Data Protection Advisory Notice
We do care about your data security
About You GmbH, Domstrasse 10, 20095 Hamburg, Germany
As of February 4, 2020
The uniform data protection rules contained in the European Union’s General Data Protection Regulation (GDPR) have been in force throughout Europe since May 25, 2018. The following Data Protection Advisory Notice advises you as to how About You GmbH, Domstrasse 10, 20095 Hamburg, Germany, (“ABOUT YOU” and/or “we” and/or “Controller”) processes personal data in keeping with the GDPR and the Bundesdatenschutzgesetzes (Federal Data Protection Act, or BDSG 2018). Our Data Protection Advisory Notice applies to all websites, applications, and other services and performances (the “Services”), which specifically fall within its scope and which ABOUT YOU offers in Europe.
Please read our Data Protection Advisory Notice carefully. Should you have questions or comments regarding the advisory information set forth below, please contact us at email@example.com.
- The Controller’s name and contact information
- Data protection officer’s contact information
- Purposes of the processing, legal bases, and legitimate interests pursued by the Controller or a third party as well as categories of recipients
- Visiting our website/applications
- Processing for marketing purposes
- Online presence, website optimization, marketing
- Social media plug-ins
- Contact information
- Storing and erasing data
- Recipients outside the EU
- Your rights
- Fan pages
The Controller’s name and contact information
This Data Protection Advisory Notice applies to the data processed by
About You GmbH
Telephone: 0800 30 15 085
Tarek Müller (Managing Director)
Sebastian Betz (Managing Director)
Hannes Wiese (Managing Director)
for the following websites/applications: www.commercesuite.aboutyou.com
Data protection officer’s contact information
The Controller’s data protection officer can be reached at
About You GmbH
c/o Sebastian Herting – Data Protection Department
Purposes of the processing, legal bases, and legitimate interests pursued by the Con-troller or a third party, as well as categories of recipients
Visiting our website/applications
Each time our websites/applications are accessed, information is sent by the browser, with which you accessed them on your end device, to the server, on which our website/application is located, and stored temporarily in so-called log files. The data records stored during this process contain the following data, which are stored until they are erased automatically: date and time of visit, name of the site visited, IP address of the accessing device, referrer URL (origin URL, from which you arrived at our websites), the transferred data sets, loading time, as well as the product and version information related to the browser used, as well as the name of your access provider.
The legal basis for the processing of your IP address is point (f) of Article 8(1) GDPR. Our legitimate interest is derived from
- the guarantee that a connection shall be established smoothly,
- the guarantee that the use of our website/application shall be pleasant,
- the analysis of system security and stability
This information does not allow a direct inference to your identity; neither shall such an inference be made. The data will be stored and erased automatically after the purposes mentioned above have been achieved. The routine erasure periods are oriented toward the criterium of necessity.
Cookies, tracking, social media plug-ins
Necessary cookies and technologies
These cookies or similar technologies are needed for the functionality of our Services. These are, for instance, cookies and similar technologies, which store login information based on your registration, or cookies, which ensure that the Services’ user-related configurations (language selected, and the like) remain the same across sessions. Over and above the foregoing, these cookies or similar technologies help to make the proper use of our Services both possible and secure. The legal basis for the use of these technologies is point (f) of Article 6(1) GDPR.
Analysis & functional cookies and technologies
These cookies allow us to provide additional functions and personalization. They can be set by us or by third-party providers, whose services we use in our Services. If you do not allow these cookies, it is possible that some or all of our Services will not function properly. These cookies also allow us to count visits and traffic sources, so that we can measure and improve the performance of our Services. They support us in answering questions concerning which pages are the most popular, which are used the least, and how visitors move on our Services. All the information collected by these cookies is aggregated and, for that very reason, anonymous. If you do not allow these cookies, we cannot know when you used/visited our Services. The legal basis for our use of these technologies is point (a) of Article 6(1) GDPR.
These cookies or similar technologies can be set via our website by us or our partners in order that relevant content/advertising can be displayed both on our and on third-party pages. Here, so-called profiles can be created based on your interests. As a rule, this information does not allow any person to be identified directly, given that only pseudonymized browser and/or device information is used. If you do not allow these cookies or similar technologies, you will experience content/advertising, which is less relevant and less tailored to your interests. The legal basis for our use of these technologies is point (a) of Article 6(1) GDPR.
To the extent we use your information based on your consent, you give us your consent by visiting our Services – where applicable, after you have activated certain settings – and by clicking the “Ok” button on the banner shown during your visit:
Right to withdraw your consent
You can withdraw your consent at any time, in whole or in part, effective for the future, by changing your settings in our Preference Center here.
