Privacy Policy

Last Updated: January 2026
Effective Date: January 2026

1. INTRODUCTION

Label Patina ("we," "us," "our," or "Association") operates the labelpatina.com website (the "Website"). We are a Swiss association registered in the Canton of Vaud and are committed to protecting your privacy and ensuring transparent data practices in compliance with the Federal Data Protection Act (FADP), the General Data Protection Regulation (GDPR), and other applicable Swiss laws.

This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our Website, interact with our services, submit information through forms, apply for merchant certification, or contact us regarding watch inquiries.

2. INFORMATION WE COLLECT

A. Information You Provide Directly

Merchant Application & Certification Data:

  • Full name, business name, and contact information

  • Business registration details and legal standing

  • Years in operation and business specialization

  • Website URLs and social media profiles

  • Merchant referrals and industry connections

  • Hero image (1200x600px minimum) and optional founder/shop photo (300x300px)

  • Detailed information about store design, atmosphere, and viewing methods

  • Pricing range and inventory details

  • Any information included in your merchant application

Collector/Inquirer Data:

  • Name, email address, and phone number (optional)

  • Watch preferences, specifications, and collecting interests (brand, model, budget range)

  • Purchase timeline and urgency

  • Any messages or inquiries submitted via contact forms

  • Referral details if you learned about Label Patina through a merchant

Contact Form Data:

  • Name, email, subject line, and message content

  • Phone number (if provided)

  • Business information (if applicable)

  • Purpose of inquiry

Newsletter Subscription:

  • Email address for newsletter signups

  • Subscription preferences and interests

Merchant Communication & Collaboration:

  • Feedback on merchant experiences and interactions

  • Merchant referral and recommendation details

  • Expert quote submissions (for Label Patina content)

B. Information Collected Automatically

Website Analytics:

  • IP address and device identifier

  • Browser type, operating system, and device information

  • Pages visited, time spent on site, and referral source

  • Clicks, scroll behavior, and user interactions

  • Geographic location (city/country level, not precise)

  • Cookies and tracking technologies (Squarespace native analytics)

Communications & Form Tracking:

  • Email open rates and click-through rates (if applicable)

  • Form submission timestamps and completion status

  • Unsubscribe events and preference changes

Payment Information:

  • Transaction records (if applicable for future services)

  • Billing address and payment method type (not full card details, handled by secure processors)

3. HOW WE USE YOUR INFORMATION

A. For Merchant Certification & Directory Management

  • Evaluate merchant applications for certification eligibility

  • Conduct reputation assessment, network verification, and expert evaluation (including mystery shopping evaluations where applicable, as described in Section 4.A below)

  • Verify merchant referrals and industry standing

  • Create and maintain certified merchant directory profiles

  • Generate merchant storefront pages with business information, photos, and expertise badges

  • Provide certification updates, renewal notices, and network communications

  • Contact merchants regarding certification status, decisions, and updates

  • Feature merchants in promotional materials and merchant spotlights (with consent)

B. For Collector & Inquirer Service

  • Respond to watch inquiries and connect you with appropriate certified merchants

  • Process requests for merchant introductions via Label Patina contact form

  • Provide merchant recommendations based on your preferences and needs

  • Send follow-up information and support regarding your inquiry

  • Track inquiry outcomes to improve service matching

C. For Customer Service & Support

  • Respond to inquiries, support requests, and general questions

  • Process applications and provide feedback on decisions

  • Send administrative updates, policy changes, and account information

  • Verify contact information and resolve issues or disputes

  • Provide troubleshooting and technical support

D. For Marketing & Outreach

  • Send newsletter updates about Label Patina news and certified merchant spotlights

  • Communicate service offerings, certifications, and program updates (only to opted-in subscribers)

  • Feature certified merchants in promotional materials with their consent

  • Contact prospective merchants about certification opportunities

  • Promote Label Patina services through email and web channels

E. For Website Improvement & Analytics

  • Analyze user behavior to improve website functionality and user experience

  • Debug technical issues and maintain website performance

  • Understand traffic patterns, user preferences, and navigation flows

  • Conduct A/B testing and design optimization

  • Measure effectiveness of content and merchant pages

F. For Legal Compliance & Safety

  • Comply with legal obligations and regulatory requirements

  • Respond to lawful government requests and legal processes

  • Prevent fraud, security breaches, and illegal activity

  • Enforce our Terms & Conditions and other agreements

  • Protect the rights, property, and safety of Label Patina, users, and the public

4. LEGAL BASIS FOR PROCESSING

We process your data based on the following legal grounds under FADP and GDPR:

Contract Performance: Processing necessary to evaluate certification applications, provide directory services, and fulfill merchant storefront creation and maintenance obligations.

