Your privacy is very important for DE GRISOGONO (“we”, “us” or “our”). This document (the “Privacy Policy”) serves to inform you about how we collect, store and process the personal information we might collect through your interactions with our team, boutiques, online platforms and other channels.

DE GRISOGONO’s Cookie Policy is a supplement to this document, and serves to describe what a cookie is, what we can do with them, and how you can accept or refuse our cookies when accessing one of our online platforms.

This Privacy Policy applies to DE GRISOGONO S.A., with registered offices at chemin du Champ-des-Filles 39, 1228 Plan-les-Ouates, Switzerland, together with all its entities and subsidiaries (referred to as “the DE GRISOGONO group”).

Please read this Privacy Policy carefully to understand our practice and principles applied to the processing of your personal data. If you have questions about this policy please contact us at privacy@degrisogono.com

I. Acceptance of the Privacy Policy and consent

This Privacy Policy details the conditions at which we may collect, keep, use and save information that relates to you, as well as the choices that you have in relation to the collection, utilization and disclosure of your personal data.

By using our website, reaching to us, registering as a client or otherwise providing us with your personal data, you agree with the principles and rules set out in this Privacy Policy, which shall apply to any such case. In this context, we may collect and process a certain number of personal data relating to you. You acknowledge that you have read and understood this Privacy Policy and agree to be bound by it and to comply with all applicable laws and regulations. You also acknowledge that you have read and understood any terms of use that apply to our website, as well as any general conditions and terms concerning our client program, and agree to be bound by them.

The fact that you reach out to us as mentioned above, whatever the mean, forms a valid consent to any and all processing of data as described and detailed in this Privacy Policy. You may withdraw your consent at any time, and request that we cease to process your data and/or delete it, although this will not affect the validity of any earlier processing. Please note however that we may have an alternative legal basis for processing your personal data, especially as soon as you access our website in relation to the data that is gathered for the good functioning of it.

If you do not agree to this Privacy Policy or otherwise fail to provide some of the necessary personal data to us (especially should you not provide all information that would be required from you), (a) you must not use our website or become a registered client and (b) we may not be able to provide you with our goods and/or services.

II. Personal data we collect

We may collect different types of information from or about you depending on the purpose and manner with which you interact with us. This personal data may be collected by us through (i) their transmission by yourself, (ii) your use of our website or other applications, or (iii) through social media.

a. Personal data communicated by you
When you reach out to us, whatever the mean, you may be asked to supply us with the following information and/or decide yourself to communicate us such information:
• Personal details: e.g. name, address, email address, geographic location, telephone number
• Demographic information: e.g. date of birth, ring size (should this information be pertinent, especially upon ordering a ring), gender and nationality
• Personal preferences: e.g. language preference, favorite collection and leisure interests
• Purchase and after sales history: e.g. documents required by anti-money laundering laws, documents required for our accounting and billing
• Credit card information, in particular credit card number and cardholder name
• Correspondence with us and our advisors: e.g. customer feedback or testimonials
• Responses to surveys that we might ask you to complete on a free-choice basis

This information is essentially used to set up and manage your client account with us, the following of your purchases and/or any order that you may have placed or otherwise done with us, as well as to contact you. It is also used to better identify your preferences and wishes in relation to products we offer.

Personal data that is indispensable for us to fulfil the purposes that are described in this Privacy Policy is marked with an asterisk on the various pages of the websites and/or underlined as required. Should you not fill in these mandatory fields or otherwise provide us with this information, we may not be able to take care of your demands and/or provide you with the requested products and services. Other personal data you would communicate to us is purely optional – it especially allows us to know you better and to improve our communications and services accordingly.

We may also collect data from publicly available sources, which shall be considered as data having been communicated by you.

b. Personal data collected through our website, e-mails or other applications
When you access, visit or browse our website, or receive and/or answer to E-mails from us, the Web server automatically registers details of your access and actions. This includes information about your activity on and interaction with our websites and/or E-mail, such as your IP address, your device or browser type, the webpage you visited before coming to the websites and identifiers associated with your devices, as well as any log information. Depending on its settings, your device may also transfer us location information, which may be used by us to customize, improve and protect our websites, e.g. to determine local language preferences or to geotag a post.

