Data Protection Statement

1. Controller’s identity and contact details

2. Data protection officer’s contact details

3. Purposes of data processing, legal bases and legitimate interests pursued by Controller or third party, as well as categories of recipients

3.1. Accessing our websites / applications

3.1.1. Log files

3.1.2. Cookies, tracking, social media plug-ins

3.1.3. Consent Management

3.2. Entering into, implementing and/or discontinuing contract

3.2.1. Processing data to transact contract

3.2.2. Using data for fraud prevention

3.2.3. Transmitting data to transport service providers

3.2.4. Transmitting data to partner enterprises

3.3. Processing data for advertising purposes

3.3.1. Postal advertising

3.3.2. Newsletter

3.3.3. Product recommendations by email

3.3.4. Sweepstakes

3.4. Online profile and service optimization

3.4.1. Google Analytics

3.4.2. Floodlight

3.5. Online marketing

3.5.1. Adjust

3.5.2. Google Marketing Platform

3.5.3. Google Ads Remarketing

3.5.4. Google Conversion Tracking

3.5.5. Google AdSense

3.5.6. Criteo

3.5.7. Facebook Retargeting und Conversion

3.5.8. Pinterest Retargeting (Pinterest Tag)

3.5.9. Localytics

3.5.10. RTB House

3.5.11. Affilinet (Awin)

3.5.12. Snap Inc. (Snap Pixel und Website Custom Audiences)

3.5.13. Other advertising network purposes & affiliates

3.6. Fan pages

3.7. Social-Media-Plug-Ins

3.7.1. Facebook Connect / Login

3.8. Customer account / user account

3.9. Contacts

3.10. Payments

3.10.1. Paypal

4. Processors

5. Duration of data storage, and data erasure

6. Recipients outside of EU

7. Your rights

7.1. Overview

7.2. Right to object

7.3. Right to withdraw consent

7.4 Fan pages

8. Overview regarding cookies and other technologies

This data information statement governs data processing by

About You SE & Co. KG,
Domstraße 10, 20095 Hamburg
Email: [email protected]
legally represented by ABOUT YOU Verwaltungs SE, which is represented by directors Tarek Müller, Hannes Wiese and Sebastian Betz.
Chairman of supervisory board: Sebastian Klauke

Website: www.en-sa.aboutyou.com

for the following websites / applications: www.en-sa.aboutyou.com, ABOUT YOU App

The company’s data protection officer can be contacted at:

About You SE & Co. KG
Attn. Sebastian Herting – Data Protection Office
Domstraße 10
20095 Hamburg, Germany

Email: [email protected]

reached.

3.1. Accessing our websites / applications

3.1.1. Log files

Whenever Services are used, the Internet browser of your end device sends information to the server of our Services, which are then temporarily stored in so-called log files. The data sets contain the following data stored until they are automatically deleted: Date and time of access, name of accessed page, IP address of requesting device, referrer URL (source URL from which you accessed our Services), transmitted data volume, upload time as well as product and version information of browser used and name of your access provider.
The legal basis for any processing of the IP address is Art. 6 (1) lit. f) GDPR. Our legitimate interest results from ensuring a

• smooth connection setup,
• the guarantee of a comfortable use of our Services,
• evaluating the system security and stability.

Your identity cannot be inferred directly from the information, nor can we determine it. The information is stored and automatically deleted once the aforementioned purposes have been implemented. The mandatory period until deletion depends on need.

3.1.2. Cookies, Tracking, Social-Media-Plugins

We use cookies or similar technologies (also referred to collectively as “cookies”) on various pages in order to make visits to our Services attractive, to enable the use of certain functions and to statistically assess the use of our Services. Cookies are small text files that your browser generates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) whenever you visit or use our Services. Cookies do not harm your end device, and they contain no viruses, trojans or other malware. Information generated in connection with a given end device are stored in the cookie. However, this does not mean that we discover your identity and/or can infer who you are. Most of the cookies used are deleted once the browser session ends (so-called session cookies). They enable us, for instance, to offer shopping cart information across different pages, which tell you how many items are currently in your shopping cart and what your current shopping total is. Other cookies remain on your end device and allow us to recognize your end device when you return (permanent, so-called persistent cookies). These cookies in particular serve the purpose of making our Services user-friendly, more effective and safer. For example, these technologies make it possible for us to display information in our Services that are specifically tailored to your interests.

We use cookies to provide and optimize our Services. Many of them require your consent. Only cookies that are indispensable for the provision of our Services are exempted from this requirement. Based on their purpose, we divide cookies and similar technologies into three categories:

Indispensable cookies

For our Services to work, these cookies are indispensable. For instance, this is true for cookies storing log-in data following registration in our online shop, which allow users to stay logged in even after they navigate to another page in our online store, as well as for those ensuring that a user-specific configuration of service functions (selected language, etc.) remains in place across sessions. In addition, we use cookies of this kind for compiling so-called reach reports to determine how our Services are being used, the better to provide them to our users in a form that reflects their needs. These cookies also contribute to the safe and proper use of our Services. Under the law, we do not need to obtain your consent to use indispensable cookies..

Please visit our Preference Center to find out which cookies fall into the category of indispensable cookies. here.

Functional cookies

These cookies enable us to provide expanded functionalities and personalization. It may be us deploying them or third-party service providers whose services we use to support our own. If you do not allow these cookies, some or all of these services may not work properly. These cookies also make it possible for us to do market research. The use of these cookies requires your consent.

