FESTINA LOTUS SA (hereinafter, FESTINA).
Velázquez Street nº 150, 3rd 1
28002 Madrid (Madrid)
registered in the Madrid Commercial Registry, Volume 28627, folio 51, Page M-515523.
Any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Examples of personal data
Identifiable natural person:
Those who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A mechanic traditional watch, technologically advanced, that has smartwatch properties that are executed using an app, any of the connected watches apps, once the owner synchronizes them.
These are the apps (Lotus Connected, Jaguar Connected, Kronaby) that gets installed in your phone so you can use the services provided by the hybrid watch.
Personalized apps and third parties’ apps:
FESTINA can develop personalized applications, which are susceptible of being used to amplify and/or complete the functionalities and services of its hybrid watches. Likewise, it can give you the opportunity of using third parties’ applications that are going to amplify and/or complete the functionalities and services of its hybrid watches.
Hybrid watches’ functionalities and services:
Set of services and options that are available through the app which processes the users’ personal information.
Collection of data
This App doesn’t collect personal information whatsoever; all the data we record and analyse links the information with a concrete watch and there is no way for anyone to link up that data with a specific person.
The App gathers the following information:
The types of data that FESTINA collects may include the following:
A) Data related with information that is required to use specific services:
1.- Notifications and alerts
For the reception of notifications and alerts in the device once you receive an email, message, instant message, event, etc., you need to activate this option in the App settings. The application will only record the existence of the event, not the data associated with that event.
2.- Location and background location data
By giving your permission for the APP to access your device location data, the APP will be able to do a Bluetooth scan and connect your watch to your device during onboarding.
By giving your permission for the APP to access your device background location data, the APP will e.g. be able to draw a map for your exercise tour and calculate and display distance and pace. It can also be used for weather forecasting, “find your watch” or Walk Me Home.
3.- Movement and activity
4.- Sleep monitoring
B) Analysis data
Notwithstanding your consent to capture and record your data, we are going to ask for a specific permission to capture the following data:
Background location data is collected and stored on the server to make it available for you and also used to make calculations in the back end. When using the feature Walk Me Home, for a friend to be able to see your position, your location and ID is collected and stored on the server only as long as the session is ongoing.
We may extract background location and location data, di-identified, for statistics and for future improvements to customize the functions dependent on geolocation data.
Every process that sustains itself on a previous consent can be changed and/or reversed, never affecting the legality of the data record that may have been done already based on this consent that existed before its modification and/or revocation. The modification and/or revocation of that consent can be done through the app.
The personal data processing we do is done with the following finalities:
1.- The services’ provision regarding the hybrid watches functionalities. The achievement of that finality means:
The content of that communication gets processed locally through the watch and/or the App.
In general, with analytic purposes, only a bit of an event information will get recorded, not the data associated with that event. In any case, that data would only be related to a concrete watch, never the user.
2.- Analysis, market research and statistics.
We use data related to the compilation of specific information used for the use of specific services which have analytics finalities related to the physical exercise.
Likewise, we use this information with statistical purposes and for market research, trying to obtain information regarding the frequency and use of the services and functioning of the hybrid watch. Always, trying to optimize and upgrade our application and services.
To monitor and control the app’s use, we use tools we have developed and analysis services like Firebase or Big Query, which receives anonymous information the App sends about the user’s use of the watch. That analyses the data and provides relevant reports just for this purpose.
Legal basis. Legal framework (EU)
The legal base of the services’ provision related to functionalities of hybrid watches is done based on the existence and execution of a contractual and/or precontractual relationship.
The legal base of the data treatment with finalities related to analysis, market research and statistics also is the satisfaction of that legitimate business interest.
Legal obligation: sometimes, the legal base of the personal information recording is a legal obligation.
Disclosure of information
We share information only in the following scopes and cases:
Externally (third parties aliens to FESTINA and its business group):
The adhesion to the Privacy Shield Frameworks EU-USA and Switzerland-USA is going to be justified by the official certificate that the U.S. Department of Commerce issues.
You can find complete information about the Privacy Shield Framework or know if a company is one of the Privacy Shield Framework members consulting the Privacy Shield List in the U.S. Department of Commerce website (https://www.privacyshield.gov/welcome).
In that list, you can find data of all the companies that are members of the Privacy Shield Framework, of the personal data they use and also the kind of services they provide.
Being FESTINA the responsible of the treatment of any personal information, FESTINA can entrust those services as a responsible fellow, whether they imply treatment or not and whether it is automatized or not, to treatment managers, in the number it considers necessary, which will adopt all the organizational and operational decisions that are needed for the service provision that one has hired, which won’t mean, by any means, that finalities and use of data can change, nor that it can be used for their personal purposes and interests.
However, FESTINA, as the responsible of the treatment is going to be diligent and will only choose those who offer enough guarantees about the implantation and maintenance of technical and organizational measures, in accordance with what the RGPD establishes, guaranteeing the protection of the affected people’s rights.
FESTINA guarantees that its providers of the service in the EU use, exclusively, techniques of data depuration (i.e. that all the information is correct, etc.) excluding the use of enrichment data technologies.
By providing us with your data, you accept that we may share your data, if necessary, with a third party that is acting on FESTINA’s behalf to provide services and to enhance the experience of our website and our products or services. These third party service providers and data processors are contractually obliged to treat such information in the strictest confidence. It is also contractually forbidden for them to use the data in any other way than required. The necessary steps are taken to ensure that our service providers and the processors working on our behalf protect confidentiality of your data.
