Skip to Content (Press Enter) Skip to Footer (Press Enter)
#NEVERNOTBALLIN
Items shipped in 3-5 days
TELLING THE STORY SINCE 1993

Privacy Policy

PRIVACY POLICY

AS OF: 03/2024

This privacy statement provides you with an overview of how KICKZ processes your data.

How to read this privacy statement: We offer you several ways to read this privacy statement. First, you will find some very basic information in this section. Then, we have sorted this privacy statement according to topics relevant to you and divided it into individual chapters accordingly. If you are already a "pro", you can use the following drop-down menu to jump directly to individual chapters.

We have prefaced each chapter with a short overview text. This overview text briefly summarizes the content of the chapter. If you just want to get a quick overview of all data processing, we recommend that you read the overview texts. If you would like to familiarize yourself with the details, you can click on "More" below the respective overview text. You will then be shown the full contents of the chapter.

We have avoided cross-references as often as possible. This way, you will get all the information explained coherently, regardless of which chapter you are currently in. However, if you read this data protection declaration from the beginning to the end, you may notice repetitions of text. To which services and offers does this privacy policy apply: The way we at KICKZ process your data is similar for most of our offers. This privacy policy therefore applies to all services and offers that we provide to our customers in Europe. And it applies regardless of whether we do so through a website, in stores, over the phone, at events, or through social networks or other channels. To make it easier to understand, we use the term "services" to refer to this "normal case" collectively.

WHAT YOU WILL LEARN IN THIS PRIVACY POLICY STATEMENT:

- What data is stored by KICKZ.
- What we do with this data and what it is needed for.
- What data protection rights and choices you have in the process.
- What technologies and data we use to personalize and tailor our services and content to provide you with a safe, easy, seamless and personalized shopping experience.
- What technologies and data we use for advertising, including tracking technologies used.
If you have a question about this Privacy Policy or about data protection at KICKZ in general, you can find our contact details under "Changes and Contacts".

1. WHAT DATA DOES KICKZ PROCESS?

KICKZ offers you a wide variety of services, which you can also use in different ways. Depending on whether you contact us online, by phone, in person, or in any other way, and which services you use, different data will be collected from different sources. Much of the data we process is provided by you when you use our services or contact us, for example, when you register and provide your name or e-mail address or postal address. However, we also receive technical device and access data that is automatically collected by us when you interact with our Services. This may include, for example, information about which device you are using. We collect additional data through our own data analyses (e.g., as part of market research studies and by evaluating customers). We may also receive data about you from third parties, for example, credit agencies and payment service providers.

When we talk about "your data", we mean personal data. This is any information that would allow us to identify you immediately or by combining it with other information. Examples: Your name, phone number, customer number, order numbers, or e-mail address. Any information that does not allow us to identify you (even by combining it with other information) is considered non-personal information. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all data in that data set is considered personal data. If we delete personal data from a piece of information or data set about you, the remaining data in that data set is no longer considered personal data. This process is called anonymization. As a general rule, if you are asked by us to provide certain personal information, you can of course refuse to do so. You decide what information you give us. However, we may then not be able to provide you with the requested services (or not in an optimal way). For example, we may not be able to have packages delivered if you do not provide a shipping address. If only certain information is required in connection with a service (mandatory information), we will inform you of this by marking it accordingly.

We use technologies on our website to personalize content, customize and measure advertising, and provide a secure experience. This involves storing information, e.g. cookies, on your device and transmitting personal data to third-party providers. Some of these services transfer personal data to the USA. As a matter of principle, we use only those US services that are certified in accordance with the Transatlantic Data Privacy Framework and have thus submitted to the data protection standards agreed upon there. If, in individual cases, a service provider is not certified under this agreement, we base the export of data on your informed consent pursuant to Art. 49 (1) a GDPR. By clicking the "Allow all and continue" button, you consent to the collection of data via cookies. The consent is voluntary and can be revoked at any time by adjusting the settings. You can find more detailed information in our privacy policy.

1.1. PROFILE DATA

Profile data is personal and demographic information about you (so-called master data) and your individual interests that you provide to us when you register for your customer account.

YOUR PROFILE DATA INCLUDES, FOR EXAMPLE:

- Your first and last name
- Your contact details
- Your preferences, e.g. in terms of brands, product types or styles
- Demographic information such as your gender, age and place of residence

Mandatory information usually includes your name, e-mail address, and a password of your choosing. Your e-mail address and password will later form your login information. For the use of access-restricted, paid or personalized services, further mandatory data may also be required, such as your date of birth or your form of address (e.g. in order to be able to direct you to the homepage of the KICKZ shop that matches your gender) or your preferred brands and clothing styles.

Profile data may also include further information about you and your interests. These may already be collected as part of registering for the service or may only be added subsequently. This is the case, for example, if you later add voluntary information to your profile or you want to use your customer account to register for a service that requires additional mandatory information.

Tip:
When you are logged into your customer account, you can view your profile data there and in most cases also change it directly, e.g. to update your address after moving house.

1.2. CONTACT DATA

When you contact us, we collect your contact information. Your contact information may include, depending on how you contact us (e.g., by phone or e-mail), your name, mailing addresses, phone numbers, fax numbers, e-mail addresses, details of your social media profiles (for example, we may receive your Facebook ID if you contact us through Facebook), usernames, and similar contact details.

1.3. PURCHASING DATA

When you order something from KICKZ or make a purchase on site, for example in a KICKZ store, we collect your Purchase data. Purchase data may include the following information, depending on the type of sale and processing status:

- Order number
- Details about the purchased items (name, size, color, purchase price, etc.)
- Payment method details
- Delivery and billing addresses
- Notifications and communications related to purchases (e.g., revocation notices, complaints, and notifications to customer service)
- Delivery and payment status, e.g. "Completed" or "Shipped".
- Return status, e.g. "Successfully completed".
- Details of service providers involved in the execution of the contract (in the case of mail-order purchases, for example, shipment numbers of parcel service providers)

Tip:
In your customer account, you can view your essential purchase data at any time in the areas "My orders/returns", "My settings", "My wish list" and "My vouchers".

1.4. PAYMENT DATA

We offer you the common payment methods in online commerce - in particular prepayment, credit card, PayPal or invoice. For the execution of payment, we collect the payment data provided by you. We receive further payment data from external payment service providers with whom we cooperate for the execution of payments. We only pass on data to our payment service providers that is necessary for payment processing.

PAYMENT DATA ARE FOR EXAMPLE:

- Preferred payment method
- Billing addresses
- IBAN and BIC or account number and bank code
- Credit card data

Payment data also includes other information that is directly related to payment processing. This concerns, for example, information that external payment service providers use for identification, such as your PayPal ID (if you pay with PayPal). SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich, is responsible for payment processing and receivables management in connection with all purchases made by private individuals in the KICKZ shop.

We work together with the payment service provider Saferpay of SIX Payment Services AG. Thereby no credit card data is stored on our site, but only at our partner. We also do not perform any credit checks on our site.

