Data protection policy for customers and prospective customers
(Last updated: 24 May 2018)
- Part 1: Data protection information regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
- Part 2: data protection statement for our website
We take data protection seriously: the following aims to provide you with information on how we process your data, and what rights and claims you have in accordance with the data protection regulations. Valid as from 25 May 2018.The data protection information set out below covers all activities relevant to data protection which are carried out by all members of the Jack Wolfskin Group, as well as services provided for external companies, see companies listed under 1. Personal data is processed by the companies listed under 1 in line with the same principles and methods, meaning that a uniform data protection policy applies.
1. Contact information and controller responsible for data processing
Controller responsible with regard to data protection law
Jack Wolfskin Ausrüstung für Draussen GmbH & Co. KGaA Jack Wolfskin Kreisel 1 D-65510 Idstein/Ts Tel. +49 (0)6126 954 0 Fax: +49 (0)6126 954 159 email@example.comJack Wolfskin Retail GmbH Jack Wolfskin Kreisel 1 D-65510 Idstein/Ts Tel. +49 (0)6126 954 0 Fax: +49 (0)6126 954 159 firstname.lastname@example.orgContact information of our Data Protection Officer:
Jack Wolfskin Ausrüstung für Draussen GmbH & Co. KGaA Data Protection Officer Jack Wolfskin Kreisel 1 D-65510 Idstein/Ts email@example.com
2. Purposes and the legal basis on which we process your data
We process personal data in accordance with the provisions governing the General Data Protection Regulation (GDPR), the Federal Data Protection Act of Germany (BDSG) and other applicable data protection regulations (see below). The specific data that is actually processed, and how this is done, is mainly geared to the services which have been agreed to or applied for. Further details or additional information in relation to the processing of personal data can be obtained from the respective contracts, forms, declaration of consent and/or other information which has been made available (e.g. as part of using our website or our terms and conditions of business). Furthermore, this information on data protection may be updated from time to time and can be referred to by visiting our website https://www.jack-wolfskin.com/data-protection.
2.1 Purposes of fulfilling a contract or steps prior to entering into a contract (Art. 6 Para. 1 b GDPR)
Processing personal data is done for the purpose of performing our contract(s) with you and carrying out your orders, as well as to undertake measures and activities which form part of pre-contractual relations, e.g. with prospective customers. In particular, processing information enables us to deliver our products and related services in accordance with your orders and wishes whilst at the same time providing appropriate services, measures and activities. This includes first and foremost the following: corresponding with you regarding details of the proof of transactions, orders and other agreements, as well as quality assurance by means of corresponding documentation, proceedings as a gesture of goodwill, measures for managing and optimising business processes as well as fulfilling general duty to take care, managing and controlling affiliated companies (e.g. parent company); statistic evaluations concerning corporate management, recording costs and financial control, reporting, internal and external communication, crisis management, settlement of accounts and tax assessments of company services, risk management, assertion of legal claims and defence regarding legal proceedings; guaranteeing IT security (incl. system or plausibility tests) and general security, of which security for premises and plants, ensuring and awareness of householder’s rights (e.g. by means of entry checks); guaranteeing integrity, authenticity and availability of data, prevention and investigation of offences; checks by supervisory boards or monitoring bodies (e.g. audits).
2.2 Purposes of legitimate interests by ourselves or third parties (Art. 6 Para. 1 f GDPR)
In addition to fulfilling the actual contract (or pre-contract), we also process your data in cases where it is necessary in order to protect our legitimate interests, and those of third parties, particularly for the following purposes:
- For advertising, market research and opinion polls, insofar as you have not expressed objection to your data being used;
- For obtaining information and exchanging data with credit agencies, insofar as this exceeds our commercial risk;
- For checking and optimising processes for needs analysis;
- For further developing services and products as well as existing systems and processes;
- For disclosure of personal data as part of due diligence in the context of company sales negotiations;
- For comparing with European and international antiterror lists, going beyond legal requirements;
- For enhancing our data, including for use or research of publicly available data;
- For statistical evaluations or market analysis;
- For benchmarking;
- For enforcing legal requirements and defence in legal disputes which cannot be attributed directly to the contractual relationship;
- For limited storage of data when deleting it is not possible due to the special nature of storing it, or is only possible with unreasonable effort;
- For development of scoring systems or automated decision-making processes;
- For preventing and investigating crimes, where this is not solely for the fulfilment of legal requirements;
- For fraud prevention;
- For security of buildings and facilities (e.g. via access control and video surveillance), where this exceeds general due diligence obligations;
- For internal and external investigations, security checks;
- For listening in on or recording telephone conversations for quality control or training purposes;
- For obtaining or maintaining certification of a private or official regulatory nature;
- For guaranteeing and recognising domiciliary rights using appropriate measures and video surveillance to protect our customers and employees, as well as to secure proof in the case of crime, as well as preventing it.
