PRIVACY POLICY

Our Privacy Commitments

Our Privacy Policy is centred around the following three privacy commitments:

Commitment 1: Transparency & Trust

Privacy is built into CRNO by design and by default. We respect the trust you place in us when you share your personal information.

We will be transparent with you about the purposes for which we use your personal information and will only use it for those specified purposes when we have a lawful basis to do so. Where required, we will ask for your explicit consent.

If we make any material changes to how we process your personal information, we will notify you in an appropriate way.

Commitment 2: Protecting Your Personal Information

We commit to implementing leading data protection, privacy and security standards so you can feel confident that your personal information is protected.

If there is an incident impacting your personal information, we will notify you and/or relevant regulators in accordance with applicable data breach notification requirements.

Your personal information will be handled with the same level of protection when it is shared with third parties or transferred internationally.

We will only retain your personal information for as long as is necessary for the purposes described in this Privacy Policy, or for as long as required by law.

Commitment 3: Respecting Your Rights

We will respect the choices you make in relation to your personal information.

We will respect your legal rights, including rights to access, erase and update the personal information that we hold about you.

We will also respect your choices in relation to objecting to how we process your personal information, and we will provide clear channels for you to contact us with questions or complaints.

This Privacy Policy & Updates

Please take a moment to read this Privacy Policy, as well as our Cookie Policy, which explains how we collect, use, disclose and transfer the personal information collected about you at any touchpoint, including on our website, mobile applications and other digital platforms relating to our global watch registry, authentication network and lost-and-stolen database (together referred to as “CRNO” or the “CRNO Platform”).

Our Cookie Policy explains how we collect information through the use of cookies and related technologies when you use CRNO.

From time to time we may update this Privacy Policy. When we do, we will publish the changes on CRNO and update the effective date. Where required by law, we will notify you of material changes.

General Data Protection Regulation (GDPR) Representative

For the purposes of the UK GDPR and, where applicable, the EU GDPR, CRNO Solutions Ltd acts as the data controller of your personal information.

If we appoint an EU-based representative in the future, we will update this section with the relevant contact details.

For general questions, please see the “Contact us” section below.

Commitment 1: Transparency & Trust

Information that you provide to us or we collect about you

We collect the following types of personal information about you:

General personal & user account information

To benefit from CRNO services, you may need to provide your contact details or create an account with us. You may provide personal information about yourself, including:

  • Name and address

  • Date of birth

  • Email address

  • Telephone number

  • Nationality

  • Gender

Your account may store:

  • Information about you

  • Details of your watch(es) and/or jewellery

  • Any relevant case or claim information

  • Conversation and interaction history with CRNO

You may also provide documents that contain personal information, including (where applicable):

  • Warranty cards, invoices and proofs of purchase

  • Photographs of your watch(es) and/or jewellery

  • Proof of ownership

  • Insurance details

  • Crime reference number

  • Police report

  • Date and circumstances of loss or theft

This information is collected to help verify ownership, support loss/theft reporting, assist law enforcement and insurers, and enable the operation of the CRNO Platform.

Correspondence, call recordings, online or video chat

We collect personal information when you correspond with us, for example:

  • When you contact us with a query about CRNO

  • When you complete a contact form

  • When you engage with us by phone, online chat or video call

On occasion, calls, online or video chats or other correspondence may be recorded for security, evidence, training, quality control, analysis and service development purposes.

Social media platforms data

If you choose to interact with us via social media or other third-party platforms, we will collect the information you provide via that platform.

This may include:

  • Basic profile information

  • Behavioural data such as browsing interactions or engagement history with our content on that platform

You may also grant us access to certain data from your social media profiles for social login or identity verification purposes.

Cookie data

We also collect certain information automatically about visitors to CRNO, as described in our Cookie Policy.

This may include:

  • Device identifiers and technical information

  • IP address and approximate location

  • Advertising IDs

  • Pixel tags

  • Unique online identifiers

  • Your interactions with our pages, features and content

Location data

Where we provide location-based services (for example, to help identify relevant law-enforcement contacts or local crime reporting processes), we may collect information about your location to the extent necessary for those services.

Use of CRNO

We collect information about how you use the CRNO Platform, including:

  • Searches performed (for example, serial number checks)

  • Watches or items you register or report

  • How prospective purchasers, law enforcement agencies or insurers use CRNO to check the status of a watch or piece of jewellery and confirm whether it is registered or reported lost/stolen

Surveys and market research

We may invite you to participate in surveys or market research. Where you choose to participate, we collect your responses and any feedback you provide.

Information you provide about third parties

You may provide personal information about third parties (for example, a partner, family member or joint owner), such as:

  • Name and contact details

  • Relationship to you

  • Details relevant to shared ownership, insurance, or case handling

You must ensure that such third parties are aware of this Privacy Policy and that you are authorised to share their information with us.

Information we collect from third parties about you

We may also collect personal information about you from:

  • Law-enforcement agencies and insurance organisations

  • Social media platforms

  • Advertising and marketing partners

  • Analytics and technology providers

  • Other third parties that provide technical or strategic data services

  • Publicly available sources

We may combine this information with the information we already hold about you.

