Data protection regulation
Privacy Policy
Section 2: Controller, contacts and contact details
Section 3: Your rights as a data subject
Section 4: Overview of data processing at Breuninger
Section 5: Cookies & tracking technologies
Section 6: Integration of YouTube videos
Section 7: Social media profiles/pages
Section 8: Hosting & Operations
Section 10: Updates to this Privacy Policy
Breuninger takes the requirements of data protection and data security of your personal data very seriously. We are aware that the trust of our customers is a fundamental element of the customer relationship and our business success and would like to honor this trust by fulfilling our information obligations to the best of our ability.
To make it easier for you to read, we have decide to break down the policy into sections. This should allow you either to obtain a quick general overview of all data processing operations and your associated rights, or to inform yourself in more detail about the handling of your personal data by Breuninger.
If you have questions about the topic of data protection at Breuninger, you can contact privacy@breuninger.com. If you would like to exercise your right to access information or data erasure or another data protection right pursuant to Art. 15-22 GDPR, including withdrawal of consenting for marketing purposes, unsubscribing from the newsletter etc., please contact our customer service.
You can find more information in this regard in Sections 3: Your rights as a data subject and 2: Controller, contacts and contact details.
Section 1: Scope and overview
This Privacy Policy explains to you the extent to which we collect and personal data during a visit to our website, in our department stores or when using the mobile applications as well as in various other areas, for which purposes the data is used, who the data recipients are and when the data is erased. The methods we use to process your data are similar for most of our services. Please note that the specific data processed in the individual case and the manner in which this data is used are primarily determined by the services you use and the country in which you are located. For this reason, not all components of this information will be relevant for you.
This Privacy Policy is valid equally for the online portals operated by E. Breuninger GmbH & Co. ("Breuninger")
-
as well as our Help page
and the mobile applications.
Section 2: Controller, contacts and contact details
The controller for the processing of personal data in all areas is E. Breuninger GmbH & Co., Marktstraße 1-3, 70173 Stuttgart, Germany. You can reach us by phone at Phone 00800 - 71121100 and by contacting our customer service.
For questions about data protection at Breuninger, you can contact privacy@breuninger.com.
Furthermore, the company Data Protection Officer at Breuninger is available for all data subjects to contact and can be reached at privacy@breuninger.com or by mail at the address provided below with the addition "c/o the Data Protection Officer".
If you would like to contact the responsible supervisory authority due to a question about the processing of your data, this is the State Officer for Data Protection and Freedom of Information for Baden-Württemberg, mailing address: Lautenschlagerstraße 20, 70173 Stuttgart, Germany, Phone 0049 (0)711/61 55 41-0, Fax: 0049 (0) 711/61 55 41-15, E-mail: poststelle@lfdi.bwl.de. However, data subjects can also contact any other data protection supervisory authority.
Section 3: Your rights as a data subject
As a data subject, you have the right to access information about personal data concerning you pursuant to Art. 15 of the GDPR.
If you would like to exercise your right to access information or data erasure or another data protection right pursuant to Art. 15-22 GDPR, including withdrawal of consenting for marketing purposes, unsubscribing from the newsletter etc., please contact our customer service.
Important notice: To ensure that your data is not issued to third parties in the event of requests for information, we may ask you to provide additional proof of identity. Feel free to include sufficient proof of identity with your request when you submit it in order to enable rapid processing.
You can have your data corrected pursuant to Art. 16 GDPR or erased if the conditions of Art. 17 GDPR are met. You also have the right to restrict the processing of your data, Art. 18 GDPR. If you are able to assert a particular personal situation, then you can object to the processing of your data as a whole or in partial sections, Art. 21 GDPR, insofar as the data processing is based on Art. 6 (1)(e) or (f) GDPR. Under the conditions of Art. 20 GDPR, you also have the right to data portability.
If you have given us your consent for the processing of your data, you can withdraw this at any time. Please note that this withdrawal only has effect for the future, and any processing carried out before this point in time does not become unlawful as a result.
Notwithstanding any other administrative or judicial legal resource, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR.
To do so, you can contact the State Officer for Data Protection and Freedom of Information for Baden-Württemberg.
Section 4: Overview of data processing at Breuninger
Breuninger offers you a wide range of services that you can also use in many different ways. Depending on how you contact us and which services you use, we process different personal data from various sources.
Personal data, as one of the most important terms in this context, is understood to mean all information that refers to an identified or identifiable person. This includes for example name, address, phone number, e-mail address, ordered goods, payment details etc., whether collected online or offline. The legal basis for data protection is provided in particular by the General Data Protection Regulation (GDPR).
Much of the data we process is collected directly from you when you use our services or contact us, for example when you register and provide your name, e-mail address or mailing address. However, we also obtain technical device and access data that we automatically collect when you use our services. This can include information about which device you are using. We collect additional data through our own data analysis (e.g. in the context of market research studies and through click and link profiling). We may also obtain data about you from third parties, for example from credit agencies and payment providers.
However, you can of course visit all websites or use mobile applications without identifying yourself or logging in.
4.1. Log data
Purpose of processing and legal basis:
When accessing our website, we save the following data automatically and without any action on your part:
-
IP address
-
Date and time of access
-
Details on log version, referrer, HTTP method, user-agent string
-
Page accessed/name of file accessed and volume of data transmitted
-
Notification of whether access/visit was successful
This occurs in order to:
-
guarantee a smooth connection,
-
enable convenient use of our websites/applications
-
and to assess system security and stability.
Legal basis for the processing of the above data is Art. 6 (1)(f) GDPR. We have a legitimate interest in the purposes of data processing listed above. If representation occurs for the purpose of preparing a contract, the legal basis for data processing is Art. 6 (1)(b) GDPR.
Insofar as you download or use mobile applications from Breuninger and, where possible, you have activated location-specific services or have given your consent to this, you may potentially also transmit information to us about your current location and the device you are using as well as an identification number that is uniquely attributable to your device. We may use this information to offer you location-based services with your consent pursuant to Art. 6 (1)(a) GDPR, such as push notifications, or other personalized content. On most devices, it is possible to switch off these location-based services in the "Settings" menu. If you have more questions about how you can switch off location-based services on your device, we recommend that you contact your mobile phone company or the manufacturer of your device.
Data recipients:
Your data will not be transferred to third parties.
Duration of storage:
The log files are saved for 14 days, in exceptional cases for 30 days, in order to ensure the functional operation of the website.
4.2. Newsletter mailing
Purpose of processing and legal basis:
As part of your customer relationship, but also independently from registration or ordering goods, we offer you a personalized newsletter service.
In this context, we use your personal data to send you personally tailored information about products, promotions, events and news in the fashion and lifestyle segment as well as information about product details on your favorites list and shopping cart and to send you recommendations matching products you have searched in service e-mails for notification when products become available again.
This data processing includes the following data:
-
Your contact details such as salutation and e-mail address
-
Your purchase and order data, e.g. for interest-based campaigns or sending the satisfaction bonus
-
Your date of birth for our annual birthday mailing if you are registered in the online shop
-
Your preferences (online/offline, preferred stores, product range, favorites) based on your purchase and order data
-
Your online user behavior in order to send you personalized content in the newsletter based on your interests as long as you have consented to the corresponding cookies, see Section 5: Cookies & tracking technologies
-
Your country of origin and gender
-
General click behavior, i.e. if and when you have opened our newsletter and your click behavior in the newsletter, i.e. if and when you clicked specific information in the newsletter, in order to send you information about products and services that are interesting for you
-
Device tracking, i.e. we record the device on which you opened the newsletter as well as the operating system
-
Product data from your shopping cart if you did not complete the purchase. We will send you an e-mail as a reminder with information about items in your shopping cart, e.g. about their availability, price changes or about relevant offers
-
Product data from your favorites list. We will send you an e-mail as a reminder with information about items on your favorites list, e.g. about their availability, price changes or about relevant offers
On our website, we use individual user tracking technology. This allows us to adapt and optimize the content of our newsletter to show you the right products.
The legal basis for the data processing operations mentioned above is your consent pursuant to Art. 6 (1)(a) GDPR.
To prevent errors and misuse, when you request the newsletter you will first receive a confirmation e-mail to ensure that you actually requested the newsletter. Once you provide confirmation, the personalized newsletter will be sent to you.
Data recipients:
If external processors are tasked with the newsletter mailing, these are carefully selected and contractually obligated pursuant to Art. 28 GDPR. For the implementation of direct marketing by e-mail, the processor is:
- XQueue GmbH (provider of the e-mail distribution tool Maileon), Christian-Pless-Str. 11-13, 63069 Offenbach am Main, Germany ("XQueue").
In this context, your data will be saved on servers in Germany and will not be transferred to third parties. You can find more details about the data protection guidelines in the Privacy Policy of XQueue.
Duration of storage:
You can unsubscribe from the newsletter at any time free of charge using the Unsubscribe link at the end of each newsletter, or by contacting our customer service.
After you unsubscribe from the newsletter, reaction data held by the e-mail service provider are erased at the contact level after two months. The e-mail address is retained for three months after you unsubscribe and then anonymized. Data about opening and clicks will then only be available in aggregated form and cannot be attributed to the user. Anonymized contacts will be deleted after one year.
4.3. App push notification service
Purpose of processing and legal basis:
As part of your customer relationship and also independently from registration or ordering goods, we offer you a personalized push notification service.
In this context, we use your personal data to send you personally tailored information about products, promotions, events and news in the fashion and lifestyle segment as well as information about product details on your favorites list and shopping cart and for notification when products become available again.
This data processing includes the following data:
-
Your preference settings from the app, e.g. about product range, favorite store, etc.
-
Your purchase and order data
-
Your date of birth if you are registered in the online shop
-
Your preferences (online/offline, preferred stores, product range, favorites) based on your purchase and order data
-
Your online user behavior as long as you have consented to the corresponding cookies, see Section 5: Cookies & tracking technologies
-
Your delivery address country and gender
-
General click behavior, i.e. if and when you opened our push notification (user profiling)
-
Device tracking, i.e. we record the device on which you opened the push notification as well as the operating system
-
Product data from your shopping cart if you did not complete the purchase: If no purchase has been made after two days, you will receive a one-time reminder push notification from us
-
Product data from your favorites list. We will send you a push as a reminder with information about items on your favorites list, e.g. about their availability, price changes or about relevant offers
The legal basis for the data processing operations mentioned above is your consent pursuant to Art. 6 (1)(a) GDPR. You can object to the receipt of push notifications at any time by deactivating push notifications in our app under Settings or in your mobile device under Settings and App Notifications.
Data recipients:
Your data will not be forwardet to third parties.
Duration of storage:
Your data will be stored accordingly as long as your subscription to our push notifications remains active.
