Privacy policy

1. PERSONAL DATA CONTROLLERS

With this privacy policy (the “Privacy Policy”) we wish to inform you, pursuant to article 13 of EU Regulation 2016/679 (hereinafter, the “GDPR”) and the European and Italian laws that supplement it (“Privacy Legislation”), including the rules on the protection of personal data under Legislative Decree 196/2003 (“Privacy Code”), about the processing of your personal data.

Your personal data will be processed by Hausmann Kron srl, with registered office in Rome, via dei Condotti 35, email: kron@hausmann-co.com, in the person of its legal representatives (hereinafter, the “Company”), an independent controller of the processing of personal data, as well as by Hausmann Service Srl (hereinafter Hausmann Service, which carries out direct marketing processing for the Hausmann & Co. Group, hereinafter the “Group”) with registered office in Rome, Piazza di S. Lorenzo in Lucina, 4, email: hausmannservicesrl@pec.it, in the person of its legal, also as an independent data controller.

The Company and Hausmann Service hereinafter “the Data Controllers”, wish to inform you as below.

 

2. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA PROCESSED

2.1 We inform you that personal data means any information which the Data controllers have acquired in relation to the Data subjects for the pursuit of the purposes referred to in paragraph 3 below (“Personal Data”). The processing is envisaged of common personal data not belonging to special categories (hereinafter “Common Personal Data”) as well as the processing of special data as per art. 9 of the GDPR where such information has been provided by the Data Subjects in the context of the invitation to events sponsored by the Companies (hereinafter “Special Personal Data”).

2.2 Data Subjects involved in the processing of Personal Data by the Data Controllers are natural persons who are already customers or potential customers who come into contact with the Company and/or Hausmann Service, or those who make the payment on behalf of the customer (hereinafter, the “Data Subjects”).

2.3 The processing of Personal Data relating to criminal convictions and offences is not envisaged.

 

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

Processing carried out by the Company

3.1 The Company shall process the Common Personal Data of the Data Subjects within the scope of its business activity, for the purposes indicated below:

  • a) on the basis of contractual obligations, without the express consent of the Data Subjects, pursuant to and for the purposes of article 6, sub-section 1, letter b) of the GDPR to provide sales and assistance services as regards the purchased products and the carrying out of any activity related to such services, payments included;
  • b) on the basis of obligations deriving from national laws and regulations, Community legislation, provisions issued by authorities legitimated by law or by other supervisory and control bodies, without the express consent of the Data Subjects pursuant to and for the purposes of article 6, sub-section 1, letter c) of the GDPR;
  • c) for any defensive activity necessary to assert the Data Controller’s rights in court or at a preliminary stage of the proceedings, in accordance with article 6, sub-section 1, letter f or article 9, sub-section 2, letter f) of the GDPR.
  • d) the Special Personal Data of the Data Subjects will be processed, following the specific prior consent of the Data Subjects, pursuant to art. 6, sub-section 1, letter a) and art. 9, sub-section 2, letter a) for the processing and communication of Personal Data to catering companies and to companies which organise events sponsored by the Companies or their partner watch manufacturers, in order to meet the specific needs and/or dietary tastes of the Data Subjects;
  • e) on the basis of the legitimate interest in accordance with article 6, sub-section 1, letter f) of the GDPR of the Companies and watch manufacturers in preventing counterfeiting and the sale of watches on parallel markets;
  • f) on the basis of contractual obligations in accordance with article 6, sub-section 1, letter b) of the GDPR, for the delivery of specific requests of special or unique watches to watch companies, in order to be examined by them (manifestations of interest).

Processing performed by Hausmann Service

3.2 Hausmann Service, as an independent data controller, will process the Common Personal Data of the Data Subjects for the purposes indicated below:

