Privacy Notice
This Privacy Notice is addressed to you as a member of the OUTLETCITY CLUB ("OUTLETCITY CLUB"), irrespective of the extent to which you use our services, as well as to you as a non-registered visitor of the website ("Website") of OUTLETCITY AG ("we" or "OUTLETCITY") accessible at https://www.outletcity.com.
In this Privacy Notice, we will inform you about the personal data we process from you as well as under what circumstances we do so in relation to the OUTLETCITY CLUB and in connection with the Website. In relation to the processing of this personal data, we are the "Controller" as defined in the General Data Protection Regulation ("GDPR").
A. Overview
To give you an overview of our data processing activities, we present them to you in this overview.
1. Website
When you visit our Website, we store information about you by using log files so we can optimise our online presence in the future and in order to ensure data protection control and data security. We also use a so-called content delivery network so that we can reliably provide the content of the Website.
If you contact us via our Website or submit a press enquiry, we process your personal data resulting from your enquiry in order to be able to answer it to your satisfaction.
For certain forms, we want to ensure that they can only be used by humans and not by software. For this purpose, we use so-called captcha services.
2. OUTLETCITY CLUB and Online Shop
The OUTLETCITY CLUB is OUTLETCITY's loyalty programme. In order to be able to offer you the OUTLETCITY CLUB and provide you with the most relevant offers possible, we collect personal data from you when you register for and use the OUTLETCITY CLUB. In addition to the data that we request as part of the registration process, this also includes data that we assign to your customer account, such as your personal identification number, your purchase history or information about how many reward points you have received or, if applicable, redeemed.
The use of our Online Shop is linked to a membership in the OUTLETCITY CLUB. Accordingly, we process the same personal data for both.
Credit agencies help us, with regard to orders, to regularly check address data and in some cases, depending on the selected payment method, obtain information as to your credit rating.
In order to be able to offer you the Online Shop and to market our products and services, we cooperate with various data processors and other service providers who may also have access to your relevant personal data in this context.
3. Cookies and tracking
We use certain cookies, cookie-like and cookie-based technologies (collectively also "cookies") to improve your user experience and to analyse your behaviour. This includes cookies that enable us to use retargeting, fingerprinting, conversion tracking, cross-device tracking or customer audiences.
Information on the individual cookies used by us, their functions, purposes, the relevant legal bases, consent options, withdrawal options and objection options can be found below (Section C.4) and in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/.
To capture and process your consent status regarding cookies on our website, we use the Google Consent Mode operated by the provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Google Consent Mode works in conjunction with the cookie settings we use on our website. In the Google Consent Mode, your Google tags and scripts are adjusted based on your consent status in the cookie settings. Tags are loaded on our website before the consent dialog appears, allowing the tag behavior to dynamically adapt depending on the cookie consent you have chosen in the settings. Your consent status is then transmitted to Google by the Google Consent Mode for further processing. No personal data is sent to Google.
This processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to track your consent status in our cookie settings and implement your selection accord-ingly on our website.
B. Controller and data protection officer
The Controller with regard to the described processing of your personal data is:
OUTLETCITY AG
Hugo-Boss-Platz 4
72555 Metzingen
Tel.: +49 (0)7123 92340
E-mail: service@outletcity.com
You can contact our data protection officer by e-mail at datenschutz@outletcity.com.
C. Our data processing activities
To help you to understand what types of personal data we process, for what purposes and on what legal basis, we provide you with detailed information on this below.
1. Actively contacting us via our Website
You have various opportunities to actively contact us via our Website. If you do so, we will process your personal data as described in this Section C.1.
1.1 Contact us (via the contact form or by e-mail)
If you use the contact form on our Website to contact us or send us an e-mail enquiry, we process the following personal data in order to be able to answer your enquiry as best as possible:
- your salutation
- your first and last name
- your e-mail address
- your message, including chosen subject line and other personal data that may result from the content of your message
- date and time of your enquiry
If you contact us as a non-registered visitor to our Website, we use this personal data to respond to your enquiry. If your enquiry does not concern a past, present or potential contractual relationship with us, our processing of your personal data is based on Art. 6 para. 1 lit. f GDPR.. Our legitimate interest is to answer your enquiry.
If you contact us as a member of the OUTLETCITY CLUB (cf. Section C.3) and/or your enquiry relates to a former, current or potential contractual relationship with us, our processing of your personal data in order to respond to your enquiry is carried out as part of the entering into or performance of this contractual relationship with you and is accordingly based on Art. 6 para. 1 lit. b GDPR.
Regardless of whether you are a member of the OUTLETCITY CLUB or a non-registered visitor to our Website, we also process your personal data to optimise our business processes. This includes in particular the continuous improvement of our handling of enquiries, for which we evaluate your enquiry to the extent necessary for this purpose. In this case, our processing of your personal data is based on Art. 6 para. 1 lit. f GDPR and our legitimate interest is to optimise our business processes.
1.2 Press enquiry
If you contact us via the press form on our Website, we process the following personal data in order to be able to answer your enquiry in the best possible way:
- your salutation
- your first and last name
- your e-mail address
- your message including chosen subject line
- date and time of your request
- your IP address (which is not stored together with the other personal data of your enquiry)
We process this personal data exclusively to respond to your enquiry based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to maintain close press relations.
