Welcome to our online shop! We appreciate your interest in our company. The protection of your personal data is important to us. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation acts that apply to our company.
Our data protection notice explains what personal data we gather from you via our website, what we use this for, when we delete this and how your data is protected as best as possible by means of security measures. In addition, we disclose the respective legal framework that authorises us to process data accordingly. Furthermore, you will be informed of your statutory rights in connection with the processing of your data. In order to provide you with the best possible transparency in connection with our processing of data, you will first find generally valid information concerning the processing of personal data and then detailed information concerning the following topics:
- Tracking measures and the setting of cookies
- Data processing in the newsletter
- Purchasing in the online shop
- Contact options
- Social media
- Payment systems/credit check/fraud prevention
- Web shop protection against attacks (Cloudflare)
Personal data are any information that enables the identification of a natural person. This includes, in particular, names, birthdays, addresses, telephone numbers, e-mail addresses but also your IP address.
Anonymous data exist if no personal relationship can be established to the user.
The responsible party within the meaning of data protection legislation is:
s.Oliver Sales GmbH & Co. KG
Telephone: +49 (0) 9572 – 91 60 39
*Standard landline rate from your telephone provider, free of charge for flat rates; mobile phone rates may vary
Data collection/personal data
We collect personal data in accordance with the legal requirements. All personal data that we collect from you via the website will only be processed for the purposes described in greater detail below. This collection takes place within the framework of the legal provisions already named, more specifically, only with your consent.
Article 6 EU GDPR in particular specifies when data processing is allowed. Comma collects data if:
- You have given consent (Article 6(1) lit. a EU GDPR)
- Processing is necessary for the performance of a contract/prior to entering into a contract (Article 6(1) lit. b EU GDPR)
- Processing is necessary for compliance with a legal obligation (Article 6(1) lit. c EU GDPR)
- Processing is necessary for the purposes of the legitimate interests of our company except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1) lit f. EU GDPR). In particular, we view an overriding, legitimate interest in data processing in the following cases:
- Tracking measures and setting of cookies
In order to be able to provide you with an optimal user experience in our online shop and with our advertisements, an experience tailored to your unique needs, we work with various service providers and technology providers, using cookies and tracking methods in the process. In such a case, we base this on our legitimate interest in data processing as far as possible; in most cases, however, we obtain your consent first (Article 6(1) lit. a or Article 49 para. 1 sentence 1 lit. a EU GDPR), which you can of course revoke at any time via the privacy settings. You can find detailed information under the “Tracking measures and setting of cookies” rubric.
- Fraud prevention and reduction of payment default
In order to minimise the risk of default, a credit check is conducted within the order process. This check determines which payment options are displayed. All transferred orders which indicate fraud are checked downstream by an employee and relevant measures for preventing fraud are initiated - you can find further information in the “Payment systems / creditworthiness check / fraud prevention”” rubric.
- Protecting the security of our systems/investigating errors
For technical security reasons, particularly to protect against hacking attempts on our web server, data will be saved pursuant to Article 6(1) lit. f EU GDPR. No connection is established to individual users. In particular, we collect the following data: The web browser and operating system that are used/name of the internet service provider/information about the website you are visiting us from/information about the website/that you retrieve on our site, the date and time of your visit/the name of requested files/whether a file was transferred/the amount of data that is transferred/the IP address assigned by your internet service provider. Of course, personal data that is collected will be kept confidential.
Storage period and criteria for determining this period
Comma processes and saves your personal data only for the period required to achieve the particular processing purpose, or if there is a legal retention period (in particular for commercial or taxation purposes). Once this purpose has been achieved or the retention requirement has expired, the respective data will be routinely erased.
In certain cases it is necessary to transfer processed personal data in the course of data processing. In this respect, there are various recipient sites and recipient categories.
Where necessary, we will transfer your personal data within the s.Oliver Group (s.Oliver Sales GmbH & Co. KG, Ostring, 97228 Rottendorf) COMMA). Of course, we comply with the legal framework associated with this process and ensure that your data is lawfully processed. Your personal data are accessible only by authorised employees who require data access because of their responsibilities, e.g. to fulfil your order or to contact you in case of an enquiry.
