Data protection
PRIVACY STATEMENT APPLICABLE TO THE BIRKENSTOCK OUTLET ONLINE STORE
Thank you for your interest in our online shop ( https://www.birkenstock-outlet-store.com/ (hereinafter “online shop” or “website”).
This privacy statement aims to clearly inform you about how we process your personal data.
1. WHO IS RESPONSIBLE FOR PROCESSING MY DATA AND WHO IS THE DATA PROTECTION OFFICER?
The data controller within the meaning of Article 4, paragraph 7 of the General Data Protection Regulation (GDPR) is the company:
Birkenstock digital GmbH
Burg Ockenfels
53545 Linz am Rhein
Our data protection officers can be contacted at the following address:
Birkenstock digital GmbH
Data Protection Officer
Burg Ockenfels
53545 Linz am Rhein
dpo@birkenstock.com
To ask general questions about data protection or to submit a data subject request, please use our online form available at https://birkenstock-privacy.bytemine.net/enquiry/ .
Birkenstock digital GmbH
Burg Ockenfels
53545 Linz am Rhein
Our data protection officers can be contacted at the following address:
Birkenstock digital GmbH
Data Protection Officer
Burg Ockenfels
53545 Linz am Rhein
dpo@birkenstock.com
To ask general questions about data protection or to submit a data subject request, please use our online form available at https://birkenstock-privacy.bytemine.net/enquiry/ .
2. WHAT IS THE PURPOSE OF DATA PROTECTION?
Data protection law regulates the use of personal data. Personal data is information relating to an identified or identifiable natural person (hereinafter, "data").
3. WHAT CATEGORIES OF DATA DO WE COLLECT?
When you visit our online store, we process the following categories of data in particular:
Data you provide us: When you place an order, contact us (e.g. via the contact form or by email) or open a customer account, you provide us with certain data. The exact nature of this data is specified in the individual input forms. The following data may, for example, be collected: name, email address, telephone number, other contact details, including address or payment information. The input form specifies whether the requested data must be provided or not. Further information on this is provided in section 5 of this privacy statement. When you visit our website, we may also store access data in server log files. Part of the access data:
If you place an order in our online shop, the access data will also be stored in log files. Part of the access data:
Data we collect from third parties: When you place an order in our online shop, we may in some cases collect data about you from third parties, such as credit information companies or payment service providers. Cookies: In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies or similar technologies for prospecting and analysis purposes. Further information on this topic is available under point 5. You can change your cookie preferences there at any time.
Data you provide us: When you place an order, contact us (e.g. via the contact form or by email) or open a customer account, you provide us with certain data. The exact nature of this data is specified in the individual input forms. The following data may, for example, be collected: name, email address, telephone number, other contact details, including address or payment information. The input form specifies whether the requested data must be provided or not. Further information on this is provided in section 5 of this privacy statement. When you visit our website, we may also store access data in server log files. Part of the access data:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Server request time
- IP address
If you place an order in our online shop, the access data will also be stored in log files. Part of the access data:
- Caching information
- IP address, IP address country, IP address blocking status
- Information about your device type
- Information about your device's request to our system
- Information about our system's response to your device
- Timestamp
- Firewall Security Information
- Unique identifier
Data we collect from third parties: When you place an order in our online shop, we may in some cases collect data about you from third parties, such as credit information companies or payment service providers. Cookies: In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies or similar technologies for prospecting and analysis purposes. Further information on this topic is available under point 5. You can change your cookie preferences there at any time.
4. ON WHAT LEGAL BASIS IS MY DATA PROCESSED?
As the controller of your personal data, we may only process it to the extent that we have a legal basis for doing so (Art. 6 para. 1 GDPR). We rely on the following legal bases:
- Art. 6, para. 1, sentence 1, lit. a) of the GDPR: when you expressly consent to the processing of your data for one or more specific purposes.
- Art. 6 para. 1 sentence 1 lit. b) GDPR: for the performance of contracts to which you are a contracting party, or for the performance of pre-contractual measures resulting from your own request.
- Art. 6, para. 1, sentence 1, lit. c) of the GDPR: when the processing of your data is necessary for compliance with legal obligations to which we are subject.
