Last revised: March 2020
In the following we inform you how we process your personal data in connection with the OUTLETCITY CLUB ("OUTLETCITY CLUB"; see section 3 below) and our online shop available at https://www.outletcity.com/de-de/shop/ ("Online Shop"; see section 4 below).
1.1 OUTLETCITY CLUB
The OUTLETCITY CLUB is the loyalty program of Outletcity Metzingen GmbH (hereinafter "we", " Outletcity Metzingen GmbH" or "OCM"). In order to be able to offer you the OUTLETCITY CLUB, we collect personal data about you when you register for and use the OUTLETCITY CLUB.
In addition to your email address, your password (or, alternatively, your Facebook login data), your title, and your personal identification number, this includes data related to your purchases, i.e., information about what you purchased from which Partner, whether you purchased on site or online, to which country you had the products delivered, how many reward points you received, if any, and what you redeemed them for, what status level you achieved in the OUTLETCITY CLUB, and whether you used the OCM App.
All these personal data are processed for the purpose of operating the OUTLETCITY CLUB and better marketing our products and services.
1.2 Website (including Online Shop)
When you visit our Website (including the Online Shop, hereinafter the " Website"), we store information about you via log files. Registration for the Online Shop is linked to registration for the OUTLETCITY CLUB. Accordingly, we process the same personal data in both cases. Other personal data, such as your address and which products you buy, only is processed if and when you place an order.
After you have logged in or after you arrive in our Online Shop via a link in our newsletter or another advertising channel, we analyze which areas of our Online Shop you are browsing in order to send you relevant advertising in the future.
If you visit other websites after visiting our Online Shop, as a reminder, we display advertising there for products that you have viewed on our Website (retargeting).
When orders are placed, credit agencies help us routinely verify address data, and in some cases, depending on the chosen payment method, to obtain credit information. In the case of payment by invoice, we obtain separate consent from you.
In order to be able to offer you the Online Shop and market our products and services, we work together with various processors and other service providers, who also have access to your relevant personal data in this connection.
2. General Provisions
2.1 Controller and data protection officer
The controller within the meaning of data protection law is:
Outletcity Metzingen GmbH
72555 Metzingen, Germany
Phone: +49 (0)7123 92340
You can reach our data protection officer via email: email@example.com.
(a) "Personal data" means any information related to an identified or identifiable natural person. This includes, for example, your email address or your name, but also, among other things, your user behavior.
(b) "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection or storage of personal data.
In addition, we refer you to the definitions in Art. 4 GDPR and the definitions of our General Terms and Conditions for the OUTLETCITY CLUB and the Online Shop.
2.3 Third Country Transfers
We transfer personal data to third countries (currently: United States) only if and to the extent that our processors operate in third countries. If the European Commission has not issued an adequacy decision for a third country, data transfers to that country are subject to suitable or appropriate guarantees. You may obtain a copy of the relevant guarantees from the controller at the above address.
We only use those processors to process your personal data on our behalf who are identified in this Privacy Notice for the relevant processing activity.
2.4 Rights of data subjects
According to the law, you have the following rights:
· right to obtain information about your personal data from us (Art. 15 GDPR);
· right to rectification (Art. 16 GDPR);
- right to erasure (Art. 17 GDPR);
· right to restricted data processing (Art. 18 GDPR);
· right to data portability (Art. 20 GDPR); and
· right to object to data processing (Art. 21 GDPR).
Insofar as the data processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke your consent at any time, without thereby affecting the lawfulness of data processing carried out on the basis of your consent until revocation.
You have the right to lodge a complaint with the competent supervisory authority.
Right of objection under Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data in accordance with Art. 6 para. 1 lit. f) GDPR.
We will no longer process your personal data, unless we can show compelling, legally protected reasons for processing your data which override your interests, rights and freedoms, or the processing of your data serves the enforcement, exercise, or defense of legal claims.
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for these purposes.
We will review this Privacy Notice on a regular basis and update it as necessary. We will inform you (for example, on our Website) of any material changes to this Privacy Notice.
3. OUTLETCITY CLUB
3.1 Personal data and processing activities
We process certain types of personal data if you join the OUTLETCITY CLUB.
(a) Registration by name via the Website (master data)
You can register for membership in our OUTLETCITY CLUB by creating a customer account (registration) on our Website and may add more details later via the Website or the OCM App.
(i) Required information
If you register on our Website to join the OUTLETCITY CLUB, we collect the following personal data from you via the application form: Your email address, a password, the country of delivery via your place of residence, and your title.
To save you time and effort, we derive some information directly from the application form or its processing. This includes, for example, the date of your registration and your desired language of correspondence. This information is required to register for membership in the OUTLETCITY CLUB.
(ii) Additional information
In addition, you may voluntarily provide us with additional personal information to complete your customer profile, as part of your application or during your membership in our OUTLETCITY CLUB.
Such personal information may include, for example, your first and last name, date of birth, address, or other interests and preferences. We need this information in order to be able to identify you accurately in connection with the OUTLETCITY CLUB. We need your correct date of birth in order to provide you with benefits of the OUTLETCITY CLUB as described in the General Terms and Conditions. Please note that if you exercise your right to have your personal data rectified, we must insist on appropriate proof. To change your date of birth, please contact our Customer Service directly.
