Welcome to our website. We are happy that you have taken an interest in our company. The protection of your personal data is important to us. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation acts that apply to our company.
Our privacy notices explain which personal data we collect via our website, what we use them for, when we erase them and the security measures we take to protect your data as far as possible. In addition, we disclose the respective legal framework that authorises us to process data accordingly. Furthermore, you will be informed of your statutory rights in connection with the processing of your data. In order to provide the greatest amount of transparency on our data processing, you will first find general information about the processing of personal data and then more detailed information about the following topics:
Personal data is any information that enables the identification of a natural person. This includes, in particular, names, birthdays, addresses, telephone numbers, e-mail addresses but also your IP address.
Anonymous data exists if no personal relationship can be established to the user.
The responsible party within the meaning of data protection legislation is:
comma, GmbH & Co. KG
Telephone: +49 (0) 9572 – 91 60 59*
*Standard landline rate from your telephone provider, free of charge for flat rates; mobile phone rates may vary
We collect personal data in accordance with the legal requirements. All personal data that we collect from you via the website will only be processed for the purposes described in greater detail below. This collection takes place within the framework of the legal provisions already named, more specifically, only with your consent.
Article 6 EU GDPR in particular specifies when data processing is allowed. commacollects data if:
Data processing when surfing
In order to offer you the best shopping experience with comma, we generate a pseudonymous user profile of you that allows us to provide you with extensive advice akin to how a salesperson can in a personal consultation at an commastore... At the same time, we use the collected data in our web analysis tools in order to record the use of services that we offer and to continue to improve them. You will find additional information in the rubric: „Data processing when surfing“.
Personalised advertisements on partner sites
We collect and process data across devices regarding your user behaviour so that we can significantly optimise the content and improve costs arising from marketing. By collecting and processing your data, we are able to display customised online offers, which are tailored to your unique interests, on the websites of third parties. You as a user benefit from this procedure in that when you visit other websites, you will receive advertisements that are more relevant and interesting and fewer uninteresting and random promotions. You will find additional information in the rubric: „Advertisements on partner sites“.
Fraud prevention and reduction of payment default
In order to minimise the risk of default, a credit check is conducted within the order process. This check determines which payment options are displayed. Subsequently, all orders that are transferred and suspected to be fraudulent will be examined by an employee and we will start taking the appropriate steps for fraud prevention.- You will find additional information in the rubric: „Payment systems/credit check/fraud prevention“.
Protecting the security of our systems/investigating errors
For technical security reasons, particularly to protect against hacking attempts on our web server, data will be saved pursuant to Article 6(1) lit. f EU GDPR. No connection is established to individual users. In particular, we collect the following data:The web browser and operating system that is used/name of the internet service provider/information about the website you are visiting us from/information about the website/that you retrieve on our site, the date and time of your visit/the name of requested files/whether a file was transferred/the amount of data that is transferred/the IP address assigned by your internet service provider.
Of course, personal data that is collected will be kept confidential.
commaBernd Freier GmbH & Co. KG processes and saves your personal data only for the period required to achieve the particular processing purpose, or if there is a legal retention period (in particular for commercial or taxation purposes). Once this purpose has been achieved or the retention requirement has expired, the respective data will be routinely erased.
In certain cases it is necessary to transfer processed personal data in the course of data processing. In this respect, there are various recipient sites and recipient categories.
If required, we will transfer your personal data within the s.Oliver Group (s.Oliver Bernd Freier GmbH & Co. KG, comma GmbH & Co. KG and LIEBESKIND GmbH). Of course, we comply with the legal framework associated with this process and ensure that your data is lawfully processed. Your personal data is accessible only by authorised employees who require data access because of their responsibilities, e.g. to fulfil your order or to contact you in case of an enquiry.
Personal data will be transferred to the following categories of recipients while respecting the legal requirements:
We employ the proper technical and organisational security measures to protect data that we save as best as possible from random or intentional manipulation, loss, destruction or access by unauthorised parties. The security level is constantly being monitored together with security experts and adjusted to new security standards.
