Last updated on December 18, 2019
- Personal Information we collect in our stores, our websites, through our call-centers or through our repair centers, and the purposes for which we use it.
- Personal Information we collect in order to handle your job application.
- Personal Information we transfer to third parties.
- Rights you have and how you can execute such rights.
“Personal Information” is information that can be used either directly or indirectly to identify you. Examples of Personal Information include your name, your email address and the items you purchased.
- Service Provision
We and our service providers process personal data related to you in order to provide you with the full range of services and features we offer. This includes data necessary to set up a customer account and data required to receive products and services.
We may use your data for marketing purposes to provide you with personalized offers about our products and services, unless you opt-out.
We and our service providers access your data in order to provide services to you as described in this Privacy Notice.
- Your rights
If you are a resident of the EU or the European Economic Area (EEA) you have the right to access, correct, and delete your information, withdraw your consent, object to, or restrict the processing.
- Location of your data
Data we use will be primarily stored in the United States with us and our cloud service providers, if necessary, either in accordance with the EU-, and the Swiss-U.S. Privacy Shield Framework or subject to other appropriate safeguards.
1. What personal data do we use, for which purposes and on which legal basis?
In order to provide you with our services and the full range of features, we and our service providers use your data (including your name, email address and IP address) for the following purposes:
- When you create an online customer account, to manage your account, to provide access to your shopping cart, to display purchased, reserved and registered products, or to present other products presumably of interest to you, to verify your identity if you forgot your password and to process your product reviews.
- When you choose to provide us further information, such as date of birth, address, personal settings, a wish list and your gender, to enable us to personalize both your profile and our recommendations for you.
- When you order goods online, in this case we additionally need your address, telephone number and payment information, to process your purchase, send you confirmation or back-in-stock notification and scan transactions for fraudulent activity.
- When you order goods to be picked-up in one of our stores, we need contact details such as name and email address of a pick up person other than you.
- When you purchase a product in a Fossil retail store and request an e-receipt, to process your request.
- When you participate in loyalty programs, recommend our products to others, redeem a gift card, or when we offer you discounts and bonuses etc. we use this information in addition to purchase-related information to determine whether you are eligible for additional discounts and special offers.
- When you share a product or wish list via our homepage to a friend or when you provide us with the contact details of a friend we will use it only to process your request.
- When you share any pictures/materials with us for publication on social media for such publication.
- When you enter a sweepstake, contest/competition, or promotion sponsored by us to administer the sweepstakes, contest/competition or promotion.
- When you return or exchange a product or when you send us your product for warranty or repair service, to process the request and any communication in connection with this.
- When you contact us to answer your requests, provide customer support and handle your inquiry.
In principle (unless we have a legal or other legitimate reason to maintain it), we delete information related to you
- upon your request,
- after expiry of the relevant legal retention period,
- once we do not have any business purpose for retaining the data anymore.
In addition to those just described, we want to explain certain of our processing activities to you in more detail:
1.1 Recruiting process
We process your data in order to handle your job application if you apply for a job with us. For the application process we collect the information included in your CV/resume and cover letter, such as contact details, academic background, job history, skills and competencies, salary details, the IP address from the device you are applying from etc. Your data will not be kept for longer than it is necessary for the application process, employment or as required by applicable law.
1.2 Video Surveillance
We process your data gained from video surveillance in some of our stores and campuses for security, loss and fraud prevention. We share this data in the cases described in section 3. The duration of the data storage depends on the governing national law unless storage is otherwise permitted (see section 4).
1.3 Credit check in Germany and Austria
For our customers in Germany and Austria we offer the possibility to order on account. For this purpose CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany (“credit agency”) runs a credit check for us, based on your name, date and place of birth, (previous) address, information about previous payment problems, references about fraudulent behavior, information from public registers or bulletins. Using mathematical-statistical procedures, the credit agency determines how likely it is that our customer will pay our bill. On the sole basis of an automated decision (without manual checking), only a positive result will make available the option “order on account”.