KLARNA INVOICE AND INSTALLMENT PURCHASE

If you select the payment method "Klarna Invoice Purchase" or (if offered) the payment method "Klarna Installment Purchase" in the order process, the payment processing will be carried out by Klarna AB, Sveavรคgen 46, 111 34 Stockholm, Sweden. For the purpose of processing your payment, the personal data you provided when placing your order (first and last name, address, postal code, city, gender, e-mail address, telephone number and IP address) as well as data related to your order (e.g. invoice amount, item, delivery method) will be transferred to Klarna for the purpose of identity and credit checks. This transmission takes place if you have expressly consented to this during the ordering process in accordance with Art. 6 Para. 1 lit. a GDPR. You can review the credit agencies to which Klarna may forward your data here: http://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

The creditworthiness reports may be based, among other things, on probability scores (so-called scores). Insofar as scores are included in the result, these values have their basis in a scientifically recognized mathematical-statistical procedure. Klarna uses the information about the statistical probability of non-payment determined by means of the credit report for a decision about the establishment, implementation or termination of the contractual relationship.

You can withdraw your consent to the data processing by Klarna described above at any time by sending a message to us or to Klarna. However, Klarna may still be authorized to process your personal data if this is necessary for the contractual processing of payments.

Klarna processes your personal data in accordance with the applicable European data protection regulations. For more information, please see Klarna's Privacy Policy for Data Subjects in Germany http://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

1.5. DATA OF INTEREST

When you interact with our services, we collect data that tells us which content, topics, products, product types, brands or styles you are interested in. For example, we may infer which styles and product categories you are interested in from shopping data, wish list content, and your age (to the extent this information is available to us) and by comparing you to users with similar characteristics. This allows us to show you the products most likely to be relevant to you first the next time you search. In addition to the interests you communicate directly, we may also infer your interests from other data we collect. For example, if you repeatedly visit a certain area of the KICKZ Shop, we may infer your interests from your access data as part of our usage analysis (e.g., we may infer that you may be interested in sports if you regularly visit the "Sportswear" category or order products from that category).

In addition, we also receive information and statistics on demographics (such as age, gender, region), device and access data, and interests of our users from our external advertising partners for this purpose. We take care to ensure that our advertising partners only provide KICKZ with aggregated, encrypted data or data that is anonymous to KICKZ, so that we cannot attribute the data to any specific person, in particular to any specific user. This information can help us to better understand our users, for example in the context of customer structure analyses and user segmentation.

For more information on the processing of your data for advertising purposes, see "How does KICKZ use my data for advertising?

1.6. MESSAGES, CONTENTS OF CONVERSATIONS

When you communicate with us or other users about products (e.g., product reviews) and other topics by phone, mail, social media services, contact forms, or otherwise, we collect the content of your communications. If applicable, we will forward your communications to the entity responsible for your concern, such as partner companies or manufacturers. In the case of a possible forwarding to another company (e.g. if you send us feedback to the manufacturer of a product), you naturally have the option of informing us that your data is to be used exclusively by KICKZ. In this case, we will not forward your request to the responsible office, or we will forward it only without your personal information, provided that your request can be processed in this way. Insofar as you send us messages for other users via functions provided for this purpose (e.g. product reviews), these may be published by us within our services.

KICKZ also uses the offers of social networks such as Facebook, Instagram or Twitter for communication with customers and users. We use these popular platforms to offer you further contact and information options in addition to our own communication channels. Please note, however, that we have no influence on the terms of use of the social networks and the services they offer, and only limited influence on their data processing. We therefore ask you to carefully consider what personal data you share with us via the social networks. We cannot influence the behavior of the operators of the social networks, other users as well as third parties who may cooperate with the operators of the social networks or also use their services.

1.7. SOCIAL NETWORK DATA

KICKZ maintains profile pages (also known as "fan pages") on various social networks. In addition, functions of social networks may be integrated in the services of KICKZ. These may be messenger services and so-called social plug-ins. If you contact us directly via our social media profiles or use the functions of social networks integrated into our Services and are a member of the respective social network, we may receive data from the operator of the social network with which you can be identified. As a rule, we can view the following data:

- Your public profile information (e.g., name, profile picture) stored with the respective social network.
- Information about the type of device you use
- The account ID of your profile with the respective network (e.g. Facebook ID).

Please also note the information on the processing of social network data in connection with social network functions under "Info on websites" and "Info on social media fanpages".

KICKZ currently uses Facebook's Messenger service and social plug-ins from the following social networks:

- Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). You can find the link to Facebook's privacy policy here: Facebook privacy policy.
- Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA ("Twitter"). The link to the privacy policy of Twitter can be found here: Privacy Policy of Twitter.
- Pinterest Inc, 635 High Street, Palo Alto, CA, USA ("Pinterest"). The link to the privacy policy of Pinterest can be found here: Pinterest privacy notice.
- YouTube, is offered by Google Ireland Limited ("Google"), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. The link to YouTube's privacy policy can be found here: Privacy Policy and Terms of Use.
- Facelift Brand Building Technologies GmbH, Gerhofstr. 19, 20354 Hamburg. The link to the privacy policy of Facelift BBT can be found here: Privacy Policy of Facelift BBT.

1.8. LOCATION DATA

For certain purposes, we also collect data about the current location of your device when you use our services. In doing so, we collect location data derived from the IP address of your device (down to the city level). An anonymized IP address shortened to three digits is used for this purpose. This can therefore no longer be used to identify your internet connection or device.

WHAT ARE IP ADDRESSES?

Every device connected to the Internet must be assigned a unique multi-digit number (example: 193.99.144.85). This is called an IP address.

The first three digits of an IP address are usually assigned to a specific region or Internet provider. Therefore, the approximate location of the Internet connection can be derived from the IP address. This procedure (so-called geolocation) is used by us and many other online stores, for example, in fraud detection to identify suspicious orders (e.g., in certain situations it may be suspicious if the IP address of a country from which you have not yet placed orders is used for an order via your customer account).

1.9. INFORMATION FOR PROMOTIONS AND SURVEYS

If you participate in a promotion (e.g., sweepstakes) or survey (e.g., customer satisfaction surveys as part of market research) offered by KICKZ, we will ask you for information about yourself.

For example, in the case of a sweepstakes, we usually ask for your name and e-mail address so that we can inform you if you win and to ensure that each participant takes part in the sweepstakes only once. For some promotions and surveys, we may also ask you for more detailed information. This may be the case, for example, if we are running a promotion with a partner and the partner requires information about you in order to provide you with the prize. In these cases, however, we will always inform you separately about the data required and how we will use it.

1.10. APPLICATIONS

For the purposes of managing your online application, we collect, process and use your personal data that you disclose to us in your online application or when contacted directly by our recruiters. In principle, you decide which data you want to enter and pass on to us. Mandatory information includes your first and last name, e-mail address, resume and proof of qualifications. However, if you do not provide us with personal data that is relevant to the application process, such as information about your education or employment history, we may not be able to process or properly evaluate your application. In your application, you may provide us with a link to your profile on LinkedIn, XING or similar professional or social media websites. We also obtain personal data from you from job interviews when we talk to you about your background and profile.

