PRIVACY POLICY
Welcome to our online shop! We appreciate your interest in our company. The protection of your personal data is important to us. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation acts that apply to our company.
Our data protection notice explains what personal data we gather from you via our website, what we use this for, when we delete this and how your data is protected as best as possible by means of security measures. In addition, we disclose the respective legal framework that authorises us to process data accordingly. Furthermore, you will be informed of your statutory rights in connection with the processing of your data. In order to provide you with the best possible transparency in connection with our processing of data, you will first find generally valid information concerning the processing of personal data and then detailed information concerning the following topics:
- Tracking measures and the setting of cookies
- Data processing in the newsletter
- Purchasing in the online shop
- Contact options
- Social media
- Payment systems/credit check/fraud prevention
- Web shop protection against attacks (Cloudflare)
Personal data are any information that enables the identification of a natural person. This includes, in particular, names, birthdays, addresses, telephone numbers, e-mail addresses but also your IP address.
Anonymous data exist if no personal relationship can be established to the user.
The responsible party within the meaning of data protection legislation is:
s.Oliver Sales GmbH & Co. KG
Ostring
97228 Rottendorf
Germany
Telephone: +49 (0) 9572 – 91 60 39
E-Mail: privacypolicy@comma-store.com
*Standard landline rate from your telephone provider, free of charge for flat rates; mobile phone rates may vary
Data collection/personal data
We collect personal data in accordance with the legal requirements. All personal data that we collect from you via the website will only be processed for the purposes described in greater detail below. This collection takes place within the framework of the legal provisions already named, more specifically, only with your consent.
Article 6 EU GDPR in particular specifies when data processing is allowed. Comma collects data if:
- You have given consent (Article 6(1) lit. a EU GDPR)
- Processing is necessary for the performance of a contract/prior to entering into a contract (Article 6(1) lit. b EU GDPR)
- Processing is necessary for compliance with a legal obligation (Article 6(1) lit. c EU GDPR)
- Processing is necessary for the purposes of the legitimate interests of our company except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1) lit f. EU GDPR). In particular, we view an overriding, legitimate interest in data processing in the following cases:
- Tracking measures and setting of cookies
In order to be able to provide you with an optimal user experience in our online shop and with our advertisements, an experience tailored to your unique needs, we work with various service providers and technology providers, using cookies and tracking methods in the process. In such a case, we base this on our legitimate interest in data processing as far as possible; in most cases, however, we obtain your consent first (Article 6(1) lit. a or Article 49 para. 1 sentence 1 lit. a EU GDPR), which you can of course revoke at any time via the privacy settings. You can find detailed information under the “Tracking measures and setting of cookies” rubric. - Protecting the security of our systems/investigating errors
For technical security reasons, particularly to protect against hacking attempts on our web server, data will be saved pursuant to Article 6(1) lit. f EU GDPR. No connection is established to individual users. In particular, we collect the following data: The web browser and operating system that are used/name of the internet service provider/information about the website you are visiting us from/information about the website/that you retrieve on our site, the date and time of your visit/the name of requested files/whether a file was transferred/the amount of data that is transferred/the IP address assigned by your internet service provider. Of course, personal data that is collected will be kept confidential.
Storage period and criteria for determining this period
Comma processes and saves your personal data only for the period required to achieve the particular processing purpose, or if there is a legal retention period (in particular for commercial or taxation purposes). Once this purpose has been achieved or the retention requirement has expired, the respective data will be routinely erased.
Data transfers
In certain cases it is necessary to transfer processed personal data in the course of data processing. In this respect, there are various recipient sites and recipient categories.
Internal locations
Where necessary, we will transfer your personal data within the s.Oliver Group (s.Oliver Sales GmbH & Co. KG, Ostring, 97228 Rottendorf) COMMA). Of course, we comply with the legal framework associated with this process and ensure that your data is lawfully processed. Your personal data are accessible only by authorised employees who require data access because of their responsibilities, e.g. to fulfil your order or to contact you in case of an enquiry.
External locations
Personal data will be transferred to the following categories of recipients while respecting the legal requirements:
- Service providers within the framework of fulfilment
- Delivery services, distributors, payment services
- Companies that provide marketing services
- Service providers that are part of communication systems
- Government authorities and institutions to the extent that this is necessary or required or we are legally obligated to do so
Safe transfer of your data
We employ the proper technical and organisational security measures to protect data that we save as best as possible from random or intentional manipulation, loss, destruction or access by unauthorised parties. The security level is constantly being monitored together with security experts and adjusted to new security standards.
It goes without saying that the security of your data is also important to us when transferred within the s.Oliver Group or to our partners or third parties - secure transfer procedures are selected accordingly:
Data is generally transferred via a transfer encoded connection. Here we apply state of the art protocols such as TLS 1.2 with PFS.
Therefore only encoded data is exchanged from and to our website. We offer HTTPS as the transfer protocol for our website, always using the current encryption protocols.
Links to other providers
Our website also contains clearly recognisable links to the websites of other companies. If and when there are links to the websites of other providers, we have no influence on the contents. For this reason we cannot assume any warranty or liability for this content. The respective provider or operator of these websites are always responsible for the content of these websites. The linked websites were evaluated for possible statutory violations and recognisable violations of the law at the time of linking. We did not identify illegal content at the time of linking. It is not possible, however, to constantly control the content of linked websites without specific evidence that the law has been broken. Should violations become known, these links shall be removed immediately.
Rights of the data subject
We are happy to inform you in the following of the rights that may be available to you free of charge as an affected party.
- Access: We are happy to inform you about whether, and if so, which personal data of yours we have and are processing.
- Rectification: If we are storing erroneous personal data, then of course we will be happy to correct them.
- Restriction: You can have the processing of your personal data restricted under certain legal conditions. This is possible, for example, if you contest the accuracy of the data we have.
- Erasure: You can have the processing of your personal data restricted under certain legal conditions. This is possible, for example, if you contest the accuracy of the data we have.
