The data controller for the data processing described below is We Want Shoes GmbH, Dunckerstrasse 4, 10437 Berlin (hereinafter referred to as "We Want Shoes", "we" or "us").
This Privacy Statement describes the processing of personal data when visiting or using the services on the Website www. wewantshoes.com (hereinafter referred to as "Website"). When processing your data, we will observe the provisions of the EU General Data Protection Regulation ("GDPR").
If you have any questions or suggestions regarding data protection on the Website, you can send them to: firstname.lastname@example.org. You can also reach our data protection officer at email@example.com.
You are not legally or contractually obliged to provide us with the personal data specified in this Privacy Statement. However, the transmission of the contractual information provided by you to us is a basic prerequisite for concluding a contract with us and for the effective use of the services and functionalities on our Website.
1. Data processing on our Website
Our Website is aimed at both normal visitors and our customers who use the showrooms and other functionalities on our Website. We process some data for all users, regardless of whether they are customers or mere visitors. We only process other data, however, if you transmit it to us (e.g. by creating a user account or ordering our newsletter).
Automatically processed Usage Data
We Want Shoes automatically stores use-related data (IP address, referral URL and duration of visit, subpages visited, device and browser type) in so-called log files on our servers from all users when they use the Website, without the need to create a user account. These will be deleted after 7 days at the latest.
This data is used by us to analyse, store and evaluate user behaviour and to continuously improve and further develop the We Want Shoes service. However, we also process this Usage Data in order to correct errors or personalize the content on the Website for you (including displayed advertising). We also process the Usage Data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular fraud. It is not possible for us to draw any conclusions about your person from the Usage Data.
It is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google"). The information generated by the cookie (IP address, previously visited Websites or length of visit, subpages visited, device and browser type, user ID) about your use of our Website is generally transmitted to a Google server in the USA and stored there. However, within the member states of the European Union or other signatory states to the Agreement on the European Economic Area (“EEA”), your IP address will first be truncated by Google on our Website. For this purpose, we have implemented the code "gat._anonymizeIp();" in order to ensure anonymous collection of IP addresses (so-called IP masking).
Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on our behalf to evaluate your use of the Website, compile reports on Website activity and provide other services relating to Website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
The legal basis for the processing of your usage-related data for the stated purposes (including Google Analytics) is the safeguarding of our legitimate interests within the framework of Article 6 (1) f) of the GDPR (explanations of the individual legal bases according to the GDPR can be found below under point 3).
On behalf of our customers, we also compile visitor statistics on the basis of the Usage Data stated above. If you are a registered user on our Website, the customer who operates the respective showroom can assign a specific visit to the showroom or the order history to your person. In this way, our customers can understand how their visitors use our customers' showrooms. This gives our customers an overview of the visitor frequency in the showrooms, an overview of the products that are of interest to buyers and other interactions (e.g. conversion rates). All usage statistics are provided on behalf of our customers. This means that neither we nor our customers can draw any conclusions about the person of the visitors. The customer alone is responsible for the handling of this Usage Data, as we only act as so-called contract processors in this respect. Please note the privacy information provided by the respective showroom operator.
Embedded videos on our Website
When you visit one of our pages equipped with a YouTube plug-in, a connection is established to the YouTube servers. The YouTube server is informed which IP address your device uses and which of our pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account. Operator of the video service YouTube is also Google. You can find more information about the handling of user data in YouTube's Privacy Statement at: https://www.google.de/intl/de/policies/privacy.
We also partly use video integration on the services Vimeo or Facebook. Vimeo is operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011 ("Vimeo"), Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook EU"), which also transmits data to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook USA"; together with Facebook EU as a whole, "Facebook"). Vimeo's Privacy Statement can be found at https://vimeo.com/privacy. An overview of the Facebook Player plugins can be found at http://developers.facebook.com/docs/plugins/. You can find out more about data processing on Facebook at http://de-de.facebook.com/policy.php.
YouTube, Vimeo and Facebook videos are used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) GDPR.
Data that you transmit to us yourself:
In addition to the data we receive from all visitors, we also process other data when you use our Website as a registered customer. We process your e-mail address as well as other data provided by you, such as name, address, company, VAT number (you can see the details in the respective contact form). If the customer is a legal entity, the data refers to the employees of the customer as natural persons. The legal basis for this processing is Art. 6 (1) b) GDPR.
If you are our customer and use the virtual showrooms as an exhibitor, you are responsible for uploaded content. In this respect, we will act exclusively as a host provider on your behalf. If you place an order directly from the virtual showroom, we also process this order on behalf of and on the instructions of the customer.
If you have subscribed to our newsletter, you can revoke your subscription at any time without giving reasons (see also the information at the end of this Privacy Statement regarding your right of revocation). For the dispatch of mailings like our newsletter we use the dispatch service provider SAS Mailjet, 13-13bis, Rue de l'Aubrac, 75012 Paris, France ("Mailjet"). Mailjet's applicable data protection guidelines can be found at https://www.mailjet.de/privacy-policy/. Mailjet may use your data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. Mailjet uses your data from the newsletter subscription exclusively in the context of order processing with We Want Shoes and not to write to you yourself or to pass the data on to third parties. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter. Our legal basis for sending the newsletter is Art. 6 (1) a) GDPR, the evaluation of user interaction is based on Art. 6 (1) f) GDPR.
2. The purposes for which we process your data:
We have already informed you above for which purposes we process your data in individual cases. In addition, we may process your data for other purposes. This includes, for example, passing on your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes.
