B2B Newsletter Subscription [en]

SWAROVSKI DATA PRIVACY NOTICE

Last modified on April, 2020.

This Data Privacy Notice describes the collection and further processing of personal data by companies of the Swarovski Group and its affiliates (together SWAROVSKI). In the event that the activities covered by this notice are governed by other data protection policies, are evident from the circumstances, or are governed by applicable laws outside of the European Union and the European Economic Area, then such applicable law and resulting policies shall control. The term personal data shall include all information relating to an identified or identifiable person.

This Data Privacy Notice describes in Section I processing of personal data by SWAROVSKI in general. Section II contains specific provisions for specific applications (e.g. online-shop, newsletter and banner advertisment) and Section III contains specific provisions for customer programs.

If you provide SWAROVSKI with personal data of other persons, for example data about the receiver of a gift, please provide their personal data to SWAROVSKI only if you are allowed to do so pursuant to applicable data protection laws and only if the other person would agree to you providing its personal data to SWAROVSKI for the purposes the data are collected and the processing of its personal data according to our data privacy notice.

I. GENERAL PROVISIONS

1. CONTROLLER, DATA PROTECTION OFFICER

Every website (including online-shops and mini sites for special offers), every presence on social media, multimedia portals, chatbots and every application of SWAROVSKI (each a WEBSITE) has a controller within SWAROVSKI with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) (or comparable provisions according to applicable data protection laws). Unless provided otherwise on the WEBSITE (according to the imprint, the terms of use, etc.) or under Section II and III below, Swarovski Crystal Online AG, Alte Landstrasse 411, 8708 Männedorf, Switzerland, is the controller for the Online-Shops www.swarovski.com and www.swarovskioptik.com and Swarovski Aktiengesellschaft, Dröschistrasse 15, 9495 Triesen, Liechtenstein, is the controller for the Swarovski Group website www.swarovskigroup.com.

The respective subsidiary or affiliate is the controller in the event SWAROVSKI communicates through other means of communication (such as email, letter, telephone, in person) and the communication does not fall within an activity for which SWAROVSKI has appointed a specific controller within this Data Protection Notice or otherwise.

Should a SWAROVSKI company or affiliate disclose personal data to another SWAROVSKI company or affiliate for certain purposes of the receiving company or affiliate, such company or affiliate is the controller. A list of the relevant companies and affiliates of SWAROVSKI can be found in ANNEX 1, which may be updated from time to time.

SWAROVSKI has not appointed a data protection officer according to article 37 GDPR save for SWAROVSKI companies and affiliates in Germany and Principality of Liechtenstein.

HOW TO CONTACT SWARVOSKI

If you want to exercise any of your rights regarding newsletter subscriptions, data access or data deletion, please do not hesitate to contact our Customer Care team, who will be happy to answer any questions you may have.

Any queries or concerns about our privacy policy or the processing of your personal data can also be addressed to The Group Data Privacy Team at dataprivacy@swarovski.com.

Alternatively, if you reside in Germany or Liechtenstein, you can contact:

The data protection officer for Germany at Swarovski (Deutschland) GmbH, Data Protection Officer, Hüttenstrasse 27, DE-87600 Kaufbeuren;
The data protection officer for Liechtenstein at Swarovski Aktiengesellschaft, Data Protection Officer, Dröschistrasse 15, FL-9495 Triesen.

The representative for all SWAROVSKI companies and affiliates domiciled outside of the EU or EEA is D. Swarovski KG, Legal Department, Swarovskistrasse 30, AT-6112 Wattens (pursuant to Article 27 of the GDPR).

2. PROCESSING OF PERSONAL DATA

SWAROVSKI collects and processes personal data of

users of SWAROVSKI registered WEBSITES;
users registered with a SWAROVSKI WEBSITE (e.g. if he or she creates a user account);
individuals purchasing and receiving/benefitting from products and services of SWAROVSKI;
potential or actual parties interested in products and services of SWAROVSKI;
recipients of SWAROVSKI newsletters;
participants in research campaigns and opinion surveys conducted by SWAROVSKI;
participants in courses, seminars and other trainings organized by SWAROVSKI;
users of WIFI provided at SWAROVSKI stores and other locations;
registered participants of customer loyalty programs or individuals purchasing or using customer loyalty programs of SWAROVSKI (CUSTOMER PROGRAM)

(together CUSTOMERS).

