FOSSIL GLOBAL PRIVACY POLICY

Last Updated: September 25, 2020

At Fossil Group, Inc., its affiliates and subsidiaries (collectively “Fossil”, “Fossil Group”, “we”, “us” or “our”) we value your data protection rights. To find out which entity is responsible for the data processing in your case please refer to section 11 below. In this Global Privacy Policy we provide you with both a brief summary and an in-depth explanation (starting with section 1. below) of how we handle Personal Information. Since our privacy practices may vary among the countries in which we operate to reflect global practices and legal requirements, country-specific variations will be noted below.

This Global Privacy Policy describes:

• Personal Information we collect in our stores, our websites, through our call-centers or through our repair centers, and the purposes for which we use it.
• Personal Information we collect in order to handle your job application.
• Personal Information we transfer to third parties.
• Rights you have and how you can execute such rights.

“Personal Information” is information that can be used either directly or indirectly to identify you. Examples of Personal Information include your name, your email address and the items you purchased.

Please note that this Global Privacy Policy does not apply to Personal Information we collect through any of our Apps or wearable technology devices. Please refer to the Privacy Policies of our App(s) for privacy information related to our wearable apps and devices.

For information on how we use cookies and similar technologies please visit our Cookie Policy.

• Service Provision

We and our service providers process personal data related to you in order to provide you with the full range of services and features we offer. This includes data necessary to set up a customer account and data required to receive products and services.

• Marketing

We may use your data for marketing purposes to provide you with personalized offers about our products and services, unless you opt-out.

• Recipients

We and our service providers access your data in order to provide services to you as described in this Privacy Notice.

• Your rights

If you are a resident of the EU, the European Economic Area (EEA) or UK you have the right to access, correct, and delete your information, withdraw your consent, object to, or restrict the processing.

• Location of your data

Data we use will be primarily stored in the United States with us and our cloud service providers, subject to other appropriate safeguards.

1. What personal data do we use, for which purposes and on which legal basis?

In order to provide you with our services and the full range of features, we and our service providers use your data (including your name, email address and IP address) for the following purposes:

• When you create an online customer account, to manage your account, to provide access to your shopping cart, to display purchased, reserved and registered products, or to present other products presumably of interest to you, to verify your identity if you forgot your password and to process your product reviews.
• When you choose to provide us further information, such as date of birth, address, personal settings, a wish list and your gender, to enable us to personalize both your profile and our recommendations for you.
• When you order goods online, in this case we additionally need your address, telephone number and payment information, to process your purchase, send you confirmation or back-in-stock notification and scan transactions for fraudulent activity.
• When you order goods to be picked-up in one of our stores, we need contact details such as name and email address of a pick up person other than you.
• When you purchase a product in a Fossil retail store and request an e-receipt, to process your request.
• When you participate in loyalty programs, recommend our products to others, redeem a gift card, or when we offer you discounts and bonuses etc. we use this information in addition to purchase-related information to determine whether you are eligible for additional discounts and special offers.
• When you share a product or wish list via our homepage to a friend or when you provide us with the contact details of a friend we will use it only to process your request.
• When you share any pictures/materials with us for publication on social media for such publication.
• When you enter a sweepstake, contest/competition, or promotion sponsored by us to administer the sweepstakes, contest/competition or promotion.
• When you return or exchange a product or when you send us your product for warranty or repair service, to process the request and any communication in connection with it.
• When you contact us to answer your requests, provide customer support and handle your inquiry.

In principle (unless we have a legal or other legitimate reason to maintain it), we delete information related to you

• upon your request,
• after expiry of the relevant legal retention period,
• once we do not have any business purpose for retaining the data anymore.

In addition to those just described, we want to explain certain of our processing activities to you in more detail:

1.1 Recruiting process

We process your data in order to handle your job application if you apply for a job with us. For the application process we collect the information from the application and the information included in your CV/resume and cover letter, such as contact details, academic background, job history, skills and competencies, salary details as well as the IP address from the device you are applying from etc. Your data will not be kept for longer than it is necessary for the application process, employment or as required by applicable law.

