This Privacy Notice is addressed to you as a member of the OUTLETCITY CLUB ("OUTLETCITY CLUB"), irrespective of the extent to which you use our services, as well as to you as a non-registered visitor of the website ("Website") of Outletcity Metzingen GmbH ("we" or "OCM") accessible at https://www.outletcity.com.
In this Privacy Notice, we will inform you about the personal data we process from you as well as under what circumstances we do so in relation to the OUTLETCITY CLUB and in connection with the Website. In relation to the processing of this personal data, we are the "Controller" as defined in the General Data Protection Regulation ("GDPR").
To give you an overview of our data processing activities, we present them to you in this overview.
When you visit our Website, we store information about you by using log files so we can optimise our online presence in the future and in order to ensure data protection control and data security. We also use a so-called content delivery network so that we can reliably provide the content of the Website.
If you contact us via our Website or submit a press enquiry, we process your personal data resulting from your enquiry in order to be able to answer it to your satisfaction.
For certain forms, we want to ensure that they can only be used by humans and not by software. For this purpose, we use so-called captcha services.
2. OUTLETCITY CLUB and Online Shop
The OUTLETCITY CLUB is OCM's loyalty programme. In order to be able to offer you the OUTLETCITY CLUB and provide you with the most relevant offers possible, we collect personal data from you when you register for and use the OUTLETCITY CLUB. In addition to the data that we request as part of the registration process, this also includes data that we assign to your customer account, such as your personal identification number, your purchase history or information about how many reward points you have received or, if applicable, redeemed.
The use of our Online Shop is linked to a membership in the OUTLETCITY CLUB. Accordingly, we process the same personal data for both.
Credit agencies help us, with regard to orders, to regularly check address data and in some cases, depending on the selected payment method, obtain information as to your credit rating.
In order to be able to offer you the Online Shop and to market our products and services, we cooperate with various data processors and other service providers who may also have access to your relevant personal data in this context.
3. Cookies and tracking
We use certain cookies, cookie-like and cookie-based technologies to improve your user experience and to analyse your behaviour. This includes cookies that enable us to use retargeting, fingerprinting, conversion tracking, cross-device tracking or customer audiences.
Information on the individual cookies used by us, their functions, purposes, the relevant legal bases, consent options, withdrawal options and objection options can be found below (Section C.4) and in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/.
B. Controller and data protection officer
The Controller with regard to the described processing of your personal data is:
Outletcity Metzingen GmbH
Tel.: +49 (0)7123 92340
You can contact our data protection officer by e-mail at email@example.com.
C. Our data processing activities
To help you to understand what types of personal data we process, for what purposes and on what legal basis, we provide you with detailed information on this below.
1. Actively contacting us via our Website
You have various opportunities to actively contact us via our Website. If you do so, we will process your personal data as described in this Section C.1.
1.1 Contact us (via the contact form or by e-mail)
If you use the contact form on our Website to contact us or send us an e-mail enquiry, we process the following personal data in order to be able to answer your enquiry as best as possible:
- your salutation
- your first and last name
- your e-mail address
- your message, including chosen subject line and other personal data that may result from the content of your message
- date and time of your enquiry
If you contact us as a non-registered visitor to our Website, we use this personal data to respond to your enquiry. If your enquiry does not concern a past, present or potential contractual relationship with us, our processing of your personal data is based on Art. 6 para. 1 lit. f GDPR.. Our legitimate interest is to answer your enquiry.
If you contact us as a member of the OUTLETCITY CLUB (cf. Section C.3) and/or your enquiry relates to a former, current or potential contractual relationship with us, our processing of your personal data in order to respond to your enquiry is carried out as part of the entering into or performance of this contractual relationship with you and is accordingly based on Art. 6 para. 1 lit. b GDPR.
Regardless of whether you are a member of the OUTLETCITY CLUB or a non-registered visitor to our Website, we also process your personal data to optimise our business processes. This includes in particular the continuous improvement of our handling of enquiries, for which we evaluate your enquiry to the extent necessary for this purpose. In this case, our processing of your personal data is based on Art. 6 para. 1 lit. f GDPRand our legitimate interest is to optimise our business processes.
1.2 Press enquiry
If you contact us via the press form on our Website, we process the following personal data in order to be able to answer your enquiry in the best possible way:
- your salutation
- your first and last name
- your e-mail address
- your message including chosen subject line
- date and time of your request
- your IP address (which is not stored together with the other personal data of your enquiry)
We process this personal data exclusively to respond to your enquiry based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to maintain close press relations.
