Data protection declaration from September 1st, 2023
§1 Information about the collection of personal data
1.1 In what follows we provide information about the collection of personal data when using our website. Personal data is all data that pertains personally to you, e.g. name, address, e-mail addresses, user behaviour.
1.2 The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
WAPPEN MEN´S FASHION GMBH
Konrad-Ott-Str.1
91301 Forchheim
Managing Director: Mr. Heino Putnai
Commercial register entry: District Court Bamberg; HRB 1613
UST-ID: DE 811 158 205
E-mail: service@desoto-shirts.de
(also see our imprint).
The data protection officer of WAPPEN MEN´S FASHION GMBH can be contacted at the following address or by e-mail:
Dieter Werner
eSourceONE GmbH
Kronacher Str. 60
96052 Bamberg
E-mail: datenschutz.deso@desoto-shirts.de
1.3 Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
1.4 If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
1.5 The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislature in EU regulations, laws or other provisions to which the person is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
1.6 When you contact us by e-mail or via a contact form, we will store the data you provide (your e-mail address, if applicable your name and your telephone number) in order to answer your questions. We delete data arising in this context after storage is no longer necessary, or limit processing in the case of statutory retention obligations.
1.7 Below we describe in detail our procedures when making use of contracted service providers for specific functions of our product range, or if we would like to use your data for advertising purposes. We also specify the established criteria for the storage period.
1.8 Passing on to third parties: We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, it will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement authorities).
§2 Your rights
2.1 You have the following rights towards us concerning your personal data:
Right of access
Any data subject affected by the processing of personal data has the right, as granted by European guidelines and legislatures, to obtain from the data controller, at any time and free of charge, information about the personal data stored about him/her and a copy of that information. Moreover, European guidelines and legislatures grant access to affected persons to the following information:
• the purposes of processing
• the categories of personal data processed
• the recipients, or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations
• if possible the planned duration for which the personal data will be stored, or if this is not possible, the criteria for determining this period • the existence of a right to have the personal data concerning him/her corrected or deleted, or to have processing restricted by the data controller or a right of objection to this processing
• if the personal data are not collected from the data subject: All available information on the origin of the data
• the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the rationale involved and the scope and intended effects of such processing for the data subject.
Furthermore, the data subject has a right of access to information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on any concomitant guarantees relating to the transfer.
If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time.
Right to rectification
Any data subject affected by the processing of personal data has the right, as granted by European guidelines and legislatures, to request the immediate rectification of inaccurate personal data concerning him/her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the data controller at any time.
Right to erasure (right to be forgotten)
Any data subject affected by the processing of personal data has the right, as granted by European guidelines and legislatures, to require the data controller to erase personal data concerning him/her immediately, provided that one of the following reasons applies and processing is not necessary:
• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• The data subject withdraws consent on which the processing is based according to Article 6 (1) (a), or Article 9 (2) (a), and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2).
• The personal data have been unlawfully processed.
• The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1).
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored by WAPPEN MEN´S FASHION GMBH deleted, he or she can contact our data protection officer or another employee of the data controller at any time. The data protection officer of WAPPEN MEN´S FASHION GMBH or another employee will arrange for the deletion request to be complied with immediately.
If the personal data have been made public by WAPPEN MEN´S FASHION GMBH and our company is responsible according to Art. 17 (1) GDPR to delete personal data, WAPPEN MEN´S FASHION GMBH will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other data processors who process the published personal data, that the data subject has requested the deletion of all links or copies or replications of this personal data by these other data controllers, insofar as processing is not necessary. The data protection officer of WAPPEN MEN´S FASHION GMBH or another employee will take any necessary steps in individual cases.
Right to restriction of processing
Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to obtain from the controller restriction of processing where one of the following applies:
• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
• the data subject has objected to processing pursuant to Article 21 (1) and verification as to whether the legitimate grounds of the controller override those of the data subject is pending.
