Introduction and terms
With the operation of our website https://www.shop.outofvogue.de/ (hereinafter referred to as "website") we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws - in particular the Basic Data Protection Ordinance (DSGVO) and the Federal Data Protection Act (BDSG-neu). With our data protection regulations we want to inform you what personal data we collect from you, for what purposes and on what legal basis we use it and, if necessary, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.
Our data protection regulations contain technical terms which are new in the DSGVO and the BDSG. For your better understanding we want to explain these terms in simple words in advance:
2.1 Personal data
"Personal data" means all information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Details of an identified person can be e.g. the name or the e-mail address. However, personal data is also data for which the identity is not immediately obvious, but which can be determined by combining one's own or third-party information and thus finding out who it is. For example, a person can be identified by providing his or her address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here are all information that in any way allow conclusions to be drawn about a person.
Art. 4 No. 2 DSGVO defines "processing" as any process in connection with personal data. This applies in particular to the collection, collection, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
3. Responsible company
Company: F&M Feral Media - Falarz & Mieth GbR ("we")
Legal representative: Mr. Tobias Falarz, Mr. Mathias Mieth (Managing Director)
Address: Allersberger Str. 185 L1a, 90461 Nuremberg, Germany
Phone: 0049 / 911 / 93 73 094
4. Processing frame: web page
Within the framework of the website with the URL https://www.shop.outofvogue.de/, we process the personal data of yours listed in detail in sections 5-15. below. We only process data from you which you actively provide on our website (e.g. by filling in forms) or which you make available automatically when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we make use of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the customer are authorized to issue instructions to our contractors. We use external service providers for hosting, maintenance, support and further development of our website. Should other external service providers be used for any of the processing operations listed in paragraphs 5-15, they shall be designated there.
A data transfer to third countries does not take place in principle and is also not planned. We will inform you about exceptions to this principle in the following processing steps.
The processing in detail
5. Provision of the website and server log files
5.1 Description of processing
Every time you visit our website, we automatically collect information that your browser transmits to our server. This is the following data:
• Your IP address
• the browser software you are using, as well as its version and language
• the operating system you are using
• the website from which you accessed our website (so-called referrer)
• the sub-pages you visit on our website
• the date and time of your visit to our website
• Your Internet Service Provider
• Amount of data transferred
• Country and place from where you visited our website
• Your length of stay on our website
The temporary storage of your IP address by the system is necessary in order to deliver our website to a user's terminal device. For this the IP address of the user must remain stored for the duration of the session. The above data is also stored in the so-called log files of our system. However, your IP address is not recorded in our log files.
The data is processed to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 5.2.
5.4 Storage time
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The log files are deleted after 7 days.
6. Registration and profile
6.1 Description of processing
Individual functions and offers of our website are only available to you as a registered user. By registering, you conclude a free usage contract with us. By registering, you will receive your own user account on our website. Registration is done by filling out the registration form on https://www.shop.outofvogue.de/account and sending it to us electronically. To register, you must provide your e-mail address, a freely chosen user name, a freely chosen password and your delivery and billing address. By clicking the button "Next" you send us the form. You will then receive an automatic welcome email. This contains a link to confirm your email address. Only after successful verification of your e-mail address by clicking on the confirmation link will your account be activated on our website. As a registered user, you can shop faster and more conveniently on our website by entering your billing and delivery addresses as well as your preferred payment method in your user profile. This means that you do not have to re-enter your personal data for subsequent (further) purchases.
This data is processed in order to provide you with the functions of our website for registered users.
6.3 Legal basis
Processing is required for the conclusion and fulfilment of the contract of use (Art. 6 para. 1 letter b DSGVO). We cannot provide our contractually owed services without providing your personal data within the framework of registration.
6.4 Storage time
The data will be deleted automatically upon termination of your user contract. You can terminate the user contract by informing us by e-mail to email@example.com, by post to F&M Feral Media - Falarz & Mieth GbR, Allersberger Str. 185 L1a, 90461 Nürnberg that you no longer wish to be a registered user of our website. We will then delete your user account immediately. Furthermore, as a logged in user you can edit and remove your own data and information at any time.