4.4. Communication
Purpose of processing and legal basis:
If you contact us, we will record your contact details. Your contact details may include, depending on how you contact us (e.g. by phone, e-mail, contact form), your name, mailing address, phone number, e-mail address (potentially order number, payment and credit information), details about your profiles on social networks (for example, we receive your Facebook ID if you contact us via Facebook (Meta)), usernames and similar contact details.
We exclusively use your data for the intended purpose of processing your inquiry, or for follow-up questions.
The legal basis for communication is Art. 6 (1)(f) GDPR (legitimate interest in answering our customer inquiries and thus ensuring customer satisfaction) as well as Art. 6 (1)(b) GDPR (inquiries in the context of a contractual relationship).
The recording of telephone calls is used to improve the quality of the service and for training purposes. Provision of personal data is voluntary and is preceded by consent to continue the call. After the telephone call is established and before the call starts you are informed via a voice message that the call is being recorded. If you do not agree to the recording, do nothing and stay on the line. The legal basis for the processing of your personal data is consent Article 6(1)(a GDPR (consent of the caller expressed by pressing 1 on the telephone keypad).
Data recipients:
When answering your inquiries, as well as in case of recording your call, your data is only processed within E. Breuninger GmbH & Co. and by the customer service provider contractually obligated pursuant to Art. 28 GDPR.
If it is necessary to forward your inquiry to contractual partners (e.g. manufacturers in case of complaints) for handling, we will anonymize your inquiry. If forwarding your personal data seems appropriate in the individual case, we will inform you of this and ask for your consent. Without your consent, we will not forward your data to third parties for these purposes. In addition, please observe the Privacy Policy of Zendesk Inc and gevekom.
Duration of storage:
Your inquiries and our answers will be saved in your customer account and erased after 48 months at most, or in case of relevance for invoicing after seven years at most.
Records from telephone call recording systems will be stored not longer than six months from the date of recording.
To the extent that the processing of your personal data is based on consent, you have the right to withdraw this very consent to this data processing at any time with future effect. To do so, it is sufficient to contact our customer service.
4.5. Advertising communications/direct marketing
Purpose of processing and legal basis:
As our customer, you will regularly receive advertisements in the mail from us with products and services that are interesting to you, within the scope of the legal requirements and independently of registration for our newsletter, as long as you have not objected to this in the past.
For this purpose, we use your mailing address. For the purpose of interest-based advertising communications, we may assign your data that we collect from business transactions such as purchases or returns to different customer groups or interest groups (profile creation).
The legal basis with regard to postal mailing of advertisements and statistical analysis is Art. 6 (1)(f) GDPR.
Advertising communication by phone will only take place if you as a customer have expressly granted your consent, Art. 6 (1)(a) GDPR.
You can object to the creation of profiles in connection with marketing use at any time for the future. To do so, please contact our customer service.
Data recipients:
If external processors are tasked with direct marketing, these are contractually obligated pursuant to Art. 28 GDPR.
Duration of storage:
If you would not like to receive advertising by mail from us any more, you can object to this use with future effect. Your contact details will then be blocked for this use. For advertising by mail, longer lead times are required between selection and delivery; for this reason, it is possible that advertisements may still be sent to your name for a short transitional period. Objection to advertising by mail is only possible for all marketing measures collectively. Objection can be sent by e-mail to the addresses given above or by mail to the contact details under Section 2: Controller, contacts and contact details.
4.6. Customer account in the online shop and in our mobile applications
Purpose of processing and legal basis:
To provide you optimal convenience for your purchases, we offer you the option of permanently storing your personal data in a password-protected Breuninger customer account. This makes various options available to you, e.g. tracking the shipment of goods you have ordered and viewing My Account information.
When you register, we will request you to provide various information that is required for the customer relationship.
The legal basis for this is Art. 6 (1)(b) GDPR, i.e. we process this data based on the contractual relationship or for the implementation of pre-contractual measures.
Otherwise, we process the data provided by you on the basis of our legitimate interests (Art.6 (1) (f) GDPR) such as the clear identification of the respective customer in the context of the credit check, any advertising objections and cancellation requests, to improve the enforceability of claims, the definition and implementation of target group-specific and other marketing measures (e.g. birthday mailings).
Data recipients:
The data will not be forwarded to third parties.
Duration of storage:
If you request for the erasure of your customer account, your data will be erased accordingly.
4.7. Handling of orders
Purpose of processing and legal basis:
The goal of our online shop and the mobile applications is to offer you goods and services for distance sales as a customer of E. Breuninger GmbH & Co. In this context, we process the data required for the conclusion, performance or termination of a contract. This particularly includes:
-
First name, last name
-
Billing and delivery address
-
E-mail address
-
Billing and payment data
-
Order and return data
-
IP address
The legal basis for this is Art. 6 (1)(b) GDPR. This means we process this data based on the contractual relationship or for the implementation of pre-contracutal measures.
Otherwise, we process the data provided by you on the basis of our legitimate interests (Art.6 (1) (f) GDPR) such as the control of possible payment methods, the clear identification of the respective customer in the context of the credit assessment, any advertising objections and cancellation requests, to improve the enforceability of claims, fraud prevention and the definition and implementation of target group-specific and other marketing measures. In addition, your data will be passed on to the respective shipping partner of your orders in order to ensure the proper processing of your order and the delivery of your parcel. Furthermore, we process your data to fulfil a legal obligation (Art.6 (1) (c) GDPR) e.g. for comparison with the EU financial sanctions list.
Data recipients:
In the course of the data processing operations outlined above, your data will be processed by contract processors on our behalf, particularly from the communications, logistics and transport sectors. These processors are all carefully selected and, where prescribed by law, contractually obligated pursuant to Art. 28 GDPR.
In order to send transaction information to you in relation to your order, we use the e-mail mailing tool Simple E-mail Service of Amazon Web Services (AWS), Inc. 410 Terry Avenue North Seattle, WA 98109 United States. When you use our website, Amazon Simple E-mail Service processes your e-mail address and name in particular. Your data will be saved on servers in the EU and will not be transferred to third parties. After full completion of the order, no later than after 4 months, your data will be automatically erased. You can find more details about the data processing in the Privacy Policy of AWS.
We also work with the third-party provider parcelLab GmbH, Schillerstraße 23a, 80336, Munich, Germany to enable better delivery service for our customers. Order and package tracking numbers are processed and in this regard, more precise information about the package status is disclosed to the relevant customer. Contact for data protection officer: dataprotection@parcellab.com
In order to handle payment for you, we rely on the services of payment service providers. These are listed in the following:
-
American Express International Inc., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
-
Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands
-
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
These companies receive the data required to handle the contractual payment obligations from us.
To determine the available payment methods, your data such as first and last name, date of birth, IP address and postal address will be sent to CRIF GmbH.
The detailed Privacy Policy of CRIF GmbH within the meaning of Art. 14 GDPR, particularly information about the purpose of business, the purposes of data storage, the data recipients and your data privacy rights vis CRIF GmbH can be found here.
If you fail to comply with contractual payment obligations, Breuninger can also transfer data about these circumstances to the abovementioned companies after weighing the interests of both parties.
Furthermore, Breuninger is entitled to transfer data about your mature and outstanding debts to CRIF and Boniversum in order to preserve the legitimate interest of Breuninger or third parties in preventing debt defaults pursuant to Art. 6 (1)(f) GDPR.
The same also applies for data about other conduct in violation of contract (e.g. credit card misuse, fraudulent conduct), which Breuninger will transfer to CRIF and Boniversum if this is required in order to preserve the legitimate interest of Breuninger or third parties in preventing future misuse and debt defaults and there is no reason to assume that your interests and rights predominate.
In addition, Breuninger grants both a voluntary right of return and the statutory right of withdrawal for online purchases. In order to prevent and investigate irregular ordering and return processes and to avoid excessive returns, data on the ordered, reclaimed and returned goods are collected, stored and evaluated. The legal basis for this data processing is Art. 6 (1)(f) GDPR. To protect the legitimate interests of Breuninger or third parties in accordance with Art. 6 (1) (f) GDPR, Breuninger is entitled to transmit this data to CRIF to take it into account when offering payment methods. In addition, Breuninger reserves the right to temporarily or permanently block your customer account and, if necessary, to exclude you from promotional activities.
Duration of storage:
If we do not use your contact details for marketing purposes, we store the data collected for contract processing until the expiration of statutory or potential contractual warranty and guarantee rights. After the expiration of this period, we store information about the contractual relationship that is required under commercial law and tax law for the periods stipulated by law. For this period (regularly ten years after contract conclusion), the data will only be processed again in the event of an audit by the tax authorities or for custom inquiries. All information that is not relevant for tax purposes will be erased after the purposes ceases to apply, for communication histories no later than 36 months.
4.8. Notification when products become available again
Purpose of processing and legal basis:
We use your personal data in order to notify you about the availability of your requested items. For this purpose, we use the e-mail address you provided, which you entered in the corresponding dialog field in the online shop. Provided your e-mail address has been identified as valid, you will receive a message from us as soon as the item you requested is available again in our shop. The legal basis is your consent pursuant to Art. 6 (1)(a) GDPR. If you also use the Breuninger app and have activated push notifications there, you will also be informed that the item is available again via push notification. You can switch these notifications off at any time in your app settings under Notifications, Product information.
To prevent errors and misuse, you will receive a confirmation e-mail after requesting availability notifications. This is intended to ensure that you have actually requested these notifications. Only after confirmation is received from you will you receive availability notification e-mails.
Data recipients:
If external processors are tasked with availability notifications, these are contractually obligated pursuant to Art. 28 GDPR:
- XQueue GmbH (provider of the e-mail distribution tool Maileon and the automated online verification and analysis of e-mail address lists AddressCheckSoftware), Christian-Pless-Str. 11-13, 63069 Offenbach am Main, Germany ("XQueue").
In this context, your data will be saved on servers in Germany and will not be transferred to third parties. You can find more details about the data protection guidelines in the Privacy Policy of XQueue.
Duration of storage:
You can unsubscribe from availability notifications free of charge at any time using the unsubscribe link provided at the end of each notification or by contacting our customer service.
The stored response times are then deleted 30 days after cancellation.
4.9. Market and opinion research
Purpose of processing and legal basis:
At various points in time during the customer relationship, we invite you to submit feedback about your experiences with Breuninger and your shopping experience in this regard. We use your personal data for a target group-specific evaluation and for the corresponding derivation of strategic measures to make your future shopping experience even more pleasant.
The data processing includes the following data:
-
Your contact data such as salutation and e-mail address
-
Data such as country of origin, gender and age
-
Hashed customer ID
-
Your general click behaviour, e.g. status of the survey
-
Your purchase and order data as well as your affinities (e.g. online, product range) based on your purchase and order data
-
Device tracking, i.e. we record the device you used to open your feedback invitation as well as the operating system
The legal basis for participation in market and opinion research is your consent pursuant to Art. 6 (1)(a) GDPR.