Please visit our Preference Center to find out which cookies fall into the category of indispensable cookies. here.

Marketing Cookies

These cookies may be deployed by us as part of our Services or by our partners to show you relevant contents / ads – both on our pages and those of third parties. This may entail the creation of so-called profiles based on your interests. Typically, this information does not allow a person to be identified directly since only pseudonymous browser and/or device data are used. If you do not allow these cookies, you will encounter fewer relevant contents / ads tailored to your interests. The use of these cookies requires your consent. Please visit our Preference Center to find out which cookies fall into the category of indispensable cookies. here.

Insofar as we use cookies with your consent, you grant such by clicking the “Ok” button on the banner shown upon your visit as you browse our Services – if applicable, after setting certain preferences. If you do not wish to give your consent, simply click on “Settings” and “Confirm Selection".

---

By clicking the “Ok” button, you consent to the use of cookies. By the same token, we obtain your consent for the processing of your data on the basis of these cookies, where needed, which includes the transmission of these information to our marketing partners (third parties). Our marketing partners likewise use cookies and other technologies to personalize, measure and analyze contents / ads.

---

Right to withdraw

You can withdraw your consent either in whole or in part at any time with effect for the future by changing your settings in our Preference Center here.

---

Browser settings

Naturally, you can configure your browser so it will not place any cookies on your end device. The Help function in the menu bar of most web browsers will explain how to stop your browser from accepting new cookies, how to tell your browser to alert you before accepting new cookies, or how to delete cookies that have already been accepted while blocking new ones.

3.1.3. Consent Management

We use a consent management tool (“OneTrust”) offered by OneTrust, LLC (UK headquarters: Cannon Green, 27 Bush Lane, London EC4R 0AA, Great Britain; U.S. headquarters: 1350 Spring Street NW, Suite 500, Atlanta, Georgia 30309, USA) to manage your settings and document any consent granted by the users of our Services. Among other functions, OneTrust stores cookie settings for the entire website. OneTrust stores information about the categories of cookies used by the website and on whether users granted or revoked their consent for the use of the individual categories. This allows us to prevent cookies of any category from being placed in users’ browsers if no consent was granted. To store information, OneTrust uses cookies that have a regular lifespan of one year, so that the preferences of returning visitors can be stored.

The legal basis for processing is Art. 6 (1) lit. c) and f) GDPR..

3.2. Entering into, implementing and/or discontinuing a contract

3.2.1. Processing data to transact a contract

If you register with one of our Services and/or enter into another contract with us (e.g., by purchasing a product from us), we process the data needed to enter into, implement or discontinue the contract. These data include:

• Title
• First name, last name
• Billing / delivery address
• Email address
• Billing and payment data
• Date of birth
• Telephone number
• Shop settings

The legal basis for processing of this kind is Art. 6 (1) lit. a) and b) GDPR – i.e., you provide us with the information on the basis of a given contractual relationship (e.g., keeping customer / user account, transacting purchase agreement) between you and us. We are, moreover, obligated to process your email address in the event of a purchase via our websites / applications under legal provisions mandating that an electronic order confirmation be sent (Art. 6 (1) lit. c) GDPR).

Unless we use them for marketing purposes of our own, data collected for purposes of transacting a contract are stored for the duration of such contract and until the expiration of any right under related statutory and/or contractual warranties or guarantees. Following the lapse of this period, we retain information from the contractual relationship that are needed under the commercial and tax codes for the periods specified by applicable law. Throughout this period, the data are processed anew only in the event of an audit conducted by the financial authorities.

To transact a purchase agreement by way of our Services, data are further processed as follows:

The service provider processing payments on our behalf passes on payment data to us. We in turn share delivery addresses with logistics companies and shipping partners to allow them to ship and deliver the order. To ensure that goods are delivered in accordance with your preferences, we may also transmit your email address and/or telephone number to the logistics companies and/or shipping partners working for us, which see to shipment and delivery. They may contact you ahead of time to coordinate the details of delivery with you. The data are transmitted solely for the intended purpose and will not be put to any other use after delivery has been completed; once the applicable retention period under the commercial and tax codes has expired, these data are deleted.

3.2.2. Using data for fraud prevention

The information you provide as part of an order may be used to determine whether a so-called atypical order event has occurred (e.g., simultaneous order of a multitude of goods to be sent to the same address using various customer accounts). We have a legitimate interest in making such a determination as a rule.

---

The legal basis for processing is Art. 6 (1) lit. f) GDPR.

3.2.3. Transmitting information to transport service providers / shipping partners

e work with logistics / transport service providers and/or shipping partners to arrange for the shipment and delivery of ordered goods. To them, the following data may be transmitted to allow them to ship and deliver the order as well as to provide delivery notifications: first name, last name, mailing address as well as email address and, if applicable, telephone number. The legal basis for processing is Art. 6 (1) lit. b) GDPR.

3.2.4. Transmitting information to partner enterprises

When using our Services, you have the option of taking advantage of third-party offers. In these cases, you can enter into a contract directly with one of our partners, to which the data needed for the contract to be transacted (e.g., first name, last name, billing / delivery address, email address, billing / payment data, date of birth, telephone number) are transmitted. Favorable offers by our partners are recognizable as partner offers and labeled as such.