The personal data of CUSTOMERS is generally collected directly by SWAROVSKI during the course of using the WEBSITE, as well as in stores or at events of SWAROVSKI as well as through direct communication such as email, telephone or in any other way. Personal data can also be collected indirectly, such as through third party processors, (e.g., SWAROVSKI’s PARTNERS (as defined further below, including wholesalers, dealers, retailers, suppliers and further business partners such as customer services vendors). SWAROVSKI also collects data when the CUSTOMER making the purchase does not correspond with the person benefitting from the purchase or if the purchase is shipped to a different person (e.g. as a gift), based on the recommendation of a third party (e.g. recommendation by family or friends of the CUSTOMER) or through further acquisition of supplementary information from third party data sources (e.g. social media).

In particular, the following categories of personal data are processed by SWAROVSKI:

Personal data and contact information including but not limited to first and last name, maiden name, address, residence, telephone number, email address, age, date of birth, gender, marital status, relatives, contact in case of emergency, pictures;
Data pertaining to orders and purchases including but not limited to payment information, credit card details and other payment details (in accordance with other laws and regulations), billing and shipping address, products and services ordered and purchased, information and queries and complaints relating to products and services, or respective contracts entered into such as warranty claims, after sales services, repairs, customer care and services, rescissions and disputes;
Data in connection with product and services marketing including but not limited to information relating to newsletter and other communication channels, opt-ins and opt-outs, invitations to and participations at events and special activities (as far as they are not part of a customer loyalty program), personal preferences and interests, and customer segmentation information;
Data concerning the use of the WEBSITE including but not limited to the IP address and other user identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), date and time of WEBSITE visits, visited sites and contents, and referring websites;
Data in connection with communication including but not limited to preferred means of communication, correspondence and communication with SWAROVSKI (including records of the communication);
Data which was collected in connection with a customer program including but not limited to membership numbers, access codes (including passwords), preferred language, number of gift certificate, date and duration of the membership, payment information of the CUSTOMER or a potential third party, information concerning the recipient of a gift, number of visits of the WEBSITE, purchase history, products acquired (all WEBSITE accounts, activities and events for which a CUSTOMER must register with his or her personal data and thus enter into a contract with SWAROVSKI shall be deemed a customer program for the purposes of this policy, other than traditional customer loyalty programs);

together CUSTOMER DATA.

In addition, SWAROVSKI collects:

Data of users of the WEBSITE, who do not register with SWAROVSKI (VISITOR) but may constitute personal data for example with social media (VISITOR DATA), the provisions of this notice regarding data collected from a CUSTOMER in connection with the use of the WEBSITE shall apply accordingly even though the identification of a VISITOR usually is not possible for SWAROVSKI;
Information pertaining to employees and other individuals acting on the part of wholesalers, dealers, retailers, suppliers and further business partners of SWAROVSKI (hereinafter natural persons shall be referred to as PARTNERS, their data as PARTNER DATA) including but not limited to contact details, information regarding their function, information relating to the previous contact with these individuals, data regarding marketing activities (e.g. receipt of newsletters), information regarding business transactions, requests, offers, tenders, conditions and contracts, information related to professional or other interests of the individuals.

Within the framework of their business relationship, CUSTOMERS will be required to provide CUSTOMER DATA necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or if required by law. Without these data, SWAROVSKI will generally not be able to conclude or execute the contract with the respective CUSTOMER. This also applies analogously to the PARTNER DATA as far as business relations with the wholesalers, dealers, retailers, suppliers and business partners of SWAROVSKI are concerned; contracts in principle cannot be concluded and processed without information on their employees and other contacts. As any access to the WEBSITE is logged, connection data (such as the IP address) will always be logged; this is done automatically during the use and cannot be deactivated for individual VISITORS, CUSTOMERS or PARTNERS.

3. PURPOSE OF PROCESSING AND LEGAL GROUNDS

3.1. PURPOSE of the processing

In accordance with applicable law, SWAROVSKI may process CUSTOMER DATA for all lawful PURPOSES including but not limited to the following:

In connection with services offered, conclusions of contracts (for example purchases), executions of contracts (for example purchase contracts and contracts regarding the participation at customer programs and events), maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials);
Management of the users of the WEBSITE and other activities in which CUSTOMERS participate, operation and enhancement of the WEBSITE (including the provision of functions which require identifiers or other personal data) and additional IT systems and identity verifications;
protection of CUSTOMERS, employees and other individuals and protection of data, secrets and assets of and entrusted to SWAROVSKI, and the protection of the safety of systems and premises of SWAROVSKI;
compliance with legal and regulatory requirements, including the internal rules of SWAROVSKI, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities;
sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of CUSTOMER DATA associated therewith; and
for other lawful purposes where such processing was evident from the circumstances or indicated at the time of the collection.

(together the PURPOSE OF CUSTOMER DATA PROCESSING).