Legitimate Interest: We rely on legitimate interest as the legal basis for:

  • Improving our Website and services;

  • Conducting reputation verification and expert evaluation (including mystery shopping);

  • Marketing to interested parties;

  • Preventing fraud;

  • Analyzing user behavior for service improvement.

A. Mystery Shopping Evaluation — Legal Basis and Processing

As part of our merchant certification process, Label Patina may conduct expert evaluations (also referred to as "mystery shopping") where certified experts or evaluators ("Label Patina Experts") assess merchant interactions, service quality, authentication practices, and customer engagement. This evaluation is conducted under our legitimate interest in maintaining the reputation and integrity of our certified merchant network, ensuring our certification standards are upheld, and providing collectors with reliable guidance on merchant quality.

Legal Basis: The legitimate interest basis justifies this processing because:

  • Reputation verification is necessary to protect the Label Patina network and ensure merchants meet stated certification standards

  • Expert evaluation protects consumers (collectors) from misrepresentation or poor service

  • Maintaining network integrity is essential to our business model as an independent certification body

Merchant Notification: Merchants applying for certification are informed during the application process that expert evaluation may be conducted as part of certification assessment. This notification constitutes awareness of the processing activity.

Data Minimization: Only information relevant to assessing merchant service quality and authentication practices is collected and retained. Expert evaluators document their observations and conclusions, which become part of the merchant's certification file.

Consent: For newsletter subscriptions, optional marketing communications, and merchant referral programs.

Legal Obligation: Compliance with Swiss and GDPR requirements for data protection, fraud prevention, and regulatory reporting.

Vital Interest: Protecting the safety and security of our platform and users.

5. WHO WE SHARE YOUR INFORMATION WITH

We DO Share Data With

Label Patina Friends:
We distinguish between two groups in our network:

  • Label Patina Friends: Individuals and organizations who support or champion the Label Patina concept. Limited data sharing occurs; Friends receive merchant updates and public directory information only.

  • Label Patina Experts: Certified professionals (e.g., watch authentication experts, dealers, specialists) who conduct reputation assessment, network verification, and expert evaluations as part of the merchant certification process. These experts receive:

    • Merchant name, business details, and contact information for certification evaluation purposes

    • Limited personal data necessary for expert evaluation and verification purposes

    • Merchant location and specialization (relevant to expert assignment)

    • Evaluation outcomes and feedback regarding merchant interactions (used to assess certification eligibility)

Third-Party Service Providers (Data Processors):

We have executed Data Processing Agreements with the following service providers to ensure FADP and GDPR compliance:

  • Website hosting and form management (Squarespace) – FADP-compliant Data Processing Agreement executed; processes website data, form submissions, and website analytics

  • Email service provider (Infomaniak) – FADP-compliant Data Processing Agreement executed; manages newsletters, transactional emails, and marketing communications

  • Payment processor (if applicable) – Processes transactions only; does not store full card details; payment processing agreements in place

All third-party service providers are contractually obligated to process data only as directed by Label Patina and to implement appropriate technical and organizational security measures.

Certified Merchant Directory (Public):

Merchants certified by Label Patina are included in our publicly searchable directorywith the following information displayed:

  • Business name and location

  • Professional specialization (e.g., authentication expertise, watch dealing, restoration)

  • Price range and years in business

  • Website link (if publicly provided by the merchant)

  • Link to social media profiles (if publicly provided by the merchant)

How merchant information is sourced: We display merchant information that merchants themselves provide during certification, supplemented by publicly available information from their websites, online presence, and public business records. We do not conduct independent research or collection of personal data beyond what merchants provide or what is already publicly available.

Merchant consent and objection: Merchants accept certification with the understanding that their business name, specialization, price range, and years in operation will be listed on our public directory. This is disclosed during the certification application process. Merchants do not grant separate written consent for public directory listing, as this is integral to the certification service. However, if a merchant objects to their directory listing or requests removal, we will remove their profile from the directory.

