Privacy Policy
for the Website of OUTFIT GmbH
Please Note: This English translation of the Privacy Policy is provided for convenience and understanding only. In the event of any discrepancies or inconsistencies, the German version of the Privacy Policy shall prevail and is legally binding.
The information in this statement applies to the processing of personal data on or via our website and is intended in particular to inform you about the scope of processing, the purposes of processing, recipients, legal bases, storage periods, as well as your rights. Personal data means any information relating to an identified or identifiable natural person, i.e., a human being (hereinafter also referred to as the ‘data subject’). This includes, for example, your name, address, or email address. ‘Processing’ of personal data refers in particular to the collection, storage, use, and transmission of such data
I. Name and Address of the Controller
The controller as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of Member States as well as other data protection provsions is: :
Outfit GmbH
Beim Kupferhammer 5
D-72070 Tübingen
Tel. +49 (0) 7071 93570
info@outfit.de
www.outfit.de
II. Contact Details of the Data Protection Officer
You can reach our Data Protection Officer as follows:
Outfit GmbH
– Data Protection Officer –
Beim Kupferhammer 5
D-72070 Tübingen
Tel. +49 (0) 7071 93570
datenschutz@outfit.de
www.outfit.de
III. General Information on Data Processing
1. Legal Bases for the Processing of Personal Data:
Where we obtain the data subject’s consent for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing
2. Erasure of Data and Storage Period
The personal data of the data subject will be deleted or the processing will be restricted as soon as the purpose of storage no longer applies. Storage may continue beyond this point if such storage is required by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject.
IV.Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Whenever our website is accessed, our system automatically collects data and information from the computer system of the device used to access it (computer, smartphone, tablet, etc.).
The following data is collected in this process:
The IP address of the accessing device
Browser type / browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
These data are also stored in our system’s log files. Storage of these data together with other personal data of the user does not take place.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of the data and the log files is Article 6(1)(f) GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s device. For this purpose, the user’s IP address must be stored for the duration of the session.
The storage of data in log files serves to ensure and improve the functionality of the website and for statistical evaluations
These purposes also constitute our legitimate interest in data processing.
4. Storage Period
The data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. In the case of collection of data for providing the website, this is the case once the respective session has ended.
In the case of storage in log files, the data are deleted after no more than 7 days. Storage beyond this period is possible. In such cases, the IP addresses of the users are deleted or anonymized so that an assignment to the accessing client is no longer possible.
V. Cookies
1. Description and Scope of Data Processing
Cookies are small text files that are assigned to and stored by the browser you use on your device’s hard drive, and through which certain information is transmitted to the entity that sets the cookie.
We use the following cookies:
We use so‑called session cookies on our websites. The purpose of these cookies is to identify your device during a visit to our website and to determine when your visit ends. These cookies store a so‑called session ID, which allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized if you return to our website during the same browser session.
When you visit our website, we inform you via a cookie banner that we use cookies. If you click “Accept” on the cookie banner, a cookie containing this information is stored on your device (“consent cookie”), so that the cookie banner is not shown again during subsequent visits.
If you have a user account and log in, you have the option to activate the “Remember login” function. If you do so, a cookie will be set on your device that identifies you to us as logged in, so that you do not have to log in again each time (“login cookie”).
In addition, cookies set as part of web analytics through Google Universal Analytics are used (see Section IV).
2. Legal Basis for the Processing of Personal Data
The legal basis for the processing of users’ personal data is Article 6(1)(f) GDPR.
3. Purpose of Data Processing
Cookies enable us to make our website more user‑friendly and to ensure the security of its operation. These purposes also constitute our legitimate interest in processing the data.
4. Storage Duration and Possibility of Objection and Removal
Session cookies are deleted two hours after you leave our website. The consent cookie is automatically deleted after two months, and the login cookie after three months, unless you delete these cookies manually beforehand.
Cookies are stored on your device and transmitted from it to our site. You therefore have the option to deactivate, restrict, or delete the transmission of cookies by adjusting your browser settings. If cookies are deactivated for our website, not all functions may be available to their full extent.
VI. Web Analytics Using Google Universal Analytics
1. Scope of Data Processing
Our website uses Google Universal Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Universal Analytics uses cookies that are stored on your device when you access our website and enable an analysis of your use of the website. The information generated by the cookies about the use of the website by users is generally transmitted to a Google server in the USA and stored there. IP anonymization has been activated on this website, so that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. In some cases, the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Universal Analytics is not merged with other Google data.
2. Legal Basis for the Processing of Personal Data
The legal basis for processing users’ personal data is Article 6(1)(f) GDPR.
3. Purpose of Data Processing
Processing user data through Google Analytics enables us to analyze the browsing behavior of our users. The evaluation of the collected data allows us to compile information about the use of individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data. By anonymizing the IP address, the users’ interest in the protection of their personal data is adequately safeguarded.
