- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
III. FORWARDING DATA CONCERNING YOU TO PROCESSORS AND THIRD PARTIES
In order to process the data concerning you, we will make use of specialized external service providers, such as online-marketing providers, providers of automated marketing solutions, providers of web-analysis tools as well as IT-service providers. We carefully select these service providers and instruct them duly, they are bound by our instructions and are regularly monitored and checked.
In addition, we may transfer the Personal Data concerning you to third parties (couriers, freight forwarders, shipping companies, the credit institutions we have contracted for payment settlement, other payment service providers) insofar as this is required for our contractual performance pursuant to Article 6 paragraph 1 sentence 1 lit. b) of the GDPR, respectively in order to pursue our legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR.
Finally, we may also transfer your data to our affiliated enterprises, including Tom Davies Office GmbH, Tom Davies North America Office, insofar as this is permitted to pursue our legitimate interests within the meaning of Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. These interests specifically include: processing your order, delivering the ordered goods, and ensuring efficient business operations.
In all other respects, the Personal Data concerning you will not be transferred to third parties unless you have first granted your consent pursuant to Article 6 paragraph 1 sentence 1 lit. a) of the GDPR or if doing so is legally permissible within the meaning of Article 6 paragraph 1 sentence 1 lit. c) of the GDPR.
IV.TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
Insofar as we transmit Personal Data to countries located outside of the European Economic Area (EEA), we will ensure that the data recipient guarantees an adequate level of data protection within the meaning of Article 45 of the GDPR. If no adequacy decision is available, iWearBritain will strive to ensure that the data recipient has put in place appropriate safeguards within the meaning of Article 46 of the GDPR and specifically utilizes the standard contractual clauses of the European Union for the transfer of data into non-EU third countries in their respectively current version. When it comes to transferring data to the United States, iWearBritain will strive to ensure that the data recipient enters into obligation to follow and observe the principles of the Privacy Shield Framework (i.e. principles setting forth minimum standards for the handling of Personal Data).
VI.DEPLOYMENT OF ANALYTICS AND TRACKING TECHNOLOGIES
We use the analytics and tracking technologies, respectively technologies offered by third-party-provider, described below; we do so on the basis of Article 6 paragraph 1 lit. f) of the GDPR for the following purposes (among others):
To perform data analyses;
To collect statistics on the use of our Website and to evaluate them so as to optimize our offering;
To enhance and manage our offering on an ongoing basis;
To optimize our advertising measures and quantify their success; and
To provide you with advertising, specifically including personalized marketing information.
These are legitimate interests within the meaning of the aforementioned statutory provision.
Google will use this information on our behalf in order to analyze your usage of our Website, to compile reports on Website activities for us, and to provide us with other services relating to Website and internet usage. In certain cases, this information may also be transferred to third parties, insofar as this is mandated by the law or insofar as third parties have been commissioned with processing the data. Google will not merge your IP address with other data held by Google.
You can block the storage of the relevant Cookie in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
In addition, you can prevent Google from recording the data generated by the Cookie regarding your usage of the Website (including your IP address) and from processing such data by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
For further information on data protection in connection with Google Analytics, please navigate to the “Help” section of Google Analytics via the following link: http://google.com/intl/de/analytics/privacyoverview.html.
GOOGLE ADWORDS CONVERSION TRACKING AND REMARKETING TRACKING
In order to collect statistics on the use of our Website and in order to optimize our Website for your benefit, we also use Google Conversion Tracking. This is a service offered by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). To this end, Google places a Cookie (see Section V of the present Privacy Statement) on your computer whenever you reach our Website by way of a Google Ad. These Cookies become invalid after 90 days and cannot be used to identify you personally. If you visit one of our web pages and assuming the Cookie has not yet expired, both we and Google will be able to see that you clicked on the ad and that it referred you to our site. Each AdWords customer receives a different Cookie, so that the Cookies cannot be tracked across the websites of multiple AdWords customers.