Personal data will be transferred to the following categories of recipients while respecting the legal requirements:
- Service providers within the framework of fulfilment
- Delivery services, distributors, payment services
- Companies that conduct credit checks
- Companies that provide marketing services
- Service providers that are part of communication systems
- Government authorities and institutions to the extent that this is necessary or required or we are legally obligated to do so
Safe transfer of your data
We employ the proper technical and organisational security measures to protect data that we save as best as possible from random or intentional manipulation, loss, destruction or access by unauthorised parties. The security level is constantly being monitored together with security experts and adjusted to new security standards.
It goes without saying that the security of your data is also important to us when transferred within the s.Oliver Group or to our partners or third parties - secure transfer procedures are selected accordingly:
Data is generally transferred via a transfer encoded connection. Here we apply state of the art protocols such as TLS 1.2 with PFS.
Therefore only encoded data is exchanged from and to our website. We offer HTTPS as the transfer protocol for our website, always using the current encryption protocols.
Links to other providers
Our website also contains clearly recognisable links to the websites of other companies. If and when there are links to the websites of other providers, we have no influence on the contents. For this reason we cannot assume any warranty or liability for this content. The respective provider or operator of these websites are always responsible for the content of these websites. The linked websites were evaluated for possible statutory violations and recognisable violations of the law at the time of linking. We did not identify illegal content at the time of linking. It is not possible, however, to constantly control the content of linked websites without specific evidence that the law has been broken. Should violations become known, these links shall be removed immediately.
Rights of the data subject
We are happy to inform you in the following of the rights that may be available to you free of charge as an affected party.
- Access: We are happy to inform you about whether, and if so, which personal data of yours we have and are processing.
- Rectification: If we are storing erroneous personal data, then of course we will be happy to correct them.
- Restriction: You can have the processing of your personal data restricted under certain legal conditions. This is possible, for example, if you contest the accuracy of the data we have.
- Erasure: You can have the processing of your personal data restricted under certain legal conditions. This is possible, for example, if you contest the accuracy of the data we have.
- Objection: You can object to the data processing procedures we use to process your personal data, which we base on balancing the interests of all parties, by indicating the specific grounds for objection.
- Withdrawal: Of course, if you have given us consent to process data, you can also withdraw such consent with future effect without indicating the reason.
- Data portability: We are happy to make personal data concerning you which we have received as part of concluding a contract or through consent and based on an automated data processing procedure available to you or a third party named by you in a commonly-used, machine-readable format.
- Complaint: You also have a right to lodge a complaint with a supervisory authority.
You can exercise your rights as a data subject at any time using the contact options provided or consult with us regarding data protection. You can contact our data protection organisation via the following email address: email@example.com
Right to lodge a complaint with a supervisory authority
Of course, you have the freedom to contact the proper supervisory authority for you at any time. Alternatively, our supervisory authority is also available to you. This is:
The Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)
You can contact our data protection organisation at any time via the following email address: firstname.lastname@example.org
Tracking measures and setting of cookies
These technologies are necessary to enable the core functions of the website.
Google Tag Manager (Article 6 para. 1 lit. f of the EU GDPR)
This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Using this service, website tags can be managed via an interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain. This means that essentially no cookies are used and no personal data is recorded. Google Tag Manager activates other tags that may then record data. However, Google Tag Manager does not access this data. If deactivation has occurred at domain or cookie level, it remains in place for all tracking tags implemented by Google Tag Manager.
More information is available at http://www.google.com/tagmanager/use-policy.html
Sentry is a tool of Functional Software Inc. (Sentry), 8th Floor, 45 Fremont Street, San Francisco, CA 94105, United States of America (“Sentry”) for monitoring system stability as well as identifying and repairing errors in the code of web pages. Sentry captures IP addresses, device information, usage data and error data to guarantee system stability and to be able to recognise and repair errors promptly. We use the tool for reasons of our legitimate interest in improving the website and repairing errors (Article 6 para 1 sentence 1 lit. f GDPR, section 25 para 2 German Telecommunications Telemedia Data Protection Act (TTDSG). The data captured is not used for other purposes.
Please note that, as a US provider, Sentry is headquartered in a country that may have a lower level of data protection than in the EU. The European level of data protection is ensured by concluding appropriate contractual arrangements and suitable guarantees.
The deletion of the collected data takes place by default after 90 days.
