The following is intended to familiarise you with our data protection policy. It applies to our website and our online shop, but not to the websites of other suppliers which you can access via links.
I. Brief overview about data protection in our company
- When visiting our website, your IP-address will be processed for delivering the website as well as for the services of third-party provider used by us
- Our webhosting provider stores the IP-address and other technical information for 7 days in a logfile for the sake of IT security
- When you register yourself, in a first step we only need your form of address, e-mail address and delivery country for providing you with our newsletter. Further data such as e. g. your address we do not need before the first time you order something.
- On our website we use third-party provider services of epog internet services GmbH (Karlsruhe), Emarsys Interactive Services GmbH (Berlin), 8select Software GmbH (Regensburg), intelliAd Media GmbH (München / Munich), Usabilla (Berlin), Criteo GmbH (München / Munich), d3media AG (Hamburg), mediards GmbH (Köln / Cologne), affilinet GmbH (München / Munich), neXeps GmbH (Castrop-Rauxel), adrox GmbH (Krefeld), Tisoomi GmbH (Hamburg), Plista (Berlin), Brandbüro Media GmbH (Köln / Cologne), Hurra Communications GmbH (Stuttgart), Microsoft Deutschland GmbH (München / Munich), Taboola (Berlin), Outbrain (Köln / Cologne), parcelLab (München / Munich), Prescreen (Austria), Google LLC (USA), Amazon Web Services Inc. (USA) and Facebook Inc. (USA). Thus, these companies also obtain personal data when you visit our website.
- After your login, we store and analyse by third-party provider services personal data about what you view and watch in order to provide you with advertisement in the future which is relevant for you. In the same way we proceed when you click something in our e-mail newsletter.
- When you visit other websites after having visited our website, we make there fading in advertisements for products as reminder, which you have watched on our site. Hereby we need third-party provider services, so called retargeting providers.
- You may cancel the e-mail-newsletter or erase your customer account at our company at any time.
- Connections to our webserver are always encrypted.
- With regard to orders, we are supported by credit agencies for regularly check address data and in some cases, depending on the chosen method of payment, to obtain credit information. In case of payment on invoice, we need your particular consent.
- Such data necessary for the implementation of the order, we forward to our service providers for implementation of orders (PVS), payment service providers and transport service providers.
- You have comprehensive rights, e.g. for information, rectification, erasure etc. as well as partly for objection.
In the following, we would like to introduce our data protection principles to you in some more detail. There principles apply for our web presence and our online-shop, however not for sites of other providers, to which you may get via links.
By the following links, you get faster to those areas of our data protection declaration, you are particularly interested in, or you just scroll down further on.
1. Data streams of our web server with every page request (before and after login)
2. Processing of your behavior on our website after login
4. General aspects about use of Google services on our website
5. General aspects about use of Facebook services on our website
7. Fingerprinting and cross device tracking – intelliAD
8. 8select Software GmbH – Curated Shopping Engine (CSE)
1. General information
2. Contact forms
3. Press forms
1. Registering to the shop
3. Orders into Switzerland
4. Address validation within the order procedure
5. Credit information and choice of method of payment
6. Data protection consent for special methods of payment
7. Coupon offers of Sovendus
8. Postal mailings
9. Parcel tracking with parcelLab
1. Right to information
2. Right to rectification
3. Right to restriction of processing
4. Right to erasure
5. Right to notification
6. Right to data portability
7. General information about your right to object
8. Right to withdraw the data protection declaration of consent
9. Automated decision in an individual case, including profiling
In the following, we would like to point out by a simple quotation in brackets, due to which provision the data processing is legitimate in case the respective procedure leads to processing of personal data. The abbreviation GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679).
All information you enter on our website will be treated strictly confidential and are determined only for internal use and for performing of contracts (e.g. for product orders) between you and the OUTLETCITY METZINGEN GmbH, Friedrich-Hermann-Str. 6, 72555 Metzingen, Germany. For performing contracts with you, of course we involve third parties, as well, however we merely hand over such information necessary for fulfilment of the task.
Personal data which come up by merely visiting our website will – save deviating regulations in this data protection declaration – not be transferred to any third party without your explicit approval, unless we are forced to such transfer by the law.
You may use our general online offer generally without disclosure of your name. You reach the online shop area after respective registration. In case you let yourself being registered for this or one of our other personalized services, we ask you for your name and for other personal information. It is to your own discretion, whether you enter these data and finalize the registration.
Subject of the data protection are personal data (hereinafter referred to as data). These are information which refer to an identified or identifiable natural person.
As far as we obtain an approval for processing operations with regard to personal data, Art. 6 (1) a) GDPR is the legal basis for the processing of personal data.
Concerning the processing of personal data necessary for the fulfilment of a contract to which the concerned person is contractual party, Art. 6 (1) b) GDPR is the legal basis. This also applies for processing operations, which are necessary for pre-contractual measures.
As far as a processing of personal data is necessary for the fulfilment of a legal obligation our company is subject to, Art. 6 (1) c) GDPR is the legal basis.
In case vital interests of the concerned person or another natural person require a processing of personal data, Art. 6 (1) d) GDPR is the legal basis.
In case the processing is necessary for safeguarding legitimate interests of our company or a third party, and the interests, fundamental rights and freedoms of the concerned person does not override the aforesaid interest, Art. 6 (1) f) GDPR is the legal basis for the processing.
The personal data of the concerned person will be erased or blocked, as soon as the purpose of the storage lapses. Furthermore, a storage may occur when required by the European or national legislator in regulations, statutes or other provisions in Union legislation, to which the responsible is subjected. Blocking or erasure of data will be carried out as well in case of expiry of a storage period determined by the said provision, unless the maintenance of storage is necessary for the purpose of a contract conclusion or fulfilment of a contract.
1. Data streams of our web server with every page request (before and after Login)
In case of visiting our website, we obtain your complete IP-address by your EDP. Only with such IP-address we are able to transfer the data of our website to you in order that the website is shown to you (Art. 6 para. 1 b and f GDPR). The temporary storage of the IP-address by the system is necessary to make a transfer of the website to your computer possible. It may be necessary to store your IP-address for the duration of the session. Since you have requested the website, this is a matter of mutual legitimate interest.
