Rolex Events App Privacy Policy

The Application collects some Personal Data from its Users.



Introduction

The Owner takes care of protecting the confidentiality of the information that End-Users share, and commits itself to the strictest compliance with the data protection law that applies.
This document is aimed at providing End-Users with an outline of what the Service provided consists of, what Personal Data are collected via the Service and how such Data are processed.



Service Description

The Rolex Events application (the ’Application’) is entirely built within the technical framework provided by Rolex, dedicated to mobile event and engagement application solutions. The Application provides End-Users with a mobile and digital solution to interact and communicate during events, meetings or community engagements. Such communication is carried out in a paperless environment through the functionalities available in the Application. Once the End-User has joined the event environment, he can start using the engagement features of the Application, including but not limited to, posting questions, receiving learning or training material, communicating in real time with other End-Users, taking notes, casting votes etc., depending on the feature set made available in the Application and on the setting thereof.

Data Controller and Owner


ROLEX SA
3-5-7 rue François-Dussaud
1211 Geneva 26
Switzerland

Contact email: privacy@rolex.com

Types of Data collected

Usage Data
The use of and navigation through the Services (as well as the use of any third party’s application embedded and/or available therein), implies the communication of Usage Data, which is implicitly acquired during the navigation of the App User or Backstage User through the internet communications protocol.
Usage Data includes but is not limited to, the IP addresses or domain names of the devices utilized by the App Users or Backstage Users, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the App User or Backstage User, the various time details per visit (e.g., the time spent on each page within the Rolex Platform) and the details about the path followed within the Rolex Platform with special reference to the sequence of pages visited, and other parameters about the device’s operating system and/or the App User’s or Backstage User’s IT environment.
Usage Data is not collected for the purpose of identifying the App User or Backstage User. However, all users must be aware that the identification may be possible through further elaborations and associations, as well as with information held by third parties.
Should any willful act of misconduct, fraud or criminal offence be perpetrated, Usage Data could potentially be used for ascertaining individual responsibilities.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR in the EU. The data processing for the provision of the services and the storage of the data in log files is absolutely necessary for the operation of the App. Consequently, there is no possibility of objection on the part of the user.
 
Data communicated by App User and Backstage User
To use the Services, App Users and Backstage Users may need to register and disclose the information requested in the relevant forms in a complete and truthful manner. Whenever a field in the forms provided is described as “optional” or “not compulsory” or is not marked with “*” symbol it means that the App User or Backstage User is free not to communicate the requested Data and that their request can be fulfilled notwithstanding the absence of this information. The Data collected by the Rolex App or Backstage for registration purposes are: email address, first name, last name, password. App User’s and Backstage User’s Personal Data shall be processed upon their prior, free and informed consent, when required by the law, and solely for the purposes outlined in the present privacy notice. App Users and Backstage Users are responsible for any third party Personal Data obtained, published or shared through using thе Rolex Services and confirm that they have the third party’s consent to provide the Data to Rolex. The data will be archived and deleted after 2 years. As the processing of data aims at the fulfillment of a contract, the legal basis for processing is Art. 6 para. 1 lit. b GDPR in the EU.
 


Mode and place of processing the Data

Methods of processing
The Data of App Users and Backstage Users is processed in an appropriate manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
 
Place
The Data is processed at the Client’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact
Rolex privacy@rolex.com.
 
Retention time
The Data is kept for the time necessary to provide the Services requested by the App User or Backstage User, or stated by the purposes outlined in this document.
 
Purposes of processing
The Data concerning the App Users and Backstage Users is collected for the purposes described below.
In particular, Usage Data is solely processed to:
 
As for the Data communicated by App User or Backstage User on a voluntary basis, it is processed for the following purposes:

If an event (or workspace or campaign) uses an Activity challenge advanced module that includes step count data, and participants allow the use of step count on their devices, this data is collected solely to foster engagement. The data is used only within the scope of the challenge for this specific event, reported in aggregate form, and is not retained or processed as health-related data or personal activity profiles.
 
How it works for App Users
App Users must be aware that other users of the Rolex App might have access to, or re-post, or otherwise share what they have published, which could also include Personal Data such as name, nickname/screen name, location and other information about the App User, as well as information about the event they are participating to. These other users might make such information publicly available. Also, App Users must be aware that the Rolex App allows interactions among mobile
devices running the Rolex App or between mobile devices running the Rolex App and other components of the Rolex App. In particular, at each event at which the Rolex App is employed, the Event Organizer determines the rules as to how individually-identifiable information in the Rolex App will be made accessible to other App Users. Where applicable and once these rules have been determined, Rolex enforces them, including by withholding Data from the Event Organizer where that Data was gathered under a commitment of anonymity.
Some of the ways in which individually-identifiable information about a participant are made available to others vary from event to event including, but not limited to the following:
 
App Users who are not comfortable with the functioning of the Rolex App may return their Rolex device at any time (if they have been provided with such a device), may delete the Rolex App from their personal mobile device or may request the deletion of their Personal Data to the Event Organizer.
 
