1.1 The Company takes the security and privacy of data seriously as is committed to complying with its legal obligations under the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
1.4 We are committed to complying with our data protection obligations, and to being concise, clear and transparent about how we obtain and use personal information or sensitive personal information and how (and when) we delete that information once it is no longer required.
1.5 Please ensure that you read this notice and any other similar notice we may provide to you from time to time when we collect or process personal information about you. You must read this notice because it explains:
1.6 We will review and update this notice regularly in accordance with our data protection obligations. We will circulate any new or modified policies or notice in relation to your data when it is adopted on our website and you should read this notice before you send us any personal information.
1.8 David Dyli is responsible for data protection compliance within the Company. He is the data protection manager and he is the person with overall responsibility for this notice. If you have any questions, comments about the content of this notice, if you need further information or if you have a complaint about how we processed your data you should contact him directly. His contact details are below:
T: 01923 85 58 58
A: 339 Wattling Street, Radlett, Herts, WD7 7LB
1.9 We hope that our data protection manager can resolve any query or concern you raise about our use of your information. If however you feel that we have failed to address your concerns appropriately, you can contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
2.1 BQ Watches Ltd (the Company) obtains, keeps and uses personal information and sensitive personal information about clients and suppliers for a number of reasons. The Company is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you.
2.2 BQ Watches Ltd is a data controller whether we receive the details from you directly or from another data controller who you have instructed to send us those details. Another data controller will have own privacy policies in place and you should ensure that you are familiar with those before you ask them to send us your details.
2.3 This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a pdf version of the policy here [LINK]. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
3.1 The Company will comply with the following data protection principles when processing personal information:
4.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
5.1 Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our service you have with us but we will notify you if this is the case at the time.
6.1 We use different methods to collect data from and about you including through:
126.96.36.199 Identity and Contact Data from publicly availably sources such as Companies House
188.8.131.52 Opponents in litigation or other parties in transactions.
7.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
8.1 We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To respond to enquiries||
|To take necessary steps to enter into a contract with you.|
|To register you as a new client||
To take necessary steps to enter into a contract with you.
For legitimate interests to maintain client database and to grow our business.
To deliver our services including:
– Buy watch from you
– Sell a watch to you
– Repair your watch for you
– Manage payments, fees and charges
– Collect and recover money owed to us
– To conduct litigation, mediations or transactions
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to maintain customer records, to be able to quote for the service, to be able to provide estimate for the watch, to grow our business and recover debts due to us,)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how clients use our products/service.)
|To make suggestions and recommendations to you about goods or services that may be of interest to you||
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
|Signing up to newsletter (non client)||
|Legitimate business interests (to deliver relevant website content and advertisements to you, notify you of our new products and services and measure or understand the effectiveness of the advertising we serve to you)|
9.1 Clients: We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. When you register as a user and make an enquiry about our products or services, we will process your Identity, Contact and Marketing data for the direct marketing purposes. When doing so we will comply with Privacy and Electronic Communications Regulations 2003 (PECRs) and GDPR. We will:
9.2 Subscribers: when you subscribe to our service or publications (i.e. by signing up to receive our newsletter on our website); request marketing to be sent to you; enter a competition, promotion or survey; or give us some feedback we will collect your Identity Data, Contact data and Marketing Data. We will:
9.3 The data collected in accordance to clause 9.1, 9.2 to 9.3 will be share the information we receive with relevant personnel within company, i.e. those responsible for the IT or marketing aspects of the business and third- party service providers responsible for our website maintenance and marketing or software providers, i.e. ConstantContact. You will be able to opt out of receiving any further promotional material from us.
10.1 When you use our website we may automatically collect Technical Data, User Data and Aggregate data about your equipment, browsing actions and patterns. We collect this data by using cookies, and other similar technologies. We may also receive this data about you if you visit other websites employing our cookies. We will:
11.1 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
11.2 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
11.3 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
12.1 Your data will be shared routinely with third parties such as:
12.3 All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
13.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
14.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
14.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
14.3 If you would like more information on the data retention periods please contact the data protection manager and request for Data Retention Policy.
15.1 Under the legislation you may be entitled to the listed rights in certain circumstances as listed below.
15.2 Right to be informed. The right to be informed about the collection and use of your personal data.
15.3 The right to access (Subject Access Request) to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If you wish to exercise this right:
15.4 you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
15.5 we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
15.6 we try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
15.7 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. In certain circumstances we may refuse a request for correction.
15.8 Request erasure of your personal information. In certain circumstances you have the right to have ask for some but not all of the information we hold and process to be erased (the right to be forgotten). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
15.9 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
15.10 Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
15.11 Request the transfer of your personal information to another party.
15.12 Rights in relation to automated decision making and profiling: You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
15.13 If you want to exercise any of the above-mentioned rights please contact Data Protection Manager by telephone or in writing. We will respond to your request within one calendar month.
16.1 You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
If you love luxury watches, then subscribe to Spencer’s YouTube channel, where he shares his knowledge and stories from 25 years in the industry.