2. Data processing with regard to mere Website visits
When you visit our Website, whether or not you are a member of the OUTLETCITY CLUB, we process personal data about you as described in this Section C.2.
2.1 Log Files
When you access our Website, your browser automatically transmits certain personal data to our servers, for the operation of which we may use host providers as data processors. We do this using so-called log files in which your IP address is stored. In addition to the IP address, we receive the following personal data from you via the log files:
- Referrer URL (i.e. information which website you used before you got to our Website)
- date and time of your visit to our Website, time zone difference from GMT
- the access method/function desired by the requesting computer
- the input details transmitted by the requesting computer (file name)
- subpage accessed or name of the requested file
- access status/http status code (file transferred, file not found, command not executed, etc.)
- transmitted data volume
- your browser version and operating system version
This personal data is collected both for the future optimisation of our online services and for data protection control and data security.
If you visit our Website as a member of the OUTLETCITY CLUB or to register as a member, this processing is carried out to initiate or fulfil a membership agreement with you and is therefore based on Art. 6 para. 1 lit. b GDPR. Otherwise, this processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to provide the Website securely and as error-free as possible.
2.2 Content Delivery Network
For the delivery of content on our Website, we use a Content Delivery Network ("CDN"), which is operated for us by a service provider as a processor.
The CDN makes Website content available on various servers around the world so that visitors to our Website can access it as quickly as possible from anywhere. The content embedded on our Website, such as images and videos, is obtained from the CDN when the Website is accessed. Through this access, information about your use of our Website (such as your IP address) is transmitted to the service provider's servers and stored there. This already happens when you simply access the Website with this content.
This processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to offer a higher level of fail-safety, increased protection against data loss and a better loading speed of the Website.
2.3 Captcha services
We use captcha services to ensure that forms on our Website can only be used by humans and not by automated attack software. For this purpose, a service provider's captcha tool runs in the background when you want to use certain forms on our Website. This tool analyses your behaviour to verify that you are a human. For this analysis, we collect similar personal data via the log files.
Our legitimate interest in processing your personal data through captchas is that we want to protect our Website from spam and attacks by automated attack software. The processing is therefore based on Art. 6 para. 1 lit. f GDPR.
3. Data processing in connection with the OUTLETCITY CLUB
If you register for our OUTLETCITY CLUB and then make use of the offer we make available to the OUTLETCITY CLUB members, we also process personal data about you.
The circumstances under which this is the case and the purposes for which the data is processed are described below. In addition to the purposes described below, we also use your personal data to continuously improve the OUTLETCITY CLUB (Art. 6 para. 1 lit. b GDPR).
The processing of your personal data described in this Section C.3.1 is carried out in order to conclude and perform the membership agreement for the OUTLETCITY CLUB between you and us (Art. 6 para. 1 lit. b GDPR).
You have various options for registering for membership in our OUTLETCITY CLUB. The personal data we process from you depends on which of these options you use. We refer to all this personal data as "Master Data".
3.1.1 Registration by name
You can register for membership in the OUTLETCITY CLUB by creating a customer account on our Website (registration).
You must already provide some necessary information when registering so that you can become a member of the OUTLETCITY CLUB at all. You can add voluntary additional information at any time after registration via your customer account on the Website or the OCM App (see Section C.3.5).
184.108.40.206 Necessary data
We ask you for the following information, which is necessary for your registration, directly via the form for registering for membership in the OUTLETCITY CLUB:
- your e-mail address (which we verify as part of a double opt-in)
- a password for identification (only in encrypted form and without us knowing it)
- the desired country of delivery (by means of your place of residence)
- your desired salutation
In order to save you extra effort when entering the data, we derive some information directly from your application form. This includes, for example, the date of your application and the language of correspondence.
220.127.116.11 Additional information
In addition, you can voluntarily provide further personal data to complete your customer profile:
- your first and last name
- your date of birth
- your address
- your other interests or preferences
We use this personal data to be able to identify you precisely within the framework of the OUTLETCITY CLUB. We need your date of birth in order to be able to grant you the benefits described in the OUTLETCITY CLUB T&Cs. Please note that if you exercise your right to correct your personal data in this regard, we must insist on appropriate proof. To change your date of birth, please contact our customer service directly (firstname.lastname@example.org).