- Art. 6 para. 1 sentence 1 lit. f) GDPR: when the processing of your data is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require protection of personal data prevail.
- Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 or para. 3 German Federal Data Protection Act (BDSG) or other applicable local regulations: for the processing of data necessary for the employment relationship, e.g. when recruiting, performing or terminating an employment relationship.
5. FOR WHAT PURPOSE AND WHAT ARE MY DATA PROCESSED?
We may process your data for the following purposes:
5.1. Processing of data in the context of contracts
Opening a customer account: To open a customer account, you must first register on our website. During your registration, we collect some of your data, such as your name, address, and bank details. The input fields specify which data is collected.
Contract execution: We process the data you provide to us when ordering, registering, or updating your customer account. The input fields specify which data is collected. We use the data you provide to us to fulfill our contractual obligations to you (e.g., to process and ship your order) and to process your inquiries.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
In some cases, we are required to retain your data (e.g., business correspondence and receipts) for a certain period of time set by law. Deletion of this data, even in the case of a deletion request, is only possible after the expiration of this period.
Legal basis: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with § 257 para. 4 German Commercial Code (Handelsgesetzbuch, "HGB") or any other applicable retention obligation regulations
5.2. Prospecting purposes
In addition to processing your data for the purpose of processing your orders in our online shop, we also use your data to provide you with information about your order or certain products, for certain advertising campaigns, and to recommend products or services that may be of interest to you. These communications may be sent to you via email, SMS, WhatsApp, or other mail servers. If you have consented to the processing of your data to receive marketing communications from us, you can withdraw your consent at any time, with effect for all or only some of our marketing communications, with no retroactive effect. You can also request at any time to no longer receive marketing communications that you receive from us without prior consent. You can contact us at Privacy@birkenstock.com or at the address given in section 1 of this privacy statement. Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR and Art. 6 para. 1 sentence 1 lit. f) of the GDPR
5.1. Processing of data in the context of contracts
Opening a customer account: To open a customer account, you must first register on our website. During your registration, we collect some of your data, such as your name, address, and bank details. The input fields specify which data is collected.
Contract execution: We process the data you provide to us when ordering, registering, or updating your customer account. The input fields specify which data is collected. We use the data you provide to us to fulfill our contractual obligations to you (e.g., to process and ship your order) and to process your inquiries.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
In some cases, we are required to retain your data (e.g., business correspondence and receipts) for a certain period of time set by law. Deletion of this data, even in the case of a deletion request, is only possible after the expiration of this period.
Legal basis: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with § 257 para. 4 German Commercial Code (Handelsgesetzbuch, "HGB") or any other applicable retention obligation regulations
5.2. Prospecting purposes
In addition to processing your data for the purpose of processing your orders in our online shop, we also use your data to provide you with information about your order or certain products, for certain advertising campaigns, and to recommend products or services that may be of interest to you. These communications may be sent to you via email, SMS, WhatsApp, or other mail servers. If you have consented to the processing of your data to receive marketing communications from us, you can withdraw your consent at any time, with effect for all or only some of our marketing communications, with no retroactive effect. You can also request at any time to no longer receive marketing communications that you receive from us without prior consent. You can contact us at Privacy@birkenstock.com or at the address given in section 1 of this privacy statement. Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR and Art. 6 para. 1 sentence 1 lit. f) of the GDPR
If you subscribe to our newsletter, we use the data you share with us to send you our newsletter at regular intervals. The newsletter may be sent to you via email, SMS, WhatsApp, or other mail servers. By subscribing to the newsletter, you consent to the processing of the necessary data. You can withdraw your consent at any time with effect for the future by contacting us at Privacy@birkenstock.com or at the address given in section 1 of this privacy statement, or by clicking on the unsubscribe link in each newsletter. Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR 5.4. Credit check If you opt for a purchase on account, we have a legitimate interest in assessing the associated economic risks before concluding the contract. If you have chosen the payment method "Purchase on account", we transfer your data (name, address, and, if applicable, date of birth) to a financial service provider for the purpose of a credit check. The risk of non-payment is then assessed using mathematical and statistical methods from the address data and your address is checked (deliverability check). Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR 5.5. Fraud prevention The prevention of fraud when ordering our goods is a legitimate interest of ours. Therefore, we pass on your order information to a service provider for fraud detection. If the order is deemed risky after the check carried out by them, it can be canceled. When purchasing on account or paying via PayPal, we pass on your order data (name, address, gender, date of birth, shopping cart amount, order date, IP address, payment method) to a service provider based in Germany for fraud prevention purposes. If you select a credit card as payment method, we pass on your order data to a service provider based in the USA. When screening for fraud, this provider uses probability values to identify orders that pose a risk of fraud for us. For further information about the processing of personal data by our provider, you can contact us at any time using the contact details given in point 1 of this privacy statement. If you object to the transfer of data to this provider, please use a different payment method. Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR
5.6. Payment providers Depending on the payment method you choose, our payment service providers collect information about you so that they can assign your order data to your payment and process the payment for you. We do not have access to information related to your payment, such as your credit card details.
