This data protection declaration relates to the processing of your personal data in the online shop of GERRY WEBER. In order to make this data protection declaration more easily readable, we use the term “GERRY WEBER”.
Responsible party for the data processing and point of contact in case of queries
GERRY WEBER Retail GmbH
33790 Halle in Westf., Germany
Tel: 00800 999 22 333 (international free phone number)
Contact details for the data protection officer:
Types of personal data which are processed by GERRY WEBER:
Depending on the customer relationship, we process the following categories of your personal data:
- Contact information (for example name, address, email address, telephone number)
- Contract data within the framework of the customer loyalty programme (customer number, sales, points balance)
- Payment and billing data (for example bank details)
Purpose and legal basis of the processing
The personal data relating to you is processed for the following purposes and in accordance with the following legal basis:
- Fulfilment of the customer card programme (Article 6 Paragraph 1 Letter b GDPR)
- Data processing in order to fulfil a contract (Article 6 Paragraph 1 Letter b GDPR)
- Data processing based on your consent (article 6 Paragraph 1 Letter a GDPR)
- Processing of complaints
The processing on the basis of legitimate interests (Article 6 Paragraph 1 Letter f GDPR) by GERRY WEBER includes the use and analysis of your personal data for:
- Product information relating to collections, products and services
- Measures to improve and develop services and products, so that we can offer suitable products to you which are tailored to your requirements
- Carrying out market and opinion research
- Creation of transparency and quality in relation to our products, services and communication
- Getting in touch with information agencies (such as Schufa and Creditreform) in order to calculate creditworthiness and non-payment risks
- Determining your address
- Creditworthiness checks
In addition, GERRY WEBER processes personal data in order to fulfil legal obligations (for example under commercial law or tax laws) on the basis of Article 6 Paragraph 1 Letter c GDPR.
Origin of your personal data
GERRY WEBER gathers your personal data from you directly, for example via the registration form for the customer card programme or when you register for the newsletter.
Disclosure of personal data to third parties (recipients)
Disclosure and/or transfer of your personal data takes place within the framework of the purposes referred to above. Recipients of personal data can include:
- Payment and IT service providers
- Information agencies (Infoscore, Creditreform, Schufa)
- Call centres
- Marketing agencies
- Market research companies
- Service and co-operation partners
- Debt collection companies
- Printing and delivery companies
- Data disposal companies
- Advisers and consultancy companies
- Sales partners in the area of wholesale
Should data be passed on, this generally takes place within the framework of order processing. For this purpose, our service providers are obliged by contract to process the data in a secure, confidential and correct manner.
Processing of personal data generally takes place in the territory of the European Union (EU), should GERRY WEBER maintain a presence in these countries. A transfer of data to countries outside of the EU (third countries) or to international organisations only takes place if the special requirements set out in Article 44 ff GDPR are fulfilled.
Duration of the saving of data
Personal data is saved for the named purposes for the period of time which is necessary in order to fulfil the purposes and if no other legal retention obligations (German Commercial Code – HGB, German Tax Code – AO) or legal reasons for the saving exist. This means that at the latest following the expiry of the statutory retention obligations, as a rule 10 years following termination of the contract, GERRY WEBER will delete your personal data.
Your rights in relation to the processing of your personal data
You have the following rights in particular in relation to us concerning your personal data:
- Right to receive information concerning your personal data which is saved by us (Article 15 GDPR)
- Right of rectification, should the personal data relating to you be defective, out-of-date or incorrect (Article 16 GDPR)
- Right of erasure, should the saving be unlawful, the purpose of processing have been fulfilled and should the saving therefore no longer be necessary or should you have revoked any consent which you have issued in relation to the processing of certain personal data (Article 17 GDPR)
- Right to have the processing restricted, should one of the requirements stated in Article 18 Paragraph 1 Letters a to d GDPR be fulfilled (Article 18 GDPR)
- Right to have transferred the personal data relating to you which you have provided (Article 20 GDPR)
- Right to revoke any consent which you have issued, whereby the revocation will not affect the lawfulness of the processing which has taken place with your consent up until this time (Article 7 Paragraph 3 GDPR) and
- Right to complain to a supervisory authority (Article 77 GDPR). The State Office for Data Protection and Freedom of Information of the German State of North Rhine Westphalia, Postfach 20 04 44, 40102 Düsseldorf, Germany, telephone +49 (0) 211 384 24-0, fax +49 (0) 211 38424-10, email firstname.lastname@example.org (ldi.nrw.de) is responsible for us.