7.1 Description of processing
You can shop as a guest or as a registered user on our website. Within the scope of your order process we process your personal data. The mandatory fields marked with an asterisk "*" in our online shop must be filled in by you. Otherwise it is not possible for us to conclude a purchase contract with you and to send you the desired goods. All other information is voluntary. When shopping on our website you can also choose one of the payment methods offered (PayPal, prepayment or cash on delivery) to pay the purchase price. When you complete your order, the data required for payment will be passed on to the respective payment service provider. When you shop on our website as a registered user, you can enter your billing and delivery addresses as well as your preferred method of payment in your user profile for a faster and more convenient order.
The processing takes place for the conclusion and the completion of sales contracts.
7.3 Legal basis
Processing is required to conclude and fulfil the purchase contracts (Art. 6 para. 1 lit. b DSGVO).
7.4 Storage time
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we will restrict processing. This means that your data will only be kept separately in order to comply with the legal retention periods and will be deleted immediately after their expiry.
In order to process your payment, personal data will be passed on to one of the external payment service providers listed below and selected by you within the scope of your purchase:
- PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further information to the data security with PayPal finds you under https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE.
8. Contact form and contact by e-mail
8.1 Description of processing
To contact us, we have provided a contact form on our website. In this form you will be asked to enter your e-mail address, your name and a message to us. If you press the "Submit" button, the data will be transmitted to us using SSL encryption (see item 13). The contact form can only be transmitted if you accept our data protection regulations by clicking the corresponding checkbox. You can also contact us via the e-mail addresses given on the website. In this case, the personal data transmitted by e-mail will be processed by us.
By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and responding to your request.
8.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data will be processed for the fulfilment of the contract (Art. 6 para. 1 lit. b DSGVO).
8.4 Storage time
We will delete the data as soon as they are no longer necessary to achieve the purpose for which they were collected. This is usually the case when the respective communication with you is finished. Communication is terminated when it can be inferred from the circumstances that your request has been finally clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the statutory retention period has expired.
9.1 Description of processing
9.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in Section 10.2.
9.4 Storage time
Below we have compiled the links that will guide you to instructions on how to change the settings in the most popular browsers. Further information can be found in the support menu of your browser:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
10.1 Description of processing
We send out a newsletter at irregular intervals. With the newsletter we inform about new products, offers and sales campaigns in our online shop. You will only receive our newsletter if you actively subscribe to our mailing list. You can subscribe by filling out and sending a newsletter registration form on our website or as part of an order in our online shop. To subscribe to the newsletter, you only need to enter your e-mail address. All other information (e.g. your first name and surname) is voluntary and is used solely for the personalization of e-mails. We use the so-called double opt-in procedure to carry out and verify newsletter subscriptions. Registration takes place in several steps. First, sign up for the newsletter on our website. You will then receive an e-mail from us to the e-mail address you provided. With this e-mail we ask you to confirm that you have actually subscribed to the newsletter and wish to receive it. Confirmation takes place by clicking on a confirmation link in the e-mail. Only after a successful confirmation we will add you to our newsletter distribution list and send you future e-mails. As part of the double opt-in procedure, we save the date, time and your IP addresses both when you register and when you confirm.
The processing takes place in order to offer the newsletter function and to be able to send newsletter e-mails to subscribers and existing customers. The collection and storage of date, time and IP addresses when registering for the newsletter serves to document the consent given and to protect against the misuse of e-mail addresses.
10.3 Legal basis
The processing of our subscriber newsletter is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can call up the declaration of consent on our website at any time at https://www.shop.outofvogue.de/newsletter Your consent is voluntary. The collection and storage of date, time and IP addresses when registering for the newsletter is necessary to safeguard the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in Section 11.2. The processing of our newsletter for existing customers is carried out on the basis of Art. 6 Para. 1 letter f DSGVO in order to protect the overriding interests of those responsible. Our legitimate interest lies in direct advertising to existing customers. This is permissible within the scope of Section 7 para. 3 UWG which we have observed.