- Objection: You can object to the data processing procedures we use to process your personal data, which we base on balancing the interests of all parties, by indicating the specific grounds for objection.
- Withdrawal: Of course, if you have given us consent to process data, you can also withdraw such consent with future effect without indicating the reason.
- Data portability: We are happy to make personal data concerning you which we have received as part of concluding a contract or through consent and based on an automated data processing procedure available to you or a third party named by you in a commonly-used, machine-readable format.
- Complaint: You also have a right to lodge a complaint with a supervisory authority.
You can exercise your rights as a data subject at any time using the contact options provided or consult with us regarding data protection. You can contact our data protection organisation via the following email address: privacypolicy@comma-store.com
Right to lodge a complaint with a supervisory authority
Of course, you have the freedom to contact the proper supervisory authority for you at any time. Alternatively, our supervisory authority is also available to you. This is:
The Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)
Postfach 606
91511 Ansbach
Germany
Other questions
You can contact our data protection organisation at any time via the following email address: privacypolicy@comma-store.com
Tracking measures and setting of cookies
As explained above, we wish to provide you with an optimal user experience in our online shop and with our adverts, which are tailored to your unique requirements. For this purpose, we work with various service providers and technology companies and use cookies and tracking methods during this process. You can find detailed information below:
Necessary technologies
These technologies are necessary to enable the core functions of the website.
Google Tag Manager (Article 6 para. 1 lit. f of the EU GDPR)
This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Using this service, website tags can be managed via an interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain. This means that essentially no cookies are used and no personal data is recorded. Google Tag Manager activates other tags that may then record data. However, Google Tag Manager does not access this data. If deactivation has occurred at domain or cookie level, it remains in place for all tracking tags implemented by Google Tag Manager.
More information is available at http://www.google.com/tagmanager/use-policy.html
Sentry
Sentry is a tool of Functional Software Inc. (Sentry), 8th Floor, 45 Fremont Street, San Francisco, CA 94105, United States of America (“Sentry”) for monitoring system stability as well as identifying and repairing errors in the code of web pages. Sentry captures IP addresses, device information, usage data and error data to guarantee system stability and to be able to recognise and repair errors promptly. We use the tool for reasons of our legitimate interest in improving the website and repairing errors (Article 6 para 1 sentence 1 lit. f GDPR, section 25 para 2 German Telecommunications Digital Services Data Protection Act (TDDDG). The data captured is not used for other purposes.
Please note that, as a US provider, Sentry is headquartered in a country that may have a lower level of data protection than in the EU. The European level of data protection is ensured by concluding appropriate contractual arrangements and suitable guarantees.
The deletion of the collected data takes place by default after 90 days.
You can also find further information about Sentry data processing here: https://sentry.io/privacy/
Privacy settings
In your privacy settings you can see which services we use and decide for yourself if and to what extent you would like to agree to these services and even subsequently change the settings at any time. The processing takes place on the basis of your consent in accordance with Article 6(1) lit. a or Article 49 para. 1 sentence 1 lit. a EU GDPR.
Usercentrics (Article 6 para. 1 lit. c of the EU GDPR)
To obtain and manage your consents, we use the Usercentrics Consent Management Platform. The provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich. The Usercentrics Consent Management Platform collects device information, browser information, opt-in and opt-out data, date and time of visit, URL requests and page path of the website via JavaScript. This JavaScript allows Usercentrics GmbH to inform the user of specific tags and web technologies on our website and to obtain, manage and document the user’s consent. The legal framework for the processing of the data is Article 6 para. 1 lit. c and f of the EU GDPR, as we are required by law to provide evidence of consent (in accordance with Article 7 para. 1 of the EU GDPR). The aim is to identify the preferences of the users and implement them accordingly, as well as document them in a legally secure manner. The data is deleted as soon as it is no longer needed for logging purposes and there are no statutory retention requirements to the contrary. Consent data (consent and withdrawal of consent) is stored for three years. The data is then immediately deleted or passed on to the responsible party in the form of a data export on request. The user can permanently prohibit the execution of JavaScript at any time by using the appropriate settings in their browser, which would also prevent Usercentrics from executing the JavaScript. Further information on the subject of data protection at Usercentrics can be found at: https://usercentrics.com/privacy-policy/
Functional
Required for the correct display of essential website content and functions, e.g. chat functions, partner search, display of personalized website content.
Algolia (Article 6(1)(a) GDPR and Section 25(1) German Telecommunications Digital Services Data Protection Act [TDDDG]) with consent, Article 6(1)(f) GDPR without consent)
Provided you have given your consent, we use on our website the marketing and analysis tool Algolia of Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France. This tool provides analysis services for our search function on the website. Information is collected about how you use our website and the search function so that we can provide you with personalised search results corresponding to your interests. The modifed Usercentrics controller ID as a user token enables tracking over several sessions so that we can present you with AI-supported searches tailored to you and observe and analyse them over a greater length of time.
This tool collects browser information, the IP address shortened by four digits by Algolia, search queries and search filters, clicks on search results, products or other buttons, an individual user ID, timestamp, device information and user data like pages visited, products viewed or placed in the shopping bag as well as purchases made. In addition, geolocalisation is carried out based on your IP address.
We store the data collected for a period of 365 days.
Data is not transmitted to third countries outside of the EU/EEA. Further information on data processing by Algolia can be found at https://www.algolia.com/policies/privacy/
You can withdraw your consent at any time with effect for the future. To do this, simply call up the privacy settings and select the appropriate consent. Please note that the privacy settings must be changed for each individual end device.
Should you not wish to give your consent, we will obviously not collect any personal data that is not needed for providing the search function. In that case, your IP address will only be used to provide the (non-personalised) search results and then shortened. Instead, only search queries and filters, browser and device information, timestamp and an approximate geolocalisation based on your IP address are collected.