The webservers used by us will store your IP-address together with referrer, date, time of request, the method of access /function demanded by the requesting computer, the input data transmitted by the requesting computer (name of file), the access status of the web-server (file transferred, file not found, command not executed, etc.), name of the file requested, as well as your browser and operating system version for 7 days max. This serves for the disclosure of and protection against attacks on the IT security. The data will not be used beyond this scope. The legal basis is Art. 6 para. 1 f) GDPR. Our legitimate interest is the maintenance of our services and to trace attacks.
There is no option for filing an objection, because these procedures are essential for the operation of the website. In case you want to raise objections, please do not visit our website.
Our webservers are operated on our behalf by Claranet GmbH, Hanauer Landstr. 196, 60314 Frankfurt and Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States of America, as receiver of your data requests.
2. Processing of your behavior on our website after Login
In areas of our website which you reach after login, we store and process personalized, which areas you have visited, which products you have watched and ordered (profiling and automated decision-making).
These information can be used by us for creating an individual shopping experience, e. g. in the way of suggestions for products or product lines, which you may be interested in, on our website (initiation of contracts), on other websites (so called retargeting) and for the choice of contents of our e-mail newsletter (Art. 6 para. 1 b and f GDPR). For instance, we provide you with targeted and individual product recommendations within the frame of the home page, page for product details, shopping cart page or category page. Our legitimate interest is optimizing your shopping experience, in order to take care that you receive offers for products relevant for you, to enable us providing you with individual advertisements and with the opportunity to purchase such products. Please also see below our information concerning retargeting and e-mail newsletter.
Your personal data may also be used by us – as far as necessary – in order to avoid and disclose abuse, especially fraud (Art. 6 para. 1 b), c), e), f) GDPR). Our legitimate interest is protection of our assets.
Therefore, also an analysis of the former and the current behavior with clicks and purchases based on cookies may be carried out. In these cases, a cookie will be stored on your computer or your mobile device in order to collect pseudonymized data about your interests and in the consequence to adjust the advertisement individually to the stored information. We inform you in general about cookies and the opportunity to object against cookies in our cookie guideline [LINK]. Thereby, you are provided with advertisement which corresponds most likely with your interests for products and information. As far as the collected information is personalized, the processing takes places pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest for fading in personalized advertisement and for market research.
You may completely hinder loading of third-party services based on behavior with Add-Ons for your browser, e. g. with “Adblock Plus” ( https://adblockplus.org/en/).
These data processings are implemented on our behalf by the epoq internet services GmbH, Am Rüppurer Schloß 1, 76199 Karlsruhe and the Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin.
Data of analysis of behavior on our website receive additionally the following nominated companies as processors:
- 8select Software GmbH, Franz-Mayer-Straße 1, 93053 Regensburg
- intelliAd Media GmbH, Sendlinger Str. 7, 80331 München, Deutschland
- Sovendus Gutscheinnetzwerk Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- As well as the retargeting provider determined in Sec. IV.6.
Information about cookies used by us and the function of them, you may find in our cookie guideline:
4. General aspects about use of Google services on our website
On our website we use programs (“plugins”) of Google, so called Google services. These services are operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you request a page of our web presence, containing such a plugin, your browser creates a direct connection to the server of Google. The content of the plugin is transmitted directly to your browser and inserted in the site. By inserting of the plugins, Google obtains the information that your browser has requested the respective page of our web presence, even when you have no user account at Google or you are not logged in at the moment. These information (including your IP address) is transmitted directly from your browser to the server of Google which may be placed in the USA (see particularities at Google Analytics below), and one has to assume that they will be stored there, as well. These data processing procedures take place according to Art. 6 (1) f) GDPR for maintenance, improvement and new development of Google services, for providing personalized services, including services and advertisements by Google, to discover, prevent and fight fraud, abuse, security risks and technical problems at Google. Google describes the use of the data on legitimate grounds as follows:
- Providing, maintaining and improving the services to meet the requirements of the Google users
- Development of new products and functions, which are useful for Google users
- To gain insight about how persons use Google services in order to safeguard and to improve our services
- Personalization of Google services in order to provide you a better user experience
- Marketing in order to inform users about Google services
- Advertisement, in order to be able to provide users with a lot of Google services free of charge
- Disclosing, preventing or fighting fraud, security lacks or technical problems by other means
- Protection of rights, of property or of the security of Google, the Google users or the public against damages, as far as permitted by law or necessary
- Implementation of research with which Google services could be improved for Google users and are to the benefit for the public
- Compliance to obligations in relation to Google partners such as developers and holder of rights
- Enforcement of legal claims, including investigation of possible violation of applicable Using conditions
Google transmits the data to associated companies of Google and for the fulfilment of legal grounds to further third parties.
Google has subjected itself to the Privacy-Shield-Convention of the EU with the USA, so that the respective adequacy decision of the EU is the legal basis of the data processing in the USA and shall safeguard the data protection level applicable in the EU.
Purpose and extent of data collection and the further processing and use by Google as well as your rights and setting options related to this to protect your privacy, you may see in the data protection information of Google. https://policies.google.com/privacy?hl=en
When you do not want Google to allocate the data collected via our web presence directly to your Google account, you have to log out from Google before visiting our website.
a. Google Analytics
This website uses Google Analytics, a web analyzing service of Google. The use is based on Art. 6 (1) f) GDPR. Google Analytics uses so called “cookies”, text files which will be stored on your computer and enable an analysis of your use of the website. The information about your use of the website created by the cookie such as
- Type of browser / version
- Used operating system
- Referrer-URL (the site visited before)
- Time of day of the server request
are generally transmitted to a server of Google in the USA and stored there. The IP address transmitted by your browser in the frame of Google Analytics will not be brought together with other data of Google. Furthermore, on our website we have enhanced Google Analytics by the code “anonymizeIP”. This safeguards the masking of your IP address still in the EU, so that your complete IP address will be processed within the EU only, in order to exchange data between your browser and Google, but not transmitting or storing your IP address outside the EU. All stored data are therefore anonymous. Only in exception cases, the complete IP address is transmitted to a server of Google in the USA and there becomes shortened.
This short-term processing of your IP address at Google serves to obtain a website statistic in order to serve our legitimate interest for the improvement of our website.
You may prevent the storage of cookies by a specific setting of your browser software; however, we point out that in such case you may possibly be not able to use all functions of this website comprehensively.
Furthermore, you may prevent collection of data created by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser-plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information about data protection in context to Google Analytics, you may find in the Google Analytics Support ( https//support.google.com/analytics/answer/6004245?hl=en ).
Google Signals is used as an extension of Google Analytics. The tool is an extension of the statistical visitor evaluation. The method of cross device tracking technology is used, with which different website visits of an individual visitor with different end devices can be assigned to this visitor.