We do not advise you, unless we specifically request it, to provide us with personal data that may be considered sensitive personal data, such as information about racial or ethnic origin, marital status, political opinions, religion or other beliefs, health, criminal records, or trade union memberships. Such sensitive information may, under certain circumstances, mean that we are not permitted to process your applicant data and thus your application cannot be processed or cannot be processed in full. We do not require you to include a photograph with your resume, but we do not discourage it. In addition, if required for a particular position and in accordance with the law, we may ask you to provide health information or other sensitive data. If you provide us with such information, we will handle it responsibly and obtain your explicit consent to process it.

If you disclose personal information about others in your application, you represent that you are authorized to do so and that you permit us to use such information in accordance with this Privacy Policy.

1.11. DEVICE AND ACCESS DATA

When using online and mobile services, it is unavoidable that technical data is generated and processed in order to provide the functions and content offered and to display them on your device. We refer to this data collectively as "device and access data". Device and access data is generated every time you use an online and mobile service. It does not matter who the provider is. Device and access data therefore accrue, for example, when you use:

- Websites
- Social media fanpages
- E-mail newsletters (i.e., when your newsletter interaction is captured)
- Location-based services

On the one hand, KICKZ collects device and access data from online and mobile services offered by KICKZ itself (e.g. KICKZ Shop). On the other hand, KICKZ may receive device and access data from online and mobile services offered by other companies if they are social media or advertising partners of KICKZ or participate in the same online advertising networks (e.g., the "Google advertising network". For more information, see "How does KICKZ use my data for advertising?" and "Info on social media fanpages".

DEVICE AND ACCESS DATA INCLUDES THE FOLLOWING CATEGORIES:

- General device information, such as device type, operating system version, configuration settings (e.g. language settings, system permissions), internet connection information (e.g. mobile network name, connection speed).
- Identification data (IDs), such as session IDs, cookie IDs, unique device identifiers (e.g. Google Advertising ID, Apple Ad ID), third-party account IDs (if you use social plug-ins or payment via PayPal), and other common Internet technologies to recognize your web browser, device, or a particular app installation.
- Access data that is automatically transmitted by apps and web browsers every time you access web servers and databases online (as part of so-called HTTP requests). This is standardized information about the requested content (such as the name and file type of a called file) as well as further information about the server access (such as transmitted data volume and error codes), about your device (e.g. device type, operating system, software versions, device identifiers, IP address, the previously visited page and the time of access.

2. WHAT DOES KICKZ USE MY DATA FOR?

KICKZ processes your data in compliance with all applicable data protection laws. In doing so, we naturally observe the principles of data protection law for the processing of personal data. Therefore, as a matter of principle, we process your data only for the purposes explained to you in this privacy policy or communicated to you when collecting the data. These are primarily the purchase processing and the provision, personalization and further development as well as the security of our services. In addition, we also use your data within the framework of strict German and European data protection law for other purposes, such as product development, and market research, for the optimization of business processes, the needs-based design of our services and for personalized advertising.

In this section, we also inform you about the legal basis on which we process data for the individual purposes. Depending on the legal basis on which we process your data, you may be entitled to special data protection rights - in addition to your always existing data protection rights such as the right to information. For example, in some cases you have the right to object to the processing of your data. For more information, see "What data protection rights do I have?"

2.1. PURCHASE PROCESSING AND PROVISION OF ONLINE, LOCAL AND PERSONALIZED SERVICES

We process your data to the extent necessary in each case for the performance of the contract and for the provision and implementation of other services requested by you, as described in this Privacy Policy. The purposes of the data processing required in each case therefore depend on the purpose of the contract agreed with you in each case (including our General Terms and Conditions and, where applicable, service-specific terms of business or use) or services requested by you. The main purposes are:

- The provision, personalization and needs-based design of our services such as the KICKZ Shop.
- The provision of local services, e.g., in KICKZ Stores and at event functions and trade fairs.
- The execution of sales contracts and customer service, including shipping and payment processing, claims management, and the processing of returns, complaints, and warranty cases.
- The provision of news, notifications, newsletters and other direct communications where this is an integral part of our contractual services or the services you have requested.

EXAMPLES

- If you subscribe to our KICKZ newsletter, you will receive our KICKZ newsletter on a regular basis with information on current sales promotions.
- To ensure the general security, operability and stability of our Services, including defense against attacks.
- The non-promotional communication with you on technical, security and contract-related subjects (e.g. fraud warnings, account blocking or contract changes).
- The issuance, redemption, delivery of KICKZ vouchers.
- The implementation of promotions and sweepstakes.

LEGAL BASIS:

Insofar as the purpose is the performance of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6(1) lit. b GDPR. Otherwise, the legal basis is Article 6(1) lit. f GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

2.2. CUSTOMER ACCOUNT AND KICKZ BALLERS CLUB PROGRAM

We process personal data when you register for a customer account and our KICKZ Ballers Club program. This includes the data you provide during registration, e.g. your name, address, date of birth, e-mail address and password. In addition, you can provide optional information, e.g. your favorite team, favorite player, whether you play basketball yourself, your shoe size etc.

Whenever you are logged into your customer account and make purchases from our online store, our retail stores or affiliated online stores, information about your purchases will be transmitted to your customer account. This includes the place and date of purchase, the price of the goods purchased, and which goods you purchased or returned. This information is used in particular to calculate your score in the Ballers Club program.

In addition, we use this data for our own advertising purposes and want to be in a position, based on the data, to send you more accurate information, offers and individualized advertising in the future - e.g. by letter or, when you have given your consent, also by e-mail. Your data will only be used by us and will not be passed on to third parties. The legal basis for the processing of the data is Art. 6 (1) a, b and f GDPR.

We use the technical service provider Emarsys eMarketing Systems AG, Mรคrzstrasse 1, A-1150 Vienna, to send information e-mails and to determine further information (e.g. your score in the Kickz Ballers Club program). We pass the data you provided when registering your customer account on to Emarsys so that Emarsys can send the e-mails on our behalf and evaluate them statistically. The evaluation is done with the help of web beacons or tracking pixels to find out whether a message was opened and which links were clicked. The data is used exclusively for the statistical analysis of e-mail campaigns and is collected pseudonymously without any direct personal reference. In addition, Emarsys collects information such as your score, but also registrations for tournaments, etc. via the so-called loyalty add-on. The data is stored on Emarsys servers within the EU. We have signed an processing agreement with Emarsys to protect your data. The privacy policy of Emarsys can be found on their website under Protected link.

If you decide to delete your customer account, we will also delete the data stored for this purpose, unless and to the extent that there are legal retention periods.

2.3. ADVERTISING AND MARKET RESEARCH, DATA ANALYSES

We use your data, including in the context of data analyses, for advertising and market research purposes. In doing so, we pursue the following purposes in particular:

- Classification into different target and user groups as part of market research (user segmentation).
- Insights into different target groups and their respective usage habits and shopping interests.
- The acquisition of insights into the demographics, interests, shopping and usage habits of our users and the marketing of these insights as part of advertising services provided to third parties.
- The early identification of trends in fashion and online shopping.
- The performance of existing customer advertising.
- The execution of direct advertising, e.g. in the form of newsletters.
- The planning, execution and success monitoring of advertising that corresponds to the interests of the target groups addressed (personalized advertising).
- Insights into how our services are used (usage analysis).
- The marketing of the above-mentioned insights as part of advertising services for advertising customers.