1.4 Interest based advertising
We may contact you for direct marketing purposes via email, mail, or other electronic communication methods (e.g. social media) unless you have opted-out from receiving direct marketing messages. For certain types of direct marketing methods (e.g. text messaging), we will obtain your explicit consent prior to sending you direct marketing messages. To select which marketing information may be of interest to you and to personalize ads and offers we
- use publicly available information (e.g. from your social media profiles),
- analyze your account information and how you use our services including our website, ads on third party websites and our newsletter,
- use information of your redemption of a gift card, participation in a sweepstake, contest, competition, or survey,
- use information collected by our service providers or partners (e.g. Google).
- use information collected when you request an e-receipt in our stores or fill out an onboarding form.
1.5 Cross-device targeting
In order to save your preferences, analyze your usage of our websites, provide interest-based advertising to you and deliver tailored ads across multiple devices, we try to link the different devices you are using to you. Technically, we are storing cookies on all the devices you are using and match those cookies within our internal database.
1.6 Log files, Cookies and similar technologies
Every time you visit our website, our system stores data related to your browser, its version, the operating system of your computer, your IP address, date, length and time of your visit, the website you accessed before and the one you visit following links on our website. We use this information for our legitimate security interest and we delete log files without undue delay.
1.7 Your reviews and shared content
When you post a product or seller review or upload an image or other material to our website, or when you share content with us on third party websites, such as social networks, we publish and use this information on our and third party websites. We do not control and do not assume responsibility for the use of information by such third party websites.
Please also note that you must own the intellectual property rights in the content you upload to our website and share with us and must not violate the rights of others (e.g. intellectual property or data protection rights). In uploading, you grant us, and our respective service providers, a royalty-free, unrestricted, non-exclusive, perpetual, irrevocable, sub-licensable, transferable and worldwide license to use, edit, copy, adapt, translate, publish, display, make available, communicate and distribute the content partially or in whole, and to incorporate it in other works for any purposes such as advertising, marketing and promotions and in any form, media or technology known today or later developed.
1.8 Legal Basis (EU)
Please find below the legal basis for every processing activity as required in the EU. As far as this processing is necessary for the performance of the contract with you it is based on Art. 6 (1) b of the EU General Data Protection Regulation (GDPR). This applies to the recruiting process and all general activities, described under 1., unless expressly set forth otherwise in the following:
On Art. 6 (1) f GDPR (legitimate interests) we base the processing of
- voluntarily provided information to offer a functionally appealing and user-friendly services website,
- data gained from video surveillance to improve our service and for security, loss and fraud prevention,
- data related to a credit check to offer different ways for payment,
- log files for security reasons,
- your data for promotional emails we sent you for products similar to your prior purchases to provide you with information presumably of interest for you.
For any other direct marketing purposes (e.g. further emails, newsletters, text messages) we will ask for your consent (Art. 6 (1) a GDPR). In addition, GDPR allows the processing required by law (e.g. to answer your inquiries via the means provided without undue delay).
2. Where do we get Personal Information from?
Most of the personal data we process we received from you or your actions, be it because you entered the data during the registration process, placed an order, applied for a job vacancy or because we track your usage of our website or newsletter etc. However, we also may receive information about you from other sources, such as, Fossil Group companies, and, if publicly available, from third party websites. In some cases we receive Personal Information about you from our service providers and partners, e.g. from Facebook, Google etc.
3. When do we share Personal Information?
We will share your Personal Information in the following cases:
3.1 Legal obligation and internal purposes
We disclose your Personal Information
- in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements,
- in order to protect and defend the rights or property of us or third parties,
- in an emergency, in order to protect the safety of our employees or any person.