The prerequisite is that the visitor is registered with Google and the option "personalised advertising" is activated in his Google account.
We do not receive any personal data through this Google service, but only statistics of all users who have carried out a conversion (e.g. click on an advertisement). It cannot be ruled out that Google itself can trace the data gained back to individual visitors.
You have the option of turning off the functionality of Google Signals by deactivating the option "personalised advertising" in your Google account settings.
b. Google Maps
We use the service Google Maps on some of our websites in order to provide you with interactive maps (Art. 6 (1) b, f GDPR. This is useful for you, when you want to be informed about us or when you want to visit us in order to enable you to find your way by using one single map locally and supra-regionally. Our legitimate interest is provision of an interactive map therefore, because otherwise such a map would require enormous technical effort.
We do not get to know when Google Maps is presented to you or when you interact with it.
c. Google Fonts
We use Google Fonts on our websites. These are type faces which can be shown by your browser even when these special type faces are not available on your system (Art. 6 (1) f) GDPR). Our legitimate interest is a standardized representation of our website on all kinds of devices and browsers.
We do not get to know when Google your browser has loaded Google Fonts.
d. Google ReCaptcha
We use the Google ReCaptcha service in order to find out whether really a natural person like you tries to operate the form or instead an undesired automated attacking software. This serves for IT security, and our legitimate interest is to maintain our services and prevent inaccurate information in our data bases (Art. 6 (1) b), f) GDPR).
We do not get to know, which ReCaptcha has been shown to you, however we obtain a message by Google, whether the ReCaptcha has been solved assumingly by a natural person.
Google uses the non-personal data, transmitted by you when solving the ReCaptcha for improving their picture analysis algorithm.
e. Google Retargeting
Please inform yourself about our use of Google Retargeting technologies in the section about retargeting.
5. General aspects about use of Facebook services on our website
On our website we use programs (“plugins”) of the social network Facebook. These services are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) respectively in case you are Facebook customer and from the EU, by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you request a page of our web presence, containing such a plugin, your browser creates a direct connection to the server of Facebook. The content of the plugin is transmitted directly to your browser and inserted in the site. By inserting of the plugins, Facebook obtains the information that your browser has requested the respective page of our web presence, even when you have no user account at Facebook or you are not logged in at the moment. These information (including your IP address) is transmitted directly from your browser to the server of Facebook, which may be placed in the USA, and one has to assume that they will be stored there, as well. These data processing procedures take place according to Art. 6 (1) f) GDPR on the basis of the legitimate interest of Facebook for fading in personalized advertisements on the basis of your surfing habits. Facebook has subjected itself to the Privacy-Shield-Convention of the EU with the USA, so that the respective adequacy decision of the EU is the legal basis of the data processing in the USA and shall safeguard the data protection level applicable in the EU.
When you are logged in at Facebook. Facebook is able to directly allocate your visit of our website to your profile at Facebook. Purpose and extent of data collection and the further processing and use by Facebook as well as your rights and setting options related to this to protect your privacy, you may see in the data protection information of Facebook: http://www.facebook.com/policy.php.
When you do not want Facebook to allocate the data collected via our web presence directly to your Facebook profile, you have to log out from Facebook before visiting our website.
a. Facebook Login
On our website you may sign on for establishing a customer account respectively for registering via the social plugin “Facebook Connect” of the social network Facebook within the frame of the so called Single Sign On technology, in case you have a Facebook profile. The social plugins of “Facebook Connect” on our website you may identify by the blue button with the Facebook logo and the inscription “FACEBOOK LOGIN”.
Afterwards, when you consent explicitly according to Art. 6 (1) a) GDPR prior to the procedure of signing on, based on the indication about the exchange of data with Facebook, we receive in case of use of the “Facebook Connect” button, depending on your personal data protection settings at Facebook, the general and publicly accessible information stored in your profile:
- Last name, first name
- Age (at least for instance “21 years or older”, what however we do not store)
- Place of residence (as far as specified at Facebook)
- E-mail address
- Picture of profile (will not be stored or used by us, however is always provided by Facebook)
We would like to emphasize that we do not store or use the user-ID of friends and of the buddy list.
The data transmitted by Facebook are stored and processed by us for establishing a user account with the necessary information, if provided therefore by Facebook for such reason, in order to conclude a registration contract with you (Art. 6 (1) b) GDPR). Vice versa, we may transmit data (e. g. information about your surfing habits) to your Facebook profile, based on your consent.
The provided consent may be withdrawn by you at any time by a message to us.
We store the data provided by Facebook only as long as you maintain your account and additionally for the time of possible limitation periods and legal periods for storage of data.
b. Facebook Conversion Tracking
On our website, we additionally use the Facebook Conversion Tracking by means of Facebook pixels. When you have seen an advertisement of us and later on visit specific areas of our website, we wish to evaluate the success of our advertisement. Therefore, Facebook links information about the advertisements with information, which pages you have called up on our website. Later on, we obtain statistic information by Facebook about the success of our advertisements, without enabling us to still verify with which specific visitor the success of the advertisement has been made. Facebook is able to measure the success of advertisements across various devices, e. g. that an advertisement on a smartphone may be allocated to a later purchase with a laptop. Facebook carries out such allocation for no longer than 28 days after the advertisement, so we assume Facebook will not store the data any longer than for this period.
The purpose for us and our legitimate interest is the evaluation and optimization of our advertisement strategies in order to publish the optimum advertisements and avoid spending money for advertisement being not successful. (Art. 6 (1) f) GDPR).
c. Facebook Retargeting
Please inform yourself about our use of Facebook Retargeting technologies in the section about retargeting.
Our Website uses so called retargeting technologies (also called remarketing). We use such technologies in order to make the entire internet experience – also on sites of third parties – more interesting for our users. The retargeting technologies make it possible to approach internet users, having already shown interest for our shop and our products, again with advertisements on afterwards visited websites of third parties. This advertisement is often aligned to the sites visited before (Art. 6 (1) b), f) GDPR). Our legitimate interest is the improvement of the performance of our advertisement means and the targeted readdressing of you as person interested in our performances and products. Fading in such advertisement means on the websites of third parties is carried out on the basis of a cookie technology and an analysis of the previous user habit. This way of advertisement is implemented completely anonymously, because we do not get to know anything of the communication of your browser with the servers of the retargeting provider. Your browser communicates directly with the servers of the retargeting providers when visiting our website and other websites. The retargeting providers therefore get to know your IP address, the cookie stored at you and what you have watched while visiting our website. The retargeting providers get to know your IP address and the cookie stored at you again, when you visit other websites which cooperate with the same retargeting provider. There our advertisement can be shown on our behalf then, e. g. advertisement for products, which you have watched on our site. We do not know to which extent the retargeting providers store and analyze your IP address.