3.1.2 Registration with Facebook
If you are a Facebook user, you can also register via the social plugin "Facebook Connect" of the social network Facebook. "Facebook Connect" is offered by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") or, if you are a Facebook customer and have residence in the EU, by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can recognise the social plugins from "Facebook Connect" by the button with the Facebook logo and the words "FACEBOOK".
Depending on your personal data protection settings on Facebook and the information stored there, we receive the general and publicly accessible information stored in your profile from Facebook when you use the Facebook login:
- your first and last name
- your age (at least the information that you have reached a certain age limit, e.g. "21 years or older", but we do not store this).
- your gender
- your place of residence
- your e-mail address
- your profile picture (which we do not store)
3.1.3 Registration with Google
If you are a Google user, you can also register using the social plugin "Google Sign In" of the provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can recognise the Google social plugin by the button with the Google logo and the inscription "GOOGLE".
Depending on your personal privacy settings at Google, we receive the following information from Google when you use Google login:
- your first and last name
- your e-mail address
- your language settings
- your profile picture (which we do not store)
3.1.4 OUTLETCITY CLUB Code and identification number
When you have completed your registration, you will initially only receive your OUTLETCITY CLUB Code. This serves to uniquely identify you as a member of the OUTLETCITY CLUB.
Because the OUTLETCITY CLUB Code can change in the course of your membership, for example if you lose your customer card or if you uninstall the OCM app in the meantime (cf. Section C.3.5), we also use a unique identification number. By using this identification number in the background, we can ensure that reward points and status points (cf. Sections C. 3.3.1 and C.3.3.2) are credited to your account and reward points can be redeemed even if the OUTLETCITY CLUB Code changes. We generate this unique identification number exclusively by the system and use it in all identification processes. If your customer card is lost, this procedure gives us the opportunity to block the corresponding the OUTLETCITY CLUB Code so that you can continue to use the OUTLETCITY CLUB without having to register again.
3.2 Online Shop
When you use our Online Shop, we process further personal data in addition to your Master Data. On which occasion and to what extent this happens in each case is described in the following subsections of this Section C.3.2.
3.2.1 Order in the Online Shop
In connection with your order in our Online Shop, we process your personal data to be able to process the order, its payment and any returns. In addition, we also process personal data relating to your order in order to be able to offer you services such as size recommendations or parcel tracking or to carry out address or credit checks.
18.104.22.168 Size recommendations
You can request to be shown what size we would recommend for you based on your measurements in relation to our products. We enable you to do this by integrating the external interface of a service provider that we use as a data processor. Through the interface, we collect the following personal data from you if you provide it to us:
- figure type
- preferences as to how you like to wear particular clothes
- reference marks and reference articles
- if "female" has been specified as the gender, bra size
- order number
- customer ID
Your data is analysed on our behalf so that we can show you in the interface which size fits best on average for your measurements. This allows you to order your clothes in the best fit.
This processing of your personal data is cookie-based. Accordingly, you will find further information on this in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/.
22.214.171.124 Processing of the order
In order to process your order, we require the following personal data in addition to your Master Data:
- your first name and surname, unless you have already stated this at an earlier date
- your billing address, if different from the address stored in your customer account
- your delivery address, if different from the billing address
- the desired method of payment and, depending on the method of payment, the required payment information (cf. Section C.126.96.36.199)
This processing of your personal data is carried out for the fulfilment of the purchase agreements concluded between you and us regarding the goods you order in our Online Shop (Art. 6 para. 1 lit. b GDPR).
We then store this personal data with us or the service provider acting on our behalf in connection with the processing and dispatch of orders. They are stored there together with the following personal data of you, some of which is relevant to the order and some of which is historical data, in order to be able to offer you an order history and to store it for the purpose of evaluating and improving customer satisfaction:
- information about items you have ordered previously
- the date of the order
- the data relating to your payment (amounts paid, time details we receive from you or our bank)
- the data of the commissioning (location, ID numbers, time specification)
- the data of the dispatch and your receipt (dispatch service provider, parcel number, time details of the parcel)
- the communication data (for example, telephone, e-mail)
- the agreement master data (contractual relationship, product or contractual interest)
- the customer history
This processing of your personal data is carried out for the fulfilment of your OUTLETCITY CLUB membership agreement and, insofar as necessary for its fulfilment, for the processing and execution of your individual purchase agreements (Art. 6 para. 1 lit. b GDPR).