Please refer to our Cookie Policy for any details surrounding the use of cookies.

c. Personal data collected from social networks
When you authorize a third party social network (Facebook, Instagram, etc.) to share information and data with us, we may receive any data that you publicly share on the social network as well as any information that is part of your profile or that you allow the social network to share (name, electronic address, gender, profile picture, user code, list of friends or contacts, etc.).

We also receives information pertaining to your profile when you use a social network functionality integrated to our websites or that you interact with us through the social network (e.g. through comments posted on our Instagram or Facebook pages, private messages, etc.). You should at all time be aware of the terms of use and privacy policy that applies to the third party social network and are of its exclusive responsibility.

III. How we collect that information

This Privacy Policy applies to any information we may collect from or about you from the following sources:
• Any written or oral conversations or interaction between you and us (e.g. through E-mail or personal messaging, telephone, call centers, person-to-person in a boutique, person-to-person during events or fairs, postal mail, etc.)
• Website and social media platforms visit, traffic and postings
• Printed forms or tablet apps (basically when you collect data on ipad)
• Data shared publicly on social networks (for example, when you like one of our posts)
• Third parties (e.g. social media platforms, credit risk assessment firms)
• Other possible sources when applicable, including through publicly available information as well as the use of CCTV cameras

IV. How we may use that information

We collect and use the above mentioned information for the purposes listed below. Please note that not all purposes apply to everyone, but depend on the type of relationship/interactions you have with us:
• Processing orders/ purchases (including VAT refund requests)
• Providing after sales service
• Registering and tracking lost, stolen or counterfeit products, especially to proceed to anti-fraud and blacklist management for any case in which a person has been implicated in fraud regarding our products, services or trademarks;
• Interacting with you and answering your requests, questions or concerns, including by informing you of any changes in relation to our products and/or services
• Managing VIP and loyalty programs, as well as manage your membership and/or client account
• Complying with our billing and accounting obligations, as well as legal and regulatory obligations (namely anti-money laundering regulations)
• Dealing with potential claims or litigation
• Producing reports and statistics, namely to improve our services and platforms
• Guaranteeing the security of our operations
• Tailoring our services and offers to your needs, location or preferences
• Sending regular information on us, namely upcoming events or new boutique (with your consent and in accordance with your communication preferences)
• Promoting/ advertising through our social network platforms
• Evaluating job applications
• Offering you all functions of our websites and applications, as well as ensuring its correct execution and enhance your use of it

Payment details in particular: When you initially provide or update your payment information, we may transmit it via an encrypted connection to a third-party payment processor. Such a delegation is in particular justified in order to ensure compliance with security and legal standards.

E-mail address and contact information, including for marketing information, in particular: We may use your E-mail address, as well as any other contact information, in order to send you our newsletter or other emails in relation to our products, in particular to inform you of any new products or services that may be of interest to you. For such E-mails, you may at all time request to stop receiving them by following the link that is given at the end of each newsletter. Should you wish to stop receiving other E-mails or other notifications (including by postal mail) from us, you may inform us by using the E-mail address provided in this Privacy Policy and/or (where applicable) following the “Unsubscribe” link in any DE GRISOGONO marketing e-mails.

Should you opt-out from receiving newsletters and/or other marketing communications from us, you may nevertheless still receive administrative communications from us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important announcements.

Please note that our platforms, applications and social media publications are not intended for children under the age of 16. However, due to their nature, DE GRISOGONO may collect information about children under the age of 16 for the purpose of providing services. If we learn that we have collected or received personal information from a child under age 16 without parental or guardian consent, we will delete that information. If a child under 16 years old has provided us with personal information without parental or guardian consent, the parent or guardian may contact us at privacy@degrisogono.com to ensure its prompt deletion.

V. How we might share that information

Considering how important your data privacy is to us, we do not rent or sell your personal information to other people or non-affiliated companies.

We may share personal information about you with other people and/or companies in the following circumstances:
• Affiliated entities that make up our group (e.g. DE GRISOGONO subsidiaries): Especially for purposes of management and optimization of the customer relationship, as well as to send you information about the offers, news and events in the limits of your consent or applicable lawful grounds, as well as in any case of reorganization of the DE GRISOGONO group
• Third party providers and subcontractors that support our operations: e.g. processing payments (especially for security reasons), managing customer relationships, database and online platforms management, website management – this also includes all IT service suppliers, consultants, providers of hosting and maintenance services for the website and applications,
• Third-party subcontractors (especially network advertisers and ad exchanges) for limited interest-based advertising on a selected number of social media –
• Law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party, should we determine that such disclosure is reasonably necessary in this context (including to prevent fraud or abuse)
• Third parties connected to a potential merger or any other type of acquisition, or to which we transfer all or some of our assets or business

Information we collect may be transferred to, shared with, stored and processed in any country or territory where one or more of our subsidiaries or affiliated companies or third-party service providers are located or maintain facilities.

