Privacy Policy

PRIVACY POLICY

Xeric.com & Xericwatches.com

Operated by Watchismo, LLC

LAST UPDATED: April 21, 2026

I. IMPORTANT INFORMATION AND WHO WE ARE

II. THE INFORMATION WE COLLECT ABOUT YOU

III. HOW WE COLLECT YOUR PERSONAL INFORMATION

IV. THIRD PARTY INTERACTIONS

V. THIRD PARTY ANALYTICS PROVIDERS & AD SERVERS; ONLINE TRACKING

VI. HOW WE USE YOUR PERSONAL INFORMATION

VII. DISCLOSURES OF YOUR PERSONAL INFORMATION

VIII. YOUR CHOICES

IX. DATA SECURITY

X. USERS OUTSIDE OF THE UNITED STATES AND INTERNATIONAL TRANSFERS

XI. CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS

XII. CANADIAN RESIDENTS – YOUR PRIVACY RIGHTS

XIII. QUESTIONS

XIV. ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN UNION AND UNITED KINGDOM

I. IMPORTANT INFORMATION AND WHO WE ARE

A. APPLICATION OF THIS PRIVACY POLICY

Watchismo, LLC (“DBA Xeric.com”, “us”, “we” or “our”) is committed to protecting the privacy and confidentiality of Personal Information we may collect. Xeric.com has created this privacy policy (“Privacy Policy”) to advise you about our information practices, such as the types of information we collect and how we may use that information, and to inform you about your privacy rights and how the law protects you. We urge you to read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it. By visiting any part of our Websites (as defined below) or otherwise providing Xeric.com with Personal Information by any means, you accept and agree to the practices described in this Privacy Policy and your continued use of the Websites (following the posting of a revised privacy policy) means that you accept and agree to the terms of the revised privacy policy, so please check the policy periodically for updates.

Individuals in the European Union (“EU”) or United Kingdom (“UK”) should be sure to read the important information provided below in Section XIV, in addition to the other provisions in this Privacy Policy.

This Privacy Policy applies to www.xeric.com and www.xericwatches.com, and all other websites, features, or online services that are owned or controlled by Watchismo, LLC and that post a link to this Privacy Policy (collectively, the “Websites”), whether accessed via computer, mobile device, or otherwise. The terms “Xeric.com,” “Xericwatches.com,” and “Xeric Watches” are used collectively and interchangeably herein to refer to the Websites and the business operating thereunder. Note, however, this Privacy Policy does not apply to use of unaffiliated websites that link to our Websites. Once you enter another website (whether through an advertisement, service, or content link), be aware that we are not responsible for the privacy practices of such other websites.

B. PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy aims to give you information on how Xeric.com collects and uses your Personal Information through your use of the Websites, including any information you may provide through the Websites when you sign up for an account, sign up to receive information or communications from us, purchase a product or service, or request further services or information from us.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or using Personal Information about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements the other notices and is not intended to override them.

C. CHILDREN

The Websites are not designed for, or directed to, children under the age of 1613, as defined under the Children’s Online Privacy Protection Act (“COPPA”) (15 U.S.C. § 6501 et seq.), or under such other minimum age as may be required by applicable state or provincial law. Xeric.com does not intentionally collect Personal Information from any child under the applicable minimum age on the Websites. Users in the European Union under the age of 16 are subject to the additional protections described in Section XIV. If Xeric.com discovers that it has inadvertently collected Personal Information from anyone below the applicable minimum age, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Information from a child below the applicable minimum age, please contact us at privacy@xeric.com.

D. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We reserve the right, at any time and without notice, to add to, change, update or modify this Privacy Policy, simply by posting such change, update or modification on the Websites. Any such change, update or modification will be effective immediately upon posting on the Websites. If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice of such changes at https://www.xeric.com/pages/privacy-policy. However, unless you consent, Xeric.com will not use your Personal Information in a manner materially different than what was stated in our posted Privacy Policy at the time your Personal Information was collected. Please check this Privacy Policy regularly to ensure you are aware of any changes in our practices.

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us. You are responsible for maintaining the accuracy of the information you submit to us. If you contact us with changes, we will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable.

E. THIRD PARTY CONTENT, LINKS TO OTHER WEBSITES, AND Xeric.com CONTENT FOUND OUTSIDE THE WEBSITES

The Websites may include links to third-party websites, plug-ins and applications and certain content on the Websites may be hosted and served by third parties that Xeric.com does not control. When you click on a link to any other website or location, you will leave our Websites and go to another site and another entity may collect Personal Information from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites, their privacy statements or content, or to any collection of your Personal Information after you click on links to such outside websites. We encourage you to read the privacy policies of every website you visit.