4. Storage Duration and Objection Options
Cookies are stored on the user’s device and transmitted from it to our site. Therefore, you as a user have full control over the use of cookies. By adjusting the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, not all functions of the website may be fully usable.
You can object to the data collection described above with effect for the future at any time by using the Google Analytics opt‑out browser add‑on available at:
You can also prevent collection by Google Universal Analytics by clicking this link. An opt‑out cookie will be set, preventing future collection of your data when visiting this website. The opt‑out cookie applies only to this browser and only to our website, and it is stored on your device. If you delete cookies in this browser, you must reset the opt‑out cookie.
Further information on Google’s terms of use and privacy can be found at:
http://www.google.com/analytics/terms/de.html
http://www.google.com/intl/de/analytics/privacyoverview.html
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=2790009
5. Recipients of the Data and Transfer to a Third Country
The recipient of the data is Google. If personal data is transmitted to the USA, such transmission to Google as a third country within the meaning of the GDPR is permissible under Articles 44 and 45 GDPR, as an adequate level of data protection is ensured for this company.
An adequacy decision of the European Commission exists based on Art. 25(6) of the EU Data Protection Directive (1995) in the form of the so‑called EU‑US Privacy Shield. The EU‑US Privacy Shield is an intergovernmental agreement between the United States and the European Union regulating the protection of personal data transferred from an EU Member State to the USA. Through a self‑certification process monitored by US authorities, it is ensured that only companies guaranteeing data protection equivalent to EU standards process personal data from the EU in the USA. Google has certified itself under the EU‑US Privacy Shield. Thus, an adequate level of protection exists for this recipient, even in the absence of an adequacy decision under Article 45 GDPR. You can view current certifications here: https://www.privacyshield.gov/list.
VII. Google Maps
1. Scope of the Processing of Personal Data
We use Google Maps on our website to display our location. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access our contact page, in which Google Maps is integrated, Google places a cookie on your device to process user settings and data required for displaying the page and for the functions associated with Google Maps.
By using Google Maps, information about your use of this website, including your IP address and the (starting) address entered as part of the route planning function, may also be transmitted to Google in the USA. When you open our contact page containing Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted directly from Google to your browser and integrated into the website. According to our knowledge, the following data are collected by Google in this context:
– Date and time of the visit to the relevant webpage,
– Internet address or URL of the accessed webpage,
– IP addres, as well as (Starting) address entered as part of route planning.
2. Legal Basis for the Processing of Personal Data
The legal basis for processing users’ personal data is Article 6(1)(f) GDPR.
3. Purpose of Data Processing
We use Google Maps to display our location. These purposes also constitute our legitimate interest in processing the data.
4. Storage Duration and Possibility of Objection
Cookies are stored on the user’s device and transmitted from it to our website. Therefore, as a user, you have full control over the use of cookies. By adjusting the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, not all functions of the website may be available to their full extent.
If you do not want Google to collect, process, or use data about you via our website through Google Maps, you can deactivate JavaScript in your browser settings. However, in this case you will not be able to use the map display.
Information about the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights in this regard and privacy settings options, can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de
5. Recipients of the Data and Transfer to a Third Country
The recipient of the data is Google. In cases where personal data are transmitted to the USA, such transmission to Google in the USA as a third country within the meaning of the GDPR is permissible under Articles 44 and 45 GDPR, as an adequate level of data protection is ensured for this company. For details, please refer to Section VI, No. 5 of this privacy policy.
VIII. Contact via email, contact form or telephone
1. Description and scope of data processing
It is possible to contact us via the email addresses provided on our website. In this case, the personal data transmitted with the email are collected.
Our website also includes a contact form through which you can send us support requests regarding our products.
Through this form, we collect, among other things, the following data:
• EMail address
In addition, we collect any data that you provide in your individual message.
You can also contact us via the telephone numbers provided. In the case of telephone contact, we generally collect, as part of call notes, the data that you provide to us or that are automatically transmitted with your call. These include, among others, your name, your request, and your phone number.
2. Legal basis for data processing
The legal basis for processing the data transmitted in the course of contacting us via email, contact form, or telephone is Article 6(1)(f) GDPR. If the contact is aimed at concluding a contract or occurs in the context of an existing contractual relationship, an additional legal basis for processing is Article 6(1)(b) GDPR.
3. Purpose of data processing
The processing of personal data serves solely to handle the contact request. This also constitutes the legitimate interest required for processing the data.
4. Storage period
The data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. For personal data transmitted via email, contact form, or telephone, this is the case when the respective conversation with you has ended. The conversation is deemed ended when it can be inferred from the circumstances that the relevant matter has been conclusively resolved.
