Data Protection Statement

1. Controller’s identity and contact details

2. Data protection officer’s contact details

3. Purposes of data processing, legal bases and legitimate interests pursued by Controller or third party, as well as categories of recipients

3.1. Accessing our websites / applications

3.1.1. Log-Files

3.1.2. Cookies, Tracking, social media functions

3.1.3. Consent Management

3.2. Entering into, implementing and/or discontinuing contract

3.2.1. Processing data to transact contract

3.2.2. Using data for fraud prevention

3.2.3. Transmitting information to transport service providers / shipping partners

3.2.4. Transmitting information to partner enterprises

3.3. Processing data for advertising purposes

3.3.1. Newsletter

3.3.2. Product recommendations by email

3.3.3. Sweepstakes

3.4. Online profile and service optimization

3.4.1. Google Analytics

3.4.2. Google Firebase

3.5. Online marketing

3.5.1. Adjust

3.5.2. Google Marketing Platform

3.5.3. Google Ads Remarketing

3.5.4. Google Conversion Tracking

3.5.5. Google AdSense

3.5.6. Criteo

3.5.7. Facebook Retargeting und Conversion

3.5.8. Localytics

3.5.9. RTB House

3.6. Fan pages

3.7. Social media functions

3.7.1. Facebook Connect / Login

3.8. Customer account / user account

3.9. Contact

3.10. Payments

4. Processors

5. Duration of data storage and data erasure

6. Recipients outside of EU

7. Your rights

7.1. Overview

7.2. Right to object

7.3. Right to revoke

7.4 Fan pages

8. Overview regarding cookies and other technologies

This data information statement governs data processing by

About You SE & Co. KG, Domstraße 10, 20095 Hamburg, Germany
Phone: +49 40-83509377
Email: [email protected]
legally represented by ABOUT YOU Verwaltungs SE, which in turn is represented by directors Tarek Müller, Hannes Wiese and Sebastian Betz.
Chairman of supervisory board: Sebastian Klauke

Website: www.aboutyou.com

For the following websites / applications: www.aboutyou.com, ABOUT YOU App

The company’s data protection officer can be reached at:

About You SE & Co. KG
Attn. Sebastian Herting – Data Protection Office
Domstraße 10
20095 Hamburg
Germany

Email: [email protected]

3.1. Accessing our websites / applications

3.1.1. Log Files

Whenever Services are used, the Internet browser of your end device sends information to the server of our Services, which are then temporarily stored in so-called log files. The data sets contain the following data stored until they are automatically deleted: date and time of access, name of accessed page, IP address of requesting device, referrer URL (source URL from which you accessed our Services), transmitted data volume, upload time as well as product and version information of browser used and name of your access provider.
The legal basis for any processing of the IP address is Art. 6 (1) letter f) GDPR. Our legitimate interest is inherent in

• ensuring smooth connection;
• making use of our Services attractive; and
• evaluating system security and stability.

Your identity cannot be inferred directly from the information, nor can we determine it. The information is stored and automatically deleted once the aforementioned purposes have been implemented. The span of time until deletion depends on need.

3.1.2. Cookies, Tracking, social media functions

We use cookies or similar technologies (also referred to collectively as “cookies”) on various pages in order to make visits to our Services attractive, to enable the use of certain functions and to statistically assess the use of our Services. Cookies are small text files that your browser generates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) whenever you visit or use our Services. Cookies do not harm your end device, and they contain no viruses, trojans or other malware. Information generated in connection with a given end device are stored in the cookie. However, this does not mean that we discover your identity and/or can infer who you are. Most of the cookies used are deleted once the browser session ends (so-called session cookies). They enable us, for instance, to offer shopping cart information across different pages, which tell you how many items are currently in your shopping cart and what your current shopping total is. Other cookies remain on your end device and allow us to recognize your end device when you return (permanent, so-called persistent cookies). These cookies in particular serve the purpose of making our Services user-friendly, more effective and safer. For example, these technologies make it possible for us to display information in our Services that are specifically tailored to your interests.

We use cookies to provide and optimize our Services. Many of them require your consent. Only cookies that are indispensable for the provision of our Services are exempted from this requirement. Based on their purpose, we divide cookies and similar technologies into three categories:

Indispensable cookies

For our Services to work, these cookies are indispensable. For instance, this is true for cookies storing log-in data following registration in our online shop, which allow users to stay logged in even after they navigate to another page in our online store, as well as for those ensuring that a user-specific configuration of service functions (selected language, etc.) remains in place across sessions. In addition, we use cookies of this kind for compiling so-called reach reports to determine how our Services are being used, the better to provide them to our users in a form that reflects their needs. These cookies also contribute to the safe and proper use of our Services. Under the law, we do not need to obtain your consent to use indispensable cookies.

Please visit our Preference Center here to find out which cookies fall into the category of indispensable cookies.

Functional Cookies

These cookies enable us to provide expanded functionalities and personalization. It may be us deploying them or third-party service providers whose services we use to support our own. If you do not allow these cookies, some or all of these services may not work properly. These cookies also make it possible for us to do market research. The use of these cookies requires your consent.

Please visit our Preference Center here to find out which cookies fall into the category of functional cookies.

