Skip to main content

Privacy Policy

of About You SE & Co. KG, Domstraße 10, 20095 Hamburg (as of October 2023).

In the following Privacy Policy, we inform you about the processing of personal data carried out by About You SE & Co. KG, Domstraße 10, 20095 Hamburg ( „ABOUT YOU“ and/or „Controller“) in accordance with the German Data Protection Regulation ( „GDPR“) and the German Federal Data Protection Act ( "BDSG"). Our Privacy Policy applies to the following websites, applications and further services and performances (hereinafter jointly referred to as „Services“): en.aboutyou.de, ABOUT YOU App.

Please read our Privacy Policy carefully. If you have any questions or comments about our Privacy Policy, please contact us at [email protected] .

Content

You can easily jump directly to the section you are interested in by clicking on the respective chapter headings.

1. Name and Contact Details of the Controller

2. Contact Details of the Data Protection Officer

3. Purposes of the Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party, as well as Categories of Recipients

3.1. Acess to our Websites/Applications

3.1.1. Log-Files

3.1.2. Cookies and Tracking

3.2. Establishment, Execution and/or Termination of a Contract

3.2.1. Data Processing upon Conclusion of the Contract

3.2.2. Use of Data for Fraud Prevention Purposes

3.2.3. Transmission of Information to Transport/Shipping Partners

3.2.4. Transmission of Information to Partner Companies

3.3. Data Processing for Advertising Purposes

3.3.1. Postal advertising

3.3.2. Newsletter

3.3.3. Product Recommendations by Email

3.3.4. News via WhatsApp

3.3.5. Competitions

3.4. Personal User Experience

3.4.1. Identification on Third Party Pages

3.4.2. Personalized Ads and Content

3.4.3. Market Research

3.4.4. Product Development

3.4.5. Performance

3.5. Data Processing for success-based Settlement Purposes

3.6. Fanpages

3.7. Facebook Connect / Login

3.8. Login via Apple (“Log in with Apple”)

3.9. Customer Account / User Account

3.10. Contacting

3.11. Payment Methods

3.11.1. Paypal

3.11.2. Klarna Payment Methods

3.11.3. paydirekt

4. No Requirement to provide Data

5. Recipients of Personal Data

5.1. Transmission of Data to Third Parties

5.2. Transmission to Processors

6. Storage Period and Data Deletion

7. Recipients outside the EEA

8. Your Rights

8.1. Overview

8.2. Right of Objection

8.3. Right of Withdrawal

8.4. Fanpages

1. Name and Contact details of the Controller

This Privacy Policy applies to the data processing by the

About You SE & Co. KG,
Domstraße 10, 20095 Hamburg
Phone: 0800 / 30 15 085
Email: [email protected]

legally represented by: ABOUT YOU Verwaltungs SE, which in turn is represented by the Management Board members Tarek Müller, Hannes Wiese and Sebastian Betz. Chairman of the Supervisory Board: Sebastian Klauke

Website: en.aboutyou.de

for the following Services: en.aboutyou.de, ABOUT YOU App

2. Contact Details of the Data Protection Officer

You can contact the Data Protection Officer of the Controller at

About You SE & Co. KG
attn. Sebastian Herting - Datenschutzkanzlei
Domstraße 10
20095 Hamburg Germany

E-Mail: [email protected].

3. Purposes of the Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party, as well as Categories of Recipients

3.1. Access to our Websites/Applications

3.1.1. Log-Files

Each time Services are accessed, information is sent by the respective Internet browser of your respective end device to the server of our service and temporarily stored in Log-Files. The data records stored in the Log-Files contain the following data: Date and time of the request, name of the requested page, IP address of the requesting device, device type, cfRayId, referrer URL (origin URL from which you came to our Service), the amount of data transferred, loading time, product and version information of the browser used in each case, as well as the name of the provider of your Internet access. We process the Log-Files in order to be able to provide our Services reliably and securely.
Insofar as we process personal data (e.g. the IP address) in this context, the legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest results from the

  • Ensure smooth connection establishment,
  • Ensuring a comfortable use of our Services,
  • Evaluation of system security and stability.