You can also find further information about Sentry data processing here: https://sentry.io/privacy/
In your privacy settings you can see which services we use and decide for yourself if and to what extent you would like to agree to these services and even subsequently change the settings at any time. The processing takes place on the basis of your consent in accordance with Article 6(1) lit. a or Article 49 para. 1 sentence 1 lit. a EU GDPR.
Usercentrics (Article 6 para. 1 lit. c of the EU GDPR)
Required for the correct display of essential website content and functions, e.g. chat functions, partner search, display of personalized website content.
We use Google Maps (AIP) on our website, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). Google Maps is a web service that depicts interactive maps in order to display information visually. Using this service will show you our location and make it easier for you to find us.
As soon as you retrieve the subpage that is connected to the map from Google Maps, information regarding your use of our website (e.g. your IP address) is transferred to Google’s server in the USA and stored there. This shall occur regardless of whether Google provides a user account that you have logged in to or if there is no user account at all. If you are logged in to Google, your data will be allocated directly to your account. If you do not want your data to be allocated with your Google profile, you must log out before clicking the button. Google stores your data (even for users who are not logged in) as a user profile and analyses them. This kind of analysis occurs pursuant to Article 6(1) lit. f GDPR based on the legitimate interests of Google in displaying personalised advertisements, market research and/or demand-driven design of its website. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR). You have the right to object to the creation of these user profiles, and should contact Google if you wish to claim this right.
YouTube is a video portal from YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”). We have incorporated at least one YouTube plugin in our online services.If you call up an online service that contains a YouTube plugin, a direct connection is established from your browser with the YouTube server. In doing so, the information that your browser has visited the respective page of our online services is transferred to YouTube even if you do not have a YouTube account or are not logged in to your account. This information is transferred from your browser directly to a YouTube server in the USA and saved there.
If you are logged in to your YouTube account at the same time, then it is also possible that the page retrieval will be allocated to your YouTube account and you would allow YouTube to allocate your surfing behaviour directly to your personal profile.
If you would like to prohibit YouTube from transferring and storing your data and your behaviour on our online services, you must log out of YouTube before visiting our site and, if necessary, delete cookies placed by YouTube.
Further information concerning the collection and use of your data by YouTube can be found in the data protection notice at https://www.YouTube.com/static?template=privacy_guidelines as well as in the data protection policy of Google, https://www.google.com/policies/privacy/.
We base the collection of the data on your consent to the relevant data processing in accordance with Article 6(1) lit. a EU GDPR, which you can of course also withdraw at any time by altering your privacy settings. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR).
These technologies allow us to analyze the website to measure and improve performance.
Google Analytics 4
On the basis of your consent (Article 6(1)(1)(a) GDPR), this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use server-side Google Analytics 4 and initially collect the data ourselves. In the downstream step, the information is transmitted by us to Google for evaluation. A direct data connection between you and Google will not be established. Cookies and other technologies that access information on your end-device are also used.
In doing so, we collect and process the following data:
- Account details
- Bounce rates
- Browser information
- Click path
- Unit information
- Date and time and duration of the visit
- IP address
- Internet service provider
- Mouse movements
- Screen resolution
- Behavioural data
- Referrer URL
- App updates
If you consent (Article 6(1)(1)(a) GDPR) to data processing through Google Analytics 4, we will use your data for usage analysis. In this case, we pass the data on to Google for evaluation without anonymisation or pseudonymisation. In this case, the information will be transferred to a Google server in the USA and stored there. However, Google’s IP anonymisation is active so that your IP address is shortened before data transmission and within the European Union or contracting states of the European Economic Area. Google does not store the full IP address. An unabbreviated transmission of the full IP address to Google only takes place in exceptional cases.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics 4 will not be combined with other data from Google.
Sessions and campaigns are always terminated after a certain period of time has elapsed. By default, sessions end after 30 minutes of no activity and campaigns end after 30 days. Users’ personal data is deleted or anonymised after 14 months, and the cookies set have a lifespan of 24 months.
You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
This website uses the IP anonymisation function of Google Analytics 4. Furthermore, an order data processing contract was concluded with Google. You also have the option of deactivating Google Analytics 4 using a browser add-on.
You can find more information on this at https://support.google.com/analytics/answer/6004245 (general information on Google Analytics and data protection).