Marketing Cookies

These cookies may be deployed by us as part of our Services or by our partners to show you relevant contents / ads – both on our pages and those of third parties. This may entail the creation of so-called profiles based on your interests. Typically, this information does not allow a person to be identified directly since only pseudonymous browser and/or device data are used. If you do not allow these cookies, you will encounter fewer relevant contents / ads tailored to your interests. The use of these cookies requires your consent. Please visit our Preference Center here to find out which cookies fall into the category of marketing cookies.

Insofar as we use cookies with your consent, you grant it by clicking the “Ok” button on the banner shown upon your visit as you browse our Services – if applicable, after setting certain preferences. If you do not wish to give your consent, simply click on “Settings” and “Confirm Selection.”

---

By clicking the “Ok” button, you consent to the use of cookies. By the same token, we obtain your consent for the processing of your data on the basis of these cookies, where needed, which includes the transmission of these information to our marketing partners (third parties). Our marketing partners likewise use cookies and other technologies to personalize, measure and analyze contents / ads.

---

Right to revoke

You can revoke your consent either in whole or in part at any time with effect for the future by changing your settings in our Preference Center here.

---

Browser settings

Naturally, you can configure your browser so it will not place any cookies on your end device. The Help function in the menu bar of most web browsers will explain how to stop your browser from accepting new cookies, how to tell your browser to alert you before accepting new cookies or how to delete cookies that have already been accepted while blocking new ones.

In Internet Explorer:

1. Select the item “Internet Options” from the “Extras” menu.
2. Click on the “Data Protection” rider.
3. Now you can adjust your security settings for the Internet zone. This is where you set preferences for whether – and which – cookies should be accepted or rejected.
4. Confirm your selection by clicking on “Ok.”

In Firefox:

1. Select the item “Settings” from the “Extras” menu.
2. Click on “Data Protection.”
3. Select the entry “Configure User-Defined Settings” from the drop-down menu.
4. Now you can choose whether cookies should be accepted and how long cookies should be stored, and you can add exemptions by specifying websites that should always or never be allowed to deploy cookies.
5. Confirm your selection by clicking on “Ok.”

In Google Chrome:

1. Click on the Chrome menu in the browser’s symbol bar.
2. Now select “Settings.”
3. Click on “Show Extended Settings.”
4. Click on “Content Settings” under “Data Protection.”
5. Under “Cookies,” you can enter the following settings for cookies:
• Delete cookies
• Block cookies as a rule
• Delete cookies and website data after browser is closed as a rule
• Permit exemptions for cookies from certain websites or domains

Please note, however, that not all of the functions of our Services are fully available in this case.

Overview: cookies and other technologies

You will find an overview of the cookies used on our site and other technologies here.

3.1.3. Consent Management

We use a consent management tool (“OneTrust”) offered by OneTrust, LLC (Great Britain headquarters: Cannon Green, 27 Bush Lane, London EC4R 0AA, Great Britain; U.S. headquarters: 1350 Spring Street NW, Suite 500, Atlanta, Georgia 30309, USA) to manage your settings and document any consent granted by the users of our Services. Among other functions, OneTrust stores cookie settings for the entire website. OneTrust stores information about the categories of cookies used by the website and on whether users granted or revoked their consent for the use of the individual categories. This allows us to prevent cookies of any category from being placed in users’ browsers if no consent was granted. To store information, OneTrust uses cookies that have a regular lifespan of one year, so that the preferences of returning visitors can be stored.

The legal basis for processing is Art. 6 (1) letters c) and f) GDPR.

3.2. Entering into, implementing and/or discontinuing contract

3.2.1. Processing data to transact contract

If you register with one of our Services and/or enter into another contract with us (e.g., by purchasing a product from us), we process the data needed to enter into, implement or discontinue the contract. These data include:

• Title
• First name, last name
• Billing / delivery address
• Email address
• Billing and payment data
• Date of birth
• Telephone number
• Shop settings / passwords

The legal basis for processing of this kind is Art. 6 (1) letters a) and b) GDPR – i.e., you provide us with the information on the basis of a given contractual relationship (e.g., keeping customer / user account, transacting purchase agreement) between you and us. We are, moreover, obligated to process your email address in the event of a purchase via our websites / applications under legal provisions in the Civil Code (Bürgerliches Gesetzbuch - BGB) mandating that an electronic order confirmation be sent (Art. 6 (1) letter c) GDPR).

Unless we use them for marketing purposes of our own, data collected for purposes of transacting a contract are stored for the duration of such contract and until the expiration of any right under related statutory and/or contractual warranties or guarantees. Following the lapse of this period, we retain information from the contractual relationship that are needed under the commercial and tax codes for the periods specified by applicable law. Throughout this period, the data are processed anew only in the event of an audit conducted by the financial authorities.

To transact a purchase agreement by way of our Services, data are further processed as follows:

The service provider processing payments on our behalf passes on payment data to us. We in turn share delivery addresses with logistics companies and shipping partners to allow them to ship and deliver the order. To ensure that goods are delivered in accordance with your preferences, we may also transmit your email address and/or telephone number to the logistics companies and/or shipping partners working for us, which see to shipment and delivery. They may contact you ahead of time to coordinate the details of delivery with you. The data are transmitted solely for the intended purpose and will not be put to any other use after delivery has been completed; once the applicable retention period under the commercial and tax codes has expired, these data are deleted.