2. Data processing with regard to mere Website visits
When you visit our Website, whether or not you are a member of the OUTLETCITY CLUB, we process personal data about you as described in this Section C.2.
2.1 Log Files
When you access our Website, your browser automatically transmits certain personal data to our servers, for the operation of which we may use host providers as data processors. We do this using so-called log files in which your IP address is stored. In addition to the IP address, we receive the following personal data from you via the log files:
- Referrer URL (i.e. information which website you used before you got to our Website)
- date and time of your visit to our Website, time zone difference from GMT
- the access method/function desired by the requesting computer
- the input details transmitted by the requesting computer (file name)
- subpage accessed or name of the requested file
- access status/http status code (file transferred, file not found, command not executed, etc.)
- transmitted data volume
- your browser version and operating system version
This personal data is collected both for the future optimisation of our online services and for data protection control and data security.
If you visit our Website as a member of the OUTLETCITY CLUB or to register as a member, this processing is carried out to initiate or fulfil a membership agreement with you and is therefore based on Art. 6 para. 1 lit. b GDPR. Otherwise, this processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to provide the Website securely and as error-free as possible.
2.2 Content Delivery Network
For the delivery of content on our Website, we use a Content Delivery Network ("CDN"), which is operated for us by a service provider as a processor.
The CDN makes Website content available on various servers around the world so that visitors to our Website can access it as quickly as possible from anywhere. The content embedded on our Website, such as images and videos, is obtained from the CDN when the Website is accessed. Through this access, information about your use of our Website (such as your IP address) is transmitted to the service provider's servers and stored there. This already happens when you simply access the Website with this content.
This processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to offer a higher level of fail-safety, increased protection against data loss and a better loading speed of the Website.
2.3 Captcha services
We use captcha services to ensure that forms on our Website can only be used by humans and not by automated attack software. For this purpose, a service provider's captcha tool runs in the background when you want to use certain forms on our Website. This tool analyses your behaviour to verify that you are a human. For this analysis, we collect similar personal data via the log files.
Our legitimate interest in processing your personal data through captchas is that we want to protect our Website from spam and attacks by automated attack software. The processing is therefore based on Art. 6 para. 1 lit. f GDPR.
3. Data processing in connection with the OUTLETCITY CLUB
If you register for our OUTLETCITY CLUB and then make use of the offer we make available to the OUTLETCITY CLUB members, we also process personal data about you.
The circumstances under which this is the case and the purposes for which the data is processed are described below. In addition to the purposes described below, we also use your personal data to continuously improve the OUTLETCITY CLUB (Art. 6 para. 1 lit. b GDPR).
3.1 Registration
The processing of your personal data described in this Section C.3.1 is carried out in order to conclude and perform the membership agreement for the OUTLETCITY CLUB between you and us (Art. 6 para. 1 lit. b GDPR).
You have various options for registering for membership in our OUTLETCITY CLUB. The personal data we process from you depends on which of these options you use. We refer to all this personal data as "Master Data".
3.1.1 Registration by name
You can register for membership in the OUTLETCITY CLUB by creating a customer account on our Website (registration).
You must already provide some necessary information when registering so that you can become a member of the OUTLETCITY CLUB at all. You can add voluntary additional information at any time after registration via your customer account on the Website or the OUTLETCITY App (see Section C.3.5).
3.1.1.1 Necessary data
We ask you for the following information, which is necessary for your registration, directly via the form for registering for membership in the OUTLETCITY CLUB:
- your e-mail address (which we verify as part of a double opt-in)
- a password for identification (only in encrypted form and without us knowing it)
- the desired country of delivery (by means of your place of residence)
- your desired salutation
In order to save you extra effort when entering the data, we derive some information directly from your application form. This includes, for example, the date of your application and the language of correspondence.
3.1.1.2 Additional information
In addition, you can voluntarily provide further personal data to complete your customer profile:
- your first and last name
- your date of birth
- your address
- your other interests or preferences
We use this personal data to be able to identify you precisely within the framework of the OUTLETCITY CLUB. We need your date of birth in order to be able to grant you the benefits described in the OUTLETCITY CLUB T&Cs. Please note that if you exercise your right to correct your personal data in this regard, we must insist on appropriate proof. To change your date of birth, please contact our customer service directly (service@outletcity.com).
3.1.2 Registration with Facebook
If you are a Facebook user, you can also register via the social plugin "Facebook Connect" of the social network Facebook. "Facebook Connect" is offered by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or, if you are a Facebook customer and have residence in the EU, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). You can recognise the social plugins from "Facebook Connect" by the button with the Facebook logo.
To register, you will be redirected to the Facebook website, where you can log in with your usage data. This links the Facebook profile and the service from us. Depending on your personal data protection settings on Facebook and the information stored there, we receive the general and publicly accessible information stored in your profile from Facebook when you use the Facebook login:
- your first and last name
- your age (at least the information that you have reached a certain age limit, e.g. "21 years or older", but we do not store this).
- your gender
- your place of residence
- your e-mail address
- your Facebook-ID
- your profile picture (which we do not store)
We use this information to identify you when you use our service.
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR.
Further information from the responsible party on Facebook Connect in itself and the privacy settings can be found here: Facebook privacy notice.
3.1.3 Registration with Google
If you are a Google user, you can also register using the social plugin "Google Sign In" of the provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can recognise the Google social plugin by the button with the Google logo.