We only transmit your data to our payment providers for the execution of a payment to the extent necessary to fulfill our contract with you.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
5.7. Management of receivables
If there are any outstanding claims on your orders, we will contact you by email and submit a new payment request. If, despite the legitimacy of the request, you do not respond, we may assert the claim with our debt collection service provider and forward your order data and contact details to them for this purpose.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
5.8. Cookies
We use cookies on our website. Further information on this topic and your setting options are available in our . Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR
We only transmit your data to our payment providers for the execution of a payment to the extent necessary to fulfill our contract with you.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
5.7. Management of receivables
If there are any outstanding claims on your orders, we will contact you by email and submit a new payment request. If, despite the legitimacy of the request, you do not respond, we may assert the claim with our debt collection service provider and forward your order data and contact details to them for this purpose.
Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR
5.8. Cookies
We use cookies on our website. Further information on this topic and your setting options are available in our . Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR
5.9. Log files
When you access our website, we store certain access data in server log files. This allows us to provide you with a functional website, which constitutes a legitimate interest for us. Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR 5.10. Live Chat We use the online chat software of Enterprise Bot GmbH, Soodmattenstr. 4, 8134 Adliswil, Switzerland. You can use the live chat as a contact form to chat with our staff in near real time. When using the live chat, the following data is processed in particular: your name, your email address, your order number if applicable, your entries in the chat window (e.g. your shoe size), usage data (e.g. duration of the chat, number of interactions).
Depending on the course of the conversation with our staff, other information you have entered in the live chat may be used. The type of data processed depends on your request or inquiry. The processing of this data serves to offer you a quick and efficient contact and thus to improve our customer service. In the live chat, as long as we do not transfer it to a third party, your data remains pseudonymized, i.e. we do not assign it personally to you as a visitor to our website. If we transfer you to another contact, the chat history is individualized in order to handle your request personally. In order to continuously improve the operation of the live chat and to enable statistical measurements, your data can be effectively used after being pseudonymized or anonymized. The chat feedback is temporarily saved. This allows us to access your request history—you will need to repeatedly provide us with numerous explanations—and to continuously monitor the quality of our chat. Backing up chat data also helps ensure the security of our IT system.
This constitutes a legitimate interest for us. Further information on live chat and data processing by Enterprise Bot can be found here: https://get.enterprisebot.ai/legal/dpa Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR
Depending on the course of the conversation with our staff, other information you have entered in the live chat may be used. The type of data processed depends on your request or inquiry. The processing of this data serves to offer you a quick and efficient contact and thus to improve our customer service. In the live chat, as long as we do not transfer it to a third party, your data remains pseudonymized, i.e. we do not assign it personally to you as a visitor to our website. If we transfer you to another contact, the chat history is individualized in order to handle your request personally. In order to continuously improve the operation of the live chat and to enable statistical measurements, your data can be effectively used after being pseudonymized or anonymized. The chat feedback is temporarily saved. This allows us to access your request history—you will need to repeatedly provide us with numerous explanations—and to continuously monitor the quality of our chat. Backing up chat data also helps ensure the security of our IT system.