3.2.2. Using data for fraud prevention

The information you provide as part of an order may be used to determine whether a so-called atypical order event has occurred (e.g., simultaneous order of a multitude of goods to be sent to the same address using various customer accounts). We have a legitimate interest in making such a determination as a rule. The legal basis for processing is Art. 6 (1) letter f) GDPR.

3.2.3. Transmitting information to transport service providers / shipping partners

We work with logistics / transport service providers and/or shipping partners to arrange for the shipment and delivery of ordered goods. To them, the following data may be transmitted to allow them to ship and deliver the order as well as to provide delivery notifications: first name, last name, postal address as well as email address and, if applicable, telephone number. The legal basis for processing is Art. 6 (1) letter b) GDPR.

3.2.4. Transmitting information to partner enterprises

When using our Services, you have the option of taking advantage of third-party offers. In these cases, you can enter into a contract directly with one of our partners, to which the data needed for the contract to be transacted (e.g., first name, last name, billing / delivery address, email address, billing / payment data, date of birth, telephone number) are transmitted. Favorable offers by our partners are recognizable as partner offers and labeled as such.

3.3. Processing data for advertising purposes

3.3.1. Newsletter

As part of our Services, we give you the option of registering for our newsletter. To ensure that no errors occur when an email address is entered, we use what is known as the double-opt-in (DOI) process: After you entered your email address into the registration field and consented to receiving our newsletter, we will send a confirmation link to the email address provided. Your email address is not added to the list of recipients for our newsletter until you click on this confirmation link. The legal basis for processing is Art. 6 (1) letter a) GDPR.

---

Right to revoke
You can revoke your consent at any time with effect for the future by contacting [email protected] or the deregistration option at the end of each newsletter.

---

3.3.2. Product recommendations by email

As an existing customer, you will receive product recommendations by email on a regular basis. You will get these product recommendations from us regardless of whether you subscribed to a newsletter. For this purpose, we use the email address you provided as part of the purchase transaction to promote our own goods and/or services resembling those that you purchased as part of a past order. The legal basis for processing is Art. 6 (1) letter f) GDPR.

---

Right to object
You can object to our product recommendations at any time with effect for the future by contacting [email protected] or the deregistration option at the end of each newsletter.

---

3.3.3. Sweepstakes

If you register for / participate in the sweepstakes organized by ABOUT YOU (hereinafter „Participation“), we will use the data you provided for purposes of participation to transact the participation contract, including but not limited to notifications for winning entries and, where applicable, promotions related to our offers and/or those of our sweepstakes partners. For more details, please see the terms of participation for the sweepstakes. The legal basis for processing is Art. 6 (1) letters b) and f) GDPR.

3.4. Online presence and service optimization

3.4.1. Google Analytics

For purposes of needs-based design and the ongoing optimization of our pages, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”), on the basis of Art. 6 (1) letter f) GDPR. Acting on our behalf, Google uses cookies to create pseudonymized user profiles. The information generated as a result of your use of this website, such as

• browser type / version;
• operating system used;
• referrer URL (previously visited page);
• host name of accessing computer (IP address); and
• time of server request,

are put to use by Google on our behalf in order to evaluate the use of the website, compile reports about website activities and to provide other services related to website and Internet use for us. The IP address transmitted by your browser as part of these Google Analytics activities is stored only in truncated form, and the data related to your use of the website is not combined with other Google data.

You can prevent the cookies (including Google Analytics cookies) from being stored by adjusting the settings of your browser software; please note, however, that if you do, you may not be able to take full advantage of all of the functions of this website. In addition, you can block Google from assessing and processing the information generated by your use of this website by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser add-on, and this is especially true for browsers on mobile end devices, you can prevent any assessment by Google Analytics by clicking on this link. If you would like to change your cookie settings, please click here. An opt-out cookie will be deployed to prevent any future assessment of your data during visits to this website. The opt-out cookie works only for this browser and only for our website, and it is placed on your device. If you delete the cookies in this browser, you will have to replace the opt-out cookie. For additional information about data protection in connection with Google Analytics, please visit the Google Analytics website.

3.4.2. Google Firebase

We use the technology Firebase in our apps. Firebase is a product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Firebase is a development platform for mobile and web applications. It provides functions designed to better understand and optimize user behavior in the apps. In addition, we take advantage of Firebase functions that help us optimize user management, user communications and our Services while facilitating an evaluation of what causes apps to crash.

To identify individual end devices, an app instance ID is used that is generated at the level of the individual app installation on a given end devices. It is used as part of a function to classify the end device. Once we arrange for the app instance ID in Firebase to be deleted, the data are removed from the live and back-up systems within 180 days.

For iOS operating systems, moreover, iOS ad IDs are collected to identify end devices. If the iOS ad ID is not available, the manufacturer ID is captured. If the iOS ad ID becomes available after the manufacturer ID was captured, the process of capturing the manufacturer ID is discontinued, and the iOS ad ID is captured instead. For Android operating systems, Android ad IDs are collected. If doing so is impossible, the device’s hardware ID – e.g., the Android ID (SSAID) – is captured instead.

As a matter of routine, the IDs of mobile devices (e.g., Android or iOS ad IDs) are collected via Firebase using technologies that function much like cookies. You can limit the use of the ad ID in the device settings (iOS: Data protection / ads / no ad tracking; Android: account / Google / ads).

In our apps, we use the Firebase functions listed below.