We use retargeting technologies of the following companies
- Google LLC („Google“), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Criteo GmbH, Unterer Anger 3, 80331 München/Munich, Germany
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- d3media AG, Ludwig-Erhard-Straße 14, 20459 Hamburg, Germany
- mediards GmbH, Im Mediapark 8, 50670 Köln / Cologne, Germany
- affilinet GmbH, Sapporobogen 6-8, 80637 München/Munich, Germany
- neXeps GmbH, Erinstraße 18, 44575 Castrop-Rauxel, Germany
- adrox GmbH, Niederstr. 1, 47829 Krefeld, Germany
- Tisoomi GmbH, Gänsemarkt 31, 20354 Hamburg, Germany
- Plista, Torstraße 33-35, 10119 Berlin, Germany
- Brandbüro Media GmbH, Habsburgerring 1, 50674 Köln/Cologne, Germany
- Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany
- Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 München/Munich, Germany
- Taboola, Friedrichstraße 68, 10117 Berlin, Germany
- Outbrain, Hohenzollernring 88, 50672 Köln/Cologne, Germany
- Affiliate Agentur metapeople GmbH, Philosophenweg 21, 47051 Duisburg, Germany
- Media Agentur Performance Media Deutschland GmbH, Gorch-Fock-Wall 1a, 20354 Hamburg, Germany
Taking into account the applicable legal provisions for data protection for implementing retargeting, non-personal data are stored in cookies on your computer and erased after expiry of 540 days at the latest. These data are used for statistical evaluation, which leads to the mentioned advertisement referred to the specific interests. In addition, we obtain a statistic, non-personal evaluation of the retargeting. You may see in our cookie directive how to use settings at your browser in order to prevent the storage of cookies, necessary for such services, on the permanent memory of your device in the future or how to erase already stored cookies respectively how to use the opt-out-function of the retargeting programs used by us.
When you would like to get to know more about the configuration capabilities for interest-related advertising, we recommend to have a look at the following websites of online advertising initiatives:
7. Fingerprinting and cross device tracking – intelliAD
This website uses the Fingerprinting and the Cross Device Tracking technology of intelliAd Media GmbH, Sendlinger Str. 7, 80331 München (Munich), Germany (“intelliAd”).
The fingerprinting is used when you visit our website by calling up our website via a link (e. g. even a link in an ad banner). Fingerprinting enables us the statistic analysis as the legitimate intertest, which links have been especially useful for our customers. There will be no analysis for the individual person. Implementing the fingerprinting for the first time, the working memory of the IntelliAd servers will store your complete IP-address and the user agent information of your browser will be converted in a mathematical value, a so called hash value, thus the information is encrypted. In addition, the same procedure is carried out on our server. The both created and identical hash values are aligned and replaced by a user identifier, which will also be used directly in later sessions (Art. 6 (1) f) GDPR). Afterwards, IP-address and user agent information will be erased out of the working memory of the IntelliAd server. It is not possible to recalculate out of the hash value, so from this point of time on, no personal data is processed anymore. The user identifier will be created at your first visit by chance. In case you later on log in the shop from another device, the user identifier is the same as the already existing. The user identifier will be stored as a cookie on your devices, with which you visit our website, and after a login in our shop in order to enable us to allocate your activities with your device at a new visit to the original link, with which you had visited our website before (Art. 6 (1) f) GDPR). Our legitimate interest is the statistical evaluation for the optimization of our offers.
The user identifier is also used with the simultaneously used technology of cross device tracking, for which the cookie technology is used, as well. After you have logged in on a device, it is analyzed whether a user identifier to your customer database already exists in order to store the same user identifier on all your devices into the cookie. Then we forward the so called user identifier, an IntelliAd, in order to enable IntelliAd to allocate your activities to the original link in the meaning of the afore described fingerprinting, which corresponds to our legitimate interest for accurate statistics and thereby the gapless evaluation of our marketing campaigns, (art. 6 (1) f GDPR). Our user identifier does not contain information which would enable IntelliAd to identify your person precisely (so called hash function). IntelliAd does not store complete IP-addresses of you, so the IntelliAd procedure is anonymous. IntelliAd stores the produced data in the form summarized in groups. We obtain a statistical analysis by IntelliAd, for which creation IntelliAd summarizes group data. Thus, we cannot realise with reference to your person, how you have used our shop and websites of third parties with your devices. We may quote from the statistics how we can improve our offer in case of use of various devices or for various groups of customers. IntelliAd uses multi-level encryption for the storage of the user identifier and the used cookies will be erased from your browser after 6 months.
In both procedures, the same user identifier is used.
To object against the storage of the (anonymously collected) visitor data, please use the IntelliAd opt-out function:LINK
8. 8select Software GmbH – Curated Shopping Engine (CSE)
We use the service “CSE” of the 8select Software GmbH, Heinz-Fangman-Str. 4, 42287 Wuppertal, Germany. When you request a page of our web presence, containing such a plugin, your browser creates a direct connection to the server of 8select. The content of the plugin is transmitted directly to your browser and inserted in the site. By inserting of the plugins, 8select obtains the information that your browser has requested the respective page of our web presence. These information (IP address) is transmitted directly from your browser to the server of 8select, and one has to assume that they will be stored there. These data processing is carried out in order to be able to provide the functionality of the software solution of 8select.
This software solution enables us to offer you products suitable to those products you have been interested in or have bought from us (Art. 6 (1) b), f) GDPR). Our legitimate interest is the improvement of the shopping experience for you and the opportunity to provide you offers tailored for you.
Modules of 8 select use session cookies in order to improve the relevance of product recommendations and increase the quality of advice for you. Therefore, information may be brought in which product pages have been loaded and which products and product categories have been watched in our online-shop. Without session cookie we regret to be not able to provide you such service of advice.
You may deactivate the display of CSE product recommendations with this button . In case you want to display the CSE product recommendation later on once again, just use this button: .
