Fossil App Privacy Policy – Wearables Support

FOSSIL SMARTWATCHES PRIVACY NOTICE

Last Updated: April 25, 2019

At Fossil Group, Inc., ("Fossil Group”, “Fossil", "we", or “us”) we value and protect your rights to data protection and privacy. This Privacy Notice describes:

What Personal Information we collect from the Fossil Smartwatches App, Fossil Smartwatches Watch Apps, and Fossil Smartwatches Device and the purposes for which we use it.
What Personal Information we transfer to third parties.
Your rights and how you can execute such rights.
How you can contact us.

1. Summary

In the following we will provide you a quick summary of which personal information we use for which purposes and about your rights. For more details go to the relevant Sections below.

1.1 Service Provision

We process Personal Information about you in order to provide you with the full range of services and features of your Fossil Smartwatches App, Fossil Smartwatches Watch Apps, and Fossil Smartwatches Device. This includes data you enter when setting up your user account and information required in order to receive specific features. For example, for distance and pace measuring, or calculation of calories burned, we might require information about your height, weight, heart rate, and geolocation. (For further information go to sections 3.1-3.7 below)

1.2 Analytics

We and our service providers track and run analyses of the usage of the App, Watch Apps, and Device (to determine which functionalities are used more often than others) to understand how they are used and improve them. (For further information go to Section 3.8 below)

1.3 Marketing

We can use your Personal Information for marketing purposes to provide you with offers about our products and services, unless you opt-out. (For further information go to Section 3.9 below)

1.4 Data access by recipients

Our service providers and other Fossil Group companies also access your information in order to provide services to you and handle your data as described in this Privacy Notice. (For further detail go to Section 5 below)

1.5 Your rights

Your rights may include the right to access, correct, and delete your Personal Information. You may also request the restriction of and, if applicable, withdrawal of your consent or objection to the processing (please proceed to Section 8 for a detailed description of your rights).

1.6 Location of your information

Personal Information we collect will be primarily stored in the United States with us and our cloud service providers, if necessary either in accordance with the EU – and Swiss – U.S. Privacy Shield Framework or subject to other appropriate safeguards. (For further information go to Section 9 below).

2. When does this Privacy Notice apply?

This Privacy Notice applies to the Fossil Smartwatches App, Fossil Smartwatches Watch Apps, and Fossil Smartwatches Device. For further information about what these terms comprise please see Section 12.

This Privacy Notice does not apply to your purchase transaction of the Device or to any purchase on our websites.

3. What Personal Information do we collect on which legal basis and what do we use it for?

In order to provide you with our services and the full range of features of our App, Watch Apps, and Devices, we use Personal Information.

We receive Personal Information collected by third party services (e.g. Google Fit). You can deactivate such an App data sharing using the settings of the third party service.

The Personal Information that we collect include the following (please note: As the availability of functionality may vary, depending on your App, Watch Apps, and Device, not every one of the followings sections may apply to you):

3.1 General Account data

When you use the App, Watch App, and Device we will collect general account data, including examples such as your first and last name, your email address, your date of birth, your gender, your height and weight, a photo, the password selected for your App account, the App version, Device information (e.g. Device serial number), paired mobile device information (e.g. smartphone manufacturer, model, operating system) and your personal account and App settings (e.g. which features you want to use).

We will also collect this information when you sign-up using a social media login, such as via Facebook or Google+. In this and other cases we collect publicly available information about you on your social media account. We do not collect or store your social media password if you sign up using a social media login.

3.2 Activity and sleep data

In order to help you understand both your daily movement habits and your personal fitness, we use additional Personal Information. Examples include the calculated number of steps you have taken, your heart rate, calories burned, your mode of movement (e.g. running or walking), travelled distance, the time zone, and your goals for the day and whether you achieved them. In order to enable us to calculate calories burned we use your height, weight, and date of birth information. You may also choose to input information related to your activities through the App, such as updating information about your weight.

With the aim of enabling you to understand and to improve your sleeping habits, some Devices collect sleep start time, sleep end time, the time you go to bed, and the time you wake up. We also collect details of sleep, such as when light sleep or restful sleep occur, to show you data and insights about your sleeping patterns.

