AS OF: 07/2021
This privacy statement provides you with an overview of how KICKZ processes your data.
How to read this privacy statement: We offer you several ways to read this privacy statement. First, you will find some very basic information in this section. Then, we have sorted this privacy statement according to topics relevant to you and divided it into individual chapters accordingly. If you are already a "pro", you can use the following drop-down menu to jump directly to individual chapters.
We have prefaced each chapter with a short overview text. This overview text briefly summarizes the content of the chapter. If you just want to get a quick overview of all data processing, we recommend that you read the overview texts. If you would like to familiarize yourself with the details, you can click on "More" below the respective overview text. You will then be shown the full contents of the chapter.
- What data is stored by KICKZ.
- What we do with this data and what it is needed for.
- What data protection rights and choices you have in the process.
- What technologies and data we use to personalize and tailor our services and content to provide you with a safe, easy, seamless and personalized shopping experience.
- What technologies and data we use for advertising, including tracking technologies used.
1. WHAT DATA DOES KICKZ PROCESS?
KICKZ offers you a wide variety of services, which you can also use in different ways. Depending on whether you contact us online, by phone, in person, or in any other way, and which services you use, different data will be collected from different sources. Much of the data we process is provided by you when you use our services or contact us, for example, when you register and provide your name or e-mail address or postal address. However, we also receive technical device and access data that is automatically collected by us when you interact with our Services. This may include, for example, information about which device you are using. We collect additional data through our own data analyses (e.g., as part of market research studies and by evaluating customers). We may also receive data about you from third parties, for example, credit agencies and payment service providers.
When we talk about "your data", we mean personal data. This is any information that would allow us to identify you immediately or by combining it with other information. Examples: Your name, phone number, customer number, order numbers, or e-mail address. Any information that does not allow us to identify you (even by combining it with other information) is considered non-personal information. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all data in that data set is considered personal data. If we delete personal data from a piece of information or data set about you, the remaining data in that data set is no longer considered personal data. This process is called anonymization. As a general rule, if you are asked by us to provide certain personal information, you can of course refuse to do so. You decide what information you give us. However, we may then not be able to provide you with the requested services (or not in an optimal way). For example, we may not be able to have packages delivered if you do not provide a shipping address. If only certain information is required in connection with a service (mandatory information), we will inform you of this by marking it accordingly.
1.1. PROFILE DATA
Profile data is personal and demographic information about you (so-called master data) and your individual interests that you provide to us when you register for your customer account.
YOUR PROFILE DATA INCLUDES, FOR EXAMPLE:
- Your first and last name
- Your contact details
- Your preferences, e.g. in terms of brands, product types or styles
- Demographic information such as your gender, age and place of residence
Mandatory information usually includes your name, e-mail address, and a password of your choosing. Your e-mail address and password will later form your login information. For the use of access-restricted, paid or personalized services, further mandatory data may also be required, such as your date of birth or your form of address (e.g. in order to be able to direct you to the homepage of the KICKZ shop that matches your gender) or your preferred brands and clothing styles.
Profile data may also include further information about you and your interests. These may already be collected as part of registering for the service or may only be added subsequently. This is the case, for example, if you later add voluntary information to your profile or you want to use your customer account to register for a service that requires additional mandatory information.
When you are logged into your customer account, you can view your profile data there and in most cases also change it directly, e.g. to update your address after moving house.
1.2. CONTACT DATA
When you contact us, we collect your contact information. Your contact information may include, depending on how you contact us (e.g., by phone or e-mail), your name, mailing addresses, phone numbers, fax numbers, e-mail addresses, details of your social media profiles (for example, we may receive your Facebook ID if you contact us through Facebook), usernames, and similar contact details.
1.3. PURCHASING DATA
When you order something from KICKZ or make a purchase on site, for example in a KICKZ store, we collect your Purchase data. Purchase data may include the following information, depending on the type of sale and processing status:
- Order number
- Details about the purchased items (name, size, color, purchase price, etc.)
- Payment method details
- Delivery and billing addresses
- Notifications and communications related to purchases (e.g., revocation notices, complaints, and notifications to customer service)
- Delivery and payment status, e.g. "Completed" or "Shipped".
- Return status, e.g. "Successfully completed".
- Details of service providers involved in the execution of the contract (in the case of mail-order purchases, for example, shipment numbers of parcel service providers)
In your customer account, you can view your essential purchase data at any time in the areas "My orders/returns", "My settings", "My wish list" and "My vouchers".
1.4. PAYMENT DATA
We offer you the common payment methods in online commerce - in particular prepayment, credit card, PayPal or invoice. For the execution of payment, we collect the payment data provided by you. We receive further payment data from external payment service providers with whom we cooperate for the execution of payments. We only pass on data to our payment service providers that is necessary for payment processing.
PAYMENT DATA ARE FOR EXAMPLE:
- Preferred payment method
- Billing addresses
- IBAN and BIC or account number and bank code
- Credit card data
Payment data also includes other information that is directly related to payment processing. This concerns, for example, information that external payment service providers use for identification, such as your PayPal ID (if you pay with PayPal). SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich, is responsible for payment processing and receivables management in connection with all purchases made by private individuals in the KICKZ shop.
We work together with the payment service provider Saferpay of SIX Payment Services AG. Thereby no credit card data is stored on our site, but only at our partner. We also do not perform any credit checks on our site.