II. THE INFORMATION WE COLLECT ABOUT YOU

Personal Information or personal data means any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous data).

We and our third-party service providers may collect, use, store and transfer different kinds of Personal Information about you that we have grouped together as follows:

IDENTITY INFORMATION includes name, username or similar identifier, title, date of birth, and gender.

DEMOGRAPHIC INFORMATION includes zip code, age and/or income.

CONTACT INFORMATION includes billing address, delivery address, email address and telephone numbers.

FINANCIAL INFORMATION includes bank account and payment card details.

TRANSACTION INFORMATION includes details about payments to and from you and other details of services you have purchased from us.

TECHNICAL INFORMATION includes internet protocol (IP) address, your login data, browser type and version, time zone setting and geographical location, browser plug-in types and versions, operating system and platform and other technology or other unique identifier (“Device Identifier”) for any computer, mobile phone, tablet or other device (“Device”) used to access the Websites.

PROFILE INFORMATION includes your username and password, purchases or orders made by you, your interests, preferences, product feedback, and survey responses.

USAGE DATA includes information about how you use our Websites, products and services, including all of the areas within our Websites that you visit and the time of day you visited the Websites.

MARKETING AND COMMUNICATIONS INFORMATION includes your preferences in receiving marketing from us and our third parties and your communication preferences.

LOCATION INFORMATION includes information about your location using a variety of technologies, such as GPS, IP address, and connected or nearby Wi-Fi networks.

USER CONTENT INFORMATION includes text (including questions, comments, and suggestions), pictures, audio, videos, or other content you share by participating and posting content publicly in reviews, interactive features, or other communication functionality.

SENSITIVE PERSONAL INFORMATION, as defined under the California Privacy Rights Act (“CPRA”) and other applicable law, includes: Social Security number, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation data; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, or text messages unless Xeric.com is the intended recipient; genetic data; biometric information processed for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer’s health; and personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. We collect Sensitive Personal Information only to the extent necessary to provide our products and services and do not use or disclose Sensitive Personal Information for purposes other than those specifically permitted under applicable law. We do not sell or share Sensitive Personal Information.

We also collect, use and share AGGREGATED INFORMATION such as statistical or demographic information for any purpose. Aggregated Information may be derived from your Personal Information but is not considered Personal Information in law as this information does not directly or indirectly reveal your identity.

We do not intentionally collect any SPECIAL CATEGORIES of Personal Information about you within the meaning of the EU/UK GDPR (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) except as may be required to provide services you have specifically requested or as permitted by applicable law. Nor do we intentionally collect information about criminal convictions and offences.

III. HOW WE COLLECT YOUR PERSONAL INFORMATION

We use different methods to collect information from and about you including through:

DIRECT INTERACTIONS. You may give us your Identity, Demographic, Contact, Financial, Profile, or Marketing and Communications Information by filling in forms or by corresponding with us by mail, phone, email, or otherwise. This includes Personal Information you provide when you: purchase our products or services; create an account on our Websites; subscribe to emails or newsletters; request services or other information; enter a competition, promotion or survey; or give us feedback about products, services, or the Websites.

AUTOMATED TECHNOLOGIES OR INTERACTIONS. As you navigate through the Websites, we may automatically collect Technical, Usage, and Location Information about your equipment, browsing actions and patterns. We collect this Personal Information by using cookies, pixel tags, embedded scripts and other similar technologies.

COOKIES. Cookies are small data files that a website sends to your Device while you are viewing the website that are stored on the Device. Cookies can be used for many purposes, including to monitor use of websites, to customize content specific to your interests, and to recognize you when you return to our Websites. You may refuse to accept cookies by activating the appropriate setting on your browser. However, if you choose to disable cookies on your Device, some features of the Websites or our content may not function properly.

PIXEL TAG. Pixel Tags (also referred to as clear GIFs, Web beacons, or Web bugs) are small graphic images or other web programming code that may be included on the Websites and in our e-mail messages and may be used to, among other things, count visitors to the Websites and monitor how users navigate the Websites.

EMBEDDED SCRIPTS. Embedded scripts are programming code designed to collect information about your interactions with the Websites, such as the links you click. The code is temporarily downloaded onto your Device from our web server or a third party service provider, and is active only while you are connected to the Websites.