Google Analytics for Firebase: This function makes it possible to analyze the use of the apps we offer. With the help of this function, information related to the use of our apps are collected, transmitted to Google and stored there. To identify the end device, Google uses the ad ID, the app instance ID and special Analytics app instance IDs. For this purpose, additional user data are collected, such as the number of users and sessions, the lengths of sessions as well as data on actions taken in the app. For an overview of data collection by Google Analytics for Firewall, please visit https://support.google.com/firebase/answer/6318039#perfmon. Data associated with an ad ID are stored for 60 days. Google will use this information on our behalf in order to assess how users take advantage of the apps we offer, to compile reports on the activities within our apps and to provide other services related to app and Internet use for us. Processing serves our legitimate interest in analyzing user behavior and any related needs-based design of our apps. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For additional information about how Google Analytics for Firebase works, please visit https://firebase.google.com/products/analytics/

Firebase Crash Reporting: This function is designed to stabilize and improve the app. For this purpose, information is collected about the device used and the use of our app whenever the app crashes (e.g., time stamp of when the app was started and when it crashed) to enable use to diagnose and solve the problem. The app instance ID is used to count the number of visitors affected by a crash. Crash data is stored for 180 days. Processing serves our legitimate interest in ensuring the app’s stable operation and avoiding crashes. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For additional information about how Crashlytics works, please visit https://firebase.google.com/products/crashlytics/

Firebase Remote Config: This function makes it possible for the app settings to be configured to allow us to change the app on the end devices on which it is stored without the need to completely reinstall the app from the appropriate app store with each change. For this purpose, device information as well as language and country settings are transmitted to Google in the U.S. and processed there. The app instance ID is used to select configuration values and return to the end devices. Processing serves our legitimate interest in configuring the app in a practical manner. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For additional information about how Remote Config works, please visit: https://firebase.google.com/products/remote-config/

Firebase Cloud Messaging: This function is designed to allow push notifications or so-called in-app messages (messages displayed only within the app) to be transmitted. For this purpose, the mobile end device is assigned a pseudonymized push reference via the app instance ID, which serves as a destination for push notifications or in-app messages. Push notifications may also be deactivated and reactivated in the settings of the mobile end device at any time. Processing serves our legitimate interest in contacting our customers easily. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For additional information about how Cloud Messaging works, please visit https://firebase.google.com/products/cloud-messaging/

Firebase Performing Monitoring: This function allows the operational and performance characteristics of our apps to be analyzed. With its help, information about app operation and performance is collected, transmitted to Google and stored there. The pseudonymous app instance ID is used to identify the end device. For this purpose, general device information, such as model, operating system and alignment, as well as data on so-called performance events are collected. In addition, IP addresses are used to assign performance events to certain countries where they originated. For an overview of data collection as part of the Firebase Performing Monitoring function, please visit https://support.google.com/firebase/answer/6318039#perfmon. Events linked to the app instance ID and the IP address are stored for 30 days, whereas all other performance data are stored for 90 days. Google will use these data on our behalf to assess the performance of the apps we offer and provide us with reports and information about the operation and performance of our app. Processing serves our legitimate interest in analyzing the performance of our app and, by extension, refining the technical aspects of our offering. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For additional information about how Firebase Performing Monitoring works, please visit https://firebase.google.com/products/performance/ For more details, please consult the Firebase privacy policy under https://www.firebase.com/terms/privacy-policy.html. In the app, you can stop tracking for all Firebase services in the future by adjusting the sliding switches accordingly.

3.5. Online marketing

We use various information on our pages for marketing purposes. Our goal is to only show you ads aligned with your actual perceived interests and not to bother you with any advertising that is of no interest to you. For this purpose, we avail ourselves of various advertising methods (e.g., retargeting) and technologies from ABOUT YOU and third parties, who either handle data as processors on our behalf or do so as controllers. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes but process them exclusively for the controller. This is how we can present users, who have already expressed interest in our shop and our products, with customized online ads not just on our own websites but on those of our partners as well. Thanks to studies, we know that personalized, interest-based ads are of greater interest to the Internet user than advertising that lacks this personal dimension.

Insofar as cookies are to be used in connection with online marketing (functional cookies or marketing cookies), we must first obtain your consent. You can revoke your consent at any time in our Preference Center.

3.5.1. Adjust

We use the user evaluation and analysis tool Adjust by adjust GmbH, Saarbrücker Str. 36, 10405 Berlin, Germany. The Adjust service was tested and certified pursuant to ePrivacyseal (European Seal for your Privacy; see https://www.eprivacy.eu/kunden/vergebene-siegel/). Adjust collects data related to the interaction with our advertising media, along with installation and event data for the app, and provides them in the form of anonymized assessments. We use this information in order to gauge the success of our app marketing campaigns, for our own marketing research and to optimize the app. For purposes of these assessments, Adjust uses your IFDA or Android ID as well as your anonymized IP and MAC addresses. The information so captured are further shared with suitable providers with a view to implementing and optimizing our app advertising campaigns. For details on the providers involved, please see the appropriate sections of our data protection provisions. The legal basis for processing is Art. 6 (1) letter a) GDPR.

The collection, evaluation and use of the data may be deactivated for the web pages with effect for the future at https://www.adjust.com/opt-out/). You can revoke your consent at any time in our Preference center The use of cookies needed for this Service (so-called functional cookies) requires your consent.

