Language

Cart

Your cart is empty

Privacy Policy

Last Updated: February 2026

Effective Date: February 2026

1. INTRODUCTION

Horamundi (“we,” “us,” “our,” or “the Company”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with our website, services, or business operations.

Horamundi operates as a specialist in haute horlogerie, providing private collectors’ advisory, authentication, curation, acquisition, and consignment services for investment-grade timepieces from our offices at Silver Tower, DMCC, Dubai, United Arab Emirates.

This Privacy Policy applies to all personal data processed by Horamundi, whether collected online through our website (horamundi.com), via email, telephone, in-person consultations, or through our network spanning Dubai, Geneva, and Hong Kong.

Our Commitment:
We are committed to compliance with:

  • The Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020 and DIFC Data Protection Regulations
  • The European Union General Data Protection Regulation (GDPR) for clients in the European Economic Area
  • Industry best practices for luxury goods and high-net-worth client confidentiality

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. DATA CONTROLLER INFORMATION

Data Controller:
Horamundi
Silver Tower, DMCC
Dubai, United Arab Emirates

Contact Information:
Email: info@horamundi.com

Subject of email: Privacy
Phone: +971 568 77 88 11
Attention Remy Julia

For data protection inquiries, requests, or complaints, please contact us using the details above.

3. PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data:

3.1 Identity & Contact Information

  • Full name, title, nationality
  • Date of birth (for age verification and KYC compliance)
  • Residential and shipping addresses
  • Email address, telephone number
  • Preferred language and communication preferences

3.2 Financial & Transaction Information

  • Payment card details (processed securely via third-party payment gateways; we do not store full card numbers)
  • Bank account information (for wire transfers and consignment payments)
  • Purchase and consignment transaction history
  • Valuation and pricing information
  • Tax identification numbers (where required by law)

3.3 Authentication & Account Security

  • Username and password (encrypted)
  • IP address and device identifiers
  • Login history and security credentials
  • Two-factor authentication data (if enabled)

3.4 Consignment & Collection Information

  • Details of timepieces consigned or purchased (brand, model, serial numbers, provenance)
  • Collection preferences and horological interests
  • Acquisition history and investment profile
  • Authentication and condition reports
  • Correspondence regarding consignments and acquisitions

3.5 Marketing & Communications

  • Marketing preferences and consent records
  • Newsletter subscription status
  • Communication history (emails, phone calls, meeting notes)
  • Event attendance and RSVP information

3.6 Technical & Website Usage Data

  • Browser type, operating system, device type
  • Cookies and tracking identifiers (see Section 11)
  • Website navigation patterns and page views
  • Referral sources and search queries
  • Geolocation data (country/city level)

3.7 Special Categories of Personal Data

In limited circumstances, we may process:

  • Biometric data (for high-security authentication, with explicit consent)
  • Politically Exposed Person (PEP) status (for AML/KYC compliance)

We do not intentionally collect sensitive personal data such as racial or ethnic origin, religious beliefs, health data, or sexual orientation unless explicitly required by law or with your express consent.

4. HOW WE COLLECT PERSONAL DATA

We collect personal data through the following sources:

4.1 Direct Interactions

  • When you register an account on our website
  • When you make a purchase or engage consignment services
  • When you request authentication, valuation, or advisory services
  • When you subscribe to our newsletter or marketing communications
  • When you attend events, consultations, or private viewings
  • When you contact us via email, phone, or social media

4.2 Automated Technologies

  • Cookies, web beacons, and similar tracking technologies (see Section 11)
  • Website analytics tools (Google Analytics, Meta Pixel, etc.)
  • Email marketing platforms (open rates, click-through rates)

4.3 Third-Party Sources

  • Payment processors and financial institutions
  • Shipping and logistics partners (delivery confirmations)
  • Social media platforms (if you interact with our content)
  • Public databases and registries (for PEP screening and sanctions compliance)
  • Credit reference agencies and fraud prevention services
  • Watch manufacturers and auction houses (for provenance verification)

4.4 Publicly Available Sources

  • Social media profiles (LinkedIn, Instagram) for relationship management
  • Published watch collector directories and forums
  • Auction records and public sales data

5. LEGAL BASIS FOR PROCESSING (DIFC & GDPR)

We process your personal data only when we have a lawful basis to do so:

5.1 Performance of Contract

Processing is necessary to fulfill our contractual obligations to you, including:

  • Processing purchases and consignments
  • Providing authentication and advisory services
  • Delivering timepieces and managing returns
  • Communicating about your orders and services

5.2 Legitimate Interests

Processing is necessary for our legitimate business interests, including:

  • Fraud prevention and security
  • Network and information security
  • Internal business operations and administration
  • Market research and service improvement
  • Relationship management with high-net-worth clients
  • Provenance verification and due diligence

We carefully balance our legitimate interests against your rights and freedoms, and you may object to processing based on legitimate interests at any time.

5.3 Legal Obligation

Processing is required to comply with legal and regulatory obligations, including:

  • Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements
  • Tax reporting and customs declarations
  • OFAC sanctions and PEP screening
  • Accounting and record-keeping obligations
  • Court orders and law enforcement requests

5.4 Consent

Where required by law, we obtain your explicit consent for:

  • Marketing communications (email, SMS, phone)
  • Non-essential cookies and tracking technologies
  • Sharing data with third-party partners for marketing purposes
  • Processing special categories of personal data

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5.5 Vital Interests

In rare cases, processing may be necessary to protect your vital interests or those of another person (e.g., emergency situations).

6. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

6.1 Service Delivery

  • Processing purchases, consignments, and advisory engagements
  • Authenticating and valuing timepieces
  • Arranging shipping, insurance, and customs clearance
  • Providing after-sales support and warranty services
  • Managing returns, exchanges, and refunds

6.2 Customer Relationship Management

  • Maintaining client profiles and collection preferences
  • Personalizing service offerings and recommendations
  • Communicating about new acquisitions and market opportunities
  • Inviting clients to exclusive events and private viewings
  • Building long-term advisory relationships

6.3 Marketing & Communications

  • Sending newsletters and promotional emails (with consent)
  • Displaying targeted advertising on social media and partner websites
  • Conducting market research and client satisfaction surveys
  • Sharing content about market trends and horological insights

6.4 Business Operations

  • Website administration and technical maintenance
  • Data analytics and business intelligence
  • Financial accounting and tax compliance
  • Internal training and quality assurance

6.5 Legal & Compliance

  • AML/KYC due diligence and PEP screening
  • Sanctions compliance (OFAC, UN, EU lists)
  • Fraud detection and prevention
  • Resolving disputes and enforcing terms and conditions
  • Responding to legal requests and regulatory inquiries

6.6 Security & Risk Management

  • Detecting and preventing cyber threats
  • Monitoring for unauthorized access or suspicious activity
  • Protecting our intellectual property and brand
  • Ensuring physical security of consigned timepieces

7. DATA SHARING & DISCLOSURE

We share your personal data only when necessary and with appropriate safeguards:

7.1 Service Providers & Processors

We engage trusted third-party service providers who process data on our behalf:

Payment Processors:

  • Stripe, PayPal, Network International (for credit card transactions)
  • Banking partners (for wire transfers)

Shipping & Logistics:

  • DHL, FedEx, Ferrari Logistics (for insured courier services)
  • Customs brokers and freight forwarders

Technology Providers:

  • Website hosting and cloud storage (AWS, Microsoft Azure)
  • Email marketing platforms (Mailchimp, SendGrid)
  • CRM systems (Salesforce, HubSpot)
  • Analytics tools (Google Analytics, Hotjar)

Professional Services:

  • Legal advisors and auditors
  • Insurance providers
  • Watchmakers and authentication specialists

All service providers are bound by strict data protection agreements and process data only according to our instructions.

7.2 Business Partners

We may share data with:

  • Watch manufacturers (for warranty claims and service)
  • Auction houses (for consignment sales)
  • Other luxury retailers and dealers (for acquisition sourcing)
  • Co-marketing partners (with your consent)

7.3 Legal & Regulatory Authorities

We disclose data when required by law to:

  • Law enforcement agencies (for criminal investigations)
  • Regulatory bodies (DIFC, UAE Central Bank, tax authorities)
  • Courts and tribunals (in response to legal proceedings)
  • Government agencies (for sanctions compliance and national security)

7.4 Corporate Transactions

In the event of a merger, acquisition, or sale of business assets, your personal data may be transferred to the successor entity, subject to the same privacy protections.