3.3. Processing data for advertising purposes

3.3.1. Postal advertising

As a rule, we have a legitimate interest in using certain information for marketing purposes in order to present you with relevant offers. In the context of postal advertising, we process the following information for both our own marketing purposes and for marketing purposes of third parties: First name, last name, mailing address, birth year.

We are further entitled to store, along with the data mentioned, additional personal data about you that are collected in compliance with legal requirements for marketing purposes of our own as well as those of third parties. Doing so serves the goal of supplying you with ads aligned solely with your actual or presumed needs or interests rather than pestering you with ads that are not relevant to you.

The data so stored shall not be transmitted to third parties. In addition, About You will pseudonymize / anonymize the personal data collected about you for the purpose of using the pseudonymized / anonymized data for marketing purposes of its own or those of third parties (advertisers).

The pseudonymized / anonymized data may further be used to show you individualized ads online, whereas it may be third-party providers and/or agencies that control such ads. The legal basis for the use of personal data for marketing purposes is Art. 6 (1) lit. f) GDPR.

---

Right to object
You may object to the use of your personal information for the aforementioned marketing purposes free of charge at any time with effect for the future at [email protected]

Insofar as you do object, your data will be excluded from any further data processing related to advertising. We note that, by way of exception, you may continue to receive advertising materials temporarily even after your objection has been received. This is owed to technical reasons to do with the necessary lead time for selection purposes and does not mean that your objection has not been implemented.

---

3.3.2. Newsletter

As part of our Services, we give you the option of registering for our newsletter. To ensure that no errors occur when an email address is entered, we use what is known as the double-opt-in (DOI) process: After you entered your email address into the registration field and consented to receiving our newsletter, we will send a confirmation link to the email address provided. Your email address shall not be added to the list of recipients for our newsletter until you have clicked on this confirmation link. The legal basis for processing is Art. 6 (1) lit. a) GDPR.

---

Right to withdraw consent
You may withdraw your consent at any time with effect for the future by sending a notice to [email protected] or by using the deregistration option at the end of each newsletter.

---

3.3.3. Product recommendations by email

As an existing customer, you will receive product recommendations by email on a regular basis. You will get these product recommendations from us regardless of whether you subscribed to a newsletter or not. For this purpose, we use the email address you provided as part of the purchase transaction to promote our own goods and/or services resembling those that you purchased as part of a past order. The legal basis for processing is Art. 6 (1) lit. f) GDPR.

---

Right to object
You can object to our product recommendations at any time with effect for the future by sending a notice to [email protected] or using the deregistration option at the end of each product recommendation email.

---

3.3.4. Sweepstakes

If you register for / participate in the sweepstakes organized by ABOUT YOU (hereinafter: „participation“), we will use the data you provided for purposes of participation to transact the participation contract, including but not limited to notifications for winning entries and, where applicable, promotions related to our offers and/or those of our sweepstakes partners. For more details, please see the terms of participation for the sweepstakes. The legal basis for processing is Art. 6 (1) lit. b) and f) GDPR.

3.4. Online presence and service optimization

3.4.1. Google Analytics

For purposes of needs-based design and the ongoing optimization of our pages, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”), on the basis of Art. 6 (1) lit. f) GDPR. Acting on our behalf, Google uses cookies to create pseudonymized user profiles. The information generated as a result of your use of this website, such as

• browser type / version,
• browser type / version,
• referrer URL (previously visited page),
• host name of accessing computer (IP address),
• time of server request

are put to use by Google on our behalf in order to evaluate the use of the website, compile reports about website activities and to provide other services related to website and Internet use for us. The IP address transmitted by your browser as part of these Google Analytics activities is stored only in truncated form, and the data related to your use of the website is not combined with other Google data.

You can prevent the cookies (including Google Analytics cookies) from being stored by adjusting the settings of your browser software; please note, however, that if you do, you may not be able to take full advantage of all of the functions of this website. In addition, you can block Google from assessing and processing the information generated by your use of this website by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout?hl=de ..

As an alternative to the browser add-on, and this is especially true for browsers on mobile end devices, you can prevent any assessment by Google Analytics by clicking on this Link. If you would like to change your cookie settings, please click here. An opt-out cookie will be deployed to prevent any future assessment of your data during visits to this website. The opt-out cookie works only for this browser and only for our website, and it is placed on your device. If you delete the cookies in this browser, you will have to replace the opt-out cookie. For additional information about data protection in connection with Google Analytics, please visit the Google Analytics website.

3.4.2. Floodlight

On our site, we use “DoubleClick Floodlight”, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”). Google stores and processes information about your user behavior on our Internet pages. We use DoubleClick Floodlight for purposes of marketing and optimization, especially with a view to analyzing our internet pages and facilitating ongoing improvements of individual functions and offers as well as of the user experience as a whole. Drawing on the statistical evaluation of user behavior, we can improve our offerings and make them more attractive to you as a user. Therein also lies our legitimate interest in having the third-party service provider process the aforementioned data. The legal basis for data processing of this kind is Art. 6 (1) lit. a) GDPR.

The use of the cookies needed for this service (so-called marketing cookies) requires your consent. You may withdraw your consent at any time in our Preference Center. .