Google Analytics Universal Analytics
On the basis of your consent (Article 6(1)(1)(a) GDPR), this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and other technologies which access information from your end-device [...] and which enable an analysis of your use of the website. We use server-side Google Analytics and initially collect the data ourselves. In the downstream step, the information is transmitted by us to Google for evaluation. [...]
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other data from Google. The user’s personal data is deleted or anonymised after 26 months. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate it in the “Cookie consent tool” provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics with which Google is obligated to protect the data of persons visiting our website and to not pass it on to third parties. This service can pass on the data collected to another country. Please be aware that this service data can also be transferred outside of the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you potentially having any legal recourse. However, we take the possible and necessary measures under data protection law in accordance with Article 44 ff. of the EU GDPR to establish the level of data protection in the third country.
Further information on Google Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
These technologies are used by advertisers to display advertisements that match your interests.
We use services provided by Emarsys eMarketing Systems AG (Stralauer Platz 34, 10243 Berlin, Germany; www.emarsys.com). Emarsys is a marketing service provider. This service can help to increase customer loyalty. The purpose of this data processing is to cultivate customer relations, manage direct advertising and analysis and to optimise our newsletter advertising.
Emarsys operates by setting cookies and tracking pixels. Assuming you have given your consent, (Legal framework Art. 6 Para. 1(a) EU GDPR, Section 25 Para. 1 TDSG), when you visit our website or click on our newsletter, one of these cookies is set and the following data is collected:
- Date & time of visit
- Usage data
- Opening of e-mails
- Confirmation of receipt and reading of e-mails
- Products viewed
- Surfing history
- Pseudonymous cookie ID
- Links clicked
- User behaviour
- IP address
The data collected using Emarsys' cookies is compiled into a user profile, which can be assigned to you based on the e-mail address you provided when you registered. This data is then used to personalise your newsletter. If you no longer wish to receive our newsletter, you can unsubscribe at any time by clicking on the unsubscribe link contained in each e-mail or by sending an e-mail stating your wish to unsubscribe. The information can also be used to display product recommendations on our web applications or via SMS, WhatsApp and Push & Print.
We will only store data collected by Emarsys for as long as we need to in order to fulfil the purposes for which it was collected, or, at most, until the user withdraws their consent to having their data processed, or until it is required for processing purposes.
You may also withdraw your consent at any time HERE.
For more information about data protection at Emarsys, please click here: https://www.emarsys.com/en/privacy-policy/
Google Enhanced Conversions
We use the “Enhanced Conversions” extension of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) in connection with Google Ads. In this process, input data in form fields of our website or digital offers are recorded by means of tags and transferred in encrypted form to the Google Ads service via an interface. Google combines the data collected in this way with existing user usage data already collected to create profiles and makes these available to the responsible party. If you visit other websites that also use Google Enhanced Conversions or other Google services, this information will also be linked to your unique ID. However, it is not apparent to us which other pages you visit.
If you are logged in to your Google account at the same time, the page view and the entries are also assigned to your Google account. Your usage behaviour is then directly assigned to your personal profile. To prevent this, you can either log out of your Google account before accessing the page or not give your consent to the service.
The purpose of the processing is to gain more detailed knowledge about the usage behaviour of our users in order to target and optimise our offers and advertising measures more precisely and appropriately. By using Google Enhanced Conversions, we get a more comprehensive usage picture and greater visibility for our Google Ads analytics.
We are not aware of Google using the data for its own purposes. The collection of the input data takes place after your express consent and only after the input has been completed and transmitted to us.
The data processed in this way are deleted after the purpose has been achieved, but at the latest after 60 days for unallocated data and after 140 days for allocated data.
The legal basis for the processing of your personal data is your consent in accordance with Article 6(1)(1)(a) GDPR and, insofar as data stored on the end device via the tags is collected and processed, Section 25(1) of the German Telecommunications Telemedia Data Protection Act (TTDSG).
The processing is based on your prior consent. You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
The information Google collects about users is transmitted to Google and stored on Google’s servers in the US, among other places. The service provider is obliged by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. Data processing or storage in third countries can also take place on the basis of your consent (Article 49(1)(1)(a) GDPR); in this case, you will be informed of this and the associated risks separately.