(iii) OUTLETCITY CLUB Code and identification number
Upon completion of the registration process, you initially only receive your OUTLETCITY CLUB code. This code serves to unmistakably identify you as a member of the OUTLETCITY CLUB.
Because the OUTLETCITY CLUB code may change during the course of your membership, for example if your customer card is lost or the OCM App is uninstalled, we also use a unique identification number. By using this identification number in the background, we can ensure that even if the OUTLETCITY CLUB code is changed, reward and status-relevant purchase values are credited to your account and can be redeemed. This unique identification number is generated exclusively by the system and used for all identification processes. If your customer card is lost, this procedure also allows us to block the corresponding OUTLETCITY CLUB code so that you can continue to use the OUTLETCITY CLUB without having to re-register.
(iv) Facebook Login
If you are a Facebook user, you can also register using the social plugin "Facebook Connect" of the social network Facebook. "Facebook Connect" is offered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A. ("Facebook") or, if you are a Facebook customer and from the EU, by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The social plugins of "Facebook Connect" can be recognized by the blue button with the Facebook logo and the inscription "FACEBOOK LOGIN".
Depending on your Facebook personal privacy settings, when you use the Facebook login we may receive general and publicly available information from Facebook that is stored in your profile, such as your last name and first name, your age (for example, at least "21 years or older", which we do not store), your gender, your location (if specified on Facebook), your email address, and your profile picture (which we do not store).
We process the data provided by Facebook to create your user account. This data processing is therefore based on Art. 6 para. 1 lit. b) GDPR.
We store data provided by Facebook as long as your account is activated and, beyond that, for any applicable limitation periods and legal recordkeeping periods.
We refer to all of these personal data as "Master Data".
(b) Reward Data
When you earn or redeem reward points in the OUTLETCITY CLUB, we collect the following "Reward Data".
When earning reward points, the Reward Data includes all information necessary for the reward points and their management, and the ongoing enhancement and marketing of the OUTLETCITY CLUB. This includes information about the Partners from whom you earn points, the products you purchase, and the number of points you earn.
When you shop online or use your OUTLETCITY CLUB code with a Partner for a purchase, the Reward Data includes information about the products purchased, the date of purchase, the price, the payment method, and information about the Partner from whom you purchased.
When you redeem reward points, the Reward Data includes information about the reward for which reward points were redeemed and the number of reward points redeemed.
(c) Initial use of the OUTLETCITY CLUB without registration by name
We also provide you with an opportunity to use our OUTLETCITY CLUB for a trial period on site without prior registration. In this case you receive an OUTLETCITY CLUB code which you can use as a QR code in the OCM App or in printed form.
For this OUTLETCITY CLUB code, we already store all Reward Data without knowing your Master Data or assigning Reward Data to you.
If you register for the OUTLETCITY CLUB at a later date, we link the personal data that you enter in accordance with Section 3.1(a) to the personal data stored for your OUTLETCITY CLUB code.
(d) Status data
In order to manage the OUTLETCITY CLUB status (gold or silver status), we store, in addition, data necessary to manage this status, such as the member's revenue of the past twelve months and the benefits associated with the status. This personal information is referred to as " Status Data".
(e) Program Data
For your membership in the OUTLETCITY CLUB, we also process so-called " Program Data" that enable us to offer the OUTLETCITY CLUB.
(i) Outletcity Website (including the Online Shop)
When you visit or shop on our Website, we process the personal data described in Section 4.1(a) below.
To the extent that we can assign this information to you, we also process your preferred brands, products, and offers on our Website.
If you use a coupon to purchase a product from us, we also process data about the product for which you used the coupon to determine your preferences.
(ii) Outletcity Metzingen App ("OCM App")
If you use the OCM App, we process in particular your advertising ID (a unique identification number of the operating system of your mobile phone), your location if you allow this information to be collected via your smartphone, information about your language settings, date, time and duration of the App use, as well as your "Likes," in order to display these in the OCM App for you and to be able to direct you to the brands and offers shown on the map.
If you scan a sales receipt with the OCM App in order to receive reward and status points for products you have purchased, we process the data from the sales receipt with the assistance of Gini GmbH, Rosenheimer Straße 143c, 81671 Munich, Germany, so that status-relevant purchase values and reward points can be added to your reward points balance of the OUTLETCITY CLUB. If a receipt cannot be processed fully automatically under certain circumstances, manual post-processing is carried out by our Customer Service.
Additional information about data processing in the OCM App is available at https://www.outletcity.com/en/metzingen/app-datenschutz/.
(iii) Outletcity Metzingen
When you visit Outletcity Metzingen, we process information about your in-store purchases if you report them to earn reward points from the OUTLETCITY CLUB.
If you use our OCM App during your visit to Outletcity Metzingen, we process the data described in section 3.1(e)(ii) and the OCM App privacy notice.
To send you our newsletter as part of your OUTLETCITY CLUB membership, we process your title and email address.
