Legal document
Privacy Policy
How House of Watches collects, uses, shares, protects, and retains personal data across marketplace, payment, seller, auction, authentication, support, and marketing workflows.
- Effective
- 2026-07-07
- Last updated
- 2026-07-08
- Version
- 2026.07.2
1. Controller and contact details
House of Watches SRL, CUI 47182022, registered under J2022006929129, with registered office at SOMEŞU CALD, 1, Sat Someşu Cald, Comuna Gilău, Cluj, Romania, is the controller for personal data processed through the House of Watches marketplace unless a third-party service acts as an independent controller for its own processing.
For privacy questions, rights requests, or objections, contact us at privacy@houseofwatches.com. For general marketplace support, contact support@houseofwatches.com. We may ask you to verify your identity before acting on a privacy request.
2. Scope of this Policy
This Policy explains how we process personal data when you visit the website, create or use an account, buy or sell watches, accessories, bags, jewelry, and related luxury goods, participate in offers or auctions, send marketplace messages, request authentication, receive support, subscribe to communications, or interact with payment, shipping, fraud-prevention, dispute, and compliance workflows.
It applies to visitors, buyers, private sellers, dealers, representatives of business sellers, authentication requesters, newsletter subscribers, and people who contact us. Third-party providers may also process personal data under their own privacy notices when they act as independent controllers.
We process personal data under contract necessity, legal obligation, legitimate interests, and consent, depending on the workflow. Where the GDPR applies, we identify and rely on the lawful basis that fits the relevant processing purpose.
3. Categories of personal data
Account registration data includes name, email address, authentication method, password or passkey status, account role, preferred language, consent choices, security events, and onboarding status. It may also include profile details, account settings, saved searches, favorites, and notification preferences.
Seller verification data may include identity details, address, date of birth where required, company details, tax identifiers, bank or payout status, verification results, business representative data, and supporting documents. Buyer and transaction data may include billing details, delivery details, phone number, order history, payment status, refund status, delivery status, dispute information, and communications.
Technical and usage data may include IP address, device identifiers, browser type, operating system, user agent, referrer, pages viewed, timestamps, approximate location, cookie identifiers, consent records, session data, audit logs, and interaction events. Listing and content data may include item descriptions, product photos, videos, serial or reference information where provided, condition notes, service history, price, availability, messages, reviews, ratings, and attachments.
4. Website visits and server logs
When you visit the website, we process server logs and technical data to load pages, maintain sessions, measure platform reliability, diagnose errors, prevent abuse, and protect the security of the marketplace. This processing is necessary for our legitimate interests in operating a secure and reliable service and, for essential functions, may also be necessary to provide the requested website service.
Server logs may include IP address, browser and device information, requested URLs, referrer, timestamps, error events, security events, and approximate location derived from technical signals. We do not use server logs to identify visitors unless needed for security, fraud prevention, legal compliance, or troubleshooting.
5. Account registration and authentication
We process account registration and authentication data to create accounts, verify email addresses, authenticate users, support password-based access and passkeys, maintain sessions, apply account roles, remember language preferences, record consent choices, and manage onboarding status. This processing is mainly necessary to perform our contract with you.
We also process login attempts, password reset events, email verification events, passkey events, device and session information, suspicious access signals, and account security notifications. These records support our legitimate interests in account protection, fraud prevention, and marketplace integrity.
6. Seller and dealer onboarding
We process seller and dealer onboarding data to verify who is selling, assess eligibility, configure marketplace permissions, support payouts, meet tax and platform reporting obligations, reduce fraud, and provide legally required seller information to buyers where applicable. Depending on the requirement, the lawful basis may be contract necessity, legal obligation, or legitimate interests.
For private sellers, dealers, and business representatives, onboarding may require identity details, address, date of birth where required, company details, tax identifiers, bank or payout status, verification results, business representative data, and supporting documents. We may use third-party providers, public registers, payment partners, and internal review to validate the information provided.
7. Stripe and Stripe Connect payment processing
Stripe and Stripe Connect process payment, payout, verification, fraud-prevention, refund, chargeback, and compliance data under their own terms and privacy notices. Depending on the flow, Stripe may process names, email addresses, billing addresses, shipping addresses, payment method details, bank account information, payout details, identity documents, risk signals, transaction history, refund information, and chargeback evidence.
House of Watches receives and stores the payment, payout, refund, chargeback, verification, and risk-status information needed to operate the marketplace, reconcile orders, handle disputes, prevent fraud, and comply with legal obligations. We do not need to store full card numbers when the payment flow is tokenized or hosted by a payment provider.
8. Listings, product media, and seller content
We process listing data, product media, seller descriptions, condition notes, service history, price, availability, location, shipping options, and related seller content to publish listings, help buyers evaluate items, operate search and discovery, support offers and auctions, and enforce marketplace rules. This processing is necessary to perform our contract with sellers and buyers and to pursue our legitimate interests in marketplace quality and safety.