COMMUNITY FEATURES. The Websites may provide you the opportunity to participate and post content publicly through reviews, surveys, interactive features, or other communication functionality. Please note that any Personal Information you include in public areas of the Websites will be publicly viewable. ANYTHING YOU POST THROUGH COMMUNITY FEATURES IS PUBLIC. IF YOU CHOOSE TO VOLUNTARILY DISCLOSE PERSONAL INFORMATION, THAT INFORMATION WILL BE CONSIDERED PUBLIC INFORMATION AND THE PROTECTIONS OF THIS PRIVACY POLICY WILL NOT APPLY.

THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES. We may receive Personal Information about you from various third parties, including analytics providers, advertising networks, search information providers, and payment and delivery service providers. We may combine the information we receive from those sources with information we collect through the Websites, in which case we will apply this Privacy Policy to the combined information.

IV. THIRD PARTY INTERACTIONS

Certain functionality on the Websites may permit interactions that you initiate between the Websites and a third party website or service (“THIRD PARTY INTERACTIONS”). Examples of Third Party Interactions may include technology that enables you to “like” or “share” content from the Websites on or to other websites or services; to transmit content to the Websites from your account on a third party website or service; or for users to register for an account and login through social networking sites such as Facebook and Google (each an “SNS”). By registering or logging in through a SNS, you are allowing the Websites to access your information and you are agreeing to the SNS’s Terms of Use and Privacy Policy. We may receive information from the SNS to make it easier for you to create an account with us.

The information we collect in connection with Third Party Interactions is subject to this Privacy Policy. The information collected and stored by the third party remains subject to the third party’s privacy practices, including whether the third party continues to share information with us, the types of information shared, and your choices with regard to what is visible to others on that third party website or service.

V. THIRD PARTY ANALYTICS PROVIDERS & AD SERVERS; ONLINE TRACKING

Xeric.com works with certain third parties (including network advertisers, ad agencies, and analytics companies) to provide us with information regarding traffic on the Websites, to serve advertisements, including our advertisements elsewhere online, and to provide us with information regarding the use of the Websites and the effectiveness of our advertisements. These third parties may use Device Identifier and Usage Data to compile reports on user activity.

These third parties may also transfer Device Identifier and Usage Data to other third parties where required to do so by law, or where such third parties process analytics information on their behalf. Each of these third parties’ ability to use and share Device Identifier and Usage Data is restricted by their respective Terms of Use and Privacy Policy. By using our Websites, you consent to the processing of data about you by these third parties in the manner and for the purposes set out above. For a full list of third party analytics services, please contact us at privacy@xeric.com.

We may share Device Identifier and Usage Data about visitors with third party advertising companies, analytics providers and other vendors for similar purposes. Some of these companies may be members of the Network Advertising Initiative (“NAI”) or the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising.

NAI Opt-Out Tool (for website users): http://www.networkadvertising.org/managing/opt_out.asp

DAA Consumer Choice (for website users): http://www.aboutads.info/choices/

DAA AppChoices (for mobile app users): http://youradchoices.com/appchoices

GLOBAL PRIVACY CONTROL. In compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”), and implementing regulations, the Websites recognize and respond to the Global Privacy Control (“GPC”) opt-out preference signal. If you use a browser or browser extension that transmits a GPC signal, we will treat such signal as a valid opt-out request from the sale or sharing of your Personal Information for the device and browser transmitting the GPC signal. We will process GPC signals as a Do Not Sell or Share My Personal Information request. The GPC opt-out will be effectuated within fifteen (15) business days of our receipt of the signal, in accordance with applicable regulations (11 Cal. Code Regs. § 7025).

DO NOT TRACK. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. Like many websites and online services, the Websites currently do not alter their practices in response to a legacy “Do Not Track” browser signal, except as provided above with respect to the Global Privacy Control. To find out more about “Do Not Track,” you may wish to visit http://www.allaboutdnt.com.

VI. HOW WE USE YOUR PERSONAL INFORMATION

We may use the information we collect about you, including Personal Information and Usage Data:

• to provide you with our products and services and related customer service;

• to process your registration and account creation with the Websites, including verifying your contact information is active and valid;

• to identify you as a user in our system;

• to provide you with information, products or services that you have requested or agreed to receive;

• to provide improved administration of our Websites and services;

• to process transactions you initiate, process payments and provide accurate billing and shipping;

• to send you administrative e-mail notifications, such as order confirmations, order status updates, security, or support and maintenance advisories;

• to bill you for Xeric.com products or services;

• to respond to your inquiries related to employment opportunities or other requests;

• to send newsletters, surveys, offers, and other promotional materials related to our services and for other marketing purposes of Xeric.com;

• to market our products/services, including recommending products/services that might be of interest to you;

• to improve our Websites, product and service offerings;

• to customize and tailor your experience on the Websites;

• for compliance, fraud prevention and safety, including enforcing our terms of service and this Privacy Policy, protecting against, investigating or deterring fraudulent, harmful, unauthorized, unethical or illegal activity;

• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us;

• to notify you about changes to our service;

• to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; and

• to perform other functions as described at the time of collection, with your consent, or as further described in this Privacy Policy.

