Legal
CONFIDENTIALITY GUARANTEE/DATA PROTECTION
Thank you for showing an interest in our company. Protecting personal data is extremely important to us, which is why we would like to take this opportunity to provide you with detailed information about how we process your personal data. Personal data is always processed in line with the legal requirements, in particular the General Data Protection Regulation (GDPR) and the applicable national data protection legislation. This policy contains information about the type and extent of data that we collect, use and process and the purpose for doing so. It also provides data subjects with information about their rights. As a company and data controller, we have taken extensive technical and organisational steps to ensure that the personal data we process receives the best possible protection.
I. NAME AND ADDRESS OF THE CONTROLLER
The data controller as per the General Data Protection Regulation, Member States’ additional national data protection legislation, and other data protection regulations is:
BÄR GmbH
Pleidelsheimer Straße 15/1
74321 Bietigheim-Bissingen
Germany
Telefon: +49 (0) 7142 95 66 10
E-Mail: datenschutz@baer-schuhe.de
Website: www.baer-schuhe.de
II. Name and address of the data protection officer
The controller’s data protection officer as per Article 37 GDPR is:
Frank Eckerkunst, lawyer
c/o ITWerk Giessen GmbH*
Siemensstrasse 7
35394 Giessen
Germany
Tel.: +49 641 96993-0
E-Mail: eckerkunst@itwerk-giessen.de
Website: www.itwerk-giessen.de
* Insurance details:
Details of professional indemnity insurance:
D&O cover is provided by:
Hiscox Insurance Company Ltd.
Zweigniederlassung für die Bundesrepublik Deutschland
Arnulfstraße 31
80636 München
Germany
Territorial scope of the insurance: Europe
Insured activity: Data protection officer
Amount insured under the professional indemnity policy: €1,000,000
III. General information about data processing
1. TERMINOLOGY
Our privacy policy uses various terms which are based on the legislation and explained below to make our privacy policy straightforward and easy to understand. In the context of this policy, the term:
‘personal data’ means all information relating to an identified or identifiable individual (hereinafter ‘data subject’); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting its processing in the future;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable individual;
‘controller’ means the individual or legal entity, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means an individual or legal entity, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means an individual or legal entity, public authority, agency or other body, to which the personal data is disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of this data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means an individual or legal entity, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
2) Extent of personal data processing
It is possible to use our website without providing personal data. We only process our users’ personal data insofar as this is necessary to provide a functional website and to make our content and services available. Our users’ personal data is only processed regularly with the user’s consent. The only exception is in cases where it is not possible to obtain consent beforehand for practical reasons and legislation permits the data to be processed.
3) Lawful basis for the processing of personal data
Insofar as we obtain the data subject’s permission to process personal data, the lawful basis is Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR).
4) Registration and customer account
If you open a customer account, you agree that your inventory data such as name, address, e-mail address and bank details as well as your user data (user name, password) are stored. This enables you to place orders with us using your e-mail address or your customer number and your personal password. In doing so, we obtain the following consent.
5) Erasing data and retention period
The data subject’s personal data is erased or blocked as soon as the purpose no longer applies. Data may be stored for longer if this is permitted under European or national law as set out in regulations, acts or other provisions which apply to the controller. Data will also be blocked or erased if the retention period stipulated in the quoted standards expires, unless further storage of the data is necessary to conclude or perform a contract.
Insofar as the processing of personal data is necessary to fulfil a legal obligation which applies to our company, the lawful basis is Art. 6(1)(c) GDPR.
If vital interests of the data subject or another individual make it necessary to process personal data, Art. 6(1)(d) GDPR serves as the lawful basis.
When personal data must be processed to perform a contract to which the data subject is party, the lawful basis is Art. 6(1)(b) GDPR. This also applies to processing operations which are necessary for the performance of precontractual measures.
If processing is necessary to achieve a legitimate interest of our company or a third party and the data subject’s interests, rights and freedoms do not override the aforementioned interest, Art. 6(1)(f) GDPR serves as the lawful basis for processing.