Dynamic Yield
On our website and as part of personalised email campaigns, we use the Dynamic Yield service of the provider
Dynamic Yield, Inc. / Mastercard Europe SA, 198A Chaussée de Tervuren, Waterloo, Belgium, B-1410
Dynamic Yield collects and processes the following data:
- IP address
- geographical location
- device information
- browser information
- user data
- referrer URL
- unique identifier of the mobile device
- user agent data
- email address
The contents of this website is optimised for you with Dynamic Yield. This concerns precise recommendations, equivalent products or other personalised content relevant to you to make your website visit a personal experience. Dynamic Yield uses cookies to do this and records information about your user activities on our website.
If you have given your consent, the movement data gained by Dynamic Yield is added to the appropriate user profile.
Dynamic Yield is used on the basis of your consent in accordance with Article 6(1)(1)(a) GDPR, which you can revoke here at any time.
If you do not give your consent, Dynamic Yield will only read your geographical location from your IP address and user agent data, but will not store or further process any of this data. This is done for the purpose of displaying product recommendations (similar products or top sellers) on the website. Cookies are not set in this context. This data is not assigned to you as a person or merged with any other personal data that may be available; the data, in particular the location, is not used or evaluated by us. The collection is based on our legitimate interest in the playout of product recommendations (Article 6(1)(1)(f) EU GDPR), as the data collected here only have the minimum necessary personal reference.
The data collected by means of Dynamic Yield is stored until you withdraw your consent. Otherwise, this data is deleted as soon as the purpose of the data collection is no longer applicable. This is 90 days at the latest after your deletion request.
This service can pass on the data collected to another country. Please be aware that this service data can also be transferred outside of the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you potentially having any legal recourse. However, we take the possible and necessary measures under data protection law in accordance with Article 44 ff. of the EU GDPR to establish the level of data protection in the third country.
Google Maps
We use Google Maps (AIP) on our website, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). Google Maps is a web service that depicts interactive maps in order to display information visually. Using this service will show you our location and make it easier for you to find us.
As soon as you retrieve the subpage that is connected to the map from Google Maps, information regarding your use of our website (e.g. your IP address) is transferred to Google’s server in the USA and stored there. This shall occur regardless of whether Google provides a user account that you have logged in to or if there is no user account at all. If you are logged in to Google, your data will be allocated directly to your account. If you do not want your data to be allocated with your Google profile, you must log out before clicking the button. Google stores your data (even for users who are not logged in) as a user profile and analyses them. This kind of analysis occurs pursuant to Article 6(1) lit. f GDPR based on the legitimate interests of Google in displaying personalised advertisements, market research and/or demand-driven design of its website. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR). You have the right to object to the creation of these user profiles, and should contact Google if you wish to claim this right.
If you do not want your data to be transferred to Google in the future as part of using Google Maps, you also have the option to completely disable the web service of Google Maps by turning off the JavaScript application in your browser. Google Maps, and by extension the maps displayed on this internet site, cannot be used if you do this. You can view the terms of service for Google at http://www.google.de/intl/de/policies/terms/regional.html and you can find the additional terms of service for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html
You will find detailed information about data protection in connection with the use of Google Maps on the Google website ("Google Privacy Policy"): http://www.google.de/intl/de/policies/privacy/
YouTube
YouTube is a video portal from YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”). We have incorporated at least one YouTube plugin in our online services.If you call up an online service that contains a YouTube plugin, a direct connection is established from your browser with the YouTube server. In doing so, the information that your browser has visited the respective page of our online services is transferred to YouTube even if you do not have a YouTube account or are not logged in to your account. This information is transferred from your browser directly to a YouTube server in the USA and saved there.
If you are logged in to your YouTube account at the same time, then it is also possible that the page retrieval will be allocated to your YouTube account and you would allow YouTube to allocate your surfing behaviour directly to your personal profile.
If you would like to prohibit YouTube from transferring and storing your data and your behaviour on our online services, you must log out of YouTube before visiting our site and, if necessary, delete cookies placed by YouTube.
Further information concerning the collection and use of your data by YouTube can be found in the data protection notice at https://www.YouTube.com/static?template=privacy_guidelines as well as in the data protection policy of Google, https://www.google.com/policies/privacy/.
We base the collection of the data on your consent to the relevant data processing in accordance with Article 6(1) lit. a EU GDPR, which you can of course also withdraw at any time by altering your privacy settings.
Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR).
Fitting Guide (Article 6(1)(a) GDPR, Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG)
On our website, we use the services of SAIZ (SAIZ GmbH, Nostiltzstr. 23, 10961 Berlin, Germany, hereinafter referred to as “SAIZ”). SAIZ collects, processes and stores the personal data of website visitors in order to give personalised size and fit recommendations and for statistical analyses and business cost optimisation. The following personal data, in particular, is processed by SAIZ: Data that you enter in order to receive a personalised size recommendation, such as
age, gender, height in cm, chest circumference (if applicable), hip circumference (if applicable), waist circumference (if applicable), weight, information relating to build and body shape, information on hours of exercise taken per week and the e-mail address (optional) of visitors to the website.
The following data is also stored: IP address, user’s internet provider, date and time of access, browser type, language, browser version and operating system, content accessed, time zone and the website visitor’s referrer. SAIZ collects this data through persistent cookies, which are stored on the website visitor’s local browser. SAIZ stores the profiles of each respective visitor on the website visitor’s local browser. The collected data is processed by SAIZ in the European Union. The provision of this data is not legally or contractually prescribed or mandatory for the conclusion of a contract. There is no obligation to provide this data. If data is not provided, we cannot provide the requested content or make a size recommendation.
The purposes of data collection and processing by SAIZ are size assessment, sales promotion or increase in sales through cost optimisation for our company (size recommendation, fit testing of products), marketing purposes (personalisation and fit testing) and analysis purposes (conversion tracking).
The data recipient of the collected data is SAIZ GmbH and its external service providers, such as DataDog and Microsoft, whereby in the context of the use of DataDog and Microsoft, appropriate agreements ensure that the collected personal data is only stored on Microsoft and DataDog servers in the EU. However, it cannot be guaranteed with 100 percent certainty that no data will be transferred to a third country as a result of the use of Microsoft and DataDog by SAIZ as their subcontractor. If personal data is processed in a third country, this may only occur if the special prerequisites of Article 44 et seq. of the GDPR are fulfilled. This includes, in particular, the conclusion of standard data protection clauses (“EU-SCC”) and the “Transfer Impact Assessment” (“TIA”) carried out by SAIZ.