In addition to the above, we may use anonymous data to analyze request and usage patterns so that we may enhance the content of our services and improve navigation on the Websites. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.

A. EMAIL COMMUNICATIONS

We may use your Identity, Contact, Technical, Usage and Profile Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive newsletters or marketing communications from us if you have requested information from, purchased goods or services from us, or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have consented to receiving marketing communications. You may opt out at any time as described in Section VIII.

B. COOKIES

A cookie is a data file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. We may use both session cookies and persistent cookies to provide you with a more personal and interactive experience on our Site. Most browsers allow you to refuse to accept cookies and to delete cookies. Please note that blocking all cookies will have a negative impact upon the usability of many websites.

C. TEXT MARKETING AND NOTIFICATIONS

By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders, texting campaigns) and text marketing offers. Text marketing messages will not exceed 30 a month. You acknowledge that consent is not a condition for any purchase. If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you within any of our messages. Message and data rates may apply.

VII. DISCLOSURES OF YOUR PERSONAL INFORMATION

We may share non-personally identifiable information, such as aggregated user statistics, in our discretion and without restriction.

We may disclose the information we have collected about you, including Personal Information, as disclosed at the time you provide your information, with your consent, as described in this Privacy Policy, or in the following circumstances:

A. INTERNAL THIRD PARTIES

Xeric.com may, and reserves the right to, share your information with any other company that is not presently, but becomes, a Xeric.com parent, subsidiary, or affiliate.

You may be presented with an opportunity to receive information and/or marketing offers from Xeric.com and our affiliated businesses, partners and agents. If you agree at that time to receive such communications, your Personal Information will be disclosed to that third party (or parties).

B. EXTERNAL THIRD PARTIES

Third Party Service Providers. We may share Personal Information with third party service providers in connection with the performance of services to, or on behalf of, Xeric.com and the Websites, including to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; and/or to provide other services to Xeric.com. For example, our online retail store is hosted by Shopify. You acknowledge and agree that your use of the Websites may include having your Personal Information transferred to and stored by Shopify pursuant to their privacy policy, which is available at https://www.shopify.com/legal/privacy.

Third Party Payment Processing. For online payments and/or Automated Clearing House (ACH) payouts, we use the payment services of Stripe, Shopify Payments, Amazon Payments and PayPal. We do not process, record or maintain your credit card or bank account information and we will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

Administrative & Legal Reasons. We may transfer and disclose information, including Personal Information, to third parties: to comply with a valid legal inquiry, investigation, or process such as a search warrant, subpoena, statute or court order; to protect the safety, interests, rights, property or security of Xeric.com, you, or any third party; to respond to a breach or attempted breach of the security of our Websites; or at the request of governmental authorities conducting an investigation.

C. SHARING BETWEEN Xeric.com COMPANIES; BUSINESS TRANSFERS

Xeric.com may also disclose and transfer your Personal Information: (i) to a subsequent owner, co-owner or operator of the Websites or applicable database, or of our products or services; (ii) if Xeric.com (or any of its affiliated, parent, or subsidiary companies) assigns its rights regarding any of your information to a third party; or (iii) in connection with or during negotiation of a corporate merger, financing, consolidation, restructuring, the acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets including, without limitation, during the course of any due diligence process. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Policy.

BY USING THE WEBSITES AND PROVIDING YOUR PERSONAL INFORMATION, YOU HEREBY ACKNOWLEDGE AND AGREE THAT ANY TRANSFER OR DISCLOSURE OF PERSONAL INFORMATION IN CONNECTION WITH A BUSINESS TRANSFER, MERGER, ACQUISITION, ASSET SALE, DIVESTITURE, DISSOLUTION, BANKRUPTCY, RECEIVERSHIP, OR OTHER CORPORATE TRANSACTION DESCRIBED HEREIN SHALL NOT REQUIRE INDIVIDUAL CUSTOMER CONSENT AND MAY BE CARRIED OUT WITHOUT PRIOR NOTICE TO AFFECTED INDIVIDUALS, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. Such transfer is authorized and permitted by operation of this Privacy Policy, which constitutes your advance consent to any such transfer. The successor or acquiring entity may continue to use your Personal Information in accordance with this Privacy Policy or any successor privacy policy adopted by such entity, subject to applicable legal requirements. We will use commercially reasonable efforts to direct any successor entity to provide notice of any material changes to the manner in which your Personal Information is used following any such transfer, in accordance with applicable law. These transfers and disclosures may be carried out without additional notice to you beyond this Privacy Policy.