As a responsible company, we do not use profiling or any other automated means of decision-making.
IV. Use of our website
1. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
Description and extent of data processing, lawful basis, purpose and retention period
Each time our website is accessed, our system automatically records data and information from the system of the accessing computer.
The following data is recorded:
- Information about the browser type and version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Referring websites
- Websites accessed by the user’s system via our site
The lawful basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. It is necessary for the system to store the IP address temporarily to enable the website to be delivered to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose. Data is stored in log files to enable the website to function. Furthermore, the data is used to optimise the website and ensure that our IT systems are secure. Data is not evaluated for marketing purposes in connection with this. Our legitimate interest in data processing as per Art. 6(1)(f) GDPR also lies in these purposes. The data is erased or anonymised once the purpose for which it was recorded has been achieved. It is then no longer possible to identify the accessed client. Recording the data needed to provide the website and storing the data in log files is essential for operation of the website. As a consequence, the user cannot opt out of this.
2. USE OF COOKIES Description and extent of data processing, lawful basis, purpose, retention period, right to opt out and deletion
Our website uses cookies. Cookies are text files that are stored in or by the Web browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a random, unique string of letter and numbers which makes it possible to identify the browser when the website is accessed again.
a) We use strictly necessary cookies to make our website more user-friendly. For some elements of our website, it is necessary for the accessing browser to be identifiable even when the user navigates to a different page. As a rule, the following data is stored and transmitted in cookies:
- Language settings
- Log-in information
- Session ID
b) If we also use (non-essential) cookies on our website which enable the user’s browsing behaviour to be analysed, these can usually transmit the following data:
- Search terms entered
- Frequency of page impressions
- Use of website features
- IP address
- Browser data
When accessing our website, the user is informed about the use of cookies for analytical purposes and asked to consent to the processing of personal data utilised in this way. Attention is also drawn to this privacy policy in this regard. The lawful basis for the processing of personal data in connection with strictly necessary cookies is Art. 6(1)(f) GDPR. Subject to the user’s consent, personal data is processed in connection with analytical cookies under Art. 6(1)(a) GDPR.
The purpose of strictly necessary cookies is to make it easier for users to utilise websites. It is not possible to offer some of our website’s features without using cookies. For these, it is necessary for the browser to be identifiable even when the user navigates to a different page. We use cookies for the following applications:
- Applying language settings
- Remembering search terms
- Remembering general cookie settings
The user data collected by strictly necessary cookies is not utilised to produce user profiles. Analytical cookies are used for the purpose of improving the quality of our website and its content. Analytical cookies enable us to find out how the website is used and therefore allow us to continuously optimise it. Our legitimate interest in processing personal data in accordance with Art. 6(1)(f) GDPR also lies in these purposes. Cookies are stored on the user’s computer, which transmits them to our site. This means that you, the user, have complete control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Web browser. Stored cookies can be deleted at any time. This can also be done automatically. If you disable cookies for our website, it may not be possible to use all the features of our website in full. You can change the settings in Flash Player to prevent Flash cookies from being transmitted. This cannot be done via your browser settings.
The data stored in our cookies is not linked to your personal data (name, address, etc.).
3. REGISTRATION FEATURE
We offer our visitors the option of registering on our site using a contact form. The personal data which is visible from the input mask is only recorded and stored to enable use of our offering. In case your data is being misused by a third party, we store the IP address and the time and date of the registration as a precaution so that the misuse can be investigated if necessary. Your data is never shared with third parties. Data collected elsewhere is not associated with this data. Registered visitors have the option of amending their personal data or deleting it completely from the database at any time.
4. CONTACTING US
You can contact us at any time to share your wishes and aspirations by using the contact form or sending an email. The user data submitted voluntarily in this way is stored in our database for processing and erased once the purpose of processing it has been achieved. It is never forwarded to third parties or associated with other data.