We analyze your user behavior in connection with the newsletter. For this analysis the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our Website. For analysis purposes we link your personal data and the web beacons to your email address and an individual ID. Links received in the newsletter also include this ID. We use these data to create a user profile in order to tailor the newsletter to your personal interests. We track when you read our newsletters and which links you click in them, and we infer your personal interests from this information. We link this information to actions you take on our Website. This processing is based on Art. 6 para. 1 lit. f) GDPR in order to provide you with a better shopping experience.
We use Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, D-80339 Munich, Germany, as a processor for newsletter services, including behavioral analysis.
If we mail you information about Outletcity Metzingen based on your data, the OUTLETCITY CLUB, or the Online Shop, we process the following personal data about you for this purpose (Art. 6 para. 1 lit. b) or c) GDPR): title, first name, last name, and address.
(vi) Market research
For market research purposes and demand-oriented design of our products, we create user profiles using pseudonyms (Art. 6 para. 1 lit. f) GDPR) to improve our services to you. These data are not combined with any other personal data. You may object to this processing by contacting us at the above address, telephone number, or email address, or at the address shown in the Legal Notice of our Website.
(vii) Parking on the Premises of OCM
Depending on your status level you as a member will receive discounted or free parking.
In order to offer you this service we process your Status Data and the parking duration
when you identify yourself with your OUTLETCITY CLUB code when paying for your parking ticket.
We process this data in order to meet our obligations towards you as a member; the processing is based on Art. 6 para. 1 lit. b) GDPR.
In order to carry out the check whether you are entitled to discounted or free parking we cooperate with our service providers who operate the parking garages for us (APCOA PARKING Deutschland GmbH and Scheidt & Bachmann GmbH).
3.2 Purpose of processing personal data
We process your personal data (Master Data, Status Data, Reward Data, and Program Data) in connection with the OUTLETCITY CLUB in order to
(a) process your application to join the OUTLETCITY CLUB and to provide you with your OUTLETCITY CLUB code and other contract-relevant information related to the OUTLETCITY CLUB;
(b) enable you to earn and redeem reward points, in particular to credit the reward points earned by you from our Partners and to charge reward points redeemed to receive rewards to your reward points account;
(c) always be able to check whether the correct number of reward points or status-relevant purchase values have been credited to you and whether the correct number of points or status-relevant purchase values have been deducted from your account when you redeem points to receive a reward or cancel a purchase;
(d) provide you with benefits appropriate to your particular status when you meet the relevant criteria and to provide you with other contract-related information about your status,
(e) be able to manage, upgrade, and market the OUTLETCITY CLUB; and
(f) inform you about current enhancements of or changes to the OUTLETCITY CLUB as well as about interesting products in connection with the OUTLETCITY CLUB. For this purpose we process your Master, Status, Reward, and Program Data in connection with the membership contract, in order to provide you with information about the OUTLETCITY CLUB and our Partners that is relevant to you and tailored to your personal interests. For example, we use your location, your age, your current status, and your most recent purchases to personalize offers for certain product categories or redeemable coupons in the newsletter to reflect your needs.
We process these data for the performance of your OUTLETCITY CLUB membership contract with us (Art. 6 para. 1 lit. b) GDPR).
In addition, we may in some cases process your Master Data, Reward Data, Status Data or Program Data to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR). We have legitimate interest in protection from tangible and intangible damage, such as prevention of fraud and other misuses, audits, and, where applicable, the enforcement of legal rights or claims.
3.3 Storage period
We store your personal data no longer than necessary to achieve the processing purposes stated in each case. We therefore store your personal data for the duration of your membership in the OUTLETCITY CLUB and delete your personal data six months after the end of your membership, unless you have purchased products from the Online Shop. If you have purchased products from the Online Shop, we delete your personal data after the applicable limitation period has expired. If longer data storage is required by commercial, tax, or other laws, we store your personal data as long as we have an obligation or right to do so.
4. Outletcity Website (including Online Shop)
We operate our Website at https://www.outletcity.com. We process personal data each time an unregistered user visits our Website for information purposes and each time a registered user uses our Online Shop.
4.1 Data processing in connection with use of the Website independent of registration
(a) When you access our Website
When you access the Website, your browser transmits personal data to our server. This is done by using log files in which your IP address is stored. In addition to the IP address, log files provide us with the following information:
- Referrer URL
· Date and time of your access, time zone difference to GMT
· Access method/function desired by the requesting computer
· Input values transmitted by the requesting computer (file name)
· Accessed page or name of requested file
· Access status/status code (file transferred, file not found, command not executed, etc.)
- Transferred data volume
· Version of your browser and operating system
We store this personal data for a maximum of seven days.
If you visit the Website as a registered user, we process this data to perform our contract with you and therefore the processing is based on Art. 6 para. 1 lit. b) GDPR. If you visit the Website as an unregistered user, this data processing is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in being able to offer you a secure Website that is as free from errors as possible.
For the operation of our web servers we use the host providers Claranet GmbH, Hanauer Landstraße 196, 60314 Frankfurt, and Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States as processors.
(b) Movement on our Website
When you view our Website, we will collect the following data jointly with our partners adrox GmbH, Niederstr. 1, 47829 Krefeld ("adrox"), and AWIN AG, Sapporobogen 6-8, 80637 Munich ("AWIN"):
- your movements in the Online Shop (including which subpage/category page you visit, from which subpage/category page you arrive, how long you stay on each page, and what you click on), and
- information about whether or not you make any purchases.