3.2. LEGAL GROUNDS of processing

SWAROVSKI uses the CUSTOMER DATA for the PURPOSE OF CUSTOMER DATA PROCESSING based on the following LEGAL GROUNDS:

performance of contracts;
compliance with legal obligations of SWAROVSKI;
consent of the CUSTOMER (only insofar as the processing is based on a specific query and can be withdrawn at any time, for example the receipt of newsletters for which the CUSTOMER has registered for);
legitimate interests of SWAROVSKI, including but not limited to
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as e.g. individuals receiving a gift);
- advertising and marketing activities;
- efficient and effective customer support, maintenance of contact and other communication with CUSTOMERS outside of the processing of contracts;
- understanding CUSTOMER behavior, activities, concerns and needs, market studies;
- efficient and effective improvement of existing products and services and development of new products and services;
- efficient and effective protection of CUSTOMERS, employees and other individuals as well as protection of data, secrets and assets of or entrusted to SWAROVSKI, protection and safety of systems and premises of SWAROVSKI;
- maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the WEBSITEs and other IT systems;
- reasonable corporate governance and development;
- successful sale and acquisition of business units, companies or parts of companies and other corporate transactions;
- compliance with legal and regulatory requirements and internal rules of SWAROVSKI;
- concerns regarding the prevention of fraud, offences and crimes as well as investigation in connection with such offences and other improper conduct, handling of claims and actions against SWAROVSKI, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions.

In accordance with applicable data protection laws, SWAROVSKI may process VISITOR DATA for the purpose of maintaining and developing the WEBSITE (including the provision of functions which require identifiers or other personal data), for statistical analysis regarding the use of the WEBSITE as well as for combating abusive conduct, for purposes of legal investigations or proceedings and for the response to inquiries of public authorities. The VISITOR DATA shall be processed in accordance with the principles set out for CUSTOMER DATA above.

In accordance with applicable data protection laws, SWAROVSKI may process PARTNER DATA for the purpose of entering into and performance of contracts and other business relationships with PARTNERS, promotions, advertisement and marketing, communication, invitation to events and participation in promotions for PARTNERS, organization of joint activities, compliance with legal and regulatory requirements and internal rules of SWAROVSKI, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities, for the sale or acquisition of business units, companies or parts of companies and other corporate transaction and related transfers of PARTNER DATA. The PARTNER DATA shall be processed in accordance with the principles set out for CUSTOMER DATA above.

All the purposes of processing shall be applicable for the whole SWAROVSKI Group, i.e. not only for the company which initially collected the personal data. Personal data of CUSTOMERS, VISITORS and PARTNERS is collected for the purpose of all SWAROVSKI companies subject to this data privacy notice, any other policies developed by SWAROVSKI and pursuant to applicable data protection laws.

4. TRANSFER AND DISCLOSURE OF DATA

In accordance with applicable data protection laws, SWAROVSKI may transfer CUSTOMER DATA, VISITOR DATA and PARTNER DATA to the following categories of third parties who process PERSONAL DATA in accordance with the PURPOSE OF DATA PROCESSING on behalf of SWAROVSKI or for their own purposes:

service providers (within SWAROVSKI as well as external), including processors;
wholesalers, dealers, retailers, suppliers and other business partners;
customers of SWAROVSKI;
local, national and foreign authorities;
media;
the public including visitors of WEBSITES and social media of SWAROVSKI;
industry organizations, associations, organizations and other committees;
acquirers or parties interested in acquiring business units, companies or other parts of SWAROVSKI;
other parties in potential or actual legal proceedings;
other Group companies of SWAROVSKI.

(together THIRD PARTIES).

SWAROVSKI may disclose CUSTOMER DATA, VISITOR DATA and PARTNER DATA within SWAROVSKI as well as to THIRD PARTIES and in every country worldwide, including namely all countries in which SWAROVSKI is represented by Group companies, affiliates or other offices and representatives (see ANNEX 2, as updated from time to time) as well as to countries in which service providers of SWAROVSKI process their data (see ANNEX 2, as updated from time to time). If data is disclosed to countries that do not guarantee adequate protection, SWAROVSKI will ensure adequate protection of data disclosed of CUSTOMERS, VISITORS or PARTNERS by putting adequate contractual guarantees in place, (e.g., on the basis of EU standard clauses), binding corporate rules, on the basis of the EU-U.S. and the Swiss-U.S. Privacy Shield Framework for transfers to THIRD PARTIES based in the U.S., or transferring data pursuant to consent, conclusion or performance of a contract, or in connection with the determination, exercise or enforcement of legal claims, or pursuant to overriding public interests, or in order to protect the integrity of these individuals. The CUSTOMER, VISITOR or PARTNER can obtain a copy of the contractual guarantees from or will be advised where to obtain such copies by the contact points named above (see para. 1 above). SWAROVSKI reserves the right to redact such copies for applicable legal or secrecy reasons.