5. RECEIVING OUR NEWSLETTER
Our website contains the option of subscribing to our newsletter. We use this to provide regular information about offers, news, events and other important occurrences. It is only possible to receive the newsletter if you provide the data marked as compulsory on the registration page and registration is successful. An email address is sufficient. We use a double opt-in (DOI) process to ensure that the user wishes to receive the newsletter. This means that the potential recipient is only added to the distribution list temporarily at first. The potential recipient is then given the option of confirming their registration with legal effect via a confirmation email. Only once the user confirms and agrees to receive the newsletter does the address become fully active in our distribution list. When you first register, we store the following information, which is necessary to document and provide evidence of legally binding registration:
- IP address
- Date and time of the registration
The data is only used to distribute the newsletter. You can cancel your subscription at any time and withdraw your consent. There is a link allowing you to unsubscribe in each newsletter. You can also cancel your newsletter subscription on the website. Distribution may be handled by an email marketing service provider. The email marketing service provider will work for us on the basis of a processing agreement and may use the data in pseudonymised form to improve its offering or for statistical purposes. The email marketing service provider will not use the data to contact you directly or share it with third parties. You can find more information about the email marketing service providers here.
EMARSYS
Emarsys eMarketing Systems GmbH, Willi-Schwabe-Straße 1, 12489 Berlin, Germany
https://emarsys.com/de/datenschutzrichtlinie/
6. DATA PROTECTION DURING THE APPLICATION PROCESS
Applicants’ data is electronically recorded, stored and processed for the purpose of completing an application process. This applies particularly to applications made electronically, for example by email. If you subsequently enter into an employment contract, we keep the data in your personnel file and store it for standard organisational and employment purposes, in compliance with the legal requirements. If the applicant does not enter into an employment contract, their data is automatically deleted from the database when the rejection is sent, unless special legal conditions – such as the duty to furnish evidence under the German General Act on Equal Treatment – require a longer storage period or you explicitly agreed to longer retention during the application process.
7. USE OF FACEBOOK, GOOGLE+, INSTAGRAM, LINKEDIN, PINTEREST, TWITTER, XING AND/OR YOUTUBE, TIKTOK
If our website uses social media plugins for Facebook, Google+, Instagram, LinkedIn, Pinterest, Twitter, TikTok, Xing and/or Youtube, the plugins will be identified by the respective companies’ logos. When you access our website, the relevant component of the above-mentioned social media plugin may establish a connection between your computer and the social media provider and/or associate it with you. If you are logged in to one of the above-mentioned services during your visit to our site, the provider of the relevant service may identify your user name and your real name from the information transferred and associate the data.
The Xing share button, for example, does not store any personal data. Xing does not evaluate your IP address or user behaviour. However, if you are logged in to Xing when you visit our site, your account information may be used to establish a link with the visit to our site.
Please note that we do not have any control over how the providers of the above-mentioned social networks share your data.
For more information about the data protection policies, please visit the relevant sections of the social networks’ websites.
You can find more information about the individual social media services here:
Facebook
Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland
https://de-de.facebook.com/about/privacy/
https://developers.facebook.com/docs/plugins
Google+
Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland
https://developers.google.com/+/web/buttons-policy
Instagram
Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland
https://help.instagram.com/155833707900388
LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Pinterest
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Irland
https://pinterest.com/about/privacy/
Twitter
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND
https://twitter.com/privacy
XING
XING SE, Dammtorstraße 30, 20354 Hamburg
https://privacy.xing.com/de/datenschutzerklaerung
Youtube
Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland
https://policies.google.com/privacy?hl=de&gl=de
TikTok
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland.
