CHAPS PRIVACY NOTICE
Last Updated: May 25, 2018
At Fossil Group, Inc. ("Fossil Group", "Fossil", "we", or "us") (licensee of CHAPS for CHAPS branded wearable devices) we value and protect your rights to data protection and privacy. This Privacy Notice describes:
- What Personal Information we collect from the CHAPS Connected App and CHAPS Device, and the purposes for which we use it.
- What Personal Information we transfer to third parties.
- Your rights and how you can execute such rights.
- How you can contact us.
In the following we will provide you a quick summary of which personal information we use for which purposes and about your rights. For more details go to the relevant Sections below.
1.1 Service Provision
We process Personal Information about you in order to provide you with the full range of services and features of your CHAPS Connected App and CHAPS Device. This includes data you enter when setting up your user account and information required in order to receive specific features. For example, for distance and pace measuring, or calculation of calories burned, we might require information about your height, weight, heart rate, and geolocation. (For further information go to sections 3.1-3.7 below)
We and our service providers track and run analyses of the usage of the App and Device (to determine which functionalities are used more often than others) to understand how they are used and improve them. (For further information go to Section 3.8 below)
We can use your Personal Information for marketing purposes to provide you with offers about our products and services, unless you opt-out. (For further information go to Section 3.9 below)
1.4 Data access by recipients
Our service providers and other Fossil Group companies also access your information in order to provide services to you and handle your data as described in this Privacy Notice. (For further detail go to Section 5 below)
1.5 Your rights
Your rights may include the right to access, correct, and delete your Personal Information. You may also request the restriction of and, if applicable, withdrawal of your consent or objection to the processing (please proceed to Section 8 for a detailed description of your rights).
1.6 Location of your information
Personal Information we collect will be primarily stored in the United States with us and our cloud service providers, if necessary either in accordance with the EU – and Swiss – U.S. Privacy Shield Framework or subject to other appropriate safeguards. (For further information go to Section 9 below).
2. When does this Privacy Notice apply?
This Privacy Notice applies to the CHAPS Connected App and CHAPS Device. For further information about what these terms comprise please see Section 12.
This Privacy Notice does not apply to your purchase transaction of the Device or to any purchase on our websites.
3. What Personal Information do we collect on which legal basis and what do we use it for?
In order to provide you with our services and the full range of features of our App and Device, we use Personal Information.
We receive Personal Information collected by third party services (e.g. Google Fit). You can deactivate such an App data sharing using the settings of the third party service.
The Personal Information that we collect include the following (please note: As the availability of functionality may vary, depending on your App and Device, not every one of the followings sections may apply to you):
3.1 General Account data
When you use the App and Device we will collect general account data, including examples such as your first and last name, your email address, your date of birth, your gender, your height and weight, a photo, the password selected for your App account, the App version, Device information (e.g. Device serial number), paired mobile device information (e.g. smartphone manufacturer, model, operating system) and your personal account and App settings (e.g. which features you want to use).
We will also collect this information when you sign-up using a social media login, such as via Facebook or Google+. In this and other cases we collect publicly available information about you on your social media account. We do not collect or store your social media password if you sign up using a social media login.
3.2 Activity and sleep data
In order to help you understand both your daily movement habits and your personal fitness, we use additional Personal Information. Examples include the calculated number of steps you have taken, your heart rate, calories burned, your mode of movement (e.g. running or walking), travelled distance, the time zone, and your goals for the day and whether you achieved them. In order to enable us to calculate calories burned we use your height, weight, and date of birth information. You may also choose to input information related to your activities through the App, such as updating information about your weight.
With the aim of enabling you to understand and to improve your sleeping habits, some Devices collect sleep start time, sleep end time, the time you go to bed, and the time you wake up. We also collect details of sleep, such as when light sleep or restful sleep occur, to show you data and insights about your sleeping patterns.
Certain activity and sleep data might be regarded as "health related data" in certain jurisdictions.
3.3 Notifications and alerts
If you want to be notified by your Device when you receive a text message, email, app alert, or when there is an upcoming event in the calendar of your mobile device, you need to activate this in the App settings. We do not store content of the notifications, we only track that a notification occurred.
3.4 Location information
When you install the App, you will be asked to grant access to your geolocation data. We can use that information to customize the App with location-based information and features; examples may include automatically updating local weather information, tracing an activity route, or to help locate your Device based on last known location.
3.5 Performance report and customer support
In the event our App stops working we will receive information about your paired mobile device and Device (e.g. model, software version, mobile device carrier) and any additional information you share with us, which allows us to identify and fix bugs and otherwise improve the performance of our App.
In the event you contact us for customer support also we will process your Personal Information.
3.6 Emails and other communications
We send you push notifications to provide you with information about your personal goals and alerts about updates for the Device or the App.
We will send you emails related to the administration of your account, such as a welcome email when you create your account, a confirmation email if you delete your account, emails if you forgot your password and need assistance changing it, or a reminder that your account may be deactivated after a period of inactivity.
For paired mobile devices, you can at any time stop transfer of data from the paired mobile device to the App by disabling the Bluetooth connection between the Device and the mobile device; however, in this case the functionalities described above may not work.
