Informatie over gegevensbescherming
I. Privacybeleid Online-ShopII. Privacybeleid Premium Club
Privacybeleid Online-Shop
This data privacy notice applies to the processing of your personal data in the GERRY WEBER online shop, including data processing on this website, in the context of orders and in connection with an online customer account (if you have created one).
1. Controller for the data processing
The controller for the data processing is E-GERRY WEBER Digital GmbH, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: service@gerryweber.com (hereinafter: EGW, we, us).
You can contact the data protection officer at E-GERRY WEBER Digital GmbH, Data Protection Officer, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: datenschutz@gerryweber.com.
2. Categories of personal data
Depending on your status (guest, customer account, website visitor), we process the following categories of your personal data:
- Contact details (e.g. name, address, e-mail address, telephone number)
- Date of birth (if you have provided it)
- Purchase data (e.g. time/place purchase, goods and services purchased, turnover (incl. unit and total price), shipping method, purchase frequency, purchase behaviour, allocation to a store)
- Payment method and payment data (e.g. bank details)
- Data regarding returns (e.g. frequency, returned goods)
- Messages sent to us, e.g. via the contact form
- Results of data analyses (e.g. in the context of market research studies and by evaluating customers), including reactivation score (identification of inactivity or risk of outflow), creation of customer profiles, classification into customer value groups
- Participation in promotions or use of vouchers
- If you have an online customer account, we also process back-end data (e.g. log-in data, login name and password, technical device and access data).
- If you visit our website (i.e. even if you do not buy anything), we process the following categories of data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made, movement (pages accessed, items viewed, length of stay/heat map, shopping cart), click and purchase behavior on the websites.
- When sending newsletters and for other e-mail communication with you, we also process the following data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made.
In addition, you will find more detailed information on individual data processing operations under Section 9 below.
3. Purposes and legal bases of the processing
We process your data on the following legal bases: fulfillment of a contract (i.e. orders through the online shop) and performance of pre-contractual measures (Art. 6 (1) lit. b) GDPR); compliance with our legal obligations (e.g. due to commercial or tax law requirements, Art. 6 (1) lit. c) GDPR); on the basis of your consent (Art. 6 (1) lit. a) GDPR), on the basis of our or third parties’ legitimate interests (Art. 6 (1) lit. f) GDPR). Legitimate interests of us or third parties exist, for example, in advertising and product improvement, digitalisation, assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion, cooperation with authorities or ensuring IT security.
We process your personal data for the following purposes:
- Performance of a contract, e.g. processing of your order and complaint handling
- Marketing, product information for advertising purposes about collections, products and services
- Compliance with our legal obligations
- Market and opinion research
- Measures to improve and develop our services and products as well as creation of transparency and quality of our products, services and communication
- Personalisation of advertising and communication in order to be able to offer you an individual approach with suitable offers and products, including automated analysis of your purchasing behavior and creation of customer profiles, classification into customer value groups, creating of a reactivation score (identification of inactivity or risk of outflow), dynamic reactivation (targeted advertising based on purchase frequency), allocation to a store, sending vouchers and item recommendations and invitations to special promotions (e.g. store events)
- Analysis of the reach of our communication with you, e.g. by measuring click rates
- Statistical evaluation of the success of (online) marketing campaigns
- Contact with credit agencies to determine credit checks or payment default risks
- Address determination
- Assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion
- Cooperation with authorities
- Ensuring IT security
- Prevention and investigation of criminal offences or breaches of duty
- Monitoring and prevention of fraudulent activities, e.g. through click fraud
- Ensuring the proper functioning of our systems
- Measures in connection with corporate transactions or corporate restructuring (e.g. the sale of our business operations or parts thereof)
- Optimization of returns management
4. Source of your personal data
We collect your personal data directly from you, e.g. when ordering in the online shop, in the registration form for the customer account or when registering for the newsletter. In addition, we receive some of your personal data from other sources, in particular from credit agencies and from other group companies of the GERRY WEBER Group (a list of all companies in the GERRY WEBER Group can be found here:
gerryweber.com/bedrijfsonderdelen).
5. Disclosure of personal data to third parties (recipients)
Recipients of your personal data may be, for example:
- Billing service providers and IT service providers
- Credit agencies
- Call centers
- Marketing agencies
- Market research institutes
- Service and cooperation partners
- Debt collection agencies
- Printing and mailing service providers
- Data destruction service providers
- Consultants and consulting firms (e.g. lawyers, auditors or tax consultants)
- Authorities and courts
- Distributor in the field of wholesale
- Companies (e.g. buyers and their advisors) in connection with corporate transactions or corporate restructurings (e.g. the sale of our business operations or parts thereof)
- Group companies of the GERRY WEBER Group (a list of all companies of the GERRY WEBER Group can be found here: gerryweber.com/bedrijfsonderdelen/)
Please also see the additional information provided under Section 9 below.
6. Recipients outside the EEA
The processing of personal data takes place primarily in the territory of the European Union (EU). In some cases, we also transfer your personal data to recipients outside the European Economic Area (EEA) (so-called third countries), for example to subsidiaries belonging to the group or foreign processors. For some third countries, such as Switzerland, the EU Commission has decided that the level of data protection is adequate. Our transfer of your personal data to these countries is based on the respective adequacy decision of the EU Commission (Art. 45 GDPR). For data transfers to third countries without such an adequacy decision, such as the USA, we for example conclude appropriate data transfer agreements (so-called EU standard contractual clauses) or ensure that another transfer mechanism is applicable. For a copy of the relevant transfer mechanisms and further information or questions, you are welcome to contact the Data Protection Officer at
datenschutz@gerryweber.com.
Please also see the additional information provided under Section 9.