This constitutes a legitimate interest for us. Further information on live chat and data processing by Enterprise Bot can be found here: https://get.enterprisebot.ai/legal/dpa Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR
5.11. Customer Reviews
Depending on the region in which the website is available, you may have the option to rate our products. Customer reviews allow us to better understand our products and improve them. They also help other customers make informed purchasing choices. We collect and use the data you provide us when you share these reviews. Reviews are anonymized and published on the website: only the first name and the first letter of the last name appear. Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR
5.12. Product safety
In accordance with the European General Product Safety Regulation (GPSR), we are required to maintain a complaints register in which we record complaints and information we receive about accidents related to the safety of our products. We also document product recalls and any corrective measures implemented. In this complaints register, we record the data necessary for the verification and analysis of complaints, only for the period necessary for the investigation (but not exceeding five years, in accordance with the GPSR).
In the event of a product recall or safety warning, we are also obliged to contact you to inform you. For this purpose, we use the data you provide to us via your customer account or in a product safety contact form.
Legal basis: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 9 para. 11 and 12 or Art. 35 para. 1 or 2 GDPR
5.13. Applications
We collect and use your data when you apply for a position or freelance assignment (e.g. your name, address, details from your cover letter or CV). The processing of your data is necessary to decide whether we can conclude an employment contract with you or, if you already have an employment relationship with us, to fulfill our contractual obligations or to terminate the contract.
If we decide not to recruit you or terminate our employment contract with you, your data will be retained so that we can defend ourselves against claims under applicable equal treatment laws.
Legal basis for applications and the employment relationship: Art. 6 para. 1 sentence 1 lit. b) GDPR and any applicable local legal basis, such as Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 German Data Protection Act (BDSG)
Legal basis applicable if we decide not to recruit you or to terminate our employment relationship with you. Art. 6 para. 1 sentence 1 lit. f) GDPR
5.14. Data protection requests
If you contact us to exercise your rights as a data subject, we use your name, email address, and all the information you provided to us in your request, as well as certain data to verify your identity as the data subject in the case in question.
The data included with your request is processed so that we can respond to you and comply with the legal obligations to which we are subject under the GDPR by helping you exercise your rights as a data subject. This processing therefore also constitutes a legitimate interest for us.
Furthermore, we use other data about you to verify your identity in order to prevent possible fraud, which is also a legitimate interest for us.
Legal basis for processing your data in connection with your requests: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 12 GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR
Legal basis for verifying your identity: Art. 6 para. 1 sentence 1 lit. f) GDPR
In the event of a product recall or safety warning, we are also obliged to contact you to inform you. For this purpose, we use the data you provide to us via your customer account or in a product safety contact form.
Legal basis: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 9 para. 11 and 12 or Art. 35 para. 1 or 2 GDPR
5.13. Applications
We collect and use your data when you apply for a position or freelance assignment (e.g. your name, address, details from your cover letter or CV). The processing of your data is necessary to decide whether we can conclude an employment contract with you or, if you already have an employment relationship with us, to fulfill our contractual obligations or to terminate the contract.
If we decide not to recruit you or terminate our employment contract with you, your data will be retained so that we can defend ourselves against claims under applicable equal treatment laws.
Legal basis for applications and the employment relationship: Art. 6 para. 1 sentence 1 lit. b) GDPR and any applicable local legal basis, such as Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 German Data Protection Act (BDSG)
Legal basis applicable if we decide not to recruit you or to terminate our employment relationship with you. Art. 6 para. 1 sentence 1 lit. f) GDPR
5.14. Data protection requests
If you contact us to exercise your rights as a data subject, we use your name, email address, and all the information you provided to us in your request, as well as certain data to verify your identity as the data subject in the case in question.
The data included with your request is processed so that we can respond to you and comply with the legal obligations to which we are subject under the GDPR by helping you exercise your rights as a data subject. This processing therefore also constitutes a legitimate interest for us.
Furthermore, we use other data about you to verify your identity in order to prevent possible fraud, which is also a legitimate interest for us.
Legal basis for processing your data in connection with your requests: Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 12 GDPR and Art. 6 para. 1 sentence 1 lit. f) GDPR
Legal basis for verifying your identity: Art. 6 para. 1 sentence 1 lit. f) GDPR
6. WHO IS MY DATA SHARED WITH?
We transmit your data to the following third parties for the respective purposes described below:
6.1. Data processing in the context of contracts and general administration
When you open a customer account, your data is stored in our customer database, which is hosted by salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.
As part of the execution of your order and in order to deliver the package, we communicate your data to the shipping and transport companies, insofar as the delivery of your order requires it.