Listings may contain personal data if sellers include names, contact details, documents, serial numbers, reference numbers, images, or other identifying information. Sellers should not upload unnecessary personal data or sensitive information in listing text, product media, or attachments.
9. Authentication service data
LegitApp and other authentication partners may process listing images, item identifiers, serial or reference information, authentication request data, authentication results, and communications needed to perform authentication. Authentication data may be processed to assess item authenticity, produce an authentication opinion, communicate results, handle disputes, and improve marketplace trust.
Where authentication is requested as part of a transaction or service, processing may be necessary for contract performance. We may also process authentication records under legitimate interests for fraud prevention, marketplace integrity, dispute handling, and safety.
10. Offers, orders, auctions, and marketplace transactions
Marketplace transaction data includes offers, counteroffers, auction bids, reserve-price status, order details, payment status, refund status, delivery status, dispute evidence, and communications. We process this data to run offers and auctions, create orders, process checkout, coordinate sellers and buyers, record transaction history, support protected marketplace workflows, and handle post-sale issues.
This processing is generally necessary to perform our contract with users. We also process transaction records to meet legal obligations for tax, accounting, platform reporting, consumer protection, sanctions compliance, regulator requests, and court requests where applicable. Fraud prevention, marketplace integrity, dispute evidence, and legal claims are processed under our legitimate interests unless a specific legal obligation requires the processing.
11. Messaging and platform communications
We process messaging and platform communications to deliver messages, prevent fraud, enforce marketplace rules, support disputes, and improve safety. Messages may include text, attachments, timestamps, sender and recipient identifiers, listing or order references, delivery status, moderation signals, and support escalations.
Marketplace messages may be reviewed automatically and manually where necessary to detect scams, prohibited off-platform transactions, illegal content, abuse, policy violations, or dispute evidence. Users should not send passwords, full payment card numbers, unnecessary identity documents, or sensitive personal data through marketplace messages.
12. Shipping and delivery data
We process shipping and delivery data to calculate and display delivery options, share fulfillment information between transaction parties, generate or support shipment records, track delivery status, handle delivery issues, and support returns or disputes. This data may include names, delivery addresses, phone numbers, email addresses, order identifiers, tracking numbers, carrier updates, delivery confirmations, and customs-related information where applicable.
The lawful basis is usually contract necessity for fulfillment and legitimate interests for delivery monitoring, support, fraud prevention, and dispute handling. Legal obligations may apply where shipping, customs, tax, accounting, or consumer-protection records are required.
13. Returns, disputes, claims, and fraud prevention
We process return requests, dispute messages, claim records, refund status, chargeback information, delivery evidence, item condition evidence, authentication records, payment provider communications, and fraud signals to resolve transaction problems and protect users. This processing supports contract performance, legal claims, fraud prevention, and marketplace safety.
We may delay orders or payouts, request additional information, preserve evidence, restrict accounts, or share relevant records with payment providers, authentication partners, shipping providers, insurers, professional advisers, authorities, or the other transaction party where necessary and lawful.
14. Reviews, ratings, and user-generated content
We process reviews, ratings, profile content, listing content, messages submitted for publication, and other user-generated content to operate marketplace trust features, display relevant content, moderate abuse, enforce rules, and resolve disputes. Published content may identify the account, seller, buyer, listing, or transaction to which it relates.
We may remove or restrict user-generated content that violates marketplace rules, infringes rights, contains unlawful material, discloses unnecessary personal data, or creates safety risks. We may retain moderation records where needed for legal claims, abuse prevention, or audit purposes.
15. Customer support and contact forms
We process support tickets, contact forms, concierge or service requests, email communications, attachments, account details, order references, troubleshooting information, and complaint records to respond to requests, investigate issues, resolve disputes, improve service quality, and preserve evidence. This processing may be necessary for contract performance, legitimate interests, or legal obligations depending on the request.
If you contact us about another person or transaction party, we may process the personal data you provide to handle the request. Please provide only information that is relevant and necessary for support.
16. Email notifications, newsletters, and marketing
We send service emails about accounts, authentication, orders, offers, auctions, payments, seller onboarding, disputes, policy updates, and security because those messages are necessary to operate the marketplace or comply with legal obligations. Users cannot opt out of essential service communications while using the relevant service.
We send newsletters, product alerts, saved-search alerts, seller onboarding communications, launch updates, and other marketing where permitted by law. The lawful basis may be consent or legitimate interests for direct marketing where allowed. You can unsubscribe using the link in a marketing email or by contacting privacy@houseofwatches.com.
17. Cookies, consent, analytics, and similar technologies
We process cookies, consent records, analytics data, and similar technologies for essential platform functions, security, preferences, measurement, and marketing where permitted. Essential cookies support sessions, authentication, language, checkout state, account protection, load balancing, and security.
Analytics and measurement technologies help us understand product usage, performance, errors, and feature adoption. Marketing technologies may be used only where permitted and, where required, with consent. Browser and device settings may allow you to block cookies, but essential platform functions may not work correctly without them.
