Data Protection

As at 24/05/2018

General information and definitions


Transparency and security are important to us. We treat your data carefully and confidentially so that you feel safe and comfortable during your visit to the Betty Barclay online shop. With the following Data Protection Policy, we provide you with information about how we collect, process and use your data. (Article 4 EU GDPR).

Definitions


The ProFashion GmbH Data Protection Policy is based on the terms of the EU General Data Protection Regulation (Article 4 EU GDPR). In order to ensure uniform understanding, we would like to explain some of the terms in advance:

Personal data:


Personal data means any information relating to an identified or identifiable natural person (in the following “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing:


Processing means any operation or series of operations which is performed in relation to personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing:


Restriction of processing means the marking of stored personal data with the aim of restricting their processing in the future.

Profiling:


Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation:


Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller:


Controller or controller responsible for processing means the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor:


Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient:


Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party:


Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent:


Consent means any specific, informed and unambiguous indication of the data subject’s wishes freely given by the data subject by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.



Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

ProFashion GmbH
Heidelberger Str. 9-11
69226 Nußloch
Germany
Tel.: +49(0)6224 9000 (landline)
E-Mail: daten.schutz@bettybarclay.com
Website: Betty Barclay website



Name and address of the Data Protection Officer

If you have any questions regarding the collection, processing or use of your personal data, the disclosure, correction, blocking or erasure of data or the revocation of consents given, please contact the controller’s Data Protection Officer:

Johannes Herrmann
ProFashion GmbH
Heidelberger Str. 9-11
69226 Nußloch
Germany
Tel.: +49(0)6224 9000 (landline)
E-Mail: daten.schutz@bettybarclay.com
Website: Betty Barclay website



Right to lodge an appeal with the data protection supervisory authorities

You have the right of appeal to the responsible data protection supervisory authorities at any time. You can contact the data protection supervisory authorities of the federal state in which you reside or the authority in Baden-Württemberg as the federal state in which ProFashion GmbH has its registered office.

General information on the collection, processing and use of personal data

You can visit our website without providing any personal information.

Each time a website is accessed, the web server merely automatically saves what is known as a server log file. This contains:
  • The name of the requested file
  • Referrer (= source from which you reached our website)
  • Your IP address
  • Date and time of access
  • Transferred data volume in bytes
  • Browser used
  • Operating system used
  • HTTP status code
  • The requesting provider

Why do we collect access data?

These access data are evaluated exclusively for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interest in a correct presentation of our offer, which predominates within the scope of a balancing of interests. The log file data will not be forwarded or used in any other way.

For how long is the access data stored?

These data are deleted as soon as the purpose of their collection has been achieved. Data required to provide the website will be deleted as soon as the respective session ends, i.e. when you leave our website.

SSL encryption of data

Your data is encrypted during transmission to us by the latest technical security standards, with what is known as a SSL 256bit encryption (SSL = Secure Socket Layer). The safety certificate used is issued by one of the world market leaders, COMODO CA Limited.

Third-party hosting

As part of processing on our behalf, a third party provider provides us with hosting and website presentation services. All data collected in the context of the use of this website or in the forms provided for this purpose in the online shop as described under Data processing when using our online shop are processed on its servers. This service provider is based in Germany.



Data collection and data processing operations

Use of cookies

Our website uses cookies.

What are cookies?

Cookies are small text files that are automatically stored on your terminal device. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is accessed again.



Why do we use cookies?

We use cookies on various pages to make your visit to our website attractive and to enable the use of certain functions in order to display suitable products or for market research. This serves to protect our legitimate interest in an optimised presentation of our offer, which predominates within the scope of a balancing of interests.



For how long are cookies stored?

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (persistent cookies). You can see the duration of storage in the overview in the cookies settings of your web browser.



How can I turn off cookies?

You can set your browser so that you are informed when cookies are placed and decide to accept them on an individual basis, if you accept cookies in certain instances or generally block them. This function is described in the help menu of each browser, explaining how you can change your cookie settings. However, we would like to point out that the functionality of our website may be restricted if the cookies are not accepted. You will find these settings for the respective browsers under the following links:



Data processing when using our online shop

Personal data in the order process

Your data will only be collected, processed or used if you give us your consent to do so or if we are legally entitled to process or use your data; in addition, only such data is collected as is necessary for the use of our services.