5. RETENTION OF DATA

In general, SWAROVSKI retains personal data for no longer than it is necessary for the purposes for which the personal data are processed. Notwithstanding the general principle, SWAROVSKI may process personal data for longer periods subject to the following rules and obligations: SWAROVSKI retains personal data as long as SWAROVSKI (i) is obligated to do so (by way of contract, law or other provisions) or (ii) has an overriding interest (e.g. an interest for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements, an interest in non-personalized analysis). Deviating rules are reserved with respect to anonymization or pseudonymization of personal data subject to applicable law.

As a rule for contract related CUSTOMER DATA and PARTNER DATA (including business records and communication) SWAROVSKI retains personal data as long as the contractual relation is ongoing and for ten years after the termination of the contractual relationship unless (i) a shorter or longer statutory storage obligation is applicable on a case-by-case basis, (ii) the retention is required for reasons of proof or another valid reason based on applicable law, or (iii) the deletion of the data is required earlier (because e.g. the data is no longer required or SWAROVSKI is required to delete the respective data).

As a rule for operational data containing CUSTOMER DATA, VISITOR DATA or PARTNER DATA (e.g. protocols, logs), Swarovski retains personal data for a period of 3 - 12 months.

6. COOKIES, GOOGLE ANALYTICS AND SOCIAL PLUG-INS

SWAROVSKI uses cookies on its WEBSITE. Cookies are a widespread technique that allocates an identification to the browser of the user of a WEBSITE which the user saves and shows upon request. On the one hand, SWAROVSKI uses session cookies which are automatically erased when the user closes the WEBSITE and which enable the server to establish a stable connection to the user (so that the content of a shopping basket is not lost, for example) as long as he or she browses on the WEBSITE. On the other hand, SWAROVSKI also uses permanent cookies which are only erased after a period defined per WEBSITE. Permanent cookies allow the saving of certain settings (e.g. language) for several sessions or allow for an automated log-in. The user consents to the application of permanent cookies through the use of the WEBSITE and the respective functions (e.g. language settings and automated log-in). The user may block or delete the application of cookies on his or her browser but this activity may impair the use of the WEBSITE.

In accordance with applicable law, SWAROVSKI may install coding in newsletters and other marketing email which allow it to determine if the recipient has opened an email or downloaded pictures contained in the email. However, the recipient may block this application in his/her email application. In any case he/she consents to the application of this technology by way of receiving newsletters or other marketing related emails.

In the event that SWAROVSKI places advertisements of third parties on the WEBSITE (e.g. banners) or places an own ad on the website of a third party, cookies from companies specializing in the use of such advertisement may be employed. SWAROVSKI will not disclose personal data to such companies, i.e. they shall only place a permanent cookie with users of the WEBSITE in order to recognize users and do so in the sole interest of SWAROVSKI. This allows SWAROVSKI to place aimed advertisements for these individuals on external third party websites (e.g. in connection with products for which these individuals showed an interest in the online-shop). SWAROVSKI will not disclose personal data to the operators of external websites.

SWAROVSKI may use Google Analytics or similar services on its WEBSITE. These applications are third party services which allow SWAROVSKI to measure and analyze the use of its WEBSITE. The provider of these services may be located in any country worldwide (in the case of Google Analytics which is operated by Google Inc. it is the U.S., www.google.com). The service provider uses permanent cookies for these applications. SWAROVSKI will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the WEBSITE by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the service provider may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider's responsibility and data shall be processed pursuant to data protection and privacy laws and according to the data protection policies of the service provider (for Google see policies.google.com/privacy). The service provider will provide data on the use of the WEBSITE to SWAROVSKI.

In addition, SWAROVSKI may use plug-ins from social media networks such as Facebook, Twitter, Youtube, Google+, Pinterest or Instagram on its WEBSITE. In the default setting of the WEBSITE plug-ins are deactivated; the user can thus choose when to activate them. Should the user do so, the social media providers are able to establish a direct connection to the user during his or her visit on the WEBSITE, which allows the provider to be aware of the user's visit and may analyze the respective information. The subsequent processing of the personal data will be conducted in the responsibility of the social media provider pursuant to data protection and privacy laws and according to its data protection policies published on its website (such as www.facebook.com/; www.twitter.com/; www.youtube.com/; www.google.com/; www.pinterest.com/; www.instagram.com/).

You can find more information about Cookies used by SWAROVSKI and how to manage your Cookie settings on our WEBSITE.