1.2 Video surveillance

We process your data gained from video surveillance in some of our stores and campuses for security, loss and fraud prevention. We share this data in the cases described in section 3. The duration of the data storage depends on the governing national law unless storage is otherwise permitted (see section 4).

1.3 Credit check in Germany and Austria

For our customers in Germany and Austria we offer the possibility to order on account. For this purpose CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany ("credit agency") runs a credit check for us, based on your name, date and place of birth, (previous) address, information about previous payment problems, references about fraudulent behavior, information from public registers or bulletins. Using mathematical-statistical procedures, the credit agency determines how likely it is that our customer will pay our bill. On the sole basis of an automated decision (without manual checking), only a positive result will make available the option "order on account".

1.4 Interest based advertising

We may contact you for direct marketing purposes via email, mail, or other electronic communication methods (e.g. social media) unless you have opted-out from receiving direct marketing messages. For certain types of direct marketing methods (e.g. text messaging), we will obtain your explicit consent prior to sending you direct marketing messages. To select which marketing information may be of interest to you and to personalize ads and offers we

• use publicly available information (e.g. from your social media profiles),
• analyze your account information and how you use our services including our website, ads on third party websites and our newsletter,
• use information of your redemption of a gift card, participation in a sweepstake, contest, competition, or survey,
• use information collected by our service providers or partners (e.g. Google).
• use information collected when you request an e-receipt in our stores or fill out an onboarding form.

1.5 Newsletter

By subscribing to our email marketing, you will be the first to hear about our latest products, promotions and sales. As part of our newsletter program we will collect your email address and location data and evaluate your usage of the newsletter in order to be able to provide you with personalized information. If you no longer wish to receive our emails you can unsubscribe at any time using privacy@fossil.com or by clicking the unsubscribe link in the footer of any of the emails.

1.6 Cross-device targeting

In order to save your preferences, analyze your usage of our websites, provide interest-based advertising to you and deliver tailored ads across multiple devices, we try to link the different devices you are using to you. Technically, we are storing cookies on all the devices you are using and match those cookies within our internal database.

1.7 Log files, Cookies and similar technologies

Every time you visit our website, our system stores data related to your browser, its version, the operating system of your computer, your IP address, date, length and time of your visit, the website you accessed before and the one you visit following links on our website. We use this information for our legitimate security interest and we delete log files without undue delay.

For information about our use of Cookies and similar technologies please see our Cookie Policy.

1.8 Your reviews and shared content

When you post a product or seller review or upload an image or other material to our website, or when you share content with us on third party websites, such as social networks, we publish and use this information on our and third party websites. We do not control and do not assume responsibility for the use of information by such third party websites.

Please also note that you must own the intellectual property rights in the content you upload to our website and share with us and must not violate the rights of others (e.g. intellectual property or data protection rights). In uploading, you grant us, and our respective service providers, a royalty-free, unrestricted, non-exclusive, perpetual, irrevocable, sub-licensable, transferable and worldwide license to use, edit, copy, adapt, translate, publish, display, make available, communicate and distribute the content partially or in whole, and to incorporate it in other works for any purposes such as advertising, marketing and promotions and in any form, media or technology known today or later developed.

1.9 Legal Basis (EU)

Please find below the legal basis for every processing activity as required in the EU. As far as this processing is necessary for the performance of the contract with you it is based on Art. 6 (1) b of the EU General Data Protection Regulation (GDPR). This applies to the recruiting process and all general activities, described under 1., unless expressly set forth otherwise in the following:

On Art. 6 (1) f GDPR (legitimate interests) we base the processing of

• voluntarily provided information to offer a functionally appealing and user-friendly services website,
• data gained from video surveillance to improve our service and for security, loss and fraud prevention,
• data related to a credit check to offer different ways for payment,
• log files for security reasons,
• your data for promotional emails we sent you for products similar to your prior purchases to provide you with information presumably of interest for you.

