Privacy Policy
of About You SE & Co. KG, Domstraße 10, 20095 Hamburg (as of January 2025).
In the following Privacy Policy, we inform you about the processing of personal data carried out by About You SE & Co. KG, Domstraße 10, 20095 Hamburg ( „ABOUT YOU“ and/or „Controller“) in accordance with the German Data Protection Regulation ( „GDPR“) and the German Federal Data Protection Act ( "BDSG"). Our Privacy Policy applies to the following websites, applications and further services and performances (hereinafter jointly referred to as „Marketplace“): en.aboutyou.de, ABOUT YOU App.
Please read our Privacy Policy carefully. If you have any questions or comments about our Privacy Policy, please contact us at [email protected] .
Contents
You can easily jump directly to the section you are interested in by clicking on the respective chapter headings.
1. Name and Contact Details of the Controller
2. Contact Details of the Data Protection Officer
3. Purposes of the Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party, as well as Categories of Recipients
3.1. Acess to our Websites/Applications
3.1.1. Log-Files
3.1.2. Cookies and Tracking
3.2. Establishment, Execution and/or Termination of a Contract
3.2.1. Data Processing upon Conclusion of the Contract
3.2.2. Use of Data for Fraud Prevention Purposes
3.2.3. Transmission of Data to Transport /Shipping Partners
3.3. Data Processing for Advertising Purposes
3.3.1. Postal Advertising
3.3.2. Newsletter
3.3.3. Product Recommendations by Email
3.3.4. News via WhatsApp
3.3.5. Competitions
3.3.6. Push-Notifications
3.4. Personal User Experience
3.4.1. Identification on Third Party Pages
3.4.2. Personalised Ads and Content
3.4.3. Market Research
3.4.4. Product Development
3.5. Performance
3.5.1. Fraud Detection and Security
3.5.2. Shopping Basket, Wish List and similar Functions
3.5.3. Basic Tracking for Error Monitoring in connection with the functioning of our CMP
3.6. Data Processing for Billing Purposes
3.7. Size Recommendations ("Perfect Fit")
3.8. Virtual Try On
3.9. Display of Adverts (Retargeting)
3.10. Advantage and Voucher Offers
3.10.1. Advantage offers
3.10.2. Vouchers
3.11. Fanpages
3.12. Facebook Connect / Login
3.13. Login via Apple (“Sign in with Apple”)
3.14. Customer Account / User Account
3.15. Contacting us
3.16. Payments
4. No Obligation to provide Data
5. Recipients of Personal Data
5.1. Disclosure of Data to Third Parties
5.2. Disclosure to Processors
6. Storage Period and Data Deletion
7. Recipients outside the EEA
8. Your Rights
8.1. Overview
8.2. Rights of Objection
8.3. Right of Withdrawal
1. Name and Contact details of the Controller
On the marketplace operated by ABOUT YOU www.aboutyou.de both by ABOUT YOU and by providers other than ABOUT YOU ("Merchants"), goods/products are offered for sale. The respective merchants with whom the contracts are concluded are generally responsible under data protection law for the processing of the data that arises in the context of the conclusion of a contract and in connection with the execution of the contract with a merchant. This means, among other things, that data subjects' rights (e.g. right to information, right to erasure of data) concerning this data must be asserted against the respective retailer responsible under data protection law. The retailers have their own data protection notices for the processing operations for which they themselves are responsible. These can be found on the websites of the respective retailers.
This Privacy Policy therefore only applies to data processing by the
About You SE & Co. KG,
Domstraße 10, 20095 Hamburg
Phone: 0800 / 30 15 085
Email:
[email protected]
as the Controller, legally represented by: ABOUT YOU Verwaltungs SE, which in turn is represented by the Management Board members Tarek Müller, Hannes Wiese and Sebastian Betz.
Chairman of the Supervisory Board: Sebastian Klauke
for the following Marketplace: en.aboutyou.de, ABOUT YOU App
2. Contact Details of the Data Protection Officer
You can contact the Data Protection Officer of the Controller at
About You SE & Co. KG
attn. Sebastian Herting - Datenschutzkanzlei
Domstraße 10
20095 Hamburg Germany
E-Mail:
[email protected].
3. Purposes of the Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party, as well as Categories of Recipients
3.1. Access to our Websites/Applications
3.1.1. Log-Files
Each time you access the Marketplace, information is sent by the respective Internet browser of your respective end device to the server of our Marketplace and temporarily stored in Log-Files. The data records stored in the Log-Files contain the following data: Date and time of the request, name of the requested page, IP address of the requesting device, device type, cfRayId, referrer URL (origin URL from which you came to our Marketplace), the amount of data transferred, loading time, product and version information of the browser used in each case, as well as the name of the provider of your Internet access. We process the Log-Files in order to be able to provide our Marketplace reliably and securely.
Insofar as we process personal data (e.g. the IP address) in this context, the legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest results from the
- Ensure smooth connection establishment,
- Ensuring a comfortable use of our Marketplace,
- Evaluation of system security and stability.
A direct conclusion on your identity is not possible on the basis of the information and will not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.
Insofar as we use cookies or similar technologies in connection with the processing of Log-Files described above, this is absolutely necessary in order to provide the Marketplace or its functions requested by you. We may use these cookies without your consent on the basis of Section 25 (2) No. 2 Telecommunications Digital Services Data Protection Act (“TDDDG”).
3.1.2. Cookies and Tracking
General Information
In our Marketplace, we and our Partners use Cookies or similar technologies (together also referred to as„Cookies“). Cookies are small text files that can be stored on your end device (laptop, tablet, smartphone or similar) when you visit and/or use our Marketplace or its functions. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the Cookie that is related to the specific end device used. This does not mean, however, that we can gain direct knowledge of your identity and/or draw conclusions about your person.