For more information about Google Enhanced Conversions, please visit: https://support.google.com/google-ads/answer/9888656?hl=de
You can revoke your consent at any time with effect for the future via the privacy settings under the cluster Marketing. Please note that the privacy settings must be changed for each individual end device.
Google Ads Conversion Tracking
We use the Google Ads conversion tracking and remarketing service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, US, “Google”). Google Ads uses “cookies”, which are text files stored on your computer that create conversion statistics for the Google Ads advertising program. The Google Remarketing service allows us to display advertisements for our website in a more targeted manner that are potentially more relevant to the user personally. For example, if a user is shown ads for products they were interested in on other websites, this is called “remarketing”. For these purposes, so-called remarketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website when our websites are called up on which Google Ads Conversion Tracking is active. This file records which web pages the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there.
If the user subsequently visits other websites, they can be shown ads tailored to their interests. User data is processed pseudonymously as part of Google’s marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data based on cookies within pseudonymous user profiles. So from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for whoever consents to the cookie, regardless of who the person consenting to the cookie is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. Google marketing
The information Google collects about users is transmitted to Google and stored on Google’s servers in the US, among other places.
The service provider is obliged by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. Data processing or storage in third countries may also take place on the basis of your consent (Article 49(1)(1)(a) GDPR), in which case you will be informed of this separately.
The cookies used lose their validity after 30 days and do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page.
The legal basis for the processing of your personal data is your consent, Article 6 (1)(1)(a) GDPR and Section 25(1) German Telecommunications Telemedia Data Protection Act (TTDSG). The processing is based on your prior consent. You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
Alternatively, you can generally deactivate the automatic setting of cookies via browser settings. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.
Facebook Website Custom Audiences
This website uses “Facebook Pixel” as well as the Conversion API interface with server-side tagging, using Google Tag Manager, and further tracking technologies from Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) or, if its registered office is in the EU, Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 1, Ireland.
If express consent is granted, then user behaviour can be tracked after a user views or clicks on a Facebook advertisement. This process serves to evaluate the efficacy of the Facebook advertisement for statistical and market research purposes and can contribute to optimising future advertising activities. The collected data is pseudonymous to us and therefore cannot in principle be used to draw conclusions about the identity of the user. However, the data is stored by Google and transferred to Facebook and processed there, such that a connection to a respective user profile is possible and Facebook can use the data for their own advertising purposes according to the Facebook Data Policy (https://www.facebook.com/about/privacy/) verwenden kann.
You can make it possible for Facebook and its partners to place advertisements both on and outside of Facebook. A cookie can also be saved on your device for these purposes.
Furthermore, Facebook Custom Audiences collects data from the use of our website: e-mail address, gender, town, region, postcode, country, first name and surname, telephone number, date of birth, IP address, Facebook and browser ID. This enables Facebook to organise your data in a certain Facebook profile the purpose of targeted marketing.
When collecting data, we rely on your consent in accordance with Article 6(1) lit. a EU GDPR and Section 25 Para. 1 German Telecommunications Telemedia Data Protection Act (TDSG) to process the data accordingly, which you may revoke at any time by changing your privacy settings. If you revoke your consent, your data will no longer be used for this purpose and will be deleted, provided no legal retention periods prevent this. Without revocation, the data is stored for a period of 2 years. The data is then automatically deleted.
TikTok Art. 6 Para. 1(a) EU General Data Protection Regulation (EU GDPR)
On our website we use TikTok Pixel, a conversion tracking tool for advertisers. The service provider is the Chinese company TikTok. The company TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) is responsible for the European area.
The TikTok Pixel is a tool that allows us to understand and track visitors’ activity on our website. We use the pixel in conjunction with an API connection and other tracking technologies. For this purpose, the Tiktok Pixel and TikTok Events API collect and process information about visitors to our website, about the devices they use and about how they use our offers and services (known as event data). Examples include usage data, device information, smartphone-related information, last name, first name, internet service provider, IP address, hashed e-mail address, hashed phone number and browser history. Usage data is also collected that allows us to draw conclusions about how visitors use our website and its functions (such as the date and duration of the visit, products viewed, use of the wish list, placement of products in the shopping cart and completion of purchases), as well as various IDs (click ID, cookie ID, event ID, order ID, shopping cart ID and user ID). This information is primarily used to determine the performance of our marketing campaigns, suggest products and services to visitors for retargeting purposes and to display our advertisements and evaluate their effectiveness.