1.5. DATA OF INTEREST
When you interact with our services, we collect data that tells us which content, topics, products, product types, brands or styles you are interested in. For example, we may infer which styles and product categories you are interested in from shopping data, wish list content, and your age (to the extent this information is available to us) and by comparing you to users with similar characteristics. This allows us to show you the products most likely to be relevant to you first the next time you search. In addition to the interests you communicate directly, we may also infer your interests from other data we collect. For example, if you repeatedly visit a certain area of the KICKZ Shop, we may infer your interests from your access data as part of our usage analysis (e.g., we may infer that you may be interested in sports if you regularly visit the "Sportswear" category or order products from that category).
In addition, we also receive information and statistics on demographics (such as age, gender, region), device and access data, and interests of our users from our external advertising partners for this purpose. We take care to ensure that our advertising partners only provide KICKZ with aggregated, encrypted data or data that is anonymous to KICKZ, so that we cannot attribute the data to any specific person, in particular to any specific user. This information can help us to better understand our users, for example in the context of customer structure analyses and user segmentation.
For more information on the processing of your data for advertising purposes, see "How does KICKZ use my data for advertising?
1.6. MESSAGES, CONTENTS OF CONVERSATIONS
When you communicate with us or other users about products (e.g., product reviews) and other topics by phone, mail, social media services, contact forms, or otherwise, we collect the content of your communications. If applicable, we will forward your communications to the entity responsible for your concern, such as partner companies or manufacturers. In the case of a possible forwarding to another company (e.g. if you send us feedback to the manufacturer of a product), you naturally have the option of informing us that your data is to be used exclusively by KICKZ. In this case, we will not forward your request to the responsible office, or we will forward it only without your personal information, provided that your request can be processed in this way. Insofar as you send us messages for other users via functions provided for this purpose (e.g. product reviews), these may be published by us within our services.
1.7. SOCIAL NETWORK DATA
KICKZ maintains profile pages (also known as "fan pages") on various social networks. In addition, functions of social networks may be integrated in the services of KICKZ. These may be messenger services and so-called social plug-ins. If you contact us directly via our social media profiles or use the functions of social networks integrated into our Services and are a member of the respective social network, we may receive data from the operator of the social network with which you can be identified. As a rule, we can view the following data:
- Your public profile information (e.g., name, profile picture) stored with the respective social network.
- Information about the type of device you use
- The account ID of your profile with the respective network (e.g. Facebook ID).
Please also note the information on the processing of social network data in connection with social network functions under "Info on websites" and "Info on social media fanpages".
KICKZ currently uses Facebook's Messenger service and social plug-ins from the following social networks:
1.8. LOCATION DATA
For certain purposes, we also collect data about the current location of your device when you use our services. In doing so, we collect location data derived from the IP address of your device (down to the city level). An anonymized IP address shortened to three digits is used for this purpose. This can therefore no longer be used to identify your internet connection or device.
WHAT ARE IP ADDRESSES?
Every device connected to the Internet must be assigned a unique multi-digit number (example: 220.127.116.11). This is called an IP address.
The first three digits of an IP address are usually assigned to a specific region or Internet provider. Therefore, the approximate location of the Internet connection can be derived from the IP address. This procedure (so-called geolocation) is used by us and many other online stores, for example, in fraud detection to identify suspicious orders (e.g., in certain situations it may be suspicious if the IP address of a country from which you have not yet placed orders is used for an order via your customer account).
1.9. INFORMATION FOR PROMOTIONS AND SURVEYS
If you participate in a promotion (e.g., sweepstakes) or survey (e.g., customer satisfaction surveys as part of market research) offered by KICKZ, we will ask you for information about yourself.
For example, in the case of a sweepstakes, we usually ask for your name and e-mail address so that we can inform you if you win and to ensure that each participant takes part in the sweepstakes only once. For some promotions and surveys, we may also ask you for more detailed information. This may be the case, for example, if we are running a promotion with a partner and the partner requires information about you in order to provide you with the prize. In these cases, however, we will always inform you separately about the data required and how we will use it.
For the purposes of managing your online application, we collect, process and use your personal data that you disclose to us in your online application or when contacted directly by our recruiters. In principle, you decide which data you want to enter and pass on to us. Mandatory information includes your first and last name, e-mail address, resume and proof of qualifications. However, if you do not provide us with personal data that is relevant to the application process, such as information about your education or employment history, we may not be able to process or properly evaluate your application. In your application, you may provide us with a link to your profile on LinkedIn, XING or similar professional or social media websites. We also obtain personal data from you from job interviews when we talk to you about your background and profile.
We do not advise you, unless we specifically request it, to provide us with personal data that may be considered sensitive personal data, such as information about racial or ethnic origin, marital status, political opinions, religion or other beliefs, health, criminal records, or trade union memberships. Such sensitive information may, under certain circumstances, mean that we are not permitted to process your applicant data and thus your application cannot be processed or cannot be processed in full. We do not require you to include a photograph with your resume, but we do not discourage it. In addition, if required for a particular position and in accordance with the law, we may ask you to provide health information or other sensitive data. If you provide us with such information, we will handle it responsibly and obtain your explicit consent to process it.