7. RIGHTS OF THE CUSTOMER, VISITORS AND PARTNERS

Any affected individual, including any CUSTOMER, VISITOR and PARTNER, may request information from SWAROVSKI as to whether data concerning them is being processed. In addition, they have the right to request the correction, destruction or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected individual may withdraw consent at any time. In countries of the EU and EEA the affected individual may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer. Request in this respect shall be submitted to the contact point (see para. 1 above). SWAROVSKI reserves the right to restrict the rights of the affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.

In the event that SWAROVSKI makes an automated decision with respect to a certain individual which may have a legal effect for the affected individual or seriously affect him or her in a similar way, the affected individual shall have, in accordance with applicable law, the right to communicate with a controller of SWAROVSKI and to request a reconsideration of the decision or to request the prior evaluation by the controller. In this case the affected individual may no longer be able to use certain automated services. The individual will be informed thereof subsequently or separately in advance.

Any affected individual may also raise a complaint with the competent data protection authority, which in the case of a SWAROVSKI controller in Switzerland is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch), the SWAROVSKI controller in the Principality in Liechtenstein is the Data Protection Office (Amtstelle Datenschutzstelle, in the Principality in Liechtenstein (https://www.llv.li/), the SWAROVSKI controller in Austria is the Austrian Data Protection Authority in Austria (https://www.dsb.gv.at/). In all other cases a list can be found here.

8. CHANGES TO THE DATA PRIVACY NOTICE

SWAROVSKI reserves the right to amend this Data Privacy Notice at any time and without prior notice or announcement. The latest version posted on the SWAROVSKI WEBSITE shall be applicable.

Should the Data Privacy Notice form part of an agreement with CUSTOMERS and PARTNERS, SWAROVSKI may inform them of an update or amendments by email or in another appropriate manner. The amendments shall be deemed to have been accepted unless an objection is raised within 30 days of notification. In case of objection SWAROVSKI shall be free to terminate the agreement exceptionally and with immediate effect.

II. SPECIFIC PROVISIONS

The following provisions shall supplement the general provisions in Section I for certain activities of SWAROVSKI. In the event there is any inconsistency, the following provisions shall control.

1. ONLINE-SHOPS

The creditworthiness of CUSTOMERS may be evaluated automatically in online-shops in order to offer the purchase on account based on this decision. In this case the credit rating is evaluated on the basis of information from an external credit rating agency, which will provide SWAROVSKI with a credit score of the respective CUSTOMER. The agency will calculate the score based on a secret formula based on data on the payment history of the CUSTOMER, its debt and insolvency history and possible limitations of its legal capacity. Should the score be below a certain threshold no payment by invoice will be offered. In this event the CUSTOMER may contact the contact person shown on the imprint of the respective website of the online-shop if he/she is not ready to accept the decision.

Online shops of SWAROVSKI may automatically decide whether to enter into purchase agreements. However, SWAROVSKI does not deem this an automated individual decision (according to article 22 of the GDPR). In the event the CUSTOMER does not wish such an automated entering into an agreement, it has the option to purchase products and services from SWAROVSKI physical stores.

2. PARTNERS, INCLUDING WHOLESALERS, RETAILERS, DEALERS, CUSTOMER SERVICE VENDORS ETC.

As previously indicated, CUSTOMER DATA, PARTNER DATA and VISITOR DATA is generally collected directly by SWAROVSKI but also indirectly, (e.g. when SWAROVSKI requests THIRD PARTIES to act as processors, such as SWAROVSKI’s PARTNERS). In these cases, SWAROVSKI’s PARTNERS process personal data on behalf and under instruction of SWAROVSKI and are bound by specific processor agreements covering the terms and conditions of their duties in a manner to ensure the protection of the rights of our CUSTOMERS, PARTNERS and VISITORS and the processing and security of their personal data in accordance with applicable data protection laws.

3. NEWSLETTER AND BANNER ADVERTISEMENT

SWAROVSKI may send newsletters or other commercial communications in connection with its products and services to CUSTOMERS and PARTNERS. In accordance with applicable law, SWAROVSKI reserves the right to do so without prior consent of existing customers and business partners. However, the respective customers and business partners may object to a further mailing of newsletters or other commercial communications at any time through their account on the respective WEBSITE or through the link indicated in every mailing. However, the termination of one newsletter may not entail the termination of other newsletters.

SWAROVSKI reserves the right to place personalized advertisement during WEBSITE visits. Such banner advertisements displayed to the CUSTOMER contains products offered on the WEBSITE which have previously been looked at by the CUSTOMER. The advertisement is generated by SWAROVSKI by the means of cookies (see Section I para. 6 above).