A direct conclusion on your identity is not possible on the basis of the information and will not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

Insofar as we use cookies or similar technologies in connection with the processing of Log-Files described above, this is absolutely necessary in order to provide the Services requested by you. We may use these cookies without your consent on the basis of Section 25 (2) No. 2 Telecommunications-Telemedia Data Protection Act (“TTDSG”).

3.1.2. Cookies and Tracking

General Information

In our Services, we and our Partners use Cookies or similar technologies (together also referred to as„Cookies“). Cookies are small text files that can be stored on your end device (laptop, tablet, smartphone or similar) when you visit and/or use our Services. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the Cookie that is related to the specific end device used. This does not mean, however, that we can gain direct knowledge of your identity and/or draw conclusions about your person.

Some of the Cookies used are deleted again after the end of the browser session (so-called session Cookies). Such Cookies allow us, for example, to improve the security of our Services by preventing bot attacks.

Other Cookies remain on your terminal device and allow us to recognize your terminal device on your next visit (so-called persistent or session-spanning Cookies). These Cookies are used, for example, to show you ads and content in our Services that are tailored to you personally.

Consent to the Use of Cookies

We use most Cookies based on your consent. We ask you for this consent in our Consent Management Plattform ( „CMP“ and/or “Preference Center”). There, it is described as "store and/or retrieve information on your device". If you give your consent, this is the legal basis for the use of Cookies (Section 25 (1) TTDSG in conjunction with Article 6 (1) a) GDPR). We store the decision made by you in this respect as to whether you wish to give consent in order to be able to implement it accordingly. An exception to this consent requirement only applies to Cookies that are absolutely necessary for the provision of a Service expressly requested by you. We may use these Cookies without your consent on the basis of Section 25 (2) No. 2 TTDSG.

Consent to the Processing of your Data based on Cookies

In our CMP we also ask you - if necessary - for your consent to the processing of your data based on these Cookies. In doing so, we request consent not only for us, but also for the processing of such data by our Partner .

In our CMP you will find detailed information about the purposes for which we and our Partners would like to process your data based on your consent, as well as a list of our Partners with further information about the data processing they would like to carry out based on your consent. Partners with further information on the data processing they wish to carry out on the basis of your consent.

The decision you make in the CMP whether or to what extent you want to give consent to the processing of your data based on Cookies, we store it under a so-called Consent ID (e.g. d13b5c50-6x7a-4d7b-9962-3846c8abba), which you can also find at the end of ourPrivacy Policy to be able to implement it accordingly. This pseudonymous Consent ID is generated individually for you as a website user in order to provide legal proof of the settings you have made in our CMP and the consents given/extracted therein with details of the time (date, time). You can check the Consent ID at any time in our CMP under the section "Privacy Preference Center".

The legal basis for any data processing that takes place is Art. 6 (1) f) GDPR. We have a legitimate interest in processing your decision to grant consent, so that we do not have to ask you again each time you access our Services whether you wish to grant your consent.

If you have given your consent to the processing of your data, Art. 6 (1) a) GDPR is the legal basis for this data processing.


Reference to the Right of Withdrawal

You can revoke your consent(s) in whole or in part at any time with effect for the future by changing your settings in our CMP here and clicking on "Confirm My Choices" or by clicking on "Reject All". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)". Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until revocation.


3.2. Establishment, Execution and/or Termination of a Contract

3.2.1. Data Processing upon Conclusion of the Contract

If you register with one of our Services and/or enter into another contract with us (e.g. buy a product from us), we process the data required for the establishment, performance and/or termination of the contract. This includes:

  • Salutation
  • First name, last name
  • Invoice and delivery address
  • Email address
  • Billing and payment information
  • Date of birth
  • Phone number
  • Information about orders placed
  • Store settings

The legal basis for this is Art. 6 b) GDPR, i.e. you provide us with the information on the basis of the respective contractual relationship (e.g. management of the customer/user account, processing of a purchase contract) between you and us. We are also obliged to process your email address in the event of a purchase via our websites/apps due to legal requirements in the German Civil Code ( „BGB“), to send an electronic order confirmation (Art. 6 para. 1 c) GDPR).