To register, you will be redirected to the Google website, where you can log in with your usage data. This links the Google profile and the service from us. Depending on your personal privacy settings at Google, i.e. whether they have agreed to the transfer, we receive the following information from Google when you use Google login:
- your first and last name
- your e-mail address
- your language settings
- your Google-ID
- your profile picture (which we do not store)
We use this information to identify you when you use our service.
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR.
Further information from the responsible party on Google Sign in itself and the privacy settings can be found here: Google privacy notice.
3.1.4 Registration with Apple
If you are an Apple user, you can also register using the social plugin "Sign in with Apple" of the provider Apple Inc., Infinite Loop, Cupertino, CA 95014, USA or Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, ("Apple"). You can recognise the Apple social plugin by the button with the Apple logo.
To register, you will be redirected to the Apple website, where you can log in with your usage data. This links the Apple profile and the service from us. Depending on your personal privacy settings at Apple, i.e. whether they have agreed to the transfer, we may receive the following information from Apple when you use the Apple login:
- Your first and last name
- Your Apple ID
- Your e-mail address (including information on whether it is a private e-mail ad-dress generated with "Hide My E-Mail")
We use this information to identify you when you use our service.
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR.
Further information from the responsible party on Sign in with Apple itself and the privacy settings can be found here: Apple privacy notice.
3.1.5 OUTLETCITY CLUB Code and identification number
When you have completed your registration, you will initially only receive your OUTLETCITY CLUB Code. This serves to uniquely identify you as a member of the OUTLETCITY CLUB.
Because the OUTLETCITY CLUB Code can change in the course of your membership, for example if you lose your customer card or if you uninstall the OUTLETCITY App in the meantime (cf. Section C.3.5), we also use a unique identification number ("Customer ID"). By using this Customer ID in the background, we can ensure that reward points and status points (cf. Sections C.3.3.1 and C.3.3.2) are credited to your account and reward points can be redeemed even if the OUTLETCITY CLUB Code changes. We generate this Customer ID exclusively by the system and use it in all identification processes. If your customer card is lost, this procedure gives us the opportunity to block the corresponding the OUTLETCITY CLUB Code so that you can continue to use the OUTLETCITY CLUB without having to register again.
3.2 Online Shop
When you use our Online Shop, we process further personal data in addition to your Master Data. On which occasion and to what extent this happens in each case is described in the following subsections of this Section C.3.2.
3.2.1 Order in the Online Shop
In connection with your order in our Online Shop, we process your personal data to be able to process the order, its payment and any returns. In addition, we also process personal data relating to your order in order to be able to offer you services such as size recommendations or parcel tracking or to carry out address or credit checks.
3.2.1.1 Size Recommendations
You can view which size we would recommend for you based on your measurements regarding a specific item. We provide this service by integrating an external interface from a service provider we use as a data processor. Through this interface, we collect the following personal data from you, provided you choose to share it with us:
- Gender
- Height
- Weight
- Age
- Body type
- If "female" is selected as gender, bra size
This processing of your personal data is carried out to display the size that best fits your measurements on average. This allows you to order clothing with an optimal fit. To improve and further develop the service, we transmit anonymized data to the service provider we use. The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. f GDPR.
This processing of your personal data is cookie-based. For more information, including relevant legal bases, consent, revocation, and objection options, please see below (Section C.4) as well as in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/.
3.2.1.2 Processing of the order
In order to process your order, we require the following personal data in addition to your Master Data:
- your first and last name, unless you have already stated this at an earlier date
- your billing address, if different from the address stored in your customer account
- your delivery address, if different from the billing address
- the desired method of payment and, depending on the method of payment, the required payment information (cf. Section C.3.2.1.4.3)
This processing of your personal data is carried out for the fulfilment of the purchase agreements concluded between you and us regarding the goods you order in our Online Shop (Art. 6 para. 1 lit. b GDPR).
We then store this personal data with us or the service provider acting on our behalf in connection with the processing and dispatch of orders. They are stored there together with the following personal data of you, some of which is relevant to the order and some of which is historical data, in order to be able to offer you an order history and to store it for the purpose of evaluating and improving customer satisfaction:
- information about items you have ordered previously
- date of the order
- data relating to your payment (amounts paid, time details we receive from you or our bank)
- data of the commissioning (location, ID numbers, time specification)
- data of the dispatch and your receipt (dispatch service provider, parcel number, time details of the parcel)
- communication data (for example, telephone, e-mail)
- agreement master data (contractual relationship, product or contractual interest)
- customer history
This processing of your personal data is carried out for the fulfilment of your OUTLETCITY CLUB membership agreement and, insofar as necessary for its fulfilment, for the processing and execution of your individual purchase agreements (Art. 6 para. 1 lit. b GDPR).
3.2.1.3 Address verification in connection with orders
If you enter a new address in the check-out, we will validate it once and have any minor obvious errors corrected. For this purpose, we transmit, in each case without names, German addresses to infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden, as well as CRIF GmbH, Leopoldstraße 244, 80807 Munich, Austrian addresses to Credify Informationsdienstleistungen GmbH, Gumpendorfer Straße 21, 1060 Vienna, Austria, as well as CRIF GmbH, Rothschildplatz 3/Top 3.06.B, 1020 Vienna, Austria and Swiss addresses to INTRUM AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland, as well as CRIF AG in 8034 Zurich, Switzerland. For Switzerland, there is an adequacy decision of the Commission, which you can request at the above address.