VIII. YOUR CHOICES

A. ACCESSING, UPDATING, CORRECTING OR DELETING INFORMATION

You can review, request access to, update, correct or delete your Personal Information by contacting us at privacy@xeric.com.

You may request deletion of your Personal Information by contacting us and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may also retain information for fraud prevention or similar purposes.

B. OPTING OUT

We will only send you direct marketing emails or other similar communications if you opt-in to receive such emails. If you do not wish to have your e-mail address or other contact information used for promotional purposes, you may indicate a preference to stop receiving further communications from us and can “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly at privacy@xeric.com.

C. CHOOSING NOT TO SHARE PERSONAL INFORMATION

You may choose not to provide us with any Personal Information. In such an event, you may still be able to access and use some of the Websites; however you may not be able to access and use those portions of the Websites that require your Personal Information.

D. MARKETING COMMUNICATIONS

We strive to provide you with choices regarding certain Personal Information uses, particularly around marketing and advertising. You can opt-out of such communications as outlined in Section B, above. Please note that you may continue to receive service-related and other non-marketing communications.

E. DE-LINKING THIRD PARTY INTERACTIONS AND SNS

If you would like to discontinue Third Party Interactions and connections, please refer to the privacy settings of the third party or SNS to determine how you may adjust our permissions and manage the interactivity between the Websites and your social media account.

IX. DATA SECURITY

Xeric.com uses commercially reasonable security measures to safeguard the Personal Information we collect from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, please note that no system can be completely secure and Xeric.com does not ensure or warrant the security of any information we collect. You use our Websites and provide us with your information at your own risk.

We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so., within the timeframes mandated by applicable law. We maintain a written information security program designed to protect customer Personal Information in accordance with applicable federal and state requirements, including the FTC’s Safeguards Rule (16 C.F.R. Part 314) as applicable, and applicable Canadian and EU/UK requirements.

X. USERS OUTSIDE OF THE UNITED STATES AND INTERNATIONAL TRANSFERS

The Websites are hosted and operated in the United States and Xeric.com and its third party service providers and partners operate in the United States and other jurisdictions. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to and processed in the United States and other countries. By using the Websites, or providing us with any information, you acknowledge and consent to this transfer, processing and storage of your information in countries where the privacy laws may be less stringent than those in the country where you reside or are a citizen.

Where required by applicable law, including Canadian privacy law (PIPEDA and provincial legislation), EU GDPR, and UK GDPR, we will implement appropriate safeguards for such international transfers of Personal Information, including Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement or Addendum approved by the Information Commissioner’s Office, or other recognized transfer mechanisms as required. Please contact us at privacy@xeric.com for further information about the specific safeguards we use.

XI. CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS

This Section XI applies solely to California residents and supplements the rest of this Privacy Policy. It is provided pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”) (Cal. Civ. Code § 1798.100 et seq.), and implementing regulations promulgated by the California Privacy Protection Agency (collectively, “California Privacy Law”). This Section takes precedence over any conflicting provision in this Privacy Policy with respect to California residents.

A. CATEGORIES OF PERSONAL INFORMATION COLLECTED

In the preceding twelve (12) months, we have collected the following categories of Personal Information from California consumers, as those categories are defined under California Privacy Law:

• Identifiers (e.g., name, email address, IP address, account name);

• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (e.g., name, signature, address, telephone number, payment card information);

• Commercial information (e.g., records of products or services purchased, obtaining, or considered);

• Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with the Websites);

• Geolocation data (approximate or precise location);

• Inferences drawn from any of the above information to create a consumer profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes; and

• Sensitive Personal Information as defined in Section II of this Privacy Policy.

B. SOURCES, PURPOSES, AND DISCLOSURE OF PERSONAL INFORMATION

We collect Personal Information from the categories of sources described in Section III of this Privacy Policy. We use and disclose Personal Information for the business and commercial purposes described in Sections VI and VII of this Privacy Policy.