We store the data collected for the processing of the contract - unless we use it for our own marketing purposes - for the duration of the respective contract and until the expiry of the respective statutory or possible contractual warranty and guarantee rights and applicable limitation periods. After expiry of this period, we retain the information required by commercial and tax law relating to the contractual relationship for the periods specified by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities. Further information on this can be found in Section 6. Legal basis for this further data processing is Art. 6 para. 1 c) GDPR as well as Art. 6 para. 1 f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.

Furthermore, the following data processing is required for the execution of a purchase contract via our Services:

Payment data will be passed on to payment service providers commissioned by us to process the payment(s). We pass on details of the delivery address to logistics and shipping partners commissioned by us so that the order can be delivered. To ensure that the goods are delivered according to your wishes, we may transmit your email address and, if necessary, the telephone number to the logistics and / or shipping partners contracted by us, which take over the delivery. If necessary, they will contact you in advance of the delivery to coordinate the details of the delivery with you. The respective data will be transmitted solely for the respective purpose and will not be used for other purposes after delivery and will be deleted after expiration of existing commercial and tax retention obligations.

3.2.2. Use of Data for Fraud Prevention Purposes

The information you provide in the context of an order may be used to check whether an atypical order transaction has occurred (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). In principle, we have a legitimate interest in carrying out such a check. The legal basis for this data processing is Art. 6 (1) f) GDPR.

3.2.3. Transmission of Data to Transport /Shipping Partners

For the purpose of delivery of ordered goods, we work together with logistics service providers/transport companies and/or shipping partners: The following data may be transmitted to them for the purpose of delivery of the ordered goods or for the purpose of shipment notification: First name, last name, postal address and, if applicable, the email address and, if applicable, the telephone number. The legal basis for this data processing is Art. 6 para. 1 b) GDPR.

3.2.4. Transmission of Data to Partner Companies

Through our Services, you have the opportunity to take advantage of offers from third-party companies. In these cases, you may conclude a contract directly with one of our Partner Companies, to whom the data required for the execution of the contract (e.g. first name, last name, billing and delivery address, email address, billing and payment data, date of birth, phone number) will be transmitted. Such advantage offers of our Partner Companies are recognizable and marked as partner offers. The legal basis for this data processing is Art. 6 para. 1 b) GDPR.

3.3. Data Processing for Advertising Purposes

3.3.1. Postal Advertising

In principle, we have a legitimate interest in using certain information for marketing purposes in order to be able to make you relevant offers. We process the following information for postal advertising for our own marketing purposes as well as for marketing purposes of third parties: first name, last name, postal address, year of birth.

We are also entitled to store further personal information collected about you in compliance with the legal requirements for our own marketing purposes and for the marketing purposes of third parties. The aim is to send you advertising that is geared solely to your actual or perceived needs/interests and accordingly not to bother you with advertising that is not relevant to you.

A transfer of the stored data to third parties does not take place. Furthermore, ABOUT YOU pseudonymizes / anonymizes personal data collected about you for the purpose of using the pseudonymized / anonymized data for its own marketing purposes as well as for marketing purposes of third parties (advertisers).

The legal basis for the processing of personal data for marketing purposes (postal advertising) is Art. 6 (1) f) GDPR. We and the third parties with whom we cooperate have a legitimate interest in sending you postal advertising (tailored to your needs/interests), insofar as this is in accordance with the legal requirements for direct advertising.


Reference to the Right of Objection
You can object to the use of your personal information for the aforementioned marketing purposes at any time free of charge with effect for the future at [email protected].

If you object, your data will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.


3.3.2. Newsletter

As part of our Services, we offer you the opportunity to register for our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receive our newsletter, we will send you a confirmation link to the email address you provided. Only when you click on this confirmation link will your email address be added to our distribution list for sending our newsletter. The legal basis for this processing is Art. 6 (1) a) GDPR.


Reference to the Right of withdrawal
You can withdraw your consent at any time with effect for the future by sending a message to [email protected] or the unsubscribe option at the end of each newsletter.



3.3.3. Product Recommendations by Email

As an existing customer, you will regularly receive product recommendations from us via email. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. Here, we use the email address provided by you in the context of the purchase to advertise our own goods and / or services that are similar to those that you have purchased from us based on an order already placed. The legal basis for this data processing is Art. 6 para. 1 f) GDPR. We have a legitimate interest in sending you product recommendations by email, insofar as this is in accordance with the legal requirements for direct advertising.