Of course, you can set your browser so that it does not accept cookies. The help section in the menu of most browsers will explain how you can prevent your browser from accepting new cookies, how you can have your browser notify you of new cookies, or how you can delete all cookies already received, and how you can prevent all further cookies.
Processing for marketing purposes
On our websites/applications, we offer you a newsletter registration option. In order to ensure that mistakes are not made when you enter your email address, we use a so-called double opt-in process (DOI process): after you enter your email address in the registration field and after you have given your consent to receive our newsletter, we send a confirmation link to your email address. Only after you click on this confirmation link will your email address be added to our newsletter mailing list. The legal basis for this processing is point (a) of Article 6(1) GDPR.
Notice of the right to object
You can withdraw your consent at any time, effective for the future, by sending an email to firstname.lastname@example.org or by unsubscribing from the newsletter, a link for which is provided at the bottom of every newsletter.
Online presence, website optimization, marketing
For purposes of the means-tested design and the continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (“Google”), the use of which is based on point (f) of Article 6(1) GDPR. Google Analytics uses so-called “cookies,” text files, which are stored on your computer and which make it possible to analyze how you use our website. In this context, pseudonymized user profiles are created and cookies used. The information, generated by the cookie and pertaining to your use of the website, such as
- Browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server inquiry
On behalf of the operator of this website, Google uses this information to analyze your use of the website, in order to compile website activity reports and in order to provide to the website operator further services affiliated with the use of the website and of the internet. Google does not aggregate with other data the IP address transmitted by your browser through Google Analytics. You can prevent the saving of cookies by using the relevant browser settings; however, we advise that, in this case, you will not be able to use all functions of this website to their fullest extent. What is more, you can prevent Google not only from collecting the data generated by the cookie and pertaining to your use of the website (including your IP address), but also from processing these data, in that you download and install the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout?hl=en.
Instead of the browser add-on, especially for mobile end device browsers, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set, which prevents your data from being collected in the future, should you visit our website again. The opt-out cookie is valid only for that browser and only for our website and is stored on your device. Should you delete this cookie from your browser, you must set the opt-out cookie again. Further Data Protection Advisory Notice in connection with Google Analytics can be found on the Google Analytics website.
Google Marketing Platform
This website uses the online marketing tool known as Google Marketing Platform provided by the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“GMP”).
What is more, GMP can, with the help of cookie IDs, log so-called conversions, which relate to advertisement inquiries. A conversion is logged, for instance, whenever a user sees a GMP advertisement and, at some later point in time, visits the website of the advertiser with the same browser and purchases something through that website. According to Google, GMP cookies do not contain personal information.
Given the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no influence on the scope and the further use of the data, which Google collects through the use of this tool, and advise, for this reason, of what we do know as follows: through the incorporation of GMP, Google receives the information that you have visited a certain part of our internet presence or clicked on an advertisement of ours. Insofar as you are registered for a Google service, Google can match the visit to your account. Even if you are not registered with Google, or not logged in, there exists the possibility that the provider learns of, and stores, your IP address. With the framework of GMP, it can also be the case that personal data will be transferred to a Google LLC server located in United States of America.
To the extent required by law, we have obtained your consent, pursuant to point (a) of Article 6(1) GDPR, to process your data, as set forth above. You can withdraw your consent at any time in our Preference Center.
Google Ads Remarketing
Our website uses Google Ads Remarketing, with which we advertise our websites in Google search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie on the browser of your end device, which automatically enables interest-based advertisements by means of a pseudonymous cookie ID, based on sites visited by you.
Over and beyond the foregoing, data are processed only insofar as you have given you consent to Google that your internet and app browser history be connected by Google to your Google account and that information from your Google account be used to personalize advertising, which you see on the internet. Should you, in this case, be logged into Google during your visit to our website, then Google uses your data, together with Google Analytics data, in order to create and to define target group lists for remarketing across devices. To this end, Google temporarily connects your personal data to Google Analytics in order to create target groups. With the framework of Google Ads Remarketing, it can also be the case that personal data will be transferred to a Google LLC server located in United States of America.
You can deactivate advertising cookies permanently by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/.
Additional information and data protection provisions regarding marketing and Google can be found here: https://www.google.com/policies/technologies/ads/.
To the extent required by law, we have obtained your consent, pursuant to point (a) of Article 6(1) GDPR, to process your data, as set forth above. You can withdraw your consent any time in our Preference Center.