Of course, the security of your data is also a matter of concern to us when transferred within the s.Oliver Group or to our partners/third parties – as a result, we select secure transfer processes:
Data is generally transferred via a transfer encoded connection. Here we apply state of the art protocols such as TLS 1.2 with PFS.
Therefore only encoded data is exchanged from and to our website. We offer HTTPS as the transfer protocol for our website, always using the current encryption protocols.
Our website also contains clearly recognisable links to the websites of other companies. If and when there are links to the websites of other providers, we have no influence on the contents. For this reason we cannot assume any warranty or liability for this content. The respective provider or operator of these websites are always responsible for the content of these websites. The linked websites were evaluated for possible statutory violations and recognisable violations of the law at the time of linking. We did not identify illegal content at the time of linking. It is not possible, however, to constantly control the content of linked websites without specific evidence that the law has been broken. Should violations become known, these links shall be removed immediately.
We are happy to inform you in the following of the rights that may be available to you free of charge as an affected party.
You can exercise your rights as a data subject at any time using the contact options provided or consult with us regarding data protection. Our Data protection organisation is available at firstname.lastname@example.org.
Of course, you have the freedom to contact the proper supervisory authority for you at any time. Alternatively, our supervisory authority is also available to you. This is:
Bayerisches Landesamt für Datenschutzaufsicht
You can contact our data protection organisation confidentially at any time at email@example.com
As already mentioned at the outset, we want to offer you the best shopping experience with comma, and to do so, we generate a pseudonymous user profile of you that allows us to provide you with extensive advice akin to how a salesperson can in a personal consultation at an commastore. By doing so, we can guarantee that products are primarily displayed according to your interests, and uninteresting offers are hidden. Furthermore, we can adapt our offers to your personal needs so that products relevant to you are displayed and uninteresting offers are hidden. At the same time, we use the collected data in our web analysis tools in order to record the use of services that we offer and to continue to improve them.
In order to create a pseudonymous user profile, we analyse your product interests, for example, using products accessed in the online shop or in the app as well as your shopping behaviour using shopping bags you have filled.
If you sign up with comma as an existing customer in the online shop or in the app, we will associate this browser or this device for purposes such as authenticating, securing or individualising your account. Subject to your settings, we can also allocate your account to other browsers or devices which you use for logging on to Twitter (or allocate the device or browser you have signed out of to other browsers or devices). The collected data is processed by the service providers defined in this paragraph, whereby transfer to third countries can be excluded. Furthermore, data is only processed and saved for the amount of time necessary to achieve the particular processing purpose or if there is a legal retention period (in particular for commercial or taxation purposes). Once this purpose has been achieved or the retention requirement has expired, the respective data will be routinely erased.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions, please contact us at firstname.lastname@example.org.
Under current legislation you are entitled to object to the storing and use of this data at any time with future effect here.
This website uses Google Analytics, a web analysis service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are text files stored on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of this website (including your shortened IP address) will usually be transmitted to and stored by Google on servers in the United States.
This website only uses Google Analytics with the “_anonymizeIp()” extension to ensure that IP addresses are anonymised by shortening them and preventing them from being directly linked to a particular individual. Google uses this extension to shorten your IP address within the member states of the European Union or in other states party to the Agreement on the European Economic Area prior to being transferred. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and shortened there. In these exceptional cases, this processing shall occur pursuant to Article 6(1) lit. f GDPR on the grounds of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes. You can exercise your rights as a data subject at any time.
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other data from Google.
For the demand-driven design and optimisation of this website, solutions and technologies from econda GmbH (http://www.econda.de) are used to collect and save anonymised data as well as create user profiles from this data using pseudonyms. Cookies which enable the recognition of a browser are used for this purpose. However, user profiles are not combined with the data concerning the holder of the pseudonym without the explicit consent of the visitor. In particular, IP addresses are made unrecognisable immediately after entry, whereby user profiles cannot be matched with IP addresses.