For additional information on data protection by the third-party provider, please visit this website: https://www.google.com/intl/de/policies/privacy/"

3.5. Onlinemarketing

We use various information on our pages for marketing purposes. Our goal is to only show you ads aligned with your actual perceived interests and not to bother you with any advertising that is of no interest to you. For this purpose, we avail ourselves of various advertising methods (e.g., retargeting) and technologies from ABOUT YOU and third parties, who either handle data as processors on our behalf or do so as controllers. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes but process them exclusively for the controller. This is how we can present users, who have already expressed interest in our shop and our products, with customized online ads not just on our own websites but on those of our partners as well. Thanks to studies, we know that personalized, interest-based ads are of greater interest to the Internet user than advertising that lacks this personal dimension..

Insofar as cookies are to be used in connection with online marketing (functional cookies or marketing cookies), we must first obtain your consent. You can withdraw your consent at any time in our Preference Center.

3.5.1. Adjust

We use the user evaluation and analysis tool Adjust by adjust GmbH, Saarbruecker Str. 36, 10405 Berlin, Germany. The Adjust service was tested and certified pursuant to ePrivacyseal (European Seal for your Privacy; (see https://www.eprivacy.eu/kunden/vergebene-siegel/). Adjust collects data related to the interaction with our advertising media, along with installation and event data for the app, and provides them in the form of anonymized assessments. We use this information in order to gauge the success of our app marketing campaigns, for our own marketing research and to optimize the app. For purposes of these assessments, Adjust uses your IFDA or Android ID as well as your anonymized IP and MAC addresses. The information so captured are further shared with suitable providers with a view to implementing and optimizing our app advertising campaigns. For details on the providers involved, please see the appropriate sections of our data protection provisions. The legal basis for processing is Art. 6 (1) lit. a) GDPR.

The collection, evaluation and use of the data may be deactivated for the web pages with effect for the future at https://www.adjust.com/opt-out/) You can withdraw your consent at any time in our Preference Center.

We shall use the cookies needed for this Service (so-called functional cookies) only with your consent.

3.5.2. Google Marketing Platform

The web page uses the online marketing tool Google Marketing Platform (“GMP”) operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google deploys cookies in order to show users ads that are relevant to them, to improve the quality of campaign performance reporting or to avoid having a user see the ad multiple times. Using a cookie ID, Google establishes which ads are shown in which browser, which is how it manages to prevent them from being displayed repeatedly.

In addition, cookie IDs help Google identify so-called conversions that are linked to ad requests. This may be the case, for instance, if a user sees a GMP ad and then visits the advertiser’s website and purchases something at a later point in time when using the same browser. According to Google, GMP cookies do not contain personal information.

By virtue of the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence over the scope or any further use of the data collected by Google as a function of these tools, which is why we offer the following disclaimer based on what we know: As a result of the use of GMP, Google learns that you visited one of our web pages or clicked on one of our ads. If you are registered with a Google service, Google can match your visit to your account. However, even if you are not registered or logged in with Google, there is a chance that Google identifies and stores your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC in the U.S. The legal basis for data processing is Art. 6 (1) lit. a) GDPR.

For additional information about Google’s data protection provisions, please visit : www.google.de/policies/privacy/.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can withdraw your consent at any time in our Preference Center.

3.5.3. Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing, and we use them to market our websites in Google search results as well as on third-party websites. These functions are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the sites you have visited.

Beyond that, data processing occurs only insofar as you gave Google permission to link your internet and app browser history with your Google account, and to use information from your Google account to personalize ads that you see online. If you are logged in with Google while visiting pages on our website, therefore, Google uses your data in conjunction with Google Analytics data in order to prepare and define lists of target groups for purposes of remarketing across devices. In the course of any use of Google Ads Remarketing, personal data may be transmitted to the servers of Google LLC in the U.S. The legal basis for processing is Art. 6 (1) lit. a) GDPR.

You can permanently deactivate the deployment of cookies for advertising purposes by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/.

For additional information and the data protection provisions governing ads and Google, please visit: https://www.google.com/policies/technologies/ads/.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can withdraw your consent at any time in our Preference Center.

3.5.4. Google Conversion Tracking

As part of our use of the Google AdWords service, we also use what is known as conversion tracking. The provider of this function is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). If you click on an ad generated by Google, a cookie is placed on your computer / end device for purposes of conversion tracking. Such cookies become invalid after 30 days, contain no personal data and thus are not meant to allow personal identification. The information obtained with the help of the conversion cookie serves the purpose of preparing conversion statistics for AdWords customers, who opted for conversion tracking.

The legal basis for such processing is Art. 6 (1) lit. a) GDPR.

You can deactivate interest-based ads on Google as well as interest-based Google ads online (within the Google display network) in your browser by selecting “Off” under www.google.de/settings/ads or opt for deactivation in www.aboutads.info/choices/ For additional information about relevant settings and data protection at Google, please visit www.google.de/intl/de/policies/privacy/?fg=1.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can withdraw your consent at any time in our Preference Center.

3.5.5. Google AdSense

We use the online advertising service Google AdSense to show you ads tailored to your interests. The service is provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). It serves the purpose of showing you ads that could be of interest to you in order to make our Services more attractive to you. To this end, statistical information is collected about you, which is then processed by our advertising partners. Such ads are marked as “Google Ads” in each instance.

Google learns that you visited our website. For this purpose, Google uses a web beacon in order to place a cookie on your computer. If you are logged in with your Google account, your data may be directly matched with it. It is possible that these data are shared with Google’s contractual partners as well as other third parties and public authorities. The legal basis for processing is Art. 6 (1) lit. a) GDPR.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can withdraw your consent at any time in our Preference Center.