Depending on the purpose, we use the data stored by us for data analyses. For example, for analyses of the purchasing behavior of our users, we use summarized (aggregated), statistical, depersonalized (anonymized) profile data or such data that can only be assigned to persons via further intermediate steps (pseudonymized profile data), as well as purchasing data and device and access data, in order to be able to track and analyze purchase transactions through data analyses. We thereby gain anonymous or pseudonymized insights into the general usage behavior of our users.

We process your data on the basis of a balancing of interests to protect the legitimate interests of us or a third party (these may be, for example, advertising partners or merchants participating in Zalando's partner program). The legitimate interest of KICKZ or third parties in the data processing results from the respective purposes and is, unless otherwise stated, of a competitive and economic nature.

LEGAL BASIS:

Insofar as data processing for the purposes described above is carried out with your consent, the legal basis is Article 6 paragraph 1 lit. a GDPR(consent). Otherwise, data processing is carried out on the basis of Article 6 paragraph lit. GDPR, where the legitimate interests lie in the above-mentioned purposes.

2.4. BASED ON YOUR CONSENT

If you have given us consent to process personal data, your consent is the primary basis for our data processing. Which of your data we process based on your consent depends on the purpose of your consent. Typical purposes are, for example:

- Ordering a newsletter.

REVOCATION NOTICES

You can revoke a previously given consent at any time with effect for the future, e.g. by mail, letter or fax. There is a corresponding unsubscribe link in every newsletter. You can find further information under "What data protection rights do I have?"

2.5. OTHER PURPOSES

If permitted by data protection law, we may also use your data without your consent for new purposes, such as conducting data analyses and further developing our services and content. The prerequisite for this is that these new purposes for which the data is to be used were not yet determined or foreseeable when the data in question was collected and that the new purposes are compatible with the purposes for which the data in question was originally collected. For example, new legal or technical developments and novel business models and services may lead to new processing purposes.

2.6. SALESFORCE COMMERCE CLOUD

We use Salesforce Commerce Cloud (hereinafter "Salesforce") as our store system and to manage our customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich. Salesforce is our store system, through which orders are processed, as well as a CRM system which enables us, for example, to manage our customers and their contact data and to organize communication processes. In addition, Salesforce enables us to analyze our customer-related processes. Customer data is stored on Salesforce servers, which are generally located at sites within the EU. We cannot rule out the possibility that, in exceptional cases, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. More information on the functions of Salesforce can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.

The use of Salesforce is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most efficient operation of our online store as well as functional customer management and customer communication. If consent has been requested for individual processing operations, the processing is based on Art. 6 (1) a GDPR; consent can be revoked at any time.

Salesforce has so-called Binding Corporate Rules (BCR). These are binding internal company rules that legitimize the internal company data transfer to third countries outside the EU and the EEA. Salesforce's BCRs have been approved by the French data protection authority. Details can be found at https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html. In addition, Salesforce, Inc. is certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzLyAAK&status=Active.

For more information about Salesforce's privacy practices, please visit: https://www.salesforce.com/de/company/privacy/.

2.7. PINGONE CLOUD PLATFORM

We use the PingOne cloud platform (hereinafter "PingOne") to centrally manage our customer data. The provider is Ping Identity Corporation, 1001 17th Street, Suite 100, Denver, CO 80202, USA. PingOne is a platform that enables us to centrally manage all of our customers' data and organize communication processes - including those related to other services. The customer data is stored on servers, which are usually located within the EU. We cannot exclude the possibility that in exceptional cases personal data may be transferred to servers outside the EU. You can find more information about the functions of PingOne here: https://www.pingidentity.com/en/platform.html.

The use of PingOne is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in managing our customers' data as efficiently as possible and in providing functional customer communication. If consent has been requested for individual processing activities, the processing is based on Art. 6 (1) lit. a DSGVO; the consent is voluntary and can be withdrawn at any time.

Ping Identity Corporation processes the personal data of our customers on our behalf. We have concluded a processing agreement with Ping Identity Corporation in accordance with Art. 28 DSGVO and have made sure that Ping Identity Corporation maintains appropriate technical and organizational measures to protect this data. In the event that personal data is transferred to servers outside the EU, so-called standard contractual clauses have also been agreed to with Ping Identity Corporation. Furthermore, Ping Identity Corporation has assured additional measures to protect the data, for example, from access by security authorities and secret services. The processing agreement can be found here: https://www.pingidentity.com/en/legal/data-privacy-addendum.html. The standard data protection clauses are available here: https://download.pingidentity.com/public/legal/data-transfer-addendum.pdf.

Ping Identity Corporation is certified under the Data Privacy Framework. For details, visit https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNjYAAW&status=Active.

Further information on data protection at PingOne can be found here: https://www.pingidentity.com/en/legal/privacy.html.

2.8. MICROSOFT 365 ENTERPRISE SUITE AND POWER BI

We use the Microsoft 365 Enterprise Suite to manage customer data and the Power BI service for business analysis and visualization purposes. The provider of both services is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. These services are cloud software that is operated on Microsoft Corporation servers in the USA.

For the aforementioned purposes, our customers' personal data, in particular names, email addresses and order histories, are uploaded to these servers, stored there in the Enterprise Suite and processed and analyzed by Power BI. Furthermore, cookies are used on our website. With the help of these cookies, information on the use of our website is collected and, if necessary, merged and visualized with the personal data processed by Power BI.

The Enterprise Suite and Power BI are used in the interest of effective management of customer data, comprehensive business analysis and visualization. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data is transferred to the USA on the basis of the EU Commission's adequacy decision on the US-EU Data Privacy Framework. The Microsoft Corporation is certified under the Data Privacy Framework. We have also concluded standard contractual clauses with Microsoft Corporation, according to which Microsoft Corporation is contractually obliged to guarantee an appropriate level of protection. Extensive additional protective measures are also implemented, for example the data processed in the Enterprise Suite is encrypted by us.

You can find more information on the handling of user data in Microsoft's privacy policy: https://learn.microsoft.com/en-us/microsoft-365/solutions/data-privacy-protection?view=o365-worldwide

3. INFO ON WEBSITES

We use your data to provide the KICKZ websites. In addition to the device and access data that is generated each time you use these services, the type of data processed and the processing purposes depend in particular on how you use the functions and services provided via our services. In addition, we use the data generated by the use of our services to find out how our online offering is used. We use this information, among other things, to improve our services and for personalized advertising.

3.1 PROVIDER

You can find the responsible provider of the service in the imprint of the respective website.

3.2. WHAT DATA IS COLLECTED?

We generally collect all data that you provide directly to us through our Services.

DEVICE AND ACCESS DATA

Every time our servers and databases are accessed, device and access data is collected and logged in so-called server log files. The IP address contained therein is anonymized for a short time after the end of the respective access, as soon as the storage is no longer necessary for maintaining the functionality of the respective website.

If available and activated on your device, we also collect a device-specific identification number (e.g. a so-called "advertising ID" if you use an Android device or "Ad-ID" if you use an Apple device). This device identifier is assigned by the manufacturer of your device's operating system and can be read and used by websites to present you with content based on your usage habits. If you do not want this to happen, you can disable it at any time in your device's browser settings or system preferences.

