FESTINA LOTUS SA (hereinafter, FESTINA).
Velázquez Street nº 150, 3rd 1
28002 Madrid (Madrid)
registered in the Madrid Commercial Registry, Volume 28627, folio 51, Page M-515523.
Any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Examples of personal data
- a name and surname;
- a home address;
- an email address
- an identification card number;
- location data (for example the location data function on a mobile phone)*;
- an Internet Protocol (IP) address;
- a cookie ID*;
- the advertising identifier of your phone;
- data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.
Identifiable natural person:
Those who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A mechanic traditional watch, technologically advanced, that has smartwatch properties that are executed using an app, any of the connected watches apps, once the owner synchronizes them.
These are the apps (Lotus Connected, Jaguar Connected, Kronaby, Festina Connected) that gets installed in your phone so you can use the services provided by the hybrid watch.
Personalized apps and third parties’ apps:
FESTINA can develop personalized applications, which are susceptible of being used to amplify and/or complete the functionalities and services of its hybrid watches. Likewise, it can give you the opportunity of using third parties’ applications that are going to amplify and/or complete the functionalities and services of its hybrid watches.
Hybrid watches’ functionalities and services:
Set of services and options that are available through the app which processes the users’ personal information.
Collection of data
This App doesn’t collect personal information whatsoever; all the data we record and analyse links the information with a concrete watch and there is no way for anyone to link up that data with a specific person.
The App gathers the following information:
- Information about your mobile device and about your visits to and use of our app.
- Information that you provide to us when using your product and when you are using services associated with your product which we provide:
- It can be necessary to facilitate more specific information (i.e. physical activity data, age, weight, height, geolocation, personal calendar, etc.) which is necessary to use specific services provided by the hybrid watch (i.e. sleep analysis, distance walked, etc.)
- The App doesn’t collect the information you facilitate or provide when you register your product after its purchase. To register your product, you won’t use, in any case, any of your social networks (i.e. Facebook, Instagram, etc.) so there is no way we gather the information you may have uploaded in those social networks.
The types of data that FESTINA collects may include the following:
A) Data related with information that is required to use specific services:
1.- Notifications and alerts
- Email, messages and instant messaging reception in your device
Calendar alerts’ information in your device
For the reception of notifications and alerts in the device once you receive an email, message, instant message, event, etc., you need to activate this option in the App settings. The application will only record the existence of the event, not the data associated with that event.
2.- Location and background location data
- Location data
By giving your permission for the APP to access your device location data, the APP will be able to do a Bluetooth scan and connect your watch to your device during onboarding.
- Background location data
By giving your permission for the APP to access your device background location data, the APP will e.g. be able to draw a map for your exercise tour and calculate and display distance and pace. It can also be used for weather forecasting, “find your watch” or Walk Me Home.
3.- Movement and activity
- Daily movement habits’ data (i.e. number of steps, distance walked, goals, etc.)
Age, weight and height data for consumption calories’ calculation
Cardio frequency data
4.- Sleep monitoring
- Data regarding your behaviour pattern when you go to sleep and wake up, information about your sleep (when you go to bed and when you wake up), data about your sleep quality.
B) Analysis data
- Use of the app functionalities’ data
hybrid watch functioning data
App data (i.e. version, personal adjustments, etc.)
Device data (i.e. manufacturer, operative system, serial number, etc.)
Notwithstanding your consent to capture and record your data, we are going to ask for a specific permission to capture the following data:
- geolocation data
Background location data is collected and stored on the server to make it available for you and also used to make calculations in the back end. When using the feature Walk Me Home, for a friend to be able to see your position, your location and ID is collected and stored on the server only as long as the session is ongoing.
We may extract background location and location data, di-identified, for statistics and for future improvements to customize the functions dependent on geolocation data.
- health data
Every process that sustains itself on a previous consent can be changed and/or reversed, never affecting the legality of the data record that may have been done already based on this consent that existed before its modification and/or revocation. The modification and/or revocation of that consent can be done through the app.
The personal data processing we do is done with the following finalities:
1.- The services’ provision regarding the hybrid watches functionalities. The achievement of that finality means:
- Administration of the user’s registry and use of the app. The given data will identify the hybrid watch and will allow the user’s access to functionalities and services that are created only for registered users.
- Receive informative communications related to the used services (i.e. personal goals, etc.) and/or alerts or actualizations of the device and/or the watch app, and also news related to those services, everything through the email, message or other type of electronic methods of communication.
The content of that communication gets processed locally through the watch and/or the App.
In general, with analytic purposes, only a bit of an event information will get recorded, not the data associated with that event. In any case, that data would only be related to a concrete watch, never the user.
2.- Analysis, market research and statistics.
We use data related to the compilation of specific information used for the use of specific services which have analytics finalities related to the physical exercise.
Likewise, we use this information with statistical purposes and for market research, trying to obtain information regarding the frequency and use of the services and functioning of the hybrid watch. Always, trying to optimize and upgrade our application and services.