For additional information on the purpose and scope of data collection and processing as well as information about your related rights and settings to protect your privacy, please visit: https://www.google.de/intl/de/policies/technologies/ads.

3.5.6. Criteo

Integrated with this website is the retargeting technology of Criteo SA, 32 Rue Blanche, 75009 Paris, France. Using this technology makes it possible to show you ads for products on third-party sites (so-called publisher pages) that you viewed on this website. For this purpose, Criteo collects information about your user behavior on this website by deploying tracking cookies and similar technologies, which are placed on your browser, as well as by using ad IDs in environments that do not support cookies, such as apps. With the help of these technologies, Criteo can analyze trends and identify the interests of individual users with regard to websites and apps. Criteo uses these technologies to mark visitors on the websites and in the apps of its partners. Users so marked by Criteo receive a technical ID. At no time does Criteo collect personal data that might enable identification, such as names or addresses. Criteo exclusively analyzes the products viewed and/or the search behavior exhibited as well as the pages visited on the website of the partner for which Criteo supplies ads. In order to supply personalized ads to you and offer you a seamless online experience, Criteo may synchronize the IDs of the various browsers that you use (“ID synchronization”). By virtue of its ID synchronization technology, Criteo is able to offer you the most relevant ads at all times – irrespective of the browser of the end device you use – without the need for Criteo to collect and process personal data, such as names and addresses. For this purpose, Criteo uses precise link methods on the basis of technical data collected by means of the Criteo technologies used – e.g., the IDs of our advertising partners or encrypted email addresses that the partners pass on to Criteo. For additional information on data protection at Criteo, please visit https://www.criteo.com/de/privacy/ einsehen.

The legal basis for such processing is Art. 6 (1) lit. a) GDPR.

The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can object to the processing of your data for purposes of Criteo’s pseudonymous analysis of your surfing behavior at any time by using the deregistration link https://www.criteo.com/de/privacy/ or withdrawing your consent in our Preference Center.

3.5.7. Facebook Retargeting und Conversion

We use the pixel of Meta Platforms Ireland Ltd. (Website Custom Audience Pixel). As a function of this pixel, ABOUT YOU and Meta Platforms Ireland Ltd. collect information about the use of this website (e.g., data on articles viewed) on their joint responsibility and transmit them to Meta Platforms Ireland Ltd. This information may be matched to you when additional data is consulted that Meta Platforms Ireland Ltd. has stored about you – e.g., due to your ownership of an account on the social network Meta Platforms. Using the information gathered via the pixel, you may be shown interest-based ads in your Meta Platforms account (retargeting). The data collected via the pixel may also be aggregated by Meta Platforms Ireland Ltd., and such aggregated information may be used for advertising purposes of Meta Platforms Ireland Ltd. itself or third parties. For instance, Meta Platforms Ireland Ltd. may infer certain interests from your surfing behavior on this website and use this information to advertise third-party offers. Meta Platforms Ireland Ltd. may further combine the information gathered via the pixel with other information that Meta Platforms Ireland Ltd. has collected about you from other websites and/or in connection with the use of the social network Meta Platforms, to the effect that a profile may be stored for you Meta Platforms Ireland Ltd. This profile may be used for advertising purposes. Meta Platforms Ireland Ltd. bears sole responsibility for such ongoing processing and the permanent storage of the tracking data gathered from the Website Custom Audience Pixel deployed on this website.

As part of the Meta Platforms pixel function, we also activated automated expanded matching (advanced matching). This pixel function allows us to send hashed emails and names, along with sex, city, state, postal code and date of birth, to Meta Platforms insofar as you provided us with these data and gave your consent accordingly. This activation makes it possible for us to tailor advertising campaigns on Meta Platforms even more precisely to individuals interested in our products or services.

The legal basis for processing is Art. 6 (1) lit. a) GDPR.

For more details on data protection at Meta Platforms Ireland Ltd., please visit https://www.facebook.com/policy.php. This is where you are also given the option of exercising your rights as data subject (e.g., right to erasure) in relations with Meta Platforms Ireland Ltd. The use of cookies needed for this Service (so-called marketing cookies) requires your consent. You can withdraw your consent at any time in our Preference Center Preference Center.

3.5.8. Pinterest Retargeting (Pinterest Tag)

We use the pixel (Pinterest Tag) of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland). This pixel allows information about use (e.g., information about articles viewed) to be collected subject to shared responsibility by Pinterest Europe Limited and ABOUT YOU and transmitted to Pinterest Europe Limited. As for any further processing of the data transmitted to Pinterest Europe Limited, the sole responsibility under data-protection law rests with Pinterest Europe Limited. With the help of additional data that Pinterest Europe Limited has stored about you if you have an account on the social network Pinterest, the information transmitted to Pinterest Europe Limited may be matched to you. Using the information collected via the pixel, you may be shown interest-based ads in your Pinterest account (retargeting). Pinterest Europe Limited may further aggregate the information collected via the pixel for Pinterest Europe Limited to use such aggregated information for advertising purposes of its own or those of third parties. As a result, for instance, Pinterest Europe Limited may draw conclusions about your interests based on your surfing behavior on this website and use such information to advertise third-party offers. In addition, Pinterest Europe Limited may combine the information collected via the pixel with other information that Pinterest Europe Limited has collected about you on other websites and/or in connection with the use of the social network Pinterest, to the effect that a profile may be stored for you at Pinterest Europe Limited. Such profile may be used for advertising purposes. The legal basis for data processing of this kind is Art. 6 (1) lit. a) GDPR.