Reference to the Right of withdrawal
You can object to our product recommendations at any time free of charge with effect for the future by sending a message to [email protected] or at the end of each product recommendation email.



3.3.4. News via WhatsApp

You have the option to join our WhatsApp Community and receive News, Deals and Updates from ABOUT YOU via WhatsApp ( “WhatsApp Conversations”). WhatsApp is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp Ireland"). WhatsApp Ireland acts as a controller in terms of data protection law for the transmission of messages via WhatsApp and your responses. Further information on data processing by WhatsApp can be found here: WhatsApp Ireland privacy notice.

To send messages via WhatsApp, we process your telephone number and your WhatsApp profile name. The processing of your data is based on your consent, which you give us in the WhatsApp chat by clicking on "Let's go!" button or by entering the word "Let's go!". The legal basis for this processing is Art. 6 para. 1 a) GDPR. We are responsible for this processing in the sense of data protection law.

You also have the option of subscribing to personalized content by accessing our Services via WhatsApp (click on "Register here") and logging in there with your registration information (e.g., your e-mail address). In this case, we also use information about your completed or intended orders (order history) to send you personalized News, Deals and Updates. The information about your orders is linked to your WhatsApp ID, which we generate for customer assignment. This processing of your data is also based on your consent, which you give us by clicking on "Register here" and then logging in to ABOUT YOU. The legal basis for this processing is Art. 6 para. 1 a) GDPR. We are also responsible for this processing in the sense of data protection law.

We use the software solution of Charles GmbH, Gartenstr. 86-87, 10115 Berlin ("Charles") to offer and use WhatsApp Conversations. As a processor, Charles processes your data exclusively on our behalf and not for its own purposes.


Reference to the Right of withdrawal
You can revoke your consent(s) at any time with effect for the future by sending the message "STOP" in our WhatsApp chat.



3.3.5. Competitions

If you register/participate in competitions organized by ABOUT YOU (hereinafter referred to as “Participation”), we will use the data you provide when participating in the respective competitions for the purpose of executing the Participation agreement, in particular to notify you of the prize and, if applicable, to advertise our offers and/or offers of our competition partners. Detailed information can be found in the respective conditions of Participation for the respective competition. The legal basis for this data processing is Art. 6 para. 1 a) GDPR, Art. 6 para. 1 b) GDPR.

3.4. Personal User Experience

We and our Partners would like to offer you as personal a user experience as possible on our Services. In our CMP we therefore ask you for your consent for the processing purposes described in the following Sections 3.4.1 to 3.4.4. The legal basis for the data processing described in these sections is Art. 6 (1) a) GDPR.

In addition, we process your data in order to be able to provide our Services securely and reliably and in the form requested by you. You can find more information on this in Section 3.4.5. The legal basis for the data processing described there is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Services securely and reliably, as well as providing Services that you expressly request (e.g. our basket-function).

3.4.1. Identification on Third Party Pages

For certain Services, we need to be able to assign users on our own or on third party pages, e.g. to be able to show you ads for our products on third party pages. For this purpose, we or our Partners assign a pseudonymous ID. In addition, we and our Partners can assign you on third party pages with the help of your pseudonymous email address or telephone number.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for the data processing is Art. 6 para. 1 a) GDPR.

3.4.2. Personalized Ads and Content

In order to provide you with the full ABOUT YOU experience, we and our Partners use certain information (e.g., browser information, click path, date and time of visit, geographic location, IP address, usage data, websites visited) with your consent to present you with ads and content tailored to you in our online store and on third party pages, which may be based on your preferences or recently viewed products, for example.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for the data processing is Art. 6 para. 1 a) GDPR.

3.4.3. Market Research

With your consent, we and our Partners use certain information about interactions with content and ads in our online store and on third party pages to better understand how they are received by our users. To do this, we combine data sets (such as user profiles, statistics, market research and analytics data) that provide information about how you and other users interact with content and ads. This information allows us to identify common characteristics, such as which content is relevant to which audiences.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for the data processing is Art. 6 para. 1 a) GDPR.