Detailed information on the processing of personal data by infoscore Consumer Data GmbH can be found at https://finance.arvato.com/icdinfoblatt, by CRIF GmbH at https://www.crif.de/datenschutz, by Credify Informationsdienstleistungen GmbH at https://www.credify.at/datenschutz, by CRIF GmbH at www.crif.at/datenschutz, by INTRUM AG at https://www.intrum.ch/de/konsumenten/uber-intrum/ihre-privatsphare-ist-unsere-prioritat/ and by CRIF AG at www.mycrifdata.ch/#/dsg.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure smooth shipping, to be able to prevent the improper dispatch of goods to incorrect addresses and, in the case of unknown addresses, to be able to refuse you credit card payment, payment by SEPA direct debit or purchase on account in order to safeguard our incoming payments.
3.2.1.4 Payment
As part of the payment process, we process various personal data about you.
3.2.1.4.1 Credit assessment
In order to be able to offer you the best possible choice of payment methods, we want to protect you and ourselves from misuse and reduce our risk of non-payment (legitimate interest).
For our customers, we calculate in relation to each order, which payment methods we can offer. For this purpose, we view blacklists, maintain lists of approved customers ourselves and analyse your return behaviour. We do this to avoid payment defaults based on Art. 6 para. 1 lit. f GDPR. We store the result of our assessment in each case until recalculation. If your name is on a black list, you cannot pay us by SEPA direct debit or invoice. If you are on a list of approved customers, you can use all payment methods.
If our own analysis does not lead to a clear result, we will transmit your name, address and, if applicable, your date of birth for checking your creditworthiness and credit standing to the relevant credit agencies named in Section C.3.2.1.3. Legal basis for these transfers is Art. 6 para. 1 lit. f GDPR. The result of the assessment of your cre-ditworthiness is only processed immediately in order to be able to display your personal payment method selection and is not stored beyond this.
The respective credit agencies process the data received and use it for profiling (scoring) in order to provide their respective contractual partners with information for assessing the creditworthiness of natural persons. You can find more information on their processing of your personal data at the respective credit agencies (see above). For questions about and in connection with the determination of your credit score by the individual credit agencies, please contact the respective credit agency directly.
3.2.1.4.2 Frictionless Flow
To enhance the user experience, we transmit individual categories of data that identify you (such as your address) and categories of data that relate to your order (such as whether you redeem a voucher) to the selected payment service provider.
This allows us, under certain conditions, to save you a time-consuming authentication process in which you have to enter further data on additional payment service websites (so-called "frictionless flow"). This is based on your interest in being able to make your payment without being redirected if possible and our interest in being able to offer you this user-friendly and secure payment process (Art. 6 para. 1 lit. f GDPR).
3.2.1.4.3 Payment
Depending on the payment method you have chosen, we process the requested payment data from you ourselves and forward it to the integrated payment service provider if necessary. In some cases, however, we have outsourced the entire payment process so that we do not process any further personal data from you ourselves.
This processing of your personal data is carried out for the purpose of processing your purchase agreement for the respective goods ordered and is therefore based on Art. 6 para. 1 lit. b GDPR.
3.2.1.5 Sovendus
From time to time, especially after placing an order, we display voucher offers from Sovendus GmbH, Moltkestraße 11, 76133 Karlsruhe ("Sovendus"). During this process, we transmit your IP address to Sovendus, which uses it exclusively for data security purposes and usually anonymises it after seven days. If you click on a voucher banner from Sovendus, we transmit your name and e-mail address in encrypted form to Sovendus for the preparation of the voucher.
In addition, we transmit the order number, order value with currency, session ID, voucher code and timestamp to Sovendus in pseudonymised form for their redemption of the vouchers.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve your shopping experience in our Online Shop.
For further information on the processing of your personal data by Sovendus, please see their Privacy Notice at www.sovendus.de/datenschutz (or for Austria: www.sovendus.at/datenschutz and for Switzerland: www.sovendus.ch/datenschutz).
3.2.1.6 Parcel tracking
In your customer account (MY ACCOUNT), you have the option of retrieving status information on parcel tracking. For this purpose, the data of your order, in particular the parcel number, but also your e-mail address are transmitted to our logistics service provider, who handles this technically for us, if necessary with the involvement of a shipping service provider, and returns the data on the shipment. This enables you to retrieve an order history with information about the status of our shipments to you. Our service provider may also inform you about the status of your shipment by e-mail.
This processing of your personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve your user experience after your order.
3.2.1.7 Returns
Should you exercise your right of withdrawal, exchange goods or assert warranty rights, we will process the following additional personal data:
- information about your return (shipping service provider, parcel number, information about the time of shipment)
- information about the receipt at our office (location, ID numbers, time)
- information on the condition of the goods
- type, category, brand and description of the goods
- your Customer ID
- date of purchase of the goods
We process this personal data to be able to reverse the relevant purchase agreement with you (Art. 6 para. 1 lit. b GDPR), to have evidence of the steps leading to the agreement being reversed, to be able to offer you an order history and to be able to offer you a personalised user experience optimised for you (Art. 6 para. 1 lit. b GDPR). Our legitimate interest here is to preserve evidence, increase customer satisfaction, optimise offers and promote sales.
