Privacy Policy

Introduction

ReplicaPatekPhilippe.to (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of everyone who visits our website and purchases our timepieces. This Privacy Policy explains how we collect, use, share, and secure your personal information in compliance with the GDPR, UK GDPR, California Consumer Privacy Act (CCPA/CPRA), Canada’s PIPEDA, Brazil’s LGPD, Australia’s Privacy Act 1988, and other applicable laws. Our practices also conform to Payment Card Industry Data Security Standards (PCI DSS) as required by our payment processing partners.

Data Controller & Contact Information

ReplicaPatekPhilippe.to is the data controller responsible for the personal data we collect and process. If you have any questions, concerns, or requests regarding your personal information, please contact us:

Email: [email protected]
WhatsApp: +44 7578 305075
Mailing Address: 2028 Renmin S Rd, Luohu District, Shenzhen, Guangdong Province, China

For matters specifically related to data protection, please direct your inquiry to our Data Protection Officer at the contact details above.

Information We Collect

We gather personal data in several ways to provide our services efficiently and securely:

a. Information You Provide Directly
When you interact with our website, you may voluntarily share: your name, address, telephone number, and email address; payment details necessary to process your purchase; account credentials if you register; and any correspondence you send to us via email, chat, or support channels.

b. Automatically Collected Information
Our website also collects certain data automatically, including your IP address, browser type, device information, operating system, and browsing behaviour. We use cookies and similar technologies to monitor usage, tailor content, and improve site performance (see Section 9).

c. Data from Third Parties
We may supplement your data with information from payment processors (to verify payment status and mitigate fraud) and analytics services such as Google Analytics (to understand user behaviour and improve our website).

Legal Basis for Processing

We process your personal data only when a lawful basis exists:

Contractual Necessity: To fulfil orders and deliver products and services as agreed.
Consent: For activities such as marketing and cookie use, where you have given explicit permission. Consent may be withdrawn at any time without affecting the legality of prior processing.
Legal Obligation: To comply with applicable laws, regulations, and administrative requirements.
Legitimate Interests: To ensure the security, integrity, and improvement of our website and services, provided such interests do not override your rights.

Use of Your Information

Your personal data is used solely for purposes that are necessary and proportionate to our legitimate interests:

Order Management: Processing orders, managing transactions, coordinating shipments, and handling returns.
Customer Support: Addressing inquiries, resolving issues, and providing general assistance.
Marketing: Sending promotional communications and offers, strictly based on your consent.
Site Analytics: Evaluating how our website is used to enhance functionality and user experience.
Legal and Security Compliance: Ensuring adherence to legal obligations, protecting our rights, and preventing fraud or unauthorised activity.

Payment Processing & PCI DSS Compliance

Secure Transactions: All payment transactions are processed through established, PCI DSS–compliant third-party providers.

Data Security: We adhere strictly to PCI DSS standards, ensuring that all cardholder data is encrypted and transmitted securely. We do not store sensitive payment data such as complete card numbers or CVV codes on our servers.

Third-Party Assurance: Our payment partners are contractually bound to uphold these standards, ensuring the continued security of your payment information.

Sharing and Disclosure

Your personal data is never sold or rented. We may disclose your information only in the following circumstances:

Payment Processors: For the sole purpose of processing your transactions securely.
Service Providers: Who perform functions on our behalf (web hosting, analytics, customer support) under strict confidentiality agreements.
Legal Compliance: Where disclosure is required by law, regulation, or valid legal process.
Business Transactions: In the event of a merger, acquisition, or sale of assets, where the new entity assumes responsibility for your data under this Policy.

Data Security & Retention

We implement a variety of technical and organisational safeguards to protect your personal data from unauthorised access or disclosure:

SSL/TLS Encryption: Securing data transfers between your browser and our site.
Routine Security Audits: Ensuring our measures remain robust and effective.
PCI DSS Compliance: As detailed in Section 6.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. When your data is no longer needed, we securely delete or anonymise it.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience by monitoring usage patterns and personalising content. You may manage your cookie preferences through your browser settings; however, disabling cookies may affect certain website functionality.

International Data Transfers

To serve our global clientele, your personal data may be transferred to and processed in countries outside your home jurisdiction. In such cases, we apply appropriate measures — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to ensure your data remains adequately protected in accordance with applicable laws.

Children’s Privacy

Our services are not directed at, nor do we knowingly collect personal data from, individuals under the age of 16 (or the applicable age of consent in your jurisdiction). If we discover that data from a minor has been inadvertently collected, we will promptly take steps to delete it.

Your Rights

Depending on your jurisdiction, you have the right to:

Access: Obtain a copy of the personal data we hold about you.
Rectify: Request correction of any inaccurate or incomplete data.
Erase: Request deletion of your personal data, subject to certain exceptions.
Restrict Processing: Request that we limit the processing of your data under specific circumstances.
Data Portability: Request your personal data in a structured, machine-readable format.
Object: Object to certain processing activities, including direct marketing.
Withdraw Consent: Revoke consent previously granted, where applicable.
Opt-Out: For California residents, opt out of the sale of personal data.
Non-Discrimination: Expect not to be treated adversely for exercising your rights.

To exercise any of these rights, please contact us at [email protected]. We will respond in accordance with applicable laws.

Policy Updates

We reserve the right to amend this Privacy Policy at any time. Significant changes will be indicated by an updated date at the top of this document and, where necessary, through direct notification. Continued use of our website following such updates constitutes acceptance of the revised terms.

Contact

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
WhatsApp: +44 7578 305075
Mailing Address: 2028 Renmin S Rd, Luohu District, Shenzhen, Guangdong Province, China