https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
8. USE OF GOOGLE ADSENSE
Our website uses the Google AdSense service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google AdSense selects advertisements to match the content of the website on which they will be displayed. For this purpose, a Web crawler browses the respective site using the same technique as is employed to index websites for the search engine Google. This makes it probable, for example, that a website about photography will display advertisements relating to this topic. As well as matching adds to the content of the context, AdSense supports interest-related targeting using the individual profile of a visitor to a website or advertisement. Google AdSense uses cookies to do this. These are small text files which store information on your computer to make it possible to analyse browsing behaviour. You can prevent cookies from being stored by changing your settings. You can delete stored cookies yourself at any time. Google AdSense also uses tracking pixels. These are tiny graphics that are integrated into websites. The aim is to record and analyse behaviour using log files with the aid of Google AdSense tracking pixels. Tracking pixels enable Alphabet, Inc. to recognise when a certain user has opened a website and which links they followed. The number of visitors accessing certain websites can also be evaluated using tracking pixels. Alphabet, Inc. also receives information about individuals and their data, including their IP address. This data is stored and processed by Alphabet, Inc. In some cases, Alphabet, Inc. may forward this collected data and information about individuals to third parties. Further information and more detailed explanations can be found at: https://www.google.de/intl/de/adsense/start
9. USE OF GOOGLE ANALYTICS WITH THE ANONYMISATION FEATURE
Our website uses the Google Analytics service. This is a Web analysis tool provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses cookies. These are small text files which store information on your computer to make it possible to analyse use of the website. The information collected about website use by cookies is usually sent to a Google server in the USA, where it is stored. Activating the anonymisation feature means that your IP address is truncated beforehand by Google within the European Union or in other states that are party to the Convention on the European Economic Area, so your full IP address is not forwarded. Only in exceptional cases will your full IP address be sent to a Google server in the USA, transferred and truncated there. Google uses this information on behalf of the operator to evaluate the website, compile reports about website activity, and provide the website operator with other integrated services relating to website and Internet use. The IP address transferred by Google Analytics is not associated with other data held by Google. You can disable the storage of cookies via your browser settings. If you do this, please note that you may not be able to make full use of some features of this website. You can also prevent Google from storing and processing the data generated by the cookie – including your IP address – by using an opt-out browser add-on. Further information and more detailed explanations can be found at: https://tools.google.com/dlpage/gaoptout?hl=de
10. USE OF GOOGLE REMARKETING
Our website uses the Google Remarketing service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Remarketing identifies users who have visited our website frequently in the past and shows them targeted advertisements with the aim of attracting them back to our site. With the aid of the Google advertising network, this enables ads of interest to the user to be displayed and placed in the foreground. Google uses cookies for this service. Cookies are small text files saved on your computer which allow usage of the website to be analysed and store the data for a certain period of time. This makes it possible for us to recognise users if this website is accessed within Google’s advertising network. Further information and more detailed explanations can be found at: http://www.google.com/privacy/ads/
11. USE OF GOOGLE ADWORDS
Keywords are the most important component of Google AdWords. With the help of these keywords, an advertiser can choose in advance for an advertisement only to be displayed in the results for a search containing the selected terms or sites with related content. This should make it possible to target advertising to visitors’ interests and minimise wastage. It is also possible to define negative keywords which prevent an ad from being displayed. This service is operated by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. AdWords makes it possible to show the user advertisements which are relevant to their search. When someone is directed to our website by a Google ad, a conversion cookie is placed on the user’s browser. This enables both us and Alphabet, Inc. to track whether these AdWords advertisements resulted in the sale of certain products or whether a sales process was aborted. Conversion cookies do not contain any information about the person in question and are automatically deleted within 30 days. The information generated by conversion cookies is used by Google to produce visitor statistics. With the aid of these statistics, it is possible to work out how many users have been directed to our website by AdWords advertisements. Conversion cookies store information about the person who visited the site. This data – including the IP address – is forwarded to Alphabet, Inc. in the USA and may be shared with third parties. You can prevent cookies from being stored by changing your settings. You can delete stored cookies yourself at any time. Further information and more detailed explanations can be found at: https://www.google.de/intl/de/policies/privacy/
12. USE OF GOOGLE FONTS
This website features Google Fonts. Google Fonts is a service provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Web fonts are designed for browser-based digital texts. When a website is accessed, they are usually requested from an external Web server instead of a computer’s local font library and integrated into the browser. The use of Google Fonts is not authenticated. No cookies are sent from the website visitor to the Google Fonts API. Queries sent to the Google Fonts API are sent to the resource-specific domains fonts.googleapis.com or fonts.gstatic.com. This means that your requests for fonts are separate from any other information you send to google.com and do not contain any other information. The anonymised request information is erased after 24 hours. Further information and more detailed explanations can be found at: https://policies.google.com/privacy?hl=de
13. USE OF MICROSOFT BING ADS
On our pages, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In doing so, Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user's identity is disclosed.