LOGIN

We set up password-protected personal access for users who register for a customer account or other service. Depending on the type of service, cookie or similar technology may be used for this purpose. This feature allows you to use some of our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your profile data or place an order.

INFORMATION ABOUT WEBSITE COOKIES

Our websites use cookies. Accepting cookies is not a prerequisite for visiting our websites. However, please note that our websites may have limited functionality if you do not accept cookies. You can set your web browser to accept cookies only if you agree to this.

WHAT ARE COOKIES?

Cookies are small text files that are stored by your web browser and save certain settings and data for exchange with our web server. Basically, there are two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies, which are stored for a longer period of time. This storage helps us to design our websites and services accordingly for you and makes it easier for you to use them, for example by storing certain entries made by you in such a way that you do not have to keep repeating them.

The cookies used by our websites may originate from KICKZ or from advertising partners. If you only wish to accept the KICKZ cookies, but not the cookies from our advertising partners, you can select a corresponding setting in your browser (e.g. "Block third-party cookies"). As a rule, you will be shown in the menu bar of your web browser via the help function how to reject new cookies and switch off those you have already received. We recommend that if you use shared computers that are set to accept cookies and Flash cookies, that you log out completely when you are finished using our websites.

THREE CATEGORIES OF COOKIES ARE USED FOR OUR SERVICES:

• Necessary cookies: these cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the shopping cart function, so that the goods remain stored in your shopping cart while you continue shopping. The necessary cookies are also used to save certain entries and settings that you have made, so that you do not have to keep repeating them, and to tailor KICKZ content to your individual interests. Without necessary cookies, the website cannot be used or can only be used to a limited extent.
• Statistics cookies: These cookies collect device and access data to analyze the use of our websites, such as which areas of the website are used and how (so-called surfing behavior), how quickly content is loaded and whether errors occur. These cookies contain only anonymous or pseudonymous information and are used only to improve our website and find out what interests our users, as well as to measure how effective our advertising is. Statistics cookies can be blocked without affecting the navigation and operation of the website.
• Marketing cookies ("tracking cookies"): these cookies contain identifiers and collect device and access data in order to tailor personalized advertising on KICKZ websites to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our websites. This allows us to show you personalized advertising that matches your interests on other websites and in apps from other providers (so-called retargeting). Marketing cookies can be blocked without affecting the navigation and operation of the website. However, shopping personalization may then not be possible.

For the KICKZ Shop, we have compiled country-specific overviews of all cookies used. You can find these under "Notes on cookies".

3.3. ONLINE ADVERTISING/RETARGETING

Our websites contain cookies and similar tracking technologies from advertising partners that operate an online advertising network. In this way, it is also possible for our advertising partners to collect your device and access data and to present you with personalized advertising on other websites, including those of other providers, that is based on your interests (e.g., advertising based on which products you have previously viewed in the KICKZ store).

For more information, please see "How does KICKZ use my data for advertising?"

You can deactivate the processing of your data for retargeting at any time:

To do so, please deactivate the usage analysis.

For other websites and apps, you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Disable Other Advertising.

3.4. USAGE ANALYSIS

We use common tracking technologies in all our services to analyze device and access data. This allows us to learn how our service is generally used by our users. Identification cookies and comparable identifiers are used for this purpose. In this way, we learn, for example, which content and topics are particularly popular, at which times our services are used particularly frequently, from which regions (down to city level) our services are used, and which browsers and devices our users generally use. We also occasionally conduct so-called A/B tests as part of our usage analysis. A/B tests are a special variant of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website to learn which version performs better, is more popular, or lets users find the content they're looking for faster. By creating a version A and a version B and testing both versions, data is obtained that can be used to facilitate and speed up decisions about changes to services and content.

You can find out which tracking tools are used in our websites under "Notes on cookies". There you will also find information on how to disable usage analysis.

4. INFO ON SOCIAL MEDIA FANPAGES

KICKZ maintains social media profiles on the social networks of Facebook and Instagram (so-called "fanpages"). On our Fanpages, we regularly publish and share content, offers, and product recommendations. With every interaction on our fanpages or other Facebook or Instagram websites, the operators of the social networks record your usage behavior with cookies and similar technologies. Fan page operators may view general statistics about the interests and demographic characteristics (such as age, gender, region) of the fan page audience. If you use social networks, the nature, scope and purposes of social network data processing are primarily determined by the social network operators.

4.1. PROVIDER / RESPONSIBLE PARTY

The responsible KICKZ company acting as the provider responsible for the content of a fan page can be found in the imprint information on the respective fan page. The social networks Facebook and Instagram are each offered by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Insofar as you communicate directly with us via our fan pages or share personal content with us, KICKZ is responsible for processing your data. An exception applies to the data processing described below for usage analysis (page insights); we are jointly responsible for this with Facebook.

PROCESSING OF YOUR DATA BY FACEBOOK

Please note that Facebook also processes your data when you use our fan pages for its own purposes, which are not depicted in this privacy policy. We have no influence on these data processing operations at Facebook. In this respect, we refer to the data protection notices of the respective social networks:

Privacy policy of Facebook
Privacy policy of Instagram

4.2. WHAT DATA IS COLLECTED?

When you visit our fan pages, KICKZ generally collects all messages, content and other information that you share with us directly there, such as when you post something on a fan page or send us a private message. If you have an account with the respective social network, we can of course also see your public information, such as your user name, information in your public profile, and content that you share with a public audience. For more information, see "What data does KICKZ process?".

USAGE ANALYSIS (PAGE INSIGHTS).

Every time you interact with Fanpages, Facebook uses cookies and similar technologies to record the usage behavior of Fanpage visits. On this basis, the fan page operators receive so-called "page insights". Page insights contain only statistical, depersonalized (anonymized) information about visitors to the fan page, which can therefore not be assigned to any specific person. We have no access to the personal data used by Facebook for the creation of Page Insights ("Page Insights data"). The selection and processing of Page Insights data is carried out exclusively by Facebook.

With the help of Page Insights, we obtain insights into how our Fanpages are used, what interests the visitors to our Fanpages have, and which topics and content are particularly popular. This allows us to optimize our fan page activities, for example, by better responding to the interests and usage habits of our audience when planning and selecting our content. KICKZ and Facebook are jointly responsible for processing your data for the provision of Page Insights. For this purpose, we and Facebook have entered into an agreement specifying which company fulfills which data protection obligations under the GDPRwith respect to the processing of Page Insights data.

MORE INFO ON PAGE-INSIGHTS

You can view the agreement with Facebook here:

https://www.facebook.com/legal/terms/page_controller_addendum
Facebook has summarized the key contents of this agreement (including a list of Page Insights data) for you here:

https://www.facebook.com/legal/terms/information_about_page_insights_data

LEGAL BASIS:

Insofar as you have consented to Facebook in relation to the creation of Page Insights described above, the legal basis is Article 6(1) lit. a GDPR(consent). Otherwise, the legal basis is Article 6(1) lit. f GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

4.3. WHAT DATA PROTECTION RIGHTS DO I HAVE?

Your data protection rights described under "What data protection rights do I have?" naturally also exist with regard to the processing of your data in connection with our fan pages. For the processing of your Page Insights data together with Facebook, we have agreed with Facebook that Facebook is primarily responsible for providing you with information about the processing of your Page Insights data and for enabling you to exercise your data protection rights to which you are entitled under the GDPR (e.g., right to object). More information about your data protection rights in connection with Page Insights and how you can exercise them directly with Facebook can be found here:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Tip: You can also address your request to KICKZ; we will then forward your request to Facebook.