Exactag GmbH collects and saves data on this website and its subpages for marketing and optimisation purposes. Anonymous user profiles can be created from this data. For this, cookies can be used, as well as a technology called fingerprints. Cookies are small text files which are saved locally on the browser cache of the person visiting the website. Fingerprint technology saves the browser’s environment variables in a database without saving data which clearly relates to the user, such as an IP address. The cookies and/or fingerprint enable the recognition of the browser. The data compiled using Exactag technologies will not be used to identity visitors to this website without the explicit consent of the person concerned. Personal data is in principle never collected.
YouTube is a video portal from YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
(hereinafter “YouTube”). We have incorporated at least one YouTube plugin in our online services.
If you call up an online service that contains a YouTube plugin, a direct connection is established from your browser with the YouTube server. In doing so, the information that your browser has visited the respective page of our online services is transferred to YouTube even if you do not have a YouTube account or are not logged in to your account. This information is transferred from your browser directly to a YouTube server in the USA and saved there.
If you are logged in to your YouTube account at the same time, then it is also possible that the page retrieval will be allocated to your YouTube account and you would allow YouTube to allocate your surfing behaviour directly to your personal profile.
If you would like to prohibit YouTube from transferring and storing your data and your behaviour on our online services, you must log out of YouTube before visiting our site and, if necessary, delete cookies placed by YouTube.
We collect and process data across devices regarding your user behaviour so that we can significantly optimise the content and improve costs arising from marketing. By collecting and processing your data, we are able to display customised online offers, which are tailored to your unique interests, on the websites of third parties. You as a user benefit from this procedure in that when you visit other websites, you will receive advertisements that are more relevant and interesting for you and fewer uninteresting and random promotions.
In the following, we provide an overview of our partners.
Our website uses Google Adwords remarketing functions, which we use to advertise for this website in Google search results and on third party websites. These functions are provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). For this purpose, Google places a cookie onto the browser of your terminal device. This cookie has a pseudonymous ID which automatically facilitates interest-based advertisements based on the websites you visit. The processing occurs based on our legitimate interests in the optimal marketing of our website pursuant to Article 6(1) lit. f GDPR, and you can exercise your rights as a data subject at any time.
Any data processing beyond that shall only take place if you have agreed with Google to connect your internet and app browsing history from Google with your Google account and information is used from your Google account to personalise advertisements that you see online. If in this case you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data in order to create and define target audience lists for remarketing across devices. To do so, your personal data from Google will be temporarily connected with Google Analytics data in order to create target audiences.
This website uses the online advertising program “Google AdWords” and conversion tracking by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") within Google AdWords. We use the services of Google Adwords to call attention to our attractive offers using advertising materials (Google Adwords) on external websites. We can determine how successful individual advertising measures are in relation to the data from advertising activities. We are therefore pursuing our interest in showing you advertisements that are interesting to you, designing our website so that it is more interesting to you and in obtaining a fair calculation of advertising costs.
The cookie for conversion tracking is added when a user clicks on an AdWords advertisement from Google. Cookies are small text files that are deposited on your computer system. These cookies generally expire after 30 days and cannot identify a user personally. If the user visits certain pages on this website and the cookie has not yet expired, then we and Google can detect that the user clicked on the ad and was redirected to this page. Every Google AdWords customer receives a different cookie. Therefore cookies cannot be traced back to AdWords customers via a website. The information obtained through the conversion cookies serves to compile conversion statistics for AdWords customers who have decided to make use of conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. Customers do not, however, receive any information that can identify a user personally.
You can permanently disable cookies for Google ad preferences by following this link: https://adssettings.google.com
Alternatively you can learn more about the placement of cookies and the settings you can put in place from the Digital Advertising Alliance at the internet address: www.aboutads.info. Finally, you can set your browser so that you are informed when cookies are placed and decide to accept them on an individual basis, if you accept cookies in certain instances or generally block them. The functionality of our website may be limited if you decide not to accept cookies.