7.5 With Your Consent

We may share data with third parties for specific purposes when you provide explicit consent (e.g., introducing you to a preferred watchmaker or collector).

7.6 International Transfers

Horamundi operates internationally with offices and partners in Dubai, Geneva, and Hong Kong. Your personal data may be transferred to, stored, or processed in jurisdictions outside the UAE, including:

  • European Economic Area (EEA): For clients and partners in Europe
  • Switzerland: For watchmaking services and acquisitions
  • Hong Kong/Singapore: For Asia-Pacific operations
  • United States: For payment processing and cloud storage

We ensure adequate protection through:

  • DIFC Standard Contractual Clauses (for transfers from DIFC)
  • EU Standard Contractual Clauses (SCCs) (for transfers from EEA)
  • Adequacy decisions (where applicable, e.g., UK, Switzerland, Israel)
  • Binding Corporate Rules (where applicable)
  • Your explicit consent (where required)

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations.

8.1 Retention Periods

Data Category

Retention Period

Account information

Duration of relationship + 7 years

Purchase/consignment records

7 years from transaction date (tax/audit requirements)

Payment data

Retained by processors only as required by PCI-DSS

Marketing consent records

Until consent withdrawn + 3 years

Website cookies

Session cookies: end of session; Persistent: 1-2 years

Security logs (IP addresses)

90 days to 1 year

KYC/AML records

5-7 years from relationship end (regulatory requirement)

Legal/dispute records

Duration of dispute + 7 years

8.2 Deletion & Anonymization

After retention periods expire, we securely delete or anonymize personal data. Anonymized data may be retained indefinitely for statistical and research purposes.

8.3 Archives

Limited data may be retained in secure archives for historical, legal, or regulatory purposes beyond standard retention periods.

9. YOUR RIGHTS & CHOICES

Under DIFC Data Protection Law and GDPR, you have the following rights:

9.1 Right of Access

You may request confirmation of whether we process your personal data and obtain a copy of your data.

9.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data where:

  • Data is no longer necessary for the original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing based on legitimate interests
  • Data has been unlawfully processed

This right is subject to legal retention obligations (e.g., AML/KYC, tax records).

9.4 Right to Restriction of Processing

You may request that we limit processing of your data in certain circumstances (e.g., while disputing accuracy).

9.5 Right to Data Portability

You may request a copy of your data in a structured, commonly used, machine-readable format and transfer it to another controller.

9.6 Right to Object

You may object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Automated decision-making

9.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with:

  • DIFC Commissioner of Data Protection (for DIFC matters)
    Website: difc.ae
    Email: dataprotection@difc.ae
  • EU Supervisory Authority (for GDPR matters, if applicable)
    Your local EU Data Protection Authority

How to Exercise Your Rights:
Email: privacy@horamundi.com
Subject: “Data Subject Rights Request”
Include: Your full name, contact details, and description of request

We will respond within 28 days (DIFC) or 30 days (GDPR), which may be extended by an additional 30 days for complex requests.

10. DATA SECURITY

We implement robust technical and organizational measures to protect your personal data:

10.1 Technical Safeguards

  • Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based access restrictions; multi-factor authentication for staff
  • Firewalls & Intrusion Detection: Network security monitoring and threat detection
  • Secure Servers: Data hosted in ISO 27001 certified data centers
  • Regular Backups: Encrypted backups stored in geographically separate locations
  • Penetration Testing: Annual security audits and vulnerability assessments

10.2 Organizational Safeguards

  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Staff Training: Regular data protection and security awareness training
  • Data Minimization: We collect only necessary data
  • Privacy by Design: Security built into systems from the outset
  • Incident Response Plan: Procedures for detecting, reporting, and responding to data breaches

10.3 Physical Security

  • Secure Premises: Access-controlled offices and storage facilities
  • Vault Storage: High-value consignments stored in insured, alarmed vaults
  • CCTV Surveillance: Monitored premises

10.4 Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will:

  • Notify the DIFC Commissioner (within 72 hours, if applicable)
  • Notify affected individuals (without undue delay)
  • Document the breach and our response

11. COOKIES & TRACKING TECHNOLOGIES

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

11.2 Types of Cookies We Use

Cookie Type

Purpose

Duration

Strictly Necessary

Enable core website functions (e.g., shopping cart, login)

Session

Performance/Analytics

Track website usage and performance (Google Analytics)

1-2 years

Functional

Remember preferences (language, currency)

1 year

Targeting/Advertising

Deliver personalized ads (Meta Pixel, Google Ads)

1-2 years

11.3 Cookie Consent

When you first visit our website, you will see a cookie banner allowing you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize cookie preferences

11.4 Managing Cookies

You can control cookies through:

Disabling cookies may affect website functionality.