Event data collected by the TikTok Pixel is used to target our ads, to improve ad delivery and for personalised advertising. In order to do this, the event data collected on our website via the TikTok pixel is transmitted to TikTok.
The data is stored for 24 months.
The legal basis for the collection and transmission of personal data that we provide TikTok is therefore Art. 6 Para. 1(a) EU General Data Protection Regulation (EU GDPR), Section 25 Para. 1 German Telecommunications Telemedia Data Protection Act (TTDSG). You can revoke your consent at any time in your privacy settings.
TikTok may share the information it collects with other third party companies. Please note that we have no influence over or knowledge of this as it is TikTok’s own responsibility. For more information about data protection at TikTok, please click here: https://www.tiktok.com/legal/page/eea/privacy-policy/en
Please note that in this context, personal data may be processed in a third country, the US. Appropriate contractual regulations and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries. Data may also be processed or stored in third countries on the basis of your consent (Article 49(1)(1)(a) GDPR). In such cases, you will be informed of this separately, and about the right to revoke your consent, in the course of obtaining it.
General information concerning the function of cookies
With these cookies, we are able to analyse how users use our website. This allows us to design our website content to suit the needs of the user. Additionally, cookies allow us to measure the effectiveness of a certain advertisement and place it depending on the topical interests of the user, for instance.
The cookies that are used have a unique user ID. Certain interfaces allow us to allocate the various user IDs to a unique client (e.g. when logging in to our online shop from your smartphone and computer) and thus optimise our website across your devices.
The cookies we use have a long lifespan due to the purpose of the processing and – provided that you do not object to or delete the cookies – are automatically deleted after 6 months.
Of course, you can also disable, restrict or even delete cookies manually on your terminal device via the settings in your browser or with the aid of software.
Please note: If you disable cookies, then you may not be able to use all functions completely.
Technologies for the function of the website and the online store (Art. 6 para. 1 lit. f EU-DS-GVO)
For the purpose of speeding up our website, we use the content delivery network (CDN) of Akamai Technologies Inc., 150 Broadway, Cambridge, MA 02142, US (Akamai). A CDN is a service with whose help the contents of our online offer, especially large media files like graphics or scripts, can be delivered quicker with the help of regionally distributed servers connected via the Internet. Your data is processed solely for the above-mentioned purposes and to maintain the security and functionality of the CDN. Akamai can transfer personal data from the log files to the US every time data is processed (e.g. IP addresses, location data). The location data is used to send the user the data from a server that is as geographically close as possible. You can find further information on data protection and Akamai under https://www.akamai.com/legal/privacy-and-policies/privacy-statement.
Akamai stores data for up to 24 hours so that content can be provided more speedily when you visit our website. We process data to protect our legitimate interest in speeding up our website pursuant to Article 6 para 1 page 1 lit. f EU GDPR, section 25 para 2 Telecommunications Telemedia Data Protection Act (TTDSG).
Please note that in this context personal data can be processed in a third country, the US. Appropriate contractual regulations and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries.
Data processing in the newsletter (Article 6(1) lit. a EU GDPR)
You can sign up to receive our free newsletter on our website. If you have agreed to receiving the Comma newsletter, we will use your e-mail address to send information (personalised where possible) about products, campaigns, competitions and news from the fashion industry as well as surveys on general customer satisfaction. We store and process this data for the purpose of sending the newsletter.
Multi device user profile for personal and individual communication and product recommendations
Furthermore, if you have consented to receiving a newsletter tailored to your individual interests, then in addition to processing your e-mail address, we will also process your name and profile information for the purpose of sending the newsletter. With your consent, we will record your user behaviour on this website, our mobile fashion apps and newsletters from us.
The evaluation of user behaviour includes, in particular, contract processing data and creates personal profiles or uses existing data that can be used to draw conclusions about your interest in products or campaigns from Comma. Such data may come from sales contracts. Our promotions are primarily events in our retail areas, but also include sales. Contract processing data are all types of data that arise in connection with the purchases you make at Comma. If you have exchanged or returned an item, or if you were interested in an item that could not be delivered, this information is also included in the data. In addition to this, the contact information you provided to Comma, such as your title, first name and surname, e-mail address and date of birth, is also included. Your response to the advertising activities from Comma (e.g. the newsletters sent to and opened by you) and your visitor behaviour on the Comma website or in the app (e.g. date of your last visit and products viewed) may also be stored. Please therefore also note the information contained under "Emarsys" in this regard.