To monitor and control the app’s use, we use tools we have developed and analysis services like Firebase or Big Query, which receives anonymous information the App sends about the user’s use of the watch. That analyses the data and provides relevant reports just for this purpose.
Legal basis. Legal framework (EU)
The legal base of the services’ provision related to functionalities of hybrid watches is done based on the existence and execution of a contractual and/or precontractual relationship.
The legal base of the data treatment with finalities related to analysis, market research and statistics also is the satisfaction of that legitimate business interest.
Legal obligation: sometimes, the legal base of the personal information recording is a legal obligation.
Disclosure of information
We share information only in the following scopes and cases:
- Data can be given to FESTINA subsidiaries and/or investee companies with the finality of providing a better commercial service and better after sales service.
- This information, combined with other personal data that other companies of the group have gathered about a user (i.e. shopping data, etc.) can be analysed as a whole. However, it will always be necessary the user’s consent given when he or she registers his or hers purchase.
Externally (third parties aliens to FESTINA and its business group):
- To obtain services related to the data treatment finalities, we share information with other business and/or professionals (third parties) that won’t be ever allowed to use those data for their internal purposes.
- In those services, we include the data hosting. Regarding this, we stock this personal information in the EU, being that in our offices or our providers’ offices that have its headquarters in the EU. The personal information that may be hosted in the USA, country that doesn’t give the optimum level of protection, will be exclusively hosted by service providers that give suitable guarantees through its adhesion to the Privacy Shield Frameworks (EU-USA and Switzerland-USA) and the existence of specific contractual clauses.
The adhesion to the Privacy Shield Frameworks EU-USA and Switzerland-USA is going to be justified by the official certificate that the U.S. Department of Commerce issues.
You can find complete information about the Privacy Shield Framework or know if a company is one of the Privacy Shield Framework members consulting the Privacy Shield List in the U.S. Department of Commerce website (https://www.privacyshield.gov/welcome).
In that list, you can find data of all the companies that are members of the Privacy Shield Framework, of the personal data they use and also the kind of services they provide.
Being FESTINA the responsible of the treatment of any personal information, FESTINA can entrust those services as a responsible fellow, whether they imply treatment or not and whether it is automatized or not, to treatment managers, in the number it considers necessary, which will adopt all the organizational and operational decisions that are needed for the service provision that one has hired, which won’t mean, by any means, that finalities and use of data can change, nor that it can be used for their personal purposes and interests.
However, FESTINA, as the responsible of the treatment is going to be diligent and will only choose those who offer enough guarantees about the implantation and maintenance of technical and organizational measures, in accordance with what the RGPD establishes, guaranteeing the protection of the affected people’s rights.
FESTINA guarantees that its providers of the service in the EU use, exclusively, techniques of data depuration (i.e. that all the information is correct, etc.) excluding the use of enrichment data technologies.
By providing us with your data, you accept that we may share your data, if necessary, with a third party that is acting on FESTINA’s behalf to provide services and to enhance the experience of our website and our products or services. These third party service providers and data processors are contractually obliged to treat such information in the strictest confidence. It is also contractually forbidden for them to use the data in any other way than required. The necessary steps are taken to ensure that our service providers and the processors working on our behalf protect confidentiality of your data.
There may be occasions on which we disclose your data to our partners in an anonymous form. Such data includes, for example, information about the number of visitors to our website during a certain period of time. Such information is generally only disclosed in a ‘bundled’ and thus anonymous form.
FESTINA may also use your Personal data if it is necessary to protect perceived rights, safety and property of FESTINA, our partners, users of our website or products and the public. In some cases, it may be necessary to use your Personal data in accordance with legal and regulatory requirements.
When required by the public administration, acting through its administrative bodies, or by Judges and Courts, acting within the scope of their jurisdiction, and some times required by state securities forces, exists the legal obligation of divulging personal information to the corresponding authorities and officers.
Notwithstanding with the above, FESTINA, through its application, will offer the possibility of deactivate the option that permits the sharing of that information with third parties’ apps.
Other than what is set forth above, FESTINA will notify you when Personal data about you is shared with third parties and you will have the opportunity to choose not to have FESTINA share such information.
Every international data transfer the responsible and/or the treatment manager want to do and implies data flow between some territory in the EU and a received who is in a country out of the European Economic Area (EEA: all the countries that are members of the European Union plus Liechtenstein, Iceland and Norway) will necessarily have the correspondent authorization from whoever is the one in charge of that (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) excepting when:
1.- The addressee (being it a country, a territory, an organization, etc.) is declared as “suitable” by the European Union:
To this date, those countries that have not been declared as “suitable” by the EU regarding the art. 45 of the RGPD are: Switzerland, Canada, Argentina, Guernsey, Isle of Man, Jersey, Faeroe Islands, Andorra, Israel, Uruguay, New Zealand, Japan and United States of America ( Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield)
2.- In the absence of an implementing decision, if the country has one of those guarantees:
- an instrument which is juridically binding and enforceable between authorities or public organizations
- binding cooperative standards
- standard clauses adopted by the Commission
- data protection standard clauses adopted by a control authority and approved by the EU Commission
- Codes of conduct and binding commitments which are enforceable from the responsible of that data or the treatment manager of always apply suitable guarantees, included the ones related to the people affected
- certification mechanisms, with binding commitments which are enforceable from the responsible of that data or the treatment manager of always apply suitable guarantees, included the ones related to the people affected
3.- In absence of an implementing decision and guarantees, if one, if not more, previsions of those established in the art. 49 RGPD.