On our website as well as in our e-mail newsletter you find the opportunity to join surveys. For the offer and the implementation, we use the services of Usabilla GmbH, Kemperplatz 1, D-10785 Berlin. The servers needed therefore are operated by the Usabilla B. V., Rokin 16, 1012 KR, Amsterdam, Netherlands (“Usabilla”). When visiting our website, your browser creates a direct connection to the webservers of Usabilla, which transmits the corresponding offers by providing the opportunity to join the survey as well as the forms for the survey by using your IP-address. These webservers are placed in the USA, Europe or Asia. The selection follows the principle of the fastest data transfer. Outside the EU, the IP address will be used for data exchange only, but not for storage of data. The processing of data outside the EU is legitimate due to the use of standard contract clauses of the EU Commission with appropriate safeguards pursuant to Art. 46 GDPR.
In case of e-mail newsletter, data exchange with the Usabilla webservers takes place not before you click the link in the e-mail newsletter. There will by no means take place any use or storage of your IP address beyond this. In case you join the survey, neither your IP address, nor any other personal information will be stored or analyzed at Usabilla. We only analyze the surveys for anonymous customer sector information and other anonymous criteria.
1. General information
When using our contact form, registration form for our online offer, the press form as well as the newsletter registration, the information provided therein will be transmitted to us. Please notice additionally the indications given in this document for use of our website after login and in case of orders.
When using our contact form, the information provided therein will be transmitted to us and stored. Additionally, we store the date and time of day.
We use the data exclusively for replying to your request as well as, in case the request refers to a contractual relationship or a contractual relationship should be concluded hereby, for initiating and execution of a contractual relationship (Art. 6 (1) a), b), f) GDPR). Our legitimate interest is replying to your request. As far as you are already our customer or become our customer in the future, we are allowed to collect, store, change and transmit the data for conclusion, execution or termination of the contractual relationship, without need for your consent (Art. 6 (1) b) GDPR) and as long as it is permitted by law (e. g. after expiry of limitation periods often lasting 3 years or 10 years according to tax provisions of the Abgabenordnung (= fiscal code). In other cases, that is e. g. as long as the contractual relationship has not been established, we store your data only as long as we consider it necessary for the communication with you. In case of request without reference to a contract, we erase it after several months, in case the contact was a one-time contact and no further communication in this matter may be expected as well as there is no legal obligation to maintain the data. You shall have the right to object against your consent with regard to the data transmitted to us via the contact form with effect for the future. You may execute your right to objection by a message to our contact data according our imprint.
In case you want to contact us via e-mail, we draw your attention to the fact that the content of unencrypted e-mails could be discovered by third parties. Therefore, we recommend to send confidential information encrypted or via our website or the mailing route.
3. Press form
When using the press form, the information provided therein will be transmitted to us and stored. Additionally, we store date and time of day. Your IP address, simultaneously transmitted, will not be stored with the data of the contact form.
We use the data exclusively for replying to your request (Art. 6 (1) f) GDPR). Our legitimate interest is implementation of public relations. We store your data only as long as we consider it necessary for the communication with you. In case of request without reference to a contract, we erase it after several months, in case the contact was a one-time contact and no further communication in this matter may be expected as well as there is no legal obligation to maintain the data. You shall have the right to object against your consent with regard to the data transmitted to us via the press form with effect for the future. You may execute your right to objection by a message to our contact data according our imprint.
Where we transmit e-mail newsletter on the ground of provision of your data, these newsletters contain elements, which react on reading or confirming links within the newsletter and are connected to an individual technical marking. We use such information for statistical analysis of all information received back out of the use of the newsletter, in order to improve the newsletter services for you (Art. 6 (1) f) GDPR). Our legitimate interest is the optimization of the newsletter services for you, in order to enable us to present the presumably relevant product offers to our customers.
Furthermore, we use these information as well as information about areas and single products viewed on our website by you after login in order to determine the contents of e-mail newsletter, subsequent in time (Art. 6 (1) f) GDPR). Our legitimate interest is optimization of newsletter services for you in order to provide you with presumably relevant product offers. This may take place in form of creating customer categories.
For the newsletter services including behavior analysis, we use the services of Emarsys Interactive Service GmbH, Stralauer Str. 34, 10243 Berlin as processor who therefore obtains your corresponding data from us.
You may object by sign out of our newsletter and no more clicking any links. Signing out of the newsletter (objection) is possible at any time and may be implemented either by a message to the contact option described below, via a link designed therefore in the newsletter or, in case you are registered in the online shop with your e-mail account, on our website after login under MY ACCOUNT.
a. E-mail newsletter ordered by you, e. g. by registration
When signing on to our newsletter, we use the form of address and the e-mail address to address our regular newsletter to you. Without your e-mail address and your form of address we cannot conclude an agreement with you concerning the e-mail newsletter. In case you choose the newsletter outside of our online-shop area, you will have to select a language as a mandatory information, otherwise you cannot order the newsletter. For e-mail newsletter it will be verified without undue delay after registration, whether the recipient of the e-mails really demands mailing of the information by e-mail under the provided address. In the therefore provided e-mail, the recipient has to click a link for confirmation, which differs from other confirmation links by reference information and therefore is personal. The reference information will therefore be stored to your personal data and serves for finding out which newsletter registration has been confirmed to which point of time (Art. 6 (1) b), c), f) GDPR). Our legitimate interest is to avoid sending the newsletter to persons who do not want to receive the newsletter. The storage will be maintained as long as you obtain the newsletter plus such time in which we still need the data for proof of the right to send the newsletter, e.g. expiry of period of limitation of possible claims.
b. Use of data for e-mail advertising without signing on for the newsletter and your right to objection
In case we have obtained your e-mail address in context to the sale of a product or a service and you have not objected, we reserve the right to send regularly offers for similar products like the already purchased out of our assortment (Art. 6 (1) a), b), f) GDPR, § 7 para. 3 Gesetz gegen den unlauteren Wettbewerb (= Unfair competition Act). Our legitimate interest is to initiate purchase contracts with you again. We store your e-mail address as long as you are registered with our shop. You may object against this use of your e-mail address at any time via a message to the contact option described below or via a link dedicated for that in the e-mail newsletter without causing other costs than those for transmitting according to the basis tariffs.
c. E-mail newsletter recipient in Switzerland, Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Uruguay
In case you have your e-mail-account with an e-mail provider in the states according to the headline, our e-mail server will transmit the e-mails to your provider in the respective country. For these countries, there is an adequacy decision of the Commission that safeguards the data protection level applicable in the EU (Status 25th April 2018, for current status see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu ).
d. E-mail newsletter recipients in other countries outside the EU
Please do not sign on to our newsletter, when your e-mail provider operates his server in other countries.