3.4.4. Product Development

We and our Partners use information about your activities in our online shop and on third party pages (e.g., your interaction with ads or content) with your consent because it helps us improve our products and Services and develop new products and Services based on user interactions, audience type, etc. This purpose does not include developing or improving user profiles and identifiers. This purpose does not include the development or improvement of user profiles and identifiers.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for the data processing is Art. 6 para. 1 a) GDPR.

3.4.5. Performance

We need certain information to provide our online shop safely and reliably. To do this, we monitor and prevent unusual and potentially fraudulent activity (e.g., advertising, ad clicks by bots) and ensure that systems and processes are working properly and securely. The information may also be used to troubleshoot problems you or we have in providing or interacting with content and ads. In addition, we need certain information to provide you with our online shop in the form you requested, for example, we remember which products you have added to your shopping cart or wish list.

You can find out which information we or the respective Partners use for these purposes in the Partner list.

The legal basis for data processing is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Services securely and reliably as well as providing Services that you expressly request (e.g. our shopping cart function).

3.5. Data Processing for success-based Settlement Purposes

We market advertising space on our Services to advertisers whose products you can purchase on our Services that are directly related to your shopping experience on ABOUT YOU or whose products may also be of interest to you. This advertising Service is billed on the basis of so-called impressions (i.e. information on how often the advertisement was seen) and on the basis of interaction with the advertisement (i.e. information on how often the advertisement was clicked on, for example). Therefore, we collect this information in order to be able to bill our performance on a success-based basis. In addition, the information is processed to detect any errors in connection with the billing as well as to prevent them in the future (so-called debugging).

Data that we process in this context does not allow any conclusions to be drawn about our users. Only with your consent do we process the data in order to be able to offer you a user experience that is as personal as possible (see section 3.4), specifically for the following purposes: Personalized Ads and Content (section 3.4.2), Market Research (section 3.4.3) and Product Development (section 3.4.4). If you give us your consent for this, we will establish a personal reference in order to be able to process the data for the purposes you have selected. Detailed information on this data processing can be found in the Section 3.4 and in our CMP.

3.6. Fanpages

ABOUT YOU maintains social media profiles on the social networks Facebook and Instagram ( „Fanpages“), services of Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland ( „Meta“), on which we regularly publish and share content and offers. When you interact with our Fanpages or other Facebook or Instagram websites, Meta uses cookies and similar technologies to collect your usage patterns. ABOUT YOU may view general statistics about users' interests and demographic characteristics (such as age, gender, region) for its Fanpages. If you use social networks, the type, scope and purposes of data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we are jointly responsible with Meta and explain below.

Processing of your Data by Meta

Meta also processes your data when using Fanpages for its own purposes, which are not depicted in this Privacy Policy and over which we have no control. You can find more information about this at the respective social networks:

Facebook privacy notice

Instagram privacy notice

Usage Analysis (Page Insights)

When you interact with our fan pages, Meta records your usage behavior with cookies and similar technologies. In this context, ABOUT YOU receives "Page Insights" that contain statistical, non-personalized (anonymized) information about visitors. It is not possible for us to assign this information to you personally. The selection and processing of Page Insights information is done exclusively by Meta. Page insights help us to understand how our Fanpages are used, which interests the visitors have and which topics and content are particularly popular. We use this information to offer visitors to our Fanpages relevant content and to better respond to the interests and usage habits of our visitors.

ABOUT YOU and Meta are jointly responsible for the processing of your data for the provision of Page Insights (Art. 26 GDPR). There is an agreement between ABOUT YOU and Meta that specifies which company fulfills which data protection obligations in accordance with the GDPR with regard to the processing of Page Insights data.

The agreement with Meta is available here.

The main contents of this agreement (including a list of page insights data) have been summarized by Meta summarized here.

Insofar as you have consented to Meta in relation to the creation of Page Insights described above, the legal basis is Art. 6 para. 1 a) GDPR.

3.7. Facebook Connect / Login

ABOUT YOU offers the user the option to register for the Service with his Facebook access (so-called Facebook Connect). Facebook Connect is a service of the social network Facebook, which is operated by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland) ( „Meta“). An additional registration with ABOUT YOU is then not required. To register, the user is redirected to the Facebook website, where he can log in with his usage data. This links the Facebook profile and the ABOUT YOU Service. Through the link, ABOUT YOU automatically receives from Meta the information that the user has consented to transmit (e.g. first name, last name, email address, profile picture, gender, friends list). We use this information to identify you when you use ABOUT YOU.