For more information about data protection at Pinterest Europe Limited, please visit: https://policy.pinterest.com/de/privacy-policy .

This is also where you may exercise your rights as a data subject (e.g., right to erasure) with regard to any data that Pinterest Europe Limited as the controller under data-protection law may process. We shall use of the cookies needed for this service (so-called marketing cookies) only with your consent. You can withdraw your consent at any time in our . Preference Center.

3.5.9. Localytics

Localytics is an analytic tool offered and operated by Char Software Inc., a company with registered offices in Boston, MA (USA). Localytics records data generated by the use of our apps. These data include user actions related to app use (e.g., opening app, visiting product pages) as well as interactions (viewing, clicking) with advertising media supplied by Localytics (push notifications and in-app messages). Using collected dated, Localytics segments users to create the basis on which push notifications and in-app messages are delivered. In this manner, Localytics enables us to present you with contents and offers of increasing relevance to you that better matches your user habits the longer you use the app. In order to gauge and optimize the impact of advertising media delivered, Localytics records data on purchases (products, prices) within the app. As soon as a user logs in or registers on the app, a record is generated as well. Information of this kind are linked to what is called a “unique installation ID” – a designation for a given installation that Localytics assigns itself. For more information about data protection at Localytics, please visit https://www.localytics.com/privacy-policy/ The legal basis for processing is Art. 6 (1) lit. a) GDPR The use of cookies needed for this Service (so-called functional cookies) requires your consent. You can withdraw your consent at any time in our Preference Center Preference Center.

3.5.10. RTB House

On our website, we use technology provided by RTB House S.A., 61/101 Złota Street, 00-819 Warsaw, Poland. This technology allows us, through the use of pixels and cookies, to point you to contents found on our website or those of third parties, which may likewise be of interest to you (retargeting). This entails the use of cookies. The recommendations integrated by RTB House are determined on the basis of contents you previously viewed. RTB House technically controls and delivers these contents automatically. They are shown on a pseudonymous basis.

The information generated by the cookie about your use of this website, such as browser type / version, operating system used, referrer URL (previously visited page), time of server request, are transferred to the RTB House server and stored there..

For additional information about data protection at RTB House, please visit: https://www.rtbhouse.com/privacy/ .

The legal basis for processing is Art. 6 (1) lit. a) GDPR. The use of cookies needed for this Service (so-called marketing cookies) requires your consent.

You can object to tracking for the purpose of interest-based recommendations from RTB House at any time by selecting “Opt-out” within the RTB House data protection statement, or withdraw your consent in our Preference Center .

3.5.11. Affilinet (Awin)

To correctly assess sales and/or leads, affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany, places a cookie on the end device of a visitor. Such cookie is deployed by the domain parners.webmaster-plan.com or banners.webmasterplan.com. The cookies used by affilinet are accepted in the browser’s default settings. If you do not wish for these cookies to be stored, please deactivate acceptance for these cookies from the corresponding domains in your Internet browser. affilinet’s cookies only store the ID of the referring partner as well as the order number of the advertising medium clicked on by the visitor (banner, text link, etc.), which is needed to transact payment. When a transaction is executed, the partner ID serves the purpose of correctly assigning the commission payable to the referring partner. The legal basis for processing is Art. 6 (1) lit. f) GDPR.

For details about data protection, please visit: https://www.awin.com/de/rechtliches/privacy-policy-DACH.

The use of the cookies required for this service (so-called functional cookies) requires your consent. You may withdraw your consent at any time in our Preference Center Preference Center.

3.5.12. Snap Inc. (Snap Pixel und Website Custom Audiences)

To analyze and optimize our website and services, we use the so-called Snap pixel of the social network Snapchat, which is operated by Snap Inc., Market Street, Venice, CA 90291, USA (“Snapchat”).

Using the Snap pixel makes it possible to assign visitors to our website to various audiences for ads (so-called Snapchat ads). Accordingly, we use the Snapchat pixel to show the Snapchat ads we display only to Snapchat users, who have revealed an interest in our website or exhibit certain characteristics (e.g., an interest in certain themes or products determined on the basis of websites visited) that we transmit to Snapchat (so-called custom audiences). By using the Snap pixel, we further wish to ensure that our Snapchat ads correspond with users’ potential interests and do not amount to a nuisance to them. The Snap pixel further allows us to track the effectiveness of Snapchat ads for statistical and marketing research purposes by showing us whether users were forwarded to our website after clicking on a Snapchat ad (so-called conversion).

Snapchat processes data under its guideline for data use, which may be viewed here: https://www.snap.com/en-US/privacy/privacy-center/. The legal basis for data processing is Art. 6 (1) lit. a) GDPR. The use of the cookies needed for this service (so-called marketing cookies) require your consent. You can withdraw your consent at any time in our Preference Center.

3.5.13. Other advertising networks & affiliates

If you use our app, our ad networks and affiliates may use so-called device IDs to create an anonymized profile of your click behavior for mobile ads. In our app, we work with various mobile advertising partners, which include the following enterprises:

Apple Search Ads (location: USA)

These cookies and device IDs may be used in order to show you personalized ads. A profile is further created on the basis of comparable information that Google, Facebook and other ad-networks receive from third parties as a result of your visits to other websites or apps in your networks.

