HYBRID TIME APPLICATIONS
PRIVACY POLICY

The brand owner of the branded smartwatch you purchased ("Brand Owner")/Citizen Watch Co., Ltd. (“Citizen”) is committed to protecting your privacy and complying with applicable data protection and privacy laws. This Privacy Policy (“Policy”) is designed to help you to understand what kind of information we collect in connection with our APP (as defined below) and its related products and services and how we process and use such information. Throughout this Policy the term “personal data” means information relating to an identified or identifiable individual (i.e. a natural person).

“Brand Owner” refers to the company which sold the smartwatch to you under its own brand, including all its group companies, affiliates and subsidiaries (from time to time also referred to as “we”, “us”, or “our”). You acknowledge and agree that your personal data collected may be used in accordance with this Policy by and for one or more Brand Owner group companies, which will be regarded, individually or jointly, as data controllers in respect of such data.

“Citizen” refers to Citizen Watch Co., Ltd. You acknowledge and agree that Citizen only processes your personal data collected on behalf of Brand Owner when you make any inquiries to the contact specified in the section of "THE CONTROLLER OF YOUR PERSONAL DATA AND CONTACT DETAILS" below to the extent necessary to assist Brand Owner to respond to your inquiries. Citizen does not access any of your personal data collected through the App and shall not be responsible for any processing of personal data collected through the App.

This Policy applies to personal data collected in connection with the HYBRID TIME's applications (the “App”) and its related smartwatches products and services including activity tracking, filtered notifications, wrist remote and customization offered by Brand Owner as well as other services such as customer care and warranty services, customer events, or promotions and campaigns.

Our products or services may also contain links to other companies’ websites and other third party services that have privacy policies of their own. We recommend that you carefully read the privacy policies of such services. Brand Owner/Citizen is not responsible for the privacy practices or contents of any such third party services.

Where a consent from you to the processing of personal data described in this Policy is required under the applicable law, such consent will be obtained by appropriate means such as ticking a box stating your consent, choosing technical settings for an application, a service or website, or other statement or conduct clearly indicating your acceptance to the processing, depending on the product, website, service or application you are using.

DATA COLLECTED

We typically collect your personal data when you install our App and create a user account, use or register into our services, enter into a sales promotion or a campaign, or otherwise interact with us. This includes data you enter when setting up your user account for the App, and information required for you to receive specific features including providing more precise life log information such as steps and calorie consumption by registering your height, weight and gender. To participate in the fitness challenge functionality ("Fitness Challenge") we may ask you to create a username and provide a photo or avatar. For other functionality you may authorize us to access your camera roll. Below are examples of the categories of the data we collect on you.

Technical Information. When you install and use the App, visit our websites or use products or services, certain technical information is normally collected as a standard part of your use of our services. Such information includes, for example, information on your paired mobile device and watch device including model, software version, mobile device carrier, your region, preferred language, your IP-address, access times, the website you linked from, pages you visit, the links you use, the ad banners and other content you viewed, information about your devices and other such technical information your browser provides us with or as may be otherwise collected in connection with certain products and services. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to us by the telecommunications operator as a standard part of that communication.

Information you provide us. When you set up your user account of the App, register to our services, enter a sales promotion or otherwise interact with us, we may ask you to provide us with certain information such as your name, email address, street address, as well as user names, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you with the products and services you have requested or to communicate with you, as well as information uploaded by you such as location, route information, pictures etc. In order to help you understand both your daily movement habits and your personal fitness, we may collect additional information such as the calculated number of steps you have taken, calories burned, your mode of movement (e.g. running or walking), travelled distance, sleep start time, sleep end time, the time you go to bed, and the time you wake up, the time zone, and your goals for the day and whether you achieved them. In order to enable us to calculate calories burned we may use your height, weight, and date of birth information. You may also choose to input information related to your activities through the App such as updating information about your weight. If you grant the App access to certain types of information from your watch device and/or a paired mobile device, the App will collect data such as geolocation data, events on your personal calendar, or fitness activity data to provide specific features or services. In order to enable you to participate in Fitness Challenge with other users, we may collect and share your activity data with such other users. You can control whether (and with whom) your activity data is shared in this way by electing (or not electing) to participate in Fitness Challenge.

We may also collect other information you provide, such as your consents, preferences and feedback, information relating to your devices and other such information you provide us with. Please note that certain non-identifiable information collected from you may become personally identifiable when you provide us with your personal data.

Your transactions with us. We collect or request information relating to the APP or use of our products or services as well as your other interactions with us. Such information may include, for example, details of the queries or requests you have made, the products and services provided (including delivery details), details of agreements between you and the Brand Owner /Citizen, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care or with other similar contact points.

Location data. Certain services may involve the use of your location data. You hereby give consent that we collect your location data. We can use that information to customize the App with location-based information and features; examples may include automatically updating local weather information, tracing an activity route, or to help locate your device based on last known location.

