MB&F

Privacy and Cookies Policy

PREAMBLE

Thank you for visiting and using our websites (mbandf.com; madgallery.net and shop.madgallery.ch, hereinafter: the “Sites”) and our social media pages on Facebook, YouTube, Instagram, LinkedIn, and X (hereinafter: “Social Media Pages”), owned and governed by Maximilian Büsser & Friends, formally registered as MB & F S.A. (hereinafter: “MB&F”), located at Route de Drize 2, 1227 Carouge, Switzerland.

MB&F respects your right to privacy in both the online and the offline world, when you use our Sites and when you visit our boutiques, such as the MAD Gallery. This Privacy and Cookies Policy (hereinafter: “Policy”) explains how and for what purposes information relating to an identified or identifiable person (hereinafter: “Personal Data”) is collected, used and protected, and sets out policies and procedures relating to the collection and processing of Personal Data that you may provide us with when visiting our Sites, Social Media Pages, our boutiques, or when participating in offline programs or events (hereinafter: "Offline Services").

The present Policy forms integral part of our General Terms and Conditions of Sale, as well as of our Terms of Use pertaining to the use of the Sites.

1. Scope of the Privacy and Cookies Policy and Amendments

  1. By using our Sites and/or Social Media Pages or by providing us with your Personal Data in the context of our Offline Services, you accept the practices described in this Policy. If you do not agree with our use of your Personal Data as described in this Policy, please refrain from using or visiting our Sites, Social Media Pages, or using our Offline Services requiring the processing of your Personal Data.
  2. MB&F reserves the right to make changes to this Policy at any time by posting a new version of this Policy on the Sites, without any prior notification. You shall be notified of any change to the Policy on the Sites’ respective home page. If you do not accept the new terms of the Policy, please do not use our Sites, Social Media Pages, nor our Offline Services.
  3. We will always handle your Personal Data in accordance with the Policy that was in effect at the time of collection.
  4. The new version of the Policy will become effective on the date it is posted, which will be listed at the top of the page as the new effective date.

2. What Personal Data We Collect About You

  1. The Personal Data that we collect through our Sites, Social Media Pages and our Offline Services can be divided into two categories: (i) cookies and (ii) Personal Data you provide us with.

A. Cookies

(I) What are cookies and what information do they collect?
  1. Cookies are files containing a small amount of data that are sent from a website to your browser and stored on your mobile or computer device. Other tracking technologies, such as beacons, tags and scripts (hereinafter: “Similar Technologies”), may also be used to collect and track information and to improve and analyze our Sites.
  2. hrough the use of cookies and Similar Technologies we may collect Personal Data when you interact with our Sites, Social Media Pages or open emails that we send to you. In particular, we may identify certain usage data when you browse or click on content.
  3. The following information and Personal Data are collected through the use of cookies and Similar Technologies:
    • your device ID;
    • the IP address of the device that can connect to the Internet and request the connection;
    • the location, if enabled on the device;
    • the resources you accessed on the Sites;
    • name and URL of the linking page;
    • the browser you are using and, if necessary, the operating system of your Internet-enabled device, as well as the name of your service provider.
  4. In order to control or limit the collection of this information, you can:
    • if available, set up your browser to refuse all cookies or to indicate when a cookie is being sent;
    • delete cookies and clear your browsing data directly from your browser’s settings.
  5. Please note that if you do not accept certain cookies or Similar Technologies, you may not be able to access certain features of our Sites.
  6. List of cookies and Similar Technologies that we use:
Name Provider Purpose Duration Type
IDE Third-party cookie, provided by Doubleclick.net Google cookie used to show Google Ads to users of non Google sites. 390 days Cookie
datr Third-party cookie, provided by Facebook (Meta Inc.) The purpose of the datr cookie is to identify the web browser being used to connect to Facebook independent of the logged in user. This cookie plays a key role in Facebook’s security and site integrity features. 2 years Cookie
sb Third-party cookie, provided by Facebook (Meta Inc.) Cookie to store information that allows Meta to recover your account in the event that you forget your password, or to require additional authentication if you tell us that your account has been hacked. - Cookie
ANID Third-party cookie, provided by Google Switzerland GmbH The ‘ANID’ cookies are used to show Google ads on non-Google sites. 2 Years Cookie
CONSENT Third-party cookie, provided by Google Switzerland GmbH Cookie storing user consent choices. 2 years Cookie
NID Third-party cookie, provided by Google Switzerland GmbH Cookies for Google Search. 2 years Cookie
_Secure-3PAPISID Third-party cookie, provided by Google Switzerland GmbH Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. 2 years Cookie
_Secure-3PSID Third-party cookie, provided by Google Switzerland GmbH Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. 2 years -
1P_JAR Third-party cookie, provided by Google LLC Based on recent searches and previous interactions, custom ads are shown on Google sites. 1 week -
AID Third-party cookie, provided by Google LLC Cookie for Google AdWords. 30 days Cookie
CONSENT Third-party cookie, provided by Google LLC Stores visitors’ preferences and personalizes ads. Persistent Cookie
NID Third-party cookie, provided by Google LLC These cookies are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. 6 months Cookie
_fbp First-party cookie Facebook cookie retrieving a unique user ID. 90 days Cookie
_ga First-party cookie Google Analytics cookie containing information about the version of the tool and the user. 395 days Cookie
_gat First-party cookie Google Analytics cookie to filter out bots. 1 minute Cookie
_gat_UA-116269728-1 First-party cookie Read and filter requests from bots. 1 minute Cookie
_gcl_au First-party cookie Google cookie containing user conversions. 90 days Cookie
_gid First-party cookie Google Analytics cookie containing information about the version of the tool and the user. 24 hours Cookie
PHPSESSID First-party cookie This cookie is set by the website when a user visits the site and is an essential cookie for the operation of the website This cookie does not display any identifiable or tracking information and is deleted when the user closes their browser. - Cookie
devicePixelRatio First-party cookie Device pixel ratio is the the ratio between the physical pixels on a the hardware screen and the logical pixels (related to the physical size of the screen, also known as CSS resolution). - -
(II) For what purpose do we collect information using cookies and other Similar Technologies?
  1. We use cookies and Similar Technologies that we collect in order to:
    • enable access to our Sites;
    • make certain features of our Sites accessible, and to provide you with additional functionality;
    • improve our Sites and Social Media Pages;
    • store information regarding your preferences, enabling us to customize our Sites in accordance with your personal preferences;
    • ensure the security of our Sites;
    • collect statistical information about the use of our Sites, Social Media Pages and regarding the opening of our promotional e-mails and newsletters.
(III) Legal basis for processing
  1. With regards to cookies and Similar Technologies used for the operation, maintenance and security of our Sites, the legal basis we rely on to process your Personal Data is our overriding private interest.
  2. In addition, cookies and Similar Technologies which would go beyond the purposes justified by our overriding private interests (for example, analytics and targeting cookies used for marketing purposes), are implemented upon your consent, collected through the means of our cookie banner.