4. SWEEPSTAKES and other PROMOTIONAL ACTIVITIES

The following provisions shall be applicable for the processing of data by SWAROVSKI in connection with customer SWEEPSTAKES and other PROMOTIONAL ACTIVTIES.

The data in connection with the SWEEPSTAKE and other promotional activties is processed by (i) the controller of the respective local Swarovski company which sponsors, promotes and organizes the sweepstake and as the case may be by (ii) Swarovski Aktiengesellschaft, Dröschistrasse 15, 9495 Triesen, Liechtenstein, as a joint controller. Other companies and affiliates of SWAROVSKI may however use the collected personal data for their purposes according to Section I para. 3 above.

With respect to SWEEPSTAKE and other PROMOTIONAL ACTIVITES, SWAROVSKI processes the personal data of participants according to Section I para. 2 above. for the purposes listed under that respective provision, and in particular also for the following purposes in accordance with applicable laws:

carrying out the competition;
contacting winners;
publication of the contact details of the winners
promoting winners on social media, and
other promotional and marketing activities.

Further information regarding the SWEEPSTAKE and OTHER PROMOTIONAL ACTIVTIES can be found in the specific terms and conditions applicable to each SWEEPSTAKE and PROMOTIONAL ACTIVTIY, as published and organized from time to time.

5. VIDEO SURVEILLANCE

Some premises and offices of SWAROVSKI are under video surveillance. The controller of personal data collected on surveillance recordings with respect to collecting personal data according to the GDPR and provisions other applicable local data protection laws (collectively as: “Data protection laws”) is the SWAROVSKI entity indicated in the SWAROVSKI premises. The purposes and the legal basis for the processing of the personal data collected are described in Section I para. 3– including the processing by other companies and affiliates of SWAROVSKI according to Section I para. 4. Personal data shall not be used by SWAROVSKI for the purposes of making decisions automatically, including profiling. In general, SWAROVSKI retains personal data for no longer than it is necessary for the purposes for which the personal data are processed. Recordings are overwritten after a lapse of a short period of time in accordance with the applicable Data protection laws unless they include events that could be potentially subject of legal claims. In such a case personal data shall be processed for a period of limitation of any claims

III. SPECIFIC PRIVACY NOTICE FOR CUSTOMER PROGRAMS

The provisions in this Section III shall specify the general provisions in Section I regarding customer programs of SWAROVSKI.

1. SWAROVSKI CRYSTAL SOCIETY (SCS)

The following provisions shall be applicable for the processing of data by SWAROVSKI in connection with the customer loyalty program Swarovski Crystal Society (SCS).

a. RESPONSIBLE for the Personal Data (Controller)

The PERSONAL DATA in connection with the membership at SCS is processed by two joint controllers, in particular (i) the controller of the respective local Swarovski company which issues the membership according to the application form and which receives the membership fees, and (ii) the controller of Swarovski Aktiengesellschaft, Dröschistrasse 15, 9495 Triesen, Liechtenstein. Other companies and affiliates of SWAROVSKI may however use the collected PERSONAL DATA for their purposes according to Section I para. 3 above.

b. Processing of PERSONAL DATA and SOURCE

SWAROVSKI collects and retains the personal obligatory data provided on the SCS application form (including but not necessarily limited to the title, name, contact details, birth date, pre-existing SCS membership number, language preference, order information, as well as the name, contact details and SCS membership number of the gift giver, where applicable) by the SCS Member him or herself or by the person that buys the SCS Membership as a gift and provides SWAROVSKI with the PERSONAL DATA of the SCS Member (“Form Data”).

SWAROVSKI receives such PERONAL DATA from the points of sale where the membership is ordered and paid. It assigns to each new SCS Member, a unique membership number, tracks the membership start and renewal dates, service and mailing options chosen by the SCS Member, services provided (including gifts sent), and, as the case may be, further data about the SCS Member's use of the Swarovski Group's online offerings and mailings (e.g., newsletter open rate, click rate, visited online web pages, social media interactions), interaction variables (such as click rates, time of interaction or social media interaction).

SWAROVSKI may also process payment information, directly or through a third party, where necessary for the payment of SCS Membership fees. Additionally, SWAROVSKI records the purchase history of each SCS Member, in the form of items purchased (product designation, price) and place and time of purchase.