3.5.2. Google Marketing Platform

The web page uses the online marketing tool Google Marketing Platform (“GMP”) operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google deploys cookies in order to show users ads that are relevant to them, to improve the quality of campaign performance reporting or to avoid having a user see the ad multiple times. Using a cookie ID, Google establishes which ads are shown in which browser, which is how it manages to prevent them from being displayed repeatedly. In addition, cookie IDs help Google identify so-called conversions that are linked to ad requests. This may be the case, for instance, if a user sees a GMP ad and then visits the advertiser’s website and purchases something at a later point in time when using the same browser. According to Google, GMP cookies do not contain personal information.

By virtue of the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence over the scope or any further use of the data collected by Google as a function of these tools, which is why we offer the following disclaimer based on what we know: As a result of the use of GMP, Google learns that you visited one of our web pages or clicked on one of our ads. If you are registered with a Google service, Google can match your visit to your account. However, even if you’re not registered or logged in with Google, there is a chance that Google identifies and stores your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC in the U.S. The legal basis for processing is Art. 6 (1) letter a) GDPR.

For additional information about Google’s data protection provisions, please visit www.google.de/policies/privacy/.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can revoke your consent at any time in our Preference center.

3.5.3. Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing; we use them to market our websites in Google search results as well as on third-party websites. These functions are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the sites you have visited.

Beyond that, data processing occurs only insofar as you gave Google permission to link your Internet and app browser history with your Google account, and to use information from your Google account to personalize ads that you see online. If you are logged in with Google while visiting pages on our website, therefore, Google uses your data in conjunction with Google Analytics data in order to prepare and define lists of target groups for purposes of remarketing across devices. In the course of any use of Google Ads Remarketing, personal data may be transmitted to the servers of Google LLC in the U.S. The legal basis for processing is Art. 6 letter 1 letter a) GDPR.

You can permanently deactivate the deployment of cookies for advertising purposes by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/.

For additional information and the data protection provisions governing ads and Google, please visit https://www.google.com/policies/technologies/ads/. The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can revoke your consent at any time in our Preference Center .

3.5.4. Google Conversion Tracking

As part of our use of the Google AdWords service, we also use what is known as conversion tracking. The provider of this function is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). If you click on an ad generated by Google, a cookie is placed on your computer / end device for purposes of conversion tracking. These cookies become invalid after 30 days, contain no personal data and thus are not meant to allow personal identification. The information obtained with the help of the conversion cookie serve the purpose of preparing conversion statistics for AdWords customers, who opted for conversion tracking.

The legal basis for processing is Art. 6 (1) letter a) GDPR.

You can deactivate interest-based ads on Google as well as interest-based Google ads online (within the Google display network) in your browser by selecting “Off” under www.google.de/settings/ads or opt for deactivation in www.aboutads.info/choices/ For additional information about relevant settings and data protection at Google, please visit www.google.de/intl/de/policies/privacy/?fg=1.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can revoke your consent at any time in our Preference Center.

3.5.5. Google AdSense

We use the online advertising service Google AdSense to show you ads tailored to your interests. The service is provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). It serves the purpose of showing you ads that could be of interest to you in order to make our Services more attractive to you. To this end, statistical information is collected about you, which are then processed by our advertising partners. These ads are marked as “Google Ads” in each instance.

Google learns that you visited our website. For this purpose, Google uses a web beacon in order to place a cookie on your computer. If you are logged in with your Google account, your data may be directly matched with it. It is possible that these data are shared with Google’s contractual partners as well as other third parties and public authorities. The legal basis for processing is Art. 6 letter 1 letter a) GDPR.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can revoke your consent at any time in our Preference Center.

For additional information on the purpose and scope of data collection and processing as well as information about your related rights and settings to protect your privacy, please visit https://www.google.de/intl/de/policies/technologies/ads.

3.5.6. Criteo

Integrated with this website is the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris. Using this technology makes it possible to show you ads for products on third-party sites (so-called publisher pages) that you viewed on this website. For this purpose, Criteo collects information about your user behavior on this website by deploying tracking cookies and similar technologies, which are placed on your browser, as well as by using ad IDs in environments that do not support cookies, such as apps. With the help of these technologies, Criteo can analyze trends and identify the interests of individual users with regard to websites and apps. Criteo uses these technologies to mark visitors on the websites and in the apps of its partners. Users so marked by Criteo receive a technical ID. At no time does Criteo collect personal data that might enable identification, such as names or addresses. Criteo exclusively analyzes the products viewed and/or the search behavior exhibited as well as the pages visited on the website of the partner for which Criteo supplies ads. In order to supply personalized ads to you and offer you a seamless online experience, Criteo may synchronize the IDs of the various browsers that you use (“ID synchronization”). By virtue of its ID synchronization technology, Criteo is able to offer you the most relevant ads at all times – irrespective of the browser of the end device you use – without the need for Criteo to collect and process personal data, such as names and addresses. For this purpose, Criteo uses precise link methods on the basis of technical data collected by means of the Criteo technologies used – e.g., the IDs of our advertising partners or encrypted email addresses that the partners pass on to Criteo. For additional information on data protection at Criteo, please visit https://www.criteo.com/de/privacy/.