18. Security, abuse prevention, and audit logs
We process security events, IP addresses, device information, login history, failed login attempts, passkey events, session changes, rate-limit signals, moderation actions, fraud indicators, audit logs, and administrative access logs to secure the platform and detect abuse. This processing is based on our legitimate interests in protecting users, transactions, systems, and marketplace integrity.
Security and audit logs may also be processed to comply with legal obligations, investigate incidents, respond to payment provider or regulator requests, preserve dispute evidence, and establish, exercise, or defend legal claims.
19. Legal compliance, tax, accounting, and platform reporting
We process personal data to comply with legal obligations related to tax, accounting, invoices, payment records, platform reporting, consumer protection, sanctions, anti-money laundering where applicable, product safety, regulator requests, court orders, law enforcement requests, and legal claims. This may include account data, seller verification data, transaction data, payment status, payout status, refund status, dispute evidence, and communications.
Where we are required to retain or report information, we may continue processing relevant data even after account closure, unsubscribe, deletion requests, or transaction completion. We limit that processing to what is necessary for the applicable legal purpose.
20. Recipients, processors, and third-party services
We share personal data with other users where necessary for marketplace transactions, such as buyer details shared with sellers for fulfillment, seller details shown to buyers where required, and messages exchanged between transaction parties. We also share data with service providers that support hosting, storage, security, payment processing, seller verification, authentication, email delivery, analytics, customer support, shipping, fraud prevention, translation, and business operations.
Provider categories include payment and payout providers, authentication partners, hosting and storage providers, email delivery providers, analytics providers, fraud-prevention providers, customer-support tooling, translation services, professional advisers, auditors, insurers, transaction counterparties, and public authorities where required by law. Processors may act only on our instructions where they process data on our behalf; independent controllers process data under their own terms and notices.
21. International transfers and safeguards
We may transfer personal data outside the European Economic Area where service providers or infrastructure require it, using appropriate safeguards such as adequacy decisions, standard contractual clauses, and supplementary measures where required. Transfers may occur when providers operate global infrastructure, support teams, payment systems, authentication services, analytics, email delivery, storage, or security services.
Where a third-party provider acts as an independent controller, its own transfer mechanisms and privacy notice may also apply. We assess transfer safeguards where required by applicable data protection law.
22. Retention periods
We keep personal data only for as long as needed for the purposes described in this Policy, including platform operation, account management, security, legal compliance, accounting, tax, dispute handling, fraud prevention, and legitimate business records. Retention periods vary by data type, legal requirement, and risk.
Account data is usually kept for the life of the account and a limited period after closure where needed for disputes, security, or legal obligations. Transaction, payment, payout, tax, and accounting records are kept for legally required periods. Security logs, consent records, support records, seller verification records, authentication records, and dispute evidence are kept for periods appropriate to their purpose and may be retained longer where a claim, investigation, audit, regulator request, payment dispute, or legal obligation requires it. We may anonymize data for analytics and product improvement.
23. Your GDPR rights
Where the GDPR applies, you may request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, data portability, objection, withdrawal of consent, and complaint to a supervisory authority. In Romania, the supervisory authority is Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal.
To exercise your rights, contact privacy@houseofwatches.com. Some rights are limited by legal obligations, tax and accounting rules, fraud prevention, dispute evidence, payment records, legal claims, security needs, and the rights of other users.
24. Right to withdraw consent and object
Where processing is based on consent, you may withdraw consent at any time without affecting processing carried out before withdrawal. This includes optional marketing and non-essential cookies or similar technologies where consent is the applicable lawful basis.
You also have the right to object to processing based on legitimate interests, including certain fraud-prevention, marketplace-safety, analytics, service-improvement, or direct-marketing processing. You always have the right to object to direct marketing, and we will stop direct marketing to you when required by law.
25. Data security
We use administrative, technical, and organizational measures designed to protect personal data, including access controls, encryption where appropriate, logging, monitoring, provider due diligence, account security controls, backup practices, and internal permission management. We review security measures in light of the nature of the data, processing risks, and marketplace workflows.
No online service can guarantee absolute security. You are responsible for keeping credentials and devices secure, using account security features where available, and notifying us promptly if you suspect unauthorized access or misuse of your account.
26. Children's data
House of Watches is not intended for children. Users must be at least 18 years old to create an account, buy, sell, bid, make offers, request authentication, or otherwise transact on the marketplace.
We do not knowingly collect personal data from children. If we learn that a child has provided personal data, we will take appropriate steps to delete or restrict the data unless retention is required by law or necessary for safety, fraud prevention, or legal claims.
27. Changes to this Policy
We may update this Policy when our marketplace, providers, processing activities, legal obligations, security practices, or user workflows change. The current version, effective date, and last updated date are shown at the top of this page.
If a change is material, we may notify users through the platform, by email, or by another appropriate method. Continued use of the marketplace after an updated Policy takes effect means the updated Policy applies to processing from that effective date.