If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored by WAPPEN MEN´S FASHION GMBH deleted, he or she can contact our data protection officer or another employee of the data controller at any time. The employee of the company WAPPEN MEN´S FASHION GMBH will accordingly effect the restriction of the processing.
Right to data portability
Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to receive personal data concerning him/her provided by the data subject to a controller in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another data controller without obstruction by the controller to whom the personal data have been made available, provided that the processing is based on the consent provided for in Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and that the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller.
Furthermore, in exercising his right to data transferability pursuant to Art. 20 (1) GDPR, the data subject has the right to obtain the direct transferral of the personal data by a data controller to another data controller, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
To assert the right to data portability, the person concerned may contact the data protection officer appointed by WAPPEN MEN´S FASHION GMBH or another employee at any time.
Right to object
Any data subject affected by the processing of personal data has the right, as granted by the European guidelines and legislatures, to object at any time to the processing of personal data concerning him/her on the basis of Article 6 (1) (e) or (f) of the GDPR, for reasons arising from his/her particular situation. This also applies to profiling based on these provisions.
WAPPEN MEN´S FASHION GMBH will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If WAPPEN MEN´S FASHION GMBH processes personal data for direct marketing purposes, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with direct advertising. If the person concerned objects to WAPPEN MEN´S FASHION GMBH processing personal data for direct advertising purposes, WAPPEN MEN´S FASHION GMBH will no longer process the personal data for these purposes.
Furthermore, the data subject has the right to object to the processing of personal data concerning him/her which is carried out at WAPPEN MEN´S FASHION GMBH for research or historical purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, for reasons arising from his/her particular situation, unless such processing is necessary to fulfil a task in the public interest.
To assert the right to object, the data subject concerned may contact the data protection officer appointed by WAPPEN MEN´S FASHION GMBH or another employee at any time. The data subject shall also be free to exercise his or her right to object to the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
2.2 Contact
All rights according to Art. 15 to 18 GDPR can be asserted against WAPPEN MEN´S FASHION GMBH at the following address:
WAPPEN MEN´S FASHION GMBH
Data Protection
Konrad-Ott-Str. 1
91301 Forchheim
E Mail: service@desoto-shirts.de
The data protection officer of WAPPEN MEN´S FASHION GMBH can be contacted at the following address or by e-mail:
Dieter Werner
eSourceONE GmbH
Kronacher Str. 60
96052 Bamberg
E-mail: datenschutz.deso@desoto-shirts.de
2.3 You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
§3 Collection of personal data when visiting our website
3.1 When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (the legal basis is Art. 6 (1) S. 1 (f) GDPR):
• IP address
• Date and time of the request
• Greenwich mean time (GMT) time zone difference
• Content of the request (specific page)
• Access status / HTTP status code
• Amount of data transferred
• Website that receives the request
• Browser
• Operating system and its interface
• Language and version of the browser software.
3.2 The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this occurs when the respective session has ended. If the data is stored in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted, so that an assignment of the calling client is no longer possible.
3.3 In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which the body that sets the cookie (in this case us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They work to make our Internet services more user-friendly and effective overall.
3.4 Use of cookies:
a) This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies - also called session cookies - are automatically deleted when you close your browser. These store a so-called session ID, which allows different requests from your browser to be assigned to the common session. This will allow your computer to be recognized when you return to our website.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse acceptance of third party cookies, or all cookies. Please note that in this case you may not be able to use all the functions of this website.
e) We use cookies to identify you for follow-up visits if you have an account with us. Otherwise you will have to log in for each visit.
§4 Other functions and services of our website
4.1 In addition to the purely informational use of our website, we offer various services which you can use if you are interested. As a rule, you must provide additional personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
4.2 In some cases we use external service providers to process your data. We have carefully selected and commissioned these providers; they are bound by our instructions and are regularly monitored. The necessary data protection agreements have been concluded with all service providers.