If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the necessary setting of a cookie - for example, by using browser settings that generally disable the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by following the link below: https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE to declare your objection. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.
14. USE OF PAYPAL AS A METHOD OF PAYMENT
If you decide to pay using the online payment service provider PayPal, your contact details are sent to the payment service provider PayPal via the orders you place. PayPal acts as an intermediary and provides customer protection services. The personal data transmitted to PayPal comprises information such as your first name, surname, address, telephone number, IP address, email address and other data which helps to process your order. Please note that PayPal may share personal data with subcontractors, service providers or other associated companies if this is necessary for contractual performance in connection with your order. Further information and more detailed explanations can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
15. USE OF SOVENDUS
In order to select a voucher offer that is currently of interest to you, we transmit the hash value of your e-mail address and your IP address to Sovendus GmbH, Hermann-VeitStr. 6, 76135 Karlsruhe (Sovendus) in a pseudonymized and encrypted form (Art. 6 para.1 f DSGVO). The pseudonymized hash value of the e-mail address is used by Sovendus to take into account any objection to advertising (Art. 21 para.3, Art. 6 para.1 c DSGVO). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days (Art. 6 para.1 f DSGVO).
In addition, we transmit for billing purposes pseudonymized order number,
order value with currency, session ID, coupon code and timestamp to Sovendus (Art. 6 para.1 f DSGVO). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your email address and you click on the voucher banner that is only displayed in this case, we will transmit your title, name, zip code, country and email address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 para.1 b, f DSGVO).
For more information on the processing of your data by Sovendus, please refer to the online privacy policy at www.sovendus.de/datenschutz.
16. USE OF EMARSYS As set out in Section 7(3) of the German Act Against Unfair Competition (UWG), we are permitted to use the email address provided when a purchase is made in our shop for direct marketing of similar products or services. If you no longer wish to receive our product recommendations, you can opt out of receiving these at any time. You will not incur any charges for this apart from the basic cost of transmission. To opt out, click on the ‘Unsubscribe’ link which can be found in the footer of any of our product recommendations or email onlinemarketing@baer-schuhe.de.
Our website uses third-party cookies which enable us to improve the quality of the content that we offer you when you visit. These cookies may record your IP address and non-personal data about your visit. This data is completely anonymous and does not include your name, address, email address or any other personal information. The only data collected from visitors who have logged in is a single encrypted identifier which cannot be used to identify you. Cookies are also used to record anonymous, statistical information about your navigation behaviour on our website. These cookies expire after one year.
Our website also uses JavaScript commands to record browsing and purchase data relating to logged-in visitors. This data is used to enrich your customer profile and offer you a personalised experience across all our touchpoints.
