We would like to inform you how we use your personal data. We appreciate your confidence in us for handling this information conscientiously.
In the following information, we would like to provide you with an overview of the processing of your personal data by us and of your rights under data protection laws. Which data in detail is processed and used in what way depends essentially on the requested or agreed services. Therefore, not all parts of this information will apply to you.
Who is responsible for the data processing and who can I contact?
Phone: +49 711 656794-30
You can reach our company’s Data Protection Officer at
Data Protection Officer
Phone: +49 711 656794-40
Which sources and data do we use?
We process personal data that we receive within the scope of our business relationship from our customers and other data subjects. Furthermore, we process – to the extent required for the performance of our service – personal data that we legitimately gather from publicly accessible sources (e.g. commercial registers or registers of associations, the press, the internet) or which we legitimately receive from other third parties (e.g. a credit bureau).
Relevant personal data means particular details of a person (name, address and other contact details, customer number, gender, email address, mobile number, phone number, street, postal code, city, region, country), body measurements (3D scans, body height and weight, age range), fitting details (shoes tried out, reference shoes), purchase information, data for legitimation and authentication (e.g. accounts).
In addition, this can also include order data, data resulting from the fulfilment of our contractual duties (e.g. suggestion results from shoe matching, selected shoe models in the shoe rack), advertising and sales data (incl. advertising scores), as well as other data comparable to the aforementioned categories.
What is the purpose for which we process your data (processing purpose) and what is the legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act
3.1 for the fulfilment of contractual duties (Art. 6 (1b) GDPR).
The data is processed to provide our services within the scope of the execution of our contracts with our customers or for the execution of pre-contractual measures that are carried out upon request. The purposes of the data processing are primarily dependent on the concrete product (e.g. shooIQ, shooIQ Bestfit) and can also include requirement analyses, advising and conducting transactions. You can find further details regarding the data processing purposes in the relevant contract documents and the Terms and Conditions.
3.2 Within the scope of the weighing of interests (Art. 6 (1f) GDPR).
Insofar as required, we process your data beyond the actual
fulfilment of the contract for the protection of our or third parties’
justified interests. Examples:
review and optimisation of processes for the requirement analysis for the purpose of direct customer targeting, advertising or market research and opinion polling, insofar as you have not objected to the use of your data, claims and defences in legal disputes, assurance of security and IT operations, prevention and solving of crimes, measures of business management and the further development of services and products;
3.3 based on your consent (Art 6 (1a) GDPR)
To the extent that you have granted us permission to the processing of personal data for certain purposes, the legitimacy of this processing is given on the basis of your consent. A granted consent can be revoked at any time. This also applies to the revocation of declarations of consent that have been given to us prior to the applicability of the GDPR, meaning before 25 May 2018. The revocation of a consent will become effective only for the future and does not affect the legitimacy of the data processed up until revocation.
3.4 based on legal requirements (Art. 6 (1c) GDPR) or for the public interest (Art. 6 (1e) GDPR)
Furthermore, we are subject to various legal obligations and legal requirements (e.g. retention periods) for which the processing of data is necessary.
Who gets my data?
Within our company, the departments that require your data for the fulfilment of our contractual and legal duties will receive your data. Service providers and vicarious agents engaged by us can also receive data for these purposes. These are companies operating in the fields of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.
Anonymised passport information can be transmitted by us to third parties for the purposes of improving products (e.g. better fit of shoes).
Further data recipients can be the entities for which you have granted us your consent to the data transmission or to which we are permitted to transmit personal data based on a weighing of interests.
Is data transmitted to a third country or an international organisation?
Your data will be processed in European computing centres that are subject to the GDPR.
Transmission of data to organisations in states outside of the European Union (so-called third states) will take place only to the extent that is required for the fulfilment of our contractual obligations or legally mandated (e.g. notification requirements under tax laws), or insofar as you have granted us your consent.
Through the consent by the data subject and within the scope of a weighing of interests, personal data is transmitted in individual cases in observation of the data protection standard of the European Union.
For how long is my data stored?
We process and store your personal data for as long, as this is required to fulfil our contractual and legal duties. When the data is no longer required for the fulfilment of contractual or legal duties, it will be deleted in the normal case, unless its further processing – for a limited time – is required for any of the following purposes:
For the fulfilment of retention duties under commercial and tax laws, which may arise from, e.g.: the German Commercial Code (HGB), German Fiscal Code (AO). The periods for retention or documentation prescribed therein are usually two to ten years;
preservation of evidence within the scope of the statutes of limitation according to the law. Pursuant to Sec. 195 seqq. German Civil Code (BGB), these statutes of limitation can be up to 30 years, whereas the normal statute of limitation is 3 years.
What are my data protection rights?
Each data subject has the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of the processing pursuant to Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR.
Regarding the right of access and the right to erasure, the limitations pursuant to Sec. 34 and Sec. 35 German Federal Data Protection Act apply. Moreover, there is a right to lodge complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Sec. 19 German Federal Data Protection Act).
You can revoke a consent given for the processing of personal data with us at any time. This also applies to the revocation of declarations of consent that have been given to us prior to the applicability of the GDPR, meaning before 25 May 2018. Please note that the revocation will be effective for the future only. Processing that has taken place prior to the revocation is not affected by it.
Am I obligated to provide data?
Within the scope of our business relationship, you must provide such personal data that is required for the commencement, execution and termination of a business relationship, and for the fulfilment of the related contractual duties or which we are legally obligated to gather.
Without this data, we will normally not be able to conclude a contract with you or execute and terminate it. Should you not provide the required information and documents to us, we may not commence or continue the business relationship requested by you.
Is profiling done?
We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
to improve our products.
To be able to inform you specifically about products and to advise you, we use analysis tools. These tools enable us to conduct communication as appropriate to need and to engage in advertising including market research and opinion polling.
Do you have any further questions?
We are looking forward to your message and we will be happy to answer your questions.