If, in the course of communication, data are generated that we are obligated to retain or store due to tax, commercial, or other legal requirements, deletion will only take place after the expiration of the respective statutory retention or storage periods. The legal basis for this storage is Article 6(1)(c) GDPR.
IX. Registration / Customer Account
1. Description and scope of data processing
On our website, we offer customers the opportunity to create a customer account by entering personal data. The data are entered into an input form, transmitted to us, and stored. The following data are collected during the registration process:
First and last name
Email address
Address
Password
Telephone number
At the time of registration, the following data are also stored:
The IP address of the user
Date and time of registration
2. Legal basis for data processing
The legal basis for the processing of the data is Article 6(1)(b) GDPR.
3. Purpose of data processing
The processing of personal data in the context of creating and providing the user account is carried out in order to provide the user with the corresponding functionalities of the user account and therefore serves to fulfil the relevant agreement with the user.
4. Storage period
The data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. For data stored in the customer account, this is generally the case when the customer account is deleted.
If, in connection with the customer account, data are generated that we are legally obliged to retain or store due to tax, commercial, or other legal requirements, deletion will only occur after the expiration of the respective statutory retention or storage periods. The legal basis for this storage is Article 6(1)(c) GDPR.
X. Newsletter
1. Description, scope and purpose of data processing
As part of registering for a customer account, you also have the option to subscribe to our newsletter. In this case, we use your email address and your name to send you information and advertising regarding products, promotional campaigns and events by email.
2. Legal basis for data processing
The legal basis for processing the data is Article 6(1)(a) GDPR.
3. Storage period and withdrawal of consent
You can unsubscribe from our newsletter at any time and thereby withdraw your consent, for example via the corresponding settings in your customer account or via the links provided at the end of each newsletter.
If you withdraw your consent, we will no longer use your data for sending our newsletter. However, we will store your email address and proof of your consent for a period of three years beginning at the end of the year in which we last sent you our newsletter before your withdrawal, so that we can prove your consent in the event of a dispute. After this period, we will delete the data unless we need them for other purposes listed in this statement, for example if you still maintain a customer account with us.
4. Recipients of the data and transfer to a third country
In connection with sending the newsletter, we forward your email address to The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (provider of the newsletter platform “MailChimp”), or to SendGrid Inc., 1801 California Street, Denver, CO 80202, USA. The Rocket Science Group, LLC and SendGrid Inc. are newsletter management service providers that send our newsletter on our behalf as processors (see Article 28 GDPR). Your personal data will be processed by these companies in the USA on our behalf in the course of sending the newsletter.
A transfer to The Rocket Science Group, LLC and SendGrid Inc. in the USA is permitted. Both The Rocket Science Group, LLC and SendGrid Inc. have each certified themselves in accordance with the requirements of the EU-US Privacy Shield. Details of the Privacy Shield can be found in Section IV No. 5 of this privacy policy.
XI. Requests on our website
1. Description and scope of data processing
When you submit requests on our website, we collect the data that are visible from the requested form fields and from the order itself, including:
Title/Salutation
Name/company of the contact person
Address
Email address
Telephone number
2. Legal basis for the processing of personal data
The legal bases for processing these data are Article 6(1)(b) and (f) GDPR.
3. Purpose of data processing
We use the data of the respective request in order to process and invoice it. If you have a customer account, we also use the data to provide your order history. These purposes also constitute our legitimate interest in processing the data.
4. Data transfer and collection by payment service providers
For the performance of the contract, we transfer your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
5. Storage period and possibility of objection and removal
The data relating to your customer account, including order history, are stored by us until your customer account is deleted.
Outside your customer account, we use the data of your individual orders to process and invoice them. After execution, invoicing and payment of an order, we store the data for as long as we are obliged to do so due to tax, commercial or other legal requirements. Only then will the data be deleted. The legal basis for this storage is Article 6(1)(c) GDPR.
XII. Categories of recipients of personal data
For the provision of our website and the offered contact options, we make use of various service providers, including hosting providers and email providers, who process the data stored with them exclusively on our behalf as processors pursuant to Article 28 GDPR within the European Union.
XIII. Rights of the data subject
If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller (subject to the additional conditions set out in the relevant provisions):
–Right of access under Article 15 GDPR
–Right to rectification under Article 16 GDPR
– Right to erasure (“right to be forgotten”) under Article 17 GDPR
– Right to restriction of processing under Article 18 GDPR
– Right to notification under Article 19 GDPR
– Right to data portability under Article 20 GDPR
– Right to object under Article 21 GDPR
– Right not to be subject to automated decision-making under Article 22 GDPR
– Right to withdraw consent to the processing of personal data under Article 7(3) GDPR
To exercise these rights, please contact us using the contact details provided at the beginning.
Irrespective of any other administrative or judicial remedy, you also have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of personal data concerning you infringes the GDPR.