4.3 Furthermore, we may pass on your personal data to third parties when offering participation in promotions, competitions, conclusion of contracts or similar services in conjunction with partners. For more information, please provide your personal data or see the description of our services below.
4.4 If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the implications in our description of the service.
§5 Objection to or revocation of the processing of your data
5.1 If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
5.2 If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if, in particular, processing is not required to fulfil a contract with you, as is described for each function in the following descriptions. When exercising such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. Upon receiving a justification for your objection, we will examine the situation and either stop or adjust data processing, or point out our compelling legitimate reasons for continuing processing.
5.3 You can of course object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your objection to advertising under the following contact data:
WAPPEN MEN´S FASHION GMBH
Konrad-Ott-Str.1
91301 Forchheim
Tel.: 0 91 91 / 83 458
E-Mail: service@desoto-shirts.de
(also see our imprint).
§6 Use of our online shop
6.1 If you wish to place an order via our online shop, it is necessary for the conclusion of the contract that you provide us with the personal data we require to process your order. Required information for the execution of contracts are marked separately, additional information is voluntary. We process the data you provide to process your order. For this purpose, we can pass on your payment data to our principal bank. The legal basis for this is Art. 6 (1) S. 1 (b) GDPR.
You can voluntarily create a customer account, in which we store your data for future purchases. If you create an account under "My Account", the data you provide is revocable. All other data, including your user account, can be deleted at any point via the customer portal.
We may also process the information you provide to inform you of other products in our portfolio that you may find interesting, or to send you e-mails containing technical information.
6.2 Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after two years we will limit data processing, i.e. your data will only be used to comply with legal obligations.
6.3 To prevent unauthorized access to your personal data, especially financial data, the ordering process is encrypted using TLS technology.
§7 Newsletter and Postal Advertising
7.1 You can consent to subscribe to our newsletter, through which we inform you about current offers that may be of interest. Our newsletters contain information about our services and products as well as about our company.
7.2 We use a double opt-in procedure to subscribe to our newsletter. This means that after your registration we send an e-mail to the e-mail address you have specified, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. We also store your IP addresses as well as the time of registration and confirmation. The registration is logged on the basis of our legitimate interest in being able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data.
7.3 In order to send the newsletter we need your e-mail address, as well as a title, first and last name for a personal address. Upon confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 (1) S. 1 (a) GDPR. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
7.4 You can revoke your consent to receiving the newsletter at any time, and unsubscribe. You can declare your revocation by clicking on the link provided in every newsletter, by sending an e-mail to service@desoto-shirts.de, or by sending a message to the contact data provided in the imprint.
7.5 We would like to point out that when sending the newsletter, we evaluate your user behaviour. For this purpose, our e-mails contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For the evaluations, we link the data mentioned in §3 and the web beacons to your e-mail address and an individual ID. Links received in the newsletter also contain this ID. All data collected are pseudonymised and the IDs are not linked to your other personal data, preventing direct linkage to a particular individual.
7.6 Such tracking is not possible if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not display completely and you may not be able to use all the functions. If you display the images manually, the tracking described above occurs.
7.7 If we commission a service provider to send emails, this is done on the basis of your consent to participate in our newsletter. A corresponding contract for order processing (AV) has been concluded with the service providers to ensure that your data is processed according to our instructions and in compliance with the GDPR.
• Service provider: ActiveCampaign LLC, 1 N Dearborn St Fl 5 , Chicago Illinois, 60602 United States
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR)
• Basis for third-country transfer: EU-US Data Privacy Framework (DPF), standard contractual clauses (will provided by the service provider)
• Privacy Policy
7.8 Based on the UWG § 7 (3), we reserve the right to save in combined lists your first and last name, your postal address, your e-mail address and - if we have received this additional information from you within the scope of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business name, and to use them for our own advertising purposes, e.g. for sending offers that may be of interest and information on our products by post or e-mail. You can object to the storage and use of your data for these purposes at any time by sending us a message via the contact data in our imprint.