The required legal basis for processing personal data by SAIZ is set out in Article 6 (1)(1)(a) GDPR and Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG) (consent). In other words, the personal data of each respective visitor to the website is only processed with the prior consent of the website’s visitor. This consent is obtained via the cookie banner. You can revoke your consent at any time with effect for the future. To do so, simply go to the data protection settings and disable the relevant consent option. Please note that the data protection settings must be changed for each individual end device.
The visitor’s personal data will be deleted as soon as the processing purposes for which it was collected have been achieved or if the visitor withdraws their consent to data collection.
Further information about data processing carried out by the Saiz tool can be found at:
https://www.saiz.io/datenschutz
Returns management
As part of our returns management system, we use Retain from parcelLab GmbH (Kapellenweg 6, 81371 Munich, Germany). For the purposes of handling returns and complaints, the Retain portal from the service provider parcelLab is downloaded and both traffic and connection data (such as the IP address) is sent to the provider.
In addition, any data that is relevant to the returns process is also sent to parcelLab. This includes:
- Order number
- E-mail address
- Name
- Address
- Selected payment method
- Invoice number
- Selected shipping company
- Time of order and returns registration
- Ordered and returned items
- Reason for the return
Traffic and connection data is stored for 7 days.
Data relevant to the returns process is stored for 90 days.
The legal basis for downloading the portal is your express consent, Article 6 (1) (1)(a) GDPR. You can revoke your consent at any time with effect for the future in the data protection settings. Please note that you must revoke your consent separately for each end device.
Data that is relevant to the return is processed on the basis of the contract, Article 6 (1)(1)(b) GDPR.
Information about the service provider’s data protection can be accessed at https://parcellab.com/privacy-policy/ .
SearchHub (CXP Commerce Experts GmbH)
We use the SearchHub tool from CXP Commerce Experts GmbH (Am Schoßgatter 3, 75172 Pforzheim – Germany) in our online shop. With the help of SearchHub, we automatically optimise the search terms entered by our users in the background so that our search function can deliver the best matching products. This enables us to find what you are looking for even if you make typing errors or use different spelling. We also differentiate between automated queries (bots) and real users.
In order to achieve the best possible results, we collect the following data:
- Search terms
- Address of the page on which the search query was entered
- Selected suggestions from the search function
- Search result filters used
- Clicks on products and additions to the shopping cart
- Products ordered
Data processing is carried out on the basis of our legitimate interest in providing a search function and is necessary to optimise the results and ensure the functionality of our search function, Article 6(1)(1)(f) GDPR, as well as Section 25(2) of the Telecommunications and Digital Services Data Protection Act (TDDDG).
The cookies used have a lifespan of 48 hours.
You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
Analytics
These technologies allow us to analyze the website to measure and improve performance.
Google Analytics 4
On the basis of your consent (Article 6(1)(1)(a) GDPR), this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use server-side Google Analytics 4 and initially collect the data ourselves. In the downstream step, the information is transmitted by us to Google for evaluation. A direct data connection between you and Google will not be established. Cookies and other technologies that access information on your end-device are also used.
In doing so, we collect and process the following data:
- Order-ID
- Basket-ID
- Account details
- Bounce rates
- Browser information
- Click path
- Unit information
- Date and time and duration of the visit
- IP address
- Downloads
- Location
- Internet service provider
- Mouse movements
- Screen resolution
- Behavioural data
- Referrer URL
- App updates
If you consent (Article 6(1)(1)(a) GDPR) to data processing through Google Analytics 4, we will use your data for usage analysis. In this case, we pass the data on to Google for evaluation without anonymisation or pseudonymisation. In this case, the information will be transferred to a Google server in the USA and stored there. However, Google’s IP anonymisation is active so that your IP address is shortened before data transmission and within the European Union or contracting states of the European Economic Area. Google does not store the full IP address. An unabbreviated transmission of the full IP address to Google only takes place in exceptional cases.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics 4 will not be combined with other data from Google.
Sessions and campaigns are always terminated after a certain period of time has elapsed. By default, sessions end after 30 minutes of no activity and campaigns end after 30 days. Users’ personal data is deleted or anonymised after 14 months, and the cookies set have a lifespan of 24 months.
You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
This website uses the IP anonymisation function of Google Analytics 4. Furthermore, an order data processing contract was concluded with Google. You also have the option of deactivating Google Analytics 4 using a browser add-on.
For more information on terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en
You can find more information on this at https://support.google.com/analytics/answer/6004245 (general information on Google Analytics and data protection).
Google Signals
As part of Google Analytics, data collection by Google Signals is active at a country level. Granular location and device data is collected at a country level. Furthermore, as part of Google Signals, cross-device tracking is carried out across various websites and apps on all devices as long as you are logged into your Google account and have activated personalised advertising. As part of this process, we may also receive information about your interests and demographic characteristics, such as your age, language, place of residence or gender. This also enables Google Analytics to better define specific audiences or target groups, receive reports from all devices and use them for remarketing purposes. Moreover, the captured data is used for anonymous statistical analysis purposes.
You can prevent data processing via Google Signals by logging out of your Google account and/or deactivating personalised advertising in your Google account. You will find assistance on how to do this at the following link: https://support.google.com/My-Ad-Center-Help/answer/12155764
Together with Google, we are responsible for the processing of data as part of Google Signals. If you have any questions about the use of data by Google itself, we politely request that you contact Google directly. If you have given your consent to Google Analytics in our consent banner (Article 6(1)(a) GDPR, Section 25(1) of the German Telecommunications Digital Services Data Protection Act [TDDDG]), the existing Google Analytics features will be enhanced with other data that Google collects.