10.4 Storage period and revocation of consent
If you do not confirm your registration for our newsletter within 24 hours after receipt of the corresponding registration e-mail, your data will be deleted automatically. We process your personal data for the duration of your newsletter subscription. You can cancel your subscription to our newsletter at any time by revoking your consent. A simple declaration (by e-mail to firstname.lastname@example.org or by post to F&M Feral Media - Falarz & Mieth GbR, Allersberger Str. 185 L1a, 90461 Nuremberg) is sufficient. You can also unsubscribe by clicking the unsubscribe link in any newsletter e-mail or here (https://www.shop.outofvogue.de/shop/en/newsletter). With the revocation of your consent, no more newsletters will be sent to you and your personal data will be removed from our active distribution list. We will add your e-mail address to our so-called black list to enforce your revocation. This enables us to ensure that you will not receive any newsletters from us in the future and that your e-mail address will not be misused by third parties.
11. Google Tag Manager
Our website uses the "Google Tag Manager", a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The Google Tag Manager does not collect any personal data and does not set any cookies. This service only allows us to include and manage tags on our website. Tags are small code elements on our website that can be used to measure traffic and visitor behaviour with other tools, to measure the impact of online advertising and social channels, to use remarketing and targeting, test and optimize the website. More information about the Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html.
12. Google Analytics
12.1 Description of processing
The processing takes place in order to be able to evaluate the use of our website. The information gained in this way serves to improve and design our online presence in line with requirements.
12.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 13.2.
12.4 Storage period and right of objection
We have explained the duration of storage as well as your control and setting options for cookies in section 9. You can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics are automatically deleted by us after 14 months.
12.5 Recipient and transfer to third countries
Google Analytics works for us as a service provider within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit https://www.privacyshield.gov/EU-US-Framework.
13. DoubleClick by Google
13.1 Description of processing
The use of Doubleclick enables Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. We use the service to generate advertising revenue.
13.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 14.2.
13.4 Storage period and right of objection
13.5 Recipient and transfer to third countries
14.1 Description of processing
Our pages include functions of the music service Spotify. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com. When you visit a subpage of our website on which we have embedded Spotify, a connection to the Spotify servers is established and the plugin is displayed within our website. Spotify receives the information that you have visited our site with your IP address. If you interact with the plugin, e.g. click the "Play" button while logged into your Spotify account, this information can be assigned to your Spotify profile. If you do not want Spotify to associate your visit to our pages with your Spotify account, please log out before your visit to Spotify.
The processing is done to enable you to discover music by artists in connection with our website
14.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the person responsible (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 14.2.
14.4 Recipient and transfer to third countries
15. security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognize the active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser's address bar.
16. Rights of the persons concerned
With regard to the data processing described above by our company, you are entitled to the following rights of data subjects:
16.1 Information (Art. 15 DSGVO)
You have the right to ask us to confirm whether we are processing personal data concerning you. If this is the case, you have the right to information on this personal data and on the further information listed in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.
16.2 Correction (Art. 16 DSGVO)
You have the right to request us to correct any incorrect personal data concerning you and, if necessary, to complete incomplete personal data without delay.
16.3 Deletion (Art. 17 DSGVO)
You have the right to request us to delete personal data relating to you immediately if one of the reasons listed in Art. 17 DSGVO applies in detail, e.g. if your data is no longer required for the purposes we pursue.
16.4 Limitation of data processing (Art. 18 DSGVO)
You have the right to request us to restrict the processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the duration that enables us to check the accuracy of your data.
16.5 Data transferability (Art. 20 DSGVO)
You have the right, under the conditions set out in Art. 20 DSGVO, to demand the publication of the data concerning you in a structured, common and machine-readable format.
16.6 Revocation of consents (Art. 7 para. 3 DSGVO)
You have the right to revoke your consent at any time in the case of processing based on a consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing does not become retroactively illegal by the revocation of the consent.
16.7 Complaint (Art. 77 DSGVO)
If you believe that the processing of personal data concerning you violates the DSGVO, you have the right of appeal to a supervisory authority. They may exercise this right before a supervisory authority in the EU Member State of their place of residence, of work or of the place where the alleged infringement is alleged.
16.8 Prohibition of automated decisions/ profiling (Art. 22 DSGVO)
Decisions that have legal consequences for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.
16.9 Opposition (Art. 21 DSGVO)
If we process your personal data on the basis of Art. 6 para. 1 lit. f DSGVO (to protect overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 DSGVO. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms. Nor do we have to stop processing if it serves to assert, exercise or defend legal claims. In any case - regardless of a particular situation - you have the right to object at any time to the processing of your personal data for direct advertising.
Status: August 2018