Some of the Cookies used are deleted again after the end of the browser session (so-called session Cookies). Such Cookies allow us, for example, to improve the security of our Services by preventing bot attacks.
Other Cookies remain on your end device and enable us to recognise your end device on your next visit (so-called persistent or Cross-session Cookies). These Cookies are used, for example, to show you personalised advertisements and content in our Marketplace.
Consent to the Use of Cookies
We use most Cookies based on your consent. We ask you for this consent in our Consent Management Plattform ( „CMP“ and/or “Preference Center”). There, it is described as "store and/or retrieve information on your device". If you give your consent, this is the legal basis for the use of Cookies (Section 25 (1) TDDDG in conjunction with Article 6 (1) a) GDPR). We store the decision made by you in this respect as to whether you wish to give consent in order to be able to implement it accordingly. An exception to this consent requirement only applies to Cookies that are absolutely necessary for the provision of a Service expressly requested by you. We may use these Cookies without your consent on the basis of Section 25 (2) No. 2 TDDDG.
Consent to the Processing of your Data based on CookiesIn our CMP we also ask you - if necessary - for your consent to the processing of your data based on these Cookies. In doing so, we request consent not only for us, but also for the processing of such data by our Partner .
In our CMP you will find detailed information about the purposes for which we and our Partners would like to process your data based on your consent, as well as a list of our Partners with further information about the data processing they would like to carry out based on your consent. Partners with further information on the data processing they wish to carry out on the basis of your consent.
We store the decision you make in the CMP as to whether or to what extent you wish to give your consent to the processing of your data based on Cookies under a so-called Consent ID. This pseudonymous Consent ID is generated individually for you as a website user in order to be able to provide legal proof of the settings you have made in our CMP and the consent given/revoked therein, including the time (date, time). You can access the Consent ID at any time at the end of the partner list . You can also find detailed information on this processing in our CMP.
The legal basis for any data processing that takes place is Art. 6 (1) f) GDPR. We have a legitimate interest in processing your decision to grant consent, so that we do not have to ask you each time you visit our Marketplace whether you wish to give your consent.
Insofar as you have given your consent to the processing of your data, Art. 6 (1) a) GDPR is the legal basis for this data processing.
Reference to the Right of Withdrawal
You can revoke your consent(s) in whole or in part at any time with effect for the future by changing your settings in our CMP here and clicking on "Confirm My Choices" or by clicking on "Reject All". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)". Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until revocation.
The provider of our CMP, Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany, uses this data in anonymised form to improve its product, to develop new products and services, to improve resources and support, to improve product performance, to check security and data integrity, and to identify industry trends and developments. The legal basis for the provision of this consent data for the aforementioned purposes is Art. 6 (1) f) GDPR.
In addition, taking into account your consent, the consent rate for the country in whose ABOUT YOU shop you have given (or not given) your consent is also calculated anonymously.
3.2. Establishment, Execution and/or Termination of a Contract
3.2.1. Data Processing upon Conclusion of the Contract
If you register with our Marketplace and/or conclude a further contract with us or a Merchant (e.g. purchase a product from us or a Merchant), we will process the data required for the establishment, execution and/or termination of the contract. If a contract is concluded with a Merchant, we will also pass on the data required to establish, execute and/or terminate the contract to the Merchant. This includes in each case:
- Salutation
- First name, surname
- Billing and delivery address
- E-mail address
- Invoice and payment data
- Date of birth
- Telephone number
- Information about orders placed
- Store settings
The legal basis for this is Art. 6 (1) b) GDPR, i.e. you provide us or the Merchant with the information on the basis of the respective contractual relationship (e.g. management of the customer/user account, processing of a purchase contract) between you and us or you and the respective Merchant. We are also obliged to process your email address in the event of a purchase via our websites/apps due to legal requirements in the German Civil Code ("BGB") to send an electronic order confirmation (Art. 6 (1) c) GDPR).
We store the data collected for the processing of the contract - unless we use it for our own marketing purposes - for the duration of the respective contract and until the expiry of the respective statutory or possible contractual warranty and guarantee rights and applicable limitation periods. After expiry of this period, we retain the information required by commercial and tax law relating to the contractual relationship for the periods specified by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities. Further information on this can be found in Section 6. Legal basis for this further data processing is Art. 6 para. 1 c) GDPR as well as Art. 6 para. 1 f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.
Furthermore, the following data processing is required for the execution of a purchase contract via our Marketplace:
Payment data will be passed on to payment service providers commissioned by us to process the payment(s), i.e. to Scayle Payments GmbH (see also Section 3.15).
We pass on details of the delivery address to logistics companies and shipping partners commissioned by us or by the respective Merchant so that the order can be delivered (see also Section 3.2.3). To ensure that the goods are delivered in accordance with your wishes, we may transmit your email address and, if applicable, your telephone number to the logistics company and/or shipping partner commissioned by us to carry out the delivery. They may contact you in advance of the delivery to coordinate the details of the delivery with you. The respective data will only be transmitted for the respective purpose and will not be used for other purposes after delivery and will be deleted after the expiry of existing commercial and tax retention obligations.
3.2.2. Use of Data for Fraud Prevention Purposes
The information you provide when placing an order can be used to check whether a so-called atypical order process exists (e.g. simultaneous ordering of a large number of goods to the same address using different customer accounts). In principle, we have a legitimate interest in carrying out such checks. The legal basis for this data processing is Art. 6 (1) f) GDPR.