The purchase history is recorded only if the SCS Membership number is communicated at the checkout for purchases in stores offering the SCS program. Where SWAROVSKI believes that two different SCS Memberships belong to the same individual, or where a valid request is received, SWAROVSKI may merge them.

c. PURPOSE of processing

SWAROVSKI collects and processes the PERSONAL DATA of members of the customer loyalty program according to Section I para. 2 above and as specified below for the PURPOSES listed under that respective provision, and in particular also for the following PURPOSES:

• administration of SCS memberships;
• operation of SCS, namely personalized offers and communications regarding products and services of SWAROVSKI, providing of advantages and awarding special conditions, participating in surveys, requiring feedback and act in social media.

The PERSONAL DATA collected is used by SWAROVSKI to administer and manage the Membership (including also for accounting and payment purposes), to provide the Member with the benefits and other services that come with the Membership (the legal basis for this is the Membership) and to provide the SCS Member with commercial communications (such as newsletters, product information, services and exclusive offers of the Swarovski Group) by e-mail, mail, mobile messaging or a phone call based on the contact information provided by the Member (for which SWAROVSKI relies on the SCS Member's consent). In all these cases, SWAROVSKI may personalize the information sent to the Member so that the Member particularly receives, where possible, information which SWAROVSKI considers interesting for the Member. For this purpose, SWAROVSKI analyses the Form Data (and in particular, information as to age, sex, interests and preferences) and other information that can be gleaned from the purchase history or has been given to SWAROVSKI by the SCS Member voluntarily at any later time. Furthermore, SWAROVSKI may use the PERSONAL DATA for compliance with its legal obligations and, where it has a legitimate interest, for statistical and research purposes, including for better understanding of SCS Members, consumer and market analysis, improvements to the SCS Program and the development of new products and services.

d. DISCLOSURE of Personal Data

In the course of processing PERSONAL DATA in connection with SCS, SWAROVSKI may namely disclose data to the following categories of recipients:

• PARTNERS, including business, marketing and promotion partners (including social media partners) and all participating retail shops or other authorized specialists dealers, irrespective of whether the company is run by SWAROVSKI or another sales or cooperation partner; whereas these stores may be located within any country worldwide and they may use data received from SWAROVSKI only for the purpose of operating SCS, including personalized offers to and communication with Members on behalf of SWAROVSKI;

• to a SWAROVSKI company to whom the processing of data (operation of the database) regarding SCS has been outsourced in technical respect (processors).
Each recipient may be located in a country without an adequate level of data protection. If that is the case, SWAROVSKI will ensure an adequate level of protection according to Section I para. 4 above.

e. RIGHTS of Data Subjects

SCS Members and membership gift givers are entitled at any time to ask SWAROVSKI for information relating to their saved personal data, and other information as provided for by applicable data protection law. Further information about the RIGHTS of SCS Members is provided in Section I para. 7 above.

f. DATA RETENTION

PERSONAL DATA will be held and used for the duration of the Membership; thereafter, it will be retained as long as necessary for the aforementioned purposes, but not for more than five years, unless required for legal reasons. The purchase history is generally recorded for five years. As exception to this rule, the purchase history on SCS exclusive products will be kept during the entire duration of the Membership in order to recognize member life-time value to the Society.

Should a SCS Member not wish to have his or her SCS exclusive product history stored above 5 years, he/she can request deletion by contacting Customer Relations informing of his/her explicit wish to have this history deleted.

Further information regarding SCS can be found in the General Terms and Conditions of the customer loyalty program on www.swarovski.com.

2. SWAROVSKI CLUB

The following provisions shall be applicable for the processing of data by SWAROVSKI in connection with the customer loyalty program Swarovski Club.

a. RESPONSIBLE for the Personal Data (Controller)

The PERSONAL DATA in connection with the membership of Be Swarovski is processed by two joint controllers, in particular (i) the controller of the respective local SWAROVSKI company which issues the membership according to the sign-up form, and (ii) the controller of SWAROVSKI Aktiengesellschaft, Dröschistrasse 15, 9495 Triesen, Liechtenstein. Other companies and affiliates of SWAROVSKI may however use the collected PERSONAL DATA for their purposes according to Section I para. 3 above.

b. Processing of PERSONAL DATA and SOURCE

SWAROVSKI collects and retains the personal obligatory data provided on the Swarovski Club sign-up form (including but not limited to: title, name and address, and e-mail address) plus any personal data provided voluntarily by Swarovski Club Members on the member page: date of birth as well as styles/interests (e.g. in Jewellery and Accessories, Home and Style, Wedding, Figures and Collectables and/or Watches, Classic style) (“Form Data”). Swarovski also saves data on Members’ purchase history in the form of items purchased (product designation, price, discount), place and time of purchase and membership number. The purchase history is recorded if the Swarovski Club membership number is communicated at the checkout for purchases in stores participating in Swarovski Club program. In the online store Members’ purchase history is recorded if the membership number is quoted when making a purchase or the Member makes a purchase when logged into an online account associated with a Swarovski Club membership. Swarovski also collects and saves all vouchers sent to the Swarovski Member and, as the case may be, further data about the Swarovski Club Member's use of the Swarovski Group's online offerings and mailings (e.g., newsletter open rate, click rate, visited online web pages, social media interaction). Where Swarovski believes that two different Swarovski Club Memberships belong to the same individual, or where a valid request is received, Swarovski may merge them.
At the start of their membership, Members receive an e-mail containing a link to an overview of all currently participating stores in the Swarovski Club program. This overview of participating stores is also available to view online at swarovski.com/club.