3. The legal basis for the processing:
When processing your personal data, we rely on various legal bases in accordance with the GDPR
Your consent (Article 6 (1) a) GDPR)
By sending us an e-mail to our contact address, you expressly consent to the data processing described in detail in this Privacy Statement. The same applies if you send an application to us.
Our contractual relationship with you (Article 6 (1) b) GDPR)
If, for example, we process your payment or invoice data, this processing is necessary in order to be able to fulfil our obligations under our contract with you as a customer.
Our legitimate interests (Article 6 (1) f) GDPR)
There are also cases where we are entitled to process your data without your consent because it is necessary to protect our legitimate interests (or the interests of third parties). In this respect, the purposes described above, for which we process your data, also represent legitimate interests. This means that we may process the Usage Data necessary to guarantee the security of our IT systems or the operation, functionality or improvement of our Website without your consent.
Legal requirements (Article 6 (1) c) GDPR)
In addition, we are legally obliged to process certain data in individual cases in order to provide information to law enforcement authorities or tax authorities. We are also subject to statutory storage obligations for business letters under commercial and tax law.
4. To whom we forward your data:
Except to our technical service providers and as described here, we will not share your information with third parties. As recipients, our service providers will process your data solely on our instructions and have committed themselves to comply with strict requirements regarding the security of your data. This is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hosting provider). For our CRM we use close.io, a service of Elastic Inc, PO Box 1145, Jackson, WY 83001 USA. Please also note our technical service provider, who provides us with the cloud platform for the marketplace and the showrooms. This is WeTriba GmbH & Co KG, Dunckerstrasse 4, 10437 Berlin.
5. Data processing outside the EEA:
Since some of our service providers (Google, Close.io) are located outside the EEA (in so-called "Third Countries"), we may transfer your data to such Third Countries. However, we do not host your data in Third Countries and all your data is stored on servers located in Germany.
In the case of Google or close.io, however, the Usage Data collected is processed in the USA, i.e. in a third country. However, we will ensure that an adequate level of data protection is guaranteed at all times. We make sure that the data recipients are always certified according to the so-called "EU Privacy Shield" and process data exclusively according to the Privacy Shield. If no certification exists, we have obligated the respective supplier to comply with strict requirements according to the so-called EU standard contract clauses by means of a corresponding contract processing agreement. This ensures an adequate level of data protection at all times. More information about Google's participation in the Privacy Shield can be found at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. You can view the certificates of Facebook and Vimeo at https://www.privacyshield.gov/participant?id=a2zt000000000GnywAAC&status=Active and https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active.
6. Storage duration:
Unless otherwise stated above, we will only process your personal data for as long as is necessary to fulfil our contractual or legal obligations. Therefore, we store the data as long as our contractual relationship with you exists and after termination only to the extent and for as long as the law of the Federal Republic of Germany requires. All other data will be deleted when you unsubscribe from the Website; the retention period for Usage Data is the same as that set out in 1 above. Otherwise, a longer storage period may be necessary in individual cases to preserve evidence or defend against legal claims. For the preservation of evidence, for example, your IP address and the exact time of submission of the statement are required if you have given us your consent (eg to receive the newsletter).
7. User profiles:
We do not use your data to create a user profile. This means that we will not use your information to provide you with a personalized Website based on your personal preferences and interests and to provide you with customized offers based on your past behavior. For example, the IP address of your computer is not used to identify your geographic location and to provide you with localized content in your local language. We will also never process and analyse your personal data within the framework of this user profile in such a way that this leads to an automated decision which is legally valid for you or which similarly significantly affects you.
8. Your legal rights under the GDPR:
You can assert the following rights against us within the framework of the GDPR with regard to your personal data:
- Your right of access and copy pursuant to Article 15 GDPR
- Your right to rectification pursuant to Article 16 GDPR
- Your right to erasure pursuant to Article 17 GDPR
- Your right to restriction of processing pursuant to Article 18 GDPR
- Your right to data portability pursuant to Article 20 GDPR.
You also have the right to appeal to the competent data protection supervisory authority in Berlin (Article 77 GDPR in conjunction with § 19 BDSG).
In addition, you can also withdraw your consent to the processing of your personal data at any time in the event of a contact request via our contact addresses. However, this revocation only applies for the future. Any processing that took place before the withdrawal remains unaffected by this.
Information about your right of objection according to article 21 GDPR
1. Right of objection in individual cases
In addition to the rights already mentioned, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which takes place on the basis of Article 6 (1) f) GDPR (Data Processing on the Basis of a Weighing of Interests). If you object, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
2. Right to object to the processing of data for advertising purposes
You also have the right at any time to object to the processing of your personal data for the purpose of direct marketing (including subscription to our newsletter); this also applies to the creation of a user profile (so-called "profiling"), insofar as it is associated with direct marketing. If you object, we will no longer process your personal data in the future.
Please note that if you do not provide us with certain data or if you object to the use of this data, you will not be able to use the Website or only be able to use it to a limited extent.
The objection can be filed informally and is to be addressed to: firstname.lastname@example.org
9. Modification of this Privacy Statement
In order to keep this information up to date, this Privacy Statement will be modified when the underlying data processing is changed. We will not limit your rights under any consent under this Privacy Statement without your prior written consent. We will post any intended changes to this Privacy Statement as their content changes and not merely as editorial changes (e.g. to correct typographical errors).