Google Analytics Universal Analytics
On the basis of your consent (Article 6(1)(1)(a) GDPR), this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and other technologies which access information from your end-device [...] and which enable an analysis of your use of the website. We use server-side Google Analytics and initially collect the data ourselves. In the downstream step, the information is transmitted by us to Google for evaluation. [...]
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other data from Google.
The user’s personal data is deleted or anonymised after 14 months. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate it in the “Cookie consent tool” provided on the website. We have concluded a data processing agreement with Google for the use of Google Analytics with which Google is obligated to protect the data of persons visiting our website and to not pass it on to third parties.
This service can pass on the data collected to another country. Please be aware that this service data can also be transferred outside of the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you potentially having any legal recourse. However, we take the possible and necessary measures under data protection law in accordance with Article 44 ff. of the EU GDPR to establish the level of data protection in the third country.
Further information on Google Analytics can be found here: https://policies.google.com/privacy?hl=en
Marketing
These technologies are used by advertisers to display advertisements that match your interests.
Emarsys
We use services provided by Emarsys eMarketing Systems AG (Stralauer Platz 34, 10243 Berlin, Germany; www.emarsys.com). Emarsys is a marketing service provider. This service can help to increase customer loyalty. The purpose of this data processing is to cultivate customer relations, manage direct advertising and analysis and to optimise our newsletter advertising.
Emarsys operates by setting cookies and tracking pixels. Assuming you have given your consent, (Legal framework Art. 6 Para. 1(a) EU GDPR, Section 25 Para. 1 TDDDG), when you visit our website or click on our newsletter, one of these cookies is set and the following data is collected:
- Date & time of visit
- Usage data
- Opening of e-mails
- Confirmation of receipt and reading of e-mails
- Products viewed
- Surfing history
- Pseudonymous cookie ID
- Links clicked
- User behaviour
- IP address
The data collected using Emarsys' cookies is compiled into a user profile, which can be assigned to you based on the e-mail address you provided when you registered. This data is then used to personalise your newsletter. If you no longer wish to receive our newsletter, you can unsubscribe at any time by clicking on the unsubscribe link contained in each e-mail or by sending an e-mail stating your wish to unsubscribe. The information can also be used to display product recommendations on our web applications or via SMS, WhatsApp and Push & Print.
We will only store data collected by Emarsys for as long as we need to in order to fulfil the purposes for which it was collected, or, at most, until the user withdraws their consent to having their data processed, or until it is required for processing purposes.
You may also withdraw your consent at any time HERE.
For more information about data protection at Emarsys, please click here: https://www.emarsys.com/en/privacy-policy/
Google Enhanced Conversions
We use the “Enhanced Conversions” extension of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) in connection with Google Ads. In this process, input data in form fields of our website or digital offers are recorded by means of tags and transferred in encrypted form to the Google Ads service via an interface. Google combines the data collected in this way with existing user usage data already collected to create profiles and makes these available to the responsible party. If you visit other websites that also use Google Enhanced Conversions or other Google services, this information will also be linked to your unique ID. However, it is not apparent to us which other pages you visit.
If you are logged in to your Google account at the same time, the page view and the entries are also assigned to your Google account. Your usage behaviour is then directly assigned to your personal profile. To prevent this, you can either log out of your Google account before accessing the page or not give your consent to the service.
The purpose of the processing is to gain more detailed knowledge about the usage behaviour of our users in order to target and optimise our offers and advertising measures more precisely and appropriately. By using Google Enhanced Conversions, we get a more comprehensive usage picture and greater visibility for our Google Ads analytics.
We are not aware of Google using the data for its own purposes. The collection of the input data takes place after your express consent and only after the input has been completed and transmitted to us.
The data processed in this way are deleted after the purpose has been achieved, but at the latest after 60 days for unallocated data and after 140 days for allocated data.
The legal basis for the processing of your personal data is your consent in accordance with Article 6(1)(1)(a) GDPR and, insofar as data stored on the end device via the tags is collected and processed, Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG).
The processing is based on your prior consent. You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
The information Google collects about users is transmitted to Google and stored on Google’s servers in the US, among other places. The service provider is obliged by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. Data processing or storage in third countries can also take place on the basis of your consent (Article 49(1)(1)(a) GDPR); in this case, you will be informed of this and the associated risks separately.
For more information about Google Enhanced Conversions, please visit: https://support.google.com/google-ads/answer/9888656?hl=en
Crealytics
On the basis of your consent in accordance with Article 6 para 1 sentence 1 (a) EU GDPR, this website uses the Crealytics CLV real-time tag of Crealytics GmbH, Salzufer 12, 10587 Berlin to optimise the paid search channel, in particular to improve how ads run on Google. For this purpose, order tracking is carried out using JavaScript. Details of transactions that have taken place via the website are forwarded to Crealytics to calculate the value of the transaction. This comprises the following data: retailer name, sales market, transaction ID, transaction value, transaction currency, transaction details (order ID, time, market, new customer, details of purchased products: product ID, sales, number, product costs, discount value, shipping costs, VAT, VAT rate, return rate), conversion ID, conversion label.
You can revoke your consent at any time with effect for the future via the privacy settings under the cluster Marketing.
Please note that the privacy settings must be changed for each individual end device.
Google Ads Conversion Tracking
We use the Google Ads conversion tracking and remarketing service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, US, “Google”). Google Ads uses “cookies”, which are text files stored on your computer that create conversion statistics for the Google Ads advertising program. The Google Remarketing service allows us to display advertisements for our website in a more targeted manner that are potentially more relevant to the user personally. For example, if a user is shown ads for products they were interested in on other websites, this is called “remarketing”. For these purposes, so-called remarketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website when our websites are called up on which Google Ads Conversion Tracking is active. This file records which web pages the user has visited, which content they are interested in and which offers they have clicked on, as well as technical information on the browser and operating system, referring web pages, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there.