Collectors & Inquirers:

Information shared with collectors and inquirers regarding merchants includes:

  • Merchant business name, location, and specialization

  • Public merchant profile information (as displayed on the certified merchant directory)

  • Merchant website and social media contact information (if publicly listed)

  • Information the merchant consents to share via response to your inquiry

We DO NOT Share Data With

  • Competing certification bodies or organizations

  • Marketing or advertising companies (other than our own email service provider)

  • Data brokers or third-party resellers

  • Any party without your explicit consent, except as required by law

  • Government agencies, unless required by valid legal process

  • Non-affiliated merchants or businesses

International Data Transfers

If your data is transferred outside Switzerland or the EU (for example, to Squarespace servers or Infomaniak servers), we ensure appropriate safeguards:

Swiss-US Data Privacy Framework (DPF):
For transfers to the United States, we rely on the Swiss-US Data Privacy Framework adequacy decision of August 14, 2024. Squarespace is certified under the DPF, which means US-based services provided by DPF-certified companies meet Swiss data protection standards without requiring additional contractual safeguards.

Standard Contractual Clauses (SCCs):
We maintain Standard Contractual Clauses between Label Patina and data processors as an additional contractual safeguard and for compliance with GDPR Article 28 requirements.

Data Processing Agreements:
All international transfers occur under formal Data Processing Agreements meeting FADP and GDPR requirements.

6. DATA RETENTION

Data TypeRetention PeriodReasonMerchant applications (rejected)2 yearsLegal record-keeping, reapplication eligibilityCertified merchant dataDuration of certification + 3 yearsNetwork records, verification history, dispute resolutionMerchant photos and storefront contentDuration of certification + 1 yearArchival and referenceCollector inquiries and leads1 yearFollow-up, service improvement, dispute resolutionNewsletter subscribersUntil unsubscribeActive subscriber managementUnsubscribed email addresses2 yearsCompliance with anti-spam regulationsWebsite analytics26 monthsSquarespace default analytics retentionSupport/contact form data2 yearsRecord-keeping and dispute resolutionPayment and transaction records7 yearsLegal and tax complianceEmail communications2 yearsRecord-keeping and reference

We delete data as soon as it is no longer necessary for the stated purposes, unless legal or contractual obligations require longer retention. You may request deletion at any time, subject to legal retention requirements.

Merchants may request deletion of their profile and data upon certification termination, except where retention is required for dispute resolution, legal compliance, or our legitimate business interests.

7. YOUR DATA RIGHTS

Under FADP and GDPR, you have the following rights:

Right of Access:

  • Request confirmation whether we hold your personal data

  • Receive a copy of your personal data in a clear, understandable format

  • Understand how your data is being used and with whom it is shared

Right to Rectification:

  • Correct inaccurate, incomplete, or outdated personal data

  • Update your information at any time through your account or by contacting us

Right to Erasure (Right to be Forgotten):

  • Request deletion of your personal data under certain circumstances

  • Exceptions apply if data is needed for legal compliance, dispute resolution, or legitimate business interests

Right to Data Portability:

  • Receive your personal data in a structured, machine-readable format (e.g., CSV, JSON)

  • Request we transfer your data to another service provider

Right to Object:

  • Opt-out of marketing communications (unsubscribe links provided in all emails)

  • Object to certain processing activities, including profiling and analytics

Right to Restrict Processing:

  • Request we limit how we use your data while we verify accuracy or resolve disputes

Right to Lodge a Complaint:

  • File a complaint with the Federal Data Protection and Information Commissioner (FDPIC) or your cantonal data protection authority if you believe your rights have been violated

Exercising Your Rights

To exercise any of these rights, contact us at:

Label Patina Privacy Team
Email: contact@labelpatina.com
Mailing Address: Available upon request, Label Patina Association, Canton of Vaud, Switzerland

Include your full name, email address, and specific request (e.g., "I request access to my personal data" or "I request deletion of my profile"). Specify what information or action you are requesting.

Response Timeframe: We will respond within 30 days (as required by GDPR and consistent with FADP requirements), or we will explain if extended time is needed.

No Fees: No fees will be charged for reasonable requests. We may request verification of your identity before fulfilling your request.

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and tracking technologies to enhance your experience and gather analytics.