In case you nevertheless sign on, we take this for a consent in data transmission in these other countries. You shall have the right t object at any time according to the instruction below concerning the right to objection.
1. Registration to the shop
When registration to our shop is carried out, we will collect the following data from you:
- E-mail-address, please notice our declaration to recipients of e-mail newsletters in countries outside the EU, when your e-mail-provider operates his server outside of the EU
- Form of address
- Country, in which the good shall be delivered
These data will be stored the entire time, as long as you maintain the registration, as well as beyond it for such time determined by the law and for the period of time we could need the data due to possible disputes with you. The legal basis is Art. 6 (1) b), f) GDPR. Our legitimate interest is the provability of events. In case you do not agree to provide the mandatory details, we cannot accept your demand for registration and cannot enter into a contract with you. Then you are not able to order anything from us.
For implementation of a first order, we need at least the further following data in order to be able to conclude an implement the contract (Art. 6 (1) b) GDPR):
- Invoice address
- Delivery address, when you demand a deviation from the invoice address
- Approval of our General Terms and Conditions, the respective current version at the time of order
- Payment method and, depending on the payment method, the corresponding payment information, such as e. g. bank account number
We store these data together with the data about the products ordered by you, the point of time of the order, the data concerning your payment (method of payment, as the case may be the account, paid amounts, time specification, which we obtain from your bank), data of commissioning (place, ID number, time specification), data about dispatch and receipt (shipping providers, parcel number, time specifications about the parcel), communication data (e.g. telephone, e-mail), the contract data (contractual relationship, interest in products respectively in contracts), the customer history at us respectively the service provider acting on our behalf, PVS Fulfillment-Service GmbH, Heinz-Nixdorf-Straße 2, 74172 Neckarsulm.
In case you execute rights for withdrawal, exchange goods or assert warranty claims, we store further data therefore, such as your dispatch (shipping provider, parcel number, time specifications with regard to the parcel), receipt at our place (place, ID number, time specification), condition of the goods as well as – as the case may be – data of the further shipping to you, as indicated in the paragraph before concerning the order.
We store these data in order to be able to execute and enforce the contract with you, to have evidence for the steps leading to the execution of the contract, to be able to offer you a history of order, to fulfil legal duties, to transmit the data to third parties to the extent described in the following and to the purpose of evaluation as already described above for being able to provide you an optimized user experience (Art. 6 (1) b), c), f) GDPR). Our legitimate interest is the preservation of evidence, increase of customer satisfaction, optimization of offers and sales promotion.
The data to be stored according to tax law provisions, we store for a period required by tax law. Further data we store at least until expiry of every limitation periods, which could be applicable for the respective contract. For the rest, we store data out of an order for 10 years.
These data we will transmit to third parties for execution of the orders:
- Payment data to our payment service provider, who possibly have to transmit the data to further banks, e.g. for being able to collect receivables by direct debits at your bank
- Shipping data to the shipping and parcel service provider
- Data of order to a collection service provider, lawyers and courts in case disputes occur with respect to the order
- Tax advisors and auditors
In case of payment with credit card, your credit card data will not be transmitted to us, but directly from your browser to the executive payment service provider Ayden B.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, The Netherlands.
3. Orders into Switzerland
In case you order shipment to a delivery address in Switzerland, we will process the data according to the foregoing paragraph. In addition, we point out that we have to accordingly transmit data to third parties in Switzerland such as a parcel service provider, payment service provider, collection service provider, lawyers and courts, because there you have your seat or your delivery address. For the Switzerland, there is an adequacy decision of the EU Commission which says that the EU Commission is of the opinion that in Switzerland an equivalent data protection level as in the EU is safeguarded.
4. Address validation within the order procedure
When you enter an address in the order procedure, we will check this address and as the case may be care for correcting slighter obvious mistakes. Therefore, we transmit the address entered by you without your name to the infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany, for customers with an address in Austria to the CRIF GmbH, Diefenbachgasse 35, 1150 Vienna, Austria and for customers in Switzerland to the CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland (Art. 6 (1) b, f GDPR).
This is necessary to be able to provide you with the goods flawlessly, to make a selection of the payment methods and to be able to make a credit assessment being carried out (Art. 6 (1) b), f) GDPR). The address validation serves for the automated decision in individual cases, because our system does not allow for orders in case an obviously wrong address has been entered. In case of an unknown address, the system will not allow for credit card payment, payment by SEPA direct debit mandate or the payment method “sale against invoice”.
The address validation will be carried out only in case you enter a new address. There will be no storage of the result.
5. Credit information and choice of method of payment
In order to provide you with a selection of payment methods as good as possible, we have to protect you against abuse and reduce our non-payment risk (legitimate interest).
We calculate periodically which payment methods we may offer you as a registered customer. Therefore, we use blacklists, lists with approved customers as well as an analysis of habits of returns. This serves for the avoidance of non-payments (Art. 6 (1) b), f) GDPR). The result remains stored until a new calculation. In case you are on a blacklist, you may not pay by credit card or SEPA direct debit mandate or sale against invoice. When you are on a list for approved customers, you may use all payment methods. Within the analysis of habit of returns, we take into account the cumulative return value and thereby adjust the availability of the payment method “sale against invoice”.
As far as the aforementioned own analysis does not lead to an unambiguous result, the following applies:
We transmit your data (name, address and as the case may be date of birth) for the purpose of credit assessment, receipt of information for the assessment of the non-payment risk based on mathematic-statistical procedures by using address data as well as for address validation (check for deliverability) to the credit agency mentioned below. Legal basis for this transmission is Art. 6 (1) b) and Art. 6 (1) f) of the GDPR. Transmission on the basis of these provision are only allowed as far as necessary for attending the legitimate interests of our company or of third parties and the interests of the fundamental rights and freedoms of the concerned person requiring the protection of personal data do not prevail.
The credit agency is
- For customers in Germany: the infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany
- For customers in Austria: CRIF GmbH, Diefenbachgasse 35, 1150 Vienna, Austria
- For customers in Switzerland: CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland
Our legitimate interest is the avoidance of non-payment. Your interests worth being protected will be taken into account according to the provisions of law. A transmission of data will be carried out only to the respectively competent credit agency and only in the allowed cases mentioned here. The result will only be processed immediately in order to show you the selection of payment methods depending on the result, however it will not be stored.