How it works for Backstage Users
Backstage Users must be aware that their data will not be shared with others, unless they are also listed as Backstage Users by the Client under the same Organization in Backstage. In this case, the data that will be visible for all Backstage Users under one Organization are their names.

Data communicated to Rolex

 
Data automatically collected by Rolex
The Rolex Platform usually provides for a closed environment, meaning that the App User must be
authenticated with an email link or a similar authentication scheme before joining the Rolex App, and the Backstage User by authenticating with email and password before joining Backstage. If no authentication scheme is available, App Users can access the Rolex App by providing the following Data: email address, first name and last name. Rolex does not automatically collect, via the service, any personal identifiable information from the App Users. Nonetheless, the use of the Services may imply the automatic collection of some App User’s information and other Usage Data, including but not limited to, IP address, operating system and type of browser used by App User’s mobile device.
 
Communication of Data to Rolex by the Client
Notwithstanding the above, under specific circumstances and, namely, as part of the functioning of the Rolex Platform related to a meeting or event at which the Rolex App is employed, Rolex may receive some personal identifiable information about the App Users and Backstage Users, including but not limited to, their name, surname and email address, in order to enable the particular features of the Rolex Platform.
Rolex does not own any such Data and shall process them, as Data Processor, according to the instructions and the terms and conditions set forth in the agreement entered who remains the sole Data Controller.

Data transfers

Liability for Data transfers
Clients are solely liable for the lawful transmission of Personal Data referring to App Users and Backstage Users to Rolex. Clients shall inform such Data Subjects accurately about the intended data transfer and collect their prior explicit consent, if needed. In particular, Clients shall inform their users about profiling activities possibly performed through recourse to services provided by Rolex. In case such profiling activities take place, Clients are solely liable for the fulfilment of the notification, if required, to the competent Data Protection Authority, as well as to comply with any requirements prescribed by the applicable privacy laws which are relevant to the aforesaid data processing activities.
Therefore, Clients are bound to inform the App Users and Backstage Users correctly about the
data treatment performed with recourse to services provided by Rolex according to applicable law, i.e. providing a privacy notice including information about data treatment performed by Rolex on their behalf.
To the same extent, Clients are solely liable for the enforcement of consent revocations or other requests received by Data Subjects. Clients shall inform Rolex accurately and without undue delay about the revocation of consent or the request and about the Data to be deleted, amended, rectified etc. Clients are solely liable for any damage possibly arising to third parties (e.g. their users or other Users) due to an unlawful processing of Personal Data transferred to Rolex.
 
Data transfer abroad – European/Swiss Users’ rights
Rolex operates through a network of subsidiaries.
As for the transfer of Personal Data to countries outside of the European Union, European Users must be aware of the following:
 
Data transfer to Switzerland
European Users must be aware that such transfer is lawfully carried out pursuant to the European Commission’s decision 2000/518/EC of 26 July 2000 on the adequate protection of Personal Data provided in Switzerland.
 
Data transfer to the US
Rolex SA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Rolex SA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Rolex SA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
To provide our services, personal data may be collected, accessed from, transferred to, or stored in the United States, European Economic Area (EEA), Switzerland, Singapore, and the UK (in which Rolex SA operates or in which we engage third party service providers – subprocessors).
Individuals can contact Rolex with inquiries or complaints via privacy@rolex.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Rolex SA commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
 


Detailed information on the processing of Personal Data

Given the information above, Personal Data can be collected by using some of the following services:

Cookies

Rolex uses Cookies. To learn more and for a detailed cookie notice, please visit https://www.rolex.com/legal-notices/privacy-notice.

Additional information about Data collection and processing


Legal action
The Data Subjects’ Personal Data may be used for legal purposes by the Client, in Court or in the stages leading to possible legal action arising from improper use of the Rolex Services. Insofar as processing of personal data is necessary to fulfill a legal obligation to which the Client is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
 
Additional information about Data Subject’s Personal Data
In addition to the information contained in this privacy notice, Rolex may provide the Data Subject with additional and specific information concerning particular services or the collection and processing of Personal Data upon request.
 
System logs and maintenance
For operation and maintenance purposes, the Rolex Platform, or where applicable, third party services may collect files that record interaction with the Rolex App or Backstage (System logs) or use for this purpose other Personal Data (such as IP Address). The legal basis for the temporary storage of those files is Art. 6 para. 1 lit. f GDPR in the EU.
 
Children Under the Age of 13
The Service is directed to the general public. Client and Rolex do not knowingly collect information
from children under 13 years of age or have any reasonable grounds for believing that children under the age of 13 are accessing the Service. If Client or Rolex learn that they have inadvertently collected Personal Data from a child under age 13, that Data will be deleted as quickly as possible. If you believe that we might have any information from a child under age 13, please contact us at privacy@rolex.com.
 