188.8.131.52 Address verification in connection with orders
If you enter a new address in the check-out, we will validate it once and have any minor obvious errors corrected. For this purpose, we transmit, in each case without names, German addresses to infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, as well as CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Austrian addresses to Credify Informationsdienstleistungen GmbH, Gumpendorfer Straße 21, 1060 Vienna, Austria, as well as CRIF GmbH, Rothschildplatz 3/Top 3.06.B, 1020 Vienna, Austria and Swiss addresses to INTRUM AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland, as well as CRIF AG in 8034 Zurich, Switzerland. For Switzerland, there is an adequacy decision of the Commission, which you can request at the above address.
Detailed information on the processing of personal data by infoscore Consumer Data GmbH can be found at https://finance.arvato.com/icdinfoblatt, by CRIF Bürgel GmbH at https://www.crifbuergel.de/de/datenschutz, by Credify Informationsdienstleistungen GmbH at https://www.credify.at/datenschutz, by CRIF GmbH at www.crif.at/datenschutz, by INTRUM AG at https://www.intrum.ch/de/konsumenten/uber-intrum/ihre-privatsphare-ist-unsere-prioritat/ and by CRIF AG at www.mycrifdata.ch/#/dsg.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure smooth shipping, to be able to prevent the improper dispatch of goods to incorrect addresses and, in the case of unknown addresses, to be able to refuse you credit card payment, payment by SEPA direct debit or purchase on account in order to safeguard our incoming payments.
As part of the payment process, we process various personal data about you.
184.108.40.206.1 Credit assessment
In order to be able to offer you the best possible choice of payment methods, we want to protect you and ourselves from misuse and reduce our risk of non-payment (legitimate interest).
For our customers, we calculate in relation to each order, which payment methods we can offer. For this purpose, we view blacklists, maintain lists of approved customers ourselves and analyse your return behaviour. We do this to avoid payment defaults based on Art. 6 para. 1 lit. f GDPR. We store the result of our assessment in each case until recalculation. If your name is on a black list, you cannot pay us by SEPA direct debit or invoice. If you are on a list of approved customers, you can use all payment methods.
If our own analysis does not lead to a clear result, we will transmit your name, address and, if applicable, your date of birth for checking your creditworthiness and credit standing to the relevant credit agencies named in Section C. 220.127.116.11. Legal basis for these transfers is Art. 6 para. 1 lit. f GDPR. The result of the assessment of your cre-ditworthiness is only processed immediately in order to be able to display your personal payment method selection and is not stored beyond this.
The respective credit agencies process the data received and use it for profiling (scoring) in order to provide their respective contractual partners with information for assessing the creditworthiness of natural persons. You can find more information on their processing of your personal data at the respective credit agencies (see above). For questions about and in connection with the determination of your credit score by the individual credit agencies, please contact the respective credit agency directly.
18.104.22.168.2 Data tests with alternative credit agencies
To prevent payment defaults in the long term, we must ensure that we work with reliable credit agencies. In order to evaluate the accuracy of the credit agency we use for credit assessments, we have cross-checked a small number of customer data records from alternative credit agencies on a test basis. The customer data set used for this purpose contains the following personal data (depending on the requirements of this alternative credit agency):
- internal operation ID
- client (key for assigning the order to a brand/shop)
- order date
- full name
- date of birth
- telephone number
- e-mail address
- information as to whether the customer is a new or existing customer
- if applicable, information on how long the customer has been our customer
- information about the order concerned (goods category, order value, order channel, article groups in the shopping basket, number of articles purchased, payment method offered and selected, shipping, returns, any reminders)
- current total claims against the client and continuing delay in payment
- information on whether and when claims were handed over to a collection agency
- information about the existence of suspected fraud
- possible information about undeliverability of ordered goods
The alternative credit agency assesses this information using its own scoring procedures and sends us the results of the assessment in each case. These include, in particular, the information as to which payment method would have been offered to the customer according to their parameters. The alternative credit agency does not store the transmitted customer data or process it for any other purpose. We conclude a data processing agreement with the credit agencies for the respective test, so that any further use of the personal data by the respective credit agency is excluded and the credit agency only processes the personal data on our behalf.