In the preceding twelve (12) months, we have disclosed Personal Information to the following categories of third parties for business purposes: service providers (e.g., payment processors, fulfillment providers, analytics vendors, IT service providers); advertising networks; and data analytics providers. We have not sold or shared Personal Information with third parties for purposes other than cross-context behavioral advertising through our digital advertising partners as described in Section V.

C. SALE OR SHARING OF PERSONAL INFORMATION

Under California Privacy Law, “sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s Personal Information to a third party for monetary or other valuable consideration. “Sharing” means communicating a consumer’s Personal Information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

We may share certain Technical Information (including Device Identifiers and Usage Data) with third-party advertising partners and analytics providers, which may constitute “sharing” for cross-context behavioral advertising purposes under California Privacy Law. We do not knowingly sell the Personal Information of consumers under the age of 16 without affirmative authorization. California residents may opt out of the sale or sharing of their Personal Information as described in Section D below.

D. CALIFORNIA CONSUMER RIGHTS

Subject to certain exceptions and limitations set forth in California Privacy Law, California residents have the following rights, which may be exercised free of charge:

• Right to Know (Cal. Civ. Code § 1798.100). You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you in the preceding twelve (12) months, the categories of sources from which it was collected, the business or commercial purpose for collecting or selling it, and the categories of third parties to whom we disclose it.

• Right to Delete (Cal. Civ. Code § 1798.105). You have the right to request that we delete Personal Information we have collected from you, subject to certain exceptions (e.g., where retention is necessary to complete a transaction, detect security incidents, comply with a legal obligation, or for other permitted purposes).

• Right to Correct (Cal. Civ. Code § 1798.106). You have the right to request that we correct inaccurate Personal Information that we maintain about you, taking into account the nature of the Personal Information and the purposes of the processing.

• Right to Opt-Out of Sale/Sharing (Cal. Civ. Code § 1798.120). You have the right to direct us not to sell or share your Personal Information at any time. To exercise this right, click the “Do Not Sell or Share My Personal Information” link on our Websites, submit a request to privacy@xeric.com, or use a browser-level Global Privacy Control signal as described in Section V.

• Right to Limit Use of Sensitive Personal Information (Cal. Civ. Code § 1798.121). You have the right to direct us to limit our use and disclosure of Sensitive Personal Information to the uses necessary to provide the goods or services you have requested from us and other purposes specifically permitted by applicable regulations. To exercise this right, contact us at privacy@xeric.com or use the “Limit the Use of My Sensitive Personal Information” link on our Websites.

• Right to Non-Discrimination (Cal. Civ. Code § 1798.125). We will not discriminate against you for exercising any of your rights under California Privacy Law, including by denying you goods or services, charging you different prices, or providing you with a different level or quality of goods or services.

• Right Regarding Automated Decision-Making (11 Cal. Code Regs. § 7023). You have the right to opt out of automated decision-making technology, including profiling, used in furtherance of decisions that produce legal or similarly significant effects concerning you. You also have the right to request an explanation of the logic involved in automated decision-making that involves your Personal Information.

E. HOW TO EXERCISE YOUR CALIFORNIA RIGHTS

To exercise any of the rights described in this Section, you or your authorized agent may submit a verifiable consumer request to us by:

• Email: privacy@xeric.com (Subject line: “California Privacy Request”);

• Mail: Watchismo, LLC, 180 N. University Ave #270, Provo UT 84601; or

• Using the links on our Websites designated for these rights (e.g., “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information”).

We will acknowledge receipt of your request within ten (10) business days and will respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time (up to ninety (90) calendar days), we will inform you of the reason and extension period in writing. Requests may be submitted twice in any twelve-month period.

We will verify your identity before processing your request. You may designate an authorized agent to submit a request on your behalf, provided you provide the authorized agent with written permission and we can verify your identity.

For purposes of the Shine the Light law (Cal. Civ. Code § 1798.83), California residents may request information about our disclosure of Personal Information to third parties for their direct marketing purposes by contacting us at privacy@xeric.com with the subject line “California Shine the Light.”

XII. CANADIAN RESIDENTS – YOUR PRIVACY RIGHTS

This Section XII applies to residents of Canada, including residents of the Province of Québec, who access the Websites at www.xericwatches.com or otherwise provide Personal Information to Xeric.com from within Canada. This Section is provided in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) (S.C. 2000, c. 5) and its provincial equivalents, the Québec Act respecting the protection of personal information in the private sector (R.S.Q., c. P-39.1), as substantially amended by the Act to modernize legislative provisions as regards the protection of personal information, S.Q. 2021, c. 25 (“Law 25” / “Bill 64”), and applicable regulations thereunder.