There may be occasions on which we disclose your data to our partners in an anonymous form. Such data includes, for example, information about the number of visitors to our website during a certain period of time. Such information is generally only disclosed in a ‘bundled’ and thus anonymous form.
FESTINA may also use your Personal data if it is necessary to protect perceived rights, safety and property of FESTINA, our partners, users of our website or products and the public. In some cases, it may be necessary to use your Personal data in accordance with legal and regulatory requirements.
When required by the public administration, acting through its administrative bodies, or by Judges and Courts, acting within the scope of their jurisdiction, and some times required by state securities forces, exists the legal obligation of divulging personal information to the corresponding authorities and officers.
Notwithstanding with the above, FESTINA, through its application, will offer the possibility of deactivate the option that permits the sharing of that information with third parties’ apps.
Other than what is set forth above, FESTINA will notify you when Personal data about you is shared with third parties and you will have the opportunity to choose not to have FESTINA share such information.
Every international data transfer the responsible and/or the treatment manager want to do and implies data flow between some territory in the EU and a received who is in a country out of the European Economic Area (EEA: all the countries that are members of the European Union plus Liechtenstein, Iceland and Norway) will necessarily have the correspondent authorization from whoever is the one in charge of that (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) excepting when:
1.- The addressee (being it a country, a territory, an organization, etc.) is declared as “suitable” by the European Union:
To this date, those countries that have not been declared as “suitable” by the EU regarding the art. 45 of the RGPD are: Switzerland, Canada, Argentina, Guernsey, Isle of Man, Jersey, Faeroe Islands, Andorra, Israel, Uruguay, New Zealand, Japan and United States of America ( Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield)
2.- In the absence of an implementing decision, if the country has one of those guarantees:
3.- In absence of an implementing decision and guarantees, if one, if not more, previsions of those established in the art. 49 RGPD.
In any case, the treatment manager will have to sign a contract of service with a third party according to what the art. 28 RGPD establishes for every international transfer of data that is a consequence of a services’ provision having one of those countries as destination.
Sharing of Personal Data to friends
Some of our products allow you to share location data with friends through for instance social networks. If you input your login information of any social network in order to share location data, such login information is only stored locally on your device and is not provided to FESTINA.
When a user logs into the IFTTT service, the user is directed to a website that gathers cookies that are redirected to the app IFTTT afterwards. Once the connection has been made, the IFTTT service redirects the user to the website, that finalizes its connection.
Retaining personal information
Data that we process for any purpose will not be kept for longer than is necessary for that purpose. To guarantee the functionality of the app and the correct execution of its services, the information captures will be preserved for as long as the account is active. If the account is deleted, after the user asks for it or if FESTINA decides to do so unilaterally (if the account is inactive for example, or if FESTINA discovers the account is being used fraudulently, etc.), we are going to delete all the information captured direct or indirectly through the application.
We will however retain your data for a longer period to the extent that we are required to do so by law or if necessary in order to establish, exercise or defend our legal rights. Also, we are going to retain all the registration requests and the unsubscribe requests of the publicity electronic communications.
Security of personal information
FESTINA is committed to keeping your data secure against unauthorized access or use, alteration, unlawful or accidental destruction and accidental loss. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to your data. However, you should be aware that there is always some risk involved in transmitting information over the internet.
Your rights (only for personal data)
Although the App doesn’t gathers nor records personal information, FESTINA informs that, in accordance with its personal data protection policy, your rights regarding this data are the following ones:
Notwithstanding this, you have the right to request information about the Personal data that FESTINA holds on you, its origin and recipients as well as the purpose for which it is being stored permanently.
The interested party has the following rights:
Participants have recognised and may exercise the rights to access, cancel, modify and oppose to FESTINA LOTUS, S. A. by writing to the postal address Vía Layetana, nº 20, 4ª floor, 08003, Barcelona, indicating your personal data and attaching a copy of your national ID certificate, or via the email address: firstname.lastname@example.org
If your Personal data is incorrect, incomplete or irrelevant, you can ask to have such Personal data information corrected or removed. We will notify you within 10 days of receiving the request as to whether and, if so, to what extent, we will comply with your request. If for any reason we don’t comply with your request, we will provide you with the reasons.
Any user or consumer who considers that FESTINA has not processed their personal data pursuant to the applicable regulations may file a complaint with the competent control authority of each EU member country. You can consult that information here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
Regarding the sending of publicity commercial communications related with our products and services, the user of the app can, at any moment, ask for his or her unsubscription, whether it’s through the app or through the link that with this purpose any publicity commercial communication has.
Accordingly to the California Consumer Privacy Act (CCPA), we are going to keep a policy of no divulging personal information to third parties with marketing finalities if a resident from California has voluntarily declared that is his or her will and if he or she has done that before registering.
Amendments to this policy
Operative and services’ availability warning
For the enjoyment of the services enabled by the hybrid watch, the requested personal information is needed. If you choose not to provide that requested information, various customer benefits may not be available. In certain cases, only those who have submitted the necessary data are able to use certain services and in other ways avail themselves of the activities and offers available on our application.
The disabling of the Bluetooth connection between the mobile device and the app means that whatever transfer of data between them will stop or, if that was the case, won’t get started. In that case, the functionalities of the app, the watch and/or the mobile device can stop its functioning or damage its functioning.
Privacy contact information