When you contact us, your data may be processed through the office and customer management software we use for our day-to-day business, including software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
6.2. Newsletter, personalized product recommendations and surveys
For the technical aspects of sending the newsletter, personalized product recommendations as well as sending personalized emails based on your usage behavior, we use the services of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.
We also use SaaS.group Zenloop GmbH, Attillastsraße 18, 12529 Schönefeld, Germany, to conduct customer satisfaction surveys and solicit customer feedback, for example regarding awareness of our brand and products.
6.3. Solvency control
If you have chosen the payment method "Purchase on account", we transfer your data (name, address and, if applicable, date of birth) to the financial service provider Creditreform. They check your creditworthiness by assessing the risk of non-payment based on mathematical and statistical methods from the address data and verify your address (deliverability check).
6.4. Fraud prevention
We transmit your order data to the service provider that handles fraud prevention for us. If the order is deemed risky after the check, it may be canceled.
When purchasing on account or paying via PayPal, we transmit your order data (name, address, gender, date of birth, shopping cart amount, order date, IP address, payment method) to a service provider in Germany for fraud prevention purposes. If you select a credit card as your payment method, we transmit your order data to a service provider in the USA.
6.5. Payment providers
Depending on the payment method you choose, our payment providers collect information about you so that they can assign your order data to your payment and process the payment for you.
6.6. Management of receivables
If there are any outstanding claims on your orders, we will contact you by email and submit a new payment request. If, despite the legitimacy of the request, you do not respond, we may assert the claim with our debt collection service provider and forward your order data and contact details to them for this purpose.
6.7. Cookies
We use cookies on our website. Some of these cookies are made available to third parties that we use for certain services (e.g., maps for store locators, marketing analytics). When you use these services, the providers may access the information contained in the cookies.
6.1. Data processing in the context of contracts and general administration
When you open a customer account, your data is stored in our customer database, which is hosted by salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.
As part of the execution of your order and in order to deliver the package, we communicate your data to the shipping and transport companies, insofar as the delivery of your order requires it.
When you contact us, your data may be processed through the office and customer management software we use for our day-to-day business, including software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
6.2. Newsletter, personalized product recommendations and surveys
For the technical aspects of sending the newsletter, personalized product recommendations as well as sending personalized emails based on your usage behavior, we use the services of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.
We also use SaaS.group Zenloop GmbH, Attillastsraße 18, 12529 Schönefeld, Germany, to conduct customer satisfaction surveys and solicit customer feedback, for example regarding awareness of our brand and products.
6.3. Solvency control
If you have chosen the payment method "Purchase on account", we transfer your data (name, address and, if applicable, date of birth) to the financial service provider Creditreform. They check your creditworthiness by assessing the risk of non-payment based on mathematical and statistical methods from the address data and verify your address (deliverability check).
6.4. Fraud prevention
We transmit your order data to the service provider that handles fraud prevention for us. If the order is deemed risky after the check, it may be canceled.
When purchasing on account or paying via PayPal, we transmit your order data (name, address, gender, date of birth, shopping cart amount, order date, IP address, payment method) to a service provider in Germany for fraud prevention purposes. If you select a credit card as your payment method, we transmit your order data to a service provider in the USA.
6.5. Payment providers
Depending on the payment method you choose, our payment providers collect information about you so that they can assign your order data to your payment and process the payment for you.
| Payment providers | Payment method | Service Provider Privacy Policy |
|---|---|---|
| Adyen NV, Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, Netherlands | Credit card (Visa, MasterCard, American Express, Diners Club) | https://www.adyen.com/policies-and-disclaimer/privacy-policy |
| Apple Inc., 1 Infinite Loop, Cupertino, California, United States of America | ApplePay | https://support.apple.com/en-us/HT203027 |
| Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden | Paynow (immediate transfer), Paylater (purchase on invoice) | https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy |
| PayPal (Europe), S.à.rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg | PayPal, PayPal Express | https://www.paypal.com/de/webapps/mpp/ua/privacy-full |
6.6. Management of receivables
If there are any outstanding claims on your orders, we will contact you by email and submit a new payment request. If, despite the legitimacy of the request, you do not respond, we may assert the claim with our debt collection service provider and forward your order data and contact details to them for this purpose.
