Table of Contents
1. Overview & Controller Information
WatchesLuxury.org ("we," "our," or "us") operates as a luxury pre-owned watch affiliate and content platform connecting watch enthusiasts with vetted dealer partners. We are committed to protecting your privacy and operating in compliance with applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regional laws.
Data Controller: WatchesLuxury.org
Website: https://watchesluxury.org
Contact: privacy@watchesluxury.org
2. Data We Collect
2a. Information You Provide Directly
- Partner Application Forms – Business name, contact name, email address, phone number, website URL, commission preferences, social media handles
- Influencer Application Forms – Name, email, channel/handle URLs, audience demographics, collaboration preferences
- Newsletter Signups – Email address, first name
- Communications – Messages sent via contact forms or email
2b. Information Collected Automatically
- IP address and approximate geolocation (country/region)
- Browser type, version, and operating system
- Pages visited, time on page, scroll depth
- Referral source (UTM parameters, referring URL)
- Affiliate click-through and conversion events
- Device type (desktop/mobile/tablet)
2c. Affiliate Tracking Data
When you click an affiliate link to a dealer partner, we record the click event (timestamp, affiliate code, destination URL). We use a 90-day attribution window with first-click attribution. We do not receive your purchase details from dealer partners unless explicitly disclosed in a specific partner's terms.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Affiliate commission tracking | Legitimate interest / Contract | Click data, UTM codes, cookies |
| Partner & influencer onboarding | Contract performance | Application form data |
| Analytics & site improvement | Legitimate interest (with consent) | Behavioral data, GA4 events |
| Marketing & retargeting | Consent | Meta Pixel events, email |
| Legal compliance | Legal obligation | As required by law |
| Fraud prevention | Legitimate interest | IP, click patterns |
5. Third-Party Services & Affiliate Partners
WatchesLuxury.org operates as an affiliate referral platform. When you click a dealer link and make a purchase, the dealer processes your transaction under their own privacy policy. We do not have access to your payment information or full purchase details.
Dealer Partners & Their Privacy Policies
- Bob's Watches Privacy Policy
- Gray & Sons Privacy Policy
- Chrono24 Privacy Policy
- Swiss Watch Expo Privacy Policy
Technology & Infrastructure
- Netlify – Hosting & CDN (Privacy: netlify.com/privacy)
- Google Analytics 4 – Analytics (Privacy: policies.google.com/privacy)
- Meta Pixel (Facebook/Instagram) – Advertising (Privacy: facebook.com/privacy/policy)
- Google Tag Manager – Tag management
- Zapier – Workflow automation (Privacy: zapier.com/privacy)
6. Analytics & Advertising Pixels
Google Analytics 4
We use GA4 to understand how visitors interact with our site. GA4 uses IP anonymization by default. We have configured GA4 with data retention set to 14 months. We do not enable Google Signals for personalized advertising without explicit consent. You may opt out via the Google Analytics Opt-out Browser Add-on.
Meta Pixel
We use Meta Pixel to measure the effectiveness of advertising campaigns on Facebook and Instagram. Meta Pixel fires only after you have consented to marketing cookies. We use Advanced Matching only if you have provided your email through our forms and consented. You may manage your Facebook ad preferences at facebook.com/adpreferences.
7. Data Sharing & Disclosure
We do not sell your personal data to third parties. We may share data in the following limited circumstances:
- Service Providers – Vendors operating on our behalf (hosting, email delivery, analytics) under data processing agreements
- Affiliate Partners – Anonymized aggregated performance data only (click counts, conversion rates)
- Legal Requirements – If required by law, court order, or to protect our legal rights
- Business Transfer – In connection with a merger or acquisition, with appropriate notice
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Affiliate click & conversion logs | 24 months |
| Partner/influencer application data | 36 months (or duration of partnership) |
| GA4 analytics data | 14 months |
| Email communication records | 36 months |
| Cookie consent preferences | 12 months |
| Server access logs | 90 days |
9. Your Rights (GDPR / CCPA)
GDPR Rights (EU/UK Residents)
- Right of Access – Request a copy of the data we hold about you
- Right to Rectification – Correct inaccurate or incomplete data
- Right to Erasure – Request deletion ("right to be forgotten")
- Right to Restrict Processing – Limit how we use your data
- Right to Data Portability – Receive your data in a structured, machine-readable format
- Right to Object – Object to processing based on legitimate interest
- Right to Withdraw Consent – Withdraw marketing consent at any time
CCPA Rights (California Residents)
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed
- Right to opt out of the sale of personal information (we do not sell data)
- Right to request deletion of personal information
- Right to non-discrimination for exercising privacy rights
10. Children's Privacy
WatchesLuxury.org is not directed at individuals under the age of 16 (or 13 in the US under COPPA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@watchesluxury.org.
11. Security
We implement industry-standard security measures to protect your data, including:
- TLS 1.3 encryption for all data in transit
- Strict Content Security Policy (CSP) headers
- HTTP Strict Transport Security (HSTS)
- Regular security audits and dependency updates
- Access controls and principle of least privilege
While we take reasonable precautions, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant authorities as required by law.
12. Policy Changes
We may update this Privacy Policy periodically. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will provide prominent notice on our website. We encourage you to review this policy regularly.
13. Contact Us
Privacy Inquiries
For all privacy-related requests, questions, or concerns:
Response time: Within
2 business days for general inquiries
Rights requests: Within 30 days (GDPR) / 45 days (CCPA)
If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).