The legal basis for data processing is Art. 6 (1) lit. a) GDPR. The use of the cookies needed for this service (so-called marketing cookies) require your consent. You can withdraw your consent at any time in our Preference Center

Deactivating personalized ads in the app

You may deactivate personalized ads in the settings of your device:

Android
For Android devices, this option is found in the app for Google settings. Depending on the device, it may be called “Google settings” or just “Settings.” Under the menu item “Google” => “Ads,” there is the option to “Deactivate interest-based ads” or, depending on the device, “Deactivate personalized ads.” Selecting these options shall deactivate personalized ads.

iOS
For iOS devices, this option is found in the app “Settings.” Under the menu item “Data protection” => “Ads,” there is the option “No ad tracking.” Selecting this option shall deactivate personalized ads.

3.6. Fan pages

ABOUT YOU maintains social media profiles on the social networks Facebook and Instagram (“fan pages”) – services provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) – publishing and sharing contents and offers there on a regular basis. Whenever you interact with our fan pages or other Facebook or Instagram web pages, the operators of the social networks gather information about your user behavior through the use of cookies and similar technologies. ABOUT YOU can view general statistics concerning the interests and demographic characteristics (such as age, sex and region) of users of its fan pages. When you use social networks, the type, scope and purpose of data processing in connection with social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which we share responsibility with Facebook, and which are explained below.

Facebook’s processing of your data

Facebook also processes your data related to your use of fan pages for its own purposes, which are not addressed in this data protection statement, and over which we exert no influence. For additional information on this topic, please visit the social networks:

Facebook privacy policy

Instagram privacy policy

User analysis (page insights)

Whenever you interact with our fan pages, Facebook uses cookies and similar technologies to assess your user behavior. ABOUT YOU then receives “page insights” containing statistical, depersonalized (anonymized) visitor information. We cannot match this information to you. Only Facebook selects and processes page-insight data. Page insights help us to understand how our fan pages are being used, which interests visitors have and what topics and contents are particularly popular. We then use this information to offer relevant contents to the visitors of our fan pages and improve the way in which we can better accommodate our visitors’ interests and user habits.

ABOUT YOU and Facebook bear joint responsibility for processing your data for purposes of page insights (Art. 26 GDPR). An agreement exists between ABOUT YOU and Facebook that provides which enterprise answers to which duties in connection with data protection when it comes to processing page-insights data pursuant to the GDPR.

This agreement with Facebook can be viewed here

A Facebook overview of the most important aspects of this agreement (including a list of the page-insights data) is found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Insofar as you have consented to Facebook’s generation of page insights as described above, the legal basis is Art. 6 (1) lit. a) GDPR. Otherwise, the legal basis is Art. 6 (1) lit. f) GDPR, with our legitimate interest flowing from the purposes stated above.

3.7. Social-Media-Plug-Ins

We may integrate social media plug-ins of the social networks Facebook and Twitter with our Services on the basis of Art. 6 (1) lit. a) GDPR in order to boost our enterprise’s reach through these channels. It is the operator of such social network that is responsible for ensuring compliance with data protection law.

For information about the purpose and scope of the collection, any further processing and the use of the data by the provider in question as well as your related rights and settings designed to protect your privacy, please see the provider’s data protection statements, links for which are included below.

Meta

On some websites, we use plug-ins from the social network facebook.com, which is operated by Meta Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Meta”). The link to Facebook’s data protection statement is here.

Twitter

On some websites, we use plug-ins from the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The link to Twitter’s data protection statement is here: Twitter privacy policy. Twitter.

Insofar as plug-ins are activated, your web browser will establish a direct link to the web servers of a given social network, and the plug-in’s content is transmitted from the social network directly to your web browser, which in turn will integrate it with our website. Through the integration of the plug-in, the social network learns that you visited one of our web pages and may collect device and access data. If you are logged in with the social network, it can match your visit to the account that you have with the social network.

You can prevent social networks from matching the information collected about you on the occasion of your visit to www.en-sa.aboutyou.com to your user account with a given social network by logging out of the pages of the social networks and deleting cookies on your device. If you do not want social networks to match the data collected via our web pages directly to your profile, you must log out from the social networks in question prior to visiting our website. You can prevent plug-ins from being activated altogether through the use of add-ons for your browser – e.g., with the script blocker “NoScript,” which is found under: www.noscript.net.

3.7.1. Facebook Connect / Login

ABOUT YOU offers users the option to register for the Service using their Facebook log-in (so-called Facebook Connect function). Facebook Connect is a service provided by the social network Facebook, which is operated by Meta Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA (“Meta”). No separate registration with ABOUT YOU is required in this case. For purposes of registration, users are redirected to the Facebook website, where they can log on using their user data. In this way, the Facebook profile and ABOUT YOU’s Service are linked. This link means that Facebook automatically provides ABOUT YOU with any information that the user has cleared for transmission (e.g., first name, last name, email address, profile picture, sex, list of friends). We use this information to identify you as part of the use of ABOUT YOU.

The legal basis for processing is Art. 6 (1) lit. a) GDPR.

For additional information about Facebook Connect and the privacy settings, please visit here.