Google will use this information on our behalf to generate visitor statistics for our Website. We will use these visitor statistics to determine the total number of users referred to us by AdWords advertisements and to optimize our AdWords advertising efforts accordingly. This information may also be transferred to third parties insofar as this is mandated by law or insofar as third parties process these data on a commissioned basis. Neither we nor any other advertising customers of Google AdWords will receive information from Google that allows you to be personally identified.
Moreover, our Website uses Google Remarketing Tracking as part of the Google AdWords service. This, too, is a service offered by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). The remarketing function allows advertising based on your personal interests to be displayed to you, as the user of our Website, on other websites within Google’s content network (on Google itself, so-called “Google Ads” or on other websites). To this end, your interaction with our Website will be analyzed, such as the offers that you took an interest in, so as to allow us to display targeted advertisements to you on other websites after you have terminated your visit to our website.
In the process, Google will place a Cookie on your computer (see Section V of the present Privacy Statement) insofar as you use certain Google services or visit certain websites forming part of the Google content network. These Cookies cannot be used to identify you personally.
The information generated by the Cookie so placed on your computer concerning your usage of our Website (including your IP address) will be transferred to a Google server located in the United States and stored there. As explained above, Google has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. However, your IP address will first be shortened on our Website by Google within Member States of the European Union or in other states signatory to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
You can prevent the storage of these Cookies in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
Furthermore, you can object against interest-based advertising from Google. To do this, you must call up www.google.de/settings/ads from each of the internet browsers you use and then make the desired setting changes.
GOOGLE TAG MANAGER
We also use Google Tag Manager. This service allows website tags to be managed by way of a user interface. Tags are small code elements the purpose of which includes measuring traffic and visitor behavior. Google Tag Manager merely implements such tags. This does not cause any Cookies to be placed, meaning that no Personal Data will be recorded. Google Tag Manager triggers other tags which may themselves record data under certain circumstances. Google Tag Manager does not access these data, however. Once the deactivation function has been selected at the domain or Cookie level, it will remain in effect for all tracking tags implemented by Google Tag Manager.
FACEBOOK CUSTOM AUDIENCES
Furthermore, we also utilize the “Custom Audiences” remarketing function offered by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”). This allows interest-based advertising to be displayed to users of our Website when they visit the social network Facebook or other websites that likewise employ this function (“Facebook-Ads”).
For this marketing function, we use the “Facebook Pixel” feature on our web pages, i.e. so-called “tracking pixels” are integrated onto our web pages. Whenever you visit our web pages, these tracking pixels serve to establish a direct connection between your browser and the Facebook server.
In the process, Facebook will receive, inter alia, the information from your browser that our Website was accessed by your terminal device. Please be advised that we have no control over the volume of data transferred in this context or over how Facebook proceeds to use it. Thus, we can only describe the operative process as we currently understand it to the best of our knowledge: The integration of Facebook Custom Audiences causes Facebook to be informed that you have called up a given web page of our internet presence or that you have clicked on one of our ads. If you are registered with a Facebook service, Facebook will be able to match up the visit with your user account. Even if you are not registered with Facebook, or have not logged onto Facebook, it is still possible that the provider may learn your IP address and other identifiers that relate to you and may store them.
Facebook has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.
You can at any time object to the usage of Facebook website Custom Audiences with effect for the future by using the following link: https://www.facebook.com/settings/?tab=ads and http://www.youronlinechoices.com/de/praferenzmanagement/
For further information on data protection and your configuration options in this regard, please navigate to https://www.facebook.com/settings/?tab=ads or to https://www.facebook.com/about/privacy.
VII.USE OF SOCIAL PLUG-INS
Our Website makes use of the so-called “social plug-ins” of social networks, e.g. Facebook, Instagram, YouTube, Pinterest, Twitter, and Tumblr (Facebook, Instagram, YouTube, Pinterest, Twitter, and Tumblr being collectively referred to hereinbelow as “Social Networks” and the corresponding plug-ins as “Plug-ins”). With these Plug-ins, we offer you the option to interact with the Social Networks and with other users, which allows us to improve our offering and to make it more appealing to you, while at the same time raising awareness of our enterprise. The legal basis for the use of social Plug-ins is Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. Responsibility for ensuring data protection-compliant operations lies with the respective provider.