Information not contained in this notice
More details concerning the collection or processing of Personal Data may be requested from Rolex at any time at privacy@rolex.com.
 
The rights of Data Subjects
Data Subjects have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller or Rolex to learn about their contents and origin, to access, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons or to request data portability. They may at any time revoke any consent they may have given to data processing and, under certain
conditions, object to data processing. Requests should be sent to the Data Controller (the Client) at the contact information provided in its privacy notice or to Rolex at privacy@rolex.com. Data Subjects can lodge a complaint with the competent supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement of GDPR in relation to the processing of their Personal Data.
In the case of a personal data breach of data where Rolex is the data processor, but not data controller, Rolex will notify the Data Controller without undue delay after becoming aware of a personal data breach. In the case of a personal data breach of data where Rolex is the data controller, Rolex will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification to the supervisory authority is not made within 72 hours, it will be accompanied by reasons for the delay. In the data breach notification, Rolex will describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned, and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained and describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Rolex will document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
 
Questions on data protection and contact / information, correction, deletion and blocking
App users and Backstage users are always entitled to request information about any of their data that Rolex has stored, as well as their origin and recipient and the purpose it was stored for. If App users and Backstage users have any questions about data protection or if they wish to access, request data portability, correct, block or delete their profile or any of their personal data, or if they would like to object to the processing of data, or, at any time, to revoke a granted authorization regarding the use of their customer data or e-mail address, they can do so either directly via the Rolex App, depending on its version or contact the following: Rolex SA, Attn: Data Protection Officer, 3-5-7 rue François-Dussaud, 1211 Geneva 26, Switzerland or the Data Protection Officer by email privacy@rolex.com.
 
Changes to this privacy notice
The Data Controller reserves the right to make changes to this privacy notice at any time by giving notice to its App Users and Backstage Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If an App User or Backstage User objects to any of the changes to the privacy notice, they must cease using the Rolex Platform and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy notice applies to all Personal Data the Data Controller has about App Users and Backstage Users.
 
Additional information about Data collection and processing
For any further information about the Data processing by Rolex as regards the provision of the Service, Users can write an email to the following address privacy@rolex.com.
 
Definitions and legal references
“App User” (also “Event Participant”, or “User”) means the end users of the Workspace, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.
“Backstage” is the web-based Content Management System service for the creation and management of workspaces, including design, content, configuration, and analytics.
“Backstage User” is an individual who is assigned and authorized by the Client to access and manage the functionalities of Rolex App via Backstage.
“Client” means the natural or legal person who has purchased Rolex services for its professional, commercial or entrepreneurial purposes and has thus access to the Service.
“Cookies” means a small piece of data stored in the User’s device.
“Data Controller (or Owner)” means the natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of Rolex Platform. The Data Controller of the Rolex Platform, unless otherwise specified, is the Client.
“Data Processor (or Data Supervisor)” means the natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy notice.
“Data Subject” means the legal or natural person to whom the Personal Data refers.
“Event Organizer” means any User who has been granted permission by the Client to define the functionalities and permissions of the Rolex App during an event or a community engagement where the Rolex App is used.
“Organization” means a deployment of Rolex with a defined set of Backstage Users. An Organization is the virtual space provided to the Client and includes all the Client Data, and is separate from all other Organizations.
“Personal Data (or Data)” means any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
“Services” means the services, such as access to software, content, platform, infrastructure, and storage space, that are provided to Client and made available online by Rolex, including associated Rolex offline or mobile components and which may entail the processing of App Users’ Data. Using Rolex Services means granting access and enabling use of the Rolex Platform.
“Rolex” means the company Rolex SA with registered office at 3-5-7 rue François-Dussaud, 1211 Geneva 26, Switzerland and including its subsidiaries.
“Rolex Events App” (or “the App” or “the Web App“) means the Rolex software that is used by Event Participants to access the event. It can either be via the web app (browser), or via the mobile app (phone or tablet).
“Rolex Cloud” means the backend system for Backstage, the Rolex Apps, and the core and advanced modules. It allows Client to upload and store data into Workspaces, configure Rolex developed application templates and system objects, and deploy these applications to App Users.
“Rolex Platform” means the entire Rolex solution. It is composed of Backstage, the Rolex App, and the Rolex Cloud.
“Usage Data” means information collected automatically from the Rolex App or Backstage (or third party services employed in Rolex), including but not limited to, the IP addresses or domain names of the computers utilized by the Users who use Rolex, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
“Workspace” (or “Event”, or “Engagement Instance”) means a virtual space provided to Client that includes all the Client Data related to a specific event. A Workspace belongs to an Organization and is separate from all other Workspaces.
 


Legal information

Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies.
This privacy notice relates solely to Rolex.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Rolex SA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Rolex SA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, as described on the Data Privacy Framework website, you will be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.