3.2.2 Ordering via the marketplace with our marketplace partners
If you order a product from one of our marketplace partners via our marketplace, we process your personal data to the same extent, for the same purposes and based on the same legal bases as described in Section C.3.2.1.
However, for the processing of your order, the dispatch and the processing of possible returns, we use the respective marketplace partner as a data processor.
3.2.3 Ordering deliveries to Switzerland
If you order to a Swiss delivery address, we will process your personal data as described in Section C.3.2.1 In deviation from this, however, we will transmit the data to logistics and shipping service providers as well as payment service providers in Switzerland if necessary. For Switzerland, there is a transfer basis in the form of the EU Commission's adequacy decision.
3.3 Rewards programme
If you are a member of our OUTLETCITY CLUB, you can collect reward points, which you can redeem for rewards when you reach a certain number of reward points. Unless another legal basis is explicitly assigned to data processing below, the data processing in this Section C.3.3 is carried out in order to conclude or perform your membership agreement for the OUTLETCITY CLUB and is therefore based on Art. 6 para. 1 lit. b GDPR.
3.3.1 Reward points
When you collect reward points as part of the OUTLETCITY CLUB, we process the following personal data from you in this context:
- information on which reward points you have collected from purchases in our Online Shop and which you have collected from purchases at one of the affiliated partner companies in the brick-and-mortar OUTLETCITY ("OUTLETCITY METZINGEN")
- for purchases at OUTLETCITY METZINGEN, information on which partner you have collected the reward points from
- information on the goods purchased, the price and the number of reward points earned for each of them
- information on possible returns for purchases in the Online Shop
- purchase date
- information on whether you receive reward points from a special promotion
3.3.2 Status level
To enable us to manage your status, we process the following necessary personal data:
- your turnover for the previous twelve months
- information about which status you have at any given time and, if applicable, which status you once had at an earlier point in time.
- information about which benefits you have claimed
Depending on your status level, parking on the premises of the OUTLETCITY METZINGEN is at a discount for you. As we need to consider this when you are paying for your parking ticket, we process the information about your status level and the parking duration if you identify yourself with your OUTLETCITY CLUB Code. In order to process the check whether you are allowed to park at a reduced rate, we use the service providers used for the operation of the car parks as data processors.
3.3.3 Initial use without registration
We also allow you to use the OUTLETCITY CLUB at OUTLETCITY METZINGEN on a trial basis without prior registration. In this case, you will receive an OUTLETCITY CLUB Code that you can use as a QR code in the OUTLETCITY App or in printed form.
For this purpose, we already store all the personal data mentioned in Section C.3.3.1 without knowing any of your Master Data or assigning the stored data to your person.
If you register for the OUTLETCITY CLUB later, we will link the personal data we have stored for your OUTLETCITY CLUB Code with your Master Data.
3.3.4 Reward shop
When you redeem reward points, we process the following personal data from you for this purpose:
- information on the selected and redeemed rewards
- information on the number of redeemed reward points
- the delivery address for the reward shipment
The reward dispatch may be carried out directly via the service provider whose goods or services we offer as a reward as our data processor. For this purpose, we will pass on your name and the delivery address to the relevant service provider.
3.4 Personalisation of advertising in connection with your customer account
We classify your master, location and registration data, your interactions with our online services (Website and app, e.g. clicks, search entries, shopping baskets, watch lists, likes), with customer benefits (e.g. coupons, vouchers, discount codes, club), with our e-mail services (e.g. newsletter and e-mail reminder), and also all aspects of your purchases at OUTLETCITY METZINGEN and your online purchases as well as the preferences you have given and your cookie and data protection consent management settings to your customer account, insofar as we are able to do so. This usually takes place with the addition of time information.
We do this in order to be able to present and offer you advertising that is as relevant to you as possible, such as category and product lists, brands, offers, specific products, coupons, vouchers or discount codes as well as restaurants of OUTLETCITY METZINGEN, or to limit our advertising measures towards you or to exclude you from these. Time information is also used to calculate deadlines for the deletion of data.
For these purposes, we use various methods to calculate categorised information, affinity lists and probability values from individual pieces of information, which we store with us in addition to your data record (profile information). The profiles are updated regularly with each new piece of information or in other cases.
We use the calculated profile information to decide which advertising we present to you, how often and via which channels (e.g. our and third-party websites of our advertising partners as data recipients, our e-mail newsletters, our and third-party apps of our advertising partners as data recipients, on-site promotions). The advertising may also be based on product categories, trend affinities, brands, articles, taking into account available sizes, coupons, vouchers, discount codes and the like calculated individually for you, as we calculate corresponding personalised profiles in advance. The advertising measures can be disseminated by us ourselves or by our advertising partners, to whom we send profile information as data recipients for this purpose.
The evaluation can also decide which coupons, vouchers, discount codes we send out. We also use redeemed coupons, vouchers, discount codes to measure the success of any associated advertising campaign we may run with third parties, to determine your preferences and, where relevant, to calculate the amount of any revenue-based compensation claims by our promoters or revenue-based commissions for other intermediaries, as you may also receive such coupons, vouchers, discount codes from time to time from third parties with whom we work.