  • a) with the prior express consent of the Data Subjects, collected in accordance with the Privacy Legislation, to send advertising or direct sales material or to perform market research or commercial communication on latest products, activities and organised events, carried out using any automated contact tool, including automated call systems without operator (so-called pre-recorded phone calls) or in a manner similar to the former (such as: email, SMS) pursuant to article 130, sub-sections 1 and 2 of Legislative Decree no. 196/2003 (hereinafter, “Privacy Code”). The consent given for the sending of commercial and promotional communications, on the basis of art. 130, sub-sections 1 and 2 of the Privacy Code, also extends to the traditional methods of contact, such as paper mail and/or calls through the operator. Hausmann Service will ensure that direct marketing initiatives are carried out in a proportionate and non-invasive manner, ensuring that only communications which, based on the information in its possession, are deemed to be of interest or relevant (direct marketing) are sent.
  • b) subject to the specific express consent of the Data Subjects, collected in accordance with the Privacy Legislation, to analyse, including with automated tools, the preferences and habits of each in order to promote and/or offer customised goods and services; (full profiling)
  • c) with the prior express consent of the Data Subjects , to communicate their Data to the Brands of their interest for their direct marketing purposes;
  • d) on the basis of contractual obligations, in organizing and managing events to which the Data Subject registered.
  • e) for the generation of proofs of purchase through Fungible Tokens (NFTs) released to the clients, as particular way of execution of the contract.
  • f) on the basis of the legitimate interest and of the other companies of the Group to valuate, through the CRM, the client’s profile in relation to the manifestations of interest for high-end watches and/or in limited edition (light profiling); Data subjects may object to such processing at any time, in a free and easy way, by contacting the Company or Hausmann Service at the contacts above illustrated and at any communication, or by clicking on the opt-out button included at the bottom of the communications received after the manifestation of interest by Hausmann Service.
  • g) On the basis of the legitimate interest and of the other companies of the Group, to send through email, promotions relating to goods or services like those objects of a product or service sale, in a no- profiling mode, according to art. 6, par.1, letter f) of the GDPR, as well as to sending the invitations to exclusive events of products presentation or celebrations in the watchmaking sector, where the Data Subjects do refuse such use (ss. soft-spam). Data Subjects may oppose to such processing at any time, in a free and easy way, by contacting the Company or Hausmann Service at the contacts above illustrated and at any communication, or by clicking on the opt-out button included at the bottom of the communications received after the manifestation of interest by Hausmann Service.

 

4. METHODS OF PROCESSING PERSONAL DATA

4.1 In relation to the purposes indicated in paragraph 3 above, the processing of Personal Data is carried out by the Data Controllers in accordance with the Privacy Legislation, in particular:

  • – it is carried out using manual media and also with the aid of electronic or automated media, in any case, capable of ensuring the security and confidentiality of the data, and     preventing unauthorised access to the Personal Data by third parties;
  • – it is carried out directly by the Data Controllers’ organisation and/or by data processors appointed by them.

4.2 All the Personal Data will be kept by the Data Controllers for the time strictly necessary for the pursuit of the purposes for which they were collected, as referred to in paragraph 3 above, respecting the principle of minimization under article 5, sub-section 1, letter c) of the GDPR, without prejudice to any specific legal obligations, including those on the storage of accounting documents. The Special Personal Data will be erased by the Data Controller once the organisation of the event for which they were collected has been completed. In relation to the purposes indicated in section 3.2 letters a) b), f),g) , and in consideration of the fact that the sale concerns goods of considerable value the purchase of which is made on average about every decade, in view of the life cycle of the products sold and the value of the same, the storage of Common Personal Data, without prejudice to any objection to processing, any revocation of consent to processing or any invalidation of the legal basis, is 10 years from the collection of the personal data, or from the last event in which the Data Subjects participated or from the last update of the personal data made or requested by them. At the end of such period, the Common Personal Data will be erased or irreversibly anonymised.

 

5. COMMUNICATION OF DATA

5.1 In the pursuit of the purposes referred to in paragraph 3 above, the Common Personal Data may be communicated and/or in any case shared with third parties and consultants or suppliers, for the purpose of organising events and providing services requested by the Data Subjects or for administrative, financial and accounting purposes, as well as with other entities which provide services to the Data Controllers and, on a mediation basis, to the Data Subjects. The Common Personal Data will be communicated to watch manufacturers for the purpose of monitoring any sales of watches on the parallel market. The Special Personal Data may be communicated, with the specific prior consent of the Data Subjects, only to the catering companies and to the companies organising events sponsored by the Companies or their partner watch manufacturers, in order to satisfy the specific needs and/or food tastes of the Data Subjects.

5.2 Some of the entities indicated in paragraph 5.1 above will process the Personal Data in their capacity as data processors of the Data Controllers, by virtue of an appointment as external data processor made by them pursuant to and for the purposes of art. 28 of the GDPR. The list of names of the data processors, pursuant to art. 28 of the GDPR, will be made available to the Data Subjects by the Data Controllers upon request.