To prevent errors and misuse, you will first receive a confirmation e-mail when you request to participate, to ensure that you actually requested to participate in our market and opinion research. Once you provide confirmation, the invitations to customer surveys will be sent to you.
Data recipients:
The data we collect in the context of customer surveys and market and opinion research is intended for internal use only. However, in order to conduct customer surveys and market and opinion research, we make use of external service providers. These processors are all carefully selected and contractually obligated pursuant to Art. 28 GDPR. Specifically, these are the following:
-
Medallia, Inc., with its headquarters in San Mateo, California, USA. You can find more details about the data processing in the Privacy Policy of Medallia. Data processing may also occur outside the EU or the EEA. With respect to Medallia, an adequate level of data protection cannot be assumed due to the processing in the USA. There is a risk that public authorities will access the data for security and monitoring purposes without you being informed about this or having the opportunity of filing an appeal. To fulfil the statutory requirements, we have agreed on additional measures with Medallia to establish an adequate level of data protection.
-
7 Points Ltd. with its headquarters in Warsaw, Poland. You can find more details about the data processing in the Privacy Policy of SurveyLab.
-
XQueue GmbH (provider of the e-mail distribution tool Maileon), Offenbach am Main, Germany ("XQueue") for sending the invitations to the customer survey by e-mail. You can find more details about the data protection guidelines in the Privacy Policy of XQueue.
-
liCili UG with registered offices in Göppingen, Germany. You can find more details about the data processing in the Privacy Policy liCili.
-
quantilope GmbH with its heardquarters in Hamburg, Germany. You can find more details about the data processing in the Privacy Policy quantilope.
-
Trustpilot A/S, with its headquarters in Kopenhagen, Denmark. You can find more details about the data processing in the Privacy Policy Trustpilot.
Duration of storage:
The analysis of survey results is carried out pseudonymously.
If you submit your personal data in plain text form yourself in the context of a survey (e.g. phone number for follow-up calls), this will be erased after 18 months at the latest. All other personal data (e.g. e-mail address or survey invitation) will be erased after three years at the latest.
You may withdraw your consent to data processing within the scope of market and opinion research at any time with future effect by clicking on the unsubscribe link at the end of each invitation e-mail or by contacting our customer service.
4.10. Satisfaction survey in our Customer Service
Purpose of processing and legal basis:
If you contact us with a specific question or request, whether as an existing or potential customer, and you subsequently agree to provide feedback on your satisfaction with handling of such request, we may kindly ask you to answer additional questions in order to make your future shopping experience more pleasant and to improve the quality of our customer service.
The legal basis for participating in a survey related to your experience with our customer service (telephone or e-mail) is your consent in each case, in accordance with Art. 6(1)(a) GDPR.
Recipients of personal data:
The data we collect in the context of the satisfaction survey is for internal use only, in order to make your future shopping experience more pleasant. However, we use external service providers to conduct satisfaction surveys. All of these processors are carefully selected and contractually obliged in accordance with Art. 28 of the GDPR:
-
Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA
-
gevekom GmbH, Altplauen 19 01187 Dresden, Germany
The data is stored and processed on servers in the EU. A transfer of your data for services outside the EU or the EEA takes place on the basis of concluded EU standard contractual clauses. For further information, please refer to the Zendesk and gevekom privacy policies.
Retention period:
Via telephone: the evaluation and documentation of the survey results are anonymised. All personal data, including telephone number, will be deleted after 12 months at the latest.
Via contact form: the data we collect in the context of the satisfaction survey (first and last name, e-mail address, other data you provide in your request) will be deleted after 36 months at the latest. The survey relates exclusively to the processing of your personal request and can be withdrawn via the confirmation of receipt of your request.
You may withdraw your consent to this data processing at any time with future effect. To do so, it is sufficient to contact our customer service.
4.11. Recognition
Purpose of processing and legal basis:
When you log into our website, we save the following data automatically and without any action on your part:
-
IP address
-
Date and time of access
-
User-agent string
-
Login route
-
Source of request
-
cid cookie
Only the cid cookie will be stored on the client side here.
This occurs in order to recognize the device and networks from the server side and to detect and prevent external access attempts. The legal basis for this is Art. 6 (1)(f) GDPR. Our legitimate interest lies in detecting and preventing harmful actions and external access to our website and for our website visitors.
Data recipients:
Your data will not be transferred to third parties.
Duration of storage:
The data is stored for one year after the last login with the corresponding device/network.
Section 5: Cookies & tracking technologies
On various pages, we use cookies to design an appealing experience for visits to our website and to enable the use of particular features. Cookies are small text files that are saved on your device and which contain specific settings and data for exchange with our system over your browser.
The specific cookies saved in the individual case and your personal data that is subsequently processed is primarily based on the nature and scope of use of our website and the consents you have provided. We operate internationally in a range of European countries. In individual countries, the services offered on our websites may differ, and thus the consents offered with regard to data processing and the use of cookies may also differ. For this reason, not all components of this information will be relevant for you.
When using cookies, on our country-specific websites we observe the relevant applicable national requirements concerning obtaining consent.
In the following, more detail is provided about the specific categories of cookies that we use.
-
Analysis and statistics: We strive to continually improve the ease of use on our website. For this reason, we use cookies that anonymously or pseudonymously measure and evaluate which functions and content on our website are used particularly frequently and intensively in order to understand which content and products on our website are of particular interest for users. The legal basis for the collection of your data is Art. 6 (1)(a) GDPR (consent).
-
Advertising: These cookies and other technologies are used to display ads to you on websites with content tailored specifically for you, which we assume could be of particular relevance to you. These cookies use advertising networks of companies that process your data as independent controllers. The legal basis for the collection of your data is Art. 6 (1)(a) GDPR (consent).
-
Functional cookies: Functional cookies improve the ease of use when you visit our website and control how our website is displayed for you. We also use these cookies to display our products and content to you in such a way that your shopping on our website is as comfortable and convenient as possible. The legal basis for the collection of your data is Art. 6 (1)(a) GDPR (consent).
-
Necessary cookies: Necessary cookies help us to make our website technically accessible and usable for you. Key basic functionalities such as navigation on the website, correct display in your interest browser or this consent management are enabled through the consent layer. Without these cookies, our website is unable to function. Furthermore, these cookies help us to offer you specific services on our website that you expect when visiting a fashion shop under normal circumstances and provide you with a tailored user experience on our website.
The legal basis for the collection of your data is Art. 6 (1)(f) GDPR (legitimate interest), as we assume that you have an interest in our website being usable for you and regard certain services on our website to be fundamental.
You have the option of either consenting to the use of all cookies or rejecting them, as well as making an individual selection. This does not include the necessary cookies that are required in order to display the website.
Of course, you can also configure your internet browser by default so that it will not accept any cookies. You can generally find relevant information on how to proceed using the Help function of your internet browser. However, we would like to inform you that in this case the functions of the Breuninger online shop may only be available to a limited extent.
5.1. Data providers analysis and statistics
5.1.1 Breuninger Tracking Analysis and statistics
We use a proprietary tracking and web and analysis developed in-house by E. Breuninger GmbH & Co., Marktstrasse 1-3, 70173 Stuttgart, Germany ("Breuninger") for the needs-based design and optimization of our website as well as for carrying out A/B tests. Breuninger Tracking is used to collect and save user data. User profiles are created, for example cross-device, from this data using pseudonyms.
This includes analysing which functions and content are used particularly often and a lot in order to understand which content and products are of specific interest to users.
For this purpose, cookies may be used and existing cookies can be read out. Among other things, the cookies make it possible to recognize the user. The data collected using this Breuninger technology is exclusively used with your prior consent and after you have actively identified yourself on your website (for example by registration or login), for the purpose of compiling personal data (i.g. from your customer account) about the bearer of the pseudonym together with the tracking data.
When you use our website, Breuninger particularly processes the IP address, hashed e-mail address, device information, Mobile Advertising ID (IDFA/ GAID), browser information, usage data, user behavior, customer ID and order ID as well as first party cookies. User profiles will not be attributed to IP addresses.
Data recipients:
In order to process and store the data obtained here, we use the services of external partners. The partners themselves have no access or usage rights to the data stored in the process.
Your data will only be passed on to individual external technology partners with your consent. If external processors are involved, these are contractually obligated pursuant to Art. 28 GDPR.
Duration of storage:
The data obtained is stored by Breuninger on servers within the EU and - if pseudonyms or other identifiers are available - completely anonymised after two years. IP addresses will be deleted after 7 days.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, please navigate to Privacy Settings and object to Breuninger Tracking in "Analysis and statistics". As a result of your opt-out, no data from your browser will be collected and saved in the future.
5.1.2 Medallia
At various times during the customer relationship we invite you to provide feedback on your experience with Breuninger and on your shopping experience. We use your personal data for a target group-specific evaluation and to derive appropriate strategic measures to make your future shopping experience even more enjoyable.
The data processing includes the following data:
-
Country of origin, gender and age
-
Your general click behaviour, i.e. whether and when you open our feedback invitations or whether you have fully completed a survey
-
Device tracking, i.e. we capture the device with which you opened our feedback invitation and the operating system
The legal basis for participation in customer surveys in our online shop is your consent in accordance with Art. 6 (1) lit. a GDPR. This data is collected and analysed in anonymised form.
Recipients of the data:
The data that we collect in the course of customer surveys and market and opinion research is intended for internal use only. However, we use external service providers to carry out customer surveys and market and opinion research. These are carefully selected as processors and are contractually obliged in accordance with Art. 28 GDPR. They are as follows:
-
Medallia, Inc., with registered offices in San Mateo, California, USA. You can find more details about the data processing in the Privacy Policy Medallia. Data processing may also take place outside the EU/EEA. With regard to Medallia, no adequate level of data protection can be assumed due to processing in the USA. There is the risk that state authorities may access the data for security and monitoring purposes without you being informed or having the right to appeal. In order to satisfy the legal requirements, we have agreed additional measures with Medallia to establish an appropriate level of data protection.
-
7 Points Ltd. with registered offices in Warsaw, Poland (SurveyLab). You can find more details about the data processing in the Privacy Policy SurveyLab.
-
liCili UG with registered offices in Göppingen, Germany. You can find more details about the data processing in the Privacy Policy liCili.
Storage duration:
The survey results are evaluated in pseudonomised form. If you provide personal data in plain text form (e.g. telephone number for a callback) yourself during the course of a survey, this data will be deleted after 18 months at the latest. All other personal data will be deleted after three years at the latest.