We also aim to target individual customers, particularly identified TOP customers, and to continue to estimate the overall value of our customer base.
Depending on your place of residence and its proximity to OUTLETCITY METZINGEN, you will receive preferential advertising with offers from OUTLETCITY METZINGEN, omnichannel offers or purely online offers. For this purpose, your place of residence is evaluated at the level of the first digit of the postcode.
3.4.1 Individual information
In this context, we process your history with us (individual information):
- your shopping baskets, purchases and returns to calculate purchase and return rates
- information about whether you bought more online or more at OUTLETCITY METZINGEN
- information on which brands and categories of goods you view, search, add to the shopping basket, place on the watch list and purchase
- information on whether and which offers in the sale you view, search, add to the shopping basket, place on the watch list and purchase
- information on whether and which items you view, search, add to the shopping basket, place on the watch list and purchase, as well as how we have described these products
- information on whether and which coupons, vouchers or discount codes you use and in what amount, in particular whether you have already activated and/or used a coupon, voucher or discount code (for example a shopping pass) and via which advertising channel you received these
- information on which sizes and/or colours you view, search, add to the shopping basket, place on the watch list, purchase and/or return
- information on which payment methods you use
- information on which rewards you choose
- preference information that you deposit with us yourself
- your registrations for e-mail reminders (e.g. for sold-out goods) and what the desired e-mail reminder refers to
- time details of your initial registration, your actions on our Website and in the app and your purchases, as well as your age
3.4.2 Lega basis and legitimate interests
This processing of your personal data is carried out in our legitimate interest (Art. 6 para. 1 p. 1 lit. f GDPR) in presenting our customers with the most relevant advertising possible and in running successful advertising campaigns so that we can improve your shopping experience with us and so that you are happy to shop again in the Online Shop or at OUTLETCITY METZINGEN. We also have a legitimate interest in making it easier for you to find the offers you need at the right time, and to remind you of what has interested you on our site by e-mail or on third party platforms. We ourselves have a legitimate interest in ensuring that you reduce expensive occasional purchases that you later become annoyed about and return the goods. We want to avoid unnecessary advertising by providing you with offers that are as relevant to you as possible. In doing so, we want to provide you with targeted advice, but also inspire you with relevant trends so that you stay up to date. Overall, we are pursuing our legitimate interest in optimising the shopping experience so that you can quickly find an overview of the offers that are relevant to you and thus waste less time with searches or irrelevant advertising and offer presentations. It may also happen that our systems conclude that you are not being targeted by advertising from us, so that we then reduce or suspend our advertising measures. For this purpose, we have a legitimate interest in forming corresponding profiles and carrying out personalisation.
3.4.3 Algorithms
We use both rule-based models and machine learning models for the aforementioned calculations of profile information.
In rule-based models, for example, we count and weight how often you have clicked on a category or added it to your shopping basket, for example, and this is combined with products you have bought, which we also categorise. Purchases are usually weighted much higher than individual clicks. The categories with the highest ratios are categorised as most likely to be relevant to you in the future. Within the framework of rule-based models, we also compare your history with the history of all other cus-tomers, for example, and thereby form customer groups.
In machine learning, a software analyses a large amount of historical behavioural and outcome data from all customers and compares this with data about you to infer your likely future preferences according to weightings the software has created itself.
3.4.4 Storage periods
We only store profile information that we have algorithmically calculated for you until the next recalculation of the profile information with us or until your objection, whichever comes first. If no more individual information is available for the calculation, the profile information will be deleted with the subsequent recalculation.
Beyond, we only store the individual information that we only store for the aforementioned purposes and not also for other reasons for as long as this individual information can still have a significance for future behaviour. For example, in the area of OUTLETCITY METZINGEN, data that we categorise according to predefined rules is relevant for up to 900 days after the individual information was created, whereas in the area of online sales, which are usually more frequent, we only use individual information for up to 730 days (2 years) after it was created.
For the storage period for other reasons, please refer to the other parts of this privacy notice.
3.5 Using the OUTLETCITY App
Information on the processing of your personal data in the OUTLETCITY App ("OUTLETCITY App") can be found at https://www.outletcity.com/en/metzingen/app-data-protection/.
3.6 Newsletter
You will receive our newsletter either as part of your membership of the OUTLETCITY CLUB (Art. 6 para. 1 lit. b GDPR) or because you have given us explicit consent to do so (Art. 6 para. 1 lit. a GDPR).
3.6.1 Dispatch
In order to send our newsletter, we process the following personal data from you:
- your salutation
- your e-mail address
In deciding which newsletters and how often to send them to you, we also take into ac-count the personal data described in Section C.3.4, as well as the personal data result-ing from Section C.3.6.2 below.
3.6.2 Evaluation
We evaluate your behaviour in connection with the newsletter. For this evaluation, the newsletters sent contain so-called web beacons or tracking pixels. These are single-pixel image files that are stored on our Website. For the evaluations, we link your personal data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. With the data obtained in this way, we create a profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click on in it and deduce your personal interests from this. We link this data to actions you have taken on our Website. This processing is based on Art. 6 para. 1 lit. f GDPR and is carried out in our legitimate interest to provide you with a better shopping experience.