6.7. Cookies
We use cookies on our website. Some of these cookies are made available to third parties that we use for certain services (e.g., maps for store locators, marketing analytics). When you use these services, the providers may access the information contained in the cookies.
6.8. Log files
We use the services of third-party providers to provide a functional website to our customers. These third-party providers record log files when you visit our site. These providers are: Akamai Technologies, Waterpark Place, 88 Queens Quay W, Toronto, ON M5J 0B8, Canada and salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.
6.9. Live Chat
We use the online chat software of Enterprise Bot GmbH, Soodmattenstr. 4, 8134 Adliswil, Switzerland.
6.10. Customer Reviews
Yotpo Ltd., 35 HaMasger St, Tel Aviv, Israel, is a service provider we use to manage customer reviews and uses your data when you review our products. Reviews are anonymized and published on the website: only the first name and the first letter of the last name appear.
7. IS MY DATA TRANSMITTED TO A THIRD COUNTRY?
7. IS MY DATA TRANSMITTED TO A THIRD COUNTRY?
Some of our service providers and affiliated companies that transfer your data to us are located outside the European Union (EU). In these countries, there may not be data protection regulations similar to the GDPR. There are two scenarios that ensure that your data is processed with a similar level of protection to that in the EU when a third-party recipient is located outside the EU:
- Where the recipient of your data is based in a country for which the European Union Commission considers the level of data protection to be adequate, we rely on the European Union Commission's adequacy decisions. The European Commission provides a curriculum vitae of countries for which the adequacy of the level of protection has been determined. You can consult it here .
- If the recipient of your data is based in a country for which the European Union Commission has not found an adequate level of data protection, we conclude a contract with this recipient, in which we stipulate rules that ensure adequate protection of your personal data (based on the standard contractual clauses developed by the European Commission), or we rely on the binding rules of the company or group of companies if these have been granted by a competent supervisory authority. For further information, please contact the contact persons whose details are given in point 1 of this data protection information.
8. HOW LONG IS MY DATA KEPT?
In accordance with Art. 5 para. 1 lit. e) GDPR, your data will be stored for as long as we are legally obliged to do so or as long as it is necessary for the purposes mentioned in point 5. The processing of your data will then be restricted or your data will be deleted.
For further information regarding our deletion and retention periods, please contact the contact details provided in point 1 of this privacy statement.
For further information regarding our deletion and retention periods, please contact the contact details provided in point 1 of this privacy statement.
9. WHAT DATA PROTECTION RIGHTS ARE GRANTED TO ME AS A DATA SUBJECT?
In accordance with the GDPR, individuals have the following rights with respect to entities that process their data:
- Right to information: You have the right to obtain information from us about how we process your personal data (Art. 13 and 14 of the GDPR).
- Right of access: You have the right to ask us to confirm whether personal data concerning you is being processed and, if so, to provide you with access to said data (Art. 15 of the GDPR).
- Right of rectification: You have the right to request the rectification of personal data concerning you if it is inaccurate or incomplete (art. 16 of the GDPR).
- Right to be forgotten: In certain circumstances, you have the right to request the erasure of personal data concerning you (Art. 17 of the GDPR).
- Right to restriction of processing: In certain circumstances, you have the right to request restriction of the processing of your personal data (Art. 18 GDPR).
- Right to data portability: Under certain conditions, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit them to another data controller or to instruct us to transmit your data to another controller (Art. 20 of the GDPR).
- Right to complain: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that our processing of your personal data infringes the GDPR (Art. 77 GDPR).
- Right to withdraw consent: If the processing of your personal data is based on your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR), you have the right to withdraw your consent at any time (Art. 7 para. 3 GDPR). The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.
- Right not to be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22, para. 1 of the GDPR).
Right to object: Under certain circumstances, you have the right to object to the processing of your personal data (Art. 21 GDPR). In particular, you can exercise your right to object when the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. f) GDPR as the legal basis.
10. ARE THERE ANY INDIVIDUAL DECISIONS OR AUTOMATED PROFILING MEASURES?
We do not use automated data processing (Art. 22 GDPR) or profiling to support a decision that may produce legal effects concerning you or similarly affect you.