2.3 Purposes where you have given your consent (Art. 6 Para. 1 a GDPR)
Processing your personal data for specific purposes (e.g. using your email address for marketing purposes) is possible once you have given your consent. You are normally able to revoke this at any time. This also applies to revoking declarations of consent which you confirmed to us prior to the GDPR coming into effect on 25 May 2018. We will let you know about the consequences of revoking consent or not giving consent in a separate text concerning consent.
Revoking consent generally applies to the future. Any processing that was conducted prior to revoking consent is not affected by the regulation and remains lawful.
2.4 Purposes regarding fulfilment of legal obligations (Art. 6 Para. 1 c GDPR) or which are carried out in the public interest (Art. 6 Abs. 1 e GDPR)
Like everyone involved in business, we, too, are subject to a whole host of legal obligations. These are, first and foremost, legal requirements (e.g. trade and tax laws), but also, where applicable, regulatory and official obligations (e.g. court verdicts). For purposes of processing, this involves, where applicable, checking identity and age, prevention of fraud and money laundering, preventing, fighting and investigating the finance of terrorism and offences where assets are in danger, comparisons with European and international anti-terror lists, complying with monitoring and reporting of fiscal obligations, as well as archiving data for data protection purposes and data security, plus checks by tax authorities and other authorities. Furthermore, the disclosure of personal data can be required during the course of official/judicial measures for purposes of taking of evidence, persecution or enforcement of claims according to civil law.
3. The data categories processed by us insofar as we did not receive them directly from you, and their origin
Where this is necessary for rendering our services, we process personal data received permissibly from other companies or other third parties (e.g. credit agencies, directory publishers). Further, we process personal data taken permissibly from publicly accessible sources (e.g. telephone directories, commercial registers and register of associations, register of residents, records of debtors, land registers, press, internet and other media) or otherwise received or purchased and which we have permission to process.
Relevant personal data categories may include, in particular:
- Personal data (name, date of birth, place of birth, gender, nationality, marital status, profession/industry and comparable data)
- Contact data (address, e-mail address, telephone number and comparable data)
- Address data (registration data and comparable data)
- Payment/cover confirmation for bank and credit cards
- Information on your financial situation (credit-rating data, including score, i.e. data regarding assessment of the financial risk)
- Customer history, order history, including clothes size
- Data on your use of telemedia provided by ourselves (e.g. time when you opened our website, apps or newsletters, IP address, our pages/links that you clicked on or entries and comparable data)
- Image and video data
4. Recipients or categories of recipients of your data
Internal controllers or organisational units within the companies belonging to the Jack Wolfskin Group (referred to in section 1) receive your data, which they require in order to fulfil our contractual and legal obligations, or as part of processing and implementing our justified interest. Your data is only passed on to external sites,
- in conjunction with handling the contract;
- to Jack Wolfskin Store operators, in connection with promotions initiated by Jack Wolfskin Stores;
- to Jack Wolfskin store operators, in connection with your application for a customer account or a Jack Wolfskin loyalty programme as well as your purchase from a participating Jack Wolfskin Store or the official Jack Wolfskin Online Shop insofar as you have a customer account or are participating in a Jack Wolfskin loyalty programme;
- for the purpose of fulfilling legal obligations where we are required to provide information, notify or pass on data, or where passing on data is in the public interest (see 2.4);
- where external service providers process data on our behalf as a commissioned processing company or a company that undertakes functions (e.g. exter-nal data processing centres, support/maintenance of EDP/IT applications, archiving, document pro-cessing, call centre services, compliance services, financial control, data screening for anti-money laundering purposes, checking data validation and plausibility, data destruction, purchas-ing/procurement, customer management, letter-shops, marketing, media engineering, research, risk control, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logis-tics);
- as a result of our justified interest or that of a third party in the context of the purposes listed under 2.2 (e.g. authorities, credit agencies, debt-collecting agency, solicitors, courts, experts, affiliated companies and committees and regulatory boards);
- if you have given us consent to pass onto third parties.