We then compare the results of our credit agencies with those of the alternative credit agency.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to permanently offer all payment methods to our solvent customers who are willing to pay and to provide you with a better shopping experience. If we had to expect payment more and more defaults due to unreliable credit ratings from the credit agency we use, we would have to limit the payment methods offered to those for which there is no risk of default for us. This would considerably worsen our service. Since such a data test has no noticeable effect for the customer, our legitimate interest in carrying out the data test outweighs this.
We delete the personal results of the comparison immediately after it has been carried out. In the further course, we only store a statistical value about which credit agency has determined the creditworthiness of the tested customers more accurately in the comparison.
22.214.171.124.3 Frictionless Flow
To enhance the user experience, we transmit individual categories of data that identify you (such as your address) and categories of data that relate to your order (such as whether you redeem a voucher) to the selected payment service provider.
This allows us, under certain conditions, to save you a time-consuming authentication process in which you have to enter further data on additional payment service websites (so-called "frictionless flow"). This is based on your interest in being able to make your payment without being redirected if possible and our interest in being able to offer you this user-friendly and secure payment process (Art. 6 para. 1 lit. f GDPR).
Depending on the payment method you have chosen, we process the requested payment data from you ourselves and forward it to the integrated payment service provider if necessary. In some cases, however, we have outsourced the entire payment process so that we do not process any further personal data from you ourselves.
This processing of your personal data is carried out for the purpose of processing your purchase agreement for the respective goods ordered and is therefore based on Art. 6 para. 1 lit. b GDPR.
From time to time, especially after placing an order, we display voucher offers from Sovendus GmbH, Moltkestraße 11, 76133 Karlsruhe ("Sovendus"). During this process, we transmit your IP address to Sovendus, which uses it exclusively for data security purposes and usually anonymises it after seven days. If you click on a voucher banner from Sovendus, we transmit your name and e-mail address in encrypted form to Sovendus for the preparation of the voucher.
In addition, we transmit the order number, order value with currency, session ID, voucher code and timestamp to Sovendus in pseudonymised form for their redemption of the vouchers.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve your shopping experience in our Online Shop.
For further information on the processing of your personal data by Sovendus, please see their Privacy Notice at www.sovendus.de/datenschutz (or for Austria: www.sovendus.at/datenschutz and for Switzerland: www.sovendus.ch/datenschutz).
126.96.36.199 Parcel tracking
In your customer account (MY ACCOUNT), you have the option of retrieving status information on parcel tracking. For this purpose, the data of your order, in particular the parcel number, but also your e-mail address are transmitted to our logistics service provider, who handles this technically for us, if necessary with the involvement of a shipping service provider, and returns the data on the shipment. This enables you to retrieve an order history with information about the status of our shipments to you. Our service provider may also inform you about the status of your shipment by e-mail.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve your user experience after your order.
Should you exercise your right of withdrawal, exchange goods or assert warranty rights, we will process the following additional personal data:
- information about your return (shipping service provider, parcel number, information about the time of shipment)
- information about the receipt at our office (location, ID numbers, time)
- information on the condition of the goods
We process this personal data to be able to reverse the relevant purchase agreement with you (Art. 6 para. 1 lit. b GDPR), to have evidence of the steps leading to the agreement being reversed, to be able to offer you an order history and to be able to offer you an optimised user experience (Art. 6 para. 1 lit. b GDPR). Our legitimate interest here is to preserve evidence, increase customer satisfaction, optimise offers and promote sales.
3.2.2 Ordering via the marketplace with our marketplace partners
If you order a product from one of our marketplace partners via our marketplace, we process your personal data to the same extent, for the same purposes and based on the same legal bases as described in Section C.3.2.1.
However, for the processing of your order, the dispatch and the processing of possible returns, we use the respective marketplace partner as a data processor.
3.2.3 Ordering deliveries to Switzerland
If you order to a Swiss delivery address, we will process your personal data as described in Section C.3.2.1 In deviation from this, however, we will transmit the data to logistics and shipping service providers as well as payment service providers in Switzerland if necessary. For Switzerland, there is a transfer basis in the form of the EU Commission's adequacy decision.
3.3 Rewards programme
If you are a member of our OUTLETCITY CLUB, you can collect reward points, which you can redeem for rewards when you reach a certain number of reward points. Unless another legal basis is explicitly assigned to data processing below, the data processing in this Section C. 3.3 is carried out in order to conclude or perform your membership agreement for the OUTLETCITY CLUB and is therefore based on Art. 6 para. 1 lit. b GDPR.