§8 Payment systems - credit assessment and scoring - data transfer in the event of default in payment
8.1 Note on purchase on account (Germany only):
If you have given us your express consent, we will carry out a credit assessment. We check your creditworthiness for all transactions on the basis of mathematical and statistical methods and reserve the right to obtain information on identity and creditworthiness from specialized service providers (credit agencies). To this end, we transfer your personal data (including name and address) required for a credit check, and for the purpose of detecting and preventing fraud to the following company(s):
CRIF GmbH
Leopoldstraße 244
80807 Munich Germany
The credit information can contain probability values (score values), which are calculated on the basis of accepted mathematical and statistical methods and for which address data, among other things, are used. We use the information received about the statistical probability of non-payment to make a balanced decision about which payment method (purchase on account) we can offer you, as well as about the establishment, execution or termination of the contractual relationship. In the event of a problem with address verification, negative credit assessment or any outstanding receivables from previous business relationships, we may not be able to offer you the "invoice" payment method. For detailed information on the procedure, please refer to the data protection regulations of CRIF GmbH (https://www.crif.de/datenschutz). You can revoke your consent at any time by sending us a message via the contact details in our imprint.
The shopping cart value for purchase on account is limited to a maximum of € 600.00. If the shopping cart exceeds this value, the payment method purchase on account is no longer available, regardless of the result of the credit check. In this case, the customer can alternatively use the payment methods PayPal, credit card or direct debit.
8.2 Note on PayPal:
PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg.If the person concerned selects one of the payment options offered as part of the PayPal Plus payment service (PayPal, credit card, direct debit) during the ordering process in our online shop, the data of the person are automatically transmitted to PayPal.
By selecting one of this payment options, the person concerned consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal are generally first name, last name, address, e-mail address, IP address, telephone number, mobile phone number and/or other data required for payment processing.
Personal data related to the respective order are also necessary for the processing of the purchase contract. Details on data protection at PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev (legal standing as of 25.5.2018).
8.3 Notice in the event of default in payment:
Following the occurrence of a delay in payment (an untimely payment of an invoice or a return debit note) we engage our collection partner for the purposes of debt collection.
Akzepta Inkasso GmbH
Registered Collection Services Provider
represented by its managing directors Marianne Bauer-Kurz and Erich Stadler
Jahnstr. 31
83278 Traunstein Germany
For the purpose of debt collection, all information (address and invoice data) in connection with the outstanding debt will be passed on to Akzepta Inkasso GmbH. Akzepta Inkasso GmbH is registered in the commercial register entry of the Traunstein district court under the registration number HRB 9299.
§9 Use of Google Analytics
9.1 This website uses Google Analytics, a web analysis service of Google Inc. "("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If however IP anonymisation is activated on this website, Google will shorten your IP address beforehand within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
9.2 The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.
9.3 You may refuse the use of cookies by adjusting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in, you can click the following link to prevent Google Analytics from collecting data on this website in the future. This results in an opt-out cookie being stored on your end device. If you delete your cookies, you must click the link again: Disable Google Analytics
9.4 This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific individual. As far as the data collected about you is personal, it will be eliminated immediately and the personal data will be deleted immediately.
9.5 We use Google Analytics to analyse and regularly improve the use of our website. The statistics gained allow us to improve what we offer for sale, and to make this more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) S. 1 (f) GDPR.
9.6 Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/de.html, Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, and Data Protection Declaration: https://www.google.de/intl/de/policies/privacy.
§10 Inclusion of YouTube videos
10.1 As a part of our online services we have included YouTube videos that are stored on https://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
10.2 By visiting the Website, YouTube is informed that you have accessed the relevant subpage of our Website. In addition, the data specified in §3 of this declaration will be transmitted. This occurs independently of whether you are logged in to a user account provided by YouTube or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before clicking the button. YouTube stores your data in the form of user profiles and uses them for advertising, market research and/or demand-based design of its website. Such evaluation takes place in particular (even for users who are not logged in) to provide demand-based advertising and to inform other users on the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
10.3 Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration. There you will also find further information about your rights and options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§11 Integration of Google Maps
11.1 This website makes use of Google Maps. This allows us to display interactive maps directly on the website, and enables you to conveniently use the map function.