The legal basis for this data processing is Art. 6 para. 1 a) GDPR.

For more information about Facebook Connect and privacy settings, click here: privacy notice from Facebook.

3.8. Login via Apple (“Log in with Apple”)

ABOUT YOU offers the user the possibility to sign up for the Service with his Apple ID ("Log in with Apple"). This login function is a service of Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland („Apple“). An additional registration with ABOUT YOU is then not required.

To register, the user is redirected to the Apple website, where he can log in with his usage data. Here, the Apple ID of the user and our Service are linked with each other. The user has the option of using either the email address stored with Apple ("Share email address") or a pseudonymized email address ("Hide my email address"). If the user selects "Share email address", ABOUT YOU receives the email address and name associated with the Apple ID. With the "Hide my email address" function, Apple enables registration for other services outside of Apple, such as ABOUT YOU, without revealing the email address stored with Apple in plain text. If the user enables this feature when creating a new ABOUT YOU customer account, Apple will generate a random email address with the domain @privaterelay.appleid.com. Anything sent to this address will automatically be forwarded to the email address associated with the Apple ID. If you use the login function, the respective IP address will be transmitted to Apple.

The legal basis for this data processing is Art. 6 para.1 a) GDPR.

You can find more information about data processing by Apple here: privacy notice of Apple .

3.9. Customer Account / User Account

In order to provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account/user account.

The creation of a customer account is generally voluntary. If you create a customer account, the processing of your data collected here is based on Art. 6 para. 1 b) GDPR. After setting up a customer account, no new data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.

Only if you want to place orders via our website/application, the opening of a customer account is mandatory for the processing of the contract.

In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This password is used together with your email address to access your customer account. Please treat your personal access data confidentially and do not make them accessible to unauthorized third parties. Please note that you will automatically remain logged in after leaving our website, unless you actively log out.

You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data visible in the customer account will be deleted once you have placed an order with us. Your data will be deleted automatically after the expiry of the commercial and tax retention obligations applicable to us or the applicable limitation periods. Further information on this can be found in Section 6. The legal basis for this further data processing is Art. 6 (1) c) GDPR and Art. 6 (1) f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.

3.10. Contacting

You have the possibility to contact us in several ways. By email, by phone, by chat or by mail. When you contact us, we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your request.

We use the CRM system Zendesk to process customer inquiries. The service provider is Zendesk, Inc., 1019 Market Street in San Francisco, CA 94103, USA ( „Zendesk“). We use Zendesk to process your requests quickly and efficiently. We have entered into a Data Processing Agreement (DPA) with Zendesk. Zendesk processes your data when you submit a request to us exclusively on our behalf and not for its own purposes.

The legal basis for this data processing is Art. 6 para. 1 a), Art. 6 para. 1 b), Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in answering inquiries from our users that are of a general nature and not directly related to a contractual relationship.

3.11. Payments Methods

We process your payment information for the purpose of payment processing, e.g. when you purchase or use a product and/or Service via en.aboutyou.de. Depending on the payment method, we forward your payment information to third parties (e.g. in the case of credit card payments to your credit card provider).

The legal basis for this data processing is Art. 6 para. 1 a), Art. 6 para. 1 b), GDPR and Art. 6 para. 1 f) GDPR.

3.11.1. Paypal

When paying via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal"), as part of the payment processing. The legal basis for the transfer is the execution of the contract, Art. 6 para. 1 b) GDPR.

PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. For more information on data protection, including the credit agencies used, please refer to the privacy policy of Paypal. . PayPal acts as the Data Controller in the sense of data protection law.

3.11.2. Klarna Payment Methods

In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden ( „Klarna“), we offer the following payment options. The payment will be made to Klarna in each case:

  • Invoice: The payment term is 30 days from the date of shipment of the goods/ticket/ or, for other services, the date of provision of the service. The complete invoice terms for the countries where this payment method is available can be found here .
  • Direct debit/immediate bank transfer: Available in Germany, Austria, Belgium, Italy, Spain, Poland and the Netherlands. Your account will be debited immediately after placing the order.