3.2 Joint processing within Fossil Group
Your information will be combined with other Personal Information that Fossil Group companies have obtained about you (e.g. wearable data, goods you have purchased on a company website or from a store, repair transactions). We will also make your data available to Fossil Group companies if you apply for a job with us (for information about Fossil Group companies click here. We base this joint processing on an intra group agreement, allocating the responsibilities of the respective group entities. According to this agreement, each Fossil Group company will be responsible for the data processing related to its own business operations and will remain responsible for the personal data jointly processed with others. For you as our customer this means that the Fossil entity you are in touch with is responsible for processing your data and answering your requests. If you are not sure about the entity responsible in your case please contact email@example.com.
3.3 Links to Third-Party Websites and Services
On some pages we allow you to share Personal Information with third parties, such as social networks like Facebook. In these instances you are agreeing to the data being shared and the shared data being subject to the privacy policies of the third party. We do not control and do not assume any responsibility for the use of Personal Information by such third parties. For more information about the third party’s purpose and scope of their use of Personal Information in connection with sharing features, please visit the privacy policies of such third parties.
3.4 Third party advertising
We use third-party service providers to display advertisements across the internet. These advertising service providers may collect information about your visits to our website and your interaction with our products and services, as well as your visits to other websites. Such information does not include your name, address, email address but may contain browser-related information.
3.5 Public Disclosure
Any Personal Information that you include in the text of a product review may be made public in the product review section of our product pages. We may also share the information contained in your wish list with your friends and family as instructed by you or make it public on our Website in case you enable this function. Wish lists made public can be found by searching for your name or email address on our websites.
3.6 Sharing with third parties
We involve other companies for the provision of services, who are allowed to use Personal Information only on our behalf and must not use it for their own purposes, unless permitted by law.
As follows a list of categories of recipients together with the respective purposes:
- to enable the functionality of our online application portals (e.g. IBM)
- to provide customer care services (e.g. Zendesk)
- providing hosting and general IT services (e.g. Amazon Web Services and Google)
- using data cleansing techniques in order to ensure your data, such as your address, is correct (e.g. Acxiom Corporation)
- providing credit checks (see section 1.3)
- for social media services (e.g. Facebook or Google)
- providing payment services (e.g. PayPal, et Cie, S.C.A, First Data Merchant Services, Paymetric, CyberSource, Google, Apple)
- for transport and logistics services (e.g. DHL, FedEx).
- for direct marketing campaigns (e.g. Oracle, Google, Facebook).
- to administer sweepstakes, contests and competitions.
We may transfer your Personal Information to a third party in the event of a transfer of all or some of our assets to a third party. If your information is subject to the Privacy Shield (for more information on Privacy Shield please refer to Section 6 below) we will provide you with an opportunity to reject the transfer of your Personal Information in such cases.
4. For how long do we use Personal Information?
We will retain your Personal Information as long as necessary to provide you with functionality and services as described above under section 1, as long as reasonably necessary to further our legitimate interests or as long as we are required by law. Examples include the defense against, or the establishment of legal claims and legal obligations (e.g. tax law, or the principle of accountability, which requires us to demonstrate that our processing complies with applicable data protection laws). In order to verify whether you opted out or in to marketing activities, for example, we store your respective choice (e.g. via a cookie or a declaration).
5. What are your rights?
5.1 California Residents
The California Consumer Privacy Act of 2018 (CCPA) provides California residents with specific rights regarding their personal information over the last 12 months. If you are a California resident you have the right to request the disclosure of
- the categories of personal information we collected about you
- the categories of sources from which the personal information is collected
- the business or commercial purpose for collecting or selling personal information
- the categories of third parties with whom we share personal information and
- the specific pieces of personal information we have collected about you.
You have the right to request that we delete any personal information that we have collected, subject to certain exceptions defined in CCPA.