Certain activity and sleep data might be regarded as "health related data" in certain jurisdictions.

3.3 Notifications and alerts

If you want to be notified by your Device when you receive a text message, email, app alert, or when there is an upcoming event in the calendar of your mobile device, you need to activate this in the App settings. We do not store content of the notifications, we only track that a notification occurred.

3.4 Location information

When you install the App, you will be asked to grant access to your geolocation data. When you install or use Watch Apps for the first time, including on devices powered with Wear OS by Google, you will be asked to grant the Watch App access to your Device’s geolocation data (if equipped) or the paired mobile device’s geolocation data. We can use that information to customize the App or Watch Apps with location-based information and features; examples may include automatically updating local weather information, tracing an activity route, or to help locate your Device based on last known location.

3.5 Performance report and customer support

In the event our App or Watch Apps stop working we will receive information about your paired mobile device and Device (e.g. model, software version, mobile device carrier) and any additional information you share with us, which allows us to identify and fix bugs and otherwise improve the performance of our App and Watch Apps.

In the event you contact us for customer support also we will process your Personal Information.

3.6 Watch Apps

When you install or use one of our Watch Apps, you will be asked to grant the Watch App access to certain types of information from your Device and/or a paired mobile device (e.g. geolocation data, events on your personal calendar, or fitness activity data). If you grant such permission, the Watch App can collect information and use that information to provide specific features or services; for example to allow you to display a pre-selected watch face during a specific event, to download photos from social media, or to help locate your Device based on last known location.

3.7 Emails and other communications

We send you push notifications to provide you with information about your personal goals and alerts about updates for the Device, the App, or Watch Apps.

We will send you emails related to the administration of your account, such as a welcome email when you create your account, a confirmation email if you delete your account, emails if you forgot your password and need assistance changing it, or a reminder that your account may be deactivated after a period of inactivity.

For paired mobile devices, you can at any time stop transfer of data from the paired mobile device to the App or Watch Apps by disabling the Bluetooth connection between the Device and the mobile device; however, in this case the functionalities described above may not work.

3.8 Analytics

We aggregate and de-identify data (so that the data is not associated with an individual’s name or other personally identifiable information) collected through the App, Watch Apps, and Device and use it for a variety of analytical purposes, such as determining the average daily steps taken by App users, analyzing fitness trends, watch faces selected by Watch App users, or obtaining other information to improve our products and services.

We use your Personal Information for other marketing, statistical, and market research purposes to learn more about our customers and users. For these purposes we also use publicly available Personal Information about you (e.g. from your social media profiles).

We use Google Analytics to track and examine how our App and Watch Apps are used and how we may improve them to enhance and improve our services. Google Analytics is an analysis service provided by Google Inc., located in the USA. In order to use Google Analytics, our App is sending anonymized information about your usage of our App to Google Analytics, where the data is aggregated and analysed to provide meaningful reports for us. We do not connect data from Google Analytics with any of your Personal Information. You can opt-out from our collection of data by Google Analytics at any time in the App's settings.

3.9 Marketing

We can use your Personal Information for marketing purposes to provide you with offers about our products and services. By analysing your general contract information (3.1) and how our services are used we select which marketing information may be of specific interest for you. We might also send you promotional emails (in the EU: only for products similar to your purchases). At any time you can opt-out from the use of your Personal Information for marketing purposes as described under Section 8.1.

We will not use data relating to your health for marketing purposes.

If you enter a global sweepstake, contest, or competition we sponsor, we use your Personal Information to enable your participation.

3.10 Legal Basis (EU)

EU law obliges us to name the legal basis for the processing activities described in this chapter 3.

3.10.1 Performance of a contract: Most of our processing activities are necessary for the provision of our services (legally: performance of our contract with you - Sections 3.1 to 3.3, 3.5 to 3.7).

3.10.2 Consent: For geolocation data (Section 3.4) and for some marketing activities (Section 3.9) we require your prior explicit consent. As far as activity data (Section 3.2. above) may be considered health-related data we require your explicit consent for the processing.