The use of the payment methods invoice and direct debit/immediate transfer requires a positive credit check. If you choose a payment option from Klarna, we will forward your data to Klarna for the purpose of address and credit checks as part of the purchase initiation and processing of the purchase contract. Please understand that we can only offer you those payment methods that are permitted based on the results of the credit check. Further information and Klarna's terms of use can be found here .

Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and as specified in Klarna's privacy notice. Klarna acts as a Data Controller in the sense of data protection law.

The legal basis for the transfer of your data to Klarna is the execution of the contract, Art. 6 para. 1 b) GDPR.

3.11.3. paydirekt

If you decide to pay via paydirekt, your payment data will be transmitted to paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main („paydirekt“) as part of the payment processing. The legal basis for the transfer is the execution of the contract, Art. 6 para. 1 b) GDPR.

Paydirekt acts as the Data Controller in the sense of data protection law. The payment data (e.g. payment amount, details of the payee) as well as the participant's confirmation as to whether the payment data is correct are collected, processed and transmitted to the bank by paydirekt in order to execute the paydirekt payment. Paydirekt authenticates the payment using the authentication procedure stored for the participant. The bank authorizes the payment with the involvement of paydirekt vis-à-vis the merchant. Paydirekt collects and stores the transaction data of paydirekt payments. The transaction data includes the transaction reference and the transaction ID as well as information on the basket, which paydirekt receives from the merchant if it supports this. They enable paydirekt and the bank to identify and reference the transaction at a later date (e.g. in the case of refunds) so that it is possible to allocate the transaction to the respective customer. For the processing of refunds, transaction data is transmitted from paydirekt to the bank.

You can find more information in the following privacy notice of paydirekt.

4. No Requirement to provide Data

In principle, you are not obliged to provide us with your personal data. However, the use of certain areas of our Services may require the provision of personal data, in particular the purchase of goods. If you do not wish to provide us with the necessary data, you will unfortunately not be able to use the corresponding areas of the Services.

5. Recipients of Personal Data

5.1. Transmission of Data to Third Parties

We will only disclose your data to third parties outside of ABOUT YOU if this is legally permissible (e.g., because we or the third party have a legitimate interest in the disclosure, we are legally obligated to disclose the data, or based on your consent).

In addition to the third parties named in our Privacy Policy and in our CMP by name, we may disclose personal data to a third party in particular if,

  • if we are obliged to do so by law or by enforceable official or court order in an individual case (vis-à-vis public authorities);
  • in connection with legal disputes (vis-à-vis courts or our lawyers) or audits (vis-à-vis auditors);
  • when we work with tax consultants;
  • in connection with possible criminal acts to the competent investigative authorities;
  • in the event of sale of the business (to the acquirer).

in the event of sale of the business (to the acquirer). Insofar as we pass on your data to third parties on the basis of your consent, the explanation can also be given when consent is obtained.

5.2. Transmission to Processors

In the course of processing your data, we use so-called Processors in some areas. A Processor is a natural or legal person who processes personal data on our behalf and on the basis of our instructions, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes, but carry out data processing exclusively for the Controller.

Insofar as the Processors are not already named in this Privacy Policy, these are in particular the following categories of Processors:

  • IT service provider (sending emails and newsletters),
  • Call center (answering customer inquiries)

6. Storage Period and Data Deletion

ABOUT YOU stores personal data only as long as it is necessary for the purposes stated in this Privacy Policy, in particular for the fulfillment of our contractual and legal obligations. If necessary, we will also store your personal data for further purposes, if or as long as the further storage for certain purposes is permitted by law.

If you close your customer account/user account, we will delete all stored personal information. If complete deletion is not possible or not required for legal reasons, we will block this information. For example, we will block the information if we are required to retain it in accordance with commercial or tax law, such as the German Commercial Code (HGB) and the German Fiscal Code (AO). In this case, we are obliged to retain this information for tax audits and financial audits for up to ten years. Even if there is no legal obligation to retain data, we may refrain from immediate deletion in certain cases permitted by law. This applies, for example, if the information in question may still be required for further contract processing or legal prosecution or legal defense (e.g. in the case of complaints). The relevant criterion for the duration of the blocking is then the respective statutory limitation periods, after the expiry of which we then delete the information. As a rule, the limitation periods end 3 years after the end of the year in which you made a purchase from us.