If the user subsequently visits other websites, they can be shown ads tailored to their interests. User data is processed pseudonymously as part of Google’s marketing services. This means that Google does not store and process the name or email address of the user, for example, but processes the relevant data based on cookies within pseudonymous user profiles. So from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for whoever consents to the cookie, regardless of who the person consenting to the cookie is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. Google marketing
The information Google collects about users is transmitted to Google and stored on Google’s servers in the US, among other places.
The service provider is obliged by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. Data processing or storage in third countries may also take place on the basis of your consent (Article 49(1)(1)(a) GDPR), in which case you will be informed of this separately.
The cookies used lose their validity after 30 days and do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page.
The legal basis for the processing of your personal data is your consent, Article 6 (1)(1)(a) GDPR and Section 25(1) German Telecommunications Digital Services Data Protection Act (TDDDG). The processing is based on your prior consent. You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and select the corresponding consent. Please note that the consent banner settings must be changed for each individual end device.
Alternatively, you can generally deactivate the automatic setting of cookies via browser settings. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.
For more information on Google’s use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy. If you would like to object to interest-based advertising by Google marketing services in general, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences
Facebook Website Custom Audiences
This website uses “Facebook Pixel” as well as the Conversion API interface with server-side tagging, using Google Tag Manager, and further tracking technologies from Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) or, if its registered office is in the EU, Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 1, Ireland.
If express consent is granted, then user behaviour can be tracked after a user views or clicks on a Facebook advertisement. This process serves to evaluate the efficacy of the Facebook advertisement for statistical and market research purposes and can contribute to optimising future advertising activities. The collected data is pseudonymous to us and therefore cannot in principle be used to draw conclusions about the identity of the user. However, the data is stored by Google and transferred to Facebook and processed there, such that a connection to a respective user profile is possible and Facebook can use the data for their own advertising purposes according to the Facebook Data Policy (https://www.facebook.com/about/privacy/) verwenden kann.
You can make it possible for Facebook and its partners to place advertisements both on and outside of Facebook. A cookie can also be saved on your device for these purposes.
Furthermore, Facebook Custom Audiences collects data from the use of our website: e-mail address, gender, town, region, postcode, country, first name and surname, telephone number, date of birth, IP address, Facebook and browser ID. This enables Facebook to organise your data in a certain Facebook profile the purpose of targeted marketing.
When collecting data, we rely on your consent in accordance with Article 6(1) lit. a EU GDPR and Section 25 Para. 1 German Telecommunications Digital Services Data Protection Act (TDDDG) to process the data accordingly, which you may revoke at any time by changing your privacy settings. If you revoke your consent, your data will no longer be used for this purpose and will be deleted, provided no legal retention periods prevent this. Without revocation, the data is stored for a period of 2 years. The data is then automatically deleted.
TikTok Art. 6 Para. 1(a) EU General Data Protection Regulation (EU GDPR)
On our website we use TikTok Pixel, a conversion tracking tool for advertisers. The service provider is the Chinese company TikTok. The company TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) is responsible for the European area.
The TikTok Pixel is a tool that allows us to understand and track visitors’ activity on our website. We use the pixel in conjunction with an API connection and other tracking technologies. For this purpose, the Tiktok Pixel and TikTok Events API collect and process information about visitors to our website, about the devices they use and about how they use our offers and services (known as event data). Examples include usage data, device information, smartphone-related information, last name, first name, internet service provider, IP address, hashed e-mail address, hashed phone number and browser history. Usage data is also collected that allows us to draw conclusions about how visitors use our website and its functions (such as the date and duration of the visit, products viewed, use of the wish list, placement of products in the shopping cart and completion of purchases), as well as various IDs (click ID, cookie ID, event ID, order ID, shopping cart ID and user ID). This information is primarily used to determine the performance of our marketing campaigns, suggest products and services to visitors for retargeting purposes and to display our advertisements and evaluate their effectiveness.
Event data collected by the TikTok Pixel is used to target our ads, to improve ad delivery and for personalised advertising. In order to do this, the event data collected on our website via the TikTok pixel is transmitted to TikTok.
The data is stored for 24 months.
The legal basis for the collection and transmission of personal data that we provide TikTok is therefore Art. 6 Para. 1(a) EU General Data Protection Regulation (EU GDPR), Section 25 Para. 1 German Telecommunications Digital Services Data Protection Act (TDDDG). You can revoke your consent at any time in your privacy settings.
TikTok may share the information it collects with other third party companies. Please note that we have no influence over or knowledge of this as it is TikTok’s own responsibility. For more information about data protection at TikTok, please click here: https://www.tiktok.com/legal/page/eea/privacy-policy/en
Please note that in this context, personal data may be processed in a third country, the US. Appropriate contractual regulations and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries. Data may also be processed or stored in third countries on the basis of your consent (Article 49(1)(1)(a) GDPR). In such cases, you will be informed of this separately, and about the right to revoke your consent, in the course of obtaining it.
General information concerning the function of cookies
In the following we describe the functioning of website optimisation across devices. Our website uses cookies in several places. They serve to make our website more user friendly, more effective and more secure. Cookies are small text files that are deposited and stored on your terminal device.
With these cookies, we are able to analyse how users use our website. This allows us to design our website content to suit the needs of the user. Additionally, cookies allow us to measure the effectiveness of a certain advertisement and place it depending on the topical interests of the user, for instance.
The cookies that are used have a unique user ID. Certain interfaces allow us to allocate the various user IDs to a unique client (e.g. when logging in to our online shop from your smartphone and computer) and thus optimise our website across your devices.
The cookies we use have a long lifespan due to the purpose of the processing and – provided that you do not object to or delete the cookies – are automatically deleted after 6 months.
Of course, you can also disable, restrict or even delete cookies manually on your terminal device via the settings in your browser or with the aid of software.
Please note: If you disable cookies, then you may not be able to use all functions completely.
