In other situations when contacting our company or in relation to data processing, deviating or supplementary data protection provisions (which may be drafted by third parties) may apply. Therefore, please familiarise yourself with the current data protection provisions made available at the relevant point of contact.
1 Data controller and contact details
At Bucherer, we attach importance to the responsible management of customer data. We continually update our rules so as to ensure the protection of your personal data in accordance with the data protection legislation in force at any given time.
The entity responsible for processing your personal data, depending on the contracting party and/or the customer’s location, is the relevant Bucherer Group company:
Bucherer Switzerland: Bucherer AG, Langensandstrasse 27, CH-6005 Luzern
Bucherer Germany: Bucherer Deutschland GmbH, Ridlerstraße 57, D-80339 München
Bucherer Austria: Anton Haban Gesellschaft mbH, Kärntner Straße 2, A-1010 Wien
Bucherer France: Bucherer France S.A.S., 12, boulevard des Capucines, F-75009 Paris
Bucherer Denmark: Bucherer Denmark ApS, c/o Aagaard & Partnere Advokatanpartsselskab AUMENTO, Ny Østergade 3, DK-1101 København K
Bucherer Great Britain: Bucherer UK Limited, 8-9 Frith Street, GB-London W1D 3JB
hereinafter jointly referred to as ‘Bucherer Group’ or ‘Bucherer’, ‘we’, ‘us’, or ‘our’.
Some types of data processing is carried out by the Bucherer Group company together with the parent company of Bucherer AG based in Switzerland as joint controllers (see section 4), insofar as they jointly decide on the form or the purpose of the data processing operation in question.
If you have any questions regarding the processing of your personal data by us and the associated rights or any observations and suggestions, you can contact the relevant data protection contact person or data protection officer if such a post exists (currently, in the case of Bucherer Deutschland GmbH), the latter can be reached via email at email@example.com or by post using the addresses provided above with the addendum ‘Data Privacy’.
You can also obtain the contact details and further information on the companies involved in data processing at https://www.bucherer.com/imprint.html.
2. Scope, purposes and legal basis for processing your data
When you select and use our services and the functions made available in relation thereto, personal data is processed. Personal data consists of any individual items of data concerning you or which can be attributed to you (hereinafter also referred to as ‘data’). Such data may include your name, address, email, telephone number or the number or other information on your ID document. Non-personal data refers in particular to information that does not enable a person to be identified.
We process personal data in compliance with the relevant data protection laws (e.g. the Swiss Data Protection Act (FADP), the General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018) and any other applicable local laws and regulations.
Processing is understood to include any operations involving the handling of personal data, in particular gathering, storage, collection, consolidation, anonymisation, use, transmission or deletion.
Your personal data is only processed if this is permitted under the applicable legal provisions. In so doing, we only process your data by referring inter alia to the following legal bases:
§ performance of a contract or in order to take steps prior to entering into a contract: in particular, we require certain types of data in order to initiate or implement your contractual relationship with Bucherer.
§ safeguarding of legitimate interests: Bucherer will process certain data in order to safeguard its interests or those of third parties, provided your interests as the data subject in any given case do not override.
§ consent: we will only process certain types of data based on your consent provided in advance, which you can withdraw at any time with effect for the future.
§ compliance with a legal obligation: we may also process your personal data to comply with legal obligations such as money-laundering provisions or obligations under commercial and tax laws.
In relation to the provision of certain services, it may be necessary to furnish certain types of data. We will inform you in detail about such data using appropriate means (e.g. by highlighting *mandatory fields). In the absence of such data, we will generally be unable to offer you our services. In addition, you can furnish voluntary data that is not strictly required for the acceptance and execution of an order. The storage of voluntary information is based on our legitimate interests.
Specifically, personal data collected when using our services will be processed for the following purposes and with reference to the following legal bases:
2.1 Order execution and contract performance
We collect personal data from you for the preparation, execution and management of our services and contracts (sales or service enquiries, (guest) orders, sales, purchase and trade-in (in particular certified pre-owned watches), acquisition and redemption of coupons, manufacture, repairs and servicing, exchange, inclusion in product wish lists and waiting lists, organisation of competitions, events and activities, arranging of appointments, use of concierge services, etc.) and any customer interaction in relation hereto and process such data for the purposes of providing customer support and processing services and contracts in the central customer relationship management database (hereinafter ‘CRM’) operated by the Bucherer Group (see also section 4). This specifically includes the processing of your data for the purposes of invoicing and payment handling, customer support, delivery of goods, returns and in order to manage any guarantee/warranty claims and mutual legal claims.