You can object to the collection and storage of data for customer surveys in our online shop at any time with effect for the future. To revoke the collection and storage of your data in the future, go to the data protection settings on our website and uncheck the box under "Analysis and Statistics" for Medallia.
5.1.3 7 Points Ltd. (SurveyLab)
At various times during the customer relationship we invite you to provide feedback on your experience with Breuninger and on your shopping experience. This service is provided by the company 7 Points (Surveylab). If you have consented to the use of SurveyLab, your browser automatically establishes a direct connection with the SurveyLab server when you participate in a survey. As part of this service, SurveyLab uses Google Analytics. We use your personal data for a target group-specific evaluation and to derive appropriate strategic measures to make your future shopping experience even more enjoyable.
The data processing includes the following data:
-
Country of origin, gender and age
-
Hashed customer ID
-
Your general click behaviour, e.g. status of the survey
-
Device tracking, i.e. we capture the device with which you opened our feedback invitation and the operating system
The legal basis for participation in customer surveys in our online shop is your consent in accordance with Art. 6 (1) lit. a GDPR. This data is collected and analysed in anonymised form.
Recipients of the data:
The data that we collect in the course of customer surveys and market and opinion research is intended for internal use only. However, we use external service providers to carry out customer surveys and market and opinion research. These are carefully selected as processors and are contractually obliged in accordance with Art. 28 GDPR. They are as follows:
-
7 Points Ltd. with registered offices in Warsaw, Poland (SurveyLab). You can find more details about the data processing in the Privacy Policy SurveyLab.
-
liCili UG with registered offices in Göppingen, Germany. You can find more details about the data processing in the Privacy Policy liCili.
Storage duration:
The survey results are evaluated in pseudonomised form. If you provide personal data in plain text form yourself during the course of a survey, this data will be deleted after 18 months at the latest. All other personal data will be deleted after three years at the latest.
You can object to the collection and storage of data for customer surveys in our online shop at any time with effect for the future. To revoke the collection and storage of your data in the future, go to the data protection settings on our website and uncheck the box under "Analysis and Statistics" for SurveyLab.
5.1.4 Mixpanel
For our app, we use the analytics technology of Mixpanel Inc. One Front Street, Floor 28 San Francisco, CA 94111, USA (Mixpanel) to track your user behavior in the Breuninger app. This enables us to collect and save your usage data using an assigned user ID ("pseudonym"). With this analysis, we aim to make the app more user-friendly and improve the app continually for you. The data is not used to identify you personally as a visitor to this app and is not compared with other data relating to the bearer of a pseudonym.
When you use our app, Mixpanel particularly processes the IP address, user agent, user ID, mobile marketing IDs, browser information, device information and user behavior.
Mixpanel will store your data for 2 years.
The storage and processing is carried out on servers in the EU. Personal data can be forwarded to service providers and their subsidiaries which provide the technologies or help services for assistance, operation and maintenance of Mixpanel services.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
You can find more details about the data processing in the Privacy Policy of Mixpanel.
5.1.5 Firebase
For our app, we use multiple services of Firebase, a service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Firebase uses instance IDs in order to remember individually configured settings in our Breuninger app. Because each instance ID is unique with respect to our app and your mobile device, Firespace is able to analyze specific processes within the app and react to them. The IP address transmitted by your device when using Firebase is not compiled with other Google data.
Along with the analysis and statistics services, we use additional technically necessary services of Firebase that you can view under the "Necessary" category.
We use the following Firebase services for the purpose of analysis and statistics:
We use Firebase Analytics to obtain analytical and device-related information about app use. We can also analyze which previously defined activities (app events) you have used (conversion tracking).
When you use our app, Firebase particularly processes the IP address (anonymous), mobile marketing IDs, app analytics instance IDs, the device token ID, your Firebase installation ID, device information as well as IDFVs/Android IDs.
Your data is stored by Firebase for 2 months and automatically erased or aggregated on a monthly basis so that no person can be identified based on the aggregated data.
The storage and processing is carried out on servers in the EU and in the United States of America based on established EU standard contractual clauses (SCC). Outside of the Google network, data will not be transferred to third parties.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, navigate to the privacy settings in the app and remove the check under Analysis and statistics for Firebase.
You can find more details about the data processing in the Privacy Policy of Firebase at
5.1.6 Fullstory
In order to analyze your user behavior and user experience, we use the technology of Fullstory, Inc., 1745 Peachtree Street NE, Suite N, Atlanta, Georgia, USA 30309 (“Fullstory”).
With the help of Fullstory, we would like to better understand user behavior and how our users interact with our store. To do this, we can use cookies. Fullstory processes your usage data and enables us to find new ways to improve the user experience.
More specifically, Fullstory processes information about your interaction with our websites and content as well as about your browser and the cookies stored there. Your data is stored by the provider for 12 months after which it is automatically deleted.
The transfer of data to Fullstory takes place within the framework of data processing in accordance with article 28 of the GDPR.
Fullstory processes data in the USA. The company is an active participant in the EU-US Data Privacy Frameworks, which regulates the correct and secure transfer of personal data from EU citizens to the USA. Fullstory also utilizes standard contractual clauses.
The legal basis for the processing of your data is your consent in accordance with article 6 (1)(a) of the GDPR. You can object to the processing of your data at any time with future effect. To do so, please use the Privacy Settings on our website and uncheck the box under Analysis and Statistics for Fullstory.
For further details on data procession, please refer to Fullstory’s privacy policy
5.2. Data provider marketing
5.2.1 Breuninger Tracking Advertising
We use a proprietary tracking and web and analysis developed in-house by E. Breuninger GmbH & Co., Marktstrasse 1-3, 70173 Stuttgart, Germany ("Breuninger") to optimise and control our marketing campaigns. The precondition is that you have also given your consent to Breuninger Tracking Analysis and statistics in addition to Breuninger Tracking Advertising.
Breuninger Tracking is used to collect and save user data. Marketing and user profiles are created, for example cross-device, from this data using pseudonyms. Technologies such as cookies, the client's local storage or server-side storage can be used to store the data. These technologies enable, for example, the recognition of the user or marketing channel matching.
The data collected using this Breuninger technology is exclusively used with your prior consent and after you have actively identified yourself on your website, for the purpose of compiling personal data (i.g. from your customer account) about the bearer of the pseudonym together with the tracking data.
When you use our website, Breuninger particularly processes the IP address, hashed e-mail address, device information, Mobile Advertising ID (IDFA/GAID), browser information, usage data, user behavior, customer ID and order ID as well as first party cookies. User profiles will not be attributed to IP addresses.
Data recipients:
Your data will only be passed on to corresponding external marketing and technology partners with your consent. If external processors are involved, these are contractually obligated pursuant to Art. 28 GDPR.
Duration of storage:
Your data will be saved by Breuninger for two years on servers within the EU and will not be transferred to third parties.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, please navigate to Privacy Settings and object to Breuninger Tracking in "Advertising". As a result of your opt-out, no data from your browser will be collected and saved in the future.
5.2.2 Microsoft (Bing Ads)
On our website, we use technologies of Bing Ads, which are operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, independent controller. Microsoft Conversion Tracking is used, for which purpose Microsoft sets a cookie on your device if you access our website from a Microsoft Bing ad or by another means. In this way, we and Microsoft are able to detect that you clicked on the ad, were forwarded to the website and reached a previously determined target site (conversion site) that was linked in the ad. Furthermore, we and Microsoft are able to see that you accessed the website in another way and made/executed a purchase or service which was defined as conversion.
Furthermore, we use Microsoft Retargeting technology, which collects and saves information about your user behavior on our website.
For this purpose, cookies may be used. Cookies enable Microsoft to collect, process and use information from the cookies to create user profiles from the data using pseudonyms. These user profiles assist with analysis of user behavior, which enables us to show you relevant ads and offers with Bing Ads, since you have already shown interest in our website and our content/services. No personal information is processed concerning the user identity.
Based on the marketing tool used, your browser automatically establishes a direct connection with the Microsoft server. We have no influence on the scope and further use of the data apart from the abovementioned purposes, which is collected by Microsoft using this tool and therefore inform you based on our current state of knowledge: Through the integration of Microsoft, Microsoft receives the information that you accessed the relevant section of our website or clicked on one of our ads. If you are registered for a Microsoft service, Microsoft can attribute the visit to your account. Even if you are not registered with Microsoft or not logged in, it is possible that the provider will learn and save your IP address.
When you use our website, Microsoft processes particularly the UET tag ID, Mobile Advertising ID (IDFA/ GAID), Microsoft cookie, hashed e-mail address, browser information, device information, user behavior and the contact for advertising materials.
Here, your data is saved on servers within the EU and USA and may be forwarded to service providers and their subsidiaries which provide the technologies or help services for assistance, operation and maintenance of specific Microsoft online services. Your data is transferred to servers in the USA based on the Microsoft Advertising Agreement.
Microsoft retains your data from the UET tag for 180 days. The duration of the Microsoft cookies is 13 months.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
You can find more details about the data processing in the Privacy Policy of the Microsoft Corporation.
5.2.3 Criteo
On our website, we use the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo"). Cookies may be used here that enable Criteo to collect and save aggregated and pseudonymous information about your user behavior on our website. Using an algorithm, Criteo analyzes the user behavior recorded in this manner and is thus able to show you targeted product recommendations as personalized ad banners on our websites (referred to as publishers).
Here, your data is saved on servers within the EU and may be forwarded to service providers and their subsidiaries which provide the technologies or help services for assistance, operation and maintenance of Criteo services.
When you use our website, Criteo particularly processes browser information, device information, location information, usage data, user behavior, the number of ads shown to you, the order ID, your IP address, hashed e-mail address and a Criteo identifier.
Criteo stores your technical data for 13 months, and stores your cookies for 13 months after your last update (access of our website) on servers within the EU.
The transfer of data to Criteo SA is carried out in a joint controller capacity pursuant to Art. 26 GDPR for retargeting and the use of the abovementioned data to display ads on other websites.
Both controllers are independently responsible for guaranteeing your data subject rights.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
You can find more details about the data processing in the Privacy Policy of Criteo SA.
5.2.4 Exactag
On our website, we use the analytics service of Exactag GmbH, Theodorstraße 178, 40472 Düsseldorf, Germany ("Exactag"). On our website, Exactag collects and saves data for marketing and optimization purposes. Pseudonymous usage profiles may be created from this data. For this purpose, cookies are stored and a method called fingerprinting may be used to store environment variables from your internet browser in a database without unique user-specific data such as an IP address.
With these cookies, we implement cross-device and cross-website tracking to follow user behavior beyond our website and on different devices. In this way, we evaluate the interaction with our advertising materials on other websites and devices (customer journey) in order to optimize them. This occurs through the assignment of anonymized values that are put together from the IDs of the devices you use and of the cookies from the sites you visit. These values cannot be attributed to any individual persons.