We will not pass on your data to any third parties. Where we commission service providers as part of processing an order, your data is subject to the same security standards there as it is when stored with us. In all other cases, the recipients of data may only use this data for the purposes for which it has been transferred.
5. Length of time that your data may be stored
We will process and store your data for the duration of our business. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various legal obligations in terms of retention and documenting, which stem from, e.g. the German Commercial Code (HGB) and the tax code (AO). The deadlines given in the respective tax code for storing and documenting data are up to ten years beyond the end of the business or legal relationship.
Further, special legal provisions require a longer retention term such as, e.g. retaining means of evidence as part of the legal provisions governing statute of limitations. In accordance with Sections 195 et seq. of the German Civil Code (BGB), the normal statute of limitations is three years; however, statutes of limitations of up to 30 years can also be applied.
If data is no longer required for fulfilling contractual or legal obligations and rights, this shall be deleted on a regular basis, unless the further processing of this data - limited in terms of time - is required in order to meet the purposes of a prominent justified interest listed under 2.2. Such a prevailing justified interest is the case if, for example, deleting is not possible or is only possible as a result of a disproportionate amount of effort due to the special nature of storing the data, and processing for other purposes by means of technical and organisational measures has been ruled out.
6. Processing your data in a third country or through an international organisation
Transferring data to sites in states outside of the European Union (EU) or the European Economic Area (EEA) (so-called third countries) occurs if it should become necessary in order to execute an order/contract from or with you, if it is legally prescribed (e.g. duty to report according to tax law), if there is a justified interest by ourselves or on the part of a third party, or if you have given your consent.
Here, the processing of your data in a third country may also occur in conjunction with engaging with service providers in the context of processing orders. Insofar as the EU Commission has not agreed a resolution with the country in question regarding a reasonable level of data security, we guarantee that corresponding contracts exist in line with data protection requirements of the EU, meaning that your rights and liberties are protected and guaranteed to a reasonable extent. Detailed information is available upon request.Information on suitable or appropriate guarantees and regarding the possibility to get a copy from them, can be requested from the company data protection officer.
7. Your data protection rights
You can assert your data protection rights against us under certain circumstances
- Indeed, you are entitled to obtain information from us concerning data stored with us according to provisions governing Art. 15 GDPR (including restrictions, where applicable, in accordance with Section 34 of the Federal Data Protection Act).
- We will rectify data stored about you in line with Art. 16 GDPR if the data is irrelevant or inaccurate.
- If you so wish, we will erase your data in accordance with the principles governing Art. 17 GDPR in-sofar as other legal regulations (e.g. legal retention requirements or restrictions as per Section 35 of the Federal Data Protection Act) or a prevailing interest on our part (e.g. defending our rights and claims) do not stand in the way.
- Taking into consideration the prerequisites set out in Art. 18 GDPR, you may request that we restrict the processing of your data.
- Furthermore, you may lodge an objection to your data being processed in line with Art. 21 GDPR, resulting in us having to stop the processing of your data. Nevertheless, this right to object shall only apply on grounds relating to your particular personal situation, whereby the rights of our company may come into conflict with your right to objection.
- You also have the right to receive your data in a structured, commonly used and machine-readable format in line with the provisions governing Art. 20 GDPR, or to have the data transmitted to a third party.
- Furthermore, you have the right to revoke any consent already given concerning the processing of personal data with future effect (see 2.3).
- Further, you have the right to lodge a complaint with a data supervisory authority (Art. 77 GDPR). Nevertheless, we would recommend always sending a complaint to our data protection officer in the first instance.
Your application concerning the exertion of your rights should, wherever possible, be in writing and sent to the address above, or directly to our data protection officer.