B. Personal Data provided by you

(I) What Personal Data do you provide us with?
  1. We collect Personal Data from you when, on our Sites, you (i) create an account on our E-Shop, (ii) create an account to become a member of The Tribe, (iii) subscribe to a newsletter, (iv) when you contact us by email, (v) when you use our E-Shop ChatBot, and (vi) when you purchase items from our E-Shop.
  2. With regards to our Offline Services, we collect Personal Data from you when you visit our boutiques, and make in-store purchases. We also collect Personal Data from you when you register to participate in our Offline Services.
  3. The Personal Data collected includes:
    • Personal contact information such as name, email, phone number, address, company, picture and demographic information, including birth date, age, gender or location;
    • Information about your watch, such as series number, date and location of purchase;
    • Account login information or membership details, such as name and address;
    • Payment information, such as credit card and bank information;
    • Your comments and user-generated content, including any photos, videos and personal stories that you share with us.
    • Video images when you visit one of our boutiques such as the MAD Gallery in Geneva.
  4. Please note that when you purchase a product through our Sites using a credit card, you will be automatically redirected to the payment service providers’ website, whose general terms and conditions and privacy policy are the only ones applicable to such credit card payments. No information concerning your credit card will thus be requested or recorded on our Sites.
(II) For what purpose we collect Personal Data
  1. We collect and use your Personal Data for the following purposes:
    • to allow you to create and access your client account or manage your Tribe membership;
    • to fulfil your orders and purchases, including after sales services and any required upgrade of your watch;
    • to respond to your queries or use it for contests you have entered;
    • to contact you for marketing purposes, including sending you information about new accessories;
    • to send you newsletters;
    • for safekeeping and maintenance of our Sites; for reporting; and for risk, dispute and record management;
    • for the security of our boutique and employees via CCTV monitoring.
(III) Legal basis for processing
  1. The legal basis we rely on in order to process the Personal Data for the purposes of marketing, sending you newsletters, allowing you to create and access your client account and/or Tribe membership, is your consent. The legal basis we rely on in relation to the processing of your Personal Data for the purposes of fulfilling your orders and purchases, including after sales services or required upgrades of your watch, as well as the participation in a contest, is the execution of a contract. Furthermore, the legal basis we rely on with regards to the processing of your Personal Data to respond to your queries, for the security of our Sites and boutiques, for dispute and record management, is our overriding private interest.