Types of Cookies We Use:

Essential Cookies:

  • Necessary for website functionality

  • Maintain login status and user sessions

  • Store form data and preferences

  • Prevent fraud and security issues

  • Cannot be disabled without affecting site functionality

Analytics Cookies:

  • Squarespace native analytics (anonymized, not linked to identified individuals)

  • Track user behavior, page visits, and engagement patterns

  • Measure website performance and identify improvements

  • Respect privacy and do not collect personally identifiable information by default

Preference Cookies:

  • Remember your language and display preferences

  • Store your choices for newsletter subscription and interests

Marketing Cookies:

  • Currently not implemented

  • May be added only with explicit user consent in the future

How to Control Cookies

Browser Settings:
Most browsers allow you to refuse cookies or alert you when cookies are set. You can disable cookies in your browser settings (may affect website functionality). Consult your browser's help menu for instructions.

Opt-Out from Analytics:
You may limit data collection from Squarespace analytics through your browser privacy settings or by contacting us.

9. SECURITY MEASURES

We implement technical and organizational security measures to protect your personal data:

Technical Safeguards:

  • SSL/TLS encryption for data in transit (HTTPS)

  • Secure form handling through Squarespace

  • Encrypted storage of sensitive data

  • Regular security audits and vulnerability assessments

  • Firewalls and intrusion detection systems

Organizational Safeguards:

  • Limited access to personal data (authorized employees/team members only)

  • Employee confidentiality agreements and data protection training

  • Secure disposal procedures for physical documents

  • Regular incident response procedures and drills

  • Data Processing Agreements with all third-party service providers

Incident Response:
We monitor for potential security breaches. In case of a data breach, we will notify affected individuals and the Federal Data Protection and Information Commissioner (FDPIC) as soon as possible, consistent with FADP requirements. Notification will include the nature of the breach and steps we are taking to address it.

Limitation:
No internet transmission is 100% secure. While we implement comprehensive security measures, we cannot guarantee absolute security against all threats. You use the Website and provide information at your own risk. We are not liable for unauthorized access to your data if you have not taken reasonable security precautions on your own devices.

10. CHILDREN'S PRIVACY

Our Website is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete that information immediately.

Merchants applying for certification must be at least 18 years old and legally authorized to represent their business.

Parents or guardians who believe we have collected data from a child may contact us immediately at contact@labelpatina.com.

11. THIRD-PARTY LINKS AND SERVICES

Our Website contains links to external websites operated by merchants, partners, and other third parties. We are not responsible for the privacy practices, security measures, or content of external sites.

We encourage you to review the privacy policies of any third-party website before providing your personal information or interacting with their services.

Label Patina is not liable for the privacy practices of merchants listed in our directory or any external services linked from our Website.

12. DATA PROTECTION AND PRIVACY CONTACT

For privacy-related questions, concerns, or to exercise your rights:

Label Patina Privacy Team
Email: contact@labelpatina.com
Mailing Address: Available upon request, Label Patina Association, Canton of Vaud, Switzerland

Response Timeframe: We will respond to all privacy inquiries within 30 days (as required by GDPR and consistent with FADP requirements).

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes:

  • We will post the updated policy on this page

  • We will update the "Last Updated" date at the top of this document

  • For significant changes affecting your rights, we may send you an email notification

Your continued use of the Website after changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

14. DATA PROTECTION AUTHORITIES AND COMPLAINT PROCEDURES

If you have concerns about how Label Patina handles your personal data or believe your privacy rights have been violated, you may lodge a complaint with the appropriate Swiss data protection authority:

Federal Data Protection and Information Commissioner (FDPIC)
Rue de Berne 48, 3011 Bern, Switzerland
Phone: +41 58 462 85 85
Website: www.edoeb.admin.ch
Email: contact@edoeb.admin.ch

Cantonal Data Protection Authority (Canton of Vaud):
Service of the Cantonal Data Protection Officer
Canton of Vaud, Switzerland
Website: www.vd.ch (search for "protection des données" / "data protection")

Before filing a complaint, we encourage you to contact us directly at contact@labelpatina.com so we can attempt to resolve your concerns.

15. INTERNATIONAL USERS

If you are located outside Switzerland, your use of our Website may involve transfer of your data across borders. By using our Website and providing information, you consent to the transfer of your data internationally in accordance with this Privacy Policy and applicable laws.

For users in the EU: We comply with GDPR in all our data processing activities. Your data may be transferred to Switzerland, which has been recognized by the European Commission as having an adequate level of data protection.

For users in other jurisdictions: We comply with applicable data protection laws in your country to the extent required.