The legal basis for processing is Art. 6 (1) letter a) GDPR.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can object to the processing of your data for purposes of Criteo’s pseudonymous analysis of your surfing behavior at any time by using the deregistration link https://www.criteo.com/de/privacy/or revoking your consent in our Preference Center.

3.5.7. Facebook Retargeting and Conversion

We use the pixel of Facebook Ireland Limited (Website Custom Audience Pixel). As a function of this pixel, ABOUT YOU and Facebook Ireland Limited collect information about the use of this website (e.g., data on articles viewed) on their joint responsibility and transmit them to Facebook Ireland Limited. This information may be matched to you when additional data is consulted that Facebook Ireland Limited has stored about you – e.g., due to your ownership of an account on the social network Facebook. Using the information gathered via the pixel, you may be shown interest-based ads in your Facebook account (retargeting). The data collected via the pixel may also be aggregated by Facebook Ireland Limited, and such aggregated information may be used for advertising purposes of Facebook Ireland Limited itself or third parties. For instance, Facebook Ireland Limited may infer certain interests from your surfing behavior on this website and use this information to advertise third-party offers. Facebook Ireland Limited may further combine the information gathered via the pixel with other information that Facebook Ireland Limited has collected about you from other websites and/or in connection with the use of the social network Facebook, to the effect that a profile may be stored for you Facebook Ireland Limited. This profile may be used for advertising purposes. Facebook Ireland Limited bears sole responsibility for such ongoing processing and the permanent storage of the tracking data gathered from the Website Custom Audience Pixel deployed on this website.

As part of the Facebook pixel function, we also activated automated expanded matching (advanced matching). This pixel function allows us to send hashed emails and names, along with sex, city, state, postal code and date of birth, to Facebook so long as you provided us with these data and consented accordingly. This activation makes it possible for us to tailor advertising campaigns on Facebook even more precisely to individuals interested in our products or services.

The legal basis for processing is Art. 6 (1) letter a) GDPR. For more details on data protection at Facebook Ireland Limited, please visit https://www.facebook.com/policy.php. This is where you are also given the option of exercising your rights as data subject (e.g., right to erasure) in relations with Facebook Ireland Limited. The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can revoke your consent at any time in our Preference Center.

3.5.8. Localytics

Localytics is an analytic tool offered and operated by Char Software Inc., a company with registered offices in Boston, MA (USA). Localytics records data generated by the use of our apps. These data include user actions related to app use (e.g., opening app, visiting product pages) as well as interactions (viewing, clicking) with advertising media supplied by Localytics (push notifications and in-app messages). Using collected dated, Localytics segments users to create the basis on which push notifications and in-app messages are delivered. In this manner, Localytics enables us to present you with contents and offers of increasing relevance to you that better matches your user habits the longer you use the app. In order to gauge and optimize the impact of advertising media delivered, Localytics records data on purchases (products, prices) within the app. As soon as a user logs in or registers on the app, a record is generated as well. Information of this kind are linked to what is called a unique installation ID – a designation for a given installation that Localytics assigns itself. For more information about data protection at Localytics, please visit https://www.localytics.com/privacy-policy/. The legal basis for processing is Art. 6 (1) letter a) GDPR. The use of cookies needed for this Service (so-called functional cookies) requires your consent. You can revoke your consent at any time in our Preference Center.

3.5.9. RTB House

On our website, we use technology provided by RTB House S.A., 61/101 Złota Street, 00-819 Warsaw, Poland. This technology allows us, through the use of pixels and cookies, to point you to contents found on our website or those of third parties, which may likewise be of interest to you (retargeting). This entails the use of cookies. The recommendations integrated by RTB House are determined on the basis of contents you previously viewed. RTB House technically controls and delivers these contents automatically. They are shown on a pseudonymous basis.

The information generated by the cookie about your use of this website, such as browser type / version, operating system used, referrer URL (previously visited page), time of server request, are transferred to the RTB House server and stored there.

For additional information about data protection at RTB House, please visit https://www.rtbhouse.com/privacy/ . The legal basis for processing is Art. 6 (1) letter a) GDPR. The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can object to tracking for the purpose of interest-based recommendations from RTB House at any time by selecting “Opt-out” within the RTB House data protection statement or revoking your consent in our Preference Center..

3.5.10. Affilinet (Awin)

To correctly assess sales and/or leads, affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany, places a cookie on the end device of a visitor. This cookie is deployed by the domain parners.webmaster-plan.com or banners.webmasterplan.com. The cookies used by affilinet are accepted in the browser’s default settings. If you do not wish for these cookies to be stored, please deactivate acceptance for the cookies from the corresponding domains in your Internet browser. affilinet’s cookies only store the ID of the referring partner as well as the order number of the advertising medium clicked on by the visitor (banner, text link, etc.), which is needed to transact payment. When a transaction is executed, the partner ID serves the purpose of correctly assigning the commission payable to the referring partner. The legal basis for processing is Art. 6 (1) letter f) GDPR.