We aggregate and de-identify data (so that the data is not associated with an individual's name or other personally identifiable information) collected through the App and Device and use it for a variety of analytical purposes, such as determining the average daily steps taken by App users, analyzing fitness trends, or obtaining other information to improve our products and services.
We use your Personal Information for other marketing, statistical, and market research purposes to learn more about our customers and users. For these purposes we also use publicly available Personal Information about you (e.g. from your social media profiles).
We use Google Analytics to track and examine how our App is used and how we may improve them to enhance and improve our services. Google Analytics is an analysis service provided by Google Inc., located in the USA. In order to use Google Analytics, our App is sending anonymized information about your usage of our App to Google Analytics, where the data is aggregated and analysed to provide meaningful reports for us. We do not connect data from Google Analytics with any of your Personal Information. You can opt-out from our collection of data by Google Analytics at any time in the App's settings.
We can use your Personal Information for marketing purposes to provide you with offers about our products and services. By analysing your general contract information (3.1) and how our services are used we select which marketing information may be of specific interest for you. We might also send you promotional emails (in the EU: only for products similar to your purchases). At any time you can opt-out from the use of your Personal Information for marketing purposes as described under Section 8.1.
We will not use data relating to your health for marketing purposes.
If you enter a global sweepstake, contest, or competition we sponsor, we use your Personal Information to enable your participation.
3.9 Legal Basis (EU)
EU law obliges us to name the legal basis for the processing activities described in this chapter 3.
3.10.1 Performance of a contract: Most of our processing activities are necessary for the provision of our services (legally: performance of our contract with you - Sections 3.1 to 3.3, 3.5 to 3.7).
3.10.2 Consent: For geolocation data (Section 3.4) and for some marketing activities (Section 3.9) we require your prior explicit consent. As far as activity data (Section 3.2. above) may be considered health-related data we require your explicit consent for the processing.
3.10.3 Legitimate Interests: The processing for analytical (Section 3.8) and for marketing purposes is based on our legitimate interests.
3.10.4 Legal obligation: In some cases we process your Personal Information due to a legal obligation (for further information go to Section 6. below).
4. Can you share your Personal Information?
The App allows you to share Personal Information from the App on social networks like Facebook or transfer Personal Information to other apps like Apple Health or Google Fit. You can deactivate such an App data sharing using the settings of your App.
We do not control and do not assume any responsibility for the use of Personal Information by such third parties. For more information about the third party's purpose and scope of their use of Personal Information in connection with sharing features, please visit the privacy policies of such third party apps and their providers.
5. When do we share Personal Information?
We will share your Personal Information in the following cases.
5.1 Legal obligation and internal purposes
We disclose your Personal Information (i) in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements; (ii) in order to protect and defend the rights or property of us or third parties; or (iii) in an emergency, in order to protect the safety of our employees or any person.
Additionally in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation, or other similar corporate reorganization, your Personal Information may be part of the transferred assets. Where required by applicable law (such as in the EU) or the Privacy Shield Principles we will inform you about and ask for your permission for the transfer of your Personal Information.
5.2 Joint processing within Fossil Group
Your Personal Information will be combined with or connected to other Personal Information that Fossil Group companies have obtained about you (e.g. purchase details of your Device, other goods you have purchased on a company website). We will also make your data available to Fossil Group companies if required to provide warranty and other after-sale services to you (please visit www.fossilgroup.com for information about Fossil Group member companies). At this time your Personal Information is not being shared with our licensors, PRL USA, Inc. and The Polo/Lauren Company, L.P.
5.3 Sharing with third parties
We involve other companies for the provision of services or for hosting Personal Information. These companies are only permitted to use Personal Information on our behalf; they must not use such data for their own purposes except as permitted by law. Examples of subcontractors are hosting or other service providers such as Amazon Web Services, Inc. and Google Inc., and service providers we use for customer care such as Zendesk, Inc.
We contract with service providers using data enrichment technologies (this does not apply to the EU, where we only use data cleansing techniques, i.e. ensuring that your data such as your address are correct).
Provided your Personal Information is subject to the Privacy Shield agreement, we will remain liable that processing of Personal Information by service providers or subcontractors is consistent with our instructions, unless we are not responsible for such inconsistent processing. See Section 8 below for additional information related to the Privacy Shield agreement.
5.4 Sharing de-identified information with third parties
We may share aggregated and de-identified data (which is not associated with an individual's name or other personally identifiable information) collected through the App with third parties for any lawful purpose.
6. Children's online privacy protection
We do not knowingly collect, maintain, or use Personal Information via the App about children under the age of 14. Persons under the age of 14 may not use the App, and their request for accounts will be denied. If we become aware that a child under the age of 14 has sent Personal Information to us without prior parental consent, we will remove his or her Personal Information from our files. Please note that outside the US other age thresholds may apply.
7. How long do we store and how do we secure Personal Information?
We will retain your Personal Information as long as necessary to provide you with App and Device functionality and services but in any event only as long as your account is active. When you delete your account or we disable it after a time of inactivity and notification from us, we will also delete your Personal Information obtained from the App or Device from our systems (excluding any information we have de-identified).