Detail information concerning the infoscore Consumer Data GmbH in the meaning of Art. 14 GDPR, that is information about the object of business, about the purpose of data storage, about the data recipients, about the right of self-disclosure, about the claim for erasure or rectification etc., you may find in the attachment respectively under the following Link
In case you order as a customer in Switzerland, your Data will be transmitted to the CRIF AG in Switzerland. For Switzerland, there is an adequacy decision of the Commission, which says that the EU Commission is of the opinion that in Switzerland an equivalent data protection level as in the EU is safeguarded.
The following consent does only apply in case we separately demand declaration of consent by you within the order procedure:
Consent to measures of avoidance of fraud and discovery of abuse (Art. 6 (1) a) GDPR)
For safeguarding of the order procedure against fraud and/or abuse we automatedly check during the order procedure whether conspicuous features can be discovered for the concrete order for the contract.
I consent to that
1) My data for execution of the contract (e.g. object of purchase, name, mail address, e-mail address, delivery address, method of payment and bank data) and
2) The using data of my website visits of this e-shop (e.g. information about beginning, the end and the extent of the visited websites as well as click paths) together with
3) A cookie (i. e. a small text file, which will be stored locally in the cache of the web browser) and/or a visitor ID, which may
respectively contain anonymous data of the devices used for my visits of the websites (e.g. my screen resolution or my operation system version) and by which my used devices may be recognized in further visits with a certain degree of probability, will be processed for the purpose to protect my user account, the websites which I visit and services which I use under the website www.outletcity.com against fraud (e.g. by takeover of user accounts, automated establishment of faked user accounts by bots, use of stolen identities or payment data or inaccurate ratings for services), for product optimization and product development or against abuse (e.g. by technical attacks on the IT infrastructure, “man in the middle”-attacks, brute-force-attacks or the use of malware).
I furthermore consent to that the aforesaid data will be transmitted by the e-shop outletcity.com to the Device Transaction-Pool (DTP) and stored there. Object of DTP is to protect as related industry warning service the participating member companies against abuse and against non-payment due to fraud, which can occur in case of providing professional telecommunication services and telemedia services against payment to contractual partners being unwilling or unable to pay, especially due to fraud. In case of request of a member company at DTP, only the results of the assessment of suspicion to the request will be transmitted to this member company. Thereby, positive data may be used, too, i. e. that devices with which e. g. payments are often effected in time, will be assessed positive. A storage of result data at individual member companies beyond the concrete case of an individual use does not take place. The DTP is operated by the infoscore Profile Tracking GmbH (IPT), Kaistr. 7, 40221 Düsseldorf as processor of the member companies.
Your data will be automatically erased after five months.
I assure that I am authorized to declare this consent with regard to all devices used by me for visiting this e-shop outletcity.com, and that I inform third persons to whom I provide my therefore used devices about this consent and take care that these persons also agree with the described measures respectively otherwise do not visit this e-shop outletcity.com with my devices.
The e-shop outletcity.com has engaged the infoscore Tracking Solution GmbH, Kaistr. 7, 40221 Düsseldorf as processing pursuant to Art. 28 GDPR for the implementation of prevention and discovery of abuse.
Recipients of the data are exclusively contractual partners of the e-shop outletcity.com. In this case, the recipients are the infoscore Tracking Solutions GmbH, Kaistr. 7, 40221 Düsseldorf, the infoscore Profile Tracking GmbH, Kaistr. 7, 40221 Düsseldorf, the infoscore Tracking Technology GmbH, Kaistr. 7, 40221 Düsseldorf as well as the service provider for computing centers, who have been commissioned with the storage of the data.
Providing the personal data is necessary for a conclusion of a contract. In case of not providing, the e-shop reserves to interrupt the purchase procedure.
In case of suspicion of fraud or abuse, an employee of the e-shop checks the assessment and the underlying indications.
In case a conclusion of contract will be rejected, I will become informed about that and, on request, be informed about the decisive reasons for the decision. I then obtain the opportunity to submit my view hereafter which an employee will review the decision once again.
Each concerned person has the right of access to information pursuant to Art. 15 GDPR against the e-shop outletcity.com, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR as well as the right to data portability pursuant to Art. 20 GDPR.
Moreover, there is the possibility to approach the supervisory authority competent for the e-shop outletcity.com
As far as you want to know which data we have stored with regard to your person and to whom we have transmitted what data, we would be pleased to inform you about that in the frame of a written self-declaration, free of charge. We ask for your understanding that due to reasons of data protection we must not provide information by telephone, because an unambiguous identification of you on the phone is impossible. For preventing any abuse by third parties, we need the following details by you:
- Last name (as the case may be name at birth), first name
- Date of birth
- Current address (Street, house number, zip code and place)
You ease the identification of you and avoid possible callbacks when, on a voluntary basis, adding a copy of your ID/passport (front side and back side).
I may withdraw the foregoing consent at any time at the provider by an informal letter with effect for the future under [URL] widerrufen.
7. Coupon offers of Sovendus
Especially after an order by you, we fade in coupon offers. Thereby, the IP address will be transmitted, which Sovendus shall use for data security purposes only and as a general rule will be anonymized after seven days (Art. 6 (1) b), f) GDPR).
When you are interested in a coupon offer of the Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) and click on the coupon banner, we transmit encrypted the form of address, name and your e-mail address to Sovendus in order to prepare for the coupon (Art. 6 (1) b), f) GDPR). Besides we transmit in pseudonymous form for the purpose of invoicing the order number, value of order with currency, session ID, coupon code and timestamp to Sovendus.
Our legitimate interest is the improvement of the shopping experience of you on our website, to which coupons of other shops shall contribute to.
Further information about the processing of your data by Sovendus you may find in the online data protection notice underwww.sovendus.de/datenschutz respectively for Austria: www.sovendus.at/datenschutz and for Switzerland: www.sovendus.ch/datenschutz)
8. Postal mailings
If we send you mailings based on the data you have provided with information about the Outletcity Metzingen and our online shop (Art. 6(1)(f) of the GDPR), we will process your personal data as follows:
- First and last name
We transmit (title, first and last name, address) to Lettershop Raible GmbH & Co. KG, Industriestr. 92, 75181 Pforzheim, Germany. This company processes this personal data on our behalf to help us carry out postal mailings, e.g. by sending the postal mailings to you.