Google conversion tracking
We also use so-called conversion tracking as part of the Google AdWords services. Whenever you click on an advertisement displayed by Google, a conversion tracking cookie is set on your computer/end device. These cookies expire after 30 days; do not contain any personal data; and, as such, do not serve to identify you personally. The information, which is obtained with the help of the conversion cookie, serves to create conversion statistics for AdWords customers, who have opted for conversion tracking.
The legal basis for this processing is point (a) of Article 6(1) GDPR.
You can prevent cookies by setting your browser accordingly; however, we advise that, in this case, it is possible that some or all of our Services will not function properly. You can also deactivate interest-based advertising on Google and interest-based Google advertising online (within the Google display network) in your browser, by turning it “off” at www.google.de/settings/ads or by deactivating it at www.aboutads.info/choices/. Additional information regarding your settings options and data protection at Google can be found at www.google.de/intl/de/policies/privacy/?fg=1. You can withdraw your consent any time in our Preference Center.
The so-called targeting measures set forth below and used by us are taken based on point (f) of Article 6(1) GDPR. The targeting measures taken are used by us to ensure that only advertising based on your actual or supposed interests are shown to you on your end devices and that you are not bothered by any advertising, in which you have no interest.
We also use re-targeting technologies provided by outside service providers such as Pixel, which is provided by Facebook Ireland Limited. Re-targeting allows us to tailor our online offerings to you in a more interesting fashion. In this fashion, we can provide online advertising, on our partners’ websites, in a targeted fashion to users, who have already shown interest in our shop and in our products. Studies have shown that displaying personalized, interests-based advertising is more interesting to internet users than advertising without any personal connection.
For this purpose, a cookie is set, with which interests-related data are pseudonymized and collected. Through the use of this information, interests-based advertisements of our offerings will be displayed to you on our partners’ websites. No directly personal data will be stored; nor will any usage profiles be compiled, which contain personal data concerning you.
You can deactivate the collection of personalized advertising data. In this case, a cookie will be set, which permanently prevents such data collection, unless you purposively delete this cookie from your browser by using the “delete all cookies” function. You can repeat your objection at any time.
Marketing partners/third-party cookies
We cooperate with marketing partners in order to make our online offerings on our page even more interesting to you. For this purpose, our marketing partners’ cookies (so-called third-party cookies) are also set whenever you visit our site. Whenever you visit our site, our marketing partners’ cookies also store pseudonymized information regarding your user behavior and your interests. In part, information will also be collected, which is derived from the other sites you visited prior to your visit to our site. Through the use of this information, our marketing partners’ interests-based advertising will be shown to you on our partners’ websites. No directly personal data will be stored; nor will usage profiles be compiled, which contain personal data concerning you.
DOUBLECLICK by Google
You can prevent not only the collection of the data to Google [sic], which are generated by these cookies and which relate to your use of the websites, but also the processing of these data by Google, by downloading and installing the Doubleclick extension, a browser plug-in available at the following link.
The legal basis for this processing is point (a) of Article 6(1) GDPR and point (f) GDPR.
In addition to the deactivation methods already described, you can also prevent generally the technologies explained above by adjusting your browser’s cookie settings. You can also deactivate preference-based advertising by using the Preference Manager available here.
Social media plug-ins
Our website uses social plug-ins provided by the social networks Facebook, Pinterest, Instagram, Whats-App, Xing, LinkedIn, and Twitter, each based on point (f) of Article 6(1) GDPR, as a way of marketing our company. The purpose behind this way of marketing should be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the data-protection-compliant operation must be guaranteed by the respective provider.
For the purpose and scope of the data collection and the further processing of the data and the use of the data by each provider as well as your rights concerning such and the settings options designed to protect your privacy, please see the data protection policies of each provider, to which we link in what follows.
By first logging out of social network sites and by deleting cookies on your device, you can prevent social networks from matching the information collected about you during your visit to www.commercesuite.aboutyou.com to your user account maintained by the respective social network.
If you would prefer that social networks not match the data, which are collected via our website, directly to your profile, you must log out of the respective social network, before you visit our website. You can also completely prevent the plug-in from loading by using browser add-ons, for instance: by using the script blocker “NoScript,” which you can find at: noscript.net
This website uses other social plug-ins provided by Facebook. These are offers made by Facebook, an American company.
If you visit a page, which contains such a plug-in, your browser establishes a connection to Facebook, and the contents from these pages are loaded. Your visit to this website may be tracked by Facebook through the plug-in, even if you do not use actively the functionality of the social plug-in. If you have a Facebook account, you can use such a social plug-in and, through it, you can share information with your friends. About You has no influence on the plug-in’s content and the information transferred.