The use and purpose limitation of your personal data is defined as follows:
We collect, store and process your data for the order processing of your purchase and possible later warranty processing as well as for advertising purposes. Personal data is also collected if you voluntarily provide it to us when you order goods, in processing your contact with us (e.g. via contact form or e-mail), in opening a customer account or registering for the newsletter. During the order process, we collect the following data/order information from you in order to process your purchase properly in our online shop (mandatory fields are marked with a *):

  • Salutation/Title
  • First name*
  • Surname*
  • Street, house number*
  • Postcode, city*
  • Country*
  • Mobile or landline phone number
  • Date of birth*
  • E-mail address*
  • Selected payment methods

The orders you place are stored by us. Alongside your ordering information, we also use other information to improve your shopping experience, such as:
  • Which e-mails you receive from us and read
  • Which products or services you are interested in
  • Which products and services you have already purchased

In this way, you will receive offers for goods or services that might be of special interest to you. With this information, we can also improve our offer on our website. It is also about wanting to offer you exclusively useful and interesting products. This allows us to optimise the number of e-mails or letters sent to you.



Why do we collect this information?
We use the data provided by you for contract processing and for processing your orders.
For how long is the data stored?
Once the contract has been completely processed, your data will be restricted for further processing and erased after expiry of any tax and commercial retention periods, unless you have expressly consented to further use of your data, or we reserve the right to use data beyond this in a way that is permitted by law and about which we inform you in this declaration.

Credit checks

We reserve the right to check the creditworthiness of your data (name, address, date of birth) in case of a legitimate interest (e.g. purchase on account). Within the scope of this check, data is exchanged with the following service providers:

infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden

We transfer your data (name, address and date of birth if applicable) for the purpose of a credit check to infoscore Consumer Data GmbH (ICD), Rheinstr. 99, 76532 Baden-Baden, Germany. This information is used to assess the risk of default based on mathematical/statistical algorithms and to verify your address (address validation). The legal basis for these transfers is Article 6(1) point b and Article 6(1) point f of the GDPR. Data may only be transferred based on these provisions to the extent that the data is necessary for safeguarding the legitimate interests of our company or third parties and do not override the interests of fundamental rights and freedoms of the data subject requiring protection of their personal data. Detailed information on the ICD as defined in Article 14 of the European General Data Protection Regulation (EU GDPR), i.e. information on the business purpose, data storage purposes, data recipients, the right to self-disclosure, the right to cancellation or correction etc. can be found under the following link: ICD information sheet

Payment methods

Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us for processing payments. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the order process. The privacy policy of the respective payment service provider applies in this respect.

PayPal
The PayPal payment method is handled by PayPal (Europe) S.à r.l. & Cie, S.C.A., 5th floor, 22-24 Boulevard Royal, L-2449, Luxembourg. If you select “PayPal” as the payment method during the order process in the “Payment method” step, your personal data will be transmitted to PayPal. By selecting the “PayPal” payment method, you consent to the transfer of personal data to PayPal as required for payment processing. For example, this often includes the following personal data, which are necessary for payment processing: First name and surname, address, e-mail, IP address, telephone number, mobile phone number etc., as well as the order data. These ensure the proper handling of the payment as well as the prevention of fraud. You can revoke your consent to the handling of the personal data given during the payment process at any time from PayPal. However, a revocation does not affect personal data which must be transmitted, processed or used as a necessity for contractual payment processing. Further information on data protection at PayPal can be found in the PayPal Privacy Policy.

Credit card payment
In the course of the order process, we pass on personal data to our payment service provider, ADYEN B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands (“Adyen”). The payment data is transmitted directly encrypted to Adyen. When paying by credit card, you consent to the collection and transmission of your payment data to Adyen for the purposes described above.

Back-in-stock notification (optional)

In the event that an item is no longer available in one or more sizes, we offer you the option on our product detail pages of being notified via e-mail as soon as an item becomes available again in your desired size. For this “availability notification”, we require your name and your e-mail address in order to be able to inform you according to your request.

Voucher offers of Sovendus GmbH

For the selection of a voucher offer currently of interest to you, the hash value of your e-mail address and your IP address are pseudonymised and encrypted by us and transmitted to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Article 6(1) point f GDPR). The pseudonymised hash value of the e-mail address is used to take account of a possible objection to advertising by Sovendus (Article 21(3), Article 6(1) point c GDPR). The IP address is used by Sovendus exclusively for data security purposes and as a rule anonymised after seven days (Article 6(1) point f GDPR). In addition, we transmit the pseudonymised order number, order value with currency, session ID, coupon code and time stamp to Sovendus for billing purposes (Article 6(1) point f GDPR). If you are interested in a Sovendus voucher offer, if there is no advertising objection for your e-mail address and you click on the voucher banner displayed only in this case, we will encrypt the form of address, name and your e-mail address and send it to Sovendus in preparation for the voucher (Article 6(1) point b, f GDPR). For more information on the processing of your data by Sovendus, please see the online privacy policy at Sovendus Data Protection Notice.