The information collected about you usually consists of your master data (in particular, title, given name and surname, address, telephone number, email address), the information required to provide the service (e.g. the items selected, product information, order details, purchase contract information, service data) and the payment details (specifically the invoice address, payment method, payment details and bank account details for purchases). We collect the data directly from you when an order is placed or when a contract is concluded and managed at one of our subsidiaries, in the case of certain enquiries over our online platforms (e.g. using contact forms or via live chat) or by email, telephone, messaging apps or post. Insofar as this is necessary for the provision of our services, we will pass on certain types of master and order/contract data to third parties (see section 6).
In connection with the execution and management of certain orders/contracts (e.g. in the case of personalised watch engravings, or the uploading of information and documents to your customer account) you may have to disclose personal data originating from third parties. In so doing, you are responsible for the lawful transmission of such data to the respective Bucherer company. We will only use such data to process the service you have ordered.
The legal basis for the types of data processing described above is the preparation and implementation of a contract or the safeguarding of the legitimate interests of Bucherer or a third party.
2.2 Payment, dispatch and insurance
When managing payments and dispatching orders, we work together with the service providers engaged by the contracting party responsible for your order, which you can consult at the bottom of the web page under ‘Payment’ or ‘Dispatch’ of the website in the country where you place the order. In such cases your payment and master data is transferred to the corresponding third-party provider in question for the purpose of managing the payment and dispatching the order. For certain types of delivery methods, we may for example pass on the email address and/or telephone number provided by you during the order process to the dispatch agent to enable the order to be traced or to coordinate the delivery date (especially in the case of express deliveries). We do not store any payment details.
We may in particular arrange insurance via our online platforms for you, which you take out directly with the respective service provider. In such cases we pass on the information required to conclude the insurance selected to the respective service provider.
Please take note in such cases of the applicable data protection or security provisions of such third-party providers.
Generally speaking, the legal basis for processing data in such cases is the implementation of a contract concluded with you or our legitimate interests. We have a legitimate interest in enabling the communication between you and the service provider, so that we can ensure the proper management of the corresponding contract. You can object to our processing of your data based on our legitimate interests. Please refer to section 8 and send us a message using the contact details provided in section 1.
2.3 Contact and customer support
We collect and process data when contacting customers, providing customer support and for other forms of interaction. The information collected consists of your master and contact data (title, name, address, date of birth, email address, telephone number), other voluntarily disclosed information (e.g. about your interests and preferences with regard to the product range; preferred watch brands, models and materials; noble metal allergies; preferences regarding hospitality; hobbies; information on family events such as wedding dates and concerning your family circle; nationality; participation in events; social media profiles) and reactions to contact activities and sales and other commercial data at Bucherer (reservations, orders, sales, exchange, repairs, goods, prices, points of sale, dates, etc.), which are transmitted to and recorded by us in the sales outlet or via email, by telephone or otherwise via electronic means (e.g. by Messenger or over social media channels).
Such information is used to contact you for the reasons described above, to provide you with the best possible advice when you shop at one of our Bucherer stores or on our online platforms, for evaluation for internal analysis or for personalised marketing and to carry out targeted advertising – via email or by post, telephone or Messenger – on this basis within the framework of statutory provisions (see section 3).
If the legal basis for processing data when contacting customers and providing customer support does not reside in taking steps prior to entering into a contract and performing a contract or in safeguarding the legitimate interests of Bucherer or a third party, such processing will take place based on your consent. Your consent will be assumed until it is withdrawed. You can withdraw your consent at any time with effect for the future (see section 3).
2.4 Visits to our platforms
When you visit our online platforms, information is stored relating to your visit such as the IP address of the end device sending the request; the name of the website / file requested; the web page from which you are visiting the online platform (referrer URL); the date and time of the server enquiry; the browser type and version; the operating system used by the enquiring end device and the search term used, for example in Google, to find the website.
We process such data based on our legitimate interest to provide the online platforms and to ensure the proper functioning and security of our IT systems. Our legitimate interest in this respect is to enable our online platforms to be used and to ensure their proper functioning from a technical point of view and that they can be accessed on an ongoing basis. When you visit our online platforms, such data is automatically processed. We do not use such data to draw conclusions about your identity.
In the absence of any other compelling legal basis, data collected automatically is usually deleted after 14 days. If there is a compelling legal basis, we will delete the data once the legal basis no longer exists.
We are unable to meet requests to refrain from collecting and storing your server log data, because such data is essential for the smooth functioning of our online platforms.
2.5 Customer account and logins
When you use our online platforms, you can create a password-protected personal customer account or, if this option exists, log on from a social media site (e.g. Google, Twitter or Facebook). When registration takes place, the data collected from the registration form or provided by the social login provider and where applicable updated and collected during subsequent interactions is used to create a user profile or is assigned to an existing user profile and stored and managed in the central database CRM operated by the Bucherer Group (see section 4). In your customer account, you may have the option of managing your contact details, viewing your transactions, creating and managing digital watch collections, indicating preferences and adjusting the marketing settings (see also section 3) of your account. The scope of functions in your customer account may vary depending on the online platform. Generally speaking, you can use the same password to access your customer account (e.g. web page and app).