Technologies for the function of the website and the online store (Art. 6 para. 1 lit. f EU-DS-GVO)
Akamai
For the purpose of speeding up our website, we use the content delivery network (CDN) of Akamai Technologies Inc., 150 Broadway, Cambridge, MA 02142, US (Akamai). A CDN is a service with whose help the contents of our online offer, especially large media files like graphics or scripts, can be delivered quicker with the help of regionally distributed servers connected via the Internet. Your data is processed solely for the above-mentioned purposes and to maintain the security and functionality of the CDN. Akamai can transfer personal data from the log files to the US every time data is processed (e.g. IP addresses, location data). The location data is used to send the user the data from a server that is as geographically close as possible. You can find further information on data protection and Akamai under https://www.akamai.com/legal/privacy-and-policies/privacy-statement.
Akamai stores data for up to 24 hours so that content can be provided more speedily when you visit our website. We process data to protect our legitimate interest in speeding up our website pursuant to Article 6 para 1 page 1 lit. f EU GDPR, section 25 para 2 Telecommunications Telemedia Data Protection Act (TDDDG).
Please note that in this context personal data can be processed in a third country, the US. Appropriate contractual regulations and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries.
Data processing in the newsletter (Article 6(1) lit. a EU GDPR)
You can sign up to receive our free newsletter on our website. If you have agreed to receiving the Comma newsletter, we will use your e-mail address to send information (personalised where possible) about products, campaigns, competitions and news from the fashion industry as well as surveys on general customer satisfaction. We store and process this data for the purpose of sending the newsletter.
Multi device user profile for personal and individual communication and product recommendations
Furthermore, if you have consented to receiving a newsletter tailored to your individual interests, then in addition to processing your e-mail address, we will also process your name and profile information for the purpose of sending the newsletter. With your consent, we will record your user behaviour on this website, our mobile fashion apps and newsletters from us.
The evaluation of user behaviour includes, in particular, contract processing data and creates personal profiles or uses existing data that can be used to draw conclusions about your interest in products or campaigns from Comma. Such data may come from sales contracts. Our promotions are primarily events in our retail areas, but also include sales. Contract processing data are all types of data that arise in connection with the purchases you make at Comma. If you have exchanged or returned an item, or if you were interested in an item that could not be delivered, this information is also included in the data. In addition to this, the contact information you provided to Comma, such as your title, first name and surname, e-mail address and date of birth, is also included. Your response to the advertising activities from Comma (e.g. the newsletters sent to and opened by you) and your visitor behaviour on the Comma website or in the app (e.g. date of your last visit and products viewed) may also be stored. Please therefore also note the information contained under "Emarsys" in this regard.
Withdrawal
The processing takes place pursuant to Article 6(1) lit. a EU GDPR and you can exercise your rights as a data subject at any time. If you have any questions, please contact us at privacypolicy@comma-store.com. You can withdraw your consent regarding receipt of the newsletters or the creation of personalised use profiles at any time with future effect, for example by unsubscribing from the newsletter on our website. You can also find the link for unsubscribing at the end of every newsletter.
Contact options
Contact form (Legal framework Article 6(1) lit. a EU GDPR)
There is a contact form on our website that can be used to initiate contact electronically. If you use the contact form to write us, we will process your data provided on the contact form in order to initiate contact and to answer your questions and requests. During this process, the principle of data economy and data avoidance is observed, as you need only enter the data which we absolutely require in order to get in touch with you. That is your first name and surname, your e-mail address, the selected topic and the message field itself. In addition, your IP address will be processed out of technical necessity and as a legal safeguard. All other data come under voluntary fields and can be provided if you wish to do so (for example for a more personalised response to your queries).
Social media
We maintain a “social media” presence. Where we have control over the processing of your data, we ensure compliance with the applicable data protection provisions.
Below you can find the most important information pertaining to data protection laws in connection with our social media presence.
Name and address of the body responsible for the operationAlongside Comma, the following are responsible for the social media presence in accordance with the EU GDPR and other provisions under data protection legislation:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Youtube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
However, you are yourself responsible for using these platforms and their functions. This applies in particular to the use of the interactive functions (e.g. comment, share, rate).
Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR).
Purpose and legal basisWe ourselves maintain the fan pages in order to communicate with the visitors to these sites and to inform them in this way about our products and services.
We also collect data for statistical purposes, in order to be able to further develop and optimise the content and to make our service more attractive. The necessary data for this purpose (e.g. total number of site accesses, site activities, data provided by the visitors, interactions) are prepared by the social networks and made available. We have no control over the creation and display.
In addition, your personal data are processed by the providers of the social media, but also by Comma for market research purposes, communication and for advertising purposes. Therefore, it is possible that use profiles can be created in accordance with your use behaviour and the resulting interests. As a result, it is possible, among other things, to display adverts inside and outside of the platform which are considered to be of interest to you. For this purpose, cookies are generally saved on your computer. Regardless of this, data which were not collected from your end devices directly can be saved in your use profiles. The saving and analysis also takes place across multiple platforms. This applies particularly (but not exclusively) in cases where you are registered as a member and are logged in to the respective platforms.
Otherwise, we do not gather and process any personal data.
The processing of your personal data by Comma takes place in accordance with our legitimate interest in effective information and communication pursuant to Article 6(1) Sentence 1 lit. f EU GDPR.
Should you be requested to provide your consent to the data processing, i.e. should you agree by confirming via a button or similar opt in, the legal basis for the processing is Article 6(1) Sentence 1 lit. a and Article 7 EU GDPR.
Your rights/option to raise an objectionIf you are a member of a social network and do not wish for the network to collect data relating to you via our internet presence and to connect your saved membership data with the respective network, you must do the following:
- log out of the respective network before visiting our fan site
- delete the cookies on the device
- close your browser and relaunch it.
Once you sign in again, however,, you can be recognised once again by the network as a specific user.
We wish to refer to the following linked information for a detailed explanation of the respective processing and the opt out options:
FacebookData protection policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/about/privacy/ and http://www.youronlinechoices.com
Data protection policy: https://help.instagram.com/519522125107875
Opt-Out: http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com
Data protection policy: https://policies.google.com/privacy
Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en and http://www.youronlinechoices.com
Once we do not have full access to your personal data, you should contact the providers of the social media platforms directly in order to claim your rights, as these have access to the personal data of their users and can take relevant measures and provide the necessary information.
