Eisbach

PRIVACY POLICY Banner Image

Privacy Policy

Thank you for your interest in this Privacy Policy! At Eisbach, we take the protection of your Personal Data very seriously.

This Privacy Policy, applies to our website and shop at www.eisbachwatches.com, www.eisbach.netwww.eisbachwatches.netwww.eis-bach.com and in accordance with the Personal Data Protection Law No. 30 of 2018 (the “PDPL”) and the General Data Protection Regulation (“GDPR”) to inform you about the processing of your data when you use our Services. 

Further and under consideration that the PDPL has been modeled on the basis of the GDPR, no conflict should arise pursuing a uniform approach. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data. 

As such, this policy sets out how personal data is managed and dealt with in order to ensure that the obligation to fulfil individuals’ reasonable expectations of privacy is applied and followed and that the responsibilities established under the PDPL and GDPR are complied with. 

General information and mandatory disclosures

What is personal data?

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

Data Controller 

The person responsible within the meaning of the PDPL and GDPR is:

Eisbach is a Brand of:

KPSE Co. WLL

Road 3801, Building 15/9074 Block 338 Manama Bahrain

CR No.: 120038-1

VAT No: 200011946700002

Social Links:

: info@eisbachwatches.com

: www.eisbachwatches.com, www.eisbach.net, www.eis-bach.com

: https://www.youtube.com/@eisbachwatches

: https://www.linkedin.com/company/eisbachwatches/about/

: https://www.facebook.com/eisbachwatches/

: https://www.instagram.com/eisbachwatches/

: https://www.pinterest.com/eisbachwatches/

: https://www.tiktok.com/@eisbachwatches

: https://twitter.com/eisbachwatches

Scope of the processing of personal data

As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you place an order with us. 

Relevant legal basis

In accordance with the PDPL and GDPR, the following legal basis, unless specifically described below apply to the processing of your personal data:

Your rights

Whilst the PDPL and the GDPR do not afford identical rights, the lack of rights available through the PDPL is supplemented through the GDPR rights. As such, you have the following rights with regard to personal data concerning you, which you can assert against us:

You can assert your rights by notifying us using the contact details provided.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data carried out by us (Art. 77 GDPR). The Personal Data Protection Authority (PDPA) is the relevant authority in the Kingdom of Bahrain. The PDPA is located at Rd No 1703, Manama

Kingdom of Bahrain and their website can be found at www.pdp.gov.bh.We would, however, appreciate the chance to deal with your concerns before you approach the PDPA or any other supervisory authority.

Data collection on our website

Log files

In principle, you can use our website for purely informational purposes without disclosing your identity. However, our website collects a series of general data and information with each visit and this data is temporarily stored in log file. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:

The temporary processing of the IP address by the system is necessary to technically enable delivery of the website to your computer. Processing your IP address for the duration of the session is necessary for this. The legal basis for this processing is our legitimate interest (Art. (4) 5 PDPL and Art. 6(1)(f) GDPR).

The access data is not used to identify individual users and is not merged with other data sources. The access data are deleted when they are no longer required to achieve the purpose of their processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The data is generally deleted after seven days at the latest; processing beyond this is possible in individual cases. In this case, the IP address is deleted or alienated in such a way that it is no longer possible to assign your device to it.

Use of cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent (Art. (4) PDPL and Art. 6(1)(a) and Art. 7 GDPR) as well as our legitimate interest (Art. (4) PDPL and Art. 6(1)(a) and Art. 7 GDPR).

Hosting

The hosting services used for the purpose of providing our website is Linode LLC. In doing so Linode LLC, processes all data and communication data of our customers, interested parties and visitors of our website and services that is provided through the website. We use Linode LLC, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services and the conclusion of the contract for our services. The legal basis for the data processing is our legitimate interest in providing our website and shop (Art. (4) 5 PDPL and Art. 6(1)(f) GDPR).

Sending information

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you. If you purchase watches on our website or forget something in your shopping cart or sign up for our newsletter, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest because advertising related products by way of direct advertising represents a legitimate interest for us as a business and the provider of this website (Art. (4) 5 PDPL and Art. 6(1)(f) GDPR). You may object to the processing of your personal data for the purpose of direct advertising at any time without giving reasons by unsubscribing via the unsubscribe link at the end of each e-mail or by contacting us. 