11.2 By visiting the Website, Google is informed that you have accessed the relevant subpage of our Website. In addition, the data specified in §3 of this declaration will be transmitted. This occurs independently of whether you are logged in to a user account provided by Google or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before clicking the button. Google stores your data in the form of user profiles and uses them for advertising, market research and/or demand-based design of its website. Such evaluation takes place in particular (even for users who are not logged in) to provide demand-based advertising and to inform other users on the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
11.3 Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the data protection declaration of the provider. There you will also find further information about your rights in this context, and options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§12 Use of Adwords Conversion
12.1 We make use of Google Adwords to bring attention to our product lines with the help of advertising materials (so-called Google Adwords) on external websites. Based on the data from our advertising campaigns, we can determine how successful the individual advertising measures are. We are interested thereby in showing you advertisements that are of interest to you, make our website more pertinent to you, and to achieve a fair reckoning of advertising costs.
12.2 These advertising media are delivered by Google via so-called "Ad Servers". For this purpose, we use Ad Server Cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. With this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
12.3 These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we establish which of the used advertising measures are most effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
12.4 Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool, and therefore inform you according to our level of knowledge: By integrating AdWords Conversion, Google receives information that you have accessed the corresponding part of our website, or clicked on an ad from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
12.5 You can prevent participation in this tracking process in various ways:
a) adjusting your browser software accordingly; in particular the suppression of third party cookies means that you will not receive any ads from third party providers;
b) disabling cookies for conversion tracking by setting your browser to block cookies from the site "https://www.googleadservices.com", in which case this setting will be deleted if you delete your cookies;
c) deactivating the interest-based ads of providers that are part of the "About Ads" self-regulation campaign via the link https://www.aboutads.info/choices, in which case this setting will be deleted if you delete your cookies;
d) permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser under the link https://ww.google.com/settings/ads/plugin. Please note that in this case functionality may be limited.
12.6 The legal basis for the processing of your data is Art. 6 (1) S. 1 (f) GDPR. For more information on Google's privacy policy, click here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§13 Remarketing
13.1 In addition to Adwords Conversion, we use the Google Remarketing application. This is a process we use if we would like to contact you again. This application allows our advertisements to appear when you continue to use the Internet after you visit our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when visiting various websites. This is how Google can determine your previous visit to our website. According to Google's own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. According to Google, pseudonymisation is used for remarketing in particular.
§14 Use of Facebook services for web analysis and advertising purposes
Use of Facebook Pixel
We use the Facebook Pixel as part of the technologies of Meta Platforms Ireland Ltd. shown below. , 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). With the Facebook Pixel, data (IP address, time of visit, device and browser information as well as information about your use of our website are automatically collected and stored on the basis of events specified by us.B. visit to a website or newsletter registration), from which usage profiles are created using pseudonyms. As part of the so-called extended data comparison, information is also hashed and stored for comparison purposes with which individuals can be identified (e.B. names, e-mail addresses and telephone numbers). For this purpose, when you visit our website, the Facebook Pixel automatically sets a cookie that automatically enables your browser to be recognized when visiting other websites by means of a pseudonymous CookieID.
Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising. The information automatically collected by Facebook (by Meta) technologies about your use of our website is usually transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision by the European Commission. Insofar as the transfer of data to the USA is our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information about data processing by Facebook can be found in Facebook's privacy policy (by Meta).
Facebook Analytics
As part of Facebook Analytics, statistics on visitor activity on our website are compiled from the data collected with the Facebook Pixel about your use of our website. The data processing takes place on the basis of an agreement on order processing by Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.