5.3 Other entities (such as lawful authorities or other supervisory and control bodies) may process the Personal Data received from the Data Controllers as independent data controllers.

5.4 In relations to e-commerce services, the Common Personal Data necessary to elaborate payments are transmitted to other companies which collaborate to payment services presentation as well as, due to security and insurance reasons, to companies that provide payment reliability validation services. For the processing related to payment reliability validation services, it is necessary to transfer the necessary Common Personal Data to the State of Israel, a country which ensures adequate protection of personal data in respect of the current adequacy decision of the European Commission.

5.5 The natural persons, employees and collaborators of the Data Controllers, authorized to process the Personal Data provided by the Data Subjects, act under the instructions of the Data Controllers and subject to confidentiality constraints.

5.6 Personal Data may be communicated, pursuant to art. 6, sub-section 1, letter f) and Recitals 47 and 48 of the GDPR, to companies belonging to the Hausmann Group for administrative and accounting purposes, meaning those related to organizational, administrative, financial and accounting activities, regardless of the nature of the data processed.

5.7 Personal Data may be communicated to companies, which are a part of Hausmann Group for the purpose of optimizing their business activities, as well as managing, organizing and modifying the integrated Customer Relationship Management (CRM) system used by the Group.

5.8 In case of theft, loss or finding of your watch, the Company could treat your Personal Data in order to send them to watchmaking companies so as to register your request, give you assistance and contact you back in case of necessity.

 

6. DISSEMINATION AND TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

Personal Data are not subject to dissemination or transfer to countries outside the European Union or international organizations. If such transfer should become necessary and/or inevitable for organizational reasons, it should be noted that it will only be made to countries considered safe by the European Commission or, in any case, in one of the ways permitted by applicable law and in particular in compliance with the appropriate guarantees under article 46 of the GDPR, for example by signing the Standard Clauses approved by the Commission or on the basis of one of the exceptions provided for in article 49, such as the consent of the Data Subjects.

 

7. RIGHTS OF DATA SUBJECTS

7.1 The Data Subjects, relating to the Personal Data in the possession of the Controllers, may exercise all the rights provided for by the Privacy Legislation (Articles 15-22 of the GDPR) writing to kron@hausmann-co.com. The Data Subject may, at any time, requests access to his/her data, rectification of inaccurate Personal Data, deletion of data no longer necessary for the purpose for which they were collected, limitation of the processing of his/her data. Moreover, Data Subjects may, at any time, object to the processing of their data for direct marketing and profiling purposes, request data portability and obtain information regarding profiling processing. In addition, Data Subjects have the right to oppose to the processing of their Personal Data for the purposes referred to at section 3.2, letters a), b), c) of this Policy. With specific regard to the purposes referred to at section 3.2 letter a), remains without prejudice to the possibility for Data Subjects to exercise this right in a selective way, i.e., in this case, by objecting, for example, only to the sending of promotional communications carried out through automated tools. In relation to the purposes whose legal basis lies in the consent of the Data Subjects, the latters may remove their consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation.

7.2 The Data Subjects may also lodge a complaint with the Supervisory Authority for the Protection of Personal Data, following the procedures and indications published on the official website of the aforementioned authority (www.garanteprivacy.it).

7.3 In order to exercise the rights indicated in this paragraph, as well as for any possible clarification, the Data Subjects may contact the Data Controllers directly by sending an email message or a letter by ordinary mail to the addresses indicated above.

 

8. PROCESSING BY ROLEX ITALIA SPA

Should you buy a Rolex watch, to prevent counterfeiting and the sale of watches on parallel markets, based on the legitimate interest to protect its own brand, Rolex Italia Spa (“Rolex”), as an independent data controller, will treat your name, surname and other data contained in administrative documents (i.e. fiscal receipt, invoice) of Hausmann Kron srl. Your personal data will be accessible to employee and collaborators of Rolex authorised to the treatment as of GDPR. Those data can also be communicated to Rolex legal consultants and to judicial authority and law enforcement. Data can also be accessible to Rolex SA, based in Geneva, Switzerland. European Commission expressed on 26 of July 2000 an adequacy decision on personal data protection in Switzerland according to UE regulations. Rolex will keep your data for 10 years. As of this treatment, you can exercise rights laid down by art. 15-22 of GDPR and described in the previous section writing to privacy.it@rolex.com or at the address Via Manzoni 5/A, 20121 Milano, Italy.