When you use our website, Exactag particularly processes the IP address, browser information, device information, location information, usage data, user behavior, interaction with ads, order ID, hashed customer ID, Mobile Advertising ID (IDFA/ GAID) and hashed e-mail address.
Your data will be saved on servers in the EU and will not be transferred to third parties.
Exactag stores your data for six months. Customer journey data is saved for 36 months and then anonymized.
The transfer of data to Exactag is carried out in a joint controller capacity pursuant to Art. 26 GDPR for the processing operations mentioned above.
Both controllers are independently responsible for guaranteeing your data subject rights.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here to save the Exactag deactivation opt-out cookie in your browser.
You can find more details about the data processing in the Privacy Policy of Exactag.
5.2.5 Meta (Facebook)
On our website, we use the retargeting and conversion technologies of the social network "Facebook" of the Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") on our website, which enables us to show you relevant ads and offers on Meta, since you have already shown interest in our website and our content/services and are a Meta member. For this purpose, the so-called "Facebook-Pixel" and the conversion API from Meta are embedded on our websites which inform Meta when you visit our website that you have accessed our website and which elements of our services you were interested in (retargeting).
If you have reached our website via a Facebook ad or any another way, we and Meta can recognise in this way that you have clicked on an ad, have been redirected to the website and have reached a previously determined target page (conversion site) that was linked via the ad and whether you have, for example, made a purchase or performed other services that were defined as a conversion.
If you have agreed to the use of the Facebook pixel, your browser automatically establishes a direct connection with the Meta server via this pixel. The conversion API provides a server-to-server connection between our web server and Meta's servers. For the transmission of data via the conversion API, we temporarily store your data on our servers. We have no influence on the scope and further use of the data apart from the abovementioned purposes, which is collected by Meta using this tool and therefore inform you based on our current state of knowledge: Through the integration of these technologies, Meta receives the information that you accessed the relevant section of our website or clicked on one of our ads. If you are registered for Meta, Meta can attribute the visit to your account. Even if you are not registered with Meta or not logged in, it is possible that Meta will obtain and store your IP address.
When you use our website, Meta particularly processes the IP address, Facebook user ID, Mobile Advertising ID (IDFA/ GAID), order ID, hashed customer ID, hashed e-mail address, device information, browser information, location information, usage data, user behavior, marketing information, interaction with ads, interaction with products, interaction with website services, viewed ads and online shop content.
Your data will be saved on servers in the EU until it is no longer required for the purposes of processing and will not be transferred to third parties outside the Meta network. Transfer to a third country pursuant to GDPR, such as the USA, may occur within the Meta network. Your data is transferred to servers in the USA based on the Meta Page Controller Addendum, the Meta Data Processing Conditions, the Meta EU Data Transfer Addendum, the Facebook Addendum for Controllers and the Standard Contractual Clauses concluded between Meta Platforms Ireland Ltd. and Meta Platforms LLC, USA.
The transfer of data to Meta Platforms Ireland Ltd. is carried out in a joint controller capacity pursuant to Art. 26 GDPR for the processing operations mentioned above. Each controller is responsible for its own part of the processing with respect to the requirements of legal basis, the security of joint processing and violations of the protection of personal data in connection with the joint processing.
In this context, Breuninger assumes the information duties for the processing of personal data.
Both controllers are independently responsible for guaranteeing your data subject rights.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
You can find more details about the data processing in the Privacy Policy of Meta.
5.2.6 Google Ads
On our website, we use technologies of Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland) as an independent controller. These include Google Conversion Tracking and Google Retargeting (jointly referred to as Google Ads).
For Google Conversion Tracking, we use the Google Pixel as well as the Google Enhanced Conversion and Consent Mode functions. All functions are only used by us if you have given us your consent to Google Ads.
If you have reached our website via a Google ad, Breuninger and Google can recognise that someone has clicked on an ad, been forwarded to the website and reached a previously determined target site ("conversion site"). Furthermore, we and Google are able to see that you accessed the website in another way and made/executed a purchase or service which was defined as conversion. In relation to the data for ad campaigns, we are able to determine how successful the individual marketing activities were through success measurement of specific parameters such as display of ads or your click behavior, and to optimize these activities accordingly. To increase the accuracy of our conversion measurement, we use Google Enhanced Conversion Tracking. For this purpose, hashed first-party conversion data such as your hashed e-mail address is transmitted to Google via the Google Ads API, which means that Google itself does not have direct access to input fields and corresponding data on our website. Google matches the hashed Breuninger data against Google user data. In the event of a match, a conversion is reported in the Breuninger Google account, which helps us to optimize our advertising measures. In addition, we use Google's Consent Mode for partial modelling of conversions. We do not use Consent Mode to control the Google Tags on our website. Due to the technical implementation, no further personal data is processed with the help of the Consent Mode and, like the other functions, it is only used if you have given your consent to Google Ads.
We do not collect and process any personal data ourselves in the abovementioned marketing activities. We only receive statistical analysis from Google. Based on this analysis, we are able to identify which of the implemented marketing activities are particularly effective. We do not receive any further data from the use of ad materials, in particular we are not able to identify users based on this information.
Furthermore, we use Google Retargeting technology, which collects and saves information about your user behavior on our website. This data is saved on your computer in cookies and read out by Google. Cookies enable Google to collect, process and use information from the cookies to create user profiles from the data using pseudonyms. These user profiles assist with the analysis of your behavior when visiting our website and are used to display ads to show you relevant and personalized content on external websites that seem interesting for you based on your user behavior on our website.
Based on the marketing tools used, your browser establishes partly automatically a direct connection with the Google server. We have no influence on the scope and further use of the data which is collected by Google using this tool and therefore inform you based on our current state of knowledge: Through the integration of Ads Conversion, Google receives the information that you accessed the relevant section of our website or clicked on one of our ads. If you are registered for a Google service, Google can attribute the visit to your account. Even if you are not registered with Google or not logged in, it is possible that the provider will learn and save your IP address.
When you use our website, Google particularly processes the IP address, cookie ID, pixel ID, Mobile Advertising ID (IDFA/ GAID), hashed e-mail address device information, browser information, location information, usage data, user behavior, and user agent.
Your data will be saved on servers in the EU and will not be transferred to third parties outside the Google network. Transfer to a third country pursuant to GDPR, such as the USA, may occur within the Google network. Your data is transferred to servers in the USA based on established EU standard contractual clauses.
Log data is anonymized after nine months, cookie information after 18 months. If no matching takes place via Enhanced Conversion, Google deletes this data after 48 hours, otherwise the data is deleted as soon as the processing purpose is fulfilled.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here or go back to Privacy Settings on our website and uncheck Google Ads in the "Advertising" category.
You can find more details about the data processing in the Privacy Policy of Google.
5.2.7 Adform
On our website, we use the Adform advertising platform of Adform A/S, Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark ("Adform"). In this context, cookies, beacons, tagging scripts, mobile SDKs and pixels may be used. The cookies enable Adform to collect, process and use information from the cookies to display relevant ads for you, measure the success of campaigns, improve campaign performance or prevent that a user sees the same ads multiple times.
We use Conversion Tracking, for which purpose Adform sets a cookie on your device if you access our website from an ad or by another means. In this way, Adform and Breuninger are able to detect that you clicked on the ad, were forwarded to the website and reached a previously determined target site (conversion site). Furthermore, we are able to see that you accessed the website in another way and executed a purchase or service which was defined as conversion.
Furthermore, we use Adform Retargeting technology, which collects and saves information about your user behavior on our website. This data is saved on the visitors computer in cookies. Adform collects, processes and uses information from the cookie to create user profiles from the data using pseudonyms. Using an algorithm, Adform and Breuninger analyze the user behavior recorded in this manner and are then able to show you targeted product recommendations as personalized ad banners on our websites (referred to as publishers).
Using a cookie ID, Adform determines which ads are shown in which browser. In this way, we evaluate the interaction with our advertising materials on other websites and devices (customer journey) in order to optimize them. This occurs through the assignment of pseudonymized values that are put together from the IDs of the devices you use and of the cookies from the ads you view and click on other visited sites.
From your user behavior and interaction with our ads, products, website services, pseudonymized usage profiles can be created which we use for target group segmentation by aggregating the data into segments to display ads. If you are logged into your Breuninger account, the user profiles are linked with your customer data in order to improve personalized marketing and communications, for example in a newsletter, and to display content that is relevant for you.
When you use our website, Adform particularly processes the IP address, cookie ID, Mobile Advertising ID (IDFA/ GAID), order ID, hashed customer ID, hashed e-mail address, user behavior, master customer data if you are logged into your Breuninger account (gender, age and zip code), browser information, location information, device information, contact with ads, interaction with ads and personalized vouchers with voucher ID.
Here, your data are stored for a maximum of 13 months and cookies for 60 days after the last visit to our website on servers within the EU. Your data will not be transferred to third parties.
Adform processes and uses the personal data for the purposes of fraud detection, forecasting and reporting in aggregated form as a contract processor for Breuninger based on an established contract processing agreement pursuant to Art. 28 GDPR.
The transfer of data to Adform is carried out in a joint controller capacity pursuant to Art. 26 GDPR for the processing operations mentioned above.
Both controllers are independently responsible for guaranteeing your data subject rights.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
You can find more details about the data processing in the Privacy Policy of Adform.
5.2.8 Adjust
For our app, we use the usage evaluation and analysis technology of Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin (Adjust).
Adjust is a mobile analytics and attribution service for app providers. Adjust collects and processes data regarding interaction with Breuninger ads as well as installation and event data from the app and provides these as anonymized analysis. Breuninger uses this information to measure the success of our app marketing campaigns, for our own market research and to optimize the app. Using Adjust, we are able to see which online ad channels generated the download of our app, the opening time of the app, the duration of app use and receive information about app features that are used particularly often.
Adjust processes the specified data for us in order to provide mobile analytics and attribution services and thereby enables us to track and measure our app marketing performance as well as to optimize our app.
When you use our app, Adjust particularly processes the hashed IP address, MAC address, device IDs including mobile ad IDs, hashed e-mail address, user agent, location information, user behavior, contact with ads, installation ID as well as event and app token.
Adjust will store your data for 2 years.
The storage and processing is carried out on servers in the EU and in the United States of America based on established EU standard contractual clauses (SCC). Data is only transferred to Adjust data centers of the subcontractor Leaseweb, otherwise it will not be transferred to any third parties.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, navigate to the privacy settings in the app and remove the check under advertising.
You can find more details about the data processing in the Privacy Policy of Adjust.
5.2.9 Zeotap
We use the Customer Data Platform (CDP), the data product and the ID+ services of Zeotap GmbH, Mehringdamm 32-34, Germany, 10961 Berlin (Zeotap). These are described in detail below.