7. Recipients outside the EEA

We also share personal data with third parties or Processors located in countries outside the European Economic Area( „EWR“). In this case, we ensure that the recipient either has an adequate level of data protection or has your express consent before transferring the data.

An adequate level of data protection exists, for example, if the European Commission has adopted an adequacy decision for the respective country (Art. 45 GDPR). For the U.S., the European Commission has adopted the decision that an adequate level of data protection exists there, provided that the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has a current certification for this. If the recipients of your personal data are located in the U.S. and participate in the DPF, we therefore rely on this adequacy decision (Article 45 GDPR).

Alternatively, we establish an adequate level of data protection by agreeing with recipients on the so-called EU standard contractual clauses of the European Commission (Art. 46 GDPR). In this case, we conduct transfer impact assessments and agree with the recipient or, if necessary, implement additional protective measures. Specifically, we agree Module 1 of the EU Standard Contractual Clauses with recipients who are (independent) controllers and Module 2 of the EU Standard Contractual Clauses with recipients who act as our Processors.

These are third parties or Processors in the following countries: USA (we rely in this respect on the "DPF"), UK (we rely in this respect on the European Commission adequacy decision" available here India and Singapore. For data transfers to India and Singapore, we have ensured an adequate level of data protection by concluding EU standard contractual clauses and conducting a transfer impact assessment.

You can obtain a copy of the specifically agreed regulations for ensuring the appropriate level of data protection from us. Please contact us at [email protected] or the contact information listed in
Section 2.

8. Your Rights

8.1. Overview

In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are met:

  • the right of access about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it has not been collected directly from you;
  • the right to have inaccurate data corrected or to have incomplete data completed (Art. 16 GDPR),
  • the right to have your data stored by us deleted (Art. 17 GDPR), insofar as the applicable prerequisites for this are fulfilled and, in particular, no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed by us,
  • the right to restrict the processing of your data (Art. 18 GDPR), insofar as the accuracy of the data is disputed by you (for a period that allows us to verify the accuracy of the personal data); the processing is unlawful, but you object to its erasure; we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR (as long as it has not yet been determined whether our legitimate reasons outweigh yours),
  • the right to data portability pursuant to Art. 20 GDPR, i.e. the right, in the event of processing based on your consent (Art. 6 (1) a) GDPR) or for the performance of a contract (Art. 6 (1) b) GDPR), which is carried out with the aid of automated processes, to have data stored by us about you transferred in a common, machine-readable format, or to request the transfer to another controller (the latter, insofar as this is technically feasible),

You can assert the aforementioned rights to which you are entitled at [email protected].

You also have the right to complain to a supervisory authority. In particular, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

8.2. Right of Objection

You have the right to object to the processing of your personal data for advertising purposes at any time ( „advertising objection”).

In addition, you have the right to object to data processing on the basis of Art. 6 (1) f) GDPR for reasons arising from your particular situation. We will then stop processing your data, unless we can demonstrate - in accordance with the legal requirements - compelling legitimate grounds for further processing that override your rights, or the processing serves the assertion, exercise or defense of legal claims.

You can exercise your right of objection at [email protected].

8.3. Right of Withdrawal

If we process data on the basis of your consent, you have the right to revoke this consent at any time. Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until the revocation.

You can generally exercise your rights of objection at [email protected].

You can revoke your consent to the use of Cookies or the processing of your personal data based on them, in whole or in part, at any time by changing your settings in our CMP here here and clicking on "Confirm My Choices" or by clicking on "Reject All". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)".

8.4. Fanpages

For the processing of your Page Insights information together with Meta, we have agreed with Meta that Meta is primarily responsible for providing you with information about the processing of your Page Insights information and for enabling you to exercise your data protection rights (e.g. right to object). For more information about your data protection rights in connection with Site Views and how you can exercise them directly with Meta, please see here .

If you assert your rights against ABOUT YOU, we will forward your request to Meta.

>

>