For any other direct marketing purposes (e.g. further emails, newsletters, text messages) we will ask for your consent (Art. 6 (1) a GDPR). In addition, GDPR allows the processing required by law (e.g. to answer your inquiries via the means provided without undue delay).

2. Where do we get Personal Information from?

Most of the personal data we process we received from you or your actions, be it because you entered the data during the registration process, placed an order, applied for a job vacancy or because we track your usage of our website or newsletter etc. However, we also may receive information about you from other sources, such as, Fossil Group companies, and, if publicly available, from third party websites. In some cases we receive Personal Information about you from our service providers and partners, e.g. from Facebook, Google etc.

3. When do we share Personal Information?

We will share your Personal Information in the following cases:

3.1 Legal obligation and internal purposes

We disclose your Personal Information

• in order to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal processes, including requests to meet national security or law enforcement requirements,
• in order to protect and defend the rights or property of us or third parties,
• in an emergency, in order to protect the safety of our employees or any person.

3.2 Joint processing within Fossil Group

Your information will be combined with other Personal Information that Fossil Group companies have obtained about you (e.g. wearable data, goods you have purchased on a company website or from a store, repair transactions). We will also make your data available to Fossil Group companies if you apply for a job with us (for information about Fossil Group companies click here www.fossilgroup.com. We base this joint processing on an intra group agreement, allocating the responsibilities of the respective group entities. According to this agreement, each Fossil Group company will be responsible for the data processing related to its own business operations and will remain responsible for the personal data jointly processed with others. For you as our customer this means that the Fossil entity you are in touch with is responsible for processing your data and answering your requests. If you are not sure about the entity responsible in your case please contact privacy@fossil.com.

3.3 Links to Third-Party Websites and Services

On some pages we allow you to share Personal Information with third parties, such as social networks like Facebook. In these instances you are agreeing to the data being shared and the shared data being subject to the privacy policies of the third party. We do not control and do not assume any responsibility for the use of Personal Information by such third parties. For more information about the third party’s purpose and scope of their use of Personal Information in connection with sharing features, please visit the privacy policies of such third parties.

3.4 Third party advertising

We use third-party service providers to display advertisements across the internet. These advertising service providers may collect information about your visits to our website and your interaction with our products and services, as well as your visits to other websites. Such information does not include your name, address, email address but may contain browser-related information.

3.5 Public Disclosure

Any Personal Information that you include in the text of a product review may be made public in the product review section of our product pages. We may also share the information contained in your wish list with your friends and family as instructed by you or make it public on our Website in case you enable this function. Wish lists made public can be found by searching for your name or email address on our websites.

3.6 Sharing with third parties

We involve other companies for the provision of services, who are allowed to use Personal Information only on our behalf and must not use it for their own purposes, unless permitted by law.

The following is a list of categories of services and functions along with example recipients:

• to enable the functionality of our online application portals (e.g. IBM);
• to provide customer care services (e.g. Zendesk);
• providing hosting and general IT services (e.g. Amazon Web Services and Google);
• using data cleansing techniques in order to ensure your data, such as your address, is correct (e.g. Acxiom Corporation);
• for functional, social, analytical technologies and technologies enabling behavioral marketing (for more details please refer to our Cookie Policy);
• providing credit checks (see section 1.3);
• for social media services (e.g. Facebook or Google);
• providing payment services (e.g. PayPal, et Cie, S.C.A, First Data Merchant Services, Paymetric, CyberSource, Google, Apple);
• for transport and logistics services (e.g. DHL, FedEx);
• for direct marketing campaigns (e.g. Oracle, Google, Facebook);
• to administer sweepstakes, contests and competitions.

We may transfer your Personal Information to a third party in the event of a transfer of all or some of our assets to a third party.

4. For how long do we use Personal Information?

We will retain your Personal Information as long as necessary to provide you with functionality and services as described above under section 1, as long as reasonably necessary to further our legitimate interests or as long as we are required by law. Examples include the defense against, or the establishment of legal claims and legal obligations (e.g. tax law, or the principle of accountability, which requires us to demonstrate that our processing complies with applicable data protection laws). In order to verify whether you opted out or in to marketing activities, for example, we store your respective choice (e.g. via a cookie or a declaration).