3.10.3 Legitimate Interests: The processing for analytical (Section 3.8) and for marketing purposes is based on our legitimate interests.

3.10.4 Legal obligation: In some cases we process your Personal Information due to a legal obligation (for further information go to Section 6. below).

4. Can you share your Personal Information?

The App allows you to share Personal Information from the App on social networks like Facebook or transfer Personal Information to other apps like Apple Health or Google Fit. You can deactivate such an App data sharing using the settings of your App.

We do not control and do not assume any responsibility for the use of Personal Information by such third parties. For more information about the third party’s purpose and scope of their use of Personal Information in connection with sharing features, please visit the privacy policies of such third party apps and their providers.

5. When do we share Personal Information?

We will share your Personal Information in the following cases.

5.1 Legal obligation and internal purposes

We disclose your Personal Information (i) in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements; (ii) in order to protect and defend the rights or property of us or third parties; or (iii) in an emergency, in order to protect the safety of our employees or any person.

Additionally in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation, or other similar corporate reorganization, your Personal Information may be part of the transferred assets. Where required by applicable law (such as in the EU) or the Privacy Shield Principles we will inform you about and ask for your permission for the transfer of your Personal Information.

5.2 Joint processing within Fossil Group

Your Personal Information will be combined with or connected to other Personal Information that Fossil Group companies have obtained about you (e.g. purchase details of your Device, other goods you have purchased on a company website). We will also make your data available to Fossil Group companies if required to provide warranty and other after-sale services to you (please visit www.fossilgroup.com for information about Fossil Group member companies).

5.3 Sharing with third parties

We involve other companies for the provision of services or for hosting Personal Information. These companies are only permitted to use Personal Information on our behalf; they must not use such data for their own purposes except as permitted by law. Examples of subcontractors are hosting or other service providers such as Amazon Web Services, Inc. and Google Inc., and service providers we use for customer care such as Zendesk, Inc.

We contract with service providers using data enrichment technologies (this does not apply to the EU, where we only use data cleansing techniques, i.e. ensuring that your data such as your address are correct).

Provided your Personal Information is subject to the Privacy Shield agreement, we will remain liable that processing of Personal Information by service providers or subcontractors is consistent with our instructions, unless we are not responsible for such inconsistent processing. See Section 8 below for additional information related to the Privacy Shield agreement.

5.4 Sharing de-identified information with third parties

We may share aggregated and de-identified data (which is not associated with an individual’s name or other personally identifiable information) collected through the App or Watch Apps with third parties for any lawful purpose.

6. Children's online privacy protection

We do not knowingly collect, maintain, or use Personal Information via the App or Watch Apps about children under the age of 16. Persons under the age of 16 may not use the App or Watch Apps, and their request for accounts will be denied. If we become aware that a child under the age of 16 has sent Personal Information to us without prior parental consent, we will remove his or her Personal Information from our files. Please note that outside the US other age thresholds may apply.

7. How long do we store and how do we secure Personal Information?

We will retain your Personal Information as long as necessary to provide you with App, Watch App, and Device functionality and services but in any event only as long as your account is active. When you delete your account or we disable it after a time of inactivity and notification from us, we will also delete your Personal Information obtained from the App, Watch Apps, or Device from our systems (excluding any information we have de-identified).

However, to the extent necessary we may keep some of your Personal Information for legal reasons (e.g. tax law, the defense against, or the establishment of, legal claims, and in order to demonstrate that our processing complies with data protection law requirements). We also keep your opt-in or opt-out requests for marketing emails (even if such request is made in or through the App).

8. What are your rights?

8.1 Your rights

We encourage you to address any inquiries or concerns you may have regarding our use of your Personal Information by using the contact details provided in Section 11 below.

With or without contacting us you can, by simply changing your settings in the App, at any time withdraw your consent, where our processing is based on your consent, without affecting the lawfulness of processing based on consent before the withdrawal.

At any time you may opt out from receiving marketing notifications or emails. You can opt out of marketing notifications or emails by changing the settings in your App or sending us an email or mail to the addresses listed under Section 11 below. You may also unsubscribe from email marketing by using the unsubscribe link contained in an email from us.