1.11. DEVICE AND ACCESS DATA
When using online and mobile services, it is unavoidable that technical data is generated and processed in order to provide the functions and content offered and to display them on your device. We refer to this data collectively as "device and access data". Device and access data is generated every time you use an online and mobile service. It does not matter who the provider is. Device and access data therefore accrue, for example, when you use:
- Social media fanpages
- E-mail newsletters (i.e., when your newsletter interaction is captured)
- Location-based services
On the one hand, KICKZ collects device and access data from online and mobile services offered by KICKZ itself (e.g. KICKZ Shop). On the other hand, KICKZ may receive device and access data from online and mobile services offered by other companies if they are social media or advertising partners of KICKZ or participate in the same online advertising networks (e.g., the "Google advertising network". For more information, see "How does KICKZ use my data for advertising?" and "Info on social media fanpages".
DEVICE AND ACCESS DATA INCLUDES THE FOLLOWING CATEGORIES:
- General device information, such as device type, operating system version, configuration settings (e.g. language settings, system permissions), internet connection information (e.g. mobile network name, connection speed).
- Identification data (IDs), such as session IDs, cookie IDs, unique device identifiers (e.g. Google Advertising ID, Apple Ad ID), third-party account IDs (if you use social plug-ins or payment via PayPal), and other common Internet technologies to recognize your web browser, device, or a particular app installation.
- Access data that is automatically transmitted by apps and web browsers every time you access web servers and databases online (as part of so-called HTTP requests). This is standardized information about the requested content (such as the name and file type of a called file) as well as further information about the server access (such as transmitted data volume and error codes), about your device (e.g. device type, operating system, software versions, device identifiers, IP address, the previously visited page and the time of access.
2. WHAT DOES KICKZ USE MY DATA FOR?
In this section, we also inform you about the legal basis on which we process data for the individual purposes. Depending on the legal basis on which we process your data, you may be entitled to special data protection rights - in addition to your always existing data protection rights such as the right to information. For example, in some cases you have the right to object to the processing of your data. For more information, see "What data protection rights do I have?"
2.1. PURCHASE PROCESSING AND PROVISION OF ONLINE, LOCAL AND PERSONALIZED SERVICES
- The provision, personalization and needs-based design of our services such as the KICKZ Shop.
- The provision of local services, e.g., in KICKZ Stores and at event functions and trade fairs.
- The execution of sales contracts and customer service, including shipping and payment processing, claims management, and the processing of returns, complaints, and warranty cases.
- The provision of news, notifications, newsletters and other direct communications where this is an integral part of our contractual services or the services you have requested.
- If you subscribe to our KICKZ newsletter, you will receive our KICKZ newsletter on a regular basis with information on current sales promotions.
- To ensure the general security, operability and stability of our Services, including defense against attacks.
- The non-promotional communication with you on technical, security and contract-related subjects (e.g. fraud warnings, account blocking or contract changes).
- The issuance, redemption, delivery of KICKZ vouchers.
- The implementation of promotions and sweepstakes.
Insofar as the purpose is the performance of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6(1) lit. b GDPR. Otherwise, the legal basis is Article 6(1) lit. f GDPR, whereby our legitimate interests lie in the above-mentioned purposes.
2.2. ADVERTISING AND MARKET RESEARCH, DATA ANALYSES
We use your data, including in the context of data analyses, for advertising and market research purposes. In doing so, we pursue the following purposes in particular:
- Classification into different target and user groups as part of market research (user segmentation).
- Insights into different target groups and their respective usage habits and shopping interests.
- The acquisition of insights into the demographics, interests, shopping and usage habits of our users and the marketing of these insights as part of advertising services provided to third parties.
- The early identification of trends in fashion and online shopping.
- The performance of existing customer advertising.
- The execution of direct advertising, e.g. in the form of newsletters.
- The planning, execution and success monitoring of advertising that corresponds to the interests of the target groups addressed (personalized advertising).
- Insights into how our services are used (usage analysis).
- The marketing of the above-mentioned insights as part of advertising services for advertising customers.
Depending on the purpose, we use the data stored by us for data analyses. For example, for analyses of the purchasing behavior of our users, we use summarized (aggregated), statistical, depersonalized (anonymized) profile data or such data that can only be assigned to persons via further intermediate steps (pseudonymized profile data), as well as purchasing data and device and access data, in order to be able to track and analyze purchase transactions through data analyses. We thereby gain anonymous or pseudonymized insights into the general usage behavior of our users.
We process your data on the basis of a balancing of interests to protect the legitimate interests of us or a third party (these may be, for example, advertising partners or merchants participating in Zalando's partner program). The legitimate interest of KICKZ or third parties in the data processing results from the respective purposes and is, unless otherwise stated, of a competitive and economic nature.
Insofar as data processing for the purposes described above is carried out with your consent, the legal basis is Article 6 paragraph 1 lit. a GDPR(consent). Otherwise, data processing is carried out on the basis of Article 6 paragraph lit. GDPR, where the legitimate interests lie in the above-mentioned purposes.
2.3. BASED ON YOUR CONSENT
If you have given us consent to process personal data, your consent is the primary basis for our data processing. Which of your data we process based on your consent depends on the purpose of your consent. Typical purposes are, for example:
- Ordering a newsletter.
You can revoke a previously given consent at any time with effect for the future, e.g. by mail, letter or fax. There is a corresponding unsubscribe link in every newsletter. You can find further information under "What data protection rights do I have?"