To exercise your access and deletion rights described above you have to submit a verifiable request to us by (1) filling out an online form at www.fossil.com, (2) sending us an email at firstname.lastname@example.org; or (3) calling us at +1 (800) 449-3056. The verifiable request must contain sufficient information to allow us to verify you as a person and to properly understand and respond to your inquiry. As part of our verification process we will send you an email with a link to verify your email address. Following this we will ask you one further verification question. Once the verification process is complete we will send you emails with login credentials to our secure privacy portal for you to access, download or delete your data.
We will respond to your verifiable request within 45 days of receipt. If we require more time (up to 90 days) we will provide you with notice and explanation of the reason.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Furthermore you have the right to request that in case we sell your personal information, or disclose it for a business purpose, we disclose to you:
- the categories of personal information that we collected about you,
- the categories of personal information that we sold about you and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold and
- the categories of personal information that we disclosed about you for a business purpose.
In case we have sold your personal information you have the right, at any time, to direct us not to sell your personal information. This right may be referred to as the right to opt-out. You may opt out of the sale of your personal information by completing the webform here. You may also submit your request to opt-out by sending us an email at email@example.com or calling us at +1 (800) 449-3056.
You may use an authorized agent to submit a request to access, delete and to opt-out on your behalf if you provide the authorized agent written permission to do so and verify your own identity directly with us. “Authorized agent” means a natural person or a business entity registered with the Secretary of State that a consumer has authorized to act on their behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf, unless you have provided the authorized agent with power of attorney, pursuant to Probate Code sections 4000 to 4465.
We do not knowingly collect personal information from California residents between the ages of 13 and 16.
In the preceding 12 months, we have collected the following categories of personal information about California residents:
Commercial purpose for collecting
|Sources||How it is shared|
|1. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers||Security, Debugging/Repair, Performing Services on behalf of the business or service provider, Advance a person’s commercial or economic interests, Quality, safety maintenance and verification of a service or device, Enabling or effecting a commercial transaction||Directly from you
Consumer Data Resellers
|With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers|
|2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information||Security, Performing Services on behalf of the business or service provider, Enabling or effecting a commercial transaction||Directly from you
Consumer Data Resellers
|With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers|
|3. Protected classification characteristics under California or federal law||Age (40 years or older), sex (including gender)||Directly from you||With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers|
|4.Commercial information||Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||Performing Services on behalf of the business or service provider, Advance a person’s commercial or economic interests||Consumer Data Resellers|
|5. Biometric information||Voiceprints||Performing Services on behalf of the business or service provider||Directly from you||With our Service Providers|
|6. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement||Security, Enabling or effecting a commercial transaction, Performing Services on behalf of the business or service provider, Auditing interactions with consumers, Advance a person’s commercial or economic interests||Through your usage of our website|
|7. Geolocation data||Physical location or movements||Performing services on behalf of the business or service provider||Through your usage of our website|
|8. Audio / Visual||Audio, electronic, visual, thermal, olfactory, or similar information||Performing services on behalf of the business or service provider||Directly from you|
|9. Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes||Performing services on behalf of the business or service provider, Advance a person’s commercial or economic interests||Through your usage of our website|
Category 1 (Identifiers) and Category 4 (Commercial information) to Consumer Data Resellers, Advertising and Social Networks.
Category 6 (Internet or other similar activity) to Advertising and Social Networks.
We do not discriminate against you because you exercised any of your rights under the California Consumer Privacy Act, including, but not limited to, by:
- Denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties,
- Providing a different level or quality of goods or services to you,
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may charge you a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to you by your data (e.g. your identifiers). In addition, we may offer financial incentives, including payments to you as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. We may also offer a different price, rate, level, or quality of goods or services to you if that price or difference is directly related to the value provided to you by your data. We may enter you into a financial incentive program only if you give us prior opt in consent which clearly describes the material terms of the financial incentive program, and which may be revoked at any time. We shall not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.