The legal basis for our processing of these personal data is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in collecting these data because it allows our online advertising campaigns with third parties to target our (potential) customers more effectively.
It is a material term of the agreement that we as well as our partners will process data in compliance with applicable data protection laws. We have no access to systems used to process personal data at other data controllers, nor do other data controllers have access to our systems. Furthermore, we have no authority to issue instructions to our partners with respect to data processing, and vice versa. Each data controller is fully responsible for complying with all applicable data protection laws. When processing data, each data controller will make sure that personal data are processed in compliance with applicable laws. Each data controller is responsible for making available information about all data that are processed within the organization and by the staff for which that controller is responsible.
As a data subject, you have the rights described in Section 2.4 also in relation to adrox and AWIN, and may exercise these rights against adrox, AWIN, or us.
(c) Banner advertising on third-party websites
If you arrive in our Online Shop through our banner advertising on third-party websites ("Publishers"), personal data will also be transferred to our advertising partners adrox (see lit. i below) and AWIN (see lit. ii below).
You will find the material terms of the agreement on joint responsibility in Section 4.1 (b).
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in advertising for the Online Shop across different websites.
You will find the material terms of the agreement on joint responsibility in Section 4.1 (b).
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in advertising for the Online Shop across different websites.
If you use our contact form or contact us by e-mail, we process the following personal data:
- Your title
- Your first and last name
- Your email address
· Your message including selected subject line
- Date and time of your request
If you contact us as an unregistered user, we use these personal data to respond to your inquiry. This applies whether you contact us through the contact form on our website or by e-mail. In this case, the processing of your personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in responding to your inquiry.
If you contact us as a registered user or if there is any other contractual relationship between you and us, these data are processed to answer your inquiry to negotiate or perform the contract with you and data processing is based on Art. 6 para. 1 lit. b) GDPR. This applies whether you contact us through the contact form on our website or by e-mail.
Irrespective of whether you are a registered or unregistered user, we will also process your data to optimize our business processes, in particular to constantly improve our handling of user inquiries, and we will evaluate your inquiry to the extent necessary for this purpose. In this case, the processing of your data will be based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in optimizing our business processes.
We will store your personal data at the longest until the aforementioned data processing purposes have been achieved. If you contact us, this means, irrespective of the way in which you do so, that after your inquiry has been answered, we will store your personal data only for the time period needed to evaluate your inquiry and, if applicable, to optimize our business.
We delete inquiries from registered users after the standard three-year period of limitation has expired. These storage periods apply only if there are no legal recordkeeping obligations which require us to store your personal data for a longer period of time.
(e) Press inquiries
If the press form is used, we process the following personal data:
- Your title
- Your first and last name
- Your email address
· Your message including selected subject line
- Date and time of your inquiry
· Your IP address (this is not stored together with any other personal data of your inquiry)
We process these personal data exclusively to respond to your inquiry on the basis of Art. 6 para. 1 lit. f) GDPR. Processing is based on our legitimate interest in a close-up press work. We delete such inquiries after six months, if contact was made only on a single occasion, we do not expect any further communication in the matter, and we have no legal obligation to store inquiries for a longer time period.
If you subscribe to the newsletter as an unregistered user, you must enter your email address, title, and the preferred language.
To verify your identity, we send you an email with a personalized link that you must click to confirm your subscription. We store information about when you confirmed your newsletter subscription.
In addition, we process your personal data in connection with the newsletter as described in section 3.1(e)(iv).
In this case, we store your personal data as long as you receive the newsletter and thereafter as long as we still need the data to prove that you authorized us to send you the newsletter, for example until the limitation period for any claims has expired.
If we mail you information about Outletcity Metzingen or its Online Shop (Art. 6 para. 1 lit. f) GDPR) on the basis of your personal data, the following personal data is processed:
- Your title
- Your first name and last name
- Your address
Lettershop Raible GmbH & Co. KG, Industriestraße 92, 75181 Pforzheim, Germany, processes this personal data on our behalf in order to assist us with mailings, for example by sending mail to you.
In our Online Shop and our email newsletters you have the opportunity to participate in surveys. If you participate in a survey, we process your following personal data for purposes of the survey:
- If applicable, your customer number; if we conduct the survey in a personalised manner, we will inform you of this in individual cases
- Your IP address
- Date and time of survey participation
- Your billing address
- Tax advisors and accountants
- Internal transaction ID
- Order date
- Name of company
- Full name
- Date of birth
- Telephone number
- Email address
- Body type
- Preferred fit
- Reference brand and product
- Bra size, if the gender "female" is specified
- Order number, and
- Customer ID
- browser type/version,
- operating system used,
- time of server request,
· Your device type, your browser type and operating system
Information you provided during the survey
Information about whether you fully answered the questions
However, we do not evaluate surveys on a personal basis, but only on the basis of pseudonymized customer segment information and other anonymous criteria.
Survey-related data processing is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in being able to continuously improve our range of products and services.