The processing takes place pursuant to Article 6(1) lit. a EU GDPR and you can exercise your rights as a data subject at any time. If you have any questions, please contact us at email@example.com. You can withdraw your consent regarding receipt of the newsletters or the creation of personalised use profiles at any time with future effect, for example by unsubscribing from the newsletter on our website. You can also find the link for unsubscribing at the end of every newsletter.
Contact form (Legal framework Article 6(1) lit. a EU GDPR)
There is a contact form on our website that can be used to initiate contact electronically. If you use the contact form to write us, we will process your data provided on the contact form in order to initiate contact and to answer your questions and requests. During this process, the principle of data economy and data avoidance is observed, as you need only enter the data which we absolutely require in order to get in touch with you. That is your first name and surname, your e-mail address, the selected topic and the message field itself. In addition, your IP address will be processed out of technical necessity and as a legal safeguard. All other data come under voluntary fields and can be provided if you wish to do so (for example for a more personalised response to your queries).
We maintain a “social media” presence. Where we have control over the processing of your data, we ensure compliance with the applicable data protection provisions.
Below you can find the most important information pertaining to data protection laws in connection with our social media presence.Name and address of the body responsible for the operation
Alongside Comma, the following are responsible for the social media presence in accordance with the EU GDPR and other provisions under data protection legislation:
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
However, you are yourself responsible for using these platforms and their functions. This applies in particular to the use of the interactive functions (e.g. comment, share, rate).
Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR).Purpose and legal basis
We ourselves maintain the fan pages in order to communicate with the visitors to these sites and to inform them in this way about our products and services.
We also collect data for statistical purposes, in order to be able to further develop and optimise the content and to make our service more attractive. The necessary data for this purpose (e.g. total number of site accesses, site activities, data provided by the visitors, interactions) are prepared by the social networks and made available. We have no control over the creation and display.
In addition, your personal data are processed by the providers of the social media, but also by Comma for market research purposes, communication and for advertising purposes. Therefore, it is possible that use profiles can be created in accordance with your use behaviour and the resulting interests. As a result, it is possible, among other things, to display adverts inside and outside of the platform which are considered to be of interest to you. For this purpose, cookies are generally saved on your computer. Regardless of this, data which were not collected from your end devices directly can be saved in your use profiles. The saving and analysis also takes place across multiple platforms. This applies particularly (but not exclusively) in cases where you are registered as a member and are logged in to the respective platforms.
Otherwise, we do not gather and process any personal data.
The processing of your personal data by Comma takes place in accordance with our legitimate interest in effective information and communication pursuant to Article 6(1) Sentence 1 lit. f EU GDPR.
Should you be requested to provide your consent to the data processing, i.e. should you agree by confirming via a button or similar opt in, the legal basis for the processing is Article 6(1) Sentence 1 lit. a and Article 7 EU GDPR.Your rights/option to raise an objection
If you are a member of a social network and do not wish for the network to collect data relating to you via our internet presence and to connect your saved membership data with the respective network, you must do the following:
- log out of the respective network before visiting our fan site
- delete the cookies on the device
- close your browser and relaunch it.
Once you sign in again, however,, you can be recognised once again by the network as a specific user.
We wish to refer to the following linked information for a detailed explanation of the respective processing and the opt out options:Facebook
Data protection policy: https://help.instagram.com/519522125107875
Opt-Out: http://www.networkadvertising.org/managing/opt_out.asp und http://www.youronlinechoices.com
Once we do not have full access to your personal data, you should contact the providers of the social media platforms directly in order to claim your rights, as these have access to the personal data of their users and can take relevant measures and provide the necessary information.Note concerning copyright and authorship rights
Should you wish to publish pictures, texts, plans, videos, music etc on our internet presence, you should be aware that you may be assigning all rights of use to the network, which could lead to legal consequences on your part, should you not be the author or owner of the rights yourself.