Right of objection
You can raise an objection to us at any time concerning the processing of your personal data for the purposes of direct advertising and/or market research without providing reasons.
Following the receipt of your objection, we will no longer process the personal data for the purposes of direct advertising and/or market research and will delete the data, provided that the processing is not necessary for other purposes (for example for fulfilment of the contract).
You can also raise an objection to us at any time in relation to other processing which is based on a legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR at any time for reasons connected to your specific situation, by stating these reasons. In case of a justified objection, we will generally no longer process the personal data for the reasons concerned and will delete the data, unless we can prove essential reasons for the processing which outweigh your interests, rights and freedoms or the purpose of the processing is the assertion, exercising or defence of legal claims.
Please address your objection to the address stated at the top of this document.
Data protection information for further use
This information also applies to subsequent, special use, unless provisions to the contrary have been concluded.
Provision of the website and creation of logfiles
Each time our internet site is accessed, our system automatically records data and information from the computer system of the accessing device.
During this process, the following data is gathered:
- Information concerning the browser type and version used
- The operating system of the user
- The internet service provider of the user
- The IP address of the user
- Date and time of the access
- Websites from which the system of the user was redirected to our internet site
- Websites which were accessed by the system of our user via our website
The data is also saved in the logfiles of our system. This data is not saved together with other personal data of the user.
The legal basis for the temporary saving of the data and system logfiles is Article 6 Paragraph 1 Letter f GDPR.
The saving in system logfiles takes place in order to ensure the functional capability of our website. In addition, the data allows us to optimise the website and to ensure the security of our IT systems. However, in such a case, the data is not evaluated for marketing purposes.
The data is deleted, once it is no longer necessary in order to fulfil the purpose for which it was gathered. In the case of data saved in logfiles, this is the case after seven days at the latest. It is possible for the data to be saved for longer than the above. In such a case, the IP address of the user will be deleted or disguised, so that the accessing client can no longer be traced.
“Session” cookies do not remain on your computer when you leave our website or close your browser. With the help of collected information, we can analyse usage patterns and structures on our website. In this way, we can optimise our website by improving the content or personalisation and simplifying the use.
“Permanent” cookies are cookies that remain on your computer. They are used to facilitate shopping, personalisation and registration services. Cookies can, for example, hold on to your selected purchases while you continue to shop. In addition, you only need to enter your password once on websites that require you to sign in. “Permanent” cookies can be removed by the user manually.
Most browsers accept cookies by default. Nevertheless, you can usually decline cookies or accept certain cookies selectively through your browser settings. If you deactivate cookies, in some circumstances certain features are no longer available to you on our website, and it is possible that some web pages will not display properly.
This website uses the tool AB Tasty for AB testing and for making continuous improvements to the website. The cookies used enable us to change the website and analyse changes. Should you not wish for this to take place, you can activate a cookie which can be obtained via this link: https://www.gerryweber.com/#abtastyoptout=1. This will lead to AB Tasty not being used. We would point out that in this event the website can no longer be used to the full extent.
Kameloon is an SaaS solution, which enables A/B tests and web personalisation. Customers and partners of Kamleoon use the solution in order to obtain a better understanding as to how their websites are used, as well as in order to provide their customers with an optimised user experience. During this process, Kameloon does not save any personal data. However, you can object to the use of Kameloon at any time by clicking on the following link: http://www.gerryweber.com/#kameleoonOptout=true.
On this website, data is collected and saved for marketing and optimisation purposes by using technology of Criteo SA (32 Rue Blanche, 75009 Paris, France).
By using Criteo, further pixels are loaded by contracting partners who cooperate with Criteo. An overview of all publishers and networks which load pixels can be found here.
You can object to this pseudonymous analysis of your surfing behaviour at any time. Via the following link of Criteo, you can find instructions on how to deactivate the service of Criteo.
Please bear in mind that you may continue to receive adverts after deactivating the display of personalised adverts by Criteo and other advertising partners which may correspond less closely to your interests and surfing behaviour.