5. NEWSLETTER

We offer several newsletter services. You will receive information about the topics covered by each newsletter and other notices when you sign up for a newsletter service. When you use our newsletters, we also collect device and access data.

5.1. HOW DO I REGISTER?

For the dispatch of our newsletters requiring registration (such as the KICKZ Shop Newsletter), we use the so-called double opt-in procedure or single opt-in procedure (depending on the country), i.e. we will only send you a newsletter if you have previously expressly agreed that we should activate the newsletter service. If a double opt-in is required in your country, you must also have confirmed that the e-mail address you provided belongs to you. For this purpose, we will send you a notification e-mail and ask you to confirm that you are the owner of the e-mail address provided by clicking on a link contained in this e-mail. We may not take this action if you have already confirmed to us in this manner for another purpose that you are the owner of that e-mail address.

5.2 CANCELLATION

Should you later no longer wish to receive newsletters from us, you may object to this at any time without incurring any costs other than the transmission costs according to the prime rates. A message in text form (e.g. e-mail, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every newsletter.

5.3. WHAT DATA IS COLLECTED?

When you register for a newsletter, we automatically save your IP address and the times of registration and confirmation. This allows us to prove that you have actually subscribed and, if necessary, to detect misuse of your e-mail address. We collect device and access data that is generated when you interact with a newsletter. For this evaluation, the newsletters contain links to image files that are stored on our web server. When you open a newsletter, your e-mail program loads these image files from our web server. We record the resulting device and access data in pseudonymized form under a randomly generated identification number (newsletter ID), which we do not use to identify you without your consent. This allows us to track whether and when you have opened which issues of a newsletter. The links contained in the newsletters also contain your newsletter ID so that we can record which content interests you. With the data obtained in this way, we create a user profile for your newsletter ID in order to personalize newsletter content according to your interests and usage habits and to be able to statistically analyze how our users use the newsletter service. We link this data with the data we collect as part of the usage analysis. This is an integral part of the KICKZ Shop newsletter service.

You can object to the newsletter analysis at any time by deactivating the newsletter service in question. Of course, you will also find an unsubscribe link in every issue of our newsletter. You can also find more information under "What data protection rights do I have?" Alternatively, you can deactivate the display of images in your e-mail program. In this case, however, the newsletter will not be able to be displayed to you in full.

6. VOUCHERS

We use the data provided in the context of an order for KICKZ vouchers to check and process the order and to send and redeem the voucher. This also includes the logging and processing of data related to the use of the voucher, in particular to prevent fraud.

FOR THESE PURPOSES, WE ALSO STORE THE FOLLOWING DATA:

- Date of issue
- voucher value
- voucher code
- Time of voucher redemption

7. HOW DOES KICKZ USE MY DATA FOR ADVERTISING?

We and our advertising partners use your data for personalized advertising presented to you in the services of KICKZ and on the websites of other providers. For this purpose, we and our advertising partners use standard Internet technologies. This enables us to advertise in a more targeted manner in order to present you, as far as possible, only with advertising and offers that are actually relevant to you. This allows us to better meet our users' needs for personalization and discovery of new products, and to keep you interested in our services over the long term by providing a more personalized shopping experience.

EXAMPLE

If you search for sports shoes on the website of a KICKZ advertising partner, we can take this information into account when searching for products in the KICKZ Shop. For example, we can show you sports shoes first in the "Shoes" section or recommend sports shoes already in the feed on the home page. If you tell us your preferences in your customer account or if you have already bought sporting goods from us, we can also take this information into account in our recommendations.

7.1. ADVERTISING FORMATS AND CHANNELS

The advertising formats used by KICKZ include advertisements on social networks (e.g. Facebook Ads, Instagram Ads, YouTube Video Ads) and advertising spaces brokered through online advertising networks used by KICKZ, such as DoubleClick by Google.

7.2. ON SOCIAL NETWORKS

If we carry out advertising via the advertising formats of social networks (e.g. YouTube, Facebook, Instagram), we have the option of passing on information about the users of KICKZ Services (e.g. device and access data such as advertising and cookie IDs, e-mail addresses), of whom we suspect that they belong to the target group of an advertiser or that they have certain characteristics (e.g. age group, region, interests), to the respective social network in encrypted form.

The respective social network will then - either on our behalf as a processor or with the consent of the relevant user - decrypt the data transmitted by us and present the user (provided that the user is a member of the respective social network) with the advertising booked by us as part of his or her existing user relationship with the respective social network.

You may additionally have the option to deactivate the use of your data for personalized advertising by the social networks you use directly with the respective providers. For more information, please contact them directly:

FACEBOOK (FACEBOOK, INSTAGRAM):
Facebook Ads information
Facebook Ads settings

GOOGLE (GOOGLE AD NETWORK, YOUTUBE, GOOGLE SEARCH):
Information about Google Ads
Ads settings for Google

7.3. ON ADVERTISING SPACE MEDIATED VIA ONLINE ADVERTISING NETWORKS (RETARGETING).

Advertising partners who operate an online advertising network may use cookies and similar technologies in the KICKZ Shop and on websites of other providers for the pseudonymous recording of your usage behavior based on device and access data. These advertising partners use the collected data to identify the likelihood that you belong to the target group addressed by us and take this into account when selecting the advertisements on the advertising spaces mediated via its online advertising network. This standard Internet technology is known as retargeting. Retargeting enables us to place advertisements that are as relevant to you as possible and to measure the efficiency and reach of the advertising media, as well as to review the billings of our advertising partners for campaigns placed.

You can obtain further information from the operators of the respective advertising spaces and the online advertising networks commissioned with their placement. You can find an overview of the advertising partners and information on how to deactivate them under "Notes on cookies". For our websites, you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Disable Further Advertising.

Please note that the data used for retargeting is also needed for other purposes (including the provision of our services). Therefore, deactivation will not stop the collection of the data used for this purpose. However, the advertising presented to you will then not be personalized.

8. TO WHOM WILL MY DATA BE PASSED ON?

KICKZ only passes on your data if this is permitted under German or European data protection law. We work particularly closely with some service providers, for example in the area of customer service (e.g. hotline service providers), with technical service providers (e.g. operation of data centers) or with logistics companies (e.g. postal companies such as DHL). In principle, these service providers may only process your data on our behalf under special conditions. Insofar as we use them as processors, the service providers will only have access to your data to the extent and for the period of time that is necessary for the provision of the respective service. If you make a purchase from a KICKZ partner, we will pass on certain purchasing data from you to the KICKZ partner (e.g. your name and delivery address) so that the KICKZ partner can deliver the ordered goods to you.