3.6.3 A/B tests
In order to optimally design the user experience for all members of the OUTLETCITY CLUB and to be able to continuously improve our services, we conduct A/B tests in which we send different newsletters to different comparison groups and compare the conversion rate achieved in each case with that of the other comparison group. This processing is based on Art. 6 para. 1 lit. f GDPR and is carried out in our legitimate interest to provide you with a better shopping experience and to use our advertising as profitably as possible for all parties involved.
3.7 Surveys
In our Online Shop and our e-mail newsletters, you will find the option to participate in surveys, for which we use a service provider as a data processor. If you participate in a survey, we process the following personal data from you in order to carry out the survey:
- if applicable, your customer number; if we carry out the survey in a personalised manner, we will point this out to you in each individual case
- your IP address
- your device, browser type and operating system
- date and time of participation in the survey
- the information you provided in the survey
- information about whether you have answered the questions completely
However, we do not evaluate the surveys on a personal basis, but only using to pseudonymised customer segment information and other anonymous criteria.
This data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable the continuous improvement of our range of products and services.
3.8 Mail
If we send you mail for information about OUTLETCITY METZINGEN, the OUTLETCITY CLUB and the Online Shop based on your data, we will process the following personal data from you for this purpose:
- salutation
- first and last name
- address
We also take into account the personal data described in Section C.3.4 in deciding which and how often to send you informative mail.
This data processing takes place either in the context of the performance of our membership agreement for the OUTLETCITY CLUB with you and is therefore based on Art. 6 para. 1 lit. b GDPR. If you are not a member of our OUTLETCITY CLUB, we process your personal data mentioned in this Section in our interest in dispatching sales-promoting advertising on the basis of Art. 6 para. 1 lit. f GDPR.
4. Cookies and tracking
We use numerous cookies and cookie-like or cookie-based technologies on our Website for various purposes, including tracking purposes.
Cookies are small text files that are stored on your computer and saved by the browser. Cookies do not cause any damage there. They serve, for example, to make our offer to you more user-friendly, effective and secure.
Cookies are processed on our Website for the following general purposes and on the following legal basis:
- session cookies, which are used in particular for the functioning of customer accounts or the shopping basket function (§ 25 para. 2 TTDSG in conjunction with the legal basis stated in the cookie settings)
- web analytics cookies used to analyse your usage behaviour on our Website (§ 25 para. 2 TTDSG in conjunction with the legal basis stated in the cookie settings)
- advertising cookies that we set in order to be able to work with advertising partners (§ 25 para. 2 TTDSG in conjunction with the legal basis stated in the cookie settings)
We only use certain cookie-based or cookie-like technologies in the area of our Online Shop that is only accessible to members of our OUTLETCITY CLUB, while we set other cookies for all visitors to our Website. The use of cookie-based or cookie-like technologies to process your personal data is carried out using various service providers as order processors or under joint control.
Insofar as the aforementioned data processing is carried out under joint control, our service providers will also use the collected data in whole or in part for their own business purposes, as regularly described in the product and data protection publications of the service providers. This may be based on a user relationship (Art. 6 para. 1 sentence 1 lit. b DSGVO), on consent (Art. 6 para. 1 sentence 1 lit. a DSGVO) or on legitimate interests of the service providers (Art. 6 para. 1 sentence 1 lit. f DSGVO).
In each of these cases, we have concluded a joint controller agreement to determine compliance with the obligations under the GDPR with regard to joint control. We will be happy to provide this to you upon request.
Insofar as we pursue a self-interest in the data processing in joint control with our service providers, e.g. because the data processing serves conversion tracking, retargeting or the display of relevant advertising, data subjects should see us as the point of contact for rights under Art. 15-20 GDPR. With regard to data processing for the service provider's own business purposes, data subjects should contact the service provider directly, as named at https://www.outletcity.com/en/metzingen/privacy-settings/. There is no obligation for the data subject to contact the service provider.
Information on the individual cookies used by us, their functions and purposes, the relevant legal bases, consent, revocation and objection options as well as information on processing for own purposes by joint controllers (personal data concerned, purposes, duration of storage as well as further information in accordance with Art. 13 DSGVO) can be found in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/ or in the documents linked there.
To help you understand the purposes for which we use the cookies mentioned there better, we describe individual cookie-based or cookie-like processing activities in more detail below.
4.1 Movement on the Website and adjustment of the display of advertisements
To help us understand which sub-pages and category pages, or which areas of a sub-page, are particularly relevant to our customers, we analyse movements on our Website, as described below. We also use tools that allow us to show you goods that are actually of interest to you.
4.1.1 Evaluation of the use of sub and category pages, heat maps
When you view our Website, we collect the following personal data from you using cookies:
- your movements in the Online Shop (i.e. which sub/category page you are on, which sub/category page you came from, how long you stay there, what you click on)
- information about whether you buy something or not
- information from your web browser, in particular HTTP header information such as user agent, IP address, country, language and information about the web browser used as well as information about the website previously visited
In addition, we use the web analysis tool of a service provider on our Website, to record randomly selected individual visits to the Website. This creates a log of mouse movements, clicks and keyboard interactions, with the intention of randomly reproducing individual Website visits as so-called session replays and evaluating them in the form of heat maps. When tracking is used, cookies are stored locally.