A. ACCOUNTABILITY

Xeric.com is responsible for Personal Information under its control and has designated a Privacy Officer who is accountable for our compliance with applicable Canadian privacy legislation. Questions, concerns, or complaints regarding our privacy practices may be directed in writing to: Privacy Officer, Watchismo, LLC, 180 N. University Ave #270, Provo UT 84601, or by email to privacy@xeric.com.

B. PURPOSES OF COLLECTION, USE, AND DISCLOSURE

We identify the purposes for which Personal Information is collected at or before the time of collection. We collect, use, and disclose Personal Information only for purposes that a reasonable person would consider appropriate in the circumstances and only to the extent necessary to fulfill those identified purposes. The purposes for which we collect, use, and disclose Personal Information are described in Sections II, III, and VI of this Privacy Policy.

C. CONSENT

Subject to applicable law, we obtain your meaningful consent (express or implied, depending on the sensitivity of the information and the context of collection) for the collection, use, and disclosure of your Personal Information. By accessing or using the Websites, Canadian residents consent to the collection, use, and disclosure of Personal Information as described in this Privacy Policy.

You may withdraw consent at any time, subject to legal or contractual restrictions and upon reasonable notice, by contacting us at privacy@xeric.com. Withdrawal of consent may limit or prevent us from providing certain products or services to you, and we will advise you of the implications of withdrawal at the time of your request.

In accordance with Law 25, where we rely on consent as the legal basis for collecting or using Personal Information, such consent must be manifest, free and informed, given for specific purposes. We do not make consent a condition of providing a product or service beyond what is necessary to provide that product or service.

D. LIMITING COLLECTION, USE, DISCLOSURE, AND RETENTION

We limit the collection of Personal Information to that which is necessary for the purposes identified at the time of collection. We use or disclose Personal Information only for those purposes for which it was collected, except with your consent or as required or permitted by law. We retain Personal Information only as long as necessary to fulfill the identified purposes or as required by law.

E. CROSS-BORDER TRANSFERS

Personal Information collected from Canadian residents may be transferred to and processed in the United States and other countries outside of Canada. By using the Websites, you acknowledge that your Personal Information may be subject to the laws of those jurisdictions. Before transferring Personal Information outside Canada, we will implement appropriate contractual protections to ensure that the recipient provides a comparable level of protection to the Personal Information as required by applicable Canadian law.

Residents of Québec are specifically advised that, pursuant to Law 25, before any Personal Information is communicated outside Québec, Xeric.com conducts a privacy impact assessment to ensure that the information will receive an equivalent level of protection to that afforded under Québec law. We will enter into written agreements with recipients that include the applicable privacy protections required by Law 25.

F. PRIVACY IMPACT ASSESSMENTS

In accordance with Law 25 (effective September 22, 2023), prior to any project involving collection of Personal Information that presents a privacy risk, or prior to any communication of Personal Information outside Québec, Xeric.com conducts a privacy impact assessment and implements the necessary risk-mitigation measures.

G. BREACH NOTIFICATION

In the event of a confidentiality incident (data breach) involving Personal Information of Canadian residents that presents a risk of serious injury, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required under PIPEDA. For Québec residents, we will also notify the Commission d’accès à l’information du Québec (“CAI”) and affected individuals in accordance with Law 25.

H. INDIVIDUAL RIGHTS

Subject to certain exceptions and limitations under applicable Canadian privacy law, Canadian residents (including Québec residents) have the following rights:

• Right of Access. You have the right to request access to the Personal Information we hold about you and to receive an account of how it has been used and to whom it has been disclosed.

• Right to Correction. You have the right to challenge the accuracy and completeness of your Personal Information and to request correction.

• Right to De-Indexing (Québec only, under Law 25). Where the dissemination of Personal Information about you causes you serious injury and there is no lawful justification for it, you may request that we cease disseminating such information or that we de-index any hyperlink attached to your name that provides access to that information.

• Right to Portability (Québec only, under Law 25 as phased in). You have the right to request that your Personal Information be communicated to you in a structured, commonly used, and machine-readable technological format, or to have it communicated to any person or body authorized by law.

• Right to Withdraw Consent. You have the right to withdraw consent to the collection, use, or disclosure of your Personal Information at any time, subject to legal and contractual restrictions.

