A. The controller for data processing purposes
In accordance with the provisions of the General Data Protection Regulation (GDPR), the entity responsible for processing personal data in connection with this website is:
The FFanatics GmbH Tal 12 D-80331 Munich Phone: +49 (0)89/ 58 80 11 80 0 Web: www.theffanatics.com E-mail: firstname.lastname@example.org
B. Data processing
We process data as part of the operation of our website. Data processing also includes disclosure by means of transmission. In the case of data transmissions to the United States, an EU Commission adequacy decision is in place regarding the EU-US Privacy Shield. In this decision, the Commission certified that the guarantees for the transfer of data to the United States on the basis of the EU-US Privacy Shield comply with data protection standards in the EU. In the event that we transmit data to the United States, we have noted the participation of our service providers in the EU-US Privacy Shield. Details regarding the data concerned, processing purposes, legal bases, recipients and transfers to third countries are listed below:
a) Log file
We log your visit to our website. The following data is processed in this context: Name of the website accessed, date and time of access, the amount of data transferred, the browser type and version, the operating system you are using, the referrer URL (the previously visited website), your IP address and the requesting provider. This is necessary to ensure the security of the website. We process this data on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. The log file is deleted after seven days unless it is required for clarification or verification of specific violations of the law of which we have become aware within the retention period.
All data to be processed in connection with the operation of the website is stored within the scope of hosting. This is necessary to enable the operation of the website. We process this data on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. We use the services of web hosting providers to whom we transmit the data referred to above in order to make our website available.
c) Contacting us
If you contact us, your data (name and contact details – if you have provided them) and your communication will be processed exclusively for the purpose of responding to your inquiry. We process this data on the basis of Art. 6(1)(b) GDPR or Art. 6(1)(f) in order to respond to your inquiry.
d) Customer account
If you open a customer account, you agree that your master data (name, address, e-mail address, bank details) as well as your usage data (user name, password) will be stored. This allows us to identify you as a customer and allows you to manage your orders.
In your customer account you can choose between different types of privacy settings. The default setting after the signup is always a private account.
Your data will be processed on the basis of your consent in accordance with Art. 6(1)(a) GDPR.
e) Purchase transactions
If you purchase a product via our platform, we process your address and transaction data (name, date of order, method of payment, date of dispatch and/or receipt, amount and recipient of payment, bank details or credit card data if applicable) and transmit this data to the relevant designer. We process this data for the performance of the purchase contract on the basis of Art. 6(1)(b) GDPR.
f) Live & Video Chat with a Personal Stylist
To provide you with individual advice on our website, we offer the opportunity to have a live & video chat with a personal stylist. If you decide to use our live chat, we will process the following data from you: Date, time of day and chat history. This data is processed within the scope of pre-contractual activities in accordance Art. 6(1)(b) GDPR.
g) Open group chats
To provide you with the possibility of an exchange with other platform members, we offer open group chats where members can act in public.
Suitable content can be used by the editorial department to create user stories and publish them as new content. As far as this affect data of yours, the data will be as well processed for this purpose. Data processed in context of created user stories will be made available to the public. This data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
h) Website analysis and marketing
aa) Google Analytics
We use Google Analytics, a web analysis service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To do so, Google sets certain cookies. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. We will use this stored information to evaluate the use of the website, to compile reports on website activities for website operators and to provide other services related to the use of the website. We process the data obtained in this manner on the basis of your consent in accordance with Art. 6(1)(a) GDPR. Google will not under any circumstances associate your IP address with any other data held by Google. Please note that this website uses Google Analytics with the extension "anonymizeIp()". This shortens IP addresses before they are sent to a server in the United States. As a rule, this precludes the association of the stored data with any identifiable person. Only in exceptional cases is the full IP address transmitted to a server in the United States and shortened there. You can object to the collection of data at any time with prospective effect by using the Google Analytics deactivation add-on for browsers at tools.google.com/dlpage/gaoptout
Please also refer to information on the use of data from Google within the Google Partner Network at: tools.google.com/dlpage/gaoptout
Google is certified under: www.privacyshield.gov/participant
Further information on data protection can be found at: policies.google.com/privacy
We use the Google Analytics function "Cross Device Tracking” in order to optimize the offerings on our website. This makes it possible to process information about the use of the website across devices using a UserID. In this context, we process such data on the basis of your consent in accordance with Art. 6(1)(a) GDPR.