4.1.2 Display of relevant advertising
We want to make you individual offers and only show you advertising that is relevant to you, both on our Website and on the websites and apps of third parties. The offers can also be contextual based on the content of the website or app you visit. Accordingly, we use cookies to record on a personal basis in areas of our Online Shop that you reach after logging in, which areas you have visited, which items you have clicked on, placed in the shopping basket and ordered. For this purpose, a cookie-based analysis of previous and current click and purchase behaviour may also be carried out. In these cases, a cookie is stored on your computer or mobile device in order to collect pseudonymised data about your interests and thus adapt the advertising individually to the stored information. As a result, you will be shown advertising that is most likely to match your product and information interests.
Subject to your consent to the use of the respective cookies required for this purpose, we use various service providers and providers of affiliate networks for these purposes. In order to be able to assign advertising successes to specific service providers with whom we work, we also use a so-called cookie switch. This is provided by a service provider that we use as a data processor.
At https://www.outletcity.com/en/metzingen/privacy-settings/ you can see which service providers these are in each case and decide for yourself which cookies we may set for advertising purposes.
4.1.2.1 Retargeting
If you visit other websites after visiting our Online Shop, we will display advertisements there as a reminder for products that you have viewed on our Website (retargeting). The display of these advertisements on third-party websites is based on cookie technology and an analysis of previous usage behaviour. We do not learn about your browser's communication with the servers of the retargeting providers. When you visit our Online Shop and other websites, your browser communicates directly with the servers of the retargeting providers. The retargeting providers therefore receive your IP address, the cookie stored on your computer and what you have looked at while visiting our Online Shop. The retargeting provider receives your IP address and the cookie stored with you again when you visit other websites that cooperate with the same retargeting provider. Our advertising can then be displayed there on our behalf, for example advertising for the products that you have viewed on our Website.
4.1.2.2 Fingerprinting and cross-device-tracking
We also use fingerprinting and cross-device tracking technologies in order to be able to show you advertising that is tailored to your needs across all devices. The use of such tracking methods results in the local storage of cookies. In the case of cross-device tracking, a cross-device token can be assigned to your stored login and stored locally and temporarily in encrypted form in a cookie on your computer if you log in successfully to our Website. Complete IP addresses are not stored in the procedure and are only processed in anonymised form. To improve tracking accuracy, we use the "first party tracking" method. In this process, a first-party cookie is set on the customer domain. Complete IP addresses are also not stored in this procedure and are only processed in anonymised form.
4.2 Customer Audiences
In addition, we use the personal data we have from you and other customers to create and use so-called Custom Audiences. A Custom Audience is a target group that we determine from our customer base by specifying certain criteria to which certain advertisements are to be played. In this way, we want to ensure that we only display advertising to you that matches your interests. In order for us to be able to use such technologies, we obtain your consent to the use of the relevant cookies in advance.
In this respect, only hashed e-mail addresses and the cookie ID are generally passed on, unless otherwise shown in the cookie settings. With regard to this personal data, the explanations on processing (data processed and purposes) and the legal basis under C. 3.1 and 3.4 apply together with the explanations under this C. 4.2 and the further information in the cookie settings at https://www.outletcity.com/en/metzingen/privacy-settings/ or in the documents linked there.
4.3 Conversion tracking
We also use conversion tracking technologies on our Website. If you have seen an advertisement from us and later visit certain target pages of our Online Shop, we would like to be able to evaluate this as the success of our advertisement and/or advertising campaign. For this purpose, the respective service provider with whom we work for conversion tracking compares information about the advertisements with information about which pages you have visited on our Website. We later receive statistical information from the service provider about the success of our advertisements, without it being possible for us to identify the specific person for whom the success of our advertisements occurred later.
The service providers used are able to measure the success of the advertisements across devices, so that, for example, an advertisement on a smartphone can be attributed to a subsequent purchase on our Website by means of a laptop.
D. Automated decision making
We do not use automated decision-making beyond the scope described in Section C.3.2.1.4.1.
E. Third-country transfers
We only transfer personal data to third countries to the extent that service providers act as processors or under joint control in third countries. In the absence of an adequacy decision by the European Commission for the respective third country, this is done with your consent and/or subject to appropriate or adequate safeguards (Art. 46, 49 GDPR). You can obtain a copy of the respective guarantees used via the address of the controller given above. For U.S.-based companies, the adequacy decision (EU-US Privacy Framework) adopt-ed by the European Commission on July 10, 2023 applies, provided that the respective company is certified under the EU-US Privacy Framework.
F. Storage period
We store your personal data until the processing purposes stated in each case have been achieved. Beyond this, we only retain them if and insofar as a longer storage obligation or a right to longer storage arises from commercial, tax or other legal requirements.
G. Data subjects' rights
Under the law, you have the following rights:
- right of access (Art. 15 GDPR);
- right to rectification (Art. 16 GDPR);
- right to erasure (Art. 17 GDPR);
- right to restriction of processing (Art. 18 GDPR);
- right to data portability (Art. 20 GDPR) and
- right to object to processing (Art. 21 GDPR).
Insofar as the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.
You have the right to lodge a complaint with a supervisory authority.
Right of objection according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 para. 1 lit. f GDPR; this also applies to any profiling based on these provisions.
We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Insofar as the processing serves the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing, the personal data concerning you will no longer be processed for these purposes.
You may contact our Data Protection Officer (Section B) to exercise your rights.
Status: August 2024