If you have subscribed to the newsletter, the personal data you submitted when you registered will be used to send you personalised newsletters. No data is shared with third-party companies. Our data protection policies comply with the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
17. . INTEGRATION OF TRUSTED SHOPS TRUSTBADG
The Trusted Shops Trustbadge is included on this website to show our Trusted Shops seal of quality and any earned ratings as well as to offer Trusted Shops products to buyers after an order. This serves the protection of our legitimate interests in an optimal marketing of our product and prevails in the context of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln/Cologne, Germany. When the Trustbadge is accessed, the web server automatically records a server log file which contains, e.g., your IP address, date and time of the access, transferred data volume and the requesting provider (access data) and documents the access. This access data is not analyzed and is automatically overwritten after a maximum of seven days after the end of your page visit. Further personal data is only transferred to Trusted Shops if you decide to use its products after completing an order or if you have already registered for use. In this case, the contractual agreements between you and Trusted Shops apply
18. USE OF AWIN
On our website, we use the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany, as a partner programme. As part of its tracking services, to document transactions (e.g. leads and sales), AWIN stores cookies on the devices of users who visit or use its clients’ websites or other online offerings (e.g. to register for a newsletter or place an order in an online shop). These cookies serve the sole purpose of correctly attributing the success of an advertising material and billing it accordingly in connection with its advertising network. AWIN does not collect, process or use personal data to do this. The only information placed in a cookie is when a certain advertising material was clicked on from a device. AWIN tracking cookies contain a unique string of digits which documents an advertiser’s partner programme, the publisher (on whose site the ad was displayed) and the time when the user clicked on or viewed the advertisement. It is not possible to allocate this code to an individual user. AWIN also collects information about the device which was used to complete a transaction, e.g. the IP address, the operating system and the requesting browser. The lawful basis for storing this data is Art. 6(1)(f) GDPR. If you would like more information about data processing by AWIN, please visit: https://www.awin.com/de/rechtliches
19. USE OF CRITEO ONE TAG
On our site, we use functions of Criteo, a JavaScript tag that Criteo uses to track the behaviour of users as they browse your website. The provider is Criteo SA, 32 Rue Blanche, 75009 Paris (hereinafter "Criteo").
Criteo is used to show you interest-based adverts within the Criteo advertising network. Your interests are determined on the basis of your previous usage behaviour. For example, Criteo records which products you have viewed, placed in your shopping basket or purchased. Further details on the data collected by Criteo can be found here: How we use your data
In order to be able to show you interest-based advertising, we or other Criteo partners must be able to recognise you. For this purpose, a cookie is stored on your end device or a comparable identifier is used, which links your user behaviour with a pseudonymous user profile. For details, please refer to Criteo's privacy policy at Privacy Policy
Your personal data and the Criteo cookies stored in your browser are stored for a maximum of 13 months from the date of collection. Criteo is used in the interest of targeted advertising measures. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Criteo and we are joint controllers within the meaning of Art. 26 GDPR. An agreement on joint processing has been concluded between Criteo and us, the main contents of which Criteo describes under the following link: How we use your data
20. USE OF trbo
On our website, data is collected and stored by trbo GmbH, Leopoldstr. 41, 80802 Munich, Germany (http://www.trbo.com/). This allows usage profiles to be developed with the aid of pseudonyms to show you personalised customer benefits. Cookies may be used for this purpose which enable a Web browser to be recognised. These usage profiles serve to analyse visitor behaviour and are evaluated in order to improve our site and design it in line with users’ needs. The pseudonymised usage profiles are not associated with personal data about the bearer of the pseudonym without separate, explicit consent being granted by the data subject. You can opt out of this at any time by clicking on the following links: activate trbo and disable trbo.
21. USE OF PAQATO
With the shipment of your goods, the order header data is used to track the shipment and identify problem cases according to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed. The user's details are stored and processed in the PAQATO shipping analysis system of the company PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster, Federal Republic of Germany, in order to be able to deliver the goods more quickly and without errors and to ensure smooth communication (legitimate interest pursuant to Art. 6 para. 1 lit. f. DSGVO ). We delete the data if it is no longer necessary. We review the necessity every two years; Furthermore, the legal archiving obligations apply. The privacy policy of the data processor can be found under the following link https://www.paqato.com/datenschutzerklaerung/ or the cookie policy of the data processor and the following link https://www.paqato.com/cookie-richtlinie-eu/.
22. TRANSMITTING YOUR DATA FOR THE PURPOSE OF A CREDIT CHECK
We transmit your data (name, address and, if applicable, date of birth) to Experian GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany, for the purpose of checking creditworthiness, obtaining information for assessing the risk of non-payment on the basis of mathematical-statistical methods using address data. The legal basis for these transfers is Article 6(1)(b) and Article 6(1)(f) of the DSGVO. Transfers based on these provisions may only be made insofar as this is necessary to safeguard the legitimate interests of our company or third parties and does not override the interests of the fundamental rights and freedoms of the data subjects that require the protection of personal data. Detailed information on ICD within the meaning of Art. 14 of the European Data Protection Regulation ("EU GDPR"), i.e. information on the business purpose, purposes of data storage, data recipients, right of self-disclosure, right to erasure or rectification, etc. can be found in the attachment or under the following link.