The information collected when setting up a customer account usually consists of your master and contact data (in particular title, given name and surname, address, telephone number, email address, password) and any other information and data provided voluntarily or uploaded (e.g. on your interests and preferences regarding the products on offer, preferred brands/models, preferences regarding hospitality, your date of birth and wedding date, watch (collections) and accompanying photographs) and sales and other commercial data at Bucherer (reservations, orders, purchases, exchange, repairs, goods, prices, points of sale, dates, etc.), which are transmitted to and recorded by us in the sales outlet or via email, by telephone or otherwise via electronic means.
In the case of a social login certain information such as names, email address and other public information from your social media profile is retrieved to offer you a simplified log-on process and a personalised user experience. This information is only used by us to authenticate and manage your account. Please note that we do not have access to your password nor any control over your social media account. We recommend that you regularly consult the data protection provisions and the private sphere settings of your social media provider so that you are fully aware of how the provider in question uses your data.
If you are logged onto your account when you visit our online platforms, information about your behaviour (e.g. shopping cart information and wish lists) may be processed and assigned to your user profile.
When you register and log on subsequently and when you use our online platforms, we reserve the right to store the IP address and the time you access the website. Storage takes place on the basis of our legitimate interest to protect against misuse and other unauthorised use of our online platforms. Such data will only be passed on to third parties if this is necessary to enable us to pursue our claims or if there is a legal obligation.
The registration of a user account is voluntary, unless the reason for registering the account is to enable us to offer you certain services. If the legal basis for data processing in connection with a customer account does not reside in pre-contractual measures and the implementation of a contract or in the safeguarding of the legitimate interests of Bucherer or a third party, such processing takes place based on your explicit consent. Your consent will be assumed until it is withdrawed. You can withdraw your consent at any time with effect for the future (see section 3).
2.6 Location data
Some of the services offered by us (especially when our online platforms are used) may gain access to location data and process such data. This occurs for example if you use the localisation function to find a point of sale near you. Location data may be collected via your IP address, your browser, GPS, sensors, signals or Wi-Fi access points and is used to provide you with a personalised and optimised service.
Data is generally processed with your consent. You have the option at any time of revoking your consent for the processing of location data by adjusting the settings on your device accordingly and/or revoking your consent in the corresponding cookie settings (see also our cookie guidelines). Please note that if you withdraw your consent some of the functions of our services may no longer be available in their entirety.
2.7 Data from third-party sources
We may use data about you taken from public sources (e.g. social media profiles) to improve our services (e.g. provide more targeted advice). Data drawn from third-party sources may contain information about your preferences, interests and demographic characteristics. The processing of such data is based on our legitimate interest.
Generally speaking, you have the right to object to the processing of your data originating from third-party sources. Please take note of the right to object to processing based on our legitimate interests set out in section 8 below.
Based on your consent (see section 3) we may also use data within the context of what is known as customer match (see also section 2.11). In this case we transfer data (such as an email address, telephone number or other identifying characteristics) in encrypted form to social media platforms (such as Facebook) or advertising platforms (e.g. Google), which compare such data with the corresponding data available to them. If the data compared coincides, this means that the user is also active on this third-party platform. A target group based on the customer data matched is created, enabling us to deliver targeted advertising to this target group and increasing the relevance and effectiveness of the advertising. Different advertising formats such as ads in social media or search engine advertising may be employed depending on the third-party platform.
You can withdraw your consent for Customer Match at any time by revoking your Consent in the preference centre (see section 3).
2.8 User profiles
The nature and scope of the interactions with us described in section 2 allow us to create a user profile, which we maintain in our CRM database (see section 4).
User profiles help us understand the behaviour and interests of our customers. This allows us to continually improve our services and, if you so wish, to deliver targeted advertising based on your interests and usage patterns.
We may merge user profiles with other types of customer data lawfully processed by us (e.g. name, contact details, user and purchasing behaviour including your purchasing history, demographic data, interests and preferences regarding the range of products such as preferred brands, models and materials, preferences regarding hospitality) or assign them to an existing user profile.
If the legal basis for data processing in connection with the creation of a user profile does not reside in pre-contractual measures and the implementation of a contract or in the safeguarding of the legitimate interests of Bucherer or a third party, such processing takes place based on your consent. Your consent will be assumed until it is withdrawed. You can withdraw your consent at any time with effect for the future (see sections 3 and 8).