If need be, Google LLC may transfer personal data to the USA. However, Google is certified for the US-European Data Protection Privacy Shield Frameworks, which guarantees that the level of data protection is kept at the valid level required in the EU.
This website uses the conversion tracking “Bing Ads” by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). To do so, Microsoft Bing Ads places a cookie on your computer if you reach our website by clicking on a Microsoft Bing advertisement. Cookies are small text files that are deposited on your computer system. These cookies generally expire after 180 days and cannot identify a user personally. If the user visits certain pages on this website and the cookie has not yet expired, then we and Microsoft can detect that the user clicked on the add and was redirected to this page (conversion page). If personal data is processed in this context, it is done pursuant to Article 6(1) lit. f GDPR based on our legitimate interest in effective marketing.
The information obtained with the help of conversion cookies serves to generate conversion statistics, which record how many users land on a conversion page after clicking on an ad. Through these statistics, we find out the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can identify a user personally.
If need be, Microsoft Corporation may transfer personal data to the USA. Microsoft Corporation, headquartered in the USA, however, is certified for the US-European Data Protection Privacy Shield Frameworks, which guarantees that the level of data protection is kept at the valid level required in the EU.
If you do not want to participate in tracking, you can object to it by easily disabling the cookie for Bing Ads conversion tracking via the user settings for your internet browser. By doing so you will not be included in the conversion tracking statistics. Alternatively you can use the disabling page for consumers in the EU here
http://www.youronlinechoices.com/uk/your-ad-choices/ to review whether ad cookies from Microsoft can be set in your browser and disable them.
You can sign up to receive our free newsletter on our website. If you have agreed to receiving the commanewsletter, we will use your e-mail address to send information (personalised where possible) about products, campaigns, competitions and news from the fashion industry as well as surveys on general customer satisfaction. We store and process this data for the purpose of sending the newsletter. After completing an order, we also make it possible for you to submit product and seller reviews with the independent review service eKomi. You will receive an e-mail prompting you to do so.
Furthermore, if you have consented to receiving a newsletter tailored to your individual interests, then in addition to processing your e-mail address, we will also process your name and profile information for the purpose of sending the newsletter. With your consent, we will record your user behaviour on this website, our mobile fashion apps and newsletters from us.
The evaluation of user behaviour includes, in particular, contract processing data and creates personal profiles or uses existing data that can be used to draw conclusions about your interest in products or campaigns from comma. Such data may come from sales contracts. Our promotions are primarily events in our retail areas, but also include sales. The contract processing data is all types of data that arise in connection with the purchases you make at comma. If you have exchanged or returned an item, or if you were interested in an item that could not be delivered, this information is also included in the data. In addition to this, the contact information you provided to comma, such as your title, first name and surname, e-mail address and date of birth, is also included. Your response to the advertising activities from comma(e.g. the newsletters sent to and opened by you) and your visitor behaviour on the comma website or in the app (e.g. date of your last visit and products viewed) may also be stored.
The processing occurs pursuant to Article 6(1) lit. a GDPR and you can exercise your rights as a data subject at any time. If you have any questions, please contact us at email@example.com. You can revoke your consent to receive the newsletter or to the creation of personalised user profiles at any time with future effect by unsubscribing from the newsletter on our website. You can also find the link for unsubscribing at the end of every newsletter.
There is a contact form on our website that can be used to initiate contact electronically. If you use the contact form to write us, we will process your data provided on the contact form in order to initiate contact and to answer your questions and requests. In these cases, the principle of data minimisation and data avoidance will be observed in the following way: you will only have to provide the data we will need to initiate contact with you. That is your first name and surname, your e-mail address, the selected topic and the message field itself. In addition, your IP address will be processed out of technical necessity and as a legal safeguard. All other data is entered in voluntary fields and provided optionally (e.g. for a more individualised answer to your questions).
We offer you two options for processing purchases in our online shop:
For both registration options, the shop requests the data necessary for processing an order and payment and for conducting a credit check and fraud prevention. This information is labelled with a star (*) as a required field:
The user’s IP address, date and time of registration will also be stored (technical background data).