8. Extent of your obligations to make your personal data available to us
You are only required to make data available which is needed in order to start and carry out a business relationship or regarding a pre-contractual relationship with us, or data which is necessary in line with legal provisions. We will not normally be in a position to conclude or carry out a contract without this information. This may refer to data subsequently required as part of the business relationship. Where we have requested data from you beyond the above, we will point out separately that these details are given on a voluntary basis.
9. Existence of an automated decision on a case-by-case basis (including profiling)
We do not use a purely automated individual decision-making process in line with the provisions governing Article 22 GDPR. Insofar as we introduce this type of process on a case-by-case basis in the future, we will let you know about it separately if this is legally prescribed.
Under certain circumstances, we sometimes process your personal data with the aim of evaluating specific personal aspects (profiling). In order to provide tailored information and advice about our products, we also apply evaluation tools where necessary. This results in a range of products, communication and advertising which is more tailored to your needs, including market research and opinion surveys.
These types of procedures can also be used to assess your credit rating and creditworthiness, and for the purposes of fighting against money laundering and fraud. So-called "score values" are used to assess your creditworthiness and credit rating. Scoring employs a mathematical process which calculates the probability of a customer being able to keep up with payment obligations as set out in the contract. Consequently, these scores help us to assess creditworthiness and take decisions on contracts, and are incorporated in our risk management. The calculation is based on a recognised, tried-and-tested mathematical and statistical process and weighs up your data, especially income, expenditure, and current liabilities, job, employer, term of employment, experiences resulting from previous business relations, repayment of previous loans in line with the contract terms as well as information obtained from credit agencies.
Details concerning nationality as well as special categories of personal data are not processed in this respect as per Art. 9 GDPR.
Our data protection statement, as well as information on how we process our data in accordance with Articles (Art.) 13, 14 and 21 GDPR may change from time to time. Any amendments will be published on this page. Older versions are available in our archive for you to consult.
Data protection information last updated: 15.05.2018
This website and all internet-based services and applications (hereafter "website") are the responsibility of JACK WOLFSKIN Retail GmbH, a limited company with registered offices at Jack-Wolfskin-Kreisel 1, 65510 Idstein/Ts, and established according to German law and registered in the Commercial Register of the local court of Wiesbaden under HRB 24710. (Hereinafter "we", "us", or "JACK WOLFSKIN").Your privacy is important to us at Jack Wolfskin and we strictly comply with the regulations set by the German Data Protection Act, as well as relevant international data protection regulations. The following data protection statement gives you an overview of the ways in which we use your personal data and the ways we protect it when you use our website.
1. Collection, processing and use of personal data
In some cases you will be asked to provide your data directly to us, for example when setting up a customer account, filling out a form, as part of the ordering process or for service requests.In these cases, we will use and process your data in the following ways depending on the circumstances:
- your contact information (e.g. name, address, email address, phone number, birth date);
- information required to fulfil an order (e.g. information about the products ordered, invoicing details, delivery and payment details, e.g. bank and credit card details or other payment details);
- information about orders and services (e.g. order and contact details/ordering history, details about defective products, previous correspondence);
- other information you have expressly made available to us (e.g. your personal profile, product references, wish lists, ratings etc.).Any personal details provided as a result of using our website are processed in the manner described in our data protection statement.
2. Cookies and Re-targeting Technology
We use technology to optimise and improve the online experience of our website. For this reason, your data is sometimes recorded by us or by one of our partners through the interaction between your computer and our website. Such information could include (but is not limited to):
- The IP address of your device (e.g. IP address of your computer, tablet etc.)
- Information about your use of the website (e.g. time and date of your visit, referral URLs or page views);
- Information about your device (e.g. type and version of your internet browser and version of your operating system).When this data is used, anonymised user profiles may be generated. Cookies may also be used for this purpose. Cookies are small text files which are saved locally by your internet browser when you visit our website. These cookies allow your internet browser to be recognised by our website when you visit our website again and data is required e.g. as part of the order process (for detailed information see below). Where this has not been expressly authorised by you as the user, data collected by the aforementioned technologies cannot be used to personally identify the visitor to the website and will not be combined with personal information about the anonymised users.