9. Parcel tracking with ParcelLab
In your customer area “my account” under “my orders” you have the opportunity to call up status information for parcel tracking. Therefore, the data concerning your order, in particular your parcel number, will be transmitted to the parcelLab GmbH, Landwehrstr. 39, 80336 München / Munich, who technically implements this task for us and returns the data for the delivery. This provides you with the opportunity to call up a history of order with information about the status of our deliveries to you (Art. 6 (1) b), f) GDPR). Our legitimate interest is the improvement of your user experience after order.
You may object this use of data by refraining from watching any information for parcel tracking.
VII. Your rights to information, correction, blocking, deletion, completion, restriction and data portability
You obtain without giving reasons information free of charge about your personal data stored at us. Within the frame of your rights according to the law you may make us block, correct or erase the personal data stored at us.
Furthermore, you have the right to demand completion of incomplete data and in the cases regulated by the law to demand restriction of the processing. Then you also have the right for data portability as far as we have determined Art. 6 para. 1 a or b GDPR in this declaration and the processing is implemented by automated process.
We explain your rights in particular as follows:
Right to information
You are entitled to require a confirmation by the controller about whether personal data concerning you are processed by us. In case such processing occurs, you may require from the responsible person the following information:
(1) The purpose of processing the personal data;
(2) The categories of personal data being processed;
(3) The receiver respectively the categories of receivers, towards which the personal data concerning you have been disclosed or will be disclosed;
(4) The intended duration of the storage of the personal data concerning you or, in case specific information about it are not possible, criteria for determination of storage duration;
(5) The existence of a right to rectification or erasure of personal data concerning you, of a right for restriction of processing by the controller or of a right to raise objections against the processing;
(6) The existence of the right of appeal at a supervisory authority;
(7) All available information about the origin of the data, in case the personal data have not been collected from the affected person;
(8) The existence of automated decision-making including profiling according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the aspired affection of such processing for the affected person.
You are entitled to claim information about whether the personal data concerning you are transmitted in a third county or to an international organization. In this context you may claim becoming informed about appropriate safeguards according to Art. 46 GDPR in context with the transmission.
2. Right to rectification
You shall have the right to obtain from the controller the rectification and/or completion, as far as the processed personal data concerning you are inaccurate or incomplete. The controller shall implement the rectification without undue delay.
3. Right to restriction of processing
Under the following conditions you may demand restriction of the processing of the personal data concerning you:
(1) When you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) The controller no longer needs the personal data for the purpose of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
(4) You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where the processing of the personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. In case you have obtained restriction of processing according to the conditions above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
Obligation to erase
You shall have the right to obtain from the controller the erasure of the personal data concerning you without undue delay, and the controller shall have the obligation to erase such data without undue delay in case one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for processing.
(3) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.
a)Information to third parties
In case the controller has disclosed personal data concerning you and is obliged to erasure of such data pursuant to Art. 17 para. 1 GDPR, he shall implement appropriate measures, taking into account the available technology and implementation costs, also of technical kind, in order to inform such persons responsible for the data processing, that you as concerned person have claimed from them to erase all links to these personal data or of copies or replications of these personal data.
The right to erasure shall not apply to the extent that processing is necessary
(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of authority vested in the controller;
(3) For reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and lit. i as well as Art. 9 para. 3 GDPR;
(4) For achieving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise or defence of legal claims.
5. Right to notification
In case you have asserted the claim to rectification, erasure or restriction of procession to the controller, the controller shall communicate these rectification or erasure or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform you on request about those recipients.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) The processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR; and
(2) The processing is carried out by automated means.
In exercising your right to data portability, you furthermore shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected hereby.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. General information about your right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.
We shall no longer process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or serve the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
8. Right to revoke the declaration of consent under data protection law
You shall have the right to revoke your declaration of consent under data protection law at any time. The revocation shall not affect the legitimacy of processing carried out on the basis of the consent until its revocation.
9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply, if the decision
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or lit. g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in paragraph (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
In case of complaints concerning data protection, you may approach our data protection officer mailto:Claus.Bauer@cerdat.de or address the supervisory authority. Notwithstanding any other administrative or judicial remedy you may have, you shall have such right for complaint at a supervisory authority, especially in the Member State of your residence, your place of work or at the place of the alleged violation, when you are of the opinion that the processing of personal data concerning you would violate the GDPR. The supervisory authority to which the complaint is addressed will inform the complainant about the status and the results of the complaint including the option of a judicial remedy pursuant to Art. 78 GDPR.
The Outletcity Metzingen GmbH is jointly responsible with regard to data protection with the Holy AG, Friedrich-Hermann-Str. 6, 72555 Metzingen. The Outletcity Metzingen GmbH does not have own technology. This is provided by the Holy AG, only. The Outletcity Metzingen GmbH acts both as operator of the online-shop outletcity.com and as communication channel for advertising to the customer. In the frame of these tasks, the Outletcity Metzingen GmbH collects, processes and stores personal data, which then will be used by the Outletcity Metzingen GmbH as well as by the Holy AG. Furthermore, both the Holy AG and the Otletcity Metzingen GmbH uses third parties, who act as processor on behalf of the Outletcity Metzingen GmbH and occasionally on behalf of the Holy AG. Legal basis for the transmission of personal data to these persons is Art. 6 (1) b), c), e), f) GDPR. The legitimate interest and the purpose of the joint responsibility is the effective implementation and design of legal relationships to employees within the Holy group as a part of the entrepreneurial autonomy, the involvement of third parties in a world based on division of labour as part of an efficient offer at the market as well as a better utilization of the technology of Holy AG. The Holy AG pursues to fulfil corresponding contracts with the Outletcity Metzingen GmbH and enable the Outletcity Metzingen GmbH to do their work. The Outletcity Metzingen GmbH is nevertheless responsible to the persons affected by this data protection declaration, especially for the fulfilment of the information obligations pursuant to Art. 13 and Art. 14 GDPR and takes care for the fulfilment of the rights of the concerned. Art. 26 para. 3 GDPR remains unaffected. The joint responsibility ends with the termination by the aforesaid companies, after which as a consequence the passage of the text at hand will be erased from this data protection declaration and the personal data of the concerned person will furthermore belong to the Outletcity Metzingen GmbH. The point of contact for concerned person is: email@example.com as well as firstname.lastname@example.org.
The data protection declaration is currently valid and is dated 03 rd July 2019.
Due to the further development of our website or the implementation of new technologies it may become necessary to change the data protection declaration. We reserve to change the data protection declaration at any time with effect for the future. We recommend to read the current data protection declaration from time to time again.