8.1. COMPANY OF THE PLAYHARD GROUP

KICKZ is a company of the Playhard Group. Within the Playhard Group, many systems and technologies are shared. This enables us to provide you with a cheaper, better, more secure, more consistent and more interesting service. Therefore, within the Playhard Group, those companies and departments will have access to your data that need it to fulfill our contractual and legal obligations or to perform their respective functions within the Playhard Group.

8.2. SHIPPING COMPANIES

For the delivery of orders we cooperate with external shipping service providers (e.g. DHL). These shipping service providers receive the following data from us for the execution of the respective order:

- Your name
- Your delivery address
- if applicable, your postal number (if you would like to have the order delivered to a DHL packing station)
- If applicable, your e-mail address (if the shipping service provider would like to inform you by e-mail about the expected delivery date).

8.3. TECHNICAL SERVICE PROVIDERS

We work with technical service providers to provide you with our services. These service providers include, for example, Telekom Deutschland GmbH, Salesforce.com EMEA Ltd. or Amazon Web Services, Inc. If they process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that in the European Union. In such cases, KICKZ will ensure that the service providers in question guarantee an equivalent level of data protection by contract or otherwise.

8.4. SOCIAL MEDIA NETWORKS

As part of advertising campaigns, we share data with social network providers in accordance with data protection law. For more information, see "How does KICKZ use my data for advertising?".

8.5. AUTHORITIES AND OTHER THIRD PARTIES

Insofar as we are obligated by an authority or court decision or for legal or criminal prosecution, we will pass on your data to law enforcement authorities or other third parties if necessary.

9. WHAT DATA PROTECTION RIGHTS DO I HAVE?

You have the following legal data protection rights under the respective legal requirements: Right of access (Article 15 GDPR), Right of erasure (Article 17 GDPR), Right of rectification (Article 16 GDPR), Right of restriction of processing (Article 18 GDPR), Right of data portability (Article 20 GDPR), Right of complaint to a data protection supervisory authority (Article 77 GDPR), Right of withdrawal of consent (Article 7(3) GDPR) and the right to object to certain data processing measures (Article 21 GDPR). You can find the contact details for your requests under "Contact persons".

IMPORTANT NOTES:

To ensure that your data is not released to third parties in the event of a request for information, please enclose sufficient proof of identity with your request by e-mail or by post.

Tip:
It is usually sufficient for this purpose if you send us your request using the e-mail address stored in your customer account. You can change most of your details yourself in your customer account. For all other cases, please contact customer service. The responsibilities of the data protection authorities depend on the location of the controller. However, you can also contact the data protection authority in your place of residence, which will then forward your complaint to the competent authority. The lead authority responsible for KICKZ is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany.

If you have given your consent to the processing of your data, you may revoke this consent at any time. A revocation has no effect on the permissibility of the processing of your data carried out before your revocation. You may object to the processing of your data for advertising purposes, including direct advertising (also in the form of data analyses) at any time without giving reasons.

If we base the processing of your data on a balance of interests pursuant to Article 6(1)(f) GDPR(e.g. the reporting of creditworthiness data to an external credit agency), you may object to the processing. When exercising an objection, we ask you to explain the reasons why we should not process your data. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the processing or inform you of our compelling legitimate grounds on the basis of which we may continue the processing.

10. WHEN WILL MY DATA BE DELETED?

We will store your personal data for as long as it is necessary for the purposes stated in this Privacy Policy, in particular to fulfill our contractual and legal obligations. If applicable, we will also store your personal data for other purposes if or as long as the law allows us to continue storing it for certain purposes, including for the defense of legal claims.

If you close your customer account, we will delete all data stored about you. If complete deletion of your data is not possible or not required for legal reasons, the data in question will be blocked for further processing.

WHAT DOES BLOCKING MEAN?

When data is blocked, access rights are restricted and other technical and organizational measures are taken to ensure that only a few employees can access the data in question. These employees are then only allowed to use the blocked data for the previously defined purposes (e.g., in the case of a tax audit for submission to the tax office).

BLOCKING TAKES PLACE, FOR EXAMPLE, IN THE FOLLOWING CASES:

Your order and payment data and, if applicable, other data are generally subject to various statutory retention obligations, such as those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The law obliges us to retain this data for up to ten years for tax audits and economic audits. Only then may we finally delete the data in question.

Even if your data is not subject to a legal obligation to retain it, we may refrain from immediate deletion in cases permitted by law and instead first block it. This applies in particular in cases where we may still need the data in question for further contract processing or legal prosecution or legal defense (e.g. in the case of complaints). The relevant criterion for the duration of the blocking is then the statutory limitation periods. After expiry of the relevant limitation periods, the relevant data will be permanently deleted.

Deletion may be waived in cases permitted by law, insofar as anonymous or pseudonymized data is involved and deletion would make processing for scientific research purposes or for statistical purposes impossible or seriously impair such purposes.

11. HOW DOES KICKZ PROTECT MY DATA?

Your personal data is transferred securely by us through encryption. This applies to your order and also to the customer login. We use the SSL (Secure Socket Layer) coding system for this purpose. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.

12. CHANGES TO THIS PRIVACY POLICY AND CONTACT PERSONS

As we continue to develop our websites and implement new technologies to improve our service to you, changes to this privacy notice may become necessary. Therefore, we encourage you to review this Privacy Policy from time to time. You can always contact our data protection team at datenschutz@kickz.com for general questions about data protection as well as to enforce your rights.

For direct contact with our data protection officer, please send your request by mail to the address below with the note "For the attention of the data protection officer":

DATA PROTECTION
KICKZ.com GmbH
Landwehrstrasse 60
80336 Munich
Fax: +49 (0) 89 324 781 99
E-Mail: datenschutz@kickz.com

13. NOTES ON COOKIES AND THIRD-PARTY PROVIDERS

Here you can find out which cookies we use and which third-party providers process personal data via technical integration on our website. If the third-party provider transmits personal data to servers in the USA and processes it there, this is usually done to providers that are certified in accordance with the Transatlantic Data Privacy Framework. If, exceptionally, a provider is used that is not certified accordingly, the data transfer will take place on the basis of your consent in accordance with Art. 49 (1) 1 a GDPR. We expressly point out that there may be risks associated with the transfer of data to the USA, in particular due to possible access by US security authorities and intelligence services.

13.1. GOOGLE ANALYTICS

Our website uses Google Analytics, a web analytics service provided by Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland ("Google"). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there. However, your IP address will be shortened before the usage statistics are analyzed so that no conclusions can be drawn about your identity. For this purpose, Google Analytics on our website has been extended by the code "anonymizeIP" to ensure anonymized collection of IP addresses.

Google will process the information obtained through the cookies in order to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. As shown above, you can configure your browser to reject cookies, or you can prevent the collection of data generated by cookies and related to your use of this website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on provided by Google. This will prevent data collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you must click this link again.

We process data with the help of Google Analytics for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

For more information, please refer to Google's privacy policy.

13.2. GOOGLE ADS

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features. In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 (1) a GDPR. Google LLC and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

13.3. GOOGLE DOUBLE CLICK

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a DoubleClick ad has previously been displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same Internet browser.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data is passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy policy of DoubleClick by Google can be found at https://policies.google.com/privacy.