8.2 Your additional rights provided by EU law

By contacting us as set forth in Section 11 below in the EU you may exercise your rights, including the right to request from us access to, correction of, deletion of, and restriction of the Personal Information we hold about you. You also have the right to data portability (to receive data you provided in a machine readable format).

You may at any time object to our processing based on legitimate interests and to receiving marketing notifications or emails as described above under 8.1.

If your Personal Information is subject to the Privacy Shield agreement, further rights are described in Section 9 below. Apart from this you have to right to lodge a complaint with the responsible data protection authority.

8.3 California

The California Consumer Privacy Act of 2018 (CCPA) provides California residents with specific rights regarding their personal information over the last 12 months. If you are a California resident you have the right to request the disclosure of

the categories of personal information we collected about you
the categories of sources from which the personal information is collected
the business or commercial purpose for collecting or selling personal information
the categories of third parties with whom we share personal information and
the specific pieces of personal information we have collected about you.

You have the right to request that we delete any personal information about you that we have collected, subject to certain exceptions defined in CCPA.
To exercise your access and deletion rights described above you have to submit a verifiable request to us by sending us an email at privacy.nam@fossil.com, or calling us at +1 (800) 449-3056. The verifiable request must contain sufficient information that allows us to verify you as a person and to properly understand and respond to your inquiry. As part of our verification process we will send you an email with a link to verify your email address. Following this we will ask you further verification questions. Once the verification process is complete we will send you emails with login credentials to our secure privacy portal for you to access, download or delete your data.
We will respond to your verifiable request within 45 days of receipt. If we require more time (up to 90 days) we will provide you with notice and explanation of the reason.
You may use an authorized agent to submit a request to access or delete on your behalf if you provide the authorized agent written permission to do so and verify your own identity directly with us. “Authorized agent” means a natural person or a business entity registered with the Secretary of State that a consumer has authorized to act on their behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf, unless you have provided the authorized agent with power of attorney, pursuant to Probate Code sections 4000 to 4465.
We do not sell your personal information.
We do not knowingly collect personal information from California residents between the ages of 13 and 16.
In the preceding 12 months, we have collected the following categories of personal information about California residents:

Category	Examples	Business/Commercial purpose for collecting	Sources	How it is shared
1. Identifiers	E.g. a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, device information, paired mobile device information or other similar identifiers.	Security, debugging/repair, maintaining or servicing accounts, providing customer services, verifying customer information, providing advertising or marketing services, providing analytic services, quality, safety maintenance and verification of a service or device	Directly from you Health and Activity Tracking Apps	With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	E.g. a name, address, telephone number, date of birth, medical information	Security, debugging/repair, maintaining or servicing accounts, providing customer services, verifying customer information, providing advertising or marketing services, providing analytic services, quality, safety maintenance and verification of a service or device	Directly from you Health and Activity Tracking Apps	With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers
3. Protected classification characteristics under California or federal law.	E.g. sex/gender	Maintaining or servicing accounts, providing customer services	Directly from you Health and Activity Tracking Apps	With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers
4. Biometric information	E.g. physical patterns, and sleep, health, or exercise data (the calculated number of steps you have taken, your heart rate, calories burned, your mode of movement (e.g. running or walking), travelled distance, the time zone, and your goals for the day and whether you achieved them)	Maintaining or servicing accounts, providing customer services	Directly from you Health and Activity Tracking Apps	With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers
5. Internet or other similar network activity	E.g. information on a consumer's interaction with an application	Security, debugging/repair, safety maintenance and verification of a service or device	Automatically as you navigate through the app	With our Business Partners and Affiliates include those to whom you instruct us to send this information; with our Service Providers
6. Geolocation data	Physical location or movements	Maintaining or servicing accounts, providing customer services	Directly from your GPS tracking device	With our Service Providers
7. Audio / Visual	Audio, electronic, visual, thermal, olfactory, or similar information	Maintaining or servicing accounts, providing customer services	Directly from you

We do not discriminate against you because you exercised any of your rights under the California Consumer Privacy Act, including, but not limited to, by:

Denying goods or services to you; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties,
Providing a different level or quality of goods or services to you,
Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may charge you a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to you by your data (e.g. your identifiers). In addition, we may offer financial incentives, including payments to you as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. We may also offer a different price, rate, level, or quality of goods or services to you if that price or difference is directly related to the value provided to you by your data. We may enter you into a financial incentive program only if you give us prior opt in consent which clearly describes the material terms of the financial incentive program, and which may be revoked at any time. We shall not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.