5.2.9.1 Zeotap Customer Data Platform (CDP)
The Zeotap CDP service allows us to combine your data to form profiles and to derive and assign customer profiles to target group segments. The user profiles and target group segments are used to analyse and optimise our online presence and our advertising activities (newsletter, online advertising, etc.) based on your interests on our website, in our app, on third-party sites and according to your previous purchase history with us. They also help us to acquire new customers.
For this purpose, we collect your data when you use our website and app and create a pseudonymous user profile of you. If you use our website or app (touchpoints) and consent to this, we make you recognisable to us on our touchpoints using cookie or software development kit (SDK) technologies with a so-called pseudonymous ID. The ID is pseudonymous because it does not contain any direct personal data and is therefore not directly traceable to you. Depending on the consent you have given, we link this data / profile in the CDP with data already lawfully collected from you from our internal systems (e.g. Mar-/AdTech, CRM systems, etc.) as well as from external data sources (see below "5.2.9.2 Zeotap data products").
In detail, the formation of pseudonymous profiles and the possible merging with further data takes place when you use our website or app, we combine the data collected in the process under a pseudonymous profile.
The legal basis for the collection and processing of your data is your consent in accordance with § 25 para. 1 TDDDG and Art. 6 para. 1 lit. a) GDPR. Depending on your consent, we collect the following data for the creation of the pseudonymous profile based on cookies on our website or based on SDKs in our app:
-
visiting path
-
referrer URL
-
visitor feature
-
browser and device information from User Agent String
-
encrypted IP addresses and information on country and telecom provider derived from IP address
-
search behaviour
-
product contact
-
wish lists, shopping cart contents as well as purchases including order ID
-
pseudonymised IDs such as cookie IDs, Mobile Advertising IDs, hashed customer ID
-
hashed e-mail addresses
-
user behaviour
-
campaign information via URL parameters
Zeotap is a German company with its registered office in Berlin. The server infrastructure used by Zeotap to provide its services is operated by Google Cloud EMEA Limited and the servers used for the CDP product are located in the European Union (EU) and the United Kingdom (UK). Google Cloud EMEA Limited acts as a sub-processor of Zeotap. The transfer to Google Cloud EMEA Limited is secured by concluded standard contractual clauses (SCC, Art. 46 para. 2 lit. c) GDPR) between Zeotap & Google Cloud EMEA Limited. In addition, Zeotap uses its wholly owned subsidiary Zeotap India Pvt. Ltd. ("Zeotap India"), located in India, for support services. The services provided by Zeotap India may require remote access to personal data stored in Zeotap's systems in the EU and the UK. Zeotap India acts as a sub-processor of Zeotap in such cases and have their basis on SCC concluded between the two companies.
Zeotap is Breuninger's processor on the basis of a concluded order processing agreement pursuant to Art. 28 GDPR for the scope of CDP-related storage, processing and use of personal data for the aforementioned purposes.
The storage period for your data in the Zeotap CDP is 1 year.
You can object to the collection and storage of data at any time with effect for the future. To object to data collection and storage of your data for the future, go to the privacy settings on our website and uncheck the box under Advertising with Zeotap.
5.2.9.2 Zeotap data products
The Zeotap data product services allow Breuninger to match its pseudonymous user profiles created in the CDP (see "Zeotap Customer Data Platform (CDP)" above) with pseudonymous user profiles that Zeotap has built up separately on the basis of data from its own partner network (Zeotap data pool). Breuninger itself is not a partner of this network.
The user profiles of Breuninger and Zeotap are not mixed. For the matching, Breuninger only sends hashed e-mail addresses and/or other online identifiers such as cookie IDs, device IDs, etc. that are present in the respective pseudonymous user profile to Zeotap, where they are briefly stored by Zeotap for the duration of the matching and then deleted again. No segment information or attributes assigned to the profile are sent.
In the so-called hashing, the e-mail address is converted into an unchangeable alphanumeric value, i.e. a hash value, by means of a protected encryption process. The encryption process ensures that the same hash value is always generated for a single e-mail address. This value, in turn, cannot be converted back into the original e-mail address.
The result of this matching is the information as to whether or not a Breuninger user/customer is contained in the Zeotap data pool. The matching serves the purpose of optimising our online advertising activities with existing customers and acquiring new customers by using the results of the matching processing as follows:
Data product ID extension: This data product service is used to increase the reach of our online advertising.
If a pseudonymous ID of our users is brought together with those of the Zeotap data pool as a matching result, we can address this user with advertising in all channels for which Zeotap has additional advertising IDs for this user that are unknown to us (for example Facebook IDs, TikTok IDs, IDFAs, further cookie IDs, etc.). The concrete activation, i.e. the transfer to the respective channel partner, takes place through Zeotap on the instructions of Breuninger. The data flow from Zeotap to the channel partner is monodirectional; at no time does information from the user profile of the Zeotap data pool (such as IDs) flow back to Breuninger or does Breuninger have access to the selected user profiles from the Zeotap data pool, for example via reporting by the channel partners.
Data product Look-a-like Audiences: This data product service is used to acquire suitable new customers who are similar in characteristics to existing customers (look-a-like modelling).
Before importing this data into the Zeotap CDP, a hash value is created as a pseudonym from the e-mail addresses in the CRM data (see above), to which information about purchasing behaviour (e.g. frequency, products, sales, wish lists, etc.) is assigned. The pseudonym can be used to create a temporary link to segment information data from the Zeotap data pool via the Zeotap CDP. Subsequently, pseudonymous IDs are determined from the Zeotap data pool who have the same defining segment characteristics but are not yet Breuninger customers in order to address them with advertising. These are then targeted by Zeotap on behalf of Breuninger by transferring these look-a-like audiences to the channel partners.
In addition to e-mail addresses, IDs (cookie IDs, IDFA, MAID) of non-existing customers (unknown customers) who have previously only visited and used our website or app can also be processed in the same way for the look-a-like modelling described above.
Data product Data Enrichment: This data product service is used to obtain segment information (characteristics) in aggregated form about our existing customers who are still unknown to us.
This information subsequently allows us to optimise the targeting of interest-oriented content and offers in the area of online advertising to existing and new customers.
For this purpose, we match (see above) the pseudonymous IDs of a group of customer profiles (at least 1,000) with the Zeotap data pool. Insofar as the pseudonymous IDs provided by us can be matched with those of the Zeotap data pool, Zeotap can provide us with information in aggregated form about characteristic distributions within this provided customer profile group (e.g. 256 out of 1,000 are users with an affinity for brands; 785 out of 1,000 users have a high household income, etc.), without us being able to trace this information back to a concrete customer profile. The reports with this aggregated information are also not permanently stored by Breuninger (no historisation). We can then activate a selection of our customers from this group by Zeotap transferring this audience to a channel partner on behalf of Breuninger.
The legal basis for the collection and processing of your data for the aforementioned purposes is your consent in accordance with Section 25 (1) TDDDG and Article 6 (1) a) GDPR, insofar as your data is the responsibility of Breuninger.
As far as the processing of data of the Zeotap data pool is concerned, the legal basis is consent according to § 25 para. 1 TDDDG and Art. 6 para. 1 lit. a) GDPR which have been obtained from the network partners for Zeotap. The same information applies as for the Zeotap CDP product (see above 5.2.19.1).
For the processing of your data in the Zeotap CDP, Breuninger is the controller and Zeotap is the processor on the basis of a concluded order processing agreement in accordance with Art. 28 GDPR for the scope of the storage, processing and use of personal data for the aforementioned purposes. With regard to all data processing for the establishment of the Zeotap data pool, Zeotap and its network partners are independent data controllers within the meaning of Art. 24 of the GDPR.
The data processing in the matching phase takes place under the joint responsibility of Breuninger and Zeotap in accordance with Article 26 of the GDPR. For this purpose, Breuninger and Zeotap have concluded an agreement in accordance with Art. 26 (2) GDPR. You can exercise your rights as a data subject (e.g. information, deletion, objections) vis-à-vis us as well as Zeotap; see the contact details at the beginning of this data protection declaration and under section 5.2.19 as well as the option for direct deletion requests to Zeotap at the end of this section. Breuninger and Zeotap shall inform each other of any data subject rights asserted by data subjects and provide each other with all information necessary for the processing of data subject requests. Otherwise, we and the Breuninger partner independently fulfil all obligations under data protection law.
The subsequent further processing of the data from the Zeotap data pool (activation by transfer to the channel partners) is the separate responsibility of Breuninger and Zeotap in accordance with Art. 24 GDPR.
The storage period for your data in the Zeotap CDP corresponds to the periods specified above under Zeotap CDP.
The storage period of the data sent as part of the matching processing and then processed with Zeotap under joint responsibility is 2 days.
The storage period for the IDs transferred by Zeotap on behalf of Breuninger to the channel partners for activation is 30 days.
You can object to the collection, storage and processing of data at any time with effect for the future. To object to the processing of your data for the future, go to the data protection settings on our website and uncheck the box under Advertising with Zeotap.
You can find out whether your data is included in the Zeotap data pool and exercise any right of withdrawal via the Zeotap Privacy Portal
Further information can be found on the Zeotap website.
5.2.9.3 Zeotap ID+
The Zeotap ID+ service allows us to make you recognisable on third-party sites via an ID+ token collected from you when you use the website / app via the Zeotap data product services (see 5.2.19.2 above) in a data protection-friendly manner and thus to address you in a personalised advertising manner.
The central orchestrator of the underlying ID+ network is Zeotap. Within the framework of the service, various participating companies - Breuninger is not a participating company - contribute hash values created from e-mail addresses to a pool of such pseudonymous IDs after specific consent has been given by their users. Each of these pseudonymous IDs is assigned a universal ID in Zeotap's ID+ system. In doing so, the system brings together identical pseudonyms from different companies under the same universal ID. However, this universal ID is not passed on to the participating companies, but each participating company receives a specific ID per user (so-called ID+ token). This prevents the token from being used as a stable identifier for profiling.
This procedure enables us to recognise our users in a data protection-friendly manner and independently of 3rd party cookies on third party sites and thus to address them with personalised advertising.
The same information applies as for the Zeotap CDP product (see above 5.2.19.1). The same information applies as for Zeotap data product services (see 5.2.19.2 above).
The storage period for your data in the Zeotap ID+ token is 1 year. You can object to the collection, storage and processing of the ID+ token at any time with effect for the future.
To object to the processing of your data in the future, go to the privacy settings on our website and uncheck the box under Advertising with Zeotap.
To object to the processing of your data in the future within the ID+ network, you can exercise your data subject right via the Zeotap Privacy Portal or on any page of companies participating in the ID+ network where you have given your consent.
5.3. Data providers of functional cookies
5.3.1 Breuninger Tracking Personalisierung
We use a proprietary tracking and web and analysis developed in-house by E. Breuninger GmbH & Co., Marktstrasse 1-3, 70173 Stuttgart, Germany ("Breuninger") to personalise our website content. Individually adapted content is to be played out based on measured behaviour. Breuninger Tracking is used to collect and save user data. User profiles are created, for example cross-device, from this data using pseudonyms.
This includes analysing which functions and content are used particularly often and a lot in order to understand which content and products are of specific interest to users.
For this purpose, cookies may be used. Among other things, the cookies make it possible to recognize the user. The data collected using this Breuninger technology is exclusively used with your prior consent and after you have actively identified yourself on your website, for the purpose of compiling personal data (i.g. from your customer account) about the bearer of the pseudonym together with the tracking data.
When you use our website, Breuninger particularly processes the IP address, hashed e-mail address, device information, Mobile Advertising ID (IDFA/ GAID), browser information, usage data, user behavior, customer ID and order ID as well as first party cookies. User profiles will not be attributed to IP addresses.
Data recipients:
Your data will only be passed on to corresponding external marketing and technology partners with your consent. If external processors are involved, these are contractually obligated pursuant to Art. 28 GDPR.
Duration of storage:
Your data will be saved by Breuninger for two years on servers within the EU and will not be transferred to third parties.
The legal basis for the data processing is your consent pursuant to Art. 6 (1)(a) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, please navigate to Privacy Settings and object to Breuninger Tracking in "Functional cookies". As a result of your opt-out, no data from your browser will be collected and saved in the future.
On our website, we use the online sizing guide of Fit Analytics Innovation GmbH with its heardquarters in Berlin, Germany (FitAnalytics) to assist you with selecting the right size during the order process. When using the sizing guide, you can transfer the following data to FitAnalytics if desired to obtain a size recommendation:
-
Gender
-
Height
-
Weight
-
Body type (stomach/hips/chest/feet)
-
Wearing preferences (e.g. "tighter" or "looser")
-
Age
-
Reference brand and items (optional)
-
Bra size (optional)
Using statistical methods, and if necessary, the help of anonymous purchase and return data, the appropriate clothing size for you can be determined. Your user data will be used to process the transaction, to personalize and supply the service and to continuously optimize the processes on which the recommendations are based.
Third-party cookies (FitAnalytics cookies) and a first-party cookie (Breuninger cookie fitaid) are used for this purpose in order to display the size advisor correctly on your device.
FitAnalytics Cookies:
Purpose of processing: The FitAnalytics cookies are used to calculate individual clothing sizes and to continuously optimise recommendations.
When you use our website, FitAnalytics particularly processes the anonymized IP address, browser information and operating system.
Your data will be saved on servers in the EU for the duration of the visit to our website and will not be transferred to third parties.
Fit Analytics is a data processor of Breuninger pursuant to a data processing contract concluded in accordance with Art. 28 GDPR for the scope of processing described.
You can find more details about data processing in the Privacy Policy of FitAnalytics.
Breuninger Cookie: fitaid
Purpose of processing: The fitaid is the identifier of several sessions and enables you to choose the appropriate size during the ordering process. The fitaid enables the storage of input data in the size advisor profile and thus ensures smooth functionality.
Storage period: 2 years
Processing and deletion of user data
The user data collected by Fit Analytics and Breuninger can be edited or deleted at any time via the Fit Analytics widget or the Breuninger account. You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click on the following link https://widget.fitanalytics.com/widget/optout/ or navigate to the privacy settings on our website and remove the check under "Functional cookies" for FitAnalytics.
5.3.3 RichRelevance
On our website, we use the technology of RichRelevance Inc., 49 Stevenson Street, Suite 950, San Francisco, CA 94105, USA (RichRelevance) in order to show you relevant product recommendations on our website. We use this technology to analyze your usage and purchase behavior. RichRelevance saves cookies in your browser. From the pseudonymized and hashed data collected by RichRelevance, usage profiles about your user and purchase behavior can be created under a pseudonym. This data is anonymous for RichRelevance, as we do not maintain any matching tables and the hash algorithm is only known to us.
The data collected using the RichRelevance technology will not be used to identify you personally on our website and will not be compiled with personal data about the bearer of the pseudonym.
RichRelevance uses an algorithm to analyze your user behavior and can then provide customer product and service recommendations.
When you use our website, RichRelevance particularly processes clicks on product suggestions, user behavior, purchase behavior, hashed e-mail address when logged into your Breuninger account and hashed order ID.
Your data, anonymous for RichRelevance, is saved on servers in the USA and can be transferred to companies/service providers that assist RichRelevance with the provision of its services. Your data is transferred to servers in the USA based on established EU standard contractual clauses.
RichRelevance is a contract processor for Breuninger based on an established data processing contract pursuant to Art. 28 GDPR for the scope of the described processing operations.
In order to object to the collection and storage of your data for the future, navigate to the privacy settings on our website and remove the check under "Functional cookies" for RichRelevance.
You can find more details about data processing in the Privacy Policy of RichRelevance.
5.3.4 Dynamic Yield (Mastercard)
To improve the user experience and to personalize content, we utilize the technology of Dynamic Yield on our website. The provider is Mastercard Europe SA, Chau. De Tervuren 198, 1410 Waterloo, Belgium (“Dynamic Yield”).
Dynamic Yield’s recommendation tool helps optimize our website to make your visit a more personalized experience through tailored recommendations and content. We use content from pages you have previously viewed to recommend equivalent or related products or other content that may be relevant to you. In addition, we use your data to test the reactions of our users to different versions of our website (A/B testing) with the goal to provide the best possible user experience.
Cookies are used to store only pseudonymized information under a randomly generated ID. The tool processes your usage data and enables us to develop new approaches to improve your user experience. Dynamic Yield processes your data, for example your location, the user agent, IP address, device and browser information, the unique identifier of your mobile device as well as usage data. Your data is stored by the provider for 12 months and is then automatically deleted.
The transfer of data to Dynamic Yield takes place within the framework of order processing in accordance with Art. 28 of the GDPR.
The legal basis for the processing of your data is your consent pursuant to Section 25 (1) TDDDG in conjunction with article 6 (1)(a) of the GDPR. You can object to the processing of your data at any time with future effect. To do so, please use the Privacy Settings on our website and uncheck the box under “Functional Cookies” for Dynamic Yield.
You can find more details about data processing in the Privacy Policy of Dynamic Yield.
5.3.5 Breuninger Personal Shopping Experience
We save a Breuninger cookie that represents your consent to the "Personal Shopping Experience". If you have granted your consent, we save some dynamic data in connection with your device (for example last visited items, last viewed brands, last visited categories, last full text searches, etc.) in order to improve your shopping experience.
Furthermore, your consent to the "Personal Shopping Experience" also determines whether we deliver you segment-specific or personalised content if you visit while logged in.
You may object to the collection and storage of data at any time. In order to object to the collection and storage of your data, navigate to Privacy Settings and remove the check under "Functional cookies" for Personal Shopping Experience. This will cause any previously collected data to be erased.
5.4. Data providers of necessary cookies
5.4.1 Google Tag Manager
On our website, Google Tag Manager is used. Google Tag Manager is a solution by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA which enables us to manage our website tags through an interface. The Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager manages the triggering of other tags (cookies and pixels) that may collect data in turn. We are hereby informing you separately of this fact. Google Tag Manager does not access this data. If a deactivation was configured by the user at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Using technical protocols such as HTTPS, personal data such as your IP address, device information and browser information is sent by your browser to the Google Tag Manager when you access our website. However, Google Tag Manager does not collect and process this data.
5.4.2 OneTrust
We use the OneTrust Consent Management Platform to fulfil the legal obligation pursuant to Art. 7 (1) GDPR. The operator is OneTrust LLC., 82 St. John Street, Farringdon, London EC1M 4JN, United Kingdom (OneTrust). The OneTrust Consent Management collects log file data, user agent (device, browser type, browser language, browser version, resolution) and consent data (consent yes/no, timestamp, data scope, data attributes, controller ID, processor ID, consent ID) using a JavaScript. This JavaScript enables OneTrust and us to inform you about certain tags and web technologies on our website and to obtain, manage and document your consent, as well as to ensure that this essential service continues to function reliably and that we can meet our obligation to the fullest extent. The legal basis for the data processing is Art. 6 (1)(c) GDPR, as we are legally obligated to provide proof of consent (pursuant to Art. 7 (1) GDPR).
OneTrust is a contract processor for Breuninger based on an established data processing contract pursuant to Art. 28 GDPR for the scope of processing for the legal obligation to obtain consent from you for specific processing operations.
In this context, your data is saved on servers in the United Kingdom based on an existing adequacy agreement of the EU Commission pursuant to Art. 45 (3) GDPR (third-party provider located in the UK).
You can find more details about the data processing in the Privacy Policy of OneTrust.
5.4.3 Contentful
For the proper provision of content in the Breuninger app, we use the Contentful CDN (Content Delivery Network) Contentful GmbH, Ritterstraße 12-14, 10969 Berlin (Contentful). The Contentful CDN helps to provide you with content from the online service in our app more quickly, particularly files such as graphics or videos, using servers that are distributed regionally or internationally.
We use Contentful to display content on the home feed (homepage) of our app.
When you use our app, Contentful particularly processes the IP address, user agent and browser information.
Your data will be stored by Contentful for a maximum of 90 days.
The storage and processing is carried out on servers in the EU and in the United States of America or other third states pursuant to GDPR based on established EU standard contractual clauses (SCC). Personal data can be forwarded to service providers and their subsidiaries which provide the technologies or help services for assistance, operation and maintenance of Contentful services.
The legal basis for the data processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR.
You may object to the collection and storage of data at any time with future effect. In order to object to the collection and storage of your data for the future, you can click here.
Please note that if you do so, app content may no longer be displayed to you properly or at all on our home feed, and app function will be restricted as a result.
You can find more details about the data processing in the Privacy Policy of Contentful.
5.4.4 Breuninger
We use our own technically necessary cookies on our website to display our website to you and provide functions for you, such as the use of a shopping cart or the option of logging in to your customer account.
In this context, your personal data will be saved exclusively in the European Union and will not be transferred to third parties.
We use the following cookies:
-
BreuningerConsentCookie
Purpose of processing: Using this cookie enables us to react in real time to your cookie settings from our consent banner and to smoothly forward your preferences to the corresponding services in order to offer you the best possible shopping experience. Only part of the consent data (consent yes / no, timestamp) is processed again.
Duration of storage: 1 year
-
Breuninger Cookie breuningerAnmeldungTracking
Purpose of processing: Using the cookies, we can detect whether you are a new customer, registered customer or ordering as a guest, in order to display specific information accordingly. Here, browser information and device information are processed.
Duration of storage: Session
-
Breuninger Cookie breuningerLogin
Purpose of processing: This is used to identify you as a customer after you have logged in, for example to show you the content of your personal customer account. Customer master data is processed here.
Duration of storage: Session
-
Breuninger Cookie breuningerSoftLogin
Purpose of processing: The soft login across multiple session identifies you after you have logged in once, for example to show you the content of your favorites list. For this purpose, data from the customer account (master customer data, favorites list and similar) is processed.
Duration of storage: 1 year
-
Breuninger Cookie cid
Purpose of processing: The cid is the identifier for multiple sessions of implemented software and is required for functions such as logging in, saving favorites or recently viewed items. Here, the browser information, device information and usage data is processed.
Duration of storage: 2 years
-
Breuninger Cookie entd_layer
Purpose of processing: Controls the display of the notification layer for campaigns. Here, usage data is processed.
Duration of storage: 1 year
-
Breuninger Cookie entd_vorteile
Purpose of processing: Manages the display of the bar above the header for benefit publicity. Here, the browser information, device information and usage data is processed.
Duration of storage: 1 year
-
Breuninger Cookie figurberater and Breuninger Cookie figurberater-d
Purpose of processing: These manage the analysis of the sizing guide survey. The responses are only analyzed in your browser and not saved permanently or in a personally identifiable manner. Here, browser information and device information are processed.
Duration of storage: Session
-
Breuninger Cookie gastbestellerLogin
Purpose of processing: To offer you self-services (cancellation, invoice access, shipment tracking) after your order, an authentication link is sent to you in the service e-mail. This cookie is set as long as this link is accessed and is valid. For this purpose, data from the customer account (master customer data and order details) is processed.
Duration of storage: Session
-
Breuninger Cookie kauf_loggedIn
Purpose of processing: With the kauf_loggedIn cookie, we determine your login status, that is, whether or not you are already logged in.
Duration of storage: Session
-
Breuninger Cookie kauf_quantity
Purpose of processing: Here the total number of items in the shopping cart is saved in order to display this in the header.
Duration of storage: Session
-
Breuninger Cookie kauf_total
Purpose of processing: Here the total cost of all items in the shopping cart is saved in order to display this in the BIB header.
Duration of storage: The session, if the visitor is not logged into their customer account, otherwise via Breuninger Cookie breuningerLogin
-
Breuninger Cookie breuningerLogin
Purpose of processing: This is used to identify you as a customer after you have logged in, for example to show you the content of your personal customer account. Customer master data is processed here.
Duration of storage: Session
-
Breuninger Cookie such_dhk
Purpose of processing: Saves which area (men, women or children) you last visited. Depending on this, you will be forwarded to the corresponding landing page on your next visit. Here, browser information and device information are processed.
Duration of storage: 1 year
-
Breuninger Cookie such_suchursprung
Purpose of processing: Enables differentiation between the use of the search function within the shop or through external entry (page access). Here, the browser information, device information and usage data is processed.
Duration of storage: Request (several seconds)
-
Breuninger Cookie suchen_critical_css
Purpose of processing: Versions our CSS data so that we keep them in the browsers cache and make changes nevertheless to shorten the time it takes the page to load. Here, browser information and device information are processed.
Duration of storage: 2 months
-
Breuninger Cookie suchen_geoIp
Purpose of processing: For the target country, saves whether the layer for selecting the delivery country was already displayed. Here, browser information and device information are processed.
Duration of storage: Session
-
Breuninger Cookie vid
Purpose of processing: identifier for the current session, required for security reasons and to enable functions for you such as the use of the shopping cart. Here, the browser information, device information and usage data is processed.
Duration of storage: Session
-
Breuninger Cookie wid
Purpose of processing: This ID identifies and assigns individual shopping carts in order to display them to you on different devices, for example. Here, the browser information, device information, master customer data and usage data is processed.
Duration of storage: 2 years
-
Breuninger Cookie camp_state
Purpose of processing: Manages the display of the campaign from another channel in the action banners. Usage data is processed in the process.
Duration of storage: 7 days
-
Breuninger Cookie X-App-Version
Purpose of processing: Determines which app functionalities are displayed in the web-area of the app, based on the version of the website header. Here, the browser information and App-Version is processed.
Duration of storage: 1 year
-
Breuninger Cookie mobl_app_features
Purpose of processing: Determines which app functionalities are displayed in the web-area of the app. Here, the browser information and App-version is processed.
Duration of storage: 1 year
-
Breuninger Cookie att_granted
Purpose of processing: Indicates whether a consent for Apple's App Tracking Transparency Framework is given in order to allow or prevent data collection in the web area of the app. Here, the browser information and Consent to App Tracking Transparency is processed.
Duration of storage: 1 year
Section 6: Integration of YouTube videos
Contents from YouTube are integrated on this website. YouTube is operated by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). The legal basis is Art. 6 (1)(f) GDPR. Our legitimate interest lies in providing you with video content about our company.
For YouTube videos that are integrated on our website, enhanced privacy mode has been activated. This means that YouTube will not collect and save any information about website visitors unless they play this video.
Please note that when you press play, your personal data (e.g. IP address) will also be accessible in non-EU/non-EEA states ("third countries") in which the level of data protection is lower than in Germany.
In addition, YouTube can use cookies or other technologies after starting a video in order to analyze user behavior. Starting a YouTube video may trigger additional data processing operations over which we have no influence.
If we have obtained your consent to play YouTube videos on our website, processing is exclusively carried out on the basis of Art. 6 (1)(a) GDPR as well as the respective national implementation of the "ePrivacy Directive" 2002/58/EC, which was amended by the "Cookie Directive" 2009/136/EC, insofar as the consent includes the storage of cookies or access to information on the user's device in this context. Consent may be withdrawn at any time.
To prevent the placement of tracking cookies even when playing the video, however, you can prevent the storage of cookies by changing your browser software settings accordingly, as described above; but we inform you that in this case you may not be able to use all functions of this website to their full extent.
You can find more information regarding the purpose and extent of data collection and its processing by YouTube in the provider's Privacy Policy. There you will also find further information about your rights in this regard and configuration options to protect your privacy. Address and Privacy Policy of YouTube: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Section 7: Social media profiles/pages
Purpose of our processing and legal basis:
Breuninger maintains social media profiles/pages on Facebook, Instagram (www.instagram.com/breuninger, www.instagram.com/breuninger.inside), XING, LinkedIn, Pinterest, YouTube (https://www.youtube.com/user/BreuningerFashionTV, https://www.youtube.com/channel/UCcem-Q5f_fdsP3UsR421wMg), TikTok und Snapchat.
The purpose of our processing on our social media profiles/pages is to inform our customers about goods, offers, events, services, promotions, prize promotions, news about the company and interaction with visitors to the social media profiles as well as our customers. The legal basis is Art. 6 (1)(f) GDPR. This data processing is carried out in our company's interest in representing Breuninger as a company on social media, for marketing purposes and to answer the inquiries and comments from our customers and page visitors and thus achieving the satisfaction of our customers and page visitors.
The platform operator has no potential to influence our processing of your data in the context of customer communication or prize promotions on our social media profiles.
Data recipients:
We will not disclose your personal data to any third parties, including your data provided on our social media pages such as comments, videos, pictures, likes, public messages etc. that are published by the social media platform. We solely reserve the right to erase content which infringes rights or is criminally relevant/unlawful, if this should be necessary.
If you contact us using the private message function on our social media channels with respect to your customer relationship, purchases made etc., this data is only forwarded internally to our customer service. In exceptional cases, data is processed by contract processors on our behalf. These processors are all carefully selected, audited by us and contractually obligated pursuant to Art. 28 GDPR. If it is necessary to forward your inquiry to contractual partners (e.g. manufacturers in case of complaints) for handling, we will anonymize your inquiry. If forwarding your personal data seems appropriate in the individual case, we will inform you of this and ask for your consent. Without your consent, we will not forward your data to third parties for these purposes.
Duration of storage:
All personal information that you send us on a confidential basis via our social media profiles/pages (e.g. as private message) will be erased after your inquiry has been fully answered. All public posts that you publish on our social media profiles/pages will remain in the timeline for an unlimited period, unless we delete them because of a legal violation or you delete the post yourself.
We have no possibility of influencing the platform operator's options of deletion. For this reason, please also observe the Privacy Policy of the relevant platform operator, Meta: https://www.facebook.com/privacy/policy/, Instagram: https://privacycenter.instagram.com/policy/, TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=en, LinkedIn: https://www.linkedin.com/legal/privacy-policy, Xing: https://privacy.xing.com/en/privacy-policy, YouTube: https://policies.google.com/privacy?hl=en, Pinterest: https://policy.pinterest.com/en/privacy-policy, Snapchat: https://snap.com/en-US/privacy/privacy-policy
Joint responsibility, Art. 26 (1) GDPR:
In some areas, we have "joint responsibility" together with the platform operators of our social media profiles pursuant to Art. 26 (1) GDPR. This means that Breuninger and the platform operator act as joint controllers concerning the web tracking methods used on the social media profiles/pages. Web tracking may also occur regardless of whether you are logged in or registered on the social media platform. We have no possibility of influence in this regard, as indicated (e.g. to prevent ad tracking by the platform provider). With respect to Facebook and Instagram, an adequate level of data protection cannot be assumed due to the processing in the USA. There is a risk that public authorities will access the data for security and monitoring purposes without you being informed about this or having the opportunity of filing an appeal. Please bear this in mind.
Section 8: Hosting & Operations
In order to make the Breuninger online portals and their respective components available to you securely and reliably and to design our business processes efficiently, we use the services of specialized external providers.
These providers are carefully selected and contractually bound in accordance with Art. 28 GDPR. They include:
-
Amazon Web Services, EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg ("Amazon"). For further details, please refer to Amazon's privacy policy.
-
Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland ("GCP"). For further details, please refer to the privacy policy of GCP.
In cases where we use GCP for business purposes, we process your data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR or on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. When Amazon is used, your data is processed on the basis of Art. 6 (1) (f) GDPR. The transfer of data to the United States is based on the standard contractual clauses of the EU Commission.
Section 9: Data security
We adopt technical and organizational measures to guarantee data security, in particular to protect your personal data from risks in data transmission as well as to prevent third parties from gaining knowledge.
These are adapted continually in line with the latest technology. If you provide personal data on our website, this will be encrypted during transmission using an encryption protocol.
Section 10: Updates to this Privacy Policy
Breuninger regularly reviews the Privacy Policy and will update it as needed. We will inform you about changes to this Privacy Policy that are significant for you (e.g. on our website).
Date: 25.09.2024