23. USE OF SCAN2FIT:
With your express consent, we process your data for the purpose of carrying out a free 3D foot scan to determine your shoe size and analyse your foot. For this purpose, we process the personal data required for the scan, in particular the shoe size, name and contact details. The purpose of the processing is to initiate and fulfil a contract. The legal basis for the processing is therefore Art. 6 para. 1 lit. a) and b) GDPR. Your data will be stored until the termination of the contract and any further retention obligations, otherwise it will be deleted immediately. To process the foot scan, your data will also be passed on to the company 3D Schuhdesign / HMK GmbH, Delaware Avenue 23-25, 66953 Pirmasens on the basis of an order processing contract.
Consent can be revoked at any time for the future. The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this.
24. USE OF TABOOLA
We use Taboola on our website. The service stores and processes information about your user behaviour on our website. For this purpose, the service uses, among other things, cookies, small text files that are stored locally in the cache of your web browser on your end device and that enable us to analyse your use of our website.
We use the service to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offering and make it more interesting for you as a user. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
The legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR (consent).
Provider:
Taboola, Inc.
16 Madison Square West
7th fl.
NY, 10010 New York
https://www.taboola.com/
25. USE OFKLAR ATTRIBUTION
We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar, collects, processes and stores data on this website and its subpages for reach measurement, statistical analysis. This collection takes place on the following legal basis:
- The user has given his consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed will be collected on a user-specific basis. For the aforementioned different types of collection, different cookies are used to ensure the respective type of collection. **Objection**
To object to the use of Klar in principle, please use this [Link](https://375223267.baer-schuhe.de/donottrack/me). This will set a cookie with the name "do_not_track" from the domain "baer-schuhe.de". Please do not delete it, otherwise we cannot guarantee that you will not be tracked by Klar. Information on data protection and data use can be found on the following website of Klar: https://www.getklar.com/data-protection
26. USE OF ILOGIXX
We use an online tool from ilogixx GmbH, Viehmarktplatz 14 54290 Trier (Germany) to communicate with our customers. If you communicate with us by email or audio, your personal data will be collected and processed by us and the provider. The communication tool collects all data that you provide/enter to use the tool (e.g. e-mail address and/or your telephone number). The tool also processes the duration, start and end (time) of the communication and other “context information” in connection with the communication process (metadata). Ilogixx processes all technical data required to process the communication. This includes IP MAC addresses, device IDs, device type, operating system type and version, client version. The legal basis for the use of the communication tool is Art. 6 para. 1 lit. b GDPR for the purpose of communicating with prospective or existing customers or offering certain services to customers. Furthermore, the use of the tool serves to simplify and accelerate communication with our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future. Further information on data processing can be found at Datenschutzerklärung
If we process your personal data, you are classed a data subject as per GDPR and you have the following rights with regard to the controller:
1.) The right to be informed
You can request confirmation from the controller as to whether we process personal data belonging to you. If we do, you can request the following information from the controller:
- the purposes for processing personal data;
- the categories of personal data which are processed;
- the recipients and/or categories of recipients to whom your personal data has been or will be disclosed;
- the planned retention period for your personal data or – if it is not possible to provide concrete details on this – criteria for setting the retention period;
- your right to rectification or erasure of your personal data and your right to restrict processing by the controller or object to this processing;
- your right to make a complaint to a supervisory authority;
- all available information about the origins of the information if the personal data was not collected from the data subject;
- the existence of automated decision-making including profiling as per Art. 22(1) and (4) GDPR and – at least in such cases – meaningful information about the logic involved along with the significance and the envisaged consequences of this processing for the data subject.
You have the right to request information about whether your personal data is transmitted to a third country or an international organisation. In this connection, you can request information about suitable guarantees as per Art. 46 GDPR pertaining to the transmission.