Why do we collect this information?

The data is collected for the purpose of website analysis.
For how long is the data stored?
In principle, the data is deleted as soon as the purpose of its collection has been fulfilled. Please refer to the Google Analytics Privacy Policy for details: Google Analytics Privacy Policy
How can I turn off website analysis services?
You can prevent the installation of cookies for Google Analytics by setting your browser software. To do so, an opt-out cookie is stored on your terminal device. If you delete your cookies, you must click the link again. Please note that in this case it is possible that you will not be able to use all of the functions of this website to their full extent. You can object to the collection and storage of data for Google Analytics at any time with future effect through a browser plug-in from Google. For more details, see: Google browser plugin



Data transfer for contract fulfilment

Fulfilment

For the fulfilment of the contract we pass on your data to the shipping company commissioned with the delivery, as far as this is necessary for the delivery of ordered goods.

Contacting us via contact form and e-mail

When you contact us via our contact form or via e-mail, we collect personal data, the scope of which can be viewed in the Contact form. We use the data collected exclusively to answer your request and to contact you in this context. The legal basis for this is our legitimate interest in responding to your request in accordance with Art. 6(1) f GDPR. If you intend to place an order with your contact enquiry, the legal basis for our processing is Art. 6(1) b GDPR. After the final processing of your request, we will delete your data, provided that we have been able to finally clarify your request and no legal retention requirement apply.



Data processing for advertising purposes

Newsletter

On our website, customers and interested parties (non-customers) have the opportunity to subscribe to a free newsletter. When registering for the newsletter, the data from the entry form is transmitted to us. As a customer, you will receive offers by e-mail. You will also receive these offers if, for example, you have not subscribed to a newsletter from us. We will inform you, for example, which products would suit your last purchase or what other customers have bought in addition (cf. Article 7(3) UWG – German Act Against Unfair Competition). Of course, you can object to this and all other offers and newsletters in any e-mail you receive.

For how long is the data stored?


The registration data will be deleted as soon as they are no longer necessary to achieve the purpose of their collection. The user’s e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
How can I unsubscribe from the newsletter?
The newsletter subscription can be cancelled at any time by the newsletter subscriber. There is a corresponding link in every newsletter for this purpose.

You can also object to the processing or use of your data for advertising purposes at any time with future effect:
  • By phone: 06224 9000 (landline)
  • In writing: ProFashion GmbH, Johannes Herrmann (Data Protection Officer), Heidelberger Str. 9-11, 69226 Nußloch, Germany
  • E-mail: daten.schutz@bettybarclay.com


Criteo

On the Betty Barclay website, we use the “Criteo” service of Criteo SA, Rue Blanche, 75009 Paris, France. The use of the Criteo service allows us to offer users who have already visited the Betty Barclay website other online advertisements – with websites that cooperate with Criteo – that are suitable and thus appropriate to the interests of our users (retargeting, remarketing). This type of targeted advertising is made possible, among other things, by the storage of Cookies on your computer by Criteo when you visit our website. These cookies are read for targeted product recommendations during subsequent visits to websites that work with Criteo. For this purpose, a randomly generated identification number is stored in the cookies. Neither this identification number nor the information about your visits to the web pages can be assigned to you personally.

You can prevent the Criteo service from storing and using information by clicking on the following link: https://www.criteo.com/de/privacy/ and setting the opt-out sliders under Criteo Dynamic Retargeting and Criteo Sponsored Products to ON. By selecting ON, a new cookie is stored on your computer, which remembers your selection (opt-out cookie). From this moment, Criteo is no longer allowed to collect and process data about your usage behaviour. You can change your selection at any time by turning the sliders back to OFF. You must make this selection individually for each new browser you use, if desired. If you delete all cookies in the browser used, the opt-out cookie you selected will also be deleted.