3. Where We Store Your Personal Data and Cross-Border Disclosures of Your Personal Data

  1. We take data protection issues seriously and we have chosen to store your Personal Data on servers provided by Infomaniak in Switzerland and Shopify in Canada
  2. We use the services of some third-parties, some of which operate outside Switzerland or the European Economic Area, notably in the United States of America and Canada. We thus transfer your data to one of these third-parties’ databases, including to countries which may not have an adequate level of protection of your Personal Data compared with that provided in Switzerland or the European Economic Area. In such an event, and unless provided otherwise in this Policy, we undertake to enter into agreements with such third parties to ensure an adequate level of protection of your Personal Data. By providing us with your Personal Data, you acknowledge that we may transfer, store and process your Personal Data outside Switzerland or the European Economic Area – in particular with the United States of America and Canada – and acknowledge that governments in certain countries, such as the United States of America, have broad powers to access data for security, crime prevention and detection, and law enforcement purposes.

4. Access to Your Personal Data by Third-Parties

A. In general

  1. We do not sell your Personal Data to third parties. We do not share or otherwise make available your Personal Data to third parties, except as otherwise provided in this Policy.
  2. Please note that we do not actively seek your Personal Data from other third-party sources, nor do we actively cross-reference your Personal Data with information from other third-party sources.
  3. With your consent, through the use of cookies, the Sites may use third parties such as network advertisers and ad exchanges to serve you ads on third party websites after you leave our Sites, and we may use third party analytics and other such service providers to evaluate and provide us and/or third parties with statistical information about the use of the Sites. Such statistical information is however, anonymized.

B. Social media and third-party websites

  1. Where we provide links to websites of third parties, this Policy does not cover how such third parties process your Personal Data. We thus encourage you to read the privacy policies of the other websites you visit.
  2. Our Sites and Social Media Pages contain links that direct you to social networks, such as Facebook, YouTube, Instagram, Pinterest, LinkedIn, Twitter and WeChat, in order to connect you with the content displayed on these social media platforms. When you access social media or another website via our Sites or our Social Media Pages, responsibility for compliance with data protection laws is to be guaranteed by the providers of the respective social media platforms.
  3. When you establish a connection to a social media platform or another website, your browser connects directly to the server of the relevant service provider. Through this connection, the social media platform or website receives the information that your browser has accessed the relevant page of our Sites or our Social Media Page(s), even if you do not have an account with such social media platform or if you are not logged into the relevant social media account. This information (including your IP address) is transmitted from your browser directly to the service provider’s server and stored there. If you are logged in to your account with the relevant social media platform, such platform may immediately link your visit to our Site(s) or Social Media Page(s) to your account. If you interact with our Sites or Social Media Pages, for example by clicking on the “Like” or “Share” icon, this information will also be transmitted directly to the social media service provider’s server and be stored there.
  4. Please refer to the privacy policy of the relevant social media platform or website for information regarding the purpose and scope of the collection of Personal Data by the relevant service provider, the further processing and use of such Personal Data by the relevant service provider, as well as the related rights and settings to enable the protection of your Personal Data.

C. Contractors and affiliates

  1. We may disclose your Personal Data made available to us through our Sites, Social Media Pages and Offline Services to certain independent contractors and affiliates, in particular our boutiques, and our franchises. Such contractors and affiliates assist us with the operation of our Sites, Social Media Pages and Offline Services, as well as data management and marketing activities. Such contractors and affiliates are required to sign contracts in which they commit to protecting Personal Data using procedures similar to ours, unless otherwise provided for in this Policy.
  2. The purpose of sharing your Personal Data with such third-parties is to support our business and to maintain and to constantly look to improve our Sites, Social Media Pages and Offline Services offered to our clients. The legal basis we rely on to process your Personal Data in such a manner is our overriding private interest.

D. Third-party service providers

  1. As mentioned in article 3.2 above, we may disclose your Personal Data to our third-party service providers. We notably share your Personal Data with the following third-party service providers:
    • our Sites are hosted by Idéative Sàrl, based in Les Acacias, Switzerland;
    • in order to offer you e-commerce facilities, we share your personal data with the following providers:
      • E-shop service provider Shopify Inc., based in Canada;
      • Financial service provider Stripe, based in US;
      • Mailing service provider Mailchimp, based in US;
      • Customer relationship management (CRM) provider Salesforce, based in US;
      • Chat service provider OKOMO, based in Switzerland;
      • Messaging platforms provider WhatsApp, owned by Meta Platforms, Inc, based in the US.
  2. The legal basis we rely on to process your Personal Data in such a manner is our overriding private interest.

Change in control or sale

  1. We may also share your Personal Data, subject to a confidentiality agreement, as part of a sale, merger or change in control, or in preparation for any of these events. Your Personal Data may be transferred to a successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other transfer of some or all of our assets, whether as a growing concern or as part of bankruptcy, liquidation or similar proceeding, in which the Personal Data we hold is amongst the assets transferred.