We use the Plug-ins of the Facebook network, such as the “Like” button. These Plug-ins are offered and operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), and are clearly designated by the Facebook logo. In addition, we utilize Plug-ins of the Instagram service, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). These Plug-ins are designated by the Instagram logo. We also use the Plug-ins of the YouTube network, which is owned by Google Inc., San Bruno, California, USA (“YouTube”), whereby the YouTube logo serves as the designator. We furthermore utilize the Plug-ins of the Pinterest network, which is offered and operated by Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA (“Pinterest”); these Plug-ins are designated by the “Pin-it” button. Our Website also features Plug-ins which are integrated, offered, and operated by the Twitter service owned by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”), these Plug-ins are designated by the Twitter logo or the suffix “Tweet.” Finally, we utilize the Plug-ins of the Tumblr network operated by Tumblr Inc., 35 East 21st St., New York, NY 10010, USA, (“Tumblr”), which are designated by the word “Tumblr.”
Whenever you access a web page of ours that contains this type of Plug-in, your browser will establish a direct connection to the server of the respective Social Network. The content of the Plug-in will be transferred directly to your browser from the corresponding Social Network and will be integrated into the Website without our being able to exercise any control over said content.
Regardless of whether you maintain a user account with a Social Network or whether you have logged on to the respective Social Network, web pages that contain Plug-ins from that Social Network will transfer information to the corresponding Social Network in the USA, where this information will be stored. This will include the type and version of your operating system and browser, respectively, as well as your IP address and the domain name and/or date stamp, respectively time stamp, associated with your visit. Each time the web page is called up, the respective Social Network will deposit a Cookie containing an identifier that will remain valid for two years. Since your browser automatically co-transmits this Cookie each time a connection is established with a server, the corresponding Social Network fundamentally would be able to generate a profile of the online web pages called up by the user associated with the identifier. If you have logged on to the respective Social Network at the time, said Social Network will be able to match up the profile to the user account you maintain with that Social Network and thus to you personally. But even if you are not logged in to the respective Social Network when you use our Website, this will not preclude such a match-up from occurring, for example when you log in with the corresponding Social Network at some later time.
Whenever you interact with these Plug-ins, e.g. by activating the “Like” or “Tweet” button or by posting a comment, the corresponding information will be sent from your browser directly to the corresponding Social Network and stored there, without our being able to exert any influence in this regard. The information will also be published on the Social Network and will be displayed to your contacts on said network.
For Facebook: http://de-de.facebook.com/policy.php
For Instagram: https://help.instagram.com/519522125107875?helpref=page_content
For YouTube: https://policies.google.com/privacy?hl=de
For Pinterest: https://policy.pinterest.com/de/privacy-policy
For Twitter: http://twitter.com/privacy
For Tumblr: https://www.tumblr.com/privacy/de
The above links will also guide you to additional information on your relevant rights and configuration options when it comes to protecting your privacy. Facebook/Instagram, YouTube/Google, and Twitter are certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificates are available online for inspection here:
For Facebook/Instagram: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.
For YouTube/Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
For Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
If you, as the user of a Social Network, wish to prevent the corresponding Social Network from collecting information regarding you during your visit to our Website, you can log out of that Social Network when commencing your visit to the Website, erase the corresponding Social Network’s cookie (if one exists) from your browser, and select the “Block Third-Party Cookies” function on your browser. In this case, your browser will not transfer any Cookies to the servers in the event of embedded content of other providers. Note, however, that this configuration, besides blocking the Plug-ins, may also cause certain functions extending across webpages to become unavailable.
Subject to your consent, which you may give as part of your registration on our website, we will email you our newsletter regarding our goods and services or goods and services of our affiliated companies which we believe may be of interest to you. This includes in particular new products, promotions, price advantages, services, events or other interesting news from iWearBritain and its affiliated companies.