However, to the extent necessary we may keep some of your Personal Information for legal reasons (e.g. tax law, the defense against, or the establishment of, legal claims, and in order to demonstrate that our processing complies with data protection law requirements). We also keep your opt-in or opt-out requests for marketing emails (even if such request is made in or through the App).
8. What are your rights?
8.1 Your rights
We encourage you to address any inquiries or concerns you may have regarding our use of your Personal Information by using the contact details provided in Section 11 below.
With or without contacting us you can, by simply changing your settings in the App, at any time withdraw your consent, where our processing is based on your consent, without affecting the lawfulness of processing based on consent before the withdrawal.
At any time you may opt out from receiving marketing notifications or emails. You can opt out of marketing notifications or emails by changing the settings in your App or sending us an email or mail to the addresses listed under Section 11 below. You may also unsubscribe from email marketing by using the unsubscribe link contained in an email from us.
8.2 Your additional rights provided by EU law
By contacting us as set forth in Section 11 below in the EU you may exercise your rights, including the right to request from us access to, correction of, deletion of, and restriction of the Personal Information we hold about you. You also have the right to data portability (to receive data you provided in a machine readable format).
You may at any time object to our processing based on legitimate interests and to receiving marketing notifications or emails as described above under 8.1.
If your Personal Information is subject to the Privacy Shield agreement, further rights are described in Section 9 below. Apart from this you have to right to lodge a complaint with the responsible data protection authority.
California law requires certain businesses to respond to requests from California residents asking about the disclosure of Personal Information to third parties for marketing purposes. Alternatively, such businesses may adopt a policy of not disclosing Personal Information to third parties for marketing purposes if a California resident opts-out. We have an opt-out policy as described under Section 8.1. If you wish to opt-out of our sharing your Personal Information for marketing purposes (either with companies related to us or if you previously consented to our sharing information with unrelated third parties for marketing purposes), please contact us by email or mail at the addresses in Section 11 below.
9. Data Storage in the U.S. and Privacy Shield
Personal Information we collect will be primarily stored in the United States with us and our cloud service providers in accordance with the EU – and Swiss – U.S. Privacy Shield Framework. To the extent permitted by applicable law (including EU law) we also use and transfer Personal Information in and to other countries and territories. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.
In order to provide an adequate level of protection according to EU laws, Fossil Group, Inc., complies with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of all personal information transferred from the EU, EEA member countries and Switzerland to the United States, respectively. Fossil has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. As a participant in the Privacy Shield, Fossil is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Fossil's certification, please visit https://www.privacyshield.gov/welcome. To view Fossil's certification on the Privacy Shield list, please visit www.privacyshield.gov/list. Fossil Group's subsidiaries, including Fossil Partners, LP and Misfit, Inc., also adhere to the Privacy Shield Principles.
If your Personal Information is subject to the Privacy Shield, and you do not believe Fossil has adequately addressed your privacy concerns, you can also address your concerns regarding the use of your Personal Information to the DMA free of charge as follows:
New York, NY 10018
To file a complaint/inquiry: https://thedma.org/resources/consumer-resources/privacyshield-consumers/
For information about the DMA and their Privacy Shield program visit: https://thedma.org/resources/consumer-resources/privacyshield-consumers/
In cases where the issue cannot be resolved by us or through the alternative dispute resolution proceedings you may invoke binding arbitration as further described in the Privacy Shield.
10. Changes to this Privacy Notice or how we use Personal Information
This Privacy Notice is effective as of May 25, 2018 and may be updated from time to time. We will notify you of material changes to our Privacy Notice by posting a prominent notice in the App, or by sending you an email or a notification in which we may also seek your consent. If your Personal Data is subject to the Privacy Shield, and if Fossil decides to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, we will notify you, and in the case of health related information, ask for your consent; or in all other cases, provide you with the opportunity to opt-out of our use of your Personal Information for that purpose.
11. Who we are and how to contact us
The App and Device are provided to you by Fossil Group, Inc., 901 S. Central Expy, Richardson, Texas 75080, USA.
Please contact us if you wish to opt-out of marketing notifications or emails or if you want to exercise your further rights via email at firstname.lastname@example.org or mail us at Fossil Group, Attention: Chris King, Chief Compliance & Risk Officer, 901 S. Central Expressway Richardson, TX 75080, USA. Please also contact us at either of these addresses if have any questions regarding privacy and data protection in connection with the App or Device.
Our EU representative is FESCO GmbH, Natzing 2, 83125 Eggstätt, Germany. You can either contact our EU representative sending an email to email@example.com or calling +49-89-7484 6815.
"Personal Information" is information that can be used either directly or indirectly (in combination with other information) to identify you, or something about you. Examples of Personal Information include your name, email address, Device serial number, your activities and other details we collect via the App or Device.
CHAPS Connected App ("App") is the app you install on your mobile device for the use of our services.
CHAPS Device ("Device") is a CHAPS wearable.