Purposes of processing and our legal justification for processing

We process your personal information for the purposes listed below, relying on the following legal bases:

  • Consent – where you have clearly agreed to us processing your personal information (for example, marketing communications or certain optional services).

  • Performance of a contract – where the processing is necessary to provide CRNO services to you or to take steps at your request before entering into a contract (including compliance with our Terms of Use).

  • Legitimate interests – where the processing is necessary for our legitimate interests or those of a third party (for example, running and improving our platform, preventing fraud and supporting crime prevention), unless your interests override those interests.

  • Legal obligation – where the processing is necessary to comply with legal or regulatory requirements (for example, responding to lawful requests from authorities).

  • Other grounds – in limited situations, processing may be necessary to prevent or detect crime, protect life, or otherwise in the public interest.

Service-related processing

We process your personal information for service-related purposes, including:

  • Operating and maintaining the CRNO Platform and tools

  • Managing your account and registrations

  • Service and security communications, updates and announcements

  • Sending administrative messages, such as changes to your account, terms or policies

Legal bases: performance of a contract, legitimate interests (to run CRNO effectively and securely), legal obligation, consent (where applicable).

Marketing-related communications and digital advertising

We may process your personal information for marketing-related purposes, including:

  • Sending you marketing communications by phone, email, post, SMS or digital messaging

  • Delivering personalised content or advertising on social media or other platforms relating to CRNO and, where relevant, carefully selected partners

  • Using data such as your email address (often in hashed form) or cookie data with third-party platforms to create custom or lookalike audiences, where permitted

Legal bases: consent and/or legitimate interests (for example, promoting services that may be relevant to you).

Where we rely on consent, you may withdraw it at any time by emailing us or clicking the unsubscribe link in our marketing emails or texts.

Withdrawal of consent does not affect processing carried out before the withdrawal.

Accounts & records

We process your personal information to manage our internal accounts and records.

Legal bases: performance of a contract, legitimate interests (for example, preventing fraud or maintaining proper business records), legal obligation, consent (where applicable).

Enquiries

We process your personal information to:

  • Respond to your enquiries, requests and complaints

  • Provide support regarding CRNO services

Legal bases: performance of a contract, legitimate interests (for example, responding efficiently to queries), consent.

Market research, analysis of feedback and user engagement

We process your personal information to:

  • Conduct surveys and research

  • Analyse user behaviour and feedback

  • Improve our services, features and user experience on CRNO

Legal bases: legitimate interests (improving CRNO and understanding our users), consent.

Location services

We process your personal information to provide location-based services, such as:

  • Suggesting relevant reporting or support options based on your location

  • Assisting in routing information to appropriate law-enforcement or insurer contacts

For these services, you will usually have the opportunity to grant or deny permission to use location data via your device settings.

Legal basis: consent.

Platform support, maintenance and security

We process your personal information in connection with:

  • Administering and protecting our business and the CRNO Platform

  • Troubleshooting, error handling and incident management

  • Data analysis, testing, system maintenance and support

  • Hosting and storing data

Legal bases: legitimate interests (ensuring CRNO operates securely and efficiently), legal obligation, consent (where applicable).

Receipt of products and services from suppliers

Where you or your organisation provide products or services to CRNO, we may process your personal information to:

  • Manage supplier relationships

  • Receive and pay for services

  • Administer contracts

Legal bases: performance of a contract, legitimate interests (for example, managing our supplier relationships), consent.

Business administration and legal compliance

We process your personal information for:

  • General business administration

  • Audit and compliance purposes

  • Managing risk and disputes

  • Complying with legal or regulatory obligations

Legal bases: legal obligation, legitimate interests (for example, maintaining proper records and protecting our rights), consent (where applicable).

Corporate transactions (e.g. merger or acquisition)

In connection with any actual or potential merger, acquisition, restructuring or sale of all or part of our business, we may:

  • Process and disclose your personal information to relevant third parties (such as prospective buyers or professional advisers)

Legal bases: legitimate interests (facilitating corporate transactions), legal obligation, consent (where applicable).

Cookies and other automated technologies

We process your personal information in accordance with our Cookie Policy.

Legal bases: consent, performance of a contract, legitimate interests (for example, where cookies are strictly necessary for platform operation).

Material changes

If we materially change the way in which we process your personal information, or intend to use it for a new purpose not described above, we will take the steps required under applicable law to inform you, which may include email or other prominent notification.

Our Cookie Policy

CRNO uses cookies in line with our Cookie Policy. This Cookie Policy is available to users on each page of the website linked to this Privacy Policy and via our cookie banners and preferences tools.

Commitment 2: Protecting Your Personal Information

Protecting your personal information

We want you to feel confident sharing your personal information with us.

We therefore:

  • Limit access to personal information to employees and service providers who reasonably need it to operate CRNO or do their jobs

  • Implement appropriate technical and organisational measures (physical, electronic and procedural) to protect your personal information against unauthorised or unlawful processing and against accidental loss, damage or destruction

Where we ask you to choose a password to access certain parts of CRNO, you are responsible for:

  • Selecting a strong, unique password that you do not use on any other site

  • Keeping your password confidential and not sharing it with anyone

Sharing your personal information

We only share personal information with others where permitted by law.