We process your personal data in a customer relationship management (CRM) system, i.e. a software system for customer support. This system enables us to carry out support measures in a central database. The data processing of your customer data in the CRM system takes place on the basis of our legitimate interests and usually with your consent. With the CRM system, we are able to support you individually and contact you in a manner which is tailored to your needs and interests. During this process, we distinguish between:
- Guest orders
- Regular customers
- Customers who receive the newsletter
- Members of the customer loyalty programme
Within the framework of CRM, the customer information is processed for this purpose. Depending on customer status, this customer information includes: name, address, contact details, shopping basket, orders, vouchers, complaints, payment methods and participation in competitions.
In order to design our website in accordance with customer requirements and to optimise it, anonymous data is recorded and saved and user profiles are created from it using pseudonyms by using solutions and technologies provided by econda GmbH (www.econda.de). For this purpose, cookies may be used, which enable an internet browser to be recognised again in the future. User profiles are not combined with data of the holder of the pseudonym. In particular, IP addresses are disguised immediately after receipt. Visitors to our website can object to this data recording and saving at any time with effect for the future by visiting www.econda.de/econda/datenschutz/widerruf-datenspeicherung.html.
You can find up-to-date information concerning the General Data Protection Regulation (GDPR) here:https://www.facebook.com/business/gdpr#Wichtige-Rechtsgrundlagen.
We use Google Analytics, a web analysis service of Google LLC (“Google”). Google Analytics uses “cookies”, text files which are saved on your computer and which enable an analysis of the use of the website by you. The information produced by the cookies on your use of this website is, as a rule, transferred to a Google server in the US and stored there. In case of the activation of IP anonymisation on this website, your IP address will however be shortened first by Google within Member States of the European Union or other Member States of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information in order to evaluate your use of the website, to compile reports concerning the website activities and to provide other services for the website operator connected to the use of the website and the use of the internet. These purposes also correspond to our legitimate interest in data processing. The legal basis for the use of Google Analytics is Section 15 Paragraph 3 of the German Telemedia Act (TMG) and Article 6 Paragraph 1 Letter f GDPR.
The personal data of the user will be deleted or anonymised after 14 months. The deletion of data which no longer needs to be retained takes place once per month.
The IP address transferred by your browser within the framework of Google Analytics will not be combined with other data by Google. You can prevent cookie storage through settings in your browser software; we would, however, point out that in this event it is possible that you will not be able to use all of the functions of this website to their full extent. You can also prevent the recording of the data generated by the cookie which relates to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in which is available via the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).
Opt-out cookies prevent the future recording of your data when visiting this website. In order to prevent the recording by Google Analytics across multiple devices, you need to carry out the opt-out on all of the systems which you use. If you click here, the opt-out cookie will be set: Deactivate Google Analytics.
Google AdWords Conversion Tracking
Should you have been redirected to our website via a Google advert, then with the assistance of a Google AdWords cookie, which ceases to be valid after 30 days, statistics can be generated concerning our conversion rate. This means that we are informed of how many users visit our website and how many of these purchase a product via our websites within a period of 30 days. During this process, it is not possible to trace you personally.
Information and objection:
Should you not wish to participate in the tracking procedure, you can deactivate the conversion cookies by setting your browser settings in such a way that cookies from the relevant domain are blocked:
Google Adwords: googleadservices.com
Current information concerning the General Data Protection Regulation (GDPR) and how Google protects and processes your data in concrete terms can be found at: https://privacy.google.com/businesses/ and https://privacy.google.com/businesses/adsservices/.
We use the “Google Maps” components on our site. “Google Maps” is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google“.
Each time these components are accessed, a cookie is set by Google in order to process user settings and data when displaying the site in which the “Google Maps” components are integrated. This cookie is not generally deleted by closing the browser, rather it expires after a certain period of time, unless you delete it manually first.
Should you not agree to the processing of your data, it is possible to deactivate the “Google Maps” service and therefore prevent the transfer of data to Google. In order to do so, it is necessary to deactivate the Java Script function in your browser. However, we wish to point out that in such a case, you may not be able to use “Google Maps” or may only be able to do so with restrictions.
The use of “Google Maps” and the information obtained via it takes place in accordance with the terms and conditions of use of Google
and the supplementary terms and conditions of business for “Google Maps”
Should you be logged into your personal account at the time of accessing the “Google Maps” site, Google can record the information obtained in this way, as well as your IP address and other browser-related information and combine this with your account.