3.2.3. Transmission of Data to Transport /Shipping Partners
For the purpose of delivering ordered goods, we work together with logistics service providers/transport companies and/or shipping partners. The following data may be transmitted to them for the purpose of delivering the ordered goods or for the purpose of shipment notification: First name, surname, postal address and, if applicable, the email address and, if applicable, the telephone number. The legal basis for this data processing is Art. 6 (1) b) GDPR.
3.3. Data Processing for Advertising Purposes
3.3.1. Postal Advertising
In principle, we have a legitimate interest in using certain information for marketing purposes in order to be able to make you relevant offers. We process the following information for postal advertising for our own marketing purposes as well as for marketing purposes of third parties: first name, last name, postal address, year of birth.
We are also entitled to store further personal information collected about you in compliance with the legal requirements for our own marketing purposes and for the marketing purposes of third parties. The aim is to send you advertising that is geared solely to your actual or perceived needs/interests and accordingly not to bother you with advertising that is not relevant to you.
A transfer of the stored data to third parties does not take place. Furthermore, ABOUT YOU pseudonymizes / anonymizes personal data collected about you for the purpose of using the pseudonymized / anonymized data for its own marketing purposes as well as for marketing purposes of third parties (advertisers).
The legal basis for the processing of personal data for marketing purposes (postal advertising) is Art. 6 (1) f) GDPR. We and the third parties with whom we cooperate have a legitimate interest in sending you postal advertising (tailored to your needs/interests), insofar as this is in accordance with the legal requirements for direct advertising.
ABOUT YOU does not use data for marketing purposes for which Merchants on the Marketplace aboutyou.de are responsible under data protection law. This is, for example, data that is collected as part of the processing of purchases from Merchants of ABOUT YOU on the Marketplace.
Name on the Right of Objection
You can object to the use of your personal information for the aforementioned marketing purposes at any time free of charge with effect for the future at
[email protected].
If you object, your data will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
3.3.2. Newsletter
As part of the provision of our Marketplace, we offer you the opportunity to register for our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receive our newsletter, we will send you a confirmation link to the email address you provided. Only when you click on this confirmation link will your email address be added to our distribution list for sending our newsletter. The legal basis for this processing is Art. 6 (1) a) GDPR.
Reference to the Right of withdrawal
You can withdraw your consent at any time with effect for the future by sending a message to
[email protected] or the unsubscribe option at the end of each newsletter.
3.3.3. Product Recommendations by Email
As an existing customer, you will regularly receive product recommendations from us via email. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. Here, we use the email address provided by you in the context of the purchase to advertise our own goods and / or services that are similar to those that you have purchased from us based on an order already placed. The legal basis for this data processing is Art. 6 para. 1 f) GDPR. We have a legitimate interest in sending you product recommendations by email, insofar as this is in accordance with the legal requirements for direct advertising.
Reference to the Right of withdrawal
You can object to our product recommendations at any time free of charge with effect for the future by sending a message to [email protected] or at the end of each product recommendation email.
3.3.4. News via WhatsApp
You have the option to join our WhatsApp Community and receive News, Deals and Updates from ABOUT YOU via WhatsApp ( “WhatsApp Conversations”). WhatsApp is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp Ireland"). WhatsApp Ireland acts as a controller in terms of data protection law for the transmission of messages via WhatsApp and your responses. Further information on data processing by WhatsApp can be found here: WhatsApp Ireland privacy notice.
To send messages via WhatsApp, we process your telephone number and your WhatsApp profile name. The processing of your data is based on your consent, which you give us in the WhatsApp chat by clicking on "Let's go!" button or by entering the word "Let's go!". The legal basis for this processing is Art. 6 para. 1 a) GDPR. We are responsible for this processing in the sense of data protection law.
You also have the option of subscribing to personalized content by accessing our Marketplace via WhatsApp (click on "Register here") and logging in there with your registration information (e.g., your e-mail address). In this case, we also use information about your completed or intended orders (order history) to send you personalized News, Deals and Updates. The information about your orders is linked to your WhatsApp ID, which we generate for customer assignment. This processing of your data is also based on your consent, which you give us by clicking on "Register here" and then logging in to ABOUT YOU. The legal basis for this processing is Art. 6 para. 1 a) GDPR. We are also responsible for this processing in the sense of data protection law.
We use the software solution of Charles GmbH, Gartenstr. 86-87, 10115 Berlin ("Charles") to offer and use WhatsApp Conversations. As a processor, Charles processes your data exclusively on our behalf and not for its own purposes.
Reference to the Right of withdrawal
You can revoke your consent(s) at any time with effect for the future by sending the message "STOP" in our WhatsApp chat.
3.3.5. Competitions
If you register/participate in competitions organized by ABOUT YOU (hereinafter referred to as “Participation”), we will use the data you provide when participating in the respective competitions for the purpose of executing the Participation agreement, in particular to notify you of the prize and, if applicable, to advertise our offers and/or offers of our competition partners. Detailed information can be found in the respective conditions of Participation for the respective competition. The legal basis for this data processing is Art. 6 para. 1 a) GDPR, Art. 6 para. 1 b) GDPR.
3.3.6. Push-Notifications
If you have registered to receive push-notifications or have authorised them via the technical settings, you will regularly receive information about your orders, personal vouchers, products that are available again and while using our Chat function when employees are free. For this purpose, we use the "Firebase Cloud Messaging" service of Google Ireland Limited, which we have engaged as a Processor under data protection law (Art. 28 GDPR). We remain the Controller for the respective data processing. To sign up for push notifications, you must confirm the request from your browser or device to receive push-notifications. This process is documented and saved by us. The time of registration and a Browser-ID or Device-ID are stored for this purpose. This data is used on the one hand to send you the push notifications and on the other hand as proof of your registration.