c. PURPOSE of Processing

As far as Swarovski Club is concerned, SWAROVSKI namely collects and processes the PERSONAL DATA of Members of the customer loyalty program according to Section I para. 3 above and as specified below for the PURPOSES listed under that respective provision, and in particular also for the following PURPOSES:
• administration of Swarovski Club memberships;
• operation of the Swarovski Club, namely personalized offers, advice and communications regarding products and services of Swarovski, providing of advantages and awarding special conditions (e.g. vouchers), invitations to special events and promotions reserved for members, participating in surveys, requiring feedback and act in social media.

The PERSONAL DATA collected is used by SWAROVSKI to administer and manage the membership (including also for accounting purposes), to provide the Member with the benefits and other services that come with the Membership (the legal basis for this is the Membership).

In participating stores, the Swarovski Club allows Members to take advantage of an extended customer advice in which, upon presentation of the membership number, the store employee can call up the Member’s purchase history data and provide the Member with additional sales advice based on his or her past purchases, style/interests selected or wish list.

On presentation of the Swarovski Club membership number, e-mail address or the Member’s name and date of birth (or another unique authentication attribute), the relevant store employee has access to the relevant Member’s saved purchase history data and wish list.

SWAROVSKI may also use the PERSONAL DATA to invite selected Members to special events and promotions, such as the presentation of new products or discount promotions. In addition, SWAROVSKI also uses the PERSONAL DATA to send Members birthday congratulations.

SWAROVSKI also uses the data collected in the purchase history to grant Members membership benefits in the form of Discount or Loyalty Gift vouchers. Based on the data saved in the purchase history, SWAROVSKI evaluates what type of voucher the Member is granted.

If a Member has given SWAROVSKI his or her consent, SWAROVSKI may send the Member further information about SWAROVSKI, product information, services and exclusive offers by e-mail or in any other way chosen by SWAROVSKI. Based on the Form Data and the purchase history reported by participating stores, interaction variables (such as click rates, time of interaction or social media interaction), style/interests selected as well as other information voluntarily disclosed to SWAROVSKI by the Swarovski Club Member, SWAROVSKI may personalize the information sent to the Member so that the Member particularly receives, where possible, information which SWAROVSKI seems interesting for the Member. For this purpose, SWAROVSKI analyses the Form Data collected at the start of Membership and, in particular, takes account of the saved information relating to age, sex, interests and preferences, interaction variables as well as the vouchers received, and other information that can be gleaned from the purchase history or has been given to SWAROVSKI by the Member voluntarily at any later time.

d. DISCLOSURE of Personal Data

In the course of processing PERSONAL DATA in connection with Swarovski Club, SWAROVSKI may namely disclose PERSONAL DATA to the following categories of recipients:

• PARTNERS, including business, marketing and promotion partners (including social media partners) and all participating retail shops or other authorized specialists dealers, irrespective of whether the company is run by SWAROVSKI or another sales or cooperation partner; whereas these stores may be located within any country worldwide and they may use data received from SWAROVSKI only for the purpose of operating Swarovski Club, including personalized offers to and communication with Members on behalf of SWAROVSKI;

• to a SWAROVSKI company to whom the processing of data (operation of the database) regarding Be SWAROVSKI has been outsourced in technical respect (processors).
Each recipient may be located in a country without an adequate level of data protection. If that is the case, SWAROVSKI will ensure an adequate level of protection according to Section I para. 4 above.

e. RIGHTS of Data Subjects

Swarovski Club Members are entitled at any time to ask SWAROVSKI for information relating to their saved personal data, and other information as provided for by applicable data protection law. Further information about the RIGHTS of Swarovski Club Members is provided in Section I para. 7 above.

f. DATA RETENTION

PERSONAL DATA will be held and used for the duration of the Membership; thereafter, it will be retained as long as necessary for the aforementioned purposes, but not for more than five years, unless required for legal reasons. The purchase history is recorded for five years.

Further information regarding Swarovski Club can be found in the General Terms and Conditions of the customer loyalty program on www.swarovski.com.