1.1. Controller

The contact person and controller as defined by the EU General Data Protection Regulation (GDPR) for the processing of your personal data during visits to our website and app is

OUTFITTERY GmbH
Leuschnerdamm 31
10999 Berlin

Tel: +49 30 46722431
E-Mail: service@outfittery.de

1.2. Data protection officer

For any questions about the topic of data protection in relation to our products or the use of our website and our app, please do not hesitate to contact our data protection officer. You can reach our officer at the mailing address above (please include “Data Protection Officer” in the address block) or at the following e-mail address (keyword: “c/o Data Protection Officer”): [datenschutz@outfittery.de].

 

Personal data is information relating to an identified or identifiable person. This primarily includes information that reveals your identity, such as your name, telephone number, address, and e-mail address. Statistical data that we collect when you visit our website, for instance, and cannot be used to identify you, is not considered personal data.

 

3.1 Visits to our website and our app

When you visit our website or use our app, we collect data that your browser or device sends to us automatically. This data that is sent to our server is known as log files:

  • Date and time of request,

  • Address of the website accessed and the requesting website,

  • IP address of the requesting device,

  • Information about the browser used and the device's operating system.

Data processing is necessary to enable the visit to our website and the use of our app, and in order to ensure the regular functionality and security of our systems. To this end, the aforementioned data is stored temporarily in internal log files in order to generate statistical information about the use of our website and our app, so that we can further develop them in line with the usage habits of our visitors and perform general administration and maintenance for our website and our app. The legal basis is Art. 6 (1) (1) f) GDPR.

The information stored in the log files cannot identify you directly. Note that we store the IP addresses in abbreviated form only. The log files are stored for 30 days and then archived after anonymization.

3.2 Registration

You can register for our login area in order to access all the functions of our website and app as well as our offers. The data you will be required to enter includes:

  • Your e-mail address

  • The password you choose

  • Your preferences with regard to brands, product types, or styles, for example

  • Information about your person (such as hair color)

You cannot register without this data. Your e-mail address and password will then be your login information. The legal basis for processing is Art. 6 (1) (b) GDPR.

3.3 Orders

When you place an order with us, we collect the following information for contract performance:

  • First and last names

  • Date of birth

  • Your preferences with regard to brands, product types, or styles, for example

  • E-mail address

  • Password

  • Autopilot setting (where you can manage the regular receipt of orders)

  • Billing and mailing addresses

  • Social security number (only in Sweden)

  • Payment information (such as PayPal or credit card)

You can also provide optional information (such as telephone and fax numbers, individual notes about your order, requests for a certain product, photo uploads and appointment for a styling consultation over the phone). The legal basis is the contract that you conclude with us upon order placement, Art. 6 (1) (1) b) GDPR.

3.4 Contact form and other interactions

You have various options for contacting us. We provide a number of contact methods, such as our contact form, our customer hotline, and communications with our stylists. When you get in touch with us, we collect your contact information. Depending on the contact option you use, your contact information can include your name, mailing address, telephone number, e-mail address, reason for contacting us, your individual message and details about your profiles on social networks (for instance, we receive your Facebook ID if you contact us on Facebook), user name and similar contact information. You also have the option to include the order number or upload an attachment.

The legal basis is Art. 6 (1) (1) b) GDPR if the information is needed to answer your query or initiate/perform a contract. However, the legal basis is Art. 6 (1) (1) f) GDPR if data is processed for marketing purposes.

If you are not a customer of ours, the aforementioned data collected from our contact options will be deleted after no more than one year after we have handled your request. If you are a registered customer of ours, this data will be stored as long as you have a customer account. Once your customer account is deleted, only the data subject to a legal retention period will still be kept.

3.5 Marketing communications

You can subscribe to our marketing communications by e-mail and/or text message. In this case, we collect the following data:

  • E-mail address

  • Domain used (website)

  • Opt-in status

  • Telephone number (only for marketing communications by text message)

  • Log files for registration (date, time, “location” and customer number)

We also use other data from your customer account in order to personalize our marketing communications for you. The legal basis for data processing is your consent and our legitimate interest in offering your personalized marketing communications, Art. 6 (1) (1) a) and f) GDPR.

3.6 Employment applications

You can apply for available jobs using our candidate management system at https://www.outfittery.com/jobs/ We collect the following data to receive and process your application:

  • First and last names

  • E-mail address

  • Application documents (such as references, c.v.)

  • Earliest start date

  • Desired salary

The legal basis for processing your employment application documents is Art. 6 (1) (1) b) and Art. 88 (1) GDPR in conjunction with Section 26 (1) (1) German Federal Data Protection Act - BDSG.

3.7 Information about the app

3.7.1 Downloading and installing the app

Before you can download and install our app from an app store (such as Google Play store or Apple app store), you must register for a user account with an app store provider and conclude a user agreement with this provider. We have no influence on this; in particular we are not a party to any such user agreement. When you download and install the app, the necessary information will be sent to the respective app store, especially your user name, e-mail address and customer number of your account, the time of download and the IMEI. We have no influence on the collection of this data and are not responsible for it. We process this data as provided only if required to download and install the app to your mobile device (such as smartphone or tablet). In this case, the legal basis is Art. 6 (1) (1) f) GDPR.

3.7.2 Push notifications

The app can send you push notifications even if you are not currently in the app. The notifications can be sounds, messages (such as screen banners) and/or symbols (a picture or number on the app icon). To avoid this, you can deactivate push notifications in your device settings at any time.

The legal basis of the aforementioned data processing is Art. 6 (1) (1) b) GDPR if the push notifications relate to contract performance (e.g. shipment notification, information about your order). Otherwise, the legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of sending you product recommendations.

3.7.3 Access

To use the app to the full extent, it is necessary to access certain functions of your device. Depending on the operating system you use, this sometimes requires your express consent. You can change the access settings in your device’s system settings at any time. Below we explain what access the app will request, and why it is needed:

  • Push notifications: access is needed in order to send you push notifications. The legal basis is described under 3.7.2.

  • Contacts: access is needed so that the app can access your contacts in order to suggest contacts for you to recommend Outfittery to others. The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of receiving recommendations.

  • Camera: access is needed so that the app can use your device’s camera function and allow you to send photos to our stylists. The legal basis for the aforementioned data processing is contract performance under Art. 6 (1) (1) b) GDPR.

 

4.1 Login with Facebook Connect (website and app)

Our website and our app allow you to log in with your existing Facebook profile data. For this purpose, we use Facebook Connect, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”). Once you have signed on with Facebook Connect, you do not need to register further.

If you want to use this function, you will first be directed to Facebook. There you will be asked to log in with your user name and password. We receive only your login name; naturally we do not receive your password. If you are already signed on to Facebook, this step will be skipped. Then your e-mail address and your public profile information (especially name, profile picture, date of birth, gender, language and country, friends’ list and likes) will be sent to us once you confirm the process with the “Sign in with Facebook” button. If personal data is transferred to the US, Facebook abides by the EU-US Privacy Shield. The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of providing convenient, user-friendly registration.

For more information, see the data policy of Facebook.

4.2 Login with LinkedIn (website)

Our website offers the option to “Sign in with LinkedIn.” Sign In with LinkedIn is a service by the LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (“LinkedIn”). If you want to use this function, you will first be directed to LinkedIn. There you will be asked to log in with your user name and password. Of course we do not receive this login information. By confirming the process with the “Login and allow” button, LinkedIn data from your LinkedIn profile is transferred to us. This includes your profile overview (especially your LinkedIn user name, name, information about your profession, profile picture URL, number of LinkedIn contacts and other profile information) and – if you have permitted this in your LinkedIn settings – the primary e-mail address on file with LinkedIn. LinkedIn receives information from us about your visit to our website (e.g. date, time and length of session). Your customer account and your LinkedIn account will be permanently linked. The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of providing convenient, user-friendly registration.

For more information, see the privacy policy of LinkedkIn.

4.3 Login with XING (website)

Our website offers the option to “Login with XING.” “Login with XING” is a service by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”). If you want to use this function, you will first be directed to XING. There you will be asked to log in with your user name and password. Of course we do not receive your login information. Once you confirm the process with “Login and allow,” your public profile information (especially XING name, name, e-mail address, business address, profile picture URL, professional experience and other profile information) will be transferred to us. Xing receives information from us about your visit to our website (e.g. date, time and length of session). Your customer account and your XING account will be permanently linked. The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of providing convenient, user-friendly registration.

For more information, see the privacy policy of Xing.

5.1 What are cookies?

Cookies are small text files that are stored by your web browser and that save certain settings and data on communication with our server.

There is a general distinction among two types of cookies: session cookies, which are deleted once you close your browser, and persistent cookies, which are stored for a longer period of time. This helps us design our websites and services for you accordingly and provides user convenience, for instance by storing certain information from you so that you do not have to enter it repeatedly.

5.2 Why does Outfittery use cookies?

We have to use cookies for some of our services. No personal data is stored in the cookies used by Outfittery. Thus, the cookies we use cannot be used to identify a specific person, e.g. you. When cookies are activated, an ID number is assigned to them. Your personal data cannot be matched to this ID number at any time, and this will not occur. Your name, IP address and similar data is never matched to the cookies. Based on the cookie technology we receive only pseudonymous information, such as about what pages of our shop have been visited and what products were viewed.

Most browsers have a default setting to accept cookies. However, you can change your browser settings so that cookies are rejected or stored only upon your consent. If you block cookies, you will not be able to access all of our functions in full.

We use cookies to customize and optimize your user experience. We mainly use session cookies that are deleted once your browser is closed. Session cookies are used to authenticate login and for load balancing. We use persistent cookies, for instance, to store your language settings or to remember that some information was shown to you on our website – so that you will not see it the next time you visit. Persistent cookies are automatically deleted after a defined time period, which can vary by cookie.

These services are based on our legitimate interest to provide you with a convenient and customized experience on our website. The legal basis is Art. 6 (1) (1) f) GDPR.

5.3 Cookies from advertising partners

Outfittery uses a number of advertising partners that help make the internet services and Outfittery website more interesting for you. For this reason, when you visit the Outfittery website, cookies from partner companies will also be stored on your hard drive. These are persistent cookies that will be deleted automatically after a certain time period (see above). The cookies from our partner companies do not contain any personal data either. Only pseudonymous data will be collected under a user ID. For instance, it includes data about what products you viewed, whether something was purchased, what products were searched for, etc. Some of our advertising partners also collect information outside the Outfittery website about what pages you visited prior to that, or what products you were interested in, for instance, in order to show you advertising that matches your interests as closely as possible. This pseudonymous data is never combined with your personal data. The only purpose is to allow our advertising partners to show you advertising that may actually interest you.

This data processing is also based on our legitimate interests. The legal basis is Art. 6 (1) (1) f) GDPR.

 

6.1 Handling of the order process and provision of our services

We process your data to fulfil the contract concluded with you and to provide our services, which includes:

  • the provision, personalization and custom design of our online service and the Outfittery shop.

  • the performance of purchase contracts and customer service, including shipping and payment processing, along with the handling of returns, complaints, and warranty issues.

  • the provision of our stylist communications under the contract regarding your individual style consultation. This is done either by e-mail or phone. You can change your customer account settings to choose which method of communication you would like with our stylists.

6.2 Payment

We offer you the following payment options: credit card, PayPal or COD. Outfittery reserves the right to refrain from offering certain payment types, or to offer them for certain orders only. We work with various payment service providers:

  • for credit card payments: Payvision B.V., Keizersgracht 668C, 1017 ET Amsterdam, Netherlands.

  • for PayPal payments: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

  • for COD payments: abilipay GmbH, Prüfeninger Str. 20, 93049 Regensburg, Germany. The above companies will not transfer any information that you provide to them for payment processing. We are informed only that payment has been made.

Alle Angaben, die Sie im Rahmen der Zahlungsabwicklung gegenüber den vorgenannten Dienstleistern machen, werden von diesen nicht an uns weitergegeben. Wir erhalten lediglich die Information, dass die Zahlung erfolgt ist.

6.3 Fraud prevention

Outfittery uses the digital identity network of ThreatMetrix B.V., Evert van Beekstraat 1-79, 1118 CL Schiphol, Netherlands (TMX), through CRIF GmbH as part of various fraud prevention measures (only in Belgium, Luxembourg, Denmark and Sweden). This protects Outfittery against default on payment and, at the same time, Outfittery is able to protect its customers against the misuse of their funds and the resulting consequences. For this purpose, Outfittery sends device data (device ID, IP address, geo location) and the session ID (such as information about the browser used, processor, storage and boot times) to TMX. At the same time, TMX uses a fraud filter to compare certain data that is transferred (last name, mailing and billing address, e-mail address, device data and session ID) with past orders in a defined period. The data sent is used, processed and stored exclusively for fraud prevention purposes. TMX creates a device ID with which the device used and possible behavior patterns can be identified.

If your data is processed to prevent fraud against you, the legal basis is Art. 6 (1) (1) b) GDPR. Otherwise, the data is processed on the basis of Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest and that of other users in identifying and preventing fraud.

6.4 Credit checks

If Outfittery advances the funds (e.g. to review and approve a COD) before deciding whether to accept the contract, Outfittery will conduct a credit check using scores obtained from external credit agencies. The credit check is needed to reduce Outfittery's default risk or insolvency risk. Scores are statistically based forecasts about the future risk of payment default of a person or company, and are expressed as a number, such as a percentage or a grade. For this purpose, we transfer your data (name, address, date of birth and in Sweden the social security number) to various credit agencies for the purposes of credit checks.

The legal basis of this transfer is Art. 6 (1) (1) b) and f) GDPR. Transfers can be made on the basis of Art. 6 (1) (1) f) GDPR only if this is required to protect legitimate interests of Outfittery or third parties, and there are no prevailing interests or basic rights and freedoms of data subjects that would require the protection of personal data. Sharing data with credit agencies also requires compliance with legal obligations to perform credit checks on customers (Sections 505a and 506 of the German Civil Code).

6.4.1 Credit checks for customers in Germany, Switzerland and the Netherlands

Outfittery receives credit rating information from Arvato Payment Solutions GmbH, Gütersloher Str. 123, 33415 Verl, Germany (“Arvato”). This company receives the customer's name, date of birth, and address. In return, Arvato sends information about the likelihood of default on receivables (“Score”) and any negative information about payment history (e.g. a pending collection procedure). In the event of a negative score, Outfittery may not offer some payment methods or insist on pre-authorization (reservation) of an amount of €150 or €250 prior to purchase, depending on the score.

Arvato uses the following service providers:

  • Austria: CRIF GmbH, Diefenbachgasse 35, 1150 Vienna.

  • Switzerland: CRIF AG, Riesbachstrasse 61, 8008 Zurich.

  • Netherlands: Experian Nederland BV, Postbus 16604, 2500 BP Den Haag.

Detailed information about Arvato under Article 14 GDPR, i.e. information about the business purpose, the purposes of data storage, the data recipients, and the right of access to information, the right to erasure, rectification, etc. can be found at: https://finance.arvato.com/content/dam/arvato/documents/financial-solutions/Arvato_Financial_Soultions_Art._14_EUDSGVO.pdf

6.4.2 Credit checks for customers in Belgium

In Belgium, Outfittery conducts credit checks with BISNODE, Researchdreef 65 Allée de la Recherche, 1070 Brussels via CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich (“CRIF“). For this purpose, CRIF receives the customer's name and date of birth. In return, CRIF sends the information about whether the customer could be identified (e.g. “identity checked”). In the event of a negative identity check, Outfittery may not offer purchases for COD, or may insist on pre-authorization (reservation) of an amount of €150 or €250 prior to purchase, depending on the score.

For more information about the activities of CRIF, see the CRIF-Bürgel information sheet at: www.crifbuergel.de/en/privacy.

6.4.3 Credit checks for customers in Denmark

In Denmark, Outfittery conducts credit checks with Experian, Karenslyst Alle 8b, Pb. 5275 Majorstuen, 0303 Oslo via CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich (“CRIF“). For this purpose, CRIF receives the customer's name, date of birth, and address. In return, CRIF sends any negative information about payment history (e.g. a pending collection process) and address and identity information on file with the credit agency (such as “identity checked”). In the event of a negative identity check and negative payment history, Outfittery may not offer purchases for COD, or may insist on pre-authorization (reservation) of an amount of 1200 DKK or 2000 DKK prior to purchase, depending on the score.

For more information about the activities of CRIF, see the CRIF-Bürgel information sheet at: www.crifbuergel.de/en/privacy.

6.4.3 Credit checks for customers in Sweden

To review and possibly approve a COD, Outfittery conducts credit checks with Creditsafe i Sverige AB, Garda Fabriker, Fabriksgatan 7, SE- 41250 Göteborg via CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich (“CRIF“). For this purpose, CRIF receives your name, date of birth, address, and national ID. In return, CRIF generates the likelihood of default on receivables (“Score”). In the event of a negative score, Outfittery may not offer purchases for COD, or may insist on pre-authorization (reservation) of an amount of 1600.00 SEK or 2700.00 SEK prior to purchase, depending on the score.

If you do not want your identity and national ID checked, you can choose “credit card” or “PayPal” as your payment method when placing an order.

For more information about the activities of CRIF see the CRIF-Bürgel information sheet at: www.crifbuergel.de/en/privacy.

6.5 Marketing communications

We use your data to communicate with you about certain products or marketing offers and to recommend products or services that may interest you. This includes, but is not limited to, the following purposes:

  • The performance of direct advertising, such as with our marketing communications.

  • The analysis of how our services are used.

You can subscribe to our marketing communications by e-mail and/or text message if you wish to be notified on a regular basis about our new products and special offers.

To subscribe to our marketing communications, we use the single opt-in procedure, i.e. we will not send you e-mails or text messages until you have consented to the receipt of marketing communications. If you confirm that you want to receive marketing communications, we will store the following data: customer ID, time stamp, campaign ID, link ID and landing page information until you unsubscribe from our marketing communications. This storage is used solely to send you marketing communications and document your registration. You can unsubscribe from marketing communications at any time. Each e-mail contains an unsubscribe link. You can opt out of text messages by replying STOP to the text message, for instance. Of course, you can also send a message (by e-mail or letter) to the contact information above or listed in the e-mail. The legal basis for processing is your consent under Art. 6 (1) (1) a) GDPR.

We use standard market technologies in our e-mails and text message technologies that can measure interactions with the e-mails and text messages (e.g. e-mails opened / text message links clicked on). We use this data in pseudonymous form for general statistical evaluations and to optimize and further develop our content and customer communications. We use small graphics embedded in the messages to do this (pixels). The data is collected in pseudonymous form only; the IDs are not linked to your other personal data. You cannot be identified directly. The legal basis is our legitimate interest under Art. 6 (1) (1) f) GDPR. If you do not want your usage behavior to be analyzed, you can opt out of the e-mails and/or text messages. The aim of our marketing communications is to share the most relevant content for our customers and better understand our readers’ genuine interests.

The data on interactions with our marketing communications will be stored in pseudonymous form for up to two years and then made completely anonymous.

6.6 Use of your data for interest-based advertising on our website

The information sent by you and automatically generated (especially your e-mail address, the last website visited, all data from previous orders, status of consent to our marketing communications, responses to special offers published) will be used to make the advertising tailored to you and your interests more useful and interesting (interest-based advertising). We use this information only in anonymous form. Sometimes, we also transfer the data to third parties for this purpose (such as to social networks). By analyzing and evaluating this information, we can improve our website and our internet offers, and show you individual advertising on our website – meaning advertisements recommending products that could genuinely interest you.

The legal basis is Art. 6 (1) (1) f) GDPR. We have a legitimate interest in offering you individual advertising.

6.7 Use of your data for analytical purposes on our website and app

In order to improve our website and our app, we use various technologies to analyze user behavior and evaluate the related data. The data collected can include in particular the IP address of the device, the date and time of access, the ID number of a cookie, the device ID for mobile devices, and technical information about the browser and the operating system. However, the data collected is stored only in anonymous form, so that no direct personal identification is possible.

The legal basis for this data processing is Art. 6 (1) (1) f) GDPR. We want to provide you with convenient, custom use of our website and our app.

6.8 Right to object to our analysis and advertising activities

6.8.1 Website

Under Section 7.1 you will find a list of the providers we work with for purposes of analysis and advertising on our website, including the options for objecting to our analysis and advertising activities. Alternatively, you can exercise your right to object by adjusting your settings at http://preferences-mgr.truste.com/, a site that allows you to opt out of marketing from multiple providers. The website of TRUSTe, Inc, 835 Market Street, San Francisco, CA 94103-1905, USA (“TRUSTe“) allows you to deactivate all ads at once using opt-out cookies or to opt out individually for each provider. Please note that after deleting all cookies in your browser or using another browser and/or profile at a later time, you must set an opt-out cookie again.

6.8.2 App

Under Section 7.2 you will find a list of the providers we work with for purposes of analysis and advertising in our app, with information on how to object to our analysis and advertising activities.

 

7.1 Website

The following is an explanation of the technologies and providers we use for the analysis and advertising activities on our website.

7.1.1 Affilinet

Outfittery participates in partner programs of affilinet GmbH, Sapporobogen 6-8, 80637 Munich ("affilinet"), a service that integrates advertisements in the forms of text links, image links, banner ads, or input screens. Affilinet uses cookies and similar technologies to present advertising that is relevant for you. Affilinet also uses web beacons (invisible graphics). These web beacons can evaluate information such as visitor traffic to these pages.

The information generated by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats are transferred to a server of affilinet, where it is stored. This information can be sent by affilinet to contract partners of affilinet. However, affilinet will not combine your IP address with other data stored about you.

You can prevent storage of cookies by setting your browser accordingly (as described above) or deactivate it by going to Click here to opt out; however, please note that in this case you may not be able to use all functions of the website in full.

For more information, please see the data privacy provisions of affilinet.

7.1.2 Bing Ads

Our website uses Bing Ads, a service by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft“). Microsoft uses cookies and similar technologies to present advertising that is relevant for you. The use of these technologies allows Microsoft and its partner websites to place ads on the basis of prior visits to our websites or other websites on the internet. The data generated in this context can be transferred by Microsoft to a server in the US for analysis and stored there. If personal data is transferred to the US, Microsoft abides by the EU-US Privacy Shield.

You can prevent storage of cookies by setting your browser accordingly (as described above); however, please note that in this case you may not be able to use all functions of the website in full. You can also prevent the transfer of the data generated by the cookies and your use of the website to Microsoft and the processing of this data by Microsoft by deactivating the personalized ads on the privacy dashboard of Microsoft. Please note that after deleting all cookies in your browser or using another browser and/or profile at a later time, you must opt out again.

For more information, see the privacy statement of Microsoft.

7.1.3 DCMN

For marketing purposes, our website uses a service of DCMN GmbH, Boxhagener Str. 18, 10245 Berlin (“DCMN“). DCMN uses cookies and similar technologies to present TV advertising on our website that is relevant for you. Data is collected and stored for the creation of user profiles with the use of pseudonyms. These user profiles are for the analysis of visitor behavior and are used to improve and customize our offers. No personal data is collected. The IP addresses are stored in abridged form, so that no households or persons can be identified.

You can prevent the use of cookies by setting your browser accordingly (as described above) or deactivate it by going to Click here to opt out; however, please note that in this case you may not be able to use all functions of the website in full.

For more information, see the privacy statement of DCMN.

7.1.4 Facebook Custom Audience (Pixel process)

For marketing purposes, our website uses remarketing tags (also known as “Facebook Pixels”) from the social network Facebook, a service by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook“). We use these remarketing tags without the “advanced matching” feature. When you visit our website, the remarketing tags create a link between your browser and a Facebook server. In this way, Facebook receives the information that our website was accessed using your IP address. If personal data is transferred to the US, Facebook abides by the EU-US Privacy Shield Facebook uses this information on the one hand to provide us with statistical and anonymous data about the general use of our website, and the effectiveness of our Facebook advertising (“Facebook ads”) and on the other hand to optimize the ad placement and target group selection within the Facebook services.

EU-US Privacy Shield If you are a member of Facebook and have permitted Facebook to do so in the privacy settings of your account, Facebook can also link the information collected during your visit with us to your member account and use this for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a member of Facebook, you can prevent data processing by Facebook by going to the above-mentioned TRUSTe website and clicking on the “deactivate” button for Facebook. You can also prevent data processing by clicking the button below. Click here to opt out;

If you deactivate data processing by Facebook, Facebook will show only general Facebook ads that are not chosen based on information collected about you.

For more information, see the data policy of Facebook.

7.1.5 Facebook Conversion Tracking

Our website uses Facebook Conversion Tracking, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”). This measures the performance of advertising shown. With the analysis program, Facebook can more accurately measure the performance of ads displayed and Facebook and we as a customer of Facebook can enhance the quality and relevance of the ads that you see. Facebook Conversion Tracking uses cookies and similar technologies. The data generated in this context can be transferred by Facebook to a server in the US for analysis and stored there. If personal data is transferred to the US, Facebook abides by the EU-US Privacy Shield. In normal cases, the cookies remain active for a maximum of 30 days on your computer. When you visit our website during this time period, Facebook and we are notified that you have seen the ad shown.

As explained above, you can configure your browser to block cookies or you can prevent the tracking of the data generated by the cookie relating to your use of this website (including your IP address) by clicking the following button: Click here to opt out

For more information, see the data policy of Facebook.

7.1.6 Google AdWords Conversion Tracking

Our website uses Google AdWords Conversion Tracking, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). This measures the performance of advertising shown (AdWords campaigns). With the analysis program, Google can more accurately measure the performance of ads displayed and Google and we as a customer of Google can enhance the quality and relevance of the ads that you see. Google AdWords Conversion Tracking uses cookies and similar technologies. The data generated in this context can be transferred by Google to a server in the US for analysis and stored there. If personal data is transferred to the US, Google abides by the EU-US Privacy Shield . In normal cases, the cookies remain active for a maximum of 30 days on your computer. When you visit our website during this time period, Google and we are notified that you have seen the ad shown.

As explained above, you can configure your browser to block cookies or you can prevent the tracking of the data generated by the cookie relating to your use of this website (including your IP address) by clicking the following button: Click here to opt out

For more information, see the privacy policy of Google.

7.1.7 Google Universal Analytics

Our website uses Google Universal Analytics, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). Google uses cookies and similar technologies so that we can analyze and improve our website based on your user behavior. There is no multi-device tracking. The data generated in this context can be transferred by Google to a server in the US for analysis and stored there. If personal data is transferred to the US, Google abides by the EU-US Privacy Shield. However, your IP address is abbreviated before the usage statistics are evaluated, so you cannot be identified. For this purpose, Google Analytics also uses the code “anonymizeIP” on our website in order to ensure that IP addresses are tracked anonymously.

Google will process the information obtained from the cookies in order to evaluate your use of the website, to compile reports about the website activities for the website operators and to perform other services relating to website use and internet use.

As explained above, you can configure your browser to block cookies or you can prevent the tracking of the data generated by the cookie relating to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the Browser-Add-On provided by Google. In the alternative to the browser add-on, or if you access our website from a mobile device, please use this opt-out link. This will prevent future tracking by Google on this website (the opt-out works only in the browser and only for this domain). If you delete your cookies in this browser, you must click on this link again.

For more information, see the Datenschutzerklärung von Google.

7.1.8 Google Remarketing

Our website uses Google AdWords Remarketing, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). This service uses cookies and comparable technologies in order to show you personalized advertising on websites that work with Google or belong to Google (including YouTube, Google search function). Cookies and comparable technologies are also used to perform an analysis of the website use that is the basis for creating interest-based advertising. The data generated in this context can be transferred by Google to a server in the US for analysis and stored there. If personal data is transferred to the US, Google abides by the EU-US Privacy Shield.

If you use a Google account, depending on the settings in the Google account, Google can link your web and app browser use to your Google account and use information from your Google account to personalize ads. If you do not want this link to your Google account, you will have to log out of Google before opening our contact page.

As explained above, you can configure your browser to block cookies or you can prevent the tracking of the data generated by the cookies and relating to your use of this website (including your IP address) and the processing of this data by Google by going to the Ad Settings provided by Google and setting Ads Personalization to “Off.” In the alternative, you can object to processing by opening the aforementioned Website of TRUSTe and confirming the opt-out button for the provider “Google.”

For more information, see the Privacy policy of Google.

7.1.9 Outbrain

Our website is supported by a recommendation system (Content Discovery) operated under the “Outbrain“ brand by Outbrain UK Ltd., 5 New Bridge Street, London, EC4V 6JA, UK. Outbrain uses cookies that determine what offers you use and what pages you visit in order to recommend relevant third-party website content. To help us analyze our readers, the Outbrain pixel is contained on various pages of our website. This allows Outbrain to inform us on what pages containing pixels the reader was active, along with a timestamp, reference source, and the fact that activity was conducted. We use this information for conversion tracking and remarketing purposes. The pixel tracks activities only on an anonymous basis and does not track or record any identifiable personal information.

You can block the use of cookies by adjusting the settings in your browser software or by opting out on the website of Outbrain, but in this case you may not be able to access all of our website's functions in full.

For more information, see the Privacy policy of Outbrain.

7.1.10 Snowplow

Our website uses SnowPlow from SnowPlow Analytics Ltd., The Roma Building 32-38 Scrutton Street London, EC2A 4RQ, GB (“Snowplow”). The service collects usage information about the Outfittery website using cookies relating to user navigation in order to better understand our customers’ needs.

You can prevent the storage of cookies by adjusting your browser software settings or Click here to opt out; however, please note that in this case you may not be able to use all functions of our website in full.

For more information, see the Privacy policy of Snowplow.

7.1.11 Spoteffect

Our website uses Spoteffects from webeffects GmbH, Knorrstraße 69, 80807 Munich (“Spoteffects“). Spoteffects uses cookies and similar technologies in order to prevent TV advertising on our website that is relevant for you. Data is collected and stored for the creation of user profiles with the use of pseudonyms. These user profiles are for the analysis of visitor behavior and are used to improve and customize our offers. No personal data is collected. The IP addresses are stored in abridged form, so that no households or persons can be identified.

You can prevent the use of cookies by adjusting your browser software settings or Click here to blocking them; however, please note that in this case you may not be able to use all functions of our website in full.

For more information, see the Privacy notice of Spoteffects.

7.1.12 Taboola

Our website is supported by a recommendation system (Content Discovery) operated under the “Taboola” brand by Taboola, Inc., 1115 Broadway, 7th Floor, New York, New York 10010. Taboola uses cookies that determine what offers you use and what pages you visit in order to recommend relevant third-party website content. To help us analyze our readers, the Taboola pixel is contained on various pages of our website. This allows Taboola to inform us on what pages containing pixels the reader was active, along with a timestamp, reference source, and the fact that activity was conducted. We use this information for conversion tracking and remarketing purposes. The pixel tracks activities only on an anonymous basis and does not track or record any identifiable personal information.

You can block the use of cookies by adjusting the settings in your browser software or by opting out on the website of Taboola, but in this case you may not be able to access all of our website's functions in full.

For more information, see the Privacy notice of Taboola.

7.1.13 Unbounce Conversion Tracking

For certain pages relating to special offers and ad campaigns (landing pages) our website uses the Unbounce service from Unbounce Marketing Solutions Inc.400-401 West Georgia Street Vancouver, BC Canada V6B 5A1 (“Unbounce“). Unbounce uses cookies and similar technologies. For this purpose, your browser communicates with Unbounce, so that the IP address of the user is transmitted and cookies can be set. Outfittery is then provided with an analysis of the activities.

You can deactivate storage of cookies by setting your browser accordingly (as described above) or Click here to opt out; however, please note that in this case you may not be able to use all functions of the website in full.

For more information, see the Privacy notice of Unbounce.

7.2 App

The following is an explanation of the technologies and providers we use for the analysis and advertising activities in our app.

7.2.1 Google Mobile App Analytics

Google Mobile App Analytics is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Mobile Analytics”). Google Mobile Analytics enables the analysis of anonymous behavior data, particularly the tracking of active users and activity events (e.g. what keys were used, what pages were opened).

If personal data is transferred to the US, Google abides by the EU-US Privacy Shield. We use Google Mobile Analytics with the additional function offered by Google to anonymize IP addresses: the IP address is usually already abbreviated by Google within the EU and only in exceptional cases is not abbreviated until the US; in all cases it is stored only in abbreviated form.

You can block the collection or analysis of your data with this tool by setting the switch “Allow tracking” to “Turn off tracking”.

For more information on Google Mobile Analytics, see the privacy policy of Google.

7.2.2 Google Crashlytics

Our app uses Crashlytics, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Crashlytics“). Crashlytics enables the analysis of information about crashes, application distribution and adoption rates for certain app versions. Certain (anonymous) user data is sent to Crashlytics servers outside the EU. If personal data is transferred to the US, Google abides by the EU-US Privacy Shield.

You can block the collection or analysis of your data with this tool by setting the switch “Allow tracking” to “Turn off tracking

For more information on Crashlytics, see the privacy policy of Crashlytics.

7.2.3 Google Firebase Analytics

Our app uses Firebase SDK, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Firebase“). Firebase enables the analysis of anonymous behavior data, particularly the tracking of active users and activity events (e.g. what keys were used, what pages were opened). Firebase also receives personal data from us. Certain (anonymous) user data is sent to Firebase servers outside the EU. If personal data is transferred to the US, Google abides by the EU-US Privacy Shield.

You can block the collection or analysis of your data with this tool by setting the switch “Allow tracking” to “Turn off tracking

For more information on Firebase, see the privacy policy of Google.

7.2.4 Adjust

Our App uses Adjust, a service of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin ("Adjust"). Adjust enables the collection of installation and event data and displays them as anonymous evaluations and graphics. For such analysis Adjust uses your IDFA or Google Advertising ID or similar identifiers on your mobile device, data of the installation and first opening of our app, your interaction with our app (especially data related to your first box order such as creating the customer account or when your first order was placed), information about advertisements you saw or clicked on, as well as your IP address and the device fingerprint (e.g. operating system version, phone language, phone model). All this data gets anonymized. It is not possible to identify you individually. We use this information exclusively for the purposes of our own market research, as well as for the optimization and design of our app.

Adjust has been audited and certified according to the ePrivacyseal (European Seal for your Privacy) (see https://www.eprivacy.eu/en/customers/awarded-seals/) and is subject to the EU-US Privacy-Shield in the event that personal data is transferred to the U.S.

 

You can block the collection or analysis of your data through an opt-out option on https://www.adjust.com/opt-out/.

 

For more information on Adjust, see the privacy policy of Adjust.

Turn off tracking
Allow Tracking

Our website and our app use social media plug-ins (such as the “like” button) from the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook"). The plug-ins are deactivated by default so they do not transfer any data. Only if you interact with the plug-ins, e.g. click on the Facebook “like” button, will you be asked to log in to your Facebook account. This information is sent by your browser or device directly to the social network, where it is stored.

If personal data is transferred to the US, Facebook abides by the EU-US Privacy Shield. Facebook is notified that you have accessed the relevant page of our website. This occurs regardless of whether you have a Facebook account and are logged in there. If you are logged on to Facebook, this data is linked directly to your account. If you use the activated plug-in and link the page, for instance, Facebook will also store this information including the date and time in your user account, and share this with your contacts. If you do not want any association with your Facebook profile, you must log out before activating the plug-in.

Facebook will store this data as a usage profile and use it for purposes of advertising, market research and/or custom design of its website and other offers. An analysis of this kind is performed especially (even for users not logged in) to show personalized ads and to inform other users of the social network about your activities on our website and in our app. You can object to the creation of this user profile. As a Facebook member, you can deactivate ads on this basis in the Ad choices. You can also completely block the Facebook social media plug-ins with additional programs for your browser, such as the Facebook Blocker.

For more information, see the data policy of Facebook.

 

9.1 YouTube

We have included videos in our website that are stored by YouTube and can be played directly on our websites. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), a group company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). If personal data is transferred to the US, Google and group company YouTube abide by the EU-US Privacy Shield. The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of providing video and image content.

When you visit our website, YouTube and Google are notified that you have accessed the relevant page of our website. This will occur regardless of whether you are logged on to YouTube or Google. YouTube and Google use this data for purposes of advertising, market research, and customization of their websites. If you access YouTube on our website while logged into your YouTube or Google profile, YouTube and Google can also link this to the respective profiles. If you do not want this link, you will have to log out of Google before opening our website.

As explained above, you can configure your browser to block cookies or you can prevent the tracking of the data generated by the cookies and relating to your use of this website (including your IP address) and the processing of this data by Google by going to the Google Ad Settings and setting Ads Personalization Across the Web to “Off.” In this case, Google will show you only non-personalized ads.

For more information, see the privacy policy for Google.

9.2 Vimeo

We have included videos in our website that are stored on the Vimeo video platform and can be played directly on our websites. Vimeo is a multimedia service of Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo“). The legal basis is Art. 6 (1) (1) f) GDPR, pursuant to our legitimate interest of providing video and image content.

When you visit our website, Vimeo is notified that you have accessed the relevant page of our website. This will occur regardless of whether you are logged on to Vimeo. Vimeo can use this data for purposes of advertising, market research, and customization of their websites. If you access Vimeo on our website while logged into your Vimeo profile, Vimeo can also link this to the respective profiles. If you do not want this link, you will have to log out of Vimeo before opening our website.

For more information, see the privacy policy von Vimeo.

We are committed to protecting your data. We have current technical measures to ensure data security, particularly to protect your personal data from risks during data transfer and access by third parties. This will be adjusted to the current state of the art. To secure the personal data provided by you, we use Transport Layer Security (TLS), which encrypts the information entered by you.

 

The data collected by us is shared only if this is needed to perform the contract or provide technical functionality of the website or our app, or if there is another legal basis for data sharing.

Sometimes we use service providers to process data. Alongside the service providers listed in this privacy policy, these can include, but are not limited to, data centers that store our website and databases, IT providers that maintain our system, logistics companies, call centers, market research institutes, consulting companies, providers to handle payment transactions and the collection process, providers for handling payroll, auditors, tax advisors, along with providers to assist with troubleshooting technical problems. If we share data with providers, they can use this data only to perform their activities. The providers have been carefully chosen and hired by us. They are contractually obligated to follow our instructions, have suitable technical and organizational measures to protect the rights of data subjects, and are regularly monitored by us.

Data may also be shared in relation to official inquiries, court orders and legal proceedings if needed to assert or enforce legal rights.

 

We generally process your data in Germany or the EU or within the European Economic Area (“EEA”). Sometimes your data is processed on servers outside the EU, especially in the US. To ensure the protection of your data in this case as well, we ensure there are sufficient guarantees. Therefore, the providers we use either abide by the EU-US-Privacy-Shield or we have concluded contracts (standard EU contractual clauses) with them.

 

 

13.1 General information on storage

In general, we store personal information only as long as needed to comply with contractual or legal obligations for which we have collected the data. Afterwards, we delete the data immediately unless we need the data until the end of the legal limitation period for purposes of evidence in claims under civil law, or due to legal retention periods.

For purposes of evidence, we must retain contract data for three years from the end of the year in which the business relationship ended with you. After the legal limitation period expires, any claims will expire no earlier than this date.

Even after this, sometimes we must retain your data for accounting purposes. We are required to do so under legal documentation requirements that can relate to the Commercial Code, the Fiscal Code, the Banking Act, the Anti-Money Laundering Act, and the Securities Trading Act. The periods of limitation for storing documents under these laws are between two and ten years.

13.2 Customer account

In general, we store your data from your existing customer account as long as you have a business relationship with us. If you have requested the deletion or cancellation of your customer account, we will delete it. Data that we need until the end of the legal limitation period for purposes of evidence in the event of claims under civil law, or due to legal retention requirements, will be deleted after this period ends.

 

 

You have the right at all times to obtain information about the processing of your personal data by us. We will explain data processing to you and give you a list of the data stored on you. If the data stored by us is incorrect or no longer current, you have the right to the correction of this data. You can also request the deletion of your data. If deletion is not possible in exceptional cases due to other legal requirements, the data will be blocked so that it is available only for this legal purpose. You can also have the use of your personal data restricted, for instance if you doubt the accuracy of the data. You also have the right to data portability, meaning that on request we will give you a digital copy of the personal data you have provided.

To assert your rights described here, you can contact us using the information listed above at any time. This also applies if you want copies of guarantees to document an adequate level of data protection.

 

You have the right at any time to withdraw consent previously granted to us. If you do so, we will not continue to process your data based on this consent in future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data on the basis of legitimate interests (Art. 6 (1) (1) f) GDPR) you have the right to object to the processing of your data at any time for reasons relating to your particular situation. In the event of an objection to data processing for purposes of direct advertising, you have a general right of objection, even without providing a reason, that we will comply with. 

If you wish to exercise your right of withdrawal or objection, you can send an informal message to the contact information listed above.

 

You have the right to lodge a complaint with the data protection supervisory authority responsible for us. You can exercise this right with a supervisory authority in the member country of your residence, your workplace or the location of the alleged violation. In Berlin, where OUTFITTERY has its registered office, the responsible supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit, Maja Smoltczyk
Friedrichstr. 219
10969 Berlin

 

From time to time we will update this privacy policy, such as when we change our website or app, or the legal regulations change.


Version: 1.1 / Stand: June 2018