On its website, Facebook provides detailed information concerning the scope, nature, and purpose of its further processing of your data. You can find additional information regarding your rights and privacy settings options here.
You can contact us via several channels of communication. Via email, via telephone, per chat, or via mail. If you contact us, we use your personal data, which you provide voluntarily to us as part of your making contact, solely for the purpose of contacting you and processing your inquiry.
The legal basis for this processing is point (a) of Article 6(1), point (b) of Article 6(1), point (c) of Article 6(1) GDPR, and point (f) of Article 6(1) GDPR.
We use so-called processors to process certain kinds of your data. A processor is a natural or a legal person, a governmental authority, institution, or other agency, who processes personal data on our behalf, while we remain responsible for that processing. Processers do not use the data for their own purposes; rather, they process data only for the Controller.
Storing and erasing data
ABOUT YOU stores personal data only for as long as the storage of that data is necessary for the purposes specified in this data protection policy, especially in order to meet our contractual and statutory obligations. Where necessary, we will also store your personal data for other purposes, if and for as long as the further storage thereof is permitted by law for certain purposes.
In the event full erasure is impossible for reasons of law or is not required, we will block the relevant information. Information will be blocked, for instance, whenever retention periods are required by commercial or tax law, such as by the Handelsgesetzbuch (Commercial Code) and the Abgabenordnung (Fiscal Code). Here, we are required to retain this information for tax and financial auditing purposes for up to ten years. Even if there is no statutory retention duty, we can refrain from immediately erasing the information in certain cases permitted by law. Such is the case, for instance, whenever the relevant information may possibly be needed for further performance of a contract or to prosecute or to mount a defense against legal claims (e.g., for returns). The dispositive criteria for the duration of the block will be the respective statutes of limitation, after the end of which we will erase the information.
Recipients outside the EU
With the exception of the processing presented, we do not share your data with any recipients domiciled outside the European Union or the European Economic Area. Said processing entails a data transfer to the servers of the tracking and targeting technologies provider retained by us. These servers are located in the United States of America. The data are transferred based on the so-called standard contractual clauses of the European Commission.
In addition to the right to withdraw the consent you gave to us, you have the following additional rights whenever the statutory conditions are met:
- the right of access to your personal data stored by us (Article 15 GDPR); in particular, you have the right to obtain access to the purposes of the processing; the categories of personal data concerned; the categories of recipients to whom your data have been or will be disclosed; the envisaged period for which the personal data will be stored; the source of your data, insofar as the data were not collected directly from you;
- the right to rectification of inaccurate data or to the accurate completion of incomplete data (Article 16 GDPR);
- the right to erasure of the data concerning you, which is stored by us (Article 17 GDPR), unless we are required to comply with statutory or contractual retention periods or other statutory requirements and/or rights governing continued storage;
- the right to restriction of processing of your data (Article 18 GDPR), to the extent the accuracy of the data is contested by you; the processing is unlawful, but you oppose the erasure thereof; the controller no longer needs the data, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or you have objected to processing pursuant to Article 21 GPPR;
- the right to data portability under Article 20 GDPR, that is: the right to receive selected data, which concerns you and which is stored by us, in a commonly used and machine-readable format or the right to have those data transmitted to another controller;
- the right to lodge a complaint with a supervisory authority. As a rule, you can lodge a complaint with the supervisory authority at its general place of residence or of employment or of our registered office.
You can assert the foregoing rights you have against us by sending an email to email@example.com.
Right to object
Subject to the conditions set forth in Article 21(1) GDPR, the processing can be objected to on grounds relating to the data subject’s particular situation.
The foregoing, general right to object applies to all purposes of processing described in this Data Protection Advisory Notice, which are processed based on point (f) of Article 6(1) GDPR. Unlike the right to object specially oriented toward processing for marketing purpose, we are required under the GDPR to comply with such a general right to object only if you specify grounds of a superordinate nature (such as a possible danger to life or health).
Right of withdrawal
Inasmuch as we process data based on a consent you gave to us, you have the right to withdraw that consent at any time. Withdrawing your consent does not render invalid any processing effectuated on the basis of that consent through the date of your withdrawal.
For the processing of your Page Insights Data, jointly with Facebook, we have stipulated with Facebook that Facebook shall be predominantly responsible for providing you with information concerning the processing of your Page Insights Data and for enabling you to exercise the data protection rights to which you are entitled (such as your right to object). More detailed information regarding your data protection rights in connection with Page Insights and how you can assert these rights directly with Facebook can be found here.
If you assert your rights rights against ABOUT YOU, we will forward your communication to Facebook.