In any case where cross-border transfer is done, we ensure that an adequate protection is guaranteed for personal data to be transferred outside of Switzerland and the EEA. In some specific cases when this level of protection is not guaranteed, we will obtain your prior consent or establish with the recipient of personal data a contractual framework or sufficient safeguards that ensure an adequate level of protection abroad. You may request access to a copy of these safeguards by contacting us.

VI. Data retention (including retention period)

We will retain your information for as long as necessary to fulfill the purposes for which we collect it and/or to comply with legal requirements, unless otherwise agreed by you (the “Storage”). The Storage period shall not exceed ten years of time, being underlined that such Storage period will reset with each new communication we receive from you or made on your behalf. When relevant, the Storage period of your personal information will be extended to meet the requirements of law and for accounting, auditing and other internal administrative and support functions.

At the end of the Storage period, we shall delete your data without it being required that any further information be provided to you.

Within the timeframe detailed above, the exact retention periods shall in particular be identified based on the following criteria:
• For client, supplier and distributor data: The duration of the contractual relationship, after-sale services, requirements under anti-fraud laws, answering any claim within a reasonable period following the end of the contractual relationship.
• For employees: The duration of the employment agreement, legal obligations pertaining to minimal retention periods, answering any claim within a reasonable period following the end of the contractual relationship.

VII. How we will protect this information (security measures)

We are committed to protecting all personal information we collect. We limit access to personal information about you to employees who reasonably need access to it, to provide products or services to you or in order to do their jobs. Our employees are obliged by us to respect confidentiality. We also have appropriate technical and organizational physical and electronic safeguards to protect the personal information that you provide to us against unauthorized or unlawful processing and against accidental loss, damage or destruction.

The storage of information and its transmission over the Internet cannot unfortunately be completely secure and, though we do our best to protect your personal information, we cannot guarantee the absolute security of your personal information. In the occurrence of any breach likely to result in a high risk to your rights we will inform you without undue delay.

VIII. Your rights

You have the right at any time to ask for access or transfer to and deletion of any personal information that we hold about you in our records, to correct any inaccuracies and to update any out-of-date information. You may also request from us that we stop processing your personal data, for the case in which we rely on your consent and do not have another legal basis to continue processing your data.

You can also ask us not to send you direct marketing communications (however please note that we may continue to send you service related communications, such as e-mail updates on your after sales service). You may unsubscribe from e-mail marketing communications at any time by e-mailing the contact address provided in this Privacy Policy or clicking on the ‘Unsubscribe’ link in any DE GRISOGONO marketing e-mails.

If you wish to exercise any of these rights, please write to us at the address listed in this Privacy Policy providing us with sufficient documents establishing your identity. In case we consider the request as being unlawful or abusive, or should it otherwise adversely affect the rights and freedoms of others, we will inform you of the reasons for not taking action without undue delay and at the latest within one month of receipt of the request. We may in any case ask you for a proof of identity (copy of official identification document with a photo mentioning your date & place of birth).

Any such request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such personal data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable data protection legislation.

You have the right to make a complaint if you feel your personal data has been mishandled or if we have failed to meet your expectations. You are encouraged to contact us about any complaints or concerns but you are entitled to complain directly to the relevant supervisory authority.

IX. How we might update this policy

We reserve the right to change this Privacy Policy at any time. Any changes to this Privacy Policy will become effective upon posting of its revised version on our websites as well as upon its sending to you, to the condition we have your contact information to do so. We invite you to check our Privacy Policy periodically for updates and to stay informed about the steps we take to protect the personal data we collect.

X. How you can contact us

If you have any questions or comments about this Privacy Policy, or privacy matters generally, please contact us at the address provided below. You can also use this address if you wish to request access to the personal data we hold about you or to unsubscribe from any further e-mail marketing communications.

Email: privacy@degrisogono.com

Last updated: May 2018