To exercise any of the above rights, please contact us at privacy@xeric.com or by mail at Watchismo, LLC, 180 N. University Ave #270, Provo UT 84601. We will respond to requests within the timeframes required by applicable Canadian law (generally within thirty (30) calendar days under PIPEDA, with extensions as permitted by law).

I. COMPLAINT PROCEDURE

If you are dissatisfied with our response to a privacy concern or request, you may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376. Québec residents may also file a complaint with the Commission d’accès à l’information du Québec at www.cai.quebec.ca or 1-888-528-7741.

XIII. QUESTIONS

If you have any questions or concerns regarding our privacy policy or practices, please feel free to contact us via email at privacy@xeric.com. We can also be contacted by mail at:

Watchismo, LLC

180 N. University Ave #270

Provo UT 84601

USA

XIV. ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN UNION AND UNITED KINGDOM

A. SCOPE AND APPLICABILITY

This Section XIV applies to residents of the European Union (“EU”) and to residents of the United Kingdom (“UK”) protected by the UK General Data Protection Regulation as retained and amended in UK law by the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 (collectively, “UK GDPR”). References to “GDPR” in this Section shall be read to include the UK GDPR where the context applies to UK residents. References to “Personal Information” in this Privacy Policy are equivalent to “Personal Data” governed by GDPR and UK GDPR.

B. LEGAL BASES FOR PROCESSING PERSONAL DATA

We will only use your personal data when the law allows us to do so. Most commonly, we will use your Personal Information in the following circumstances:

• Where we need to perform obligations relating to a contract to which you are a party or to take steps at your request before entering into such a contract (Art. 6(1)(b) GDPR);

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (Art. 6(1)(f) GDPR). Our legitimate interests include conducting and managing our business to enable us to give you the best service and the most secure experience;

• Where we need to comply with a legal or regulatory obligation (Art. 6(1)(c) GDPR); and

• Where we rely on consent, including for direct marketing communications via email (Art. 6(1)(a) GDPR). You have the right to withdraw consent at any time by contacting us using the contact information provided above.

C. CONTROLLER

This Privacy Policy is issued on behalf of Watchismo, LLC, DBA Xeric.com, acting as controller of Personal Data collected through the Websites. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at privacy@xeric.com or by mail at Watchismo, LLC, 180 N. University Ave #270, Provo UT 84601, USA.

D. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements. In some circumstances, we may anonymise your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

E. EU AND UK RESIDENT PERSONAL DATA RIGHTS

Under certain circumstances, EU and UK residents may have rights under applicable data protection laws in relation to their personal data. These rights include:

• Right to Access (Subject Access Request). The right to request a copy of the personal data we hold about you and to check that we are lawfully processing it (Art. 15 GDPR).

• Right to Correction (Rectification). The right to have any incomplete or inaccurate data we hold about you corrected (Art. 16 GDPR).

• Right to Erasure (‘Right to be Forgotten’). The right to ask us to delete or remove personal data where there is no good reason for us continuing to process it (Art. 17 GDPR).

• Right to Object. The right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), or for direct marketing purposes (Art. 21 GDPR).

• Right to Restriction of Processing. The right to ask us to suspend processing of your personal data in certain scenarios (Art. 18 GDPR).

• Right to Data Portability. The right to receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract (Art. 20 GDPR).

• Right to Withdraw Consent. The right to withdraw consent at any time where we are relying on consent to process your personal data. Withdrawal will not affect the lawfulness of processing carried out before you withdraw consent (Art. 7(3) GDPR).

To exercise any of the rights set out above, please contact privacy@xeric.com. You will not have to pay a fee to access your personal data or to exercise any other rights. We may need to request specific information from you to confirm your identity and ensure your right to access your personal data. We try to respond to all legitimate requests within one month; if your request is particularly complex or numerous, it may take us longer (up to an additional two months), and we will notify you accordingly.

F. COMPLAINTS TO SUPERVISORY AUTHORITY

EU residents have the right to make a complaint at any time to the relevant data protection supervisory authority in their EU Member State. UK residents may make a complaint to the Information Commissioner’s Office (“ICO”) at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please first contact us directly.

G. INTERNATIONAL TRANSFERS

For transfers of personal data from the EU to third countries, we will implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Art. 46(2)(c) GDPR. For transfers from the UK, we will implement safeguards in accordance with the UK GDPR and the ICO’s International Data Transfer Agreement (IDTA) or the ICO-approved addendum to EU SCCs, as appropriate. Please contact us at privacy@xeric.com for further information about the specific mechanism used for international transfers of your personal data.