Facebook Ads
We use Facebook Ads to promote this website on Facebook (by Meta) and other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise stated for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. Joint responsibility is limited to the collection of the data and its transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.
Based on the statistics generated via Facebook Pixel about visitor activity on our website, we operate group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. As part of the extended data comparison (see above) to determine the respective target group, Facebook (by Meta) acts as our processor.
Based on the pseudonymous cookie ID set by the Facebook Pixel and the data collected about your usage behavior on our website, we operate personalized advertising via Facebook Pixel Remarketing.
For web analysis and event tracking, we use Facebook Pixel Conversions to measure your subsequent usage behavior if you have reached our website via an advertisement from Facebook Ads. The data processing takes place on the basis of an agreement on order processing by Facebook (by Meta).
§15 Presence in Social Networks
We maintain profiles on various social media websites so that we can communicate better with our customers and potential customers, and so that we can inform them about our products.
As a rule, your data is automatically collected and processed on the website for market research and advertising purposes. In this way, usage profiles can be created based on your usage behaviour. These usage profiles can in turn be used (for example) to place advertisements inside and outside the website. These ads will presumably correspond to your interests. As a rule, cookies about your usage behaviour and your interests are stored on your device for this purpose. If you are a member of such a social network and you are logged in, data can also be stored in the user profiles independently of your device.
When using social media, your data may be processed outside the European Union. This can, for example, make it more difficult to enforce your rights. Many social media providers also process your personal data in the United States and have submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the processing of your personal data is Article 6 (1)(f) of GDPR, as this serves to safeguard our legitimate interests in providing effective information for customers and interested parties and communication with users, all of which prevails in the balancing of interests.
Please refer to the following links to various social media websites for a contact details on opt-out options and detailed information on how the websites process your personal data.
With regard to requests for information and the assertion of user rights, we point out that you can assert these most effectively directly with the respective social network. They have access to the data of their users and can directly provide information and take appropriate measures. If you still need help, you can contact us.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-out: https://instagram.com/about/legal/privacy/.
§16 Quality seal and seal of approval
16.1 Trusted Shops Seal of Approval
The DESOTO online shop has been tested and certified according to Trusted Shops' Quality Criteria, and will be monitored for its content in the future. Since 04/07/2022, the DESOTO online shop has carried the official seal of approval of Trusted Shops. For more information on secure online shopping, please visit www.trustedshops.de.
16.2 Feedback reminder from Trusted Shops
If you have given us explicit consent during or after your order by clicking on the corresponding check box or button provided, we will forward your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de), Germany), so that they can subsequently send you an e-mail reminding you of the possibility of rating your order. This consent can be revoked at any time by sending a message to the contact option listed below, or directly to Trusted Shops.
§17 Submission of information (internal reporting office)
It is very important to us that personal data is handled carefully and in accordance with the law. This applies in particular to data in connection with information from the internal reporting system. This applies both to the hotline and to our web-based application. The following information shows you how we handle your personal data in the context of notices from the internal reporting system for the preventive prevention of violations of applicable law or company policies (e.g. fraud or corruption as well as other criminal offenses) and/or for the detection of such violations.
The term personal data means all information, relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Personal data therefore includes, for example, the first and last name, address, date of birth, e-mail addresses or telephone numbers.
Purposes of processing personal data
WAPPEN MEN´S FASHION GMBH processes the following types of personal data, among others, as part of the input and processing of reports in the internal reporting system:
• Information for the personal identification of the whistleblower, such as first and last name, gender, address, telephone number and e-mail address;
• Employee status for WAPPEN MEN´S FASHION GMBH;
• Information on data subjects, i.e. natural persons who are referred to in a report as a person who committed the infringement or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that enables identification;
• Information about violations that may allow conclusions to be drawn about a natural person.