6. Legal disclosures

  1. We may also use your Personal Data (including your communications) if we think it’s necessary for security purposes, to investigate possible fraud or other violations of this Privacy Policy and/or attempts to harm other users of our Sites, Social Media Pages, and/or Offline Services. Hence, we may use your Personal Data to investigate, respond to and resolve complaints and issues relating to our Sites, Social Media Pages and/or Offline Services.
  2. It is possible that we will need to disclose your Personal Data when required by law or if we have a good faith belief that disclosure is necessary to (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our contract(s) with you, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Sites or Social Media Pages; (v) exercise or protect the rights and safety of our clients, users of our Sites, Social Media Pages and Offline Services, personnel, and others.
  3. We attempt to notify you of legal requests for your Personal Data when appropriate in our judgment and technically feasible, unless prohibited by law or court order, or when the request is an emergency. We may dispute such requests when we believe, in our discretion, that the requests are too broad, vague, or lack proper authority. However, we do not promise to challenge every request.
  4. The purpose and legal basis of sharing your Personal Data with the aforementioned authorities is to comply with legal obligations to which we are subject.

5. Management of Your Personal Data

A. Your rights

  1. To the extent possible, you may exercise your rights as described below, by sending us an email at info@mbandf.com. Please note that we may ask you to prove your identity before responding to requests based on the rights below, or otherwise related to your Personal Data.
  2. Right to access and update your Personal Data: whenever we process your Personal Data, we take reasonable steps to ensure that your Personal Data is kept accurate and up-to date for the purposes for which it was collected.
  3. Right to delete your Personal Data: you may request the deletion of your Personal Data at any time, subject to any retention obligations imposed on us. We may retain de-personalized (anonymous) information after the deletion of your Personal Data.
  4. Right of rectification: you have the right to obtain the rectification of your Personal Data, if it is inaccurate or incomplete.
  5. Right to object to processing: within the limits of the law, you have the right to object to our processing of your Personal Data.
  6. Right to restriction: you have the right to request that we restrict the processing of your Personal Data.
  7. Right to data portability: you have the right to be provided with a copy of the Personal Data we have on you in a structured, machine-readable and commonly used format.
  8. Right to withdraw consent: you have the right to withdraw your consent at any time where we relied on your consent to process your Personal Data. Please note that such withdrawal will not affect the lawfulness of processing based on your consent before its withdrawal. Such withdrawal may furthermore result in you no longer being able to make use of certain features of the Site, of our Social Media Pages or our Offline Services. With regards to marketing communications, you may opt-out at any time by following the ‘opt-out’ options provided, or by contacting us at info@mbandf.com.
  9. Right to complain to a supervisory authority: you have the right to complain to a data protection supervisory authority with regards to our collection and use of your Personal Data.

B. Protection of your Personal Data and data breach

  1. We take all reasonable technical and organisational measures to protect the personal data we hold against loss, unauthorised access or disclosure and against other misuse.
  2. The security of your Personal Data is important to us, but no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use technical and organizational commercially acceptable means to protect your Personal Data against manipulation, partial or complete loss and unauthorized access by a third-party, we cannot guarantee its absolute security.
  3. In the event of a data breach, or in the event we suspect a data breach, we will (i) use our best efforts to promptly notify you, where technically feasible, and (ii) cooperate with you to investigate and resolve the data breach, including without limitation by providing reasonable assistance to you in notifying injured third-parties. We will give you prompt access to such records related to a data breach as you may reasonably request; provided such records shall be treated as confidential information, and we shall not be required to provide you with records belonging to, or compromising the security of, other clients or users.
  4. In the event of a data breach, or in the event that we suspect a data breach, we will in addition, notify the competent authorities in accordance with applicable laws.

C. Retention of your Personal Data

  1. We retain the Personal Data you provide us with to the extent necessary to: (i) provide you access to and use of our Sites (and their functionalities, e.g. to receive newsletters), Social Media Pages and Offline Services, (ii) comply with our internal regulations, (iii) comply with our legal obligations, and (iv) to resolve a dispute or to enforce agreements we have entered into.
  2. The length of time we retain cookies and Similar Technologies depends on their purpose and is always the same, regardless of who the Personal Data relates to.
  3. When the Personal Data that we collect is no longer required for the given purpose, or in accordance with legal requirements, we destroy or delete it in a secure manner. However, we reserve the right to store the data in a depersonalized (i.e. anonymous) form following the deletion of your Personal Data.

6. How to Contact Us

  1. Should you have any questions or complaints regarding this Policy, please contact us by phone at +41 22 786 36 18 or +41 22 508 10 38; email at info@mbandf.com; regular mail at MB&F S.A., Route de Drize 2, 1227 Carouge, Switzerland.

MB&F SA September 2023