We use Hotjar, a web analyses service operated by Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Silema SLM 1640, Malta, Europe („Hotjar“). In order to collect statistical information about your use of the site and your devices Hotjar sets cookies and makes use of other tracking technologies. Hereby Hotjar processes the following data: use of the site (clicks, mouseflow, scroll height etc.), IP address (collected and saved anonymously), name and e-mail address (in case provided), display seize of the device used, device type, browser settings, location (country) in order to select the preferred language for the presentation of the website. This data is transmitted to Hotjar. Hotjar stores the data in a pseudonymized user profile. We or Hotjar will not associate this information with other data users or in order to identify a single user. We process the data on the basis of our overriding interest in the optimal marketing of our online offerings in accordance with Art. 6(1)(f) GDPR. You can object to the collection of data at any time with prospective effect by using the following link hotjar.com/opt-out. Further information on data protection can be found at: hotjar.com/legal/policies/privacy
i) Integration of third-party content
We use third-party dynamic content to optimize the presentation and offerings on our website. When visiting the website, an API is automatically used to make a request to the server of the respective content provider as part of which certain log data (e.g. the IP address of the user) is transmitted. The dynamic content is then transmitted to our website and displayed there. We use third-party content in connection with the following functionalities:
aa) Integration of YouTube Videos
We have integrated videos from YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA ("YouTube”) on our website. Log data is transferred to YouTube servers in the United States when the videos are played. Processing in this manner is performed on the basis of our overriding interest in the optimal marketing of our online offerings in accordance with Art. 6(1)(f) GDPR. YouTube is certified under: www.privacyshield.gov/participant Further information is available at: policies.google.com/privacy
bb) Integration of Vimeo videos
We have integrated videos from Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA into our website. When playing videos, log data is transmitted to Vimeo 's servers in the United States. Processing in this manner is performed on the basis of our overriding interest in the optimal marketing of our online offerings in accordance with Art. 6(1)(f) GDPR.
Further information is available at: vimeo.com/privacy
j) Social plugins
Facebook plugin: From Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Certification at: www.privacyshield.gov
Twitter plugin: From Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. Certification at: www.privacyshield.gov/participant Further information is available at: twitter.com/en/privacy
Pinterest plugin: From Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Further information is available at: policy.pinterest.com/de/privacy-policy
C. Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or until you revoke your consent. The retention period for certain data can be up to 10 years irrespective of the processing purposes in the event we must comply with statutory retention obligations.
D. Your rights as a data subject
Upon request, you may receive information about all personal data that we have stored about you at any time and free of charge.
b) Rectification, erasure, restriction of processing (blocking), objection
Should you no longer agree to the storage of your personal data or should such data have since become incorrect, we will arrange for the erasure or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law) upon instruction from you. The same applies if we should only process data to a limited extent in future.
c) Data portability
Upon request, we will provide you with your data in a standard, structured and machine-readable format so that you can, if you wish, transmit your data to another controller.
d) Right to lodge a complaint
Upon request, we will provide you with your data in a standard, structured and machine-readable format so that you can, if you wish, transmit your data to another controller. www.bfdi.bund.de/DE/Infothek
e) Right to revoke consent with prospective effect
You can revoke your consent at any time with prospective effect. Your revocation does not affect the legality of processing conducted before your revocation.
The rights described above do not apply to data for which we are not able to identify the data subject, e.g. if anonymised for analysis purposes. Information, erasure, blocking, rectification or transfer to another company with regard to this data may be possible if you provide us with additional information that enables us to make such an identification.
g) Exercising your rights as a data subject
If you have any questions regarding the processing of your personal data, or if you would like to request information, rectification, blocking, if you would like to object or have your data erased, or if you wish to transfer your data to another company, please get in touch with email@example.com.
Last Update February 2020