Should you wish to prevent this transfer and saving of data relating to you and your behaviour on our website by Google, you need to log out of these providers before visiting our site.
We have integrated components of the service “Instagram” on our internet sites. Instagram is a service which is classified as an audiovisual platform and which enables users to share photos and videos, as well as to distribute such data across other social networks.
The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time one of the individual pages of this internet site which is operated by the body responsible for the processing and in which an Instagram component (Insta button) has been integrated is accessed, the Internet browser on the IT system of the data subject is automatically instructed by the respective Instagram component to download a picture of the relevant components from Instagram. Within the framework of this technical procedure, Instagram is informed which concrete sub-page of our internet site is being visited by the data subject.
Should the data subject be logged into Instagram at the same time, then each time our internet site is accessed by the data subject and for the duration of the respective visit to our internet site, Instagram can recognise which concrete sub-page the data subject is visiting. This information is collected by the Instagram components and then assigned by Instagram to the respective Instagram account of the data subject. Should the data subject click on one of the Instagram buttons which are integrated into our Internet site, the data and information which are transferred in this way are assigned to the personal Instagram user account of the data subject and then saved and processed by Instagram.
Via the Instagram components, Instagram is also then informed that the data subject has visited our Internet site, should he or she be logged into Instagram at the same time as when visiting our internet site; this takes place regardless of whether the data subject clicks on the Instagram components or not. Should the data subject not wish for such information to be transferred to Instagram, he or she can prevent this by logging out of his or her Instagram account before accessing our internet site.
Further information and the applicable data protection provision policies of Instagram can be accessed via the following links: help.instagram.com and www.instagram.com/about/legal/privacy/.
Our internet site includes a contact form, which can be used in order to get in touch with us electronically. During this process, the data provided in the entry mask, as well as the date and time of the registration and the IP address are saved. Your consent is obtained for the processing of the data. Alternatively, it is possible to get in touch with us via the email address which is provided. In such a case, your personal data which is transmitted with the email will be saved.
The processing of the personal data from the entry mask or email serves the sole purpose of allowing us to the process the contact and/or conversation with you. This also represents our legitimate interest in the processing of the data. The purpose of the other personal data which is processed is to prevent misuse of the contact form and to ensure the security of our IT systems.
Recognising and preventing misuse
The following data is captured, processed and used by us to check automatically whether there are grounds to suspect misuse of the online shop:
- Your data for contract processing (e.g. item purchased, name, postal address, email address, delivery address, payment method and bank details)
- The user data of your visit to the online shop (e.g. information on the beginning, end and extent of your visits to the websites, as well as your click path)
- A cookie (i.e. a small text file that is saved locally in the cache of the web browser) and/or a visitor ID that can contain anonymous data of the end device used when visiting the websites (e.g. your monitor resolution or your operating system version) and through which the end devices you use can be recognised again with certain probability on other visits.
You must ensure that you inform any third parties whom you allow to use your end devices and that these third parties also either agree to the described measures or otherwise do not visit our online shop with your end devices.
The user data on your website visits are taken from a database in which they are saved under a pseudonym. In order to recognise and prevent misuse, we have engaged
Infoscore Consumer Data GmbH
76532 Baden-Baden, Germany, as a processor. If misuse is suspected, one of our members of staff checks the assessment and the grounds for suspicion. If a contract is refused, you are notified of this and the essential reasons for the decision are given to you on request. You have the opportunity to give your viewpoint by email: email@example.com or by telephone: +800 5201 1850 (international free phone number), whereupon the decision is re-checked by a member of staff. You can prevent such a process informally at any time with effect for the future by means of a short notification to GERRY WEBER Retail GmbH & Co. KG, Neulehenstr. 8, 33790 Halle/Westfalen, Germany, or by email to firstname.lastname@example.org. At our discretion, you may no longer be able to use the Gerry Weber online shop.
As a rule, the legal basis for contract fulfilment, compiling of goods and delivery is made when you place an order.
Your data will be stored for the duration of the business relationship. Should you terminate the business relationship, the data will be deleted and the data in relation to which retention obligations remain, such as invoices and delivery notes, will be blocked.