5.2 Your additional rights provided by EU law
By contacting us as set forth in section 12 below in the EU you may exercise your right to request (i) access to, (ii) correction of, (iii) deletion of, and (iv) restriction of Personal Information we hold about you. You also have the right to (v) data portability (to receive data you provided in a machine readable format) and, where applicable, (vi) withdrawal of your consent, (vii) opt-out from receiving marketing notifications, and (viii) object to the processing we base on our legitimate interests. Additionally, you have the right to right to (ix) lodge a complaint with the responsible data protection authority.
6. Data Storage in the U.S., Privacy Shield
Personal Information we collect will be primarily stored in the United States with Fossil Group member companies and our cloud service providers in accordance with the EU-, and Swiss-U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer Personal Information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.
In order to provide an adequate level of protection, we comply with the EU-U.S. – and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. We have certified that we adhere to the Privacy Shield Principles. As a consequence, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is a conflict between this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program please visit https://www.privacyshield.gov/welcome. To view Fossil Group’s certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group subsidiaries, including Fossil Partners, LP, and Misfit, Inc. also adhere to the Privacy Shield Principles.
If your information is subject to the Privacy Shield, and you do not believe we have adequately addressed your privacy concerns, you can address your concerns free of charge to an independent recourse mechanism listed below:
In cases where the issue cannot be resolved by us or by the EU Data Protection Authorities you may invoke binding arbitration as further described in the Privacy Shield.
7. International Transfer (EU)
We cooperate with service providers located outside the EU or the EEA (see examples in the list in section 3.6), most of which are Privacy Shield certified. Where this is not the case we make sure we process your Personal Information based on contracts with standard contractual clauses, approved by the European Commission, unless we transfer your Personal Information to a country that was officially recognized by the EU as having adequate protection for processing of Personal Information or pursuant to another exception allowing the transfer as permitted by applicable law.
8. Age Requirements and Children’s Online Privacy Protection Act (“COPPA”)
We do not knowingly collect, maintain or use Personal Information about children under 16. Persons under the age of 16 may not use our Website without supervision from a responsible adult. We will never request Personal Information from a child under 16 without verifiable parental consent. If we become aware that a child under 16 has sent Personal Information without prior parental consent, we will remove his or her Personal Information from our records.
9. Access to and your rights regarding your Personal Information
This website gives you the ability to view and change the Personal Information you provided to us within the My Account section of the website. You may access information we hold about you, request a correction where data is incorrect or a deletion of your data, unless we have to keep your data for legal reasons. We encourage you to address any concerns you may have regarding our use of your Personal Information by using the contact details provided below.
10. What happens if we Change this Privacy Notice?
This Privacy Notice is effective as of December 18, 2019 and may be updated from time to time. We will notify you of material changes by posting a prominent notice on our website or by sending you an email. If your Personal Information is subject to the Privacy Shield, and if we decide to use your information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify you and provide you with the opportunity to opt-out of our use of your information for that purpose.
11. Links to and from other websites
Whenever we provide links to other websites on our website, this is in the interest of our users and should be understood as a courtesy. Pages to which we link and pages that link to our websites are not under our control. In such cases we are neither responsible for the content of these pages nor for compliance with the applicable data protection regulations of those providers. We recommend that you carefully read the privacy statements of these third parties to learn how your Personal Information is stored, used or shared.
12. Who are we and how can you contact us?
Please address any questions, concerns, inquiries, complaints, or requests regarding our practices concerning Personal Information to Fossil at:
Telephone Number: +1 (800) 449-3056
Attention: Chief Compliance & Risk Officer
901 S. Central Expressway
Richardson, TX 75080, USA
You can also get in touch with our data protection team and the responsible data protection officer we designated in every case required by law per email using firstname.lastname@example.org.
Our EU representative is FESCO GmbH, Natzing 2, 83125 Eggstätt, Germany. You can either contact our EU representative by sending an email to email@example.com or calling +49-89-7484 6815.
This website is provided by Fossil Group Inc. 901 S. Central Expressway, Richardson, TX 75080, USA, email: firstname.lastname@example.org.