For details about data protection, please visit www.awin.com/de/rechtliches/privacy-policy-DACH

3.6. Fanpages

ABOUT YOU maintains social media profiles on the social networks Facebook and Instagram (“fan pages”) – services provided by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) – publishing and sharing contents and offers there on a regular basis. Whenever you interact with our fan pages or other Facebook or Instagram web pages, the operators of the social networks gather information about your user behavior through the use of cookies and similar technologies. ABOUT YOU can view general statistics concerning the interests and demographic characteristics (such as age, sex and region) of users of its fan pages. When you use social networks, the type, scope and purpose of data processing in connection with social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we share responsibility with Facebook, and which are explained below. Facebook’s processing of your data

Facebook also processes your data related to your use of fan pages for its own purposes, which are not addressed in this data protection statement, and over which we exert no influence. For additional information on this topic, please visit the social networks:

Facebook privacy policy

Instagram privacy policy

User analysis (page insights)

Whenever you interact with our fan pages, Facebook uses cookies and similar technologies to assess your user behavior. ABOUT YOU then receives “page insights” containing statistical, depersonalized (anonymized) visitor information. We cannot match this information to you. Only Facebook selects and processes page-insight data. Page insights help us to understand how our fan pages are being used, which interests visitors have and what topics and contents are particularly popular. We then use this information to offer visitors to our fan pages relevant contents and improve the way in which we accommodate our their interests and user habits.

ABOUT YOU and Facebook bear joint responsibility for processing your data for purposes of page insights (Art. 26 GDPR). An agreement exists between ABOUT YOU and Facebook that provides which enterprise answers to which duties in connection with data protection when it comes to processing page-insights data pursuant to the GDPR.

This agreement with Facebook can be viewed here.

A Facebook overview of the most important aspects of this agreement (including a list of the page-insights data) is found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Insofar as you consented to Facebook’s generation of page insights as described above, the legal basis is Art. 6 (1) letter a) GDPR. Otherwise, the legal basis is Art. 6 (1) letter f) GDPR, with our legitimate interest flowing from the purposes stated above.

3.7. Social-media functions

We integrate social-media functions of various social networks with our Services on the basis of Art. 6 (1) letter a) GDPR in order to boost our enterprise’s reach through these channels. It is the operator of such social network that is responsible for ensuring compliance with data protection law.

For information about the purpose and scope of the collection, any further processing and the use of the data by the provider in question as well as your related rights and settings designed to protect your privacy, please see the provider’s data protection statements, links for which are included below.

Facebook

On some websites, we use plug-ins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The link to Facebook’s data protection statement is here: Facebook.

Twitter

On some websites, we use plug-ins from the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The link to Twitter’s data protection statement is here: Twitter.

Insofar as plug-ins are activated, your web browser establishes a direct link to the web servers of a given social network, and the plug-in’s content is transmitted from the social network directly to your web browser, which in turn integrates it with our website. Through the integration of the plug-in, the social network learns that you visited one of our web pages and may collect device and access data. If you are logged in with the social network, it can match your visit to the account that you have with the social network.

You can prevent social networks from matching the information collected about you on the occasion of your visit to www.aboutyou.de to your user account with a given social network by logging out of the pages of the social networks and deleting cookies on your device. If you do not want social networks to match the data collected via our web pages directly to your profile, you must log out from the social networks in question prior to visiting our website. You can prevent plug-ins from being activated altogether through the use of add-ons for your browser – e.g., with the script blocker “NoScript,” which is found under www.noscript.net.

Pinterest

This website uses plug-ins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). The Pinterest plug-in is evident in the “Pin It” button on our page. Whenever you click the “Pin It” button while being logged into your Pinterest account, you can place links to contents of our pages in your Pinterest profile. This allows Pinterest to match your visit to our pages to your user account. Please note that we do not receive information about the content of data so transmitted or their use by Pinterest. For additional information, please see the Pinterest privacy policy: Pinterest.

WhatsApp

This website also uses a WhatsApp share button. You can use this button to share otto.de contents via the WhatsApp application on your mobile phone. The button is a hyperlink. No personal data are transmitted to the WhatsApp operator or other third parties when the button appears on this web page. It is not until you use the WhatsApp share button that the WhatsApp operator learns which content is being shared and that the button is used on this website. For more information about how WhatsApp handles personal data, please see the operator’s privacy statement under WhatsApp.

Xing and LinkedIn

Further integrated with this website are the plug-ins from the social networks operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA, and Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany. For information on data protection, please see the LinkedIn and Xing privacy policies, which are found here: LinkedIn. Xing.

Snapchat

We use plug-ins from the social network Snapchat, which is operated by Snap Inc., 63 Market Street, Venice, CA 90291, USA (“Snapchat”). Snapchat is certified under the Privacy Shield Framework. For more information on how user data are handled, please see the Snapchat privacy policy under Snapchat.

Facebook Messenger

We use Facebook Messenger of Facebook Ireland Inc. If you send messages via Facebook Messenger, Facebook Messenger independently collects data. For information about the purpose and scope of Facebook Messenger’s data collection, any further processing and the use of the data by Facebook Messenger as well as your related rights and settings to protect your privacy, please see Facebook Messenger’s privacy policy. The Facebook Messenger privacy policy is found here: Facebook Messenger.

3.7.1. Facebook Connect / Login

ABOUT YOU offers users the option to register for the Service using their Facebook log-in (so-called Facebook Connect function). Facebook Connect is a service provided by the social network Facebook, which is operated by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). No separate registration with ABOUT YOU is required in this case. For purposes of registration, users are redirected to the Facebook website, where they can log on using their user data. In this way, the Facebook profile and ABOUT YOU’s Service are linked. This link means that Facebook automatically provides ABOUT YOU with any information that the user has cleared for transmission (e.g., first name, last name, email address, profile picture, sex, list of friends). We use this information to identify you as part of the use of ABOUT YOU. The legal basis for processing is Art. 6 (1) letter a) GDPR.