Contacting us, newsletter, registration or placing orders

a) Contacting us 

When you contact us using via email, contact form or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. (4) PDPL and Art. 6(1)(a) and Art. 7 GDPR and Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and your inquiry has been conclusively clarified.

b) Registration

On our website, we offer you the opportunity to register by providing personal data. The data is entered in the registration form is transmitted to us and stored and includes your full name, your e-mail address and your password. We will also send you a verification e-mail to ensure that the account creation is made for the intended person. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures (Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR). You can delete your account at any time either by using the delete function in your account or by contacting us. 

c) Storage of data in your account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. (4) 3 PDPL and Art. 6(1)(c) GDPR) and (Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR)

d) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you (Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR).

e) Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example the web shop or to send you your order, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. (4) 3 PDPL and Art. 6(1)(c) GDPR) and (Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR).

f) Payment Processing

Your Payment data (Name, e-mail, credit card or direct debit card number) is processed and encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) by us directly and not sent to third party payment gateways. Your payment transaction data is stored on our servers for the purposes of reconciliation.

We adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and American Express. PCI-DSS requirements help ensure the secure handling of credit card information by our website. The legal basis for the processing of your personal data is Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR.

g) newsletter

If you register for our newsletter, we will regularly send you information about our offers. The only data required or sending the newsletter is your e-mail address. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. By activating the confirmation link, you give us your consent. 

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately. The newsletter is sent using the dispatch service provider Mailchimp.

h) Other

Based on our legal obligation (Art. (4) 3 PDPL and Art. 6(1)(c) GDPR) and our legitimate interest (Article (4) 5 PDPL and Art. 6(1)(f) GDPR), we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems (Article (4) 5 PDPL and Art. 6(1)(f) GDPR). This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense (Art. (4) 3 PDPL and Art. 6(1)(c) GDPR).

Disclosure or transfer of personal data

We do not transfer or disclose your information to third parties unless there is a legal basis for such disclosure. Example of such a basis is typically consent from you or a legal basis that requires us to disclose the data.

For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for the delivery of products, or order fulfilment, to whom we pass on the data required for the fulfilment of the task (e.g., name, address). 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

In contrast, order processing, in these cases we transmit data to third parties for their own use in order to process the contract:

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.

Advertising and Marketing

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to (Art. (4) PDPL and Art. 6(1)(a) and Art. 7 GDPR).

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us (Art. (4) PDPL and Art. 6(1)(a) and Art. 7 GDPR and Art. (4) 1 and 2 PDPL and Art. 6(1)(b) GDPR).

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out). 

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. By activating the confirmation link, you give us your consent. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately. 

Processing for statistical and analytical purposes

We use Google Analytics a service provided by Google Inc for statistical and analytical purposes. This enables us to provide you with a user-friendly, optimized use of the website. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is our legitimate interest (Article (4) 5 PDPL and Art. 6(1)(f) GDPR). Google Analytics uses cookies to control and provide the service, please see our Cookie Policy for more information.

Miscellaneous and closing

Social Media

Based on our legitimate interest (Article (4) 5 PDPL and Art. 6(1)(f) GDPR), we are present in various "social media" platforms (currently, Facebook, YouTube, Twitter, LinkedIn, TikTok, Instagram, and Pinterest) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). 

reCAPTCHA

We also use Google Inc.`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website (Article (4) 5 PDPL and Art. 6(1)(f) GDPR).

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.

Links to other providers

Our website also contains - clearly recognizable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Personal data and children 

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. 

Data Breaches/Notification

Databases or data sets that include Personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Changes 

We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the relevant case law. 

Questions or Comments

If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the following contact details:

Eisbach is a Brand of:

KPSE Co. WLL

Road 3801, Building 15/9074

Block 338

Manama

Bahrain

CR No.: 120038-1

VAT No: 200011946700002

Social Links:

: info@eisbachwatches.com

: www.eisbachwatches.com, www.eisbach.net, www.eis-bach.com

: https://www.youtube.com/@eisbachwatches

: https://www.linkedin.com/company/eisbachwatches/about/

: https://www.facebook.com/eisbachwatches/

: https://www.instagram.com/eisbachwatches/

: https://www.pinterest.com/eisbachwatches/

: https://www.tiktok.com/@eisbachwatches

: https://twitter.com/eisbachwatches