3.3.1 Reward points
When you collect reward points as part of the OUTLETCITY CLUB, we process the following personal data from you in this context:
- information on which reward points you have collected from purchases in our Online Shop and which you have collected from purchases at Outletcity
- for purchases at Outletcity, information on which partner you have collected the reward points from
- information on the goods purchased, the price and the number of reward points earned for each of them
- information on possible returns for purchases in the Online Shop
- purchase date
- information on whether you receive reward points from a special promotion
3.3.2 Status level
To enable us to manage your status, we process the following necessary personal data:
- your turnover for the previous twelve months
- information about which status you have at any given time and, if applicable, which status you once had at an earlier point in time.
- information about which benefits you have claimed
Depending on your status level, parking on the premises of the Outletcity is at a discount for you. As we need to consider this when you are paying for your parking ticket, we process the information about your status level and the parking duration if you identify yourself with your OUTLETCITY CLUB Code. In order to process the check whether you are allowed to park at a reduced rate, we use the service providers used for the operation of the car parks as data processors.
3.3.3 Initial use without registration
We also allow you to use the OUTLETCITY CLUB at Outletcity on a trial basis without prior registration. In this case, you will receive an OUTLETCITY CLUB Code that you can use as a QR code in the OCM App or in printed form.
For this purpose, we already store all the personal data mentioned in Section C.3.3.1 without knowing any of your Master Data or assigning the stored data to your person.
If you register for the OUTLETCITY CLUB later, we will link the personal data we have stored for your OUTLETCITY CLUB Code with your Master Data.
3.3.4 Reward shop
When you redeem reward points, we process the following personal data from you for this purpose:
- information on the selected and redeemed rewards
- information on the number of redeemed reward points
- the delivery address for the reward shipment
The reward dispatch may be carried out directly via the service provider whose goods or services we offer as a reward as our data processor. For this purpose, we will pass on your name and the delivery address to the relevant service provider.
3.4 Personalisation of advertising in connection with your customer account
We allocate your visits to our Website, visits to Outletcity, purchases and collection of points via our reward programme, purchases in our Online Shop and at Outletcity, returns made and reactions to our advertising measures to your customer account, insofar as we are able to do so within the framework of the OUTLETCITY CLUB. We do this in order to be able to show you advertisements that are as relevant to you as possible.
This processing of your personal data described in this Section C. 3.4 carried out in our legitimate interest in showing the most relevant advertising possible to our customers and in carrying out successful advertising campaigns (Art. 6 para. 1 lit. f GDPR).
3.4.1 Purchase history and preferences
In this context, we process further details of your purchase history:
- your carts, purchases and returns to create purchase and return rates
- information about whether you bought more online or more at Outletcity
- information about whether you often buy certain categories of goods
- information about whether you have bought a lot in sale
- information about whether you have bought many trend items
- information about whether you have purchased certain products of certain brands
- information about whether you use coupons, vouchers or discount codes, in partic-ular whether you have activated and/or used a coupon, voucher or discount code (for example a shopping pass)
- information about which sizes you buy
- information about which colours you buy
- information about which payment methods you use
- information on which rewards you select
We use the aforementioned personal data to decide which type of advertising we show you, how often and via which channels. In addition, we also take into account your following preferences for this decision:
- information about which brands you prefer
- information about which items you buy particularly frequently
- information about how often you buy from us
- information about which offers, if any, particularly prompt you to make purchases
- information about which product groups you prefer
- information about which application channels you prefer
3.4.2 Vouchers, coupons and discount codes
We issue coupons, vouchers or discount codes on various occasions to be able to offer you particularly attractive deals. You may also receive such coupons, vouchers or discount codes from time to time from third parties with whom we cooperate.
If you use such a coupon, voucher or discount code to make a purchase from us, we process information about the type and amount of the coupon, voucher or discount code, the advertising channel through which you received it and whether or for what purpose you used it. This enables us to measure the success of a related advertising campaign, to establish your preferences and calculate, where relevant, the amount of revenue-based compensation claims of our promoters or revenue-based commission for other intermediaries. We use your preferences to decide which advertisements we play out to you in the future. A possible tendency to make use of coupons, vouchers or certain discount campaigns can also have an influence on which advertising we play out to you.
3.4.3 Proximity to Outletcity
Depending on where you live and if that is close to Outletcity, you will preferentially receive advertising with offers from Outletcity, omnichannel offers or purely online offers.
