The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into affect across Europe on 25 May 2018. The privacy principles provides you with important information about how we collect, use, share and keep information about you, and the choices that are available to you.
The following Data Protection and Privacy Principles (“Principles”) set out the way that Mayfair Watch and its wholly owned direct and indirect subsidiaries (“Mayfair Watch”) will collect, use, store, share, transmit, delete or otherwise process (collectively “process”) your personal data. Personal data means any information that relates to an identified or identifiable individual. The standard of personal data protection set out in these Principles will be used by Mayfair Watch globally, providing adequate and consistent protection for the processing of your personal data. In these Principles, “you” and “your” means any individual customer or employee of Mayfair Watch and any other individual whose personal data we process and “we”, “us”, “our” and “Mayfair Watch Limited” means Mayfair Watch.
-
Collection: We will only collect personal data that is needed and by lawful and fair means.
-
Notice and Processing: Where it is not apparent from the products or services you require or the nature of your relationship with us, we will tell you how your personal data will be processed and which companies in the Mayfair Watch are responsible for that processing. We will process your personal data fairly and only for those purposes we have told you, for purposes permitted by you or as permitted by applicable law. In addition, you may object to certain types of processing as expressly permitted by applicable law.
-
Choice: We give customers the option of having their personal data included or removed from lists used for marketing as required by applicable law. This includes product and service offers from Mayfair Watch and those made in conjunction with our business partners. Of course each of our businesses will continue to send customers information about the products or services they receive from that business.
-
Data Quality: We use appropriate technology and well-defined employee practices to process your personal data promptly and accurately. We will not keep your personal data longer than is necessary, except as otherwise required by applicable law.
-
Security and Confidentiality: We will keep your personal data confidential and limit access to your personal data to those who specifically need it to conduct their business activities, except as otherwise permitted by applicable law. We refer to industry standards and use reasonable administrative, technical and physical security measures to protect your personal data from unauthorised access, destruction, use, modification or disclosure. We require industry standard data security measures from those third parties who are authorised by us to process your personal data on our behalf.
-
Data Sharing: We only share your personal data with third parties where it is necessary to provide you with products or services or as part of the nature of our relationship with you, where we have previously informed or been authorised by you, in connection with our efforts to reduce fraud or criminal activity, or as permitted by law.
-
Openness and Data Access: If you ask, we will inform you about how your personal data is processed and the rights and remedies you have under these Principles. You may inquire as to the nature of the personal data stored or processed about you by American Express. You will be provided access as is required by law in your country, regardless of the location of the data processing and storage. If any data is inaccurate or incomplete, you may request that the data be amended.
-
International Transfer: Where it is not apparent from the international products or services you require or the nature of your relationship with us, we will inform you if your personal data may be transferred outside of your country and ensure that such transfer is only performed in accordance with applicable law. Regardless of where your personal data is transferred, your personal data is protected by these Principles.
-
Responsibility: Each company in the Mayfair Watch Limited and their employees may only process your personal data in accordance with these Principles. We conduct training and reviews of our compliance with these Principles. Employees who violate these Principles may be subject to disciplinary action, up to and including dismissal. Employees are expected to report violation of these Principles, and may do so to their managers, to their business unit's compliance officer, to the legal department, to the Privacy Office or to the company's Office of the Ombudsperson.
- Accountability: You may enforce these Principles in your country against any company in the Mayfair Watch Limited that is responsible for your personal data, as a third party contractual beneficiary to these Principles. If you have a complaint that we have breached these Principles and have attempted in good faith to resolve the complaint through our customer service process, but the complaint was not resolved by us within a reasonable amount of time, then you may enforce these Principles against us. If you complain to your local data protection authority and the data protection authority finds that we have breached these Principles, we will abide by the findings of the data protection authority, but we reserve the right to challenge or appeal such findings. These Principles do not affect any rights you have under applicable law, the requirements of any applicable regulatory data protection authority, or any other type of agreement that you may have with us.