3.8. Customer account / user account

In order to provide you with the greatest-possible degree of comfort, we give you the option of storing your personal data permanently in a password-protected customer account / user account.

Customer accounts are created on a voluntary basis as a rule. If you create a customer account, any of your data collected here is processed on the basis of Art. 6 (1) lit. b) GDPR. Once a customer account has been set up, no further data need be input. In addition, you can view and change the data stored about you in your customer account at any time.

Only if you wish to transact orders on our website / applications is it a requirement that a customer account be opened to implement the contract.

In addition to the data requested for purposes of the order, you must provide a password of your choice to set up a customer account. Along with your email address, this password serves as your means of access to your customer account. Please keep your personal access data confidential and, in particular, do not share them with unauthorized third parties. Please note that you remain logged in even after leaving our website unless you actively log out.

You can delete your customer account at any time. Please note, however, that the data you can view in your customer account are not deleted along with the account if you have placed an order with us. Your data are deleted automatically once the retention periods to which we are subject under the commercial and tax codes have expired. The legal basis for processing is Art. 6 (1) lit. c) and f) GDPR.

3.9. Contact

There are several means by which you can contact us: Using our contact form, by email, telephone, chat or mail. Whenever you contact us, we will use any related personal data that you provide to us solely for the purpose of contacting you in order to process your request.

We use the CRM system Zendesk to process customer inquiries. This system is operated by Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA (“Zendesk”). We use Zendesk in order to process your inquiries quickly and efficiently. We have entered into a data processing agreement (DPA) with Zendesk. Under this agreement, Zendesk processes your data for inquiries addressed to us solely on our behalf and for no other purpose.

For additional information, please see the privacy statement. from Zendesk.

Rechtsgrundlage für diese Datenverarbeitung ist Art. 6 Absatz 1 Buchstabe a), Art. 6 Absatz 1 Buchstabe b), Art. 6 Absatz 1 Buchstabe c) DSGVO sowie Art. 6 Abs. 1 Buchstabe f) DSGVO.

3.10. Payments

We process your payment information for the purpose of transacting payment – e.g., when you purchase or take advantage of a product and/or service via www.en-sa.aboutyou.com. Depending on the method of payment, we forward your payment information to third parties (e.g., to your credit-card provided in cases of credit-card payments).

The legal basis for such processing is Art. 6 (1) lit. a), b), c) and f) GDPR.

3.10.1. Paypal

For payments via PayPal, your payment data shall be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter” PayPal”), for the payment to be transacted. PayPal reserves the right to obtain a credit report when payment is made by PayPal, PayPal direct debit or, where available, PayPal “on account.” PayPal uses the result of such credit inquiry as it relates to the statistical probability of default of payment for purposes of making a decision whether the method of payment in question should be approved. The credit report may contain probability scores. Insofar as scores inform the result of the credit inquiry, they are rooted in a scientifically recognized process in mathematical statistics. The scores are calculated on the basis of address data, among other factors. For additional information related to data protection, including the credit reporting agencies used, please see the PayPal privacy policy. Paypal.

7.1. Overview

Aside from the right to revoke the consents you granted to us, you have the following additional rights subject to applicable statutory requirements:

• the right to obtain from us information about your personal data stored with us (Art. 15 GDPR); specifically, you can demand information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged storage period and the origin of your data insofar as they were not collected directly from you;
• the right to have inaccurate personal data rectified and incomplete personal data completed (Art. 16 GDPR);
• the right to have data stored with us erased (Art. 17 GDPR), provided that we are not subject to statutory or contractual retention periods or other legal obligations – or rights – regarding continued storage;
• the right to restrict processing of your data (Art. 18 GDPR) insofar as the accuracy of the data is contested by you, the processing is unlawful and you oppose the data’s erasure, the controller no longer needs the data, but they are required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21(1);
• the right to data portability pursuant to Art. 20 GDPR – i.e., the right to receive selected personal data stored with us about you in a commonly used and machine-readable format, or to demand the transmission thereof to another controller; and
• the right to lodge a complaint with a supervisory authority. In most cases, you can turn to the supervisory authority at your habitual residence or place of work or other corporate headquarters.

You can exercise the aforementioned rights to which you are entitled under [email protected]

7.2. Right to object

Subject to the conditions of Art. 21 (1) GDPR, data processing may be objected to for reasons arising from the specific circumstances of the data subject.

The above general right to object applies to all purposes of processing described in this data protection statement, which are legitimized by Art. 6 (1) lit. f) GDPR. By contrast to the specific right to object geared toward data processing for advertising purposes, we are obligated to heed a general objection of this kind only if you state reasons of overriding significance (e.g., potential hazard to life or health).

7.3. Right to withdraw consent

Insofar as we process data on the basis of your consent, you are entitled to withdraw your consent at any time. Withdrawing your consent does not have the effect of rendering ineffective such data processing as may have been undertaken on the basis of your consent until such withdrawal.

7.4. Fan pages

With respect to the processing of your page insights information undertaken jointly with Meta, we agreed with Meta that Meta bears primary responsibility for providing you with information about the processing of your page insights information and giving you the option of exercising the rights related to data protection to which you are entitled (e.g., right to object). More detailed information about your data protection rights in connection with page insights and how to exercise them directly vis-à-vis Meta, are found here.

If you exercise your rights vis-à-vis ABOUT YOU, we shall forward your request to Meta.