On our website, we use “Mouseflow”, a web analysis service of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow records randomly selected individual visits. By means of this, a protocol concerning mouse movements and clicks of the visitors can be created. By means of these protocols, individual visitors to our website can be displayed, in order to derive possible improvements in terms of the user experience in relation to our website. The information recorded by Mouseflow is not of a personal nature. In particular, IP addresses are only processed in anonymous form. The information recorded by Mouseflow is not passed on. We use Mouseflow in order to analyse the use of our website and to continually improve individual functions and services, as well as the user experience. By means of the statistical evaluation of the user behaviour, we can improve our service and make it more interesting for you as a user. The legal basis for this is our own legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR. You can prevent the recording of the information above by Mouseflow by setting an opt-out cookie on the website linked below: http://www.mouseflow.de/opt-out/. Information concerning the third party provider: Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Further information concerning data protection on the part of the third party provider can be found on the following websites of Mouseflow:
Sending of the newsletter
Via our website, it is possible to subscribe to various newsletters. During the registration process, the data from the entry mask will be transferred to us. This is processed by Emarsys Interactive Services GmbH, Stralauer Platz 34
10243 Berlin, Germany. GERRY WEBER has concluded an order processing agreement with Emarsys.
The legal basis for the processing of the data after registering for the newsletter is Article 6 Paragraph 1 Letter a GDPR, should the user have issued his or her consent to such.
The user concerned can terminate the newsletter subscription at any time. For this purpose, a relevant link is contained in each newsletter.
The data is deleted, once it is no longer necessary in order to fulfil the purpose for which it was gathered. The email address of the user will be saved for as long as the newsletter subscription is active.
The newsletters of GERRY WEBER contain so-called number pixels. A number pixel as a miniature graphic which is integrated into emails that are sent in HTML format, in order to enable a logfile recording and analysis. By means of this, a statistical evaluation of the success or lack of success of online marketing campaigns can be carried out. On the basis of the integrated number pixel, GERRY WEBER can recognise whether and when an email was opened by a data subject and which links contained in the email were opened by the data subject.
Such number pixels contained in the newsletters gather personal data, and are saved and evaluated by the controller responsible for the processing, in order to optimise the sending of the newsletter and to better tailor the content of future newsletters to the interest of the data subject. This personal data is not passed on to third parties. At any time, you are entitled to revoke the declaration of consent in this respect which is issued separately, via the double opt-in procedure. Following a revocation, this personal data will be deleted by the controller responsible for the processing.
On our website, we use the customer evaluation tool of Shopauskunft.de GmbH & Co.KG, c/o SPACES, Gorch Fock Wall 1A, 20354 Hamburg, Germany. Should you submit a voluntary and optional evaluation at shopauskunft.de, the information which is entered is recorded and published by the Shopauskunft portal. Your evaluations are generally voluntary and you are free to choose whether you enter your name in full or in a shortened version here or whether you use your own anonymous pseudonym.
GERRY WEBER maintains an online presence with the social media providers Facebook, Instagram, Pinterest, Twitter, WhatsApp and YouTube. The purpose of this online presence is to communicate with users who are active within the social media platforms and to inform them about our products and services.
When accessing our profiles in the social networks, the general terms and conditions of business and data processing provisions of their respective operators apply. Unless otherwise stated in our data protection declaration, we process data of the user, should the user communicate with us within the social networks and platforms, for example by making contributions to our online presence or sending us messages. The sending of personal data on these platforms is always voluntary. The personal data in communications which are public or can be seen by us can be deleted by the user at any time.
The data protection information of the web services can be accessed as follows:
Some GERRY WEBER websites and email newsletters in HTML format use web beacons in conjunction with cookies to produce total statistics on website use. A web beacon is an invisible electronic image, which is also called a 1x1 GIF or a clear GIF. Web beacons can recognise certain information types on the visitor’s computer: the visitor’s cookie number, for example, the time and date the website is visited as well as a description of the website where the web beacon is. You can make some web beacons unusable by refusing to accept the cookies linked to them.
We integrate videos of the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Should you have any questions concerning data protection, please get in touch with us via the contact details provided above. We adjust our data protection information from time to time, for example if any changes occur on the part of our service providers. Please check this document from time to time in order to familiarise yourself with the current status of the processing.
Data protection information in accordance with Article 13 GDPR dated 29 August 2019