WAPPEN MEN´S FASHION GMBH processes the personal data for the purpose of investigating the reports in order to prevent violations of applicable law or company guidelines, uncover and/or take follow-up measures (such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported breach, including through internal investigations, investigations, prosecutions, (re)recovery of funds or closure of proceedings).
legal basis
We only process information on the personal identification of the whistleblower if the whistleblower has given us consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. According to this, the processing is only lawful if the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.
We process information on employee status, information on data subjects and other information that allows conclusions to be drawn about natural persons on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with national implementation laws and Art. 6 para. 1 lit. f GDPR. According to this, the processing is lawful if the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
Our legitimate interest consists – depending on the specific individual case to be examined – in the processing of reports, to be able to carry out follow-up measures, such as measures to verify the validity of the allegations made in the report and, where appropriate, to address the reported infringement, including through internal investigations, investigations, prosecutions, measures to (re)recover funds or closure of the proceedings. Whether the interests or fundamental rights and freedoms of the data subject conflict with such data processing will be examined on a case-by-case basis – including with regard to the violation.
We may process personal data of employees on the basis of Section 26 (1) sentence 2 BDSG. According to this, personal data of employees within the meaning of Section 26 (8) BDSG may be processed for the detection of criminal offences if factual indications to be documented give rise to the suspicion that the data subject has committed a criminal offence in the employment relationship, the processing is necessary for detection and the employee's legitimate interest in the exclusion of processing does not prevail, in particular, the nature and extent are not disproportionate with regard to the occasion.
Your rights
You have the following rights vis-à-vis us with regard to the personal data concerning you:
• Right to information (Art. 15 GDPR),
• Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right to data portability (Art. 20 GDPR),
• Right to object to processing (21 GDPR).
• In addition, we draw your attention as a whistleblower to your right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can revoke your consent Exercise your rights, inter alia, by sending an e-mail to the following e-mail address: datenschutz.deso@desoto-shirts.de.
Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us. For this purpose, you can contact the supervisory authority of our company headquarters. The address can be found under the following link on the Internet: www.bfdi.bund.de
General information on the recipients or categories of recipients
The personal data processed in the context of a report will be processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, processed on behalf of and in accordance with the instructions of WAPPEN MEN´S FASHION GMBH.
All information will be processed by the ombudsman's office at eSourceONE GmbH, Kronacher Straße 60, 96052 Bamberg, on behalf of and in accordance with the instructions of WAPPEN MEN´S FASHION GMBH.
As a matter of principle, personal data will only be transferred to third parties if there is a legal basis for doing so. This is particularly the case if the transmission serves to meet legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a balancing of interests justifies this.
In addition, external service providers, such as external data centers or telecommunications providers, process personal data on our behalf as processors< br>
Depending on the focus of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.
Under certain circumstances, we may also pass on the personal data to state security and/or law enforcement authorities, other competent authorities and/or persons bound to secrecy, such as auditors/lawyers, further.
General information about the retention period
The data is usually stored until the follow-up action has been completed. As a rule, the data from a report will be deleted after three years after the proceedings have been finally concluded, unless the initiation of further legal action requires further retention (e.g. initiation of criminal proceedings or disciplinary proceedings). Personal data in connection with reports will be deleted by us immediately if we consider them to be obviously objectively unfounded.
Security procedures
We take appropriate technical and organizational measures in accordance with legal requirements and taking into account the state of the art and the implementation costs of the scope, to ensure a level of protection appropriate to the risk.
These include:
• TLS encryption
• Encrypted data storage in an ISO 27001 certified data center
• Isolated data storage of the whistleblower system
• End-to-end encryption of the information
• Removal of meta data when submitting anonymous reports
information in accordance with Art. 13 para. 2 lit. e GDPR
The provision of data via a report is neither contractually prescribed nor necessary for the conclusion of a contract. Depending on the individual case, there may be legal obligations to notify us. However, it is necessary to process the data in order to process and investigate the report in a meaningful way.
End of the Data Protection Declaration