2.4. OTHER PURPOSES
If permitted by data protection law, we may also use your data without your consent for new purposes, such as conducting data analyses and further developing our services and content. The prerequisite for this is that these new purposes for which the data is to be used were not yet determined or foreseeable when the data in question was collected and that the new purposes are compatible with the purposes for which the data in question was originally collected. For example, new legal or technical developments and novel business models and services may lead to new processing purposes.
2.5 Salesforce Commerce Cloud
We use Salesforce Commerce Cloud (hereinafter "Salesforce") as our store system and to manage our customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich. Salesforce is our store system, through which orders are processed, as well as a CRM system which enables us, for example, to manage our customers and their contact data and to organize communication processes. In addition, Salesforce enables us to analyze our customer-related processes. Customer data is stored on Salesforce servers, which are generally located at sites within the EU. We cannot rule out the possibility that, in exceptional cases, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. More information on the functions of Salesforce can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.
The use of Salesforce is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most efficient operation of our online store as well as functional customer management and customer communication. If consent has been requested for individual processing operations, the processing is based on Art. 6 (1) a GDPR; consent can be revoked at any time.
Salesforce has so-called Binding Corporate Rules (BCR). These are binding internal company rules that legitimize the internal company data transfer to third countries outside the EU and the EEA. Salesforce's BCRs have been approved by the French data protection authority. Details can be found at https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html.
For more information about Salesforce's privacy practices, please visit: https://www.salesforce.com/de/company/privacy/.
3. INFO ON WEBSITES
We use your data to provide the KICKZ websites. In addition to the device and access data that is generated each time you use these services, the type of data processed and the processing purposes depend in particular on how you use the functions and services provided via our services. In addition, we use the data generated by the use of our services to find out how our online offering is used. We use this information, among other things, to improve our services and for personalized advertising.
You can find the responsible provider of the service in the imprint of the respective website.
3.2. WHAT DATA IS COLLECTED?
We generally collect all data that you provide directly to us through our Services.
DEVICE AND ACCESS DATA
Every time our servers and databases are accessed, device and access data is collected and logged in so-called server log files. The IP address contained therein is anonymized for a short time after the end of the respective access, as soon as the storage is no longer necessary for maintaining the functionality of the respective website.
If available and activated on your device, we also collect a device-specific identification number (e.g. a so-called "advertising ID" if you use an Android device or "Ad-ID" if you use an Apple device). This device identifier is assigned by the manufacturer of your device's operating system and can be read and used by websites to present you with content based on your usage habits. If you do not want this to happen, you can disable it at any time in your device's browser settings or system preferences.
We set up password-protected personal access for users who register for a customer account or other service. Depending on the type of service, cookie or similar technology may be used for this purpose. This feature allows you to use some of our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your profile data or place an order.
INFORMATION ABOUT WEBSITE COOKIES
WHAT ARE COOKIES?
Cookies are small text files that are stored by your web browser and save certain settings and data for exchange with our web server. Basically, there are two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies, which are stored for a longer period of time. This storage helps us to design our websites and services accordingly for you and makes it easier for you to use them, for example by storing certain entries made by you in such a way that you do not have to keep repeating them.
The cookies used by our websites may originate from KICKZ or from advertising partners. If you only wish to accept the KICKZ cookies, but not the cookies from our advertising partners, you can select a corresponding setting in your browser (e.g. "Block third-party cookies"). As a rule, you will be shown in the menu bar of your web browser via the help function how to reject new cookies and switch off those you have already received. We recommend that if you use shared computers that are set to accept cookies and Flash cookies, that you log out completely when you are finished using our websites.
THREE CATEGORIES OF COOKIES ARE USED FOR OUR SERVICES:
• Necessary cookies: these cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the shopping cart function, so that the goods remain stored in your shopping cart while you continue shopping. The necessary cookies are also used to save certain entries and settings that you have made, so that you do not have to keep repeating them, and to tailor KICKZ content to your individual interests. Without necessary cookies, the website cannot be used or can only be used to a limited extent.
• Statistics cookies: These cookies collect device and access data to analyze the use of our websites, such as which areas of the website are used and how (so-called surfing behavior), how quickly content is loaded and whether errors occur. These cookies contain only anonymous or pseudonymous information and are used only to improve our website and find out what interests our users, as well as to measure how effective our advertising is. Statistics cookies can be blocked without affecting the navigation and operation of the website.
• Marketing cookies ("tracking cookies"): these cookies contain identifiers and collect device and access data in order to tailor personalized advertising on KICKZ websites to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our websites. This allows us to show you personalized advertising that matches your interests on other websites and in apps from other providers (so-called retargeting). Marketing cookies can be blocked without affecting the navigation and operation of the website. However, shopping personalization may then not be possible.
For the KICKZ Shop, we have compiled country-specific overviews of all cookies used. You can find these under "Notes on cookies".
3.3. ONLINE ADVERTISING/RETARGETING
Our websites contain cookies and similar tracking technologies from advertising partners that operate an online advertising network. In this way, it is also possible for our advertising partners to collect your device and access data and to present you with personalized advertising on other websites, including those of other providers, that is based on your interests (e.g., advertising based on which products you have previously viewed in the KICKZ store).