Surveys are performed for us by SurveyMonkey Europe UC (2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) or Usabilla B.V. (Rokin 16, 1012 KR, Amsterdam, Netherlands).
4.2 Data processing in connection with orders placed in the Online Shop (including the Reward Shop)
When you place your first order, we collect at least the following data in addition to the Master Data mentioned in section 3.1(a) above in order to process your order:
· Your shipping address, if different from your billing address
· Your preferred payment method and, depending on the payment method, your payment details, such as your account number
We store these personal data together with information about products you have ordered in the past, the time of the order, data about your payment (amounts paid, time details we receive from you or our bank), commissioning data (location, ID numbers, time details), data about shipping and receipt (shipping service provider, package tracking number, time details for the package), communication data (e.g., telephone number, email address), contract master data (contract, interest in products or contracts), and the customer history maintained by us or for us by the service provider PVS Fulfillment-Service GmbH, Heinz-Nixdorf-Straße 2, 74172 Neckarsulm.
If you pay by credit card, your credit card details are not transmitted to us, but rather are transmitted by your browser directly to the executing payment service provider, Adyen B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands.
Should you exercise any rights of revocation, exchange products, or make warranty claims, we store additional personal data, such as information about your return (shipping service provider, package tracking number, time details for shipments), our receipt of your return (location, ID numbers, time details), as well as the condition of the products.
We store such data in order to be able to perform and enforce our contract with you (Art. 6 para. 1 lit. b) GDPR), to have proof of the steps taken by us in performance of the contract, to be able to provide you with an order history, and to be able to offer you the best user experience possible (Art. 6 para. 1 lit. f) GDPR). Processing such data is based on our legitimate interest in preserving evidence, increasing customer satisfaction, optimizing our products and service, and promoting sales.
We store data required to be archived in accordance with applicable tax law as long as required by tax law. In addition, we store the aforementioned personal data at least until applicable limitation periods have expired, and we store order data for a period of ten years.
We transfer the following personal data to the following third parties in order to process your orders:
· Payment data to the payment service provider, who may forward the data to other banks, for example in order to be able to collect a direct debit from your bank.
· Shipping data to the shipping or parcel service provider
· Order data to collection service providers, lawyers, and courts in the event of disputes
(b) Orders shipped to Switzerland
If you proide a Swiss shipping address for your order, we process your personal data in accordance with the preceding paragraph. Deviating from the above, however, we transfer your data to parcel service providers, payment service providers, collection service providers, lawyers, and courts in Switzerland, if necessary. The legal basis for transferring personal data to Switzerland is an adequacy decision from EU Commission.
(c) Address verification during order process
If you enter a new address during the order process, we verify the address once and correct any minor, obvious errors. For this purpose, we send German addresses without names to infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany, Austrian addresses to Credify Informationsdienstleistungen GmbH, Gumpendorfer Straße 21, 1060 Vienna, Austria, and Swiss addresses to CRIF AG, Hagenholzstraße 81, 8050 Zurich, Switzerland. Detailed information about the processing of personal data by infoscore Consumer Data GmbH is available at https://finance.arvato.com/icdinfoblatt , by Credify Informationsdienstleistungen GmbH at https://www.credify.at/datenschutz , and by CRIF AG at https://www.crif.ch/dsgvo/.
This processing is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in granting smooth shipment, in being able to prevent manipulated shipping of products to wrong addresses, and in being able to reject your credit card payment, payment by SEPA direct debit, or purchase by invoicing in case of unknown addresses to secure our incoming payments.
Credit agencies process the data received and also use them for scoring purposes in order to provide their respective contract partners with information for assessing the creditworthiness of natural persons. More detailed information about data processing by credit agencies is available from the agencies named above.
If you have any questions about how credit scores are determined by a particular credit agency, please contact that agency directly. If you place an order from Switzerland, data is transferred to CRIF AG in Switzerland. The EU Commission has issued an adequacy decision for Switzerland, which you can obtain at the above address.
(d) Credit check and selection of payment method
In order to be able to offer you the best possible selection of payment methods, we want to protect you and us from misuse and reduce our risk of non-payment (legitimate interest).
For registered customers we regularly calculate which payment methods we can offer. For this purpose, we look at blacklists, keep our own lists of approved customers, and analyze your product return record. We do this to avoid payment defaults on the basis of Art. 6 para. 1 lit. f) GDPR. We store the results of our checks until the next recalculation. If your name is on a blacklist, you are not able to pay by credit card, SEPA direct debit, or invoice. If you are on a list of approved customers, you may use all payment methods.
If the aforementioned analysis by us yields no clear result, we send your name, your address and, if applicable, your date of birth to the appropriate credit agency named in section 4.2(c) for the purpose of a credit check. The legal basis for these transfers is Art. 6 para. 1 lit. f) GDPR. The results of the credit check are only processed immediately in order to be able to show you your personal selection of payment methods and are not stored beyond that.
For improved user-friendliness we transfer data categories which identify you as a user (such as your address) and data categories which relate to your order (such as the fact of whether a voucher is being redeemed) to the selected payment service provider. This allows us, under certain circumstances, to save you a time-consuming authentication process during which you must enter additional information on other payment service websites (known as "frictionless flow"). This serves your interest in being able to make payment without being redirected to a third-party site if possible, as well as our interest in being able to offer you this user-friendly and secure payment process (Art. 6 para. 1 lit. f) GDPR).