9. Data Storage in the U.S. and Privacy Shield

Personal Information we collect will be primarily stored in the United States with us and our cloud service providers in accordance with the EU – and Swiss – U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer Personal Information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.

In order to provide an adequate level of protection according to EU laws, Fossil Group, Inc., complies with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal information transferred from the EU, EEA member countries and Switzerland to the United States, respectively. Fossil has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. As a participant in the Privacy Shield, Fossil is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Fossil's certification, please visit https://www.privacyshield.gov/welcome. To view Fossil’s certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group’s subsidiaries, including Fossil Partners, LP and Misfit, Inc., also adhere to the Privacy Shield Principles.

If your Personal Information is subject to the Privacy Shield, and you do not believe Fossil has adequately addressed your privacy concerns, you can also address your concerns regarding the use of your Personal Information to the DMA free of charge as follows:

DMA

Privacy Shield

1333 Broadway

Suite #301

New York, NY 10018

To file a complaint/inquiry: https://thedma.org/resources/consumer-resources/privacyshield-consumers/

For information about the DMA and their Privacy Shield program visit: https://thedma.org/resources/consumer-resources/privacyshield-consumers/

In cases where the issue cannot be resolved by us or through the alternative dispute resolution proceedings you may invoke binding arbitration as further described in the Privacy Shield.

10. Changes to this Privacy Notice or how we use Personal Information

This Privacy Notice is effective as of April 25, 2019 and may be updated from time to time. We will notify you of material changes to our Privacy Notice by posting a prominent notice in the App, Watch App, or by sending you an email or a notification in which we may also seek your consent. If your Personal Data is subject to the Privacy Shield, and if Fossil decides to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify you, and in the case of health related information, ask for your consent; or in all other cases, provide you with the opportunity to opt-out of our use of your Personal Information for that purpose.

11. Who we are and how to contact us

The App, Watch Apps, and Device are provided to you by Fossil Group, Inc., 901 S. Central Expy, Richardson, Texas 75080, USA.

Please contact us if you wish to opt-out of marketing notifications or emails or if you want to exercise your further rights via email at privacy@fossil.com or mail us at Fossil Group, Attention: Chris King, Chief Compliance & Risk Officer, 901 S. Central Expressway Richardson, TX 75080, USA. Please also contact us at either of these addresses if have any questions regarding privacy and data protection in connection with the App, Watch Apps or Device.

Our EU representative is FESCO GmbH, Natzing 2, 83125 Eggstätt, Germany. You can either contact our EU representative sending an email to eu-privacy@fossil.com or calling +49-89-7484 6815.

12. Definitions

"Personal Information" is information that can be used either directly or indirectly (in combination with other information) to identify you, or something about you. Examples of Personal Information include your name, email address, Device serial number, your activities and other details we collect via the App, Watch Apps, or Device.

Fossil Smartwatches App (“App”) is the app you install on your mobile device for the use of our services. The Fossil Smartwatches App is not compatible with touchscreen devices.

Fossil Smartwatches Watch Apps ("Watch Apps") are applications we designed to be used with Devices to expand the personal features and services available to you. Watch Apps may come preinstalled on some Devices or may be downloaded to your Device.

Fossil Smartwatches Device ("Device") is a Fossil Smartwatches wearable. Hybrid devices run through the Fossil Smartwatches app, while touchscreen devices are powered with Wear OS by Google. Touchscreen devices do not pair to the Fossil Smartwatches App and must be registered through Google. Collection and use of your Personal Information on a touchscreen smartwatch through Google services is subject to Google's privacy policy.