For more information, please see "How does KICKZ use my data for advertising?"
You can deactivate the processing of your data for retargeting at any time:
To do so, please deactivate the usage analysis.
For other websites and apps, you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Disable Other Advertising.
3.4. USAGE ANALYSIS
We use common tracking technologies in all our services to analyze device and access data. This allows us to learn how our service is generally used by our users. Identification cookies and comparable identifiers are used for this purpose. In this way, we learn, for example, which content and topics are particularly popular, at which times our services are used particularly frequently, from which regions (down to city level) our services are used, and which browsers and devices our users generally use. We also occasionally conduct so-called A/B tests as part of our usage analysis. A/B tests are a special variant of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website to learn which version performs better, is more popular, or lets users find the content they're looking for faster. By creating a version A and a version B and testing both versions, data is obtained that can be used to facilitate and speed up decisions about changes to services and content.
You can find out which tracking tools are used in our websites under "Notes on cookies". There you will also find information on how to disable usage analysis.
4. INFO ON SOCIAL MEDIA FANPAGES
KICKZ maintains social media profiles on the social networks of Facebook and Instagram (so-called "fanpages"). On our Fanpages, we regularly publish and share content, offers, and product recommendations. With every interaction on our fanpages or other Facebook or Instagram websites, the operators of the social networks record your usage behavior with cookies and similar technologies. Fan page operators may view general statistics about the interests and demographic characteristics (such as age, gender, region) of the fan page audience. If you use social networks, the nature, scope and purposes of social network data processing are primarily determined by the social network operators.
4.1. PROVIDER / RESPONSIBLE PARTY
The responsible KICKZ company acting as the provider responsible for the content of a fan page can be found in the imprint information on the respective fan page. The social networks Facebook and Instagram are each offered by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Insofar as you communicate directly with us via our fan pages or share personal content with us, KICKZ is responsible for processing your data. An exception applies to the data processing described below for usage analysis (page insights); we are jointly responsible for this with Facebook.
PROCESSING OF YOUR DATA BY FACEBOOK
4.2. WHAT DATA IS COLLECTED?
When you visit our fan pages, KICKZ generally collects all messages, content and other information that you share with us directly there, such as when you post something on a fan page or send us a private message. If you have an account with the respective social network, we can of course also see your public information, such as your user name, information in your public profile, and content that you share with a public audience. For more information, see "What data does KICKZ process?".
USAGE ANALYSIS (PAGE INSIGHTS).
With the help of Page Insights, we obtain insights into how our Fanpages are used, what interests the visitors to our Fanpages have, and which topics and content are particularly popular. This allows us to optimize our fan page activities, for example, by better responding to the interests and usage habits of our audience when planning and selecting our content. KICKZ and Facebook are jointly responsible for processing your data for the provision of Page Insights. For this purpose, we and Facebook have entered into an agreement specifying which company fulfills which data protection obligations under the GDPRwith respect to the processing of Page Insights data.
MORE INFO ON PAGE-INSIGHTS
You can view the agreement with Facebook here:
Facebook has summarized the key contents of this agreement (including a list of Page Insights data) for you here:
Insofar as you have consented to Facebook in relation to the creation of Page Insights described above, the legal basis is Article 6(1) lit. a GDPR(consent). Otherwise, the legal basis is Article 6(1) lit. f GDPR, whereby our legitimate interests lie in the above-mentioned purposes.
4.3. WHAT DATA PROTECTION RIGHTS DO I HAVE?
Your data protection rights described under "What data protection rights do I have?" naturally also exist with regard to the processing of your data in connection with our fan pages. For the processing of your Page Insights data together with Facebook, we have agreed with Facebook that Facebook is primarily responsible for providing you with information about the processing of your Page Insights data and for enabling you to exercise your data protection rights to which you are entitled under the GDPR (e.g., right to object). More information about your data protection rights in connection with Page Insights and how you can exercise them directly with Facebook can be found here:
Tip: You can also address your request to KICKZ; we will then forward your request to Facebook.
We offer several newsletter services. You will receive information about the topics covered by each newsletter and other notices when you sign up for a newsletter service. When you use our newsletters, we also collect device and access data.
5.1. HOW DO I REGISTER?
For the dispatch of our newsletters requiring registration (such as the KICKZ Shop Newsletter), we use the so-called double opt-in procedure or single opt-in procedure (depending on the country), i.e. we will only send you a newsletter if you have previously expressly agreed that we should activate the newsletter service. If a double opt-in is required in your country, you must also have confirmed that the e-mail address you provided belongs to you. For this purpose, we will send you a notification e-mail and ask you to confirm that you are the owner of the e-mail address provided by clicking on a link contained in this e-mail. We may not take this action if you have already confirmed to us in this manner for another purpose that you are the owner of that e-mail address.
Should you later no longer wish to receive newsletters from us, you may object to this at any time without incurring any costs other than the transmission costs according to the prime rates. A message in text form (e.g. e-mail, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.
5.3. WHAT DATA IS COLLECTED?
When you register for a newsletter, we automatically save your IP address and the times of registration and confirmation. This allows us to prove that you have actually subscribed and, if necessary, to detect misuse of your e-mail address. We collect device and access data that is generated when you interact with a newsletter. For this evaluation, the newsletters contain links to image files that are stored on our web server. When you open a newsletter, your e-mail program loads these image files from our web server. We record the resulting device and access data in pseudonymized form under a randomly generated identification number (newsletter ID), which we do not use to identify you without your consent. This allows us to track whether and when you have opened which issues of a newsletter. The links contained in the newsletters also contain your newsletter ID so that we can record which content interests you. With the data obtained in this way, we create a user profile for your newsletter ID in order to personalize newsletter content according to your interests and usage habits and to be able to statistically analyze how our users use the newsletter service. We link this data with the data we collect as part of the usage analysis. This is an integral part of the KICKZ Shop newsletter service.
You can object to the newsletter analysis at any time by deactivating the newsletter service in question. Of course, you will also find an unsubscribe link in every issue of our newsletter. You can also find more information under "What data protection rights do I have?" Alternatively, you can deactivate the display of images in your e-mail program. In this case, however, the newsletter will not be able to be displayed to you in full.
We use the data provided in the context of an order for KICKZ vouchers to check and process the order and to send and redeem the voucher. This also includes the logging and processing of data related to the use of the voucher, in particular to prevent fraud.
FOR THESE PURPOSES, WE ALSO STORE THE FOLLOWING DATA:
- Date of issue
- voucher value
- voucher code
- Time of voucher redemption
7. HOW DOES KICKZ USE MY DATA FOR ADVERTISING?
We and our advertising partners use your data for personalized advertising presented to you in the services of KICKZ and on the websites of other providers. For this purpose, we and our advertising partners use standard Internet technologies. This enables us to advertise in a more targeted manner in order to present you, as far as possible, only with advertising and offers that are actually relevant to you. This allows us to better meet our users' needs for personalization and discovery of new products, and to keep you interested in our services over the long term by providing a more personalized shopping experience.
If you search for sports shoes on the website of a KICKZ advertising partner, we can take this information into account when searching for products in the KICKZ Shop. For example, we can show you sports shoes first in the "Shoes" section or recommend sports shoes already in the feed on the home page. If you tell us your preferences in your customer account or if you have already bought sporting goods from us, we can also take this information into account in our recommendations.
7.1. ADVERTISING FORMATS AND CHANNELS
The advertising formats used by KICKZ include advertisements on social networks (e.g. Facebook Ads, Instagram Ads, YouTube Video Ads) and advertising spaces brokered through online advertising networks used by KICKZ, such as DoubleClick by Google.
7.2. ON SOCIAL NETWORKS
If we carry out advertising via the advertising formats of social networks (e.g. YouTube, Facebook, Instagram), we have the option of passing on information about the users of KICKZ Services (e.g. device and access data such as advertising and cookie IDs, e-mail addresses), of whom we suspect that they belong to the target group of an advertiser or that they have certain characteristics (e.g. age group, region, interests), to the respective social network in encrypted form.
The respective social network will then - either on our behalf as a processor or with the consent of the relevant user - decrypt the data transmitted by us and present the user (provided that the user is a member of the respective social network) with the advertising booked by us as part of his or her existing user relationship with the respective social network.
You may additionally have the option to deactivate the use of your data for personalized advertising by the social networks you use directly with the respective providers. For more information, please contact them directly:
FACEBOOK (FACEBOOK, INSTAGRAM):
Facebook Ads information
Facebook Ads settings
GOOGLE (GOOGLE AD NETWORK, YOUTUBE, GOOGLE SEARCH):
Information about Google Ads
Ads settings for Google
7.3. ON ADVERTISING SPACE MEDIATED VIA ONLINE ADVERTISING NETWORKS (RETARGETING).
You can obtain further information from the operators of the respective advertising spaces and the online advertising networks commissioned with their placement. You can find an overview of the advertising partners and information on how to deactivate them under "Notes on cookies". For our websites, you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Disable Further Advertising.
Please note that the data used for retargeting is also needed for other purposes (including the provision of our services). Therefore, deactivation will not stop the collection of the data used for this purpose. However, the advertising presented to you will then not be personalized.
8. TO WHOM WILL MY DATA BE PASSED ON?
KICKZ only passes on your data if this is permitted under German or European data protection law. We work particularly closely with some service providers, for example in the area of customer service (e.g. hotline service providers), with technical service providers (e.g. operation of data centers) or with logistics companies (e.g. postal companies such as DHL). In principle, these service providers may only process your data on our behalf under special conditions. Insofar as we use them as processors, the service providers will only have access to your data to the extent and for the period of time that is necessary for the provision of the respective service. If you make a purchase from a KICKZ partner, we will pass on certain purchasing data from you to the KICKZ partner (e.g. your name and delivery address) so that the KICKZ partner can deliver the ordered goods to you.
8.1. COMPANY OF THE PLAYHARD GROUP
KICKZ is a company of the Playhard Group. Within the Playhard Group, many systems and technologies are shared. This enables us to provide you with a cheaper, better, more secure, more consistent and more interesting service. Therefore, within the Playhard Group, those companies and departments will have access to your data that need it to fulfill our contractual and legal obligations or to perform their respective functions within the Playhard Group.
8.2. SHIPPING COMPANIES
For the delivery of orders we cooperate with external shipping service providers (e.g. DHL). These shipping service providers receive the following data from us for the execution of the respective order:
- Your name
- Your delivery address
- if applicable, your postal number (if you would like to have the order delivered to a DHL packing station)
- If applicable, your e-mail address (if the shipping service provider would like to inform you by e-mail about the expected delivery date).
8.3. TECHNICAL SERVICE PROVIDERS
We work with technical service providers to provide you with our services. These service providers include, for example, Telekom Deutschland GmbH, Salesforce.com EMEA Ltd. or Amazon Web Services, Inc. If they process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that in the European Union. In such cases, KICKZ will ensure that the service providers in question guarantee an equivalent level of data protection by contract or otherwise.
8.4. SOCIAL MEDIA NETWORKS
As part of advertising campaigns, we share data with social network providers in accordance with data protection law. For more information, see "How does KICKZ use my data for advertising?".
8.5. AUTHORITIES AND OTHER THIRD PARTIES
Insofar as we are obligated by an authority or court decision or for legal or criminal prosecution, we will pass on your data to law enforcement authorities or other third parties if necessary.
9. WHAT DATA PROTECTION RIGHTS DO I HAVE?
You have the following legal data protection rights under the respective legal requirements: Right of access (Article 15 GDPR), Right of erasure (Article 17 GDPR), Right of rectification (Article 16 GDPR), Right of restriction of processing (Article 18 GDPR), Right of data portability (Article 20 GDPR), Right of complaint to a data protection supervisory authority (Article 77 GDPR), Right of withdrawal of consent (Article 7(3) GDPR) and the right to object to certain data processing measures (Article 21 GDPR). You can find the contact details for your requests under "Contact persons".
To ensure that your data is not released to third parties in the event of a request for information, please enclose sufficient proof of identity with your request by e-mail or by post.
It is usually sufficient for this purpose if you send us your request using the e-mail address stored in your customer account. You can change most of your details yourself in your customer account. For all other cases, please contact customer service. The responsibilities of the data protection authorities depend on the location of the controller. However, you can also contact the data protection authority in your place of residence, which will then forward your complaint to the competent authority. The lead authority responsible for KICKZ is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.
If you have given your consent to the processing of your data, you may revoke this consent at any time. A revocation has no effect on the permissibility of the processing of your data carried out before your revocation. You may object to the processing of your data for advertising purposes, including direct advertising (also in the form of data analyses) at any time without giving reasons.
If we base the processing of your data on a balance of interests pursuant to Article 6(1)(f) GDPR(e.g. the reporting of creditworthiness data to an external credit agency), you may object to the processing. When exercising an objection, we ask you to explain the reasons why we should not process your data. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the processing or inform you of our compelling legitimate grounds on the basis of which we may continue the processing.
10. WHEN WILL MY DATA BE DELETED?
If you close your customer account, we will delete all data stored about you. If complete deletion of your data is not possible or not required for legal reasons, the data in question will be blocked for further processing.
WHAT DOES BLOCKING MEAN?
When data is blocked, access rights are restricted and other technical and organizational measures are taken to ensure that only a few employees can access the data in question. These employees are then only allowed to use the blocked data for the previously defined purposes (e.g., in the case of a tax audit for submission to the tax office).
BLOCKING TAKES PLACE, FOR EXAMPLE, IN THE FOLLOWING CASES:
Your order and payment data and, if applicable, other data are generally subject to various statutory retention obligations, such as those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The law obliges us to retain this data for up to ten years for tax audits and economic audits. Only then may we finally delete the data in question.
Even if your data is not subject to a legal obligation to retain it, we may refrain from immediate deletion in cases permitted by law and instead first block it. This applies in particular in cases where we may still need the data in question for further contract processing or legal prosecution or legal defense (e.g. in the case of complaints). The relevant criterion for the duration of the blocking is then the statutory limitation periods. After expiry of the relevant limitation periods, the relevant data will be permanently deleted.
Deletion may be waived in cases permitted by law, insofar as anonymous or pseudonymized data is involved and deletion would make processing for scientific research purposes or for statistical purposes impossible or seriously impair such purposes.
11. HOW DOES KICKZ PROTECT MY DATA?
Your personal data is transferred securely by us through encryption. This applies to your order and also to the customer login. We use the SSL (Secure Socket Layer) coding system for this purpose. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
For direct contact with our data protection officer, please send your request by mail to the address below with the note "For the attention of the data protection officer":
Fax: +49 (0) 89 324 781 99
13. NOTES ON COOKIES AND THIRD-PARTY PROVIDERS
At this point, you can find out which cookies we use and which third-party providers process personal data via technical integration on our website. If personal data is transmitted to servers in the USA by the third-party providers and processed there, this is usually done on the basis of your consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR. We expressly point out that risks may be associated with the transmission of data to the USA, in particular due to possible access by US security authorities and intelligence services.
13.1. GOOGLE ANALYTICS
Google will process the information obtained through the cookies in order to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. As shown above, you can configure your browser to reject cookies, or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on provided by Google. This will prevent data collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you must click this link again.
13.2. GOOGLE ADS
If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features. In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR.
13.3. GOOGLE DOUBLE CLICK
We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.
DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a DoubleClick ad has previously been displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same Internet browser.
13.4. GOOGLE OPTIMIZE
We use Google Optimize from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to perform so-called A/B tests on our online offering. This involves simultaneously publishing different versions of our online offering and measuring which of these versions is more user-friendly. When testing the versions, data such as the operating system used, the user agent of the browser and the time of the call can be collected in order to measure the success of the version. Web tracking technologies are used to associate the above data with the version of our online offering being tested.