For additional information about Facebook Connect and the privacy settings, please visit: Facebook privacy policy. .

3.8. Customer account / user account

In order to provide you with the greatest-possible degree of comfort, we give you the option of storing your personal data permanently in a password-protected customer account / user account.

Customer accounts are created on a voluntary basis as a rule. If you create a customer account, any of your data collected here is processed on the basis of Art. 6 (1) letter b) GDPR. Once a customer account has been set up, no further data need be input. In addition, you can view and change the data stored about you in your customer account at any time.

Only if you wish to transact orders on our website / applications is it a requirement that a customer account be opened to implement the contract. In addition to the data requested for purposes of the order, you must provide a password of your choice to set up a customer account. Along with your email address, this password serves as your means of access to your customer account. Please keep your personal access data confidential and, in particular, do not share them with unauthorized third parties. Please note that you remain logged in even after leaving our website unless you actively log out. You can delete your customer account at any time. Please note, however, that the data you can view in your customer account are not deleted along with the account if you have placed an order with us. Your data are deleted automatically once the retention periods to which we are subject under the commercial and tax codes have expired. The legal basis for processing is Art. 6 (1) letters c) and f) GDPR.

3.9. Contact

There are several means by which you can contact us: By contact form, chat or mail. Whenever you contact us, we will use any related personal data that you provide to us solely for the purpose of contacting you in order to process your request. We use the CRM system Zendesk to process customer inquiries. This system is operated by Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA (“Zendesk”). We use Zendesk in order to process your inquiries quickly and efficiently. We have entered into a data processing agreement (DPA) with Zendesk. Under this agreement, Zendesk processes your data for inquiries addressed to us solely on our behalf and for no other purpose. For additional information, please see the Zendesk privacy statement. The legal basis for processing is Art. 6 (1) letters a), b), c) and f) GDPR.

3.10. Payments

We process your payment information for the purpose of transacting payment – e.g., when you purchase or take advantage of a product and/or service via www.aboutyou.com. Depending on the method of payment, we forward your payment information to third parties (e.g., to your credit-card provided in cases of credit-card payments). The legal basis for processing is Art. 6 (1) letters a), b) and f) GDPR.

3.10.1. Paypal

For payments via PayPal, your payment data are forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter” PayPal”), for the payment to be transacted. PayPal reserves the right to obtain a credit report when payment is made by PayPal, PayPal direct debit or, where available, PayPal “on account.” PayPal uses the result of such credit inquiry as it relates to the statistical probability of default of payment for purposes of making a decision whether the method of payment in question should be approved. The credit report may contain probability scores. Insofar as scores inform the result of the credit inquiry, they are rooted in a scientifically recognized process in mathematical statistics. The scores are calculated on the basis of address data, among other factors. For additional information related to data protection, including the credit reporting agencies used, please see. PayPal privacy policy.

7.1. Overview

Aside from the right to revoke the consents you granted to us, you have the following additional rights subject to applicable statutory requirements:

• the right to obtain from us information about your personal data stored with us (Art. 15 GDPR); specifically, you can demand information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged storage period and the origin of your data insofar as they were not collected directly from you;
• the right to have inaccurate personal data rectified and incomplete personal data completed (Art. 16 GDPR);
• the right to have data stored with us erased (Art. 17 GDPR), provided that we are not subject to statutory or contractual retention periods or other legal obligations – or rights – regarding continued storage;
• the right to restrict processing of your data (Art. 18 GDPR) insofar as the accuracy of the data is contested by you, the processing is unlawful and you oppose the data’s erasure, the controller no longer needs the data, but they are required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21(1);
• the right to data portability pursuant to Art. 20 GDPR – i.e., the right to receive selected personal data stored with us about you in a commonly used and machine-readable format, or to demand the transmission thereof to another controller; and
• the right to lodge a complaint with a supervisory authority. In most cases, you can turn to the supervisory authority at your habitual residence or place of work or other corporate headquarters.

You can exercise the aforementioned rights to which you are entitled under [email protected] or using our contact form.

7.2. Right to object

Subject to the conditions of Art. 21 (1) GDPR, data processing may be objected to for reasons arising from the specific circumstances of the data subject. The above general right to object applies to all purposes of processing described in this data protection statement, which are legitimized by Art. 6 (1) letter f) GDPR. By contrast to the specific right to object geared toward data processing for advertising purposes, we are obligated to heed a general objection of this kind only if you state reasons of overriding significance (e.g., potential hazard to life or health).

7.3. Right to revoke

Insofar as we process data on the basis of your consent, you are entitled to revoke your consent at any time. Revoking your consent does not have the effect of rendering ineffective such data processing as may have been undertaken on the basis of your consent until such revocation.

7.4. Fanpages

With respect to the processing of your page insights information undertaken jointly with Facebook, we agreed with Facebook that Facebook bears primary responsibility for providing you with information about the processing of your page insights information and giving you the option of exercising the rights related to data protection to which you are entitled (e.g., right to object). More detailed information about your data protection rights in connection with page insights and how to exercise them directly vis-à-vis Facebook, are found here. If you exercise your rights vis-à-vis ABOUT YOU, we will forward your request to Facebook.