11.5 Do Not Track (DNT)

Our website does not currently respond to DNT browser signals, but you can manage tracking through cookie settings.

12. CHILDREN’S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors.

If we become aware that we have inadvertently collected data from a minor without parental consent, we will take immediate steps to delete such information.

Parents or guardians who believe we have collected data from a minor should contact us at info@horamundi.com.

13. THIRD-PARTY WEBSITES & SERVICES

Our website may contain links to third-party websites, social media platforms, auction houses, and partner sites.

Important: This Privacy Policy does not apply to third-party websites. We are not responsible for the privacy practices or content of external sites.

We encourage you to review the privacy policies of any third-party websites you visit.

14. AUTOMATED DECISION-MAKING & PROFILING

14.1 Profiling for Personalization

We may use automated profiling to:

  • Personalize product recommendations based on your collection preferences
  • Tailor marketing communications to your interests
  • Assess consignment value and market positioning

14.2 Your Rights

You have the right to:

  • Request human intervention in automated decisions
  • Express your point of view
  • Contest automated decisions

We do not make solely automated decisions that produce legal effects or similarly significantly affect you without human oversight.

15. MARKETING COMMUNICATIONS

15.1 Consent-Based Marketing

We send marketing emails only with your explicit consent. You may opt in to receive:

  • New acquisition alerts and market opportunities
  • Newsletters and horological insights
  • Invitations to exclusive events and private viewings
  • Special offers and promotions

15.2 Opt-Out

You may unsubscribe from marketing communications at any time by:

  • Clicking the “Unsubscribe” link in any email
  • Emailing info@horamundi.com
  • Updating preferences in your account settings

You will continue to receive transactional emails (order confirmations, shipping updates) even after opting out of marketing.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

Notification of Changes:

  • Material changes will be notified via email or prominent website notice
  • Minor updates will be posted on our website with an updated “Last Updated” date

Your Continued Use: Continued use of our website or services after changes are posted constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

17. CONTACT & COMPLAINTS

17.1 General Inquiries

For questions about this Privacy Policy or our data practices:

Email: info@horamundi.com
Phone: +971 56 877 88 11
Address:
Horamundi
Silver Tower, DMCC
Dubai, United Arab Emirates

17.2 Data Protection Officer

For data protection-specific inquiries:

DPO Email: info@horamundi.com
DPO Name: Remy Julia

17.3 Supervisory Authorities

You have the right to lodge a complaint with:

DIFC Commissioner of Data Protection
Level 14, The Gate, PO Box 74777
Dubai, United Arab Emirates
Email: dataprotection@difc.ae
Website: difc.ae

EU Data Protection Authorities (if you are located in the EEA)
Find your local authority: edpb.europa.eu

18. CONSENT & ACKNOWLEDGMENT

By using our website, engaging our services, or providing your personal data, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you provide personal data about another individual (e.g., a gift recipient), you represent that you have obtained their consent and informed them of this Privacy Policy.

HORAMUNDI – Committed to Your Privacy

Silver Tower, DMCC

Dubai, United Arab Emirates

info@horamundi.com

horamundi.com

Provenance

Verified source and legitimate ownership history. Every seller is personally known; every piece cross-referenced with The Watch Register and manufacturer records.

Timeline

Manufacturing date, initial sale, and ownership duration documented. Fresh-to-market pieces receive special consideration.

Rarity

Market scarcity within brand hierarchy assessed. Previously known or unknown pieces to the market.

Authenticity

Original components, certificates, and accessories verified through experience, expertise and technical analysis.

Condition

Preservation state documented: untouched, unpolished, or professionally restored. Wear patterns analyzed for consistency between movement and case elements.