On our website, we use data packages (small text files) called cookies. These cookies allow us to collect data about, for example, the navigation paths, number of visitors to our website or hits per page. We also record this information with the aim of making our websites even more user-friendly, effective and secure. Cookies are also used where necessary for the navigation and functionality of our website (e.g. cookies which save the current shopping basket status beyond the log-out process).The vast majority of cookies are so-called session cookies, which are automatically deleted when the website is closed.If you do not wish cookies used on our website to be stored on your computer, then you may need to change your browser settings to either block cookies in general or to accept or reject them on a case-by-case basis. Please note that blocking cookies may affect the functionality of the website.
2.2 RE-TARGETING TECHNOLOGY
Retargeting in online marketing is the process by which a visitor to a website is tagged and subsequently targeted with adverts on other websites. Cookies which last 90 days are also used for this purpose.As with website tracking, data is also collected in pseudonymous form here. If you have questions about regargeting, please contact Jack Wolfskin via the following partners:
pilot Hamburg GmbH & Co. KGIf you would like to opt out of retargeting, please click the following link:https://www.pilot.de/cookie-opt-out-datenschutz-privatsphaere/
Ströer Digital Media GmbHYou can file an objection to data processing at any time on the following link:https://privacy.mbr-targeting.com
3. Data storage
We will only store data received and collected in the Member States of the European Union. We will take all reasonable technical and organisational precautions to protect your data from unauthorised use or unlawful publishing, deletion, loss or unlawful changes.
4. Social Plug-Ins
Our website uses so-called social plug-ins ("plug-ins") from the following social network providers ("Providers").
5. Tag management and web-analytics
5.1 Dynamic 1001
The Dynamic Tracking System is used for measuring the performance of the Jack Wolfskin Online Shop’s different advertising channels. It is provided by our technical and statistical service provider Dynamic 1001 GmbH.Data from your browser is collected for statistical analysis when you visit the website https://www.jack-wolfskin.com. Such data will be forwarded to Dynamic 1001 GmbH as technical and statistical service provider.The collection of data is carried out via a pixel that is embedded in the web shop page. Common information such as the operating system, browser used, the related advertisements, referrer and the IP address are anonymously saved through contact with the dynamic servers. IP addresses are only used for internal reference but will not be forwarded to other third parties.When you place an order, only data such as order number, customer number, shopping basket and the order value are transferred to Dynamic 1001 GmbH so that they can pass on the correct commission to the advertising partner. Cookies are used for data collection. Cookies are small text files which are saved on your computer. Cookies include an identifying mark generated by the Dynamic Tracking System. Cookies cannot damage your computer and do not contain any viruses.You can activate or deactivate cookies yourself in your browser settings.If you wish to object to the storage of your anonymised visitor data, so that you will not be tracked in the future, you can raise your objection here.
5.2 Google analytics
5.4 Web-Shop System
Anonymised data of your visit to our webshop is recorded in order to optimise and personalise your user experience (such as e.g. product suggestions). You can click here if you do not wish this to be done.
We use the so called Double-Opt-In process with regard to your electronic newsletter registration. This means, that following your registration, you will receive an e-mail in which we ask for your registration confirmation. If you do not respond to this e-mail within 72 hours, we will delete your data automatically.In addition to your e-mail address and any further data provided by you in connection with the registration, we store your IP address as well as the time of your registration and, in case of electronic registration, your registration confirmation. We store such data for documentation purposes and to be in the position to clarify any potential misuse of your personal data. We process your data for the purposes of sending the newsletter to you (in accordance with Art. 6 I S.1 lit. A GDPR).If you wish to object to continuing receipt of our newsletter the easiest way to do so is to click the de-registration link included in every newsletter. Of course, you can also send us an email to firstname.lastname@example.org or a letter to the contact address included in the imprint. Our newsletter include so called web-beacons and tracking pixels respectively. These are small picture files, which are stored on our website. If you open the newsletter and download the pictures, we combine your registration data with the individual identification number of the newsletter. This combination allows us to evaluate your user behaviour including the use of our website. Such tracking is not possible if you deactivate the picture download in your e-mail software (and refrain from manually downloading the pictures), which may result in the newsletter not being displayed in full or not being fully functional. The data obtained from the tracking will be stored for a period of one year following your de-registration and will be deleted automatically afterwards. You may request a deletion of your tracking data at any time by email to email@example.com or letter to the contact address included in the imprint. Last updated: 24.05.2018