilling legal obligations, such as to authorities for the fulfilment of legal notification obligations (e.g. supervisory, financial or law enforcement authorities).

7 DATA PROCESSING IN THIRD COUNTRIES
If we transfer your personal data to third countries outside Switzerland, the European Union (EU) or the European Economic Area (EEA), we ensure before the transfer that, apart from exceptional cases permitted by law, either an adequate level of data protection exists at the recipient or you consent to the data transfer. An adequate level of data protection is guaranteed, for example, by the conclusion of EU standard contractual clauses or the existence of so-called Binding Corporate Rules (BCR). 

8 YOUR RIGHTS
The rights set forth in this section may be subject to certain exceptions or additional requirements under applicable data protection laws.

• Right to information: You can request information about your personal data processed by us at any time. The provision of information is subject to the rights and freedoms of other persons who may be affected by the transfer of the data.
• Right to rectification: You may request the rectification of incorrect or incomplete personal data stored by us.
• Right to deletion: In addition, you may in principle request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
• Right to restriction of processing: You may request the restriction of the processing of your personal data. This applies in particular insofar as you dispute the accuracy of the personal data stored by us or you have objected to the processing. In this case, we shall restrict the data for the duration of the examination of your request.
• Right to data portability: You have the right to receive your personal data that you have provided to us in a structured, customary and machine-readable format or, if technically feasible, to request that it be transferred directly to another responsible individual. This right to data portability only exists if the processing is based on your consent or on a contract and is carried out with the help of automated processes.
• Right to object to data processing on the basis of legitimate interests: You may object to the processing of your personal data on grounds relating to your particular situation at any time, insofar as we are processing your data to safeguard legitimate interests. In the event of a justified objection, we shall refrain from any further processing of your data, unless it is necessary for overriding, compelling as well as legitimate reasons or for the assertion, exercise or defence of legal claims. The right to object may be subject to restrictions in accordance with the applicable data protection laws.
• Right to object to data processing for direct marketing: Insofar as we process your personal data for the purpose of direct marketing, you have the right to object without restriction at any time to the processing of your data for the purpose of such marketing. In this case, it is not necessary to specify a particular situation. This also applies to any profiling, insofar as it is related to such direct advertising. In the event of your objection, processing for the purposes of direct marketing will cease immediately.
• Right of revocation: If we process personal data based on consent given by you, you are also entitled to revoke your consent at any time. Your revocation results in the fact that we will no longer continue the data processing, which was based on this consent until that point in time, in the future. If you wish to revoke your consent to the use of certain cookies, please refer to our explanations in the Cookie Policy.

To exercise your data protection rights, please contact the relevant data protection contact person or the data protection officer. You will find the contact details under section 1 of this Privacy Policy. Please note that depending on the applicable data protection laws, the exercise of the aforementioned rights may be structured or restricted in different ways or may depend on different prerequisites. In order to prove the identity of the person exercising your rights mentioned in this section 8, Bucherer may in individual cases request the presentation of identification documents and process them accordingly.

9 RIGHT OF APPEAL
If you are of the opinion that our processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation. An overview and the contact details of all European supervisory authorities can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

10 SECURITY
We take technical and organisational security measures to protect your personal data in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. These security measures are regularly adapted taking into account the state of the art and market developments.

Our employees are bound to confidentiality.

11 CHANGES
From time to time, it may become necessary to adapt the content of this Privacy Policy. We therefore reserve the right to amend it at any time. 

We recommend that you inform yourself about the current version of this Privacy Policy as soon as you visit our online platforms again.

German version September 2023.