5. What are your rights?

With regard to Personal Information that you have provided or that has been collected under this Privacy Policy, you may opt-out of uses for direct marketing purposes, such as correspondence from us about our products and promotions. Please consider that if you exercise your opt-out choices, it may take up to ninety (90) days for your opt-out choices to be fully effective. To exercise your opt-out rights, please contact us at privacy@fossil.com.

5.1 Your additional rights provided by EU law

By contacting us as set forth in section 11 below in the EU you may exercise your right to request (i) access to, (ii) correction of, (iii) deletion of, and (iv) restriction of Personal Information we hold about you. You also have the right to (v) data portability (to receive data you provided in a machine readable format) and, where applicable, (vi) withdrawal of your consent, (vii) opt-out from receiving marketing notifications, and (viii) object to the processing we base on our legitimate interests. Additionally, you have the right to (ix) lodge a complaint with the responsible data protection authority.

6. Data Storage in the U.S. and in other countries outside the EU

Personal Information we collect will be primarily stored in the United States with Fossil Group member companies and our service providers, some of which are located in countries outside the EU, see examples in the list in section 3.6. Your information may thus be subject to U.S. and foreign laws and accessible to U.S. and foreign governments, courts, law enforcement and regulatory agencies.

In all cases we ensure an adequate level of data protection. We use contracts with standard contractual clauses, approved by the European Commission. If necessary we supplement them with adequate security measures with the aim of restricting access by foreign authorities in such a way that these principles comply with EU law. Only exceptionally we don’t use standard contractual clauses in case we transfer your Personal Information to a country that was officially recognized by the EU as having adequate protection for processing of Personal Information or pursuant to another exception allowing the transfer as permitted by applicable law.

7. Age Requirements and Children’s Online Privacy Protection Act (“COPPA”)

We do not knowingly collect, maintain or use Personal Information about children under 16. Persons under the age of 16 may not use our Website without supervision from a responsible adult. We will never request Personal Information from a child under 16 without verifiable parental consent. If we become aware that a child under 16 has sent Personal Information without prior parental consent, we will remove his or her Personal Information from our records.

8. Access to and your rights regarding your Personal Information

This website gives you the ability to view and change the Personal Information you provided to us within the My Account section of the website. You may access information we hold about you, request a correction where data is incorrect or a deletion of your data, unless we have to keep your data for legal reasons. We encourage you to address any concerns you may have regarding our use of your Personal Information by using the contact details provided below.

9. What happens if we change this Privacy Notice?

This Privacy Notice is effective as of September 25, 2020 and may be updated from time to time. We will notify you of material changes by posting a prominent notice on our website or by sending you an email.

10. Links to and from other websites

Whenever we provide links to other websites on our website, this is in the interest of our users and should be understood as a courtesy. Pages to which we link and pages that link to our websites are not under our control. In such cases we are neither responsible for the content of these pages nor for compliance with the applicable data protection regulations of those providers. We recommend that you carefully read the privacy statements of these third parties to learn how your Personal Information is stored, used or shared.

11. Who are we and how can you contact us?

Please address any questions, concerns, inquiries, complaints, or requests regarding our practices concerning Personal Information to Fossil at:

Telephone number: +1 (800) 449-3056

Fossil Group

Attention: Chief Compliance & Risk Officer

901 S. Central Expressway

Richardson, TX 75080, USA

You can also get in touch with our data protection team and the responsible data protection officer we designated in every case required by law per email using privacy@fossil.com.

Our EU representative is FESCO GmbH, Natzing 2, 83125 Eggstätt, Germany. You can either contact our EU representative sending an email to eu-privacy@fossil.com or calling +49-89-7484 6815.

This website is provided by Fossil UK Ltd, Featherstone House, Featherstone Road, Wolverton Mill, Milton Keynes, MK12 5TH , United Kingdom, T.: +44 (0) 2038685986, email: ukenquiries@fossil.com.