When we do share your personal information, we put contractual and security measures in place to protect it and to ensure recipients comply with applicable data protection standards.

We may share your personal information in the following circumstances:

Our affiliated companies

We may share your personal information with CRNO group companies and affiliates for the purposes set out in this Privacy Policy, where permitted by law.

Service providers (including data processors)

We disclose personal information to trusted third-party service providers who:

  • Host or maintain CRNO systems and data

  • Provide technical, operational or support services

  • Assist with analytics, communications, security and other business functions

These providers act as data processors on our behalf and may only process your personal information in accordance with our instructions and this Privacy Policy.

Police and law-enforcement disclosures

We will disclose relevant information (such as crime reference numbers, police reports, watch details and ownership data) to law-enforcement and police authorities (nationally and internationally) to:

  • Assist in investigating stolen or lost watches/jewellery

  • Verify the authenticity of reports

  • Support crime-prevention and recovery efforts

These third parties become independent data controllers of your personal information and their processing will be subject to their own privacy policies and legal obligations.

Regulatory, authority and other third-party disclosures

We may disclose your personal information to:

  • Law-enforcement agencies

  • Courts and tribunals

  • Regulators and government authorities

  • Financial institutions or insurers

  • Other third parties where we believe this is necessary to:

    • Comply with a legal or regulatory obligation

    • Protect our rights or the rights of others

    • Respond to lawful requests or investigations

    • Establish, exercise or defend legal claims

Mergers & acquisitions

We may disclose your personal information to any third party that purchases or to which we transfer all or substantially all of our assets and business.

If such a transaction occurs, we will use reasonable efforts to ensure that the recipient uses your personal information in a manner consistent with this Privacy Policy.

Transferring your personal information globally

Where we transfer your personal information to countries outside the UK or the European Economic Area (EEA) that may not offer the same level of data protection, we will:

  • Implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, to protect your personal information; and

  • Continue to protect your information in accordance with this Privacy Policy.

Privacy risk assessments

We may conduct privacy and data protection impact assessments when introducing new technologies, features or processing activities involving your personal information.

Where required, we will implement enhanced notices, safeguards and/or consent mechanisms to make sure we continue to meet our privacy commitments.

Retaining your personal information

We keep your personal information only for as long as necessary for the purposes outlined in this Privacy Policy, including:

  • The duration of your relationship with CRNO

  • Any applicable limitation periods for legal claims

  • Statutory retention periods under applicable law

After this period, your personal information will be deleted or anonymised.

Where we rely on your consent and have no other lawful basis for processing, we will delete your personal information if you withdraw your consent.

If you request that we stop sending you direct marketing or exercise your right to be forgotten, we will maintain a minimal record of your request (e.g. your email address and “opt-out” flag) to ensure it is respected in future.

Commitment 3: Respecting your rights

We are committed to respecting your rights over your personal information.

If you wish to exercise any of the rights listed below, please contact us using the details in the “Contact us” section.

Depending on applicable law and certain conditions, you may have the following rights:

Right of access

You have the right to ask for access to the personal information we hold about you.

Right to erasure / restriction of processing

In some circumstances, you have the right to:

  • Request deletion of your personal information; or

  • Request that we restrict how we use it.

Right to update or correct

You have the right to ask us to correct inaccurate personal information and to update incomplete or outdated information.

Right to object

In certain circumstances, you have the right to object, on grounds relating to your particular situation, to our processing of your personal information where we rely on legitimate interests or performance of a task carried out in the public interest.

You also have the right to object at any time to the processing of your personal information for direct marketing purposes.

Right to data portability

In some circumstances, you have the right to request that we provide you with the personal information you have given us in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible.

Right to withdraw consent

Where we rely on your consent to process your personal information, you may withdraw that consent at any time with effect for the future.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to complain

If you have concerns about how we handle your personal information, we encourage you to contact us first and we will do our best to resolve your concerns.

You also have the right to lodge a complaint with a relevant data protection authority, such as:

  • The Information Commissioner’s Office (ICO) in the UK; or

  • The data protection authority in your place of residence or where the processing took place.

Right to object to email marketing

If we have obtained your email address in connection with providing CRNO services and use it to send you marketing about our own similar services, you may object at any time by:

  • Clicking the “unsubscribe” link in our marketing emails; or

  • Emailing us using the details in the “Contact us” section below.

Please note that we may still send you service-related (non-marketing) communications, such as important notices about your account, security or legal updates.

Children

CRNO is not directed at children in the relevant country of data collection (for example, under 13 in the US or under 16 in certain European countries), and we do not knowingly collect personal information from children without appropriate parental or guardian consent.

Children should not use CRNO or submit personal information to us without parental or guardian supervision and consent.

Contact us

If you have any questions, comments or complaints about this Privacy Policy, our Cookie Policy, or privacy matters generally, or if you wish to exercise your data protection rights, please contact us at:

Email: contact@crno.io)

You may also use this address to request access to the personal information we process about you or to unsubscribe from marketing communications.