(e) Data tests with alternative credit agencies
In order to avoid payment defaults in the long term, we must ensure that we work with reliable credit agencies. To evaluate the accuracy of the credit agency we use for credit checks, we have customer data sets checked by alternative credit agencies on a small scale for testing purposes. The customer data set used for this purpose in each case includes the following personal data (depending on the requirements of the alternative credit agency):
· Client (key for assigning the purchase order to a brand/shop)
· Information as to whether the customer is a new or existing customer
· If applicable, information about when the customer became our customer
· Information about the relevant order (product category, order amount, order channel, product categories in the shopping cart, number of products purchased, payment method offered and selected, shipping, returns, any past due notices)
· Total amount of outstanding payment claims against the customer and any ongoing payment default
· Information about whether and when payment claims were transferred to a collection agency
· Information about suspected fraud
· Information about any undeliverability of ordered products
The alternative credit agency evaluates this information on the basis of its own scoring procedures and sends us the results of each evaluation. These include, in particular, information as to which payment method would have been offered to the customer according to the parameters of the alternative credit agency. The alternative credit agency does not store transferred customer data or process such data for any other purpose. We will enter into a data processing contract with the credit agency for each test, so that any further use of personal data by the credit agency is ruled out and the credit agency processes personal data only on our behalf.
We then compare the results of our credit agency with those of the alternative credit agency.
This processing of your personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in being able to offer our customers who are able and willing to pay all payment methods on a permanent basis and in providing them with a superior shopping experience. If, due to unreliable credit scores of the credit agency used by us, we had to expect more payment defaults, we would have to limit the payment methods we offer to those methods which pose no risk of default for us. This would considerably impair the quality of our service. Since such data tests have no effects that are noticeable for the customer, our legitimate interest in carrying out such tests prevails.
We delete the personal data results of the comparison immediately after it has been completed. Thereafter we only store statistical data on which credit agency determined the creditworthiness of the tested customers with more accuracy in the comparison.
(f) ParcelLab package tracking service
In your online customer area MY ACCOUNT under MY ORDERS you can track the status of your shipment. For this purpose the data of your order, in particular the parcel number, is transmitted to parcelLab GmbH, Landwehrstraße 39, 80336 Munich, Germany, which uses the data to track your shipment for us and then return the data about your shipment to us for transmission. This enables you to retrieve an order history with information about the status of our shipments to you.
This processing of your personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in improving your user experience after you have placed an order.
(g) Size recommendations
When selecting a product, you may ask us which size we would recommend based on your measurements. For this purpose a third-party interface will appear on our website which we will use to transfer the following data to our data processor Fit Analytics GmbH, Voigtstr. 3, 10247 Berlin, if you make these data available to us:
Fit Analytics GmbH will analyze your data on our behalf and display to you through an interface which size would on average be the best fit for you given your measurements. This will enable you to order clothing with the best fit.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR because we have a legitimate interest in improving our service, selling you clothing with the best possible fit, and avoiding returns and the associated costs and environmental harm as much as possible.
4.3 Voucher offers of Sovendus
We show you voucher offers of Sovendus GmbH, Moltkestraße 11, 76133 Karlsruhe ("Sovendus"), especially after you have placed an order. During this process we transmit your IP address to Sovendus, which uses it exclusively for data security purposes and generally anonymizes it after seven days. If you click on a Sovendus voucher banner, we transmit your name and email address to Sovendus in encrypted form in order to prepare the voucher. For billing purposes we also send Sovendus a pseudonymized order number, order amount including currency, session ID, coupon code, and time stamp.
This processing of your personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in improving your shopping experience in our Online Shop.
For additional information about the processing of your personal data by Sovendus, please see their privacy notice at www.sovendus.de/datenschutz (or www.sovendus.at/datenschutz for Austria, and www.sovendus.ch/datenschutz for Switzerland).
4.4 Cookies and third-party tools
(b) Profiling of registered users
After you have logged into our Online Shop, we record which areas you visit and which products you click on, place in the shopping basket, and order. For this purpose a cookie-based analysis of past and present click and purchase behavior may also be performed. In such cases a cookie is stored on your computer or mobile device in order to record pseudonymized data about your interests and thus personalize advertising for you based on the stored information. That way, you only see advertising that is highly likely to reflect your interests in products or information.
This processing of personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in advertising only products to you that are relevant to you and in creating a personalized shopping experience for you, for example by displaying suggestions for products or product lines that may be of interest to you in our Online Shop or on other websites (so-called retargeting) and designing the content of our email newsletter accordingly. Where necessary, we also process such personal data in our interest to prevent or detect misuse and fraud.
We use epoq internet services GmbH, Am Rüppurrer Schloß 1, 76199 Karlsruhe, Germany, and Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, D-80339 Munich, Germany, as processors for these data processing operations.