If you to decide to register in our online shop, you have the benefit of viewing your order history, managing your historical data, participating in our card programme and saving your data for future orders.
Upon conclusion of the registration process, your data will be stored for use in our protected customer portal. Of course, the online shop offers you the option of changing your historical data and to use the “My Account” function.
You may withdraw your consent to using your account. If you do, your customer account in the shop will be deactivated.
Please note: we store the passwords you provide in encrypted form. Employees from our company cannot read this password. Therefore they cannot give you any information about your password if you forget it. In this case, use the “Have you forgotten your password?” function, which will send you a new, automatically generated password by e-mail. No employee is authorised to request your password on the phone or in writing. Therefore never reveal your password should you be asked for it.
You do not need to create a customer account in our shop if you decide to order from our online shop as a guest. If you order again, you will need to provide your data once again to process the order.
In addition, the data processing procedures in the “Data collection when surfing” rubric shall apply. Of course, you will have access to the contact options and the rights as a data subject described therein.
You can select from different payment methods in our online shop. To that end, the respective data relevant to payment is collected so that your order and payment can be processed. In addition, your IP address will be processed out of technical necessity and as a legal safeguard.
Certain personal data, see required information, is required to fulfil orders. Unfortunately, without this data, we must refuse to enter into this contract, as we will not be able to perform it. The data will be transferred accordingly to our payment service provider to be processed.
Our payment system uses SSL encryption so that your data is protected when transferred.
The payment options available to you depend on the results from our credit check.
Notice regarding credit card payment: As is standard for credit card payments, credit card information will be verified and authorised by Concardis GmbH, Helfmann-Park 7, Echborn 65760, Germany.
Notice regarding PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If the data subject selects “PayPal” as a payment option when ordering, then data of the data subject will automatically be transferred to PayPal. By selecting this payment option, the data subject consents to the required transferring of personal data to process the payment. The personal data that will be transferred to PayPal generally includes first name, surname, address, e-mail address, IP address, telephone number, mobile number or other data that is necessary for processing the payment. Personal data necessary for concluding the sales contract also includes data related to the respective order. You can access details regarding data protection with PayPal here.
We offer you a wide range of services on our website that provide you with, among other things, even better product availability and simplified parcel delivery. To carry out these services, we require your location in order to determine, for example, the nearest commabranch.
We provide the commastorefinder on our website. The storefinder displays the nearest commastores and the nearest partner stores in your area when you enter in your current location or by using Google Maps location (see use of Google Maps). The commastorefinder also gives you the opportunity to find exactly the commaretail space that best suits your needs via various filters such as women’s or men’s collections, specific commabrands or services.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions on the process or want to talk to us about the results, please contact us at firstname.lastname@example.org.
We use Google Maps (API) by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”) on our website. Google Maps is a web service that depicts interactive maps in order to display information visually. Using this service will show you our location and make it easier for you to find us.
As soon as you retrieve the subpage that is connected to the map from Google Maps, information regarding the use of our website (e.g. your IP address) is transferred to Google’s server in the USA and stored there. This shall occur regardless of whether Google provides a user account that you have logged in to or if there is no user account at all. If you are logged in to Google, your data will be allocated directly to your account. If you do not want your data to be allocated with your Google profile, you must log out before clicking the button. Google stores your data (even for users who are not logged in) as a user profile and analyses them. This kind of analysis occurs pursuant to Article 6(1) lit. f GDPR based on the legitimate interests of Google in displaying personalised advertisements, market research and/or demand-driven design of its website. You have the right to object to this user profile being compiled, although to exercise this right you must contact YouTube.
Google LLC., headquartered in the USA, is certified for the US-European Data Protection Privacy Shield Frameworks, which guarantees that the level of data protection is kept at the valid level required in the EU.
http://www.google.de/intl/de/policies/terms/regional.html and you can find the additional terms of service for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions, please contact us at email@example.com.
As at 14/05/2018