THE PURPOSES OF PROCESSING

We process your personal data for the purposes described in this Policy and/or any additional service specific privacy information. Please note that one or more purposes may apply simultaneously.

Provision of products and services. We may process and use your personal data to provide you the product or service you have requested, fulfil your other requests, such as customer service, process your order or as otherwise may be necessary to perform or enforce the contract between you and us. We may also process and use your personal data to ensure the functionality and security of the App, our products and services, to identify you, and to prevent and detect fraud and other misuses.

Development of products and services. We may process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalize our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customized content and advertising. We may combine personal data collected in connection with your use of a particular Brand Owner product and/or service with other personal data we may hold about you, except where such personal data was collected for a different purpose.

Profiling/personalization. We may process and use your personal data for profiling/personalization or for such purposes as improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling/personalization includes automated processing of your personal data for evaluating, analyzing or predicting your personal preferences or interests.

TRANSFERS OF YOUR PERSONAL DATA

We may disclose your personal data to third parties solely as stated below in this Policy, or as obligated by mandatory law.

Brand Owner group companies. You acknowledge and agree that we may share your personal data within our group companies, and may transfer your personal data for the use of other group companies for the purposes set forth in this Policy, when a group company/group companies are involved in the provision of the services to you or to other group companies. This may include, for example provision of services such as customer service, development and maintenance of digital solutions and managing, analyzing and profiling/personalization of customer data as set forth above. Unless otherwise permitted by applicable law, group companies/brands of Citizen other than the one you have separately subscribed to as a consumer will not send you transactional e-mails or text messages.

Service providers and other authorized third parties. We may transfer your personal data to authorized third parties who process personal data on behalf of Brand Owner for the purposes described in this Policy, such as e.g., technical, logistics, e-commerce, marketing and other service providers. Such parties are not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Policy as well as to use appropriate security measures to protect your personal data.
We may also transfer your personal data, including heart rate data, biometrical data or other health related data, to a service partner, if you use such services where a third party company needs to process such data for the provision of the respective service or where you separately agree that a third party company may process your data in connection with the services or products of Brand Owner. The App allows you to share personal data by the App on social networks like Facebook or transfer personal data to other apps like Apple Health or Google Fit or to share personal data directly with other users through certain functionality, such as Fitness Challenge. You can deactivate such an App’s data sharing using the settings of your App.

International transfers. Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA), where the level of data protection may not be deemed adequate by the European Commission. In such cases we take steps to ensure that adequate protection for your personal data is provided as required by applicable laws. For international transfers of your personal data, we generally rely on agreements that are based on the Standard Contractual Clauses (“SCCs”) of the European Commission. You may find the SCCs here. If you wish to know more about international transfers of your personal data, you may contact us via the contact details given below.

Other disclosures. We may disclose and otherwise process your personal data in accordance with applicable laws to defend the Brand Owner /Citizen’ legitimate interests, for example, in civil or criminal legal proceedings.

Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize some or all of our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers, for the purposes of such transactions.

DATA CONCERNING MINORS

Brand Owner has no intention of collecting any information from or engaging in any transactions with persons under the legal age in their respective country. Our databases may nevertheless contain personal data of children due to the fact that it is not always possible to determine precisely the age of the user. We reserve the right to block the service from any person who is or whom we reasonably suspect of being a minor.

Brand Owner’s policy is to request that minors do not make purchases or engage in other legal acts on our products and services without the consent of a parent or legal guardian, unless otherwise permitted by applicable law. If you are a minor but have your legal guardian’s consent, you must be able to prove that such consent exists upon request.

DATA QUALITY AND RETENTION

We take reasonable steps to keep the personal data we possess accurate and up-to-date and to delete out of date or otherwise incorrect or unnecessary personal data.

Certain Brand Owner products and services may allow you to manage your profile and the information in such profile. We encourage you to access your personal data via your profile from time to time to ensure that it is correct and up-to-date. Please remember that for such electronic services where you may manage your profile, it is your responsibility to provide us with correct details as well as to update the personal data you have provided us with in case of any changes.

We store your personal data only for a period necessary for the purpose in question or as long as required by applicable laws.

DATA SECURITY

Brand Owner implements appropriate technical, physical, human, physical and organizational security measures to prevent and minimize risks associated with providing and processing personal data.

Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of Brand Owner’s personnel involved in the processing, and other necessary measures to provide appropriate protection for your personal data against unauthorized use or disclosure. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your personal data. If a particular part of a Brand Owner website supports on-line transactions, we will use an industry standard security measure, such as the one available through “Secure Sockets Layer” (“SSL”), to protect the confidentiality and security of online transactions.

YOUR RIGHTS

Under applicable law, you may have the right to request information and access to the personal data we have collected from and about you. You may also have the right to request that we replenish, rectify, anonymize or delete any incomplete, incorrect, unnecessary or outdated personal data we hold on you. However, we cannot delete such personal data that is necessary for compliance with binding legal obligations or if the personal data must be retained according to applicable laws. Under applicable law, you may have the right to request and receive the personal data we have collected on you in a commonly used and machine-readable form. In case you consider your personal data collected by us to be inaccurate, you do not wish your personal data to be deleted where the processing of your personal data has been deemed unlawful or the personal data is no longer necessary, or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration, you may request us to restrict the processing of your personal data under applicable law.