Behavioral analysis data also is transferred to the following companies we use as processors:
· 8select Software GmbH, Franz-Mayer-Straße 1, 93053 Regensburg, Germany
· intelliAd Media GmbH, Sendlinger Strasse 7, 80331 Munich, Germany
· Sovendus Voucher Network Sovendus GmbH, Moltkestraße 11, 76133 Karlsruhe, Germany
· Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
· and the retargeting service providers named in section 4.4(e).
(c) Use of Google services in our Online Shop
In our Online Shop we use so-called plugins of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. (" Google").
When you visit a page of our Online Shop that contains such a plugin, your browser establishes a direct connection to the Google server. The content of the plugin is transmitted directly to your browser and integrated into the page. As a result of the integration of the plugin, Google receives the information that your browser has requested the corresponding page of our Website, even if you do not have a Google user account or are not logged in. This information (including your IP address) is transmitted directly from your browser to the Google server, which may also be located in the United States (see special features of Google Analytics below).
Google has committed to abide by the provisions of the EU Privacy Shield Agreement with the United States, so that the corresponding adequacy decision of the EU Commission provides a legal basis for transferring personal data to the United States. This is intended to ensure compliance with the applicable EU data protection level.
For additional information about the processing and use of data by Google, as well as your related rights and setting options to protect your privacy, please see Google's privacy notice: https://policies.google.com/privacy?hl=de
If you do not want Google to associate data collected through our Online Shop directly with your Google Account, you must log out of Google before visiting our Online Shop.
(i) Google Analytics
· referrer URL (the previously visited page), and
are usually transferred to a Google server in the United States and stored there. User profiles are created in pseudonymous form.
The information obtained by us from Google Analytics enables us to evaluate the use of our Online Shop, conduct market research, and design our Online Shop in line with consumer demand (legitimate interest, Art. 6 para. 1 lit. f) GDPR).
Such data only is transferred to third parties if this is required by law or if third parties process such data on our behalf.
We have added the code "anonymizeIP" to Google Analytics. Your IP address is pseudonymized (IP masking) and not merged with any other data by Google under any circumstances. This short-term processing of your IP address by Google helps generate website statistics to improve our Online Shop.
Information about data privacy in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).
(ii) Google Signals
Google Signals is used as an add-on to Google Analytics. The tool allows for enhanced statistical visitor analysis. Google Signals employs methods of cross-device tracking technology, which allows for different visits to the Website by the same visitor with different end devices to be associated with this visitor.
Using Google Signals requires that you are registered with Google and that the option "personalized advertising" in your Google account has not been deactivated.
This Google service does not provide us with any data that can be directly traced back to you, but only provides us with statistics for all users who have triggered a conversion (e.g., by clicking on an advertisement).
You have the option to turn off the functionality of Google Signals by turning off the "personalized advertising" option in your Google Account Settings.
(iii) Google Maps
We use the Google Maps service in our Online Shop to show you an interactive map (Art. 6 para. 1 lit. f) GDPR). Our legitimate interest is to inform you where you can find us should you wish to visit us in person.
If you visit the page of our Website into which Google Maps has been integrated, we transmit your IP address to Google.
(iv) Google Fonts
We use Google Fonts on our Website. These are fonts that can be displayed by your browser even if these special fonts are not available on your system. This processing is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in a standardized presentation of our Online Shop on all types of devices and in all types of browsers.
(v) Google ReCaptcha
We use the Google ReCaptcha service to check when online forms are filled out whether a natural person is really trying to use the form, rather than unwanted automated attack software. In connection with this service, we collect your IP address and, where appropriate, the information you have provided to Google, so that Google can perform an analysis on our behalf.
This processing is based on Art. 6 para. 1 lit. f) GDPR because he have a legitimate interest in IT security and the maintenance of our services.
(vi) Google Retargeting
Please also review our use of Google retargeting technologies in the section on retargeting (see Section 4.4(e)).
(d) Use of Facebook services in our Online Shop
We also use Facebook services. Our contract partner is usually Facebook Ireland Ltd.
To the extent that personal data are transferred to Facebook Inc., however, it has committed to abide by the provisions of the EU Privacy Shield Agreement with the United States, so that the EU Commission's adequacy decision constitutes a legal basis for the transfer of your personal data to the United States. This is intended to ensure compliance with the applicable EU data protection level.
If you do not want Facebook to associate data collected through our Website directly with your Facebook profile, you must log out of Facebook before visiting our Website.
(i) Facebook Conversion Tracking
On our Website we also use Facebook Conversion Tracking with the help of Facebook pixels. If you have viewed an advertisement from us and later visit certain points of our Online Shop, we would like to be able to score this as a success of our advertisement. To do so, Facebook links information about advertisements to information about which pages you have visited on our Website. Later we receive statistical information about the success of our advertisements from Facebook. However, it is not possible for us to tell later which specific person accounts for the success of our advertisements.
Facebook is able to measure the success of advertisements across all devices, so that, for example, an advertisement shown on a smartphone can be assigned to a subsequent purchase made on our Website using a laptop. Assignments are made a maximum of 28 days after the advertisement.
The purpose for us, and our legitimate interest, is to evaluate and optimize our advertising strategies in order to show the best advertisements possible and not spend money on unsuccessful advertising (Art. 6 para. 1 lit. f) GDPR).