13.5. GOOGLE TAG MANAGER
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website. This allows us to flexibly integrate additional services to evaluate user access to our website.
13.6. GOOGLE RECAPTCHA
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's browsing time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.
13.7. HOTJAR BEHAVIOR ANALYTICS
13.8 Cloudflare CDN
We use Cloudflare CDN to properly deliver the content of our website. Cloudflare CDN is a service of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich. A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Cloudflare CDN.
13.9. PINGDOM REAL USER MONITORING
We have integrated Pingdom Real User Monitoring on our website. Pingdom Real User Monitoring is a service provided by Pingdom AB, which develops cloud-based software that allows website and application owners to track the performance of their services.
Pingdom Real User Monitoring provides us with the ability to track and improve the stability of our services through system monitoring and code errors.
In this process, your IP address and performed activities on our website are collected. In this case, your data is passed on to the operator of Pingdom Real User Monitoring, Pingdom AB.
Our website uses the analytics service etracker, a web analytics service provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg Germany. Cookies are used for this purpose, which enable a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising.
The data collected using etracker technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. In the process, the IP address is anonymized at etracker at the earliest possible time and login or device identifiers are converted at etracker into a unique key that is not assigned to a person. No other use, combination with other data or disclosure to third parties is made by etracker.
You can object to the collection and storage of data at any time with effect for the future. To object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from etracker using the following link. This will ensure that no visitor data from your browser is collected and stored by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb.
The information collected by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats is transmitted to a server of Awin and stored there. This information may be passed on by Awin to contractual partners of Awin. However, Awin will not merge your IP address with other data stored by you.
13.12. BING ADS
13.13. SCARAB RESEARCH
Our website uses Scarab Research, a service provided by Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, ("Emarsys") to personalize and automate the display of advertisements. This service "tags" visitors to its partners' websites with anonymous browser cookies. Users tagged by the service receive an anonymous identifier. The browser cookies track the products viewed by the visitor and the pages visited by the partner for which the ads are delivered.
13.14. AKAMAI CDN
We use Akamai CDN to properly deliver content to our website. Akamai CDN is a service provided by Akamai Technologies, Inc. which acts as a content delivery network (CDN) on our website. A CDN helps to provide content from our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Akamai Technologies, Inc., Cambridge, Massachusetts, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Akamai CDN.
13.15. AKAMAI MPULSE
We have integrated Akamai mPulse on our website. Akamai mPulse is a service provided by Akamai Technologies, Inc. which develops cloud-based software that allows website and application owners to track the performance of their services. Akamai mPulse provides us with the ability to track and improve the stability of our services through system monitoring and code errors. In this process, your IP address and performed activities on our website are collected. In this case, your data is passed on to the operator of Akamai mPulse, Akamai Technologies, Inc., Cambridge, Massachusetts, US.
13.16. AKAMAI BOT MANAGER
13.17. ATLAS SOLUTIONS
We use CDNJS to properly deliver the content on our website. CDNJS is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website. A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc. whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of CDNJS.
13.19. CRITEO CDN
A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Criteo S.A., Paris, Ile-de-France, FR, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Criteo CDN.
13.20. CRITEO DYNAMIC RETARGETING
We use the Criteo Dynamic Retargeting service of Criteo S.A., Paris, Ile-de-France, FR, to display specific and relevant ads to groups of users using targeting technologies. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot generally be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.
13.21. FACEBOOK PIXEL
We use Facebook Pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and to subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with Facebook Ireland Ltd.
13.22. FACEBOOK PLUGIN
We have integrated components of Facebook Plugin on our website. Facebook Plugin is a service of Facebook Ireland Ltd. and offers us the opportunity to aggregate content from the social media platform and display it on our website. When you access this content, you establish a connection to servers of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Facebook Plugin. If a user is registered with Facebook Ireland Ltd, Facebook Plugin can associate the content viewed with the profile.
We use the e-commerce BI software Minubo from Minubo GmbH, Großer Burstah 31, 20457 Hamburg, Germany on our website. Minubo enables us to analyze and optimize as well as ensure the economic operation of our online store. For this purpose, classic e-commerce key figures (order values, orders, cancellations, returns, conversion rates, sessions, etc.) are collected and clearly processed. In particular, addresses, e-mail addresses, names, gender, age, order value, number of orders and transaction IDs are processed.
A data collection takes place here via other systems such as Google Analytics (see there). Minubo only uses these systems as a source and merges the existing data. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data protection at Minubo can be found at https://www.minubo.com/en/legal/privacy-policy.
13.24. Feed Dynamix
We use technologies of Feed Dynamix GmbH, Ludwigstraße 31 | 60327 Frankfurt/Main, on our website for its demand-oriented design as well as for the optimization of our marketing activities. Feed Dynamix collects and processes anonymized data and creates usage profiles from this data using pseudonyms. For this purpose, cookies may be used, which allow the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without your express consent. In particular, IP addresses are made unrecognizable immediately after they are recorded, which means that it is not possible to assign usage profiles to IP addresses. The analysis of user behavior is carried out - insofar as personal data is concerned - on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time.
+49 (0) 89 324 781 60
+49 (0) 89 324 781 99