2.) Right to rectification
You have the right to request that the controller rectifies and/or completes the personal data they process if it is inaccurate or incomplete. The controller must rectify the data immediately.
3.) Right to restrict processing
You can request that the processing of your personal data is restricted in the following circumstances:
- if you contest the accuracy of your personal data and request a restriction for a period of time to allow the controller to check the accuracy of the data;
- the processing is unlawful and you request that use of the personal data is restricted instead of it being deleted;
- the controller no longer needs the personal data for the processing purposes but you need it in order to establish, exercise or defend a legal claim, or
- you have objected to processing under Art. 21(1) GDPR, and it is not yet clear whether the controller’s legitimate grounds override your reasons.
If the processing of your personal data has been restricted, this data may only be processed with your consent, to establish, exercise or defend a legal claim, to protect the rights of an individual or legal entity, or for reasons of important public interest for the Union or a Member State. If processing has been restricted in the above-mentioned circumstances, you will be informed by the controller before the restriction is lifted.
4.) Right to erasure/erasure obligation
You can request that the controller erases your personal data immediately and the controller is obliged to erase this data immediately if one of the following applies:
- Your personal data is no longer needed for the purposes for which it was collected or otherwise processed.
- You withdraw your consent which served as the basis for processing as per Art. 6(1)(a) or Art. 9(2)(a) GDPR and there are no other legal grounds for processing.
- You object to processing as per Art. 21(1) GDPR and there are no legitimate reasons for processing which take precedence, or you object to processing as per Art. 21(2) GDPR.
- Your personal data was processed unlawfully.
- Your personal data must be erased to fulfil a legal obligation under Union law or the law of the Member State which applies to the controller.
- Your personal data was collected in relation to the offer of information society services as defined in Art. 8(1) GDPR.
Informing third parties
If the controller has made your personal data public and is obliged to erase it as per Art. 17(1) GDPR, they must take reasonable steps (technical or otherwise, taking account of the technology available) to inform those responsible for processing the personal data that you, the data subject, have requested that they delete all links to this personal data or copies or replications of this personal data.
Exceptions
The right to erasure does not apply if processing is necessary
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation which requires the data to be processed under the Union or Member State law which applies to the controller; or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for public health purposes in the public interest as per Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research, or statistical purposes as per Art. 89(1) GDPR where the right cited in (a) is likely to render impossible or seriously impair the achievement of these processing objectives, or
- for the establishment, exercise or defence of legal claims.
5.) Right to information
If you have contacted the controller to exercise your right to rectification, erasure or restriction, the controller is obliged to inform all recipients to whom your personal data has been disclosed of the rectification, erasure or restriction, unless this proves impossible or involves disproportionate effort.
You have the right to request that the controller informs you about these recipients.
6.) Right to data portability
You have the right to receive the personal data which you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without being hindered by the controller to whom the personal data was provided, if
1. the processing is based on consent as defined in Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract as per Art. 6(1)(b) GDPR and
2. the processing is carried out by automated means.
In exercising this right, you also have the right to request that a controller transmits your personal data directly to another controller, if this is technically feasible. This may not adversely affect the rights and freedoms of any third parties.
The right to data portability does not apply to the processing of personal data which is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
7.) Right to object
In certain circumstances, you have the right to object at any time to your personal data being processed on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object to your personal data being processed for the purpose of such advertising at any time; this includes any profiling of data that is related to direct marketing.
If you object to processing for the purpose of direct marketing, your personal data will no longer be processed for this purpose. In the context of the use of information society services, and irrespective of Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.
8.) Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of the processing performed based on this consent prior to the withdrawal.
9.) Right to complain to a supervisory authority
Irrespective of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, especially in the Member State in which you live or work or the location of the suspected infringement if you believe that the processing of your personal data is in breach of GDPR.
The supervisory authority with whom the complaint was lodged will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy as per Art. 78 GDPR.
Information for customers and suppliers as per Art. 13/Art. 14 GDPR