In any case, the treatment manager will have to sign a contract of service with a third party according to what the art. 28 RGPD establishes for every international transfer of data that is a consequence of a services’ provision having one of those countries as destination.
Sharing of Personal Data to friends
Some of our products allow you to share location data with friends through for instance social networks. If you input your login information of any social network in order to share location data, such login information is only stored locally on your device and is not provided to FESTINA.
When a user logs into the IFTTT service, the user is directed to a website that gathers cookies that are redirected to the app IFTTT afterwards. Once the connection has been made, the IFTTT service redirects the user to the website, that finalizes its connection.
Retaining personal information
Data that we process for any purpose will not be kept for longer than is necessary for that purpose. To guarantee the functionality of the app and the correct execution of its services, the information captures will be preserved for as long as the account is active. If the account is deleted, after the user asks for it or if FESTINA decides to do so unilaterally (if the account is inactive for example, or if FESTINA discovers the account is being used fraudulently, etc.), we are going to delete all the information captured direct or indirectly through the application.
We will however retain your data for a longer period to the extent that we are required to do so by law or if necessary in order to establish, exercise or defend our legal rights. Also, we are going to retain all the registration requests and the unsubscribe requests of the publicity electronic communications.
Security of personal information
FESTINA is committed to keeping your data secure against unauthorized access or use, alteration, unlawful or accidental destruction and accidental loss. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to your data. However, you should be aware that there is always some risk involved in transmitting information over the internet.
Your rights (only for personal data)
Although the App doesn’t gathers nor records personal information, FESTINA informs that, in accordance with its personal data protection policy, your rights regarding this data are the following ones:
Notwithstanding this, you have the right to request information about the Personal data that FESTINA holds on you, its origin and recipients as well as the purpose for which it is being stored permanently.
The interested party has the following rights:
- Access: Enables confirmation to be obtained if FESTINA processes your personal data and also enables personal data included in the FESTINA files to be queried.
- Modification: Enables personal data to be modified when it is inaccurate or incomplete.
- Opposition: You can request that your personal data is not processed. FESTINA will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- Cancellation: Delete your personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Limitation: You can request limitation on the processing of your data in the following cases:
- While the accuracy of your data is verified;
When the processing is illegal, you oppose the deletion of your data, and request the limitation of its use;
When FESTINA does not need to process your data, but you need it in order to exercise or defend claims;
When you have opposed the processing of your data for the purpose of fulfilling a mission that is in the public interest or to satisfy a legitimate interest, while verifying whether the legitimate reasons for the processing prevail over yours.
- While the accuracy of your data is verified;
- Portability: You can receive, in electronic format, the personal data that you provided and the data obtained from your contractual relationship with FESTINA, and also transfer it to another entity.
Participants have recognised and may exercise the rights to access, cancel, modify and oppose to FESTINA LOTUS, S. A. by writing to the postal address Vía Layetana, nº 20, 4ª floor, 08003, Barcelona, indicating your personal data and attaching a copy of your national ID certificate, or via the email address: firstname.lastname@example.org
If your Personal data is incorrect, incomplete or irrelevant, you can ask to have such Personal data information corrected or removed. We will notify you within 10 days of receiving the request as to whether and, if so, to what extent, we will comply with your request. If for any reason we don’t comply with your request, we will provide you with the reasons.
Any user or consumer who considers that FESTINA has not processed their personal data pursuant to the applicable regulations may file a complaint with the competent control authority of each EU member country. You can consult that information here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
Regarding the sending of publicity commercial communications related with our products and services, the user of the app can, at any moment, ask for his or her unsubscription, whether it’s through the app or through the link that with this purpose any publicity commercial communication has.
Accordingly to the California Consumer Privacy Act (CCPA), we are going to keep a policy of no divulging personal information to third parties with marketing finalities if a resident from California has voluntarily declared that is his or her will and if he or she has done that before registering.
Amendments to this policy
Operative and services’ availability warning
For the enjoyment of the services enabled by the hybrid watch, the requested personal information is needed. If you choose not to provide that requested information, various customer benefits may not be available. In certain cases, only those who have submitted the necessary data are able to use certain services and in other ways avail themselves of the activities and offers available on our application.
The disabling of the Bluetooth connection between the mobile device and the app means that whatever transfer of data between them will stop or, if that was the case, won’t get started. In that case, the functionalities of the app, the watch and/or the mobile device can stop its functioning or damage its functioning.
Privacy contact information