3.5 Using the OCM App
Information on the processing of your personal data in the Outletcity Metzingen App ("OCM App") can be found at https://www.outletcity.com/en/metzingen/app-data-protection/.
You will receive our newsletter either as part of your membership of the OUTLETCITY CLUB (Art. 6 para. 1 lit. b GDPR) or because you have given us explicit consent to do so (Art. 6 para. 1 lit. a GDPR).
In order to send our newsletter, we process the following personal data from you:
- your salutation
- your e-mail address
In deciding which newsletters and how often to send them to you, we also take into ac-count the personal data described in Section C. 3.4, as well as the personal data result-ing from Section C.3.6.2 below.
We evaluate your behaviour in connection with the newsletter. For this evaluation, the newsletters sent contain so-called web beacons or tracking pixels. These are single-pixel image files that are stored on our Website. For the evaluations, we link your personal data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. With the data obtained in this way, we create a profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click on in it and deduce your personal interests from this. We link this data to actions you have taken on our Website. This processing is based on Art. 6 para. 1 lit. f GDPR and is carried out in our legitimate interest to provide you with a better shopping experience.
3.6.3 A/B tests
In order to optimally design the user experience for all members of the OUTLETCITY CLUB and to be able to continuously improve our services, we conduct A/B tests in which we send different newsletters to different comparison groups and compare the conversion rate achieved in each case with that of the other comparison group. This processing is based on Art. 6 para. 1 lit. f GDPR and is carried out in our legitimate interest to provide you with a better shopping experience and to use our advertising as profitably as possible for all parties involved.
In our Online Shop and our e-mail newsletters, you will find the option to participate in surveys, for which we use a service provider as a data processor. If you participate in a survey, we process the following personal data from you in order to carry out the survey:
- if applicable, your customer number; if we carry out the survey in a personalised manner, we will point this out to you in each individual case
- your IP address
- your device, browser type and operating system
- date and time of participation in the survey
- the information you provided in the survey
- information about whether you have answered the questions completely
However, we do not evaluate the surveys on a personal basis, but only using to pseudonymised customer segment information and other anonymous criteria.
This data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable the continuous improvement of our range of products and services.
If we send you mail for information about Outletcity, the OUTLETCITY CLUB and the Online Shop based on your data, we will process the following personal data from you for this purpose:
- first name and surname
We also take into account the personal data described in Section C.3.4 in deciding which and how often to send you informative mail.
This data processing takes place either in the context of the performance of our membership agreement for the OUTLETCITY CLUB with you and is therefore based on Art. 6 para. 1 lit. b GDPR. If you are not a member of our OUTLETCITY CLUB, we process your personal data mentioned in this Section in our interest in dispatching sales-promoting advertising on the basis of Art. 6 para. 1 lit. f GDPR.
4. Cookies and tracking
We use numerous cookies and cookie-like or cookie-based technologies on our Website for various purposes, including tracking purposes.
Cookies are small text files that are stored on your computer and saved by the browser. Cookies do not cause any damage there. They serve, for example, to make our offer to you more user-friendly, effective and secure.
For example, cookies are processed on our Website for the following general purposes:
- session cookies, which are used in particular for the functioning of customer accounts or the shopping cart function
- web analytics cookies used to analyse your usage behaviour on our Website
- advertising cookies that we set in order to be able to work with advertising partners
We only use certain cookie-based or cookie-like technologies in the area of our Online Shop that is only accessible to members of our OUTLETCITY CLUB, while we set other cookies for all visitors to our Website.
Information on the individual cookies used by us, their functions and purposes, the relevant legal bases, consent, withdrawal and objection options can be found in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/.
To help you understand the purposes for which we use the cookies mentioned there better, we describe individual cookie-based or cookie-like processing activities in more detail below.
4.1 Movement on the Website and adjustment of the display of advertisements
To help us understand which sub-pages and category pages, or which areas of a sub-page, are particularly relevant to our customers, we analyse movements on our Website, as described below. We also use tools that allow us to show you goods that are actually of interest to you.