You can object at any time against having data concerning you used for direct advertising purposes with effect for the future, and you can unsubscribe from the newsletter by clicking the corresponding link included in each newsletter email, or by emailing a corresponding declaration to: firstname.lastname@example.org.
We reserve the right to email you offers for goods and services also without your consent insofar as they are similar to ones you have already purchased. You have the right to object at any time against having your data processed for advertising purposes by emailing us a corresponding declaration at email@example.com, or by clicking on the corresponding link in our newsletter. This will not give rise to any costs other than the base rate of transmission costs.
The legal basis for processing your data for purposes of sending out newsletters is Article 6 paragraph 1 sentence 1 lit. a), respectively lit. f), of the GDPR.
IX.DURATION OF STORAGE
We will store the Personal Data concerning you for as long as required to fulfill the respective storage purpose. Once this is no longer the case, we will erase your data unless we are bound to observe a longer retention period in accordance with Article 6 paragraph 1 sentence 1 lit. c) of the GDPR, namely on the basis of tax laws, commercial laws, or other statutory archiving/documentation obligations, or unless you have consented to an extended storage period in accordance with Article 6 paragraph 1 sentence 1 lit. a) of the GDPR.
In accordance with Article 15 of the GDPR, you are entitled to obtain access at any time to any Personal Data of yours that are being stored by us. In particular, you may request information about any of following matters: the processing purposes involved; the categories of data regarding you being stored; the categories of recipients of such data; the planned storage period; the existence of a right to demand rectification, erasure, restriction of processing or a right to object; the existence of a right to lodge a complaint with a supervisory authority; the origin of your data, insofar as they were not obtained from you; as well as the existence of an automated decision-making process, including profiling; you also have the right to request explanatory details.
In addition, you can demand the rectification of incorrect data pursuant to Article 16 of the GDPR, as well as the erasure of Personal Data pursuant to Article 17 of the GDPR insofar as their processing is not required to exercise the right of freedom of expression and information, to fulfill a statutory obligation, to serve the public interest, or to assert, enforce or defend legal claims.
You furthermore have the right, pursuant to Article 18 of the GDPR, to demand that a block or restriction be placed on the processing of the Personal Data concerning you insofar as: their correctness is disputed by you; the processing is unlawful but you object to the erasure of the data; we no longer require the data but you still require it in order to assert, enforce or defend legal claims; or you have expressly objected against the data being processed pursuant to Article 21 of the GDPR.
Furthermore, you are entitled pursuant to Article 20 of the GDPR to obtain the Personal Data you have provided to us in a structured, commonly used, and machine-readable format, or to demand that such data be transmitted to some other authorized party.
Finally, insofar as the Personal Data concerning you are being processed on the basis of legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to at any time object to having the Personal Data concerning you processed, on grounds relating to your particular situation or insofar as your objection specifically refers to processing for purposes of direct advertising. In the latter case, you will enjoy a fundamental right to object that will be honored by iWearBritain without your having to state grounds in connection with a particular personal situation.
If you consider a breach of the Privacy Act 1988 (Cth) has occurred, you may direct your query to our Privacy Officer and we will attempt to resolve your complaint.
If the processing of your data is based on a declaration of consent you have granted pursuant to Article 6 paragraph 1 lit. a) of the GDPR, you have the right to any time withdraw said consent with effect for the future.
In the course of visits to our Website, we employ the widely-used SSL process in conjunction with the respectively highest level of encryption supported by your browser.
In all other respects, we take appropriate technical and organizational security measures in order to protect your data against manipulation, loss, destruction, and unauthorized access by third parties. Our security measures are kept consistently up-to-date based on the latest state of the technical art.
XII.YOUR CONTACT FOR DATA PROTECTION MATTERS
If you have questions about how the Personal Data concerning you is collected, processed or used, if you wish to obtain information regarding your data or to have them rectified, blocked or erased, or if you wish to withdraw your consent, please contact our Data Protection Officer at: firstname.lastname@example.org.