The legal basis for this data processing is Art. 6 (1) b) GDPR.
3.4. Personal User Experience
We and our Partners would like to offer you as personal a user experience as possible on our Marketplace. In our CMP we therefore ask you for your consent for the processing purposes described in the following Sections 3.4.1 to 3.4.4. The legal basis for the data processing described in these sections is Art. 6 (1) a) GDPR.
In addition, we process your data in order to be able to provide our Marketplace securely and reliably and in the form requested by you. You can find more information on this in Section 3.5.1. The legal basis for the data processing described there is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Marketplace securely and reliably, as well as providing Services that you expressly request (e.g. our basket-function).
3.4.1. Identification on Third Party Pages
For certain functions of our Marketplace, we need to be able to assign users to our own or third-party pages, e.g. to be able to show you ads for our products on third-party pages. For this purpose, we or our Partners assign a pseudonymous ID. In addition, we and our Partners can assign you to third-party sites using your pseudonymised email address or telephone number.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.
The legal basis for the data processing is Art. 6 para. 1 a) GDPR.
3.4.2. Personalised Ads and Content
In order to provide you with the full ABOUT YOU experience, we and our Partners use certain information (e.g., browser information, click path, date and time of visit, geographic location, IP address, usage data, websites visited) with your consent to present you with ads and content tailored to you in our online store and on third party pages, which may be based on your preferences or recently viewed products, for example.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.
The legal basis for the data processing is Art. 6 para. 1 a) GDPR.
3.4.3. Market Research
With your consent, we and our Partners use certain information about interactions with content and ads in our online store and on third party pages to better understand how they are received by our users. To do this, we combine data sets (such as user profiles, statistics, market research and analytics data) that provide information about how you and other users interact with content and ads. This information allows us to identify common characteristics, such as which content is relevant to which audiences.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.
The legal basis for the data processing is Art. 6 para. 1 a) GDPR.
3.4.4. Product Development
With your consent, we and our partners use information about your activities in our online shop and on third-party sites (e.g. your interaction with adverts or content), as it helps us to improve our products and our Marketplace and to develop new products and functions based on user interactions, the type of target group, etc. This purpose does not include the development or improvement of user profiles or identifiers.
You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.
The legal basis for the data processing is Art. 6 para. 1 a) GDPR.
3.5. Performance
3.5.1. Fraud Detection and Security
We need certain information to provide our online shop safely and reliably. To do this, we monitor and prevent unusual and potentially fraudulent activity (e.g., advertising, ad clicks by bots) and ensure that systems and processes are working properly and securely. The information may also be used to troubleshoot problems you or we have in providing or interacting with content and ads. In addition, we need certain information to provide you with our online shop in the form you requested, for example, we remember which products you have added to your shopping cart or wish list.
You can find out which information we or the respective Partners use for these purposes in the Partner list.
The legal basis for data processing is Art. 6 (1) f) GDPR. We have a legitimate interest in offering our Marketplace securely and reliably.
3.5.2. Shopping Basket, Wish List and similar Functions
In addition, we need certain information to provide you with functions in our online shop such as shopping basket, wish list and similar functions requested by you. For example, we remember which products you have placed in your shopping basket or added to your wish list.
You can see which information we or the respective partners use for these purposes in the Partner list.
The legal basis for data processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in providing functions that you have expressly requested (e.g. our shopping basket function).
3.5.3. Basic Tracking for Error Monitoring in connection with the functioning of our CMP
ABOUT YOU has developed its own web tracking technology („Basic Tracking“) in order to be able to collect and process data that is absolutely necessary for the provision of our Marketplace. The aim of this in-house development was the best possible implementation of data protection through technology design (‘Privacy by Design’). With basic tracking, technical means are used to ensure that data cannot be traced back to you personally.
As part of the Basic Tracking for error monitoring in connection with the functioning of our CMP, we collect your browser and device information, behavioral data, technical usage data and consent preferences, which enable us to identify or count the users’ interactions with our CMP as a whole (and not on an individual level) and thus draw conclusions about the functioning of our CMP. For this reason, we process the data collected for error monitoring exclusively in pseudonymized form after it has been collected by taking appropriate technical measures, i.e. it is not possible to assign it directly to you without using separately stored information. Furthermore, we delete the data after two years at the latest. The legal basis for the data processing described in thus section is our legitimate interest in accordance with Art. 6 (1) (f) GDPR to continuously check the functionality of our CMP and to ensure that user preferences are recorded in accordance with the legal requirements.
Further information on the types of data processed in connection with basic tracking can be found in our CMP under the purpose ‘Performance’.
3.6. Data Processing for Billing Purposes
We market advertising space on our Marketplace to advertising customers whose products you can purchase on our Marketplace, which are directly related to your shopping experience on ABOUT YOU or whose products may also be of interest to you. The billing of this advertising service is based on so-called impressions (i.e. information on how often the advertisement was seen) and on the basis of interaction with the advertisement (i.e. information on how often the advertisement was clicked on). We therefore collect this information in order to be able to bill our services on a performance basis. The information is also processed in order to detect any errors in connection with billing and to prevent them in the future (debugging).
Data that we process in this context does not allow any conclusions to be drawn about our users. Only with your consent do we process the data in order to be able to offer you a user experience that is as personal as possible (see section 3.4), specifically for the following purposes: Personalized Ads and Content (section 3.4.2), Market Research (section 3.4.3) and Product Development (section 3.4.4). If you give us your consent for this, we will establish a personal reference in order to be able to process the data for the purposes you have selected. Detailed information on this data processing can be found in the Section 3.4 and in our CMP.
3.7. Size Recommendations ("Perfect Fit")
Data processing to measure your body shape
Via the function “Perfect Fit" in our Marketplace you have the option to view products that are tailored to your body size and shape. To determine your appropriate size, the Data Processor FitMatch, Inc. 6750 N Andrews Ave, Suite 200, Fort Lauderdale, FL 33309 (FitMatch) will use the LiDAR (Light Detection and Ranging) technology of your end device, provided that you click on the "Perfect Fit" banner within the product detail page and start the scan after giving your consent (Art. 6 (1) (a) GDPR).
LiDAR technology uses lasers to pulse and reflect light off your body, capturing the contours of your body (excluding your face) and creating a 3D shape without taking photos or videos. No biometric data is transmitted to us or FitMatch. Your end device only transmits certain data points in pseudonymised form ("Scan File"), that are generated from the scan to help FitMatch determine the size recommendations. The Scan File is given a unique identifier (user ID, scan ID) so that the size recommendations can then be played back and the appropriate products displayed to you.
Reference to the Right of Withdrawal
You can revoke your consent(s) at any time with effect for the future by deleting your data in your customer account under "Body Scan".
Data Processing to identify returning Users
In order to automatically identify you as a returning user and avoid you having to repeat the scan, the above data is collected and stored via a so-called "SDK". In this case, the recommended products will also be displayed to you directly on the product detail page.
The purpose of the processing described above is to be able to offer you the most suitable products for your selection. You can also find detailed information about this processing in our CMP. We specify the purpose of the processing in the CMP "Personalized Ads and Content" (see also Section 3.4.2.)). The legal basis for this processing is your consent (Art. 6 (1) (a) GDPR).
Independent Data Processing by FitMatch
In addition, after the size recommendations have been played out, the data points are extracted from the Scan File under the sole responsibility of FitMatch and processed exclusively in an anonymous form only for the purpose of improving the FitMatch services. The legal basis for this data processing is your consent (Art. (1) (a) GDPR), which you give when you perform your scan.
For further information on the processing of your data by FitMatch, please refer to FitMatch's Privacy Policy.
3.8. Virtual Try On
Data processing for Virtual Try-On and article preview
Via the “Virtual Try On” function in our Marketplace you have the opportunity to virtually try on an item you have selected. To do this, our Data Processor AIUTA USA Inc. based at 850 New Burton Road, Suite 201, 19904 Dover, DE, USA (‘AIUTA’) processes uploaded images by assigning a unique identifier (URL, Image-ID) to visualise the item on the uploaded image for you and to show you a preview of how the item might look on you. We process your personal data (images, URL, Image-ID) on the basis of the consent you have given (Article 6 (1) a) GDPR). However, please note that we cannot provide you with the ‘Virtual Try On’ feature without your consent to the processing of your data.
After you have activated the Virtual Try On feature and provided your consent, you can upload selected images of yourself. With the help of the image you upload, AIUTA generates a preview image to which a unique Image-ID and - by us - a URL are assigned so that we can later display your personal preview image to you. Afterwards, your personal preview image will be stored in your customer account and you will have the opportunity to view it under ‘Virtual Try On’. In this case, we access your stored data (Image-ID, URL) when processing your User-ID and transmit the Image-ID and URL to the AIUTA SDK to display your stored preview image.
AIUTA is not able to link your personal data (image, Image-ID, URL) with further personal information about you. AIUTA only has access to the Image-ID and Image-URL of the image you uploaded, which is stored by us.
Data processing for personalised article previews in our online shop
You also have the option of displaying your personal preview image in our online shop in the image gallery on the article details page for the article you have selected, thus personalising our online shop for you. The display is only for the duration of your visit to our online shop. The legal basis for the data processing is your consent (Article 6 (1) a) GDPR), which you provided to us when activating the feature.
Note on Right of Withdrawal
You can withdraw your consent at any time, without giving reasons, with effect for the future by deleting your image(s) in your customer account under "Virtual Try On" or by withdrawing your consent in the CMP.
3.9. Display of Adverts (Retargeting)
We use the services of Adform A/S, Silkegade 3B, DK-1113 Copenhagen K, Denmark (Adform) to place personalised advertising across all pages and to analyse the effectiveness of our advertising measures. For this purpose, Adform processes various personal data, i.e. your IP address and thus also your approximate location, device and browser information, data about your interactions with our Marketplace and other usage data. We also transmit data to Adform that allows Adform to allocate and identify the specific transaction to our shop. This information enables us to display more relevant adverts that are tailored to your interests and at the same time to improve the efficiency of our advertising campaigns by tracking how often certain adverts are seen and clicked on.
You can also find detailed information about this processing in our CMP. We state the purpose of the processing in the CMP as "Personalised Ads and Content" (see also Section 3.4.2.). The legal basis for this processing is your consent (Art. 6 (1) (a) GDPR).
Joint Controllers
We and Adform are joint controllers for the collection of personal data and its transfer to Adform by means of the Adform cookie and the IDs. For this reason, we have entered into an agreement which sets out our respective obligations as Joint Controllers. The agreement sets out which of us is responsible for complying with our data protection obligations and for enforcing your data protection rights. To exercise your rights, you can contact Adform here. You can also contact us in this regard (see also Section 8.).
3.10. Advantage and Voucher Offers
Via our Marketplace you have the opportunity to receive special offers at the end of an order, such as free offers for daily newspapers, magazines or product samples ("Advantage Offers") as well as discount vouchers ("Voucher") from third-party companies, provided by Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe ("Sovendus"). Such advantage or voucher offers are recognisable and labelled as partner offers.
3.10.1. Advantage offers
Personalized selection of Advantage Offers for you
In order to select a current regional Advantage Offer of interest to you, we provide Sovendus with a pseudonymized form of address, year of birth, country, postal code and the hash value of your e-mail address. In addition, Sovendus receives your IP address and thus also your approximate location, browser information, end device data, pages visited and other usage data, as is always the case with communication processes on the Internet. We also transmit data to Sovendus that allows Sovendus to assign and identify the specific transaction to our online shop. After Sovendus has selected the Advantage Offer on the basis of the above data, it will be displayed to you at the end of an order in our online shop.
The purpose of the processing described above is to be able to offer you the most suitable Advantage Offers for your selection. You can also find detailed information on this processing in our CMP. We refer to the purpose of the processing in the CMP as "Personalized ads and content" (see also section 3.4.2.). The legal basis for this processing is your consent (Art. 6 (1) a) GDPR).
Sovendus also uses all of the above types of data under its sole responsibility for the purpose of improving the display of further advantage and voucher offers (pseudonymous customer analyses). Further information on the processing of your data by Sovendus can be found in the Sovendus privacy policy.
Your use of Advantage Offers
Only if you actively select a Advantage Offer will we transmit your name, address and email address to Sovendus to prepare the personal request for the Advantage Offer from the product provider. The legal basis for this data processing is Art. 6 (1) b) GDPR (performance of contract).
3.10.2. Voucher Offers
Personalized selection of Voucher Offers for you
In order to select a Voucher Offer that is currently of interest to you, we will provide Sovendus with your pseudonymized title, country, zip code and the hash value of your e-mail address. In addition, Sovendus receives your IP address, and thus also your approximate location, browser information, end device data, pages visited and other usage data, as is always the case with communication processes on the Internet. We also transmit data to Sovendus that allows Sovendus to assign and identify the specific transaction to our store.
The purpose of the processing described above is to be able to offer you the most suitable Voucher Offers for selection. You can also find detailed information on this processing in our CMP. We state the purpose of the processing in the CMP "Personalized ads and content" (see also section 3.4.2.) The legal basis for this processing is your consent (Art. 6 para. 1 a) GDPR) In addition, the information is processed by Sovendus under its sole responsibility for the purpose of improving the display of further advantage and voucher offers (pseudonymous customer analyses). For further information on the processing of your data by Sovendus, please refer to the Sovendus privacy policy.
Your use of Voucher Offers
Only if you actively select a Voucher Offer we will transmit your name and email address to Sovendus to prepare your personal request for the Voucher Offer from the product provider. In addition, we transmit a pseudonymized order number, currency, session ID (session number) and timestamp of the order to Sovendus for billing purposes. The legal basis for this data processing is Art. 6 (1) (b) GDPR (performance of contract).
3.11. Fanpages
ABOUT YOU maintains social media profiles on social networks
- Facebook (service of Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland ("Meta")),
- Instagram (also a service from Meta),
- X (service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland),
- Pinterest (service of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland),
- TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) and
- YouTube (service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
(„Fanpages“of the „Service Providers“), on which we regularly publish and share content and offers. When you interact with our Fanpages or other websites of the Service Providers, the respective Service Provider can collect your usage behaviour using Cookies and similar technologies. ABOUT YOU may view general statistics about users' interests and demographic characteristics (such as age, gender, region) for its Fanpages. If you use social networks, the type, scope and purposes of data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we are Joint Controllers with the respective Service Provider and which are explained below.
Processing of your Data by the Service Provider
The Service Provider also process your data when using Fanpages for their own purposes, which are not depicted in this Privacy Policy and over which we have no control. You can find more information about this at the respective social networks:
Usage Analysis (Page Insights)
When you interact with our fan pages, the Service Providers use cookies and similar technologies to record your usage behaviour. In this context, ABOUT YOU receives "Page Insights" that contain statistical, depersonalised (anonymised) information about visitors. It is not possible for us to identify you personally. The selection and processing of Page Insights information is carried out exclusively by the respective Service Provider. Page Insights help us to understand how our Fanpages are used, what interests visitors have and which topics and content are particularly popular. We use this information to offer relevant content to visitors to our Fanpages and to better cater to the interests and usage habits of our visitors.
ABOUT YOU and the Service Provider, in some cases, are Joint Controller for the processing of your data for the provision of Page Insights (Art. 26 GDPR). If there is joint controllership, there is an agreement in place between ABOUT YOU and the respective Service Provider which specifies which company fulfils which data protection obligations in accordance with the GDPR with regard to the processing of Page Insights data.
The agreement with Meta is available here. Meta has summarised the main contents of this agreement (including a list of the Page Insights data) here.
The agreement with X is available here.
The agreement with Pinterest is available here.
The agreement with TikTok is available here.
Insofar as you have given your consent to the Service Provider with regard to the creation of page insights as described above, the legal basis is Art. 6 (1) a) GDPR.
3.12. Facebook Connect / Login
ABOUT YOU offers the user the option to register for the Service with his Facebook access (so-called Facebook Connect). Facebook Connect is a service of the social network Facebook, which is operated by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland) ( „Meta“). An additional registration with ABOUT YOU is then not required. To register, the user is redirected to the Facebook website, where he can log in with his usage data. This links the Facebook profile and the ABOUT YOU Service. Through the link, ABOUT YOU automatically receives from Meta the information that the user has consented to transmit (e.g. first name, last name, email address, profile picture, gender, friends list). We use this information to identify you when you use ABOUT YOU.
The legal basis for this data processing is Art. 6 para. 1 a) GDPR.
For more information about Facebook Connect and privacy settings, click here: privacy notice from Facebook.
3.13. Login via Apple (“Sign in with Apple”)
ABOUT YOU offers the user the possibility to sign up for the Service with his Apple ID ("Log in with Apple"). This login function is a service of Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland („Apple“). An additional registration with ABOUT YOU is then not required.
To register, the user is redirected to the Apple website, where he can log in with his usage data. Here, the Apple ID of the user and our Service are linked with each other. The user has the option of using either the email address stored with Apple ("Share email address") or a pseudonymized email address ("Hide my email address"). If the user selects "Share email address", ABOUT YOU receives the email address and name associated with the Apple ID. With the "Hide my email address" function, Apple enables registration for other services outside of Apple, such as ABOUT YOU, without revealing the email address stored with Apple in plain text. If the user enables this feature when creating a new ABOUT YOU customer account, Apple will generate a random email address with the domain
The legal basis for this data processing is Art. 6 para.1 a) GDPR.
You can find more information about data processing by Apple here: privacy notice of Apple .
3.14. Customer Account / User Account
In order to provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account/user account.
The creation of a customer account is generally voluntary. If you create a customer account, the processing of your data collected here is based on Art. 6 para. 1 b) GDPR. After setting up a customer account, no new data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.
Only if you want to place orders via our website/application, the opening of a customer account is mandatory for the processing of the contract.
In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This password is used together with your email address to access your customer account. Please treat your personal access data confidentially and do not make them accessible to unauthorized third parties. Please note that you will automatically remain logged in after leaving our website, unless you actively log out.
Insofar as the customer account also contains information relating to the purchase and processing of purchases from Merchants on the aboutyou.de Marketplace as ABOUT YOU, ABOUT YOU processes this data exclusively for the purpose of managing the customer account.
You have the option to delete your customer account at any time. Please note, however, that this does not mean that the data visible in the customer account will be deleted once you have placed an order with us. Your data will be deleted automatically after the expiry of the commercial and tax retention obligations applicable to us or the applicable limitation periods. Further information on this can be found in Section 6. The legal basis for this further data processing is Art. 6 (1) c) GDPR and Art. 6 (1) f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.
3.15. Contacting Us
You have the possibility to contact us in several ways. By email, by telephone, by chat or by post. When you contact us, we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your enquiry.
If you have registered a customer account with us and are logged in, you can also contact us via our chat. You have the choice of how you want to interact with the chatbot, either by entering your request in a free text field or by a guided list of contact reasons in the form of clickable buttons. We use a technical interface to access data from your customer account, such as order and delivery information, in order to answer your enquiry about an order, delivery or return.
We use the CRM system Zendesk to process customer enquiries. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103, USA ("Zendesk") and the AI chatbot from ultimate.ai GmbH, Paul-Lincke-Ufer 39/40, 10999 Berlin ("Ultimate"). Zendesk and Ultimate process your data for enquiries to us exclusively on our behalf and not for their own purposes.
The legal basis for this data processing is Art. 6 (1) b) GDPR, insofar as the processing of your data is necessary for answering your questions or dealing with your request in connection with a purchase you have made. We also have a legitimate interest in responding to enquiries of a general nature that are not directly related to a contractual relationship. In this case, the legal basis for data processing is our legitimate interest (Art. 6 (1) f) GDPR) in providing you with a quick response and specific answer to your enquiry that you have expressly requested (e.g. information on general delivery times, availability of sizes or products).
Insofar as ABOUT YOU gives you the opportunity to contact Merchants other than ABOUT YOU on the aboutyou.de Marketplace, ABOUT YOU stores the content of the communication exclusively for the purpose of exchanging information between you and the respective ABOUT YOU Merchant. ABOUT YOU only has the option of processing the content of the communication for its own purposes in a few cases. Such a possibility exists, for example, with regard to recognising and preventing fraud.
3.16. Payments
On aboutyou.de and in the ABOUT YOU App, payment methods (e.g. credit card, purchase on account) are offered by Scayle Payments GmbH ("SPAY") via its payment service providers "Paypal" and "Klarna". SPAY is an affiliate company of the ABOUT YOU Group.
We process the payment information that you enter with us or that we collect, i.e. first name and surname, postal address, date of birth, gender, type of goods/service, value of goods, method of ordering, telephone number, selected payment method and payment information (bank, account number, amount, credit card number, CVC codes, expiry date, etc.), email address, country code, date of account creation and last change, account number, IP address, date of first interaction between customer and ABOUT YOU/Merchant (as seller), number of payments on ABOUT YOU, date of last purchase, device fingerprint (ID, token, type) and browser language, for the purpose of payment processing, i.e. when you purchase a product and/or service from us or a Merchant via www.aboutyou.de or the ABOUT YOU App, we then forward the payment information mentioned above to Scayle Payments GmbH, Domstraße 10, 20095 Hamburg. The legal basis for this data processing is Art. 6 (1) a) GDPR, Art. 6 (1) b) GDPR and Art. 6 (f) GDPR.
SPAY is authorised to carry out a so-called risk check before granting the payment method you have selected. Depending on the selected payment method, the risk check may include a credit check and/or a check to prevent order fraud.
You can find details on the processing of your personal data by SPAY in the Privacy Policy from SPAY.
4. No Obligation to provide Data
In principle, you are not obliged to provide us with your personal data. However, the use of certain areas of our Marketplace may require the provision of personal data, in particular the purchase of goods. If you do not wish to provide us with the data required for this, you will unfortunately not be able to use the relevant areas of the Marketplace.
5. Recipients of Personal Data
5.1. Disclosure of Data to Third Parties
We will only disclose your data to third parties outside of ABOUT YOU if this is legally permissible (e.g., because we or the third party have a legitimate interest in the disclosure, we are legally obligated to disclose the data, or based on your consent).
In addition to the third parties named in our Privacy Policy and in our CMP by name, we may disclose personal data to a third party in particular if,
- if we are obliged to do so due to legal requirements or by enforceable official or court order in individual cases (vis-à-vis authorities);
- in connection with legal disputes (with courts or our lawyers) or tax audits (with auditors);
- when we work together with tax consultants;
- in connection with possible criminal offences to the competent investigating authorities;
- in the event of a sale of the business (to the purchaser).
Insofar as we pass on your data to third parties on the basis of your consent, the explanation can also be given when consent is obtained.
5.2. Disclosure to Processors
We use so-called Processors in some areas when processing your data. A Processor is a natural or legal person who processes personal data on our behalf and on the basis of our instructions, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the Controller.
Insofar as the Processors are not already named in this Privacy Policy, these are in particular the following categories of Processors:
- IT service provider (sending emails and newsletters),
- Call center (answering customer inquiries)
6. Storage Period and Data Deletion
ABOUT YOU stores personal data only as long as it is necessary for the purposes stated in this Privacy Policy, in particular for the fulfillment of our contractual and legal obligations. If necessary, we will also store your personal data for further purposes, if or as long as the further storage for certain purposes is permitted by law.
If you close your customer account/user account, we will delete all stored personal information. If complete deletion is not possible or not required for legal reasons, we will block this information. For example, we will block the information if we are required to retain it in accordance with commercial or tax law, such as the German Commercial Code (HGB) and the German Fiscal Code (AO). In this case, we are obliged to retain this information for tax audits and financial audits for up to ten years. Even if there is no legal obligation to retain data, we may refrain from immediate deletion in certain cases permitted by law. This applies, for example, if the information in question may still be required for further contract processing or legal prosecution or legal defense (e.g. in the case of complaints). The relevant criterion for the duration of the blocking is then the respective statutory limitation periods, after the expiry of which we then delete the information. As a rule, the limitation periods end 3 years after the end of the year in which you made a purchase from us.
7. Recipients outside the EEA
We also share personal data with third parties or Processors located in countries outside the European Economic Area( „EWR“). In this case, we ensure that the recipient either has an adequate level of data protection or has your express consent before transferring the data.
An adequate level of data protection exists, for example, if the European Commission has adopted an adequacy decision for the respective country (Art. 45 GDPR). For the U.S., the European Commission has adopted the decision that an adequate level of data protection exists there, provided that the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has a current certification for this. If the recipients of your personal data are located in the U.S. and participate in the DPF, we therefore rely on this adequacy decision (Article 45 GDPR).
Alternatively, we establish an adequate level of data protection by agreeing with recipients on the so-called EU standard contractual clauses of the European Commission (Art. 46 GDPR). In this case, we conduct transfer impact assessments and agree with the recipient or, if necessary, implement additional protective measures. Specifically, we agree Module 1 of the EU Standard Contractual Clauses with recipients who are (independent) controllers and Module 2 of the EU Standard Contractual Clauses with recipients who act as our Processors.
These are third parties or Processors in the following countries: USA (we rely in this respect on the "DPF"), UK (we rely in this respect on the European Commission adequacy decision" available here, India and Singapore. For data transfers to India and Singapore, we have ensured an adequate level of data protection by concluding EU standard contractual clauses and conducting a transfer impact assessment.
You can obtain a copy of the specifically agreed regulations for ensuring the appropriate level of data protection from us. Please contact us at [email protected] or the contact information listed in Section 2.
8. Your Rights
8.1. Overview
In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are met:
-
the right of access about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it has not been collected directly from you;
- the right to have inaccurate data corrected or to have incomplete data completed (Art. 16 GDPR),
-
the right to have your data stored by us deleted (Art. 17 GDPR), insofar as the applicable prerequisites for this are fulfilled and, in particular, no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed by us,
-
the right to restrict the processing of your data (Art. 18 GDPR), insofar as the accuracy of the data is disputed by you (for a period that allows us to verify the accuracy of the personal data); the processing is unlawful, but you object to its erasure; we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR (as long as it has not yet been determined whether our legitimate reasons outweigh yours),
-
the right to data portability pursuant to Art. 20 GDPR, i.e. the right, in the event of processing based on your consent (Art. 6 (1) a) GDPR) or for the performance of a contract (Art. 6 (1) b) GDPR), which is carried out with the aid of automated processes, to have data stored by us about you transferred in a common, machine-readable format, or to request the transfer to another controller (the latter, insofar as this is technically feasible),
You can assert the aforementioned rights to which you are entitled at [email protected].
You also have the right to complain to a supervisory authority. In particular, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
8.2. Right of Objection
You have the right to object to the processing of your personal data for advertising purposes at any time ( „advertising objection”).
In addition, you have the right to object to data processing on the basis of Art. 6 (1) f) GDPR for reasons arising from your particular situation. We will then stop processing your data, unless we can demonstrate - in accordance with the legal requirements - compelling legitimate grounds for further processing that override your rights, or the processing serves the assertion, exercise or defense of legal claims.You can exercise your right of objection at [email protected].
8.3. Right of Withdrawal
If we process data on the basis of your consent, you have the right to revoke this consent at any time. Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until the revocation.
You can generally exercise your rights of objection at [email protected].
You can revoke your consent to the use of Cookies or the processing of your personal data based on them, in whole or in part, at any time by changing your settings in our CMP here and clicking on "Confirm My Choices" or by clicking on "Reject All". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)".