Under applicable law and if applicable, you may also at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.

In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points below in this Policy. In some cases, especially if you wish us to delete or cease the processing of your personal data, this may also mean that we may not be able to continue to provide the services to you. We encourage you to use available profile management tools for the above purposes as such tools often provide you with direct access to your personal data and allow you to effectively manage it.

Please note that Brand Owner/Citizen may need to identify you and to ask for additional information in order to be able to fulfil your above requests. Please also note that you can exercise your above rights to the extent granted under the applicable law which may contain restrictions and other provisions that relate to your above rights.

COMPLAINT TO THE SUPERVISORY AUTHORITY

In the event you consider Brand Owner’s processing activities of your personal data to be inconsistent with the applicable data protection laws or that Brand Owner has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.

THE CONTROLLER OF YOUR PERSONAL DATA AND CONTACT DETAILS

The data controllers responsible for the purposes of the applicable data protection laws are, as applicable:

The Brand Owner
Citizen Watch Co., Ltd. processes your inquires on behalf of the Brand Owner
Inquiry：hsw_privacy@citizen.co.jp

FOR INDONESIAN RESIDENT

1. This Policy is subject to the prevailing laws and regulations in Indonesia, including: (i) Law No. 11 of 2008 regarding Electronic Information and Transactions (“Law No. 11”) as amended by Law No. 19 of 2016 regarding the Amendment of Law No. 11 (“EIT Law”); (ii) Government Regulation No. 71 of 2019 regarding Provisions of Electronic Systems and Transactions (“Reg. 71”); and (iii) Minister of Communications & Informatics Regulation No. 20 of 2016 regarding the Protection of Personal Data in an Electronic System (“MOCI Regulation”), as may be amended from time to time.
2. Personal Data means any data of an individual both identifiable and/or can be identified individually or combined with other information both directly and indirectly through Electronic System and/or non-electronic.
3. Consent is defined as a written statement either manually or electronically given by the owner of the Personal Data after obtaining full explanation regarding the action of obtaining, collection, processing and analysis, storage; displaying, announcing, disseminating including the confidentiality and non-confidentiality of Personal Data. This Policy is considered as your Consent form, therefore, by agreeing to this Policy you are giving your Consent to process your personal data as regulated herein.
4. We will retain your personal data for a minimum period of 5 years if there is no such regulations specifically regulating such matter.
5. You have the right to be notified if there is any breach of failure in protecting the secrecy of your personal data within 14 days from the date of knowledge of the failure, where such notice can be made electronically.
6. To avoid the failure and to maintain the protection of your personal data, we have established internal rules for the protection of your personal data which shall at least be in the form of the following activities: i) to increase the awareness of human resources at our premises to provide the protection of personal data; and ii) to undertake adequate training for prevention of failure to protect personal data at our premises.
7. We will destroy your personal data if: i) has passed the provisions of the period of storage of personal data in the electronic system under the local laws or in accordance with the provisions of other regulations; and ii) upon the request of the owner of personal data, unless otherwise provided by the provisions of the laws and regulation.
8. In compliance with Law No. 24 of 2009 regarding National Flag, Language, Emblem, and National Anthem of Indonesia ("Law 24"), as implemented by Presidential Regulation No. 63 of the year 2019 ("Regulation No. 63/2019"), this Policy is made in Indonesian language version and English language version.
   
   In the event of any inconsistency or difference in interpretation between the Indonesian language version and the English language version, the English language version shall prevail, and the Indonesian language version will be amended to conform with and to make the relevant part of the Indonesian language version consistent with the relevant part of the English language version. For the avoidance of doubt, the existence of two versions of this Policy are not to be construed by any party hereto as creating different rights and obligations, or duplication or multiplication of the rights and obligations, of the parties under any version of this Policy.
   
   Notwithstanding the provisions of Law 24 and Regulation No. 63/2019, each party to this Policy in good faith agrees that it will not (and it will not allow or assist any party to) in any manner or forum in any jurisdiction:
   
   
   1. challenge the validity of, or raise or file any objection to this Policy or the rights and obligations contemplated in this Policy;
   2. defend its non-performance or breach of its obligations under this Policy; or
   3. allege that this Policy is against public policy or otherwise does not constitute its legal, valid and binding obligation, enforceable against it in accordance with its terms ,
      in each case on the basis of any failure to comply with Law 24 and/or Regulation No. 63/2019.

CHANGES TO THIS PRIVACY POLICY

Brand Owner may from time to time update and change this Privacy Policy. If the changes include new purposes of processing, Brand Owner will give you prior notice of such changes and, where necessary, request your consent.

Copyright Citizen Watch Co., Ltd. All Rights Reserved.