Privacy
Policy
This policy explains how Ohlala Watch collects, uses, and protects your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable US privacy laws.
Important Notice
Ohlala Watch operates as a business-to-business (B2B) manufacturer. The personal data we process primarily relates to business contacts, brand owners, product managers, and purchasing professionals engaging with us for OEM/ODM manufacturing services. We do not sell personal data and we do not engage in consumer retail data collection.
Data Controller
The data controller responsible for your personal information is:
Ohlala Watch
- Location: Shenzhen, Guangdong Province, China
- Business Type: OEM/ODM Watch Manufacturer
- Primary Markets: European Union, United States, Australia, and other international regions
- Contact Email: privacy@ohlalawatch.com
As a company serving EU-based clients, Ohlala Watch acknowledges its obligations under the GDPR when processing personal data of individuals located in the European Economic Area (EEA). Where required by applicable law, we may appoint an EU representative and will provide that information upon request.
Data We Collect
We collect only the personal data necessary to provide our manufacturing and business development services. The categories of data we may collect include:
A Business Contact Information
Provided directly by you when submitting inquiries, requesting quotes, or entering into a business relationship:
- Full name and job title
- Company name and business address
- Business email address
- Phone or WhatsApp number
- Country and region of operation
B Project & Commercial Information
Information you share when discussing product development or placing orders:
- Product specifications and design files
- Order quantities and timelines
- Brand assets (logos, packaging designs)
- Shipping and delivery addresses
- Communication history and correspondence
C Website Usage Data
Automatically collected when you visit our website:
- IP address and browser type
- Pages visited and time spent
- Referring website or search terms
- Device type and operating system
- Cookie identifiers (see Section 10)
Legal Basis for Processing (GDPR)
For individuals located in the European Economic Area (EEA), we process personal data only where a valid legal basis under Article 6 of the GDPR exists:
Contract Performance
Processing is necessary to fulfill a contract with you or to take pre-contractual steps at your request -- for example, responding to a quote inquiry, preparing product samples, or managing an active production order.
Legitimate Interests
We process data to maintain and improve our services, manage our business relationships, ensure website security, and conduct analytics. We have balanced these interests against your rights and concluded they do not override your fundamental rights and freedoms.
Legal Obligation
Processing may be required to comply with applicable laws and regulations, including export documentation, customs requirements, and financial record-keeping obligations.
Consent
Where we rely on consent -- for example, for marketing communications or non-essential cookies -- we will obtain your explicit consent and you may withdraw it at any time without affecting the lawfulness of prior processing.
How We Use Your Data
We use the personal data we collect for the following specific business purposes:
| Purpose | Description |
|---|---|
| Inquiry Response | Responding to quote requests, product questions, and initial consultations |
| Order Management | Processing and fulfilling OEM/ODM production orders, sampling, and shipment coordination |
| Communication | Sending project updates, production status reports, and relevant business notifications |
| Marketing | Sending industry news, new product capabilities, or promotional content (only with consent) |
| Legal Compliance | Meeting export, customs, tax, and regulatory documentation requirements |
| Website Analytics | Understanding how visitors use our website to improve content and user experience |
Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:
-
Supply Chain Partners
We may share product specifications and relevant contact details with our Shenzhen-based component suppliers, logistics providers, and quality inspection partners solely to fulfill your manufacturing order. These parties are contractually bound to use your data only for the specified purpose.
-
Service Providers
We use trusted third-party service providers for email communications, website hosting, CRM, and analytics. These providers act as data processors under our instruction and are subject to data processing agreements.
-
Legal Requirements
We may disclose personal data if required to do so by law, court order, or governmental authority, including for customs and export compliance, or to protect our legal rights.
-
Business Transfers
In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity, subject to equivalent privacy protections.
International Data Transfers
Ohlala Watch is headquartered in Shenzhen, China. When you interact with us from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, your personal data will be transferred to and processed in China.
China is not currently recognized by the European Commission as providing an adequate level of data protection equivalent to the EEA. We therefore implement the following safeguards to ensure your data receives appropriate protection:
- Standard Contractual Clauses (SCCs): We rely on the EU Commission-approved Standard Contractual Clauses for transfers from the EEA to third countries where applicable.
- Data Minimization: We transfer only the minimum personal data necessary to fulfill the specific business purpose.
- Contractual Obligations: All third parties receiving your data are contractually obligated to implement appropriate security measures.
You may request a copy of the applicable transfer mechanisms by contacting us at privacy@ohlalawatch.com.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Our general retention guidelines are:
Business & Financial Records
Order records, invoices, contracts, and financial correspondence retained to comply with accounting and tax obligations.
Business Relationship Data
Contact information and communication history for clients and prospects with whom we have had an active relationship.
Website & Analytics Data
Aggregated website usage data and cookie identifiers, after which data is anonymized or deleted.
Unanswered Inquiries
Data from inquiries that did not result in a business relationship is deleted within 30 days unless you consent to further contact.
Your Rights
EU / EEA Data Subjects -- GDPR
If you are located in the European Economic Area, you have the following rights under the GDPR. To exercise any of these rights, contact us at privacy@ohlalawatch.com. We will respond within 30 days.
Right of Access
Request a copy of the personal data we hold about you and information about how it is processed.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data where there is no legitimate reason for us to continue processing it.
Right to Restriction
Request that we restrict the processing of your data in certain circumstances while a dispute is being resolved.
Right to Portability
Receive your personal data in a structured, machine-readable format and transmit it to another controller where technically feasible.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes at any time.
Right to Withdraw Consent
Where processing is based on consent, withdraw your consent at any time without affecting prior lawful processing.
Right to Lodge a Complaint
Lodge a complaint with your national supervisory authority if you believe your rights have been violated. A list of EU DPAs is available at edpb.europa.eu.
Your Rights
United States -- CCPA / CPRA
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Please note that as a B2B manufacturer, most of the personal data we process relates to business contacts and may fall under the B2B exemption; however, we extend the following rights to all California individuals:
Right to Know
Request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes of collection, and any third parties with whom it was shared.
Right to Delete
Request deletion of personal information we have collected, subject to certain exceptions (e.g., completing transactions, legal obligations).
Right to Correct
Request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing
We do not sell personal information and do not share it for cross-context behavioral advertising. This right is therefore not applicable in our current operations.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing as a result of making a privacy request.
Other US States: Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with applicable privacy laws may also have similar rights. We will honor verifiable requests from residents of these states in accordance with applicable law.
Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure. Our security practices include:
- Encrypted data transmission using TLS/SSL protocols for all website communications
- Access controls limiting data access to authorized personnel on a need-to-know basis
- Regular review of data handling practices and third-party service provider agreements
- Secure disposal of data no longer required for business or legal purposes
Children's Privacy
Our services are designed exclusively for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete such information promptly. If you believe we may have collected data from a minor, please contact us at privacy@ohlalawatch.com.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Post a notice on our website for a reasonable period
- Notify active clients by email where the changes materially affect our processing of their data
Your continued use of our website or services after the effective date of any changes constitutes your acknowledgment of the updated policy. We encourage you to review this page periodically.
Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the details below. We aim to respond to all privacy-related inquiries within 5 business days.
Privacy Contact
Ohlala Watch
- Email privacy@ohlalawatch.com
- Subject Line "Privacy Policy Inquiry" or "Data Subject Request"
- Location Shenzhen, Guangdong Province, China
Response Times
- General Inquiries 5 Business Days
- GDPR Data Requests 30 Days
- CCPA Requests 45 Days
- Security Incidents 72 Hours