7. Storage period
Personal data will be stored for the purposes mentioned for the duration necessary to fulfill these purposes, e.g. for the duration of the fulfilment of the order process as well as statutory limitation periods and warranty periods, and if there are no other statutory retention obligations (German Commercial Code (HGB), German Fiscal Code (AO)) or legal reasons for storage. We are subject to various storage and documentation obligations, which result, among others, from the German Commercial Code (HGB) and the German Fiscal Code (AO) and reach up to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, can be up to thirty years according to §§ 195 et seqq. of the German Civil Code (BGB), whereas the regular limitation period is three years. The storage period of the data collected via cookies can be found under Section 9.
8. Your rights in relation to the processing of your personal data
You have the following rights against us in relation to your personal data:
- Right to information on your stored personal data (Art. 15 GDPR),
- Right to rectification if the stored data that relates to you is incorrect, outdated or inaccurate (Art. 16 GDPR),
- Right to erasure if the storage is impermissible, the purpose of the processing is fulfilled and the storage is therefore no longer necessary or when you have revoked your consent to the processing of certain personal data (Art. 17 GDPR),
- Right to restriction of processing if one of the conditions listed in Art. 18(1) lit. a) to d) GDPR is fulfilled (Art. 18 GDPR),
- Right to transfer the personal data that relates to and that you have provided (Art 20 GDPR),
- Right to withdraw your consent, whereby the withdrawal does not affect the lawfulness of the processing carried out up to that point on the basis of the consent (Art. 7 (3) GDPR), and
- Right to object: You can object to the processing of your personal data, which is carried out on the basis of Art. 6(1) lit. f) GDPR (data processing on the basis of legitimate interests), at any time. In particular, you have the right to object to electronic (e-mail) or telephone advertising at any time without incurring any costs other than the transmission costs according to the basic rates.
You are welcome to assert your rights using our contact details given at the beginning.
In addition, you have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR). This also includes the data protection supervisory authority responsible for us, which can be reached under the following contact details: The State Commissioner for Data Protection North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.
9. Data protection information for further use
In the following and in addition to the information provided under Sections 1 until 8 certain data processing operations are presented in detail:
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the system of the calling computer. The following data is processed:
- Information about the browser type and used version
- The user's operating system
- The user's internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website.
The data is stored in the log files of our system. The data is stored in system log files to ensure the functionality of our website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems.
Social Media
We have online presences within the social networks Facebook, Instagram, Pinterest, WhatsApp and YouTube.
When accessing our profiles in the social networks, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy notice, we process user data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages. The sending of personal data on these platforms is always voluntary. The personal data in the communications that can be viewed by us or the public can be deleted by the user at any time.
You can access the data protection information of the web services here:
FacebookGoogleInstagramPinterestWhatsApp
Cookies
A "cookie" is a text file that is transferred from a website to your computer's hard drive. We use cookies when you browse our site, make purchases, request or personalize information, or register for certain services. If you accept the cookies on our site, we do not have access to your personal information but with the help of the cookies we can identify your computer. Cookies are generally divided into "session" and "permanent" cookies.
"Session" cookies do not remain on your computer when you leave our website or close your browser. With the help of the collated information we can analyse usage patterns and usage structures on our website. This allows us to optimise our website by improving the content or personalisation and making it easier to use.
"Permanent" cookies are cookies that remain on your computer. They are used to facilitate shopping, personalisation and registration services. For example, cookies can keep track of what you have selected to buy as you continue shopping. In addition, you only need to enter your password once on websites that require you to log in. "Permanent" cookies can be removed manually by the user.
Most browsers accept cookies by default. However, you can usually refuse cookies or selectively accept certain cookies by adjusting the browser settings accordingly. If you disable cookies, you may not be able to use certain features on our site, and some web pages may not be displayed properly.
Most browsers accept cookies by default. However, you can usually refuse cookies or selectively accept certain cookies by adjusting your browser settings accordingly. If you disable cookies, certain features on our site may not be available to you and some web pages may not display properly.
Cookie settings
All tags, trackers and analysis tools used can be found in our
cookie settings at the bottom of each page.
AdServices Conversion und Remarketing
We use the remarketing and conversion tracking functions of Google Ads. These services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The remarketing function enables us to present interest-based adverts in the Google advertising network to previous visitors to our website. Conversion tracking, on the other hand, is used to measure the effectiveness of our Google Ads adverts by recording user actions such as purchases or registrations following ad clicks.
As part of these functions, various data may be collected and transmitted to Google in the USA. This includes device and browser data such as the browser type and language, the user’s (shortened) IP address and information about user interactions on our website and with our adverts. In addition, each user is assigned a pseudonymous ID by means of a cookie.
The legal basis for this data processing is the user’s consent in accordance with Article 6(1)(a) GDPR on the one hand and our legitimate interest in advertising and analysis in accordance with Article 6(1)(f) GDPR on the other.
We have implemented various measures to ensure data protection. We have concluded a data processing contract with Google based on the EU–US Data Privacy Framework. The user data collected is pseudonymised and the cookies used have a limited retention period of a maximum of 90 days. In addition, we use Enhanced Conversions, which hashes first-party data before it is transmitted to Google.
You have the option of deactivating data collection by Google Ads. To do this, you can visit the
Google Ads settings for ad personalisation and select the option “Disable ad personalisation”. This will set an opt-out cookie that will prevent your data from being collected for advertising purposes on future visits to this website. As a user, you have the right to object to data collection. You can do this by clicking on the Google Ads opt-out link or by installing the
Google Analytics opt-out browser add-on.
For more detailed information on data protection at Google Ads, we recommend that you visit the corresponding Google website:
Data protection at Google Ads.
10. Questions about data protection
If you have any questions about data protection, please contact us using the contact details above. We amend our privacy policy from time to time.Effective August 2024