(ii) Facebook Retargeting
Please also review our use of Facebook retargeting technologies in the section on retargeting (see section 4.4(e)).
Our Website uses so-called retargeting technologies (also known as remarketing). We use these technologies to make the entire Internet experience - even on third-party sites - more interesting for our users. Retargeting technologies make it possible to show Internet users who have already shown interest in our Online Shop and our products new advertising on subsequently visited third-party sites. Such advertising is then often matched to previously visited pages. The associated processing of personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in improving our advertising and in targeting you again as a prospective buyer of our services and products.
These advertising materials are displayed on the pages of third parties using cookie technology and analyzing past user behavior. We receive no information about the communication of your browser with servers of the retargeting providers. When you visit our Online Shop or other websites, your browser communicates directly with servers of our retargeting providers. Our retargeting providers thus learn your IP address, the cookie stored on your computer, and what products you looked at while visiting our Online Shop. The retargeting provider once again learns your IP address and the cookie stored on your computer when you visit other websites that cooperate with the same retargeting provider. Our advertising may then be displayed on these other websites on our behalf, for example, advertisements for the products you have viewed on our site.
We use the retargeting technologies of the following companies
· Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
· Criteo GmbH, Unterer Anger 3, 80331 Munich, Germany
· Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A.
· d3media AG, Ludwig-Erhard-Straße 14, 20459 Hamburg, Germany
· mediards GmbH, Im Mediapark 8, 50670 Cologne, Germany
· neXeps GmbH, Erinstraße 18, 44575 Castrop-Rauxel, Germany
· adrox GmbH, Niederstraße 1, 47829 Krefeld, Germany
· Tisoomi GmbH, Gänsemarkt 31, 20354 Hamburg, Germany
· Plista, Torstrasse 33-35, 10119 Berlin, Germany
· Brandbüro Media GmbH, Habsburgerring 1, 50674 Cologne, Germany
· Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany
· Microsoft Germany GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany
· Taboola, Friedrichstrasse 68, 10117 Berlin, Germany
· Outbrain, Hohenzollernring 88, 50672 Cologne, Germany
· GroupM Competence Center GmbH, Derendorfer Allee 56, 40476 Düsseldorf, Germany
· Light Reaction Germany GmbH, Derendorfer Allee 4, 40476 Düsseldorf, Germany
· plista GmbH, Torstrasse 33-35, 10119 Berlin, Germany
· Affiliate agency metapeople GmbH, Philosophenweg 21, 47051 Duisburg, Germany
· Media Agency Performance Media Deutschland GmbH, Gorch-Fock-Wall 1a, 20354 Hamburg, Germany
In compliance with applicable data protection laws for the performance of retargeting, non-personal data is stored in cookies on your computer and deleted after 540 days at the latest. Such data is used for statistical analysis, based on which the aforementioned interest-based advertising is displayed. In addition, we receive a statistical, non-personal retargeting analysis.
(f) Fingerprinting and cross-device tracking - intelliAd and adrox
This Website uses fingerprinting and cross-device tracking technology of intelliAd Media GmbH, Sendlinger Straße 7, 80331 Munich, Germany ("intelliAd") and adrox.
We use the web analysis service intelliAd, which is provided and operated by diva-e Products GmbH, Sendlinger Straße 7, 80331 Munich, Germany, and adrox. Personal data are processed and stored in aggregated form as anonymous usage data (Art. 6 para. 1 lit. f) GDPR) in order to optimize and design this Website in line with consumer demands.
When tracking is used, cookies are stored locally. You have the right to object to the processing of your usage data. Use the opt-out function for this purpose:
For intelliAd: https://login.intelliad.com/optout.php
For adrox: http://youronlinechoices.eu/
(i) Cross-device tracking
If you successfully log into this Website, a cross-device token can be assigned to your login and stored locally and temporarily in encrypted form in a cookie on your computer. Full IP addresses are not stored in the process and are only processed in anonymous form.
(ii) First-party tracking
(g) 8select Software GmbH - Curated Shopping Engine (CSE)
We use the "CSE" service of 8select Software GmbH, Heinz-Fangman-Straße 4, 42287 Wuppertal, Germany.
If you access a page of our Online Shop that includes such a plugin, your browser establishes a direct connection to the 8select server. The content of the plugin is transmitted directly to your browser and integrated into the page. As a result of the integration of the plugin, 8select receives the information that your browser has accessed the corresponding page of our Online Shop. This information (IP address) is transmitted directly from your browser to the 8select server. This data processing takes place in order to be able to provide the functionality of the 8select software solution.
This software solution allows us to offer you products that match products you are interested in or have purchased from us in the past. The processing of your personal data is based on Art. 6 para. 1 lit. f) GDPR because we have a legitimate interest in improving your shopping experience and in being able to show you personalized ads.
Modules of 8select use session cookies to improve the relevance of product recommendations and to increase the quality of recommendations for you. For example, information about which product pages have been accessed and which products and product categories have been viewed in our Online Shop may be included. Unfortunately, we cannot provide you with such recommendations without a session cookie.
You can deactivate the display of CSE product recommendations by clicking
on the opt-out button:
If you would like to display CSE product recommendations again later, simply click on the opt-in button: