This data privacy notice applies to the processing of your personal data in the GERRY WEBER online shop, including data processing on this website, in the context of orders and in connection with an online customer account (if you have created one).
1. Controller for the data processing
The controller for the data processing is E-GERRY WEBER Digital GmbH, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: email@example.com (hereinafter: EGW, we, us).
You can contact the data protection officer at E-GERRY WEBER Digital GmbH, Data Protection Officer, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: firstname.lastname@example.org.
2. Categories of personal data
Depending on your status (guest, customer account, website visitor), we process the following categories of your personal data:
- Contact details (e.g. name, address, e-mail address, telephone number)
- Date of birth (if you have provided it)
- Purchase data (e.g. time/place purchase, goods and services purchased, turnover (incl. unit and total price), shipping method, purchase frequency, purchase behaviour, allocation to a store)
- Payment method and payment data (e.g. bank details)
- Data regarding returns (e.g. frequency, returned goods)
- Messages sent to us, e.g. via the contact form
- Results of data analyses (e.g. in the context of market research studies and by evaluating customers), including reactivation score (identification of inactivity or risk of outflow), creation of customer profiles, classification into customer value groups
- Participation in promotions or use of vouchers
- If you have an online customer account, we also process back-end data (e.g. log-in data, login name and password, technical device and access data).
- If you visit our website (i.e. even if you do not buy anything), we process the following categories of data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made, movement (pages accessed, items viewed, length of stay/heat map, shopping cart), click and purchase behavior on the websites.
- When sending newsletters and for other e-mail communication with you, we also process the following data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made.
In addition, you will find more detailed information on individual data processing operations under Section 9 below.
3. Purposes and legal bases of the processing
We process your data on the following legal bases: fulfillment of a contract (i.e. orders through the online shop) and performance of pre-contractual measures (Art. 6 (1) lit. b) GDPR); compliance with our legal obligations (e.g. due to commercial or tax law requirements, Art. 6 (1) lit. c) GDPR); on the basis of your consent (Art. 6 (1) lit. a) GDPR), on the basis of our or third parties’ legitimate interests (Art. 6 (1) lit. f) GDPR). Legitimate interests of us or third parties exist, for example, in advertising and product improvement, digitalisation, assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion, cooperation with authorities or ensuring IT security.
We process your personal data for the following purposes:
- Performance of a contract, e.g. processing of your order and complaint handling
- Marketing, product information for advertising purposes about collections, products and services
- Compliance with our legal obligations
- Market and opinion research
- Measures to improve and develop our services and products as well as creation of transparency and quality of our products, services and communication
- Personalisation of advertising and communication in order to be able to offer you an individual approach with suitable offers and products, including automated analysis of your purchasing behavior and creation of customer profiles, classification into customer value groups, creating of a reactivation score (identification of inactivity or risk of outflow), dynamic reactivation (targeted advertising based on purchase frequency), allocation to a store, sending vouchers and item recommendations and invitations to special promotions (e.g. store events)
- Analysis of the reach of our communication with you, e.g. by measuring click rates
- Statistical evaluation of the success of (online) marketing campaigns
- Contact with credit agencies to determine credit checks or payment default risks
- Address determination
- Assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion
- Cooperation with authorities
- Ensuring IT security
- Prevention and investigation of criminal offences or breaches of duty
- Monitoring and prevention of fraudulent activities, e.g. through click fraud
- Ensuring the proper functioning of our systems
- Measures in connection with corporate transactions or corporate restructuring (e.g. the sale of our business operations or parts thereof).
4. Source of your personal data
We collect your personal data directly from you, e.g. when ordering in the online shop, in the registration form for the customer account or when registering for the newsletter. In addition, we receive some of your personal data from other sources, in particular from credit agencies and from other group companies of the GERRY WEBER Group (a list of all companies in the GERRY WEBER Group can be found here: gerryweber.com/jednostki-grupy-kapitałowej/
5. Disclosure of personal data to third parties (recipients)
Recipients of your personal data may be, for example:
- Billing service providers and IT service providers
- Credit agencies
- Call centers
- Marketing agencies
- Market research institutes
- Service and cooperation partners
- Debt collection agencies
- Printing and mailing service providers
- Data destruction service providers
- Consultants and consulting firms (e.g. lawyers, auditors or tax consultants)
- Authorities and courts
- Distributor in the field of wholesale
- Companies (e.g. buyers and their advisors) in connection with corporate transactions or corporate restructurings (e.g. the sale of our business operations or parts thereof)
- Group companies of the GERRY WEBER Group (a list of all companies of the GERRY WEBER Group can be found here: gerryweber.com/jednostki-grupy-kapitałowej/)
Please also see the additional information provided under Section 9 below.
6. Recipients outside the EEA
The processing of personal data takes place primarily in the territory of the European Union (EU). In some cases, we also transfer your personal data to recipients outside the European Economic Area (EEA) (so-called third countries), for example to subsidiaries belonging to the group or foreign processors. For some third countries, such as Switzerland, the EU Commission has decided that the level of data protection is adequate. Our transfer of your personal data to these countries is based on the respective adequacy decision of the EU Commission (Art. 45 GDPR). For data transfers to third countries without such an adequacy decision, such as the USA, we for example conclude appropriate data transfer agreements (so-called EU standard contractual clauses) or ensure that another transfer mechanism is applicable. For a copy of the relevant transfer mechanisms and further information or questions, you are welcome to contact the Data Protection Officer at email@example.com
Please also see the additional information provided under Section 9.
7. Storage period
Personal data will be stored for the purposes mentioned for the duration necessary to fulfill these purposes, e.g. for the duration of the fulfilment of the order process as well as statutory limitation periods and warranty periods, and if there are no other statutory retention obligations (German Commercial Code (HGB), German Fiscal Code (AO)) or legal reasons for storage. We are subject to various storage and documentation obligations, which result, among others, from the German Commercial Code (HGB) and the German Fiscal Code (AO) and reach up to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, can be up to thirty years according to §§ 195 et seqq. of the German Civil Code (BGB), whereas the regular limitation period is three years. The storage period of the data collected via cookies can be found under Section 9.
8. Your rights in relation to the processing of your personal data
You have the following rights against us in relation to your personal data:
- Right to information on your stored personal data (Art. 15 GDPR),
- Right to rectification if the stored data that relates to you is incorrect, outdated or inaccurate (Art. 16 GDPR),
- Right to erasure if the storage is impermissible, the purpose of the processing is fulfilled and the storage is therefore no longer necessary or when you have revoked your consent to the processing of certain personal data (Art. 17 GDPR),
- Right to restriction of processing if one of the conditions listed in Art. 18(1) lit. a) to d) GDPR is fulfilled (Art. 18 GDPR),
- Right to transfer the personal data that relates to and that you have provided (Art 20 GDPR),
- Right to withdraw your consent, whereby the withdrawal does not affect the lawfulness of the processing carried out up to that point on the basis of the consent (Art. 7 (3) GDPR), and
- Right to object: You can object to the processing of your personal data, which is carried out on the basis of Art. 6(1) lit. f) GDPR (data processing on the basis of legitimate interests), at any time. In particular, you have the right to object to electronic (e-mail) or telephone advertising at any time without incurring any costs other than the transmission costs according to the basic rates.
You are welcome to assert your rights using our contact details given at the beginning.
In addition, you have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR). This also includes the data protection supervisory authority responsible for us, which can be reached under the following contact details: The State Commissioner for Data Protection North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.
9. Data protection information for further use
In the following and in addition to the information provided under Sections 1 until 8 certain data processing operations are presented in detail:
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the system of the calling computer. The following data is processed:
- Information about the browser type and used version
- The user's operating system
- The user's internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website.
The data is stored in the log files of our system. The data is stored in system log files to ensure the functionality of our website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems.
Use of Ads Defender for defence against click fraud
We use the service Ads Defender Click Fraud provided by Hurra Communications GmbH, Lautenschlagerstraße 23 a, 70173 Stuttgart, Germany. The service is used to analyse and prevent click fraud on the advertisements we have put online. Click fraud occurs when clicks on advertisements are generated by automatic instruments or frequent clicks on advertisements are not made on the basis of an authentic user interest. During the analysis by the service, the following personal data is processed when clicking on advertisements: IP address, used browsers, operating system used, location information, referrer URL, online identifiers such as click and cookie IDs, transaction information ("conversions"), duration of use and time of access and information about interactions with advertising material and our website.
You have the option to object to this data processing by way of an Opt-Out
with effect for the future.
"Session" cookies do not remain on your computer when you leave our website or close your browser. With the help of the collated information we can analyse usage patterns and usage structures on our website. This allows us to optimise our website by improving the content or personalisation and making it easier to use.
"Permanent" cookies are cookies that remain on your computer. They are used to facilitate shopping, personalisation and registration services. For example, cookies can keep track of what you have selected to buy as you continue shopping. In addition, you only need to enter your password once on websites that require you to log in. "Permanent" cookies can be removed manually by the user.
We use the services of trbo GmbH, Leopoldstraße 41 in 80802 Munich, Germany. This service serves to analyse visitor behaviour for the purpose of targeting and re-targeting. You can revoke your consent at any time with effect for the future. In the event of revocation, trbo undertakes to delete the personal data immediately, unless deletion is contrary to mandatory statutory retention obligations. The revocation with the result of deletion of your previous data, can be made informally both by mail to trbo GmbH, Leopoldstraße 41, 80802 Munich, Germany and at any time by e-mail to the electronic mailbox firstname.lastname@example.org
. You can object to future tracking via the cookie settings on our website or via the following link: http://track2.trbo.com/optout.php
This website uses the personalisation and web analytics service Kameleoon. The program enables an analysis of user behaviour based on (automated) user segmentation. Based on the evaluation of the log file data, we can determine how the individual user segments visit the website, which landing pages are visited and how an increase in click rates can be achieved. The system analyses your behaviour and its context when using this website and assigns it anonymously to target groups.
For the analyses, cookies/the local storage of the browser are used which are linked to a pseudonymised ID. For this purpose, your IP address will be fully anonymised and not stored. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon will not be merged with other Kameleoon data.
The use of Kameleoon serves to evaluate your use of the website and to compile reports on website activity so that we can regularly improve our offer.
. You can also object to future tracking via the cookie settings on our website.
This website uses technologies from Criteo SA (32 Rue Blanche, 75009 Paris, France) to collect and store data for marketing and optimisation purposes.
By using Criteo, additional pixels are loaded from contractors with whom Criteo cooperates. An overview of all publishers and networks from which pixels are loaded can be found here.
You can object to this pseudonymous analysis of your browsing behaviour at any time. At the following link from Criteo you will find instructions on how to deactivate Criteo's service. You can also object to future tracking via the cookie settings on our website.
Please note that if you opt out of displaying personalised ads from Criteo and other advertising partners, you will continue to receive ads that are less tailored to your interests/browsing behaviour.
Customer Relationship Management (CRM)
We process your personal data in a Customer Relationship Management (CRM), i.e. a software system for customer support. This system enables the customer support measures in a central database. With CRM, we have the opportunity for individual customer service and an adapted customer approach.
As part of the CRM, the customer information is processed for this purpose. Depending on the customer's status, these are name, address, contact details, shopping cart, orders, vouchers, complaints, payment methods, participation in sweepstakes.
For the needs-based design and optimisation of our website, anonymised data is collected and stored using solutions and technologies from econda GmbH (https://www.econda.de/en/
) and user profiles are created from this data using pseudonyms. For this purpose, cookies can be used that enable the recognition of an internet browser. User profiles are not merged with data about the holder of the pseudonym. In particular, IP addresses are made unrecognisable immediately upon receipt. Visitors of our website can object to this data collection and storage at any time for the future under https://www.econda.de/en/data-protection/revocation-for-data-storage/
. You can also object via the cookie settings on our website.
Use of print advertising by adnymics
When you place an order in our online shop, we may enclose an inlay with product recommendations and possibly voucher codes to some packages. In doing so, your name for the salutation, your customer ID and order ID assigned by us for the assignment of the inlay, your gender for the choice of salutation, the used language and the online shop you used for your order will be processed for the choice of layout. For this purpose, we use the services of the service provider adnymics (adnymics GmbH, Denisstraße 1b, 80335 Munich, Germany), which designs and prints the relevant package inlays on our behalf as part of order processing. You have the right to object to the processing at any time by contacting us using the contact details provided at the beginning of this privacy notice.
For further information on the processing of your data by adnymics, please refer to adnymics' online data privacy notice at https://adnymics.com/en/privacy/
Facebook Custom Audiences
We use the remarketing function "Custom Audiences" of Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). This allows the behaviour of a user to be tracked after having been redirected to the provider's website by clicking on a Facebook ad. This is intended to enable evaluation of the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data is in principle anonymous to us, i.e. it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/
). A cookie may also be stored on your computer for this purpose.
If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the "Custom Audiences" remarketing function here: https://www.facebook.com/settings/?tab=ads
. To do this, you must be logged in to Facebook. You can also object via the cookie settings on our website.
Current information on the General Data Protection Regulation (GDPR) can be found here: https://en-gb.facebook.com/business/gdpr
We use Flowbox to share Instagram posts – in the form of images and videos – of our community for marketing purposes in our online shop, on our social media channels and in email marketing. For this purpose, we ask for permission on Instagram under each post in the comment area, which can be given by the respective user with the answer "#yesgerry". For more information, see gerryweber.com/yesgerry
More information about Flowbox can be found here: https://getflowbox.com/en/
We use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google in a member state of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Opt-out cookies prevent the future collection of your data when you visit this website. In order to prevent Google Analytics from collecting data across different devices, you must perform the opt-out on all used systems. If you click here, the opt-out cookie will be set: Disable Google Analytics.
You can also object via the cookie settings on our website.
. On this website, we have added the "anonymizeIp()" function to the Google Analytics code. The collection of IP addresses is thus anonymised.
Google AdWords Conversion Tracking
If you have reached our website via a Google ad, statistics on our conversion rate can be created with the help of a Google AdWords cookie, which expires after 30 days. This means that we learn how many users visit our website and purchase a product through our websites within 30 days. It is not possible to draw any conclusions about your person.
Information and objection:
If you do not wish to participate in the tracking process, you can deactivate the conversion cookies by setting your browser settings to block cookies from the corresponding domain:
Google Adwords: googleadservices.com
You can also object via the cookie settings on our website.
Current information on the General Data Protection Regulation (GDPR), how Google specifically protects and processes your data, can be found under https://privacy.google.com/businesses/
We use the "Google Maps" component on our site. "Google Maps" is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google".
Each time this component is accessed, Google sets a cookie in order to process user settings and data when the page, on which the "Google Maps" component is integrated, is displayed. As a rule, this cookie is not deleted by closing the browser, but expires after a certain period of time, unless you delete it manually beforehand.
If you do not agree with this processing of your data, you have the option of deactivating the "Google Maps" service and thus preventing the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we advise that in this case you will not be able to use "Google Maps" or only to a limited extent.
as well as the additional terms and conditions for "Google Maps"https://www.google.com/intl/en_en/help/terms_maps/
If you are logged in with your personal account at the time you access the "Google Maps" page, Google can collect the information obtained in this way as well as your IP address and other browser-related information and link it to your account.
If you want to prevent this transmission and storage of data about you and your behaviour on our website by Google, you must log out of these providers before you visit our site.
You can also object via the cookie settings on our website.
We have integrated components of the "Instagram" service on our website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to disseminate such data on other social networks.
The operating company of Instagram's services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time one of the individual pages of this website is accessed, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, the Internet browser on the IT system of the data subject is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Instagram at the same time, Instagram recognises which specific subpage the data subject is visiting each time the data subject calls up our website and for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Instagram receives information via the Instagram component that the data subject has visited our website any time the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.
You can also object via the cookie settings on our website.
There is a contact form on our website which you can use to contact us electronically. The data entered in the input mask as well as the date and time of registration as well as your IP address will be stored in this context. Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored.
The processing of the personal data from the input mask or the e-mail serves us solely to process the contact or the conversation with you. Herein also lies the necessary legitimate interest in the processing of the data. The other personal data processed serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
Detection and prevention of abuse
We collect, process and use the following data to automatically check whether there are indications of misuse of the online shop:
Your data for the processing of the contract (e.g. object of purchase, name, postal address, e-mail address, delivery address, payment method and payment data)
The usage data of your website visits to the online shop (e.g. information about the beginning, end and scope of the websites visited as well as click paths)
A cookie (i.e. a small text file that is stored locally in the cache of the web browser) and/or a visitor ID, each of which may contain anonymous data of the end devices used when visiting the websites (e.g. your screen resolution or your operating system version) and through which the end devices you are using can be recognised with a certain probability on subsequent visits.
Accordingly, you should ensure that you inform third parties to whom you provide the devices you use about this and that they also tolerate the measures described or otherwise do not visit our online shop with your devices.
The usage data of your website visits are taken from a database in which they are stored under a pseudonym. We have commissioned Infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany, as a processor to carry out the detection and prevention of misuse. If there is a suspicion of abuse, one of our employees will review the evaluation and the underlying indications. If a contract is refused, you will be informed of this and, upon request, you will be informed of the essential reasons for the decision. You will then have the opportunity to assert your point of view by e-mail: email@example.com
, whereupon the decision will be reviewed again by a member of staff. You can prevent such a procedure at any time with effect for the future by sending an informal short message to E-GERRY WEBER Digital GmbH
, Neulehenstr. 8, 33790 Halle/Westphalia, Germany or by e-mail to firstname.lastname@example.org
. Further use of the GERRY WEBER online shop may then no longer take place at our discretion.
Emarsys – Newsletter sending and e-mail communication
We offer the registration for various newsletters on our website. For this and for further e-mail communication with you (i.e. in relation to the ordering process), we involve Emarsys Interactive Services GmbH, Willi-Schwabe-Straße 1, 12489 Berlin, Germany as a service provider for the sending and personalisation of the communication and the newsletter.
We use the services of Pinterest Inc., 808 Brannan St, San Francisco, CA 94103-4904, USA, for our social media presence. Pinterest as the advertising platform operator and we, as the operator of a channel located on the platform, are jointly responsible for the protection of your personal data pursuant to Art. 26 GDPR. Responsible for the data processing of persons living outside the United States is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
With the use of Pinterest, personal data is processed by Pinterest and us. The recipients of the data are Pinterest and us, otherwise in the case of publications, the public (i.e. potentially everyone). The legal basis for data processing is the legitimate interests of Pinterest and us in advertising, recommendations, insights and measurements in accordance with Art. 6 (1) lit. f.) GDPR.
We advise that you use the Pinterest channel and its functions in your own responsibility. This applies in particular to the use of interactive functions. Furthermore, due to availability of other contact channels, there is no reason to communicate with us via Pinterest.
Regardless of where you live, we cannot rule out the possibility that your information may be transferred to and used in the United States, Ireland and other countries in which Pinterest Inc. does business. We have no influence on the type and scope of the data processed by Pinterest.
You can assert your rights under Art. 15-21 GDPR with regard to your personal data processed by Pinterest Europe directly with Pinterest Europe. The e-mail address known to us for this is: email@example.com
On our website, we use the customer review tool of Shopauskunft.de GmbH & Co.KG, c/o SPACES, Gorch Fock Wall 1A, 20354 Hamburg, Germany. If you submit a voluntary and optional review to Shopauskunft.de, the information entered there will be collected and published by the Shopauskunft.de portal. Your reviews are generally voluntary and you are free to choose whether you enter your name there in full or abbreviated or use your own anonymous pseudonym for this purpose.
We have online presences within the social networks Facebook, Instagram, Pinterest, Twitter, WhatsApp and YouTube.
When accessing our profiles in the social networks, the terms and conditions and the data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy notice, we process user data if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages. The sending of personal data on these platforms is always voluntary. The personal data in the communications that can be viewed by us or the public can be deleted by the user at any time.
You can access the data protection information of the web services here:FacebookGoogleInstagramPinterestTwitterWhatsApp
We use the feedback service "Usabilla for Websites" from Usabilla to analyse user feedback and optimise the website. When a user uses the feedback button or participates in an online survey, no personal data is collected or stored.
We use web beacons in conjunction with cookies to compile aggregate statistics about website usage. A web beacon is an electronic, invisible image, also known as a single-pixel GIF or blank GIF. Web beacons can recognise certain types of information on a visitor's computer, such as a visitor's cookie number, the time and date the page was viewed, and a description of the page on which the web beacon is located. You can render some web beacons unusable by rejecting the cookies associated with them.
. You can also prevent the processing of your data by changing the settings at the following address: https://adssettings.google.com/authenticated
. You can also object via the cookie settings on our website.
10. Questions about data protection
Effective April 2023