Note concerning copyright and authorship rightsShould you wish to publish pictures, texts, plans, videos, music etc on our internet presence, you should be aware that you may be assigning all rights of use to the network, which could lead to legal consequences on your part, should you not be the author or owner of the rights yourself.
Making purchases in the online shop (Article 6(1) lit. b EU GDPR)
Ordering as a guest:
You do not need to create a customer account in our shop if you decide to order from our online shop as a guest. If you order again, you will need to provide your data once again to process the order.
In addition, the data processing procedures which are described in the “tracking measures and cookie setting“ rubric apply. Of course, you will have access to the contact options and the rights as a data subject described therein.
Payment systems (Article 6 (1) lit. b and f EU GDPR)
You can select from different payment methods in our online shop. To that end, the respective data relevant to payment are collected so that your order and payment can be processed. In addition, your IP address will be processed out of technical necessity and as a legal safeguard.
Certain personal data are required in order to fulfil the contract, see mandatory fields. Unfortunately, without these data, we must refuse to enter into this contract, as we will not be able to perform it. The data will be transferred accordingly to our payment service provider to be processed.
Our payment system uses SSL encryption so that your data are protected when transferred.
Note concerning credit card payments:
The credit card information will be verified and authorised by Adyen N.V., Simon Carmiggeltstraat 5-60, 1011 DJ Amsterdam, the Netherlands. Further information can be found in Adyen's privacy policy (https://www.adyen.com/policies-and-disclaimer/privacy-policy ).
Note concerning PayPal:
PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. When a person selects ‘PayPal’ as their payment option when placing an order in our online shop, their data will be automatically transmitted to PayPal. By selecting this payment option, or the additional option outlined in the following paragraph (‘PayPal Express’), the person concerned consents to the transfer of personal data required for payment processing (Art. 6(1)(a) GDPR). Personal information submitted to PayPal typically includes the person’s first name, last name, address, e-mail address, IP address, telephone number, mobile number or other information required to process the payment. Personal data necessary for the conclusion of the sales contract also includes data related to the respective order. You can access details regarding data protection with PayPal here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Please note that, with your consent, data may therefore be transferred to a third country outside the EU/European Economic Area which may have a lower level of data protection than the EU (Art. 49(1)(1)(a) GDPR).
You can also use ‘PayPal Express’ when paying by PayPal. This option speeds up the checkout process. In this context, the data processing responsibilities lie with PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. You can view PayPal’s full privacy statement at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
In order to provide you with this option, it is built directly into the shopping cart page to ensure it works as intended and can be displayed dynamically according to the value of your shopping cart. During this process, a connection to the PayPal servers is established and the following data is transmitted: IP address, user agent, product prices, shopping cart value, device ID, shopping cart ID, currency. The processing and transfer of data is based on our legitimate interest in providing the appropriate payment options and related services and is limited to the minimum necessary for this purpose, including technical requirements, (Art. 6 (1)(f) GDPR, Section 25(2) of the German Telecommunications Digital Services Data Protection Act (TDDDG), in order to offer you these options.
Note on pay in advance:
In the case of prepayment, you will receive an invoice in advance. As soon as this has been transferred by you to the specified bank account, we will deliver the ordered items without delay.
Data processing in the order management system
To ensure that you receive all of your desired items as quickly and in as few deliveries as possible, our order management system assigns your order automatically. This assignment is based on various aspects such as availability of goods and efficiency. It is therefore required that your order is transferred to the order management system, which is provided by OneStock SAS (8 Rue des Trente-Six Ponts, 31400 Toulouse, France), operated by s.Oliver, and has its server site in Germany and France. s.Oliver stores and processes your data in the order management system out of its legitimate interest in accordance with the EU GDPR for the purpose of the efficient distribution and processing of all orders.
Data processing by shipping service providers
For the purpose of shipping, we work with logistics service providers/transport companies and/or shipping partners: The following data may be transmitted for the purpose of delivery of the ordered goods or for the purpose of shipping communication: First name, last name, postal address and, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for the processing is Art. 6(1)(b) EU GDPR.
Use of location-based services
We offer you a wide range of services on our website that provide you with, among other things, even better product availability and simplified parcel delivery. To carry out these services, we require your location in order to determine, for example, the nearest Comma branch.
Determining the nearest Comma branch
We provide the Comma storefinder on our website. The storefinder displays the nearest Comma stores and the nearest partner stores in your area when you enter in your current location or by using the Google Maps locator (see use of Google Maps). The Comma storefinder also gives you the opportunity to find exactly the Comma retail space that best suits your needs via various filters such as women’s or men’s collections, specific Comma brands or services.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions on the process or want to talk to us about the results, please contact us at privacypolicy@comma-store.com.
Web shop protection against attacks (Cloudflare)
This page uses SSL encoding for security reasons and to protect the transfer of confidential content such as the requests that you send to us as a website operator. You can recognise an encrypted connection when the address bar in your browser changes from “http://” to “https://”and by the padlock icon in your browser. When the SSL encryption is activated, the data you send us cannot be read by third parties. We use the service from Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA so that we can offer you secure data transfer using SSL encryption on our website, protect ourselves against attacks and optimise our loading times. Please be aware that with your consent, data may also be transferred to a third country outside of the EU/European Economic Area, which may have a lower level of data protection than that of the EU (Article 49 para. 1 sentence 1 lit. a EU GDPR). Cloudflare collects statistical data about your visit to this website. The following is included in the access data: Name of the accessed website, file, date and time of access, data volume transferred, confirmation of successful retrieval of data, browser type and version, user’s operating system, referrer URL (webpage that sent user to the site), IP address and the requesting provider. Cloudflare uses protocol data for statistical evaluation for operating, security and offer optimisation purposes. Please also read the data protection provisions of Cloudfare, which can be accessed here: https://www.cloudflare.com/privacypolicy/.
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions, please contact us at privacypolicy@comma-store.com.
As at
2024-12-03