4.1.1 Evaluation of the use of sub and category pages, heat maps
When you view our Website, we collect the following personal data from you using cookies from various service providers as processors or as joint controllers:
- your movements in the Online Shop (i.e. which sub/category page you are on, which sub/category page you came from, how long you stay there, what you click on)
- information about whether you buy something or not
In addition, we use the web analysis tool of a service provider on our Website, which we use as a data processor, to record randomly selected individual visits to the Website. This creates a log of mouse movements, clicks and keyboard interactions, with the intention of randomly reproducing individual Website visits as so-called session replays and evaluating them in the form of heat maps. When tracking is used, cookies are stored locally.
4.1.2 Display of relevant advertising
Subject to your consent to the use of the respective cookies required for this purpose, we use various service providers and providers of affiliate networks for these purposes. In order to be able to assign advertising successes to specific service providers with whom we work, we also use a so-called cookie switch. This is provided by a service provider that we use as a data processor.
At https://www.outletcity.com/en/metzingen/privacy-settings/ you can see which service providers these are in each case and decide for yourself which cookies we may set for advertising purposes.
If you visit other websites after visiting our Online Shop, we will display advertisements there as a reminder for products that you have viewed on our Website (retargeting). The display of these advertisements on third-party websites is based on cookie technology and an analysis of previous usage behaviour. We do not learn about your browser's communication with the servers of the retargeting providers. When you visit our Online Shop and other websites, your browser communicates directly with the servers of the retargeting providers. The retargeting providers therefore receive your IP address, the cookie stored on your computer and what you have looked at while visiting our Online Shop. The retargeting provider receives your IP address and the cookie stored with you again when you visit other websites that cooperate with the same retargeting provider. Our advertising can then be displayed there on our behalf, for example advertising for the products that you have viewed on our Website.
188.8.131.52 Fingerprinting and cross-device-tracking
We also use fingerprinting and cross-device tracking technologies in order to be able to show you advertising that is tailored to your needs across all devices. The use of such tracking methods results in the local storage of cookies. In the case of cross-device tracking, a cross-device token can be assigned to your stored login and stored locally and temporarily in encrypted form in a cookie on your computer if you log in successfully to our Website. Complete IP addresses are not stored in the procedure and are only processed in anonymised form. To improve tracking accuracy, we use the "first party tracking" method. In this process, a first-party cookie is set on the customer domain. Complete IP addresses are also not stored in this procedure and are only processed in anonymised form.
4.2 Customer Audiences
In addition, we use the personal data we have from you and other customers to create and use so-called Custom Audiences. A Custom Audience is a target group that we determine from our customer base by specifying certain criteria to which certain advertisements are to be played. In this way, we want to ensure that we only display advertising to you that matches your interests. In order for us to be able to use such technologies, we obtain your consent to the use of the relevant cookies in advance.
4.3 Conversion tracking
We also use conversion tracking technologies on our Website. If you have seen an advertisement from us and later visit certain target pages of our Online Shop, we would like to be able to evaluate this as the success of our advertisement. For this purpose, the respective service provider with whom we work for conversion tracking compares information about the advertisements with information about which pages you have visited on our Website. We later receive statistical information from the service provider about the success of our advertisements, without it being possible for us to identify the specific person for whom the success of our advertisements occurred later.
The service providers used are able to measure the success of the advertisements across devices, so that, for example, an advertisement on a smartphone can be attributed to a subsequent purchase on our Website by means of a laptop.
D. Automated decision making
We do not use automated decision-making beyond the scope described in Section C. 184.108.40.206.1.
E. Third-country transfers
We only transfer personal data to third countries to the extent that data processors operate in third countries. In the absence of an adequacy decision by the European Commission for the respective third country, this is done subject to appropriate or adequate safeguards. You can obtain a copy of the respective guarantees used via the address of the controller given above.
F. Storage period
We store your personal data until the processing purposes stated in each case have been achieved. Beyond this, we only retain them if and insofar as a longer storage obligation or a right to longer storage arises from commercial, tax or other legal requirements.
G. Data subjects' rights
Under the law, you have the following rights:
- right of access (Art. 15 GDPR);
- right to rectification (Art. 16 GDPR);
- right to erasure (Art. 17 GDPR);
- right to restriction of processing (Art. 18 GDPR);
- right to data portability (Art. 20 GDPR) and
- right to object to processing (Art. 21 GDPR).
Insofar as the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.
You have the right to lodge a complaint with a supervisory authority.
You may contact our Data Protection Officer (Section B) to exercise your rights.
You can deactivate the display of CSE product recommendations by clicking
on the opt-out button:
If you would like to display CSE product recommendations again later, simply click on the opt-in button:
Status: November 2021