2.9 Cookies and tracking technologies
2.10 Platforms: use and behaviour
When you use our online platforms we collect, analyse and use data about such usage and generally about your behaviour. This is the case for example if you shop at our online shop or if you use our website and apps (e.g. shopping carts created and abandoned, wish lists, articles viewed, search terms and results, evaluations and comments). We use various technologies in this respect, of which the most important are mentioned below.
2.10.1 Google Analytics / Google Firebase
If you have given your consent or if we are entitled to invoke a legitimate interest in the use of specific functions, we will use Google Analytics and/or Google Firebase (see below), a web analytics service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’).
Google Analytics uses what are known as cookies. The information created by a cookie on the use of our online platforms is usually transferred to a server operated by Google in the US and stored there. The legal basis for this transfer is your consent. We expressly reserve the right to invoke other statutory bases. Any data transfers to the US are governed by the EU standard contract clauses concluded with the Google parent company Google LLC.
We commission Google to use such information on our behalf to evaluate your use of our online platforms, compile reports on online activities and provide other services associated with the use of the platform. Anonymised profiles may be created using the processed data.
We only use Google Analytics after enabling IP anonymisation. This means that the user’s IP address is shortened by Google in member states of the European Union (EU) or in other contracting parties to the European Economic Area (EEA). Only in exceptional cases is the entire IP address transferred to a server operated by Google in the US and shortened there.
The data is deleted as soon as it is no longer required for our record-keeping purposes. In our case this means that the data is usually deleted 14 months after being collected.
- You can obtain further information on the processing of data by Google, how to adjust settings and how to object to such processing by visiting the Google web pages using the following links: https://www.google.com/intl/en/policies/privacy/partners (‘How Google uses information from sites or apps that use our services’);
- https://www.google.com/policies/technologies/ads (‘Use of data for advertising’);
- https://adssettings.google.de/anonymous?hl=en ‘Manage information used by Google to show you ads’).
We also use Firebase, an analysis and monitoring tool from Google for mobile and web applications. When Google Firebase is used certain information on your use of our online platforms (such as device information, IP addresses, app usage data) may be collected and processed.
Google Firebase services may insert ‘instant IDs’. Instant IDs are unique identifiers that carry a timestamp, enabling various events or processes in relation to the app to be linked. This data is used to analyse and optimise user behaviour, e.g. to evaluate crash reports. According to Google, these instant IDs do not process any personally identifiable data. For Firebase Analytics, Google also uses the end device’s advertising ID.
You can also object to the collection of data by Google Firebase and any time with effect for the future by disabling Firebase Analytics data collection in the app’s settings or limiting the use of the advertising ID in the device settings of your mobile device.
For Android: Settings > Google > Ads > Reset advertising ID
For iOS: Settings > Privacy > Advertising > No Ad Tracking
If you have given your consent for the use of certain cookies, we will use Mouseflow on our website, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Kopenhagen, Denmark.
Mouse clicks, clicks, scroll movements, information about your browser, type of end device, operating system, language, screen resolution, IP address (anonymised).
This tracking is performed on anonymised or pseudonymised data, i.e. at no time are we able to unambiguously identify the web page visitor.
Web analysis by Mouseflow takes place based on your consent so as to enable the needs-tailored optimisation of our website.
We cannot exclude that the use of Mouseflow may involve the transfer of data to the Mouseflow parent company (Mouseflow Inc.) in the US. Such data transfers are governed by EU standard contract clauses.
2.10.3 Rolex Area
When you visit the Rolex Area of our website, some cookies are scanned by ROLEX SA (‘ROLEX’).
- ROLEX Cookie Privacy: https://www.rolex.com/legal-notices/cookies
- Content Square Privacy Provisions: https://contentsquare.com/privacy-center/
We employ what are referred to as retargeting/remarketing services from third-party providers on our online platforms. This involves the collection of data subject to your consent with the aid of cookie/tracking technologies for the purpose of optimising our advertising and our online presence. This data is not used by us to personally identify you but rather to evaluate the use of our online platforms and deliver interest-based advertising on our own platforms or on third-party platforms (e.g. social media platforms) to users who have already shown interest in our contents and offerings. Ads displayed on our online platforms or on websites run by our partners are based on an analysis of previous usage behaviour. The data used to create usage profiles in accordance with the instructions of the provider of the retargeting/remarketing services engaged by us is generally anonymised/pseudonymised. You can find out more in the following sections about the main third-party providers with which we work, how your data is processed in this respect and how to disable retargeting/remarketing technologies:
2.11.1 Google Marketing Platform / Google Ads
We use the function Remarketing or ‘Similar Audiences’ in Google Ads/Google Marketing Platform (formerly DoubleClick by Google) on our platforms provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
Google uses cookie/tracking technologies which are stored on your end device to analyse your use of the online platforms and to show you ads for products or services that might interest you. According to Google, the cookies employed in this respect do not contain any personal information. The information obtained through the use of cookie/tracking technologies about your use of the online platform(s) is transferred to a server operated by Google in the US and stored there. If you are registered for a Google service and logged on, Google may be able to associate your visit to our online platforms with your account. Even if you are not registered with Google, it may still be possible for Google to identify your IP address and create and store user profiles about you. We will only use the Google function for matching customer lists with your prior consent (see also section 2.7).