Making purchases in the online shop (Article 6(1) lit. b EU GDPR)
Ordering as a guest:
You do not need to create a customer account in our shop if you decide to order from our online shop as a guest. If you order again, you will need to provide your data once again to process the order.
In addition, the data processing procedures which are described in the “tracking measures and cookie setting“ rubric apply. Of course, you will have access to the contact options and the rights as a data subject described therein.
Payment systems (Article 6 (1) lit. b and f EU GDPR)
You can select from different payment methods in our online shop. To that end, the respective data relevant to payment are collected so that your order and payment can be processed. In addition, your IP address will be processed out of technical necessity and as a legal safeguard.
Certain personal data are required in order to fulfil the contract, see mandatory fields. Unfortunately, without these data, we must refuse to enter into this contract, as we will not be able to perform it. The data will be transferred accordingly to our payment service provider to be processed.
Our payment system uses SSL encryption so that your data are protected when transferred.
The payment options available to you depend on the results from our credit check.
Note concerning credit card payments: As is standard for credit card payments, credit card information will be verified and authorised by Concardis GmbH, Helfmann-Park 7, Echborn 65760, Germany.
Note concerning PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If the data subject selects “PayPal” as a payment option when ordering, then data of the data subject will automatically be transferred to PayPal. By selecting this payment option, the data subject consents to the required transferring of personal data to process the payment. The personal data that will be transferred to PayPal generally includes first name, surname, address, e-mail address, IP address, telephone number, mobile number or other data that are necessary for processing the payment. Personal data necessary for concluding the sales contract also include data related to the respective order. You can access details concerning data protection at PayPal here. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR).
Note on pay in advance: In the case of prepayment, you will receive an invoice in advance. As soon as this has been transferred by you to the specified bank account, we will deliver the ordered items without delay.
Data processing in the order management system
To ensure that you receive all of your desired items as quickly and in as few deliveries as possible, our order management system assigns your order automatically. This assignment is based on various aspects such as availability of goods and efficiency. It is therefore required that your order is transferred to the order management system, which is provided by OneStock SAS (8 Rue des Trente-Six Ponts, 31400 Toulouse, France), operated by s.Oliver, and has its server site in Germany and France. s.Oliver stores and processes your data in the order management system out of its legitimate interest in accordance with the EU GDPR for the purpose of the efficient distribution and processing of all orders.
Data processing by shipping service providers
For the purpose of shipping, we work with logistics service providers/transport companies and/or shipping partners: The following data may be transmitted for the purpose of delivery of the ordered goods or for the purpose of shipping communication: First name, last name, postal address and, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for the processing is Art. 6(1)(b) DSGVO.
Use of location-based services
We offer you a wide range of services on our website that provide you with, among other things, even better product availability and simplified parcel delivery. To carry out these services, we require your location in order to determine, for example, the nearest Comma branch.
Determining the nearest Comma branch
We provide the Comma storefinder on our website. The storefinder displays the nearest Comma stores and the nearest partner stores in your area when you enter in your current location or by using the Google Maps locator (see use of Google Maps). The Comma storefinder also gives you the opportunity to find exactly the Comma retail space that best suits your needs via various filters such as women’s or men’s collections, specific Comma brands or services.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions on the process or want to talk to us about the results, please contact us at firstname.lastname@example.org.
Web shop protection against attacks (Cloudflare)
This page uses SSL encoding for security reasons and to protect the transfer of confidential content such as the requests that you send to us as a website operator. You can recognise an encrypted connection when the address bar in your browser changes from “http://” to “https://”and by the padlock icon in your browser. When the SSL encryption is activated, the data you send us cannot be read by third parties. We use the service from Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA so that we can offer you secure data transfer using SSL encryption on our website, protect ourselves against attacks and optimise our loading times. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR). Cloudflare collects statistical data about your visit to this website. The following is included in the access data: Name of the accessed website, file, date and time of access, data volume transferred, confirmation of successful retrieval of data, browser type and version, user’s operating system, referrer URL (webpage that sent user to the site), IP address and the requesting provider. Cloudflare uses protocol data for statistical evaluation for operating, security and offer optimisation purposes. Please also read the data protection provisions of Cloudfare, which can be accessed here: https://www.cloudflare.com/privacypolicy/.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions, please contact us at email@example.com.
As at 2023-09-01