Google Remarketing

On the Betty Barclay website, we use the remarketing function of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For this purpose, a program code provided by Google is built into our website. Google uses a cookie that is stored on your computer to record that you have surfed our website. If you then use the Google search engine, we can offer you suitable advertisements for relevant search queries (remarketing). Further information on how Google Remarketing works can be found under the following link: How Google Remarketing works. You can disable Google’s interest-based ads using the following link: Google display settings

Competitions

We hold prize draws at irregular intervals. Participation in the competitions is voluntary. If you participate in the competitions, we collect and use your personal data to process the competition, e.g. to inform you about a possible prize. For more information on competitions, please refer to the terms and conditions of each competition. The legal basis for data processing in connection with competitions is Article 6(1) point b GDPR. If you have given your consent to data processing when participating in a competition, Article 6(1) point a GDPR is the legal basis for data processing based on this consent. If you have given your consent in the context of a competition, you have the possibility to revoke this consent at any time with future effect. Your personal data will only be passed on to third parties if this is necessary for the execution of the competition, for example to send you your prize via our logistics partners. Following the completion of the competition and the determination and announcement of the winners, we erase the personal data of the participants of the competition. If the prizes are material prizes, we will keep the winners’ data for the duration of the statutory warranty claims in order to be able to meet any warranty claims.

Rights of the data subject

Overview of your rights

You can revoke the consents given to us at any time with future effect. You also have the following additional rights in accordance with the GDPR: Right to information about your personal data stored by us in accordance with Article 15 GDPR and Article 34 BDSG (German Federal Data Protection Act)
  • Right to correct incorrect or incomplete data pursuant to Article 16 GDPR
  • Right to erase your data stored by us pursuant to Article 17 GDPR and Article 35 BDSG
  • Right to restrict the processing of your data pursuant to Article 18 GDPR
  • Right to data portability pursuant to Article 20 GDPR
  • Right of objection under Article 21 GDPR


Right to information under Article 15 GDPR

Pursuant to Article 15(1) GDPR, you have the right to receive information from us free of charge upon request regarding your personal data stored by us. Among other things, the right to information includes:
  • The purposes for which the personal data are processed.
  • The categories of personal data processed.
  • The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
  • The recipients or categories of recipients for whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations.
  • The existence of a right to have personal data concerning you corrected or erased, the right to have processing restricted by the controller or a right to object to such processing.
  • The existence of a right to complain to a supervisory authority.
  • If the personal data are not collected from the data subject, all available information on the origin of the data.
  • The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and intended effects of such processing for the data subject. .
  • If personal data are transferred to a third country or an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer. .


Right to rectification under Article 16 GDPR

You have the right to request us to correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

Right to erasure under Article 17 GDPR

You have the right to request us to delete personal data concerning you immediately, provided that one of the following reasons applies:
  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw consent on which the processing is based pursuant to Article 6(1) point a, or Article 9(2) point a GDPR and where there is no other legal basis for the processing.
  • You oppose processing pursuant to Article 21 (1) or (2) GDPR and there are no overriding legitimate grounds for processing in the case of Article 21 (1) GDPR.
  • The personal data have been unlawfully processed.
  • The erasure of personal data is necessary to fulfil a legal obligation.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
  • If we have made the personal data public and are obliged to erase them, we will take appropriate measures to inform the third parties processing your data, taking into account the available technology and the implementation costs, that you also require them to erase all links to this personal data or copies or replications of this personal data.


Right to restriction of processing pursuant to Article 18 GDPR

You have the right to request us to restrict processing if one of the following conditions is met:
  • The accuracy of the personal data is disputed by you.
  • The processing is unlawful and you request that the use of personal data be restricted instead of erased
  • The data controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  • You have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the data controller override those of the data subject
  • Right to data portability pursuant to Article 20 GDPR

    You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without our hindrance, provided that
    • Processing is based on consent pursuant to Article 6(1) point a or Article 9(2) point a or on a contract pursuant to Article 6(1) b GDPR and
    • The processing is carried out by automated means
    • When exercising your right to data transferability, you have the right to request that the personal data be transferred directly from us to another controller, insofar as this is technically feasible


    Right of objection in accordance with Article 21 GDPR

    Under the conditions laid down in Article 21(1) of the GDPR, data processing may be objected to on grounds relating to your particular situation.

    You shall have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data that concerns you which is based on Article 6(1) point e or f, including profiling based on those provisions. We will then discontinue processing your personal data, unless we are able to provide compelling legitimate grounds for this processing that outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.





    Nußloch, 24/05/2018