You can find out more about the analysis of your search/browsing behaviour here:
- https://policies.google.com/privacy?hl=en-GB and
- https://policies.google.com/technologies/ads?hl=en-GB and
- https://marketingplatform.google.com/intl/en_uk/about/enterprise/ .
2.11.2 Facebook Pixel
We also use services provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter ‘Facebook’) such as the Facebook Pixel for retargeting/remarketing purposes.
When you visit some of our online platforms and have given us your consent, a direct connection is established via the Facebook Pixel between your browser and the Facebook server. Facebook is also informed that you have visited our online platform(s), thus allowing us to organise our Facebook activities more effectively and e.g. show articles or ads solely intended for visitors to our online platforms or pre-defined customer groups (‘custom audiences’). The Facebook Pixel tool also enables us to analyse the use of our online platform(s) and to display ads for contents and offers that might interest you. The data collected is only sent to Facebook in encrypted form and is anonymous from our point of view, i.e. we cannot inspect the personal data of individual users. We will only use the customer audience function ‘advanced matching’ for matching customer lists with your prior consent (see section 2.7).
We are jointly responsible (but not as regards further processing) with Facebook for the exchange of data collected or obtained via the Pixel or similar functions, the display of advertising material based on users’ interests, improvements in the delivery of ads and the personalisation of functions and contents. Accordingly, we have concluded a supplementary agreement with Facebook. Users can therefore contact Facebook directly if they require any information and regarding other matters concerning our joint responsibility.
You can withdraw your consent for the storage and use by us of cookies (including the Facebook Pixel) for retargeting/remarketing purposes at any time with effect for the future by adjusting your cookie settings accordingly. You can also prevent the storage and use of marketing cookies (including the Facebook Pixel) by adjusting your browser accordingly and/or preventing the installation of add-ons (see also our cookie guidelines).
2.11.3 TikTok Pixel
We engage the services provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter ‘TikTok’) on our online platforms such as TikTok Pixel for retargeting/remarketing purposes.
If you visit some of our online platforms and provided you have given your consent, a direct connection is established via the TikTok Pixel between your browser and the TikTok server. TikTok can then receive information about your visit to our online platforms, such as information on certain interactions with our online platforms (clicks or product views), your IP address and information about your device and browser. This enables us to organise our TikTok activities more effectively and e.g. to only show articles or ads to visitors of our online platform(s). The TikTok Pixel also enables an analysis on our behalf of the use of the online platforms and the display of contents and offerings that might interest you. The data collected is anonymous as far as we are concerned, i.e. we cannot inspect the personal data of individual users. We will only use the function ‘advanced matching' for matching customer lists with your prior consent (see section 2.7).
You can withdraw your consent for the storage and use by us of cookies (including the TikTok Pixel) for retargeting/remarketing purposes at any time with effect for the future by adjusting your cookie settings accordingly. You can also prevent the storage and use of marketing cookies (including the TikTok Pixel) by adjusting your browser accordingly and/or preventing the installation of add-ons (see also our cookie guidelines).
2.12 Social media functions
You will find links (hyperlinks) on our online platforms to our social media profiles on the social media networks and platforms operated by Facebook, LinkedIn, Instagram, Twitter, YouTube and Pinterest. These services are provided by the companies listed below (hereinafter also referred to as ‘Social Media Providers’:
With regard to the purpose and scope of data collection and the further processing and use of data by these Social Media Providers, your rights in this respect and the options for adjusting your settings to protect your privacy, please consult the information from the corresponding Social Media Provider using the links above.
When you click on the corresponding symbols of these Social Media Providers, you are automatically forwarded to our profile on the Social Media Provider in question. In order to use the functions of the network concerned, you must be partially logged on via your user account on the network. If you do not want a Social Media Provider to associate your action upon clicking on a link forwarding you to the network’s site with your user account on the network in question, you must log out from the service in question before clicking on the link. Even if you are not registered with the Social Media Provider, data may be sent to the Social Media Provider with the aid of cookies after clicking on such a link. If we are jointly responsible with the provider for certain types of processing, we will conclude a corresponding agreement, the substantive content of which you can consult at the provider. You can find out more about data processing by Social Media Providers in their privacy policies.
Our online platforms may also contain plug-ins from Social Media Providers (e.g. Facebook, Twitter, Pinterest and Google+) such as ‘Share’ or ‘Like’ buttons. These interfaces contain a link to the corresponding social media platform.
If you select one of the available functions and click on the symbol of the corresponding Social Media Provider, a direct connection is established between your browser and the server of the Social Media Provider in question. During this process the Social Media Provider is informed that you have visited our platforms using your IP address and requested the link. If you click on a link to a social media platform while you are logged onto the account of the provider in question, content from our website may be linked to the Social Media Provider, which means that the provider will be able to directly associate your visit to our website with your user account. If you want to prevent this from happening, you should log out before clicking on the corresponding link. An association will in any case take place if you log onto the Social Media Provider after clicking on the link.
2.13 Monitoring of misuse
In line with manufacturer specifications we are contractually obliged to only sell watches to end customers and authorised distributors. Moreover, the sale of certain models to the same customer is limited to a certain number of items. In order to abide by these rules and prevent abusive requests and unauthorised dealing (e.g. reception of stolen goods and counterfeiting), we compare order-related information with any information on the customer already stored in our CRM database. This may include identification by presentation of a valid ID document and a copy thereof where necessary. If misuse is suspected we may also undertake further investigations to the extent required (e.g. comparison of the personal details furnished with an ID document, comparison with data from official sources and information from credit agencies). It may also be necessary to pass on your master data to the manufacturer of the product for the aforementioned purposes.
We also process data from surveillance systems (e.g. video surveillance) in our stores to protect our employees, our customers and our property. The separate data protection provisions governing the use of such surveillance systems disclosed as necessary in stores are also applicable.
The legal basis for processing data in the cases described above is the safeguarding of the legitimate interests of Bucherer or a third party. Both the manufacturer concerned and we have a legitimate interest in the prevention of unauthorised dealing/resale and abusive requests, the prevention and investigation of criminal offences and in ensuring the secure operation of our business. Subject to the conditions set out in section 8 you can object to the processing of your data for these purposes.
2.14 Compliance with legal obligations
Under certain circumstances we are obliged to collect information on the identity of a contracting party or the persons representing him/her or the economic beneficiaries for identification in line with money-laundering provisions (usually the person’s name, place and date of birth, nationality, residential address, details on the business relationship and where necessary other information about the contracting party) and to check the contracting party’s identity with a valid ID document. It may also be necessary to collect and process data from officially accessible sources (e.g. public registers, the Internet) and obtain and keep a copy of a valid ID document. The legal basis for data processing in this respect is compliance with legal obligations relating to the pertinent money-laundering provisions.
We also process personal data in compliance with other legal obligations such as compliance with documentation and record-keeping obligations under commercial and tax laws. The legal basis here is compliance with the relevant statutory obligations.
3.1 Overall Marketing
Using contact and opt-in forms, you have the option of granting us overall consent for processing and using your data for marketing purposes and to contact you via the communication channels you have indicated – in particular via email, by telephone (incl. messaging apps), online platforms (e.g. push notifications) and/or social media (‘Overall Consent’). We collect and store the following types of data for this purpose (* mandatory information):
email address*, title*, given name*, surname*, telephone number, address, country
In line with our overall marketing strategy and subject to your consent and the information stored and compiled in the future in your user and/or customer profile (see sections 2.8 and 2.5), you will receive interest-based information on our products, services and benefits and accompanying recommendations. In so doing we pursue the following objectives:
- to analyse, evaluate and optimise the use of our services;
- to offer you personalised contents, product recommendations and exclusive offers based on your transactions, use of services and individual interests;
- to draw your attention to services associated with the purchase of products;
- to invite you to exclusive events;
- to measure the reception and success of marketing campaigns;
- to frame our advertisements and those of our partners in a more appealing fashion and in so doing deliver promotional content to you via other channels (e.g. social media platforms and advertising networks) – remarketing/retargeting;
- to offer you social media services;
- to conduct and evaluate email campaigns;
- to send you customer surveys and evaluate them.
Your consent for overall marketing will be recorded by us so as to furnish proof of the underlying consent in line with legal requirements. The recording of your consent and the necessary processing of the data entered by you will therefore take place based on our legitimate interests.
If you decide to completely or partially withdraw your consent at a later date for the collection, processing and use by Bucherer of your data for marketing purposes and promotional messages in this respect, you can do this at any time by visiting the Preference Centre and adjusting the preference settings in your Bucherer customer account or using the opt-out link in our email message or contacting our customer service department (see contact details in section 1) / your sales advisor.
We should point out that when promotional emails are sent, your user behaviour with regard to our promotional emails is evaluated by us. This evaluation takes place with the aid of ‘web beacons’, also known as tracking pixels / pixel tags and corresponding coded links. Web beacons are one-pixel image files that establish a link with our online platforms and enable us, together with coded links, to analyse your user behaviour as regards promotional emails (‘open or click tracking’). This takes place by collecting technical information, e.g. on your browser, your system, your IP address and the time the email or link is opened via web beacons and coded links, which are assigned to your email address, have their own associated identifier and can be assigned to your user profile.
Open Tracking using web beacons is not possible if you have disabled the display of images in your email program by default. However, in such cases, our promotional emails will not be completely shown to you and/or not all functions may be available. Manually allowing the images to be displayed enables the tracking described above to take place. You can only prevent ‘click tracking’ by refraining from clicking on links in promotional emails.
3.2 Marketing targeted at existing customers
If we have obtained your data in connection with an order placed by you or purchase – and provided the statutory authorisation for such marketing initiatives has been granted – we may send you promotional emails with information on similar goods and services. We generally process the following types of data for this purpose: email address, title, given name, surname and/or address.
This takes place for promotional purposes on the basis of a statutory authorisation and our legitimate interest in nurturing customer relationships and conducting the accompanying targeted marketing campaigns.
As a past customer, we also reserve the right to send you promotional material by post, unless you have objected to contact by post.
You can object to promotional contacts as a past customer at any time. In which case, you will not receive any further promotional information on our goods and services based on our legitimate interest. You can exercise your right of objection in writing (e.g. by email) using the contact details provided in section 1. An opt-out link is of course available in each promotional email.
4. CRM database and information on joint responsibility
In order to ensure the uniform availability of our online platforms, financial and resource planning, customer management, marketing activities, order processing and data analysis, Bucherer deploys group-wide, centrally managed systems. These systems are responsible for the uniform, group-wide management, maintenance and processing of customer, order and contract data and data from various sources (e.g. regarding the use of our online platforms and your interactions with us) to the extent and for the purposes described in section 2 above.
Other group companies may gain access to the information stored therein, provided this is necessary for internal administrative purposes or customer support or for the purpose of monitoring misuse.
The legal basis for such group-wide transfer of personal data generally resides in the safeguarding of the legitimate interests of Bucherer or a Bucherer Group company. Bucherer has a legitimate interest in processing such data in centralised systems so as to ensure customer support spanning local stores and group companies and better customer service, prevent unauthorised dealing and abusive requests and implement uniform technical and organisational security measures. Responsibility for the use of these systems by the companies listed in section 1 is shared with Bucherer AG. With this in mind, the companies in the Bucherer Group have concluded an agreement governing joint responsibility. The agreement essentially provides as follows:
- Areas of responsibility: Responsibility for the operation and administration of the systems and management of the customer and order data stored and for related privacy issues (e.g. requests from customers for information and to delete data) primarily lies with Bucherer AG based in Switzerland (parent company). The collection and updating of data in the systems, e.g. during customer registration, order execution or contract implementation and communication with the customer in this regard generally takes place through the branch stores or online platforms of the respective Bucherer Group companies, which are accordingly responsible in this respect. All the companies process personal data in compliance with the relevant data protection provisions.
- Data security: Bucherer AG with registered office in Switzerland (parent company) is primarily responsible, along with the relevant group companies (see section 1), for ensuring adequate levels of security of personal data when such data is processed in the centralised systems and for the underlying data protection principles (e.g. through rights management and access control, implementation of a deletion concept, privacy by design).
- Data subject rights / contact persons: Each company in the Bucherer Group is solely responsible for processing and responding to data protection requests and queries from their own customers. This means that your point of contact in all matters concerning data protection is the relevant Bucherer Group company (see section 1). If you wish to exercise your data protection rights (e.g. requests for information or to delete data), you can contact the data protection contact person or data protection officer described in section 1. If required for the purpose of dealing with your request, the companies in the Bucherer Group will promptly share information and support one another and make available the necessary information when replying to requests for information and other requests.
If you have any further questions regarding the agreement governing joint responsibility, you can contact the relevant data protection contact person or data protection officer at any time (see section 1).
5. Duration of data retention
Unless otherwise indicated, your personal data will be deleted or in certain cases anonymised if it is no longer required for the stated purposes in relation to the services rendered, no other legal basis can be invoked for its further processing or its deletion is incumbent upon us in order to comply with a legal obligation. Data may be retained for longer periods, if and to the extent that this is required to comply with a statutory obligation (e.g. data retention obligations under commercial and tax laws, depending on the legislation in force locally, e.g. 10 years) or for other legitimate reasons (e.g. to pursue legal claims). If no other statutory basis exists for the further processing of customer data collected with your consent, such data will be deleted if you withdraw your consent.
6. Recipients of data
Specifically, your data may be transferred to the following recipients:
- When processing contracts and delivering our services, in order to comply with legal obligations, we may engage the services of other external service providers (in particular, postal providers and dispatch services, banks and payment service providers, insurance companies, travel service providers, credit agencies and debt collection agencies, marketing agencies, email providers, web, cloud and IT service providers, data destruction companies) and external consultants (e.g. lawyers, money-laundering officers, accountants and tax consultants). The transfer of your data to these service providers will only take place in compliance with the pertinent statutory provisions, when an order is processed and governed by appropriate agreements. In certain cases, it is possible that you may have to conclude separate agreements with specific service providers (e.g. payment service providers and insurance companies). In such cases you should also take note of the provisions on data protection and security accessible via the links provided.
- In order to provide the warranty services offered by manufacturers or whenever joint events or activities are organised and in relation to limited runs, waiting lists, certificates and special requests, we may be obliged to pass on your personal data to the manufacturer or brand partner. The legal basis for such data transfers is generally the need to implement a contract or a legitimate interest for the aforementioned purposes.
- to companies in the Bucherer Group;
- transfers of personal data in connection with company acquisitions, mergers and sales;
- We may also be obliged, in compliance with legal obligations, to transfer your personal data to other recipients such as authorities in order to comply with disclosure requirements (e.g. supervisory, financial or law enforcement authorities).
7. Data processing in third countries
If we transfer your personal data to third countries outside Switzerland, the European Union (EU) or the European Economic Area (EAA), before the transfer takes place we will check, apart from the exceptions contemplated in the recipient country, whether there exists an adequate level of data protection or you have consented to the transfer of data. An adequate level of data protection is guaranteed for example by drafting EU standard contract clauses or the existence of what are known as Binding Corporate Rules (BCR). We transmit and process data within Europe and the USA.
8. Your rights
The rights listed in this section may be subject to certain exceptions or additional conditions in accordance with the data protection laws in force.
Right to information: You can request information from us at any time about the personal data processed by us. The provision of information must respect the rights and freedoms of other persons who may be adversely affected by the transfer of data.
Right to rectification: You can request the rectification of inaccurate personal data or the completion of incomplete personal data stored by us.
Right to erasure: You can also request the erasure of the personal data stored by us, if the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing: You can request the restriction of the processing of your personal data. This applies in particular if you contest the accuracy of the personal data stored by us or if you have objected to processing. In this case we are obliged to restrict the processing of the data pending the examination of your concern.
Right to data portability: Your have the right to receive the personal data provided to us in a structured, commonly used and machine-readable format or, where technically feasible, to request its transfer directly to another controller. This right to data portability only exists if the processing is based on your consent or on a contract and is carried out by automated means.
Right to object to data processing based on legitimate grounds: If we process your data to safeguard legitimate interests, you can object to the processing of your personal data on grounds relating to your particular situation at any time. If a legitimate objection is lodged we are obliged to stop processing your data unless we can demonstrate compelling legitimate grounds overriding your interests or if we are obliged process such data for the establishment, exercise or defence of legal claims. The right to object may be subject to limitations as set out in the applicable data protection laws.
Right to object to data processing for direct marketing: If we process your personal data for direct marketing purposes, you have the absolute right to object at any time to the processing of your data for such marketing. In such cases, there is no need to provide details relating to your particular situation. This also applies to any profiling, to the extent that it is related to such direct marketing. If you lodge an objection your data will no longer be processed for direct marketing purposes.
Right of revocation: If we process personal data on the basis of your consent, you also have the right to withdraw your consent at any time. The consequence of your revocation will be that we will no longer continue to process data based on your previous consent in the future. If you wish to withdraw your consent for the use of certain cookies, please take note of our explanations in the cookie guidelines.
If you wish to exercise your data protection rights, please contact the relevant data protection contact person or data protection officer. Their contact details can be found in section 1 of these provisions. Please note that depending on the applicable data protection laws, the exercise of the aforementioned rights may be framed differently or limited and/or subject to different conditions. In order to prove the identity of the person exercising your rights described in this section, section 8, Bucherer may request that an ID document be presented and process it accordingly.
9. YOUR RIGHTS
If you believe that the processing of your personal data by us violates your data protection rights, you have the right to lodge a complaint before a supervisory authority, specifically in the member state of your usual place of residence, your workplace or the location of the alleged violation. You can find an overview of all the European supervisory authorities by clicking here: https://www.bfdi.bund.de/DE/Service/Anschriften/Europa/Europa-node.html
We take technical and organisational security measures to protect your personal data, in particular against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. These security measures are regularly updated to reflect the latest technological innovations and the evolution of the market.
Our employees are bound by confidentiality.
English version October 2023.