We process your data with the help of the DoubleClick cookie for the purpose of optimizing and displaying advertisements based on your consent pursuant to Art. 6 (1) lit. a GDPR. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 (3) GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertising. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Google LLC and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

13.4. GOOGLE OPTIMIZE

We use Google Optimize from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to perform so-called A/B tests on our online offering. This involves simultaneously publishing different versions of our online offering and measuring which of these versions is more user-friendly. When testing the versions, data such as the operating system used, the user agent of the browser and the time of the call can be collected in order to measure the success of the version. Web tracking technologies are used to associate the above data with the version of our online offering being tested.

The use of Google Optimize is based on our legitimate interests, i.e. interest in optimizing our online offer according to Art. 6 (1) f GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Google LLC and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active. Further information can be found in the privacy policy for Google Optimize: https://policies.google.com/privacy.

13.5. GOOGLE TAG MANAGER

We use Google Tag Manager as a server-side service hosted by Ingenious Technologies AG, Stresemannstr. 123, 10963 Berlin, Germany. Google Tag Manager is used to manage website tags through one interface and allows us to control the exact integration of services on our website. This allows us to flexibly integrate additional services to evaluate user access to our website.

The server-side hosting by Ingenious Technologies AG prevents personal data, in particular your IP address, from being transferred to Google in order to retrieve the Google Tag Manager container when you access our website. Instead, the container is downloaded from a server of Ingenious Technologies AG located in Germany. In this way, we help to ensure that no personal data is transmitted to the USA against your will.

The use of the Google Tag Manager in the server-side hosted version is based on our legitimate interests, i.e. interest in optimizing our services according to Art. 6 para. 1 lit. f. GDPR. The specific storage period of the processed data cannot be controlled by us, but is determined by Ingenious Technologies AG. Further information can be found in the privacy policy: https://www.ingenioustechnologies.com/privacy-policy/.

13.6. GOOGLE RECAPTCHA

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's browsing time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

The service is used on the basis of our legitimate interests, i.e. for protection when submitting forms in accordance with Art. 6 (1) f GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Google LLC and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

13.7. HOTJAR BEHAVIOR ANALYTICS

Our website uses Hotjar, a web analytics service provided by Hotjar Ltd, 3 Elia Zammit Street, St Julians STJ 1000, Malta ("Hotjar"). Hotjar is used to create so-called heat maps. Heat maps graphically represent statistics about mouse movements and clicks on our site. This allows us to identify frequently used features of our website and further improve the site. Hotjar uses cookies and similar technologies to analyze our website with regard to your user behavior. However, your IP address is shortened before the usage statistics are analyzed so that no conclusions can be drawn about your identity. In addition to mouse movements and clicks, information on the operating system, browser, incoming and outgoing references (links), geographical origin and resolution and type of device are evaluated for statistical purposes. This information is pseudonymous and will not be passed on to third parties by us or by Hotjar. Data entered by you on form fields on our website are hidden and not collected by Hotjar.

The data collection by Hotjar can be deactivated on all websites operated by us or other providers that use Hotjar by your objection (so-called opt-out). You can find more detailed explanations and a function for declaring your objection on the Hotjar objection page. In addition, Hotjar supports the so-called Do-Not-Track function of your browser. If you activate this in your browser, Hotjar will not collect any data. Instructions for the various browsers can be found on the Hotjar website. You can also find more information on this in Hotjar's privacy policy.

We process your data with the help of Hotjar Behavior Analytics for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by Hotjar Ltd. Further information can be found in the privacy policy for Hotjar Behavior Analytics: https://www.hotjar.com/privacy/.

13.8 Cloudflare CDN

We use Cloudflare CDN to properly deliver the content of our website. Cloudflare CDN is a service of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich. A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Cloudflare CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudflare. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/de-de/privacypolicy/.

13.9. PINGDOM REAL USER MONITORING

We have integrated Pingdom Real User Monitoring on our website. Pingdom Real User Monitoring is a service provided by Pingdom AB, which develops cloud-based software that allows website and application owners to track the performance of their services.
Pingdom Real User Monitoring provides us with the ability to track and improve the stability of our services through system monitoring and code errors.
In this process, your IP address and performed activities on our website are collected. In this case, your data is passed on to the operator of Pingdom Real User Monitoring, Pingdom AB.

The use of Pingdom Real User Monitoring is based on our legitimate interests, i.e. interest to optimize our services according to Art. 6 para. 1 lit. f. GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Pingdom AB. Further information can be found in the privacy policy for Pingdom Real User Monitoring: https://www.solarwinds.com/legal/privacy.

13.10. ETRACKER

Our website uses the analytics service etracker, a web analytics service provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg Germany. Cookies are used for this purpose, which enable a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising.

The data collected using etracker technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. In the process, the IP address is anonymized at etracker at the earliest possible time and login or device identifiers are converted at etracker into a unique key that is not assigned to a person. No other use, combination with other data or disclosure to third parties is made by etracker.

You can object to the collection and storage of data at any time with effect for the future. To object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from etracker using the following link. This will ensure that no visitor data from your browser is collected and stored by etracker in the future: http://www.etracker.de/privacy?et=V23Jbb.

You can find more information in etracker's privacy policy.

13.11. AWIN

Our website participates in affiliate programs of AWIN AG, Eichhornstraße 3, 10785 Berlin, a service for integrating advertisements in the form of text links, image links, advertising banners or input masks. Awin uses cookies and similar technologies to present you with advertisements that are relevant to you. Awin also uses so-called web beacons (invisible graphics). These can be used to evaluate information such as visitor traffic on these pages.

The information collected by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats is transmitted to a server of Awin and stored there. This information may be passed on by Awin to contractual partners of Awin. However, Awin will not merge your IP address with other data stored by you.

You can prevent the storage of cookies by setting your browser accordingly (as described above). You can find more information on this in Awin's privacy policy.

The service is used on the basis of our legitimate interests, i.e. interest in optimizing our advertising campaigns, for marketing purposes and for the settlement of commission payments to affiliate partners pursuant to Art. 6 para. 1 lit. f. GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by AWIN AG. Further information can be found in the privacy policy for AWIN: https://www.awin.com/de/rechtliches/privacy-policy.

13.12. BING ADS

Our website uses Bing Ads, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft uses cookies and similar technologies to present you with advertisements that are relevant to you. The use of these technologies enables Microsoft and its partner sites to serve ads based on prior visits to our site or other sites on the Internet. The data generated in this context may be transferred by Microsoft to a server in the USA for analysis and stored there.

You may refuse the use of cookies by selecting the appropriate settings on your browser (as described above); however, please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookies and related to your use of the website to Microsoft as well as the processing of this data by Microsoft by deactivating the personalized ads on the objection page of Bing Ads or the general settings for ads by Microsoft. Please note that in this case, after deleting all cookies from your browser or using a different browser and/or profile later, the objection must be declared again. You can find more information about this on the Bing Ads help pages and in Microsoft's privacy policy.

We process your data with the help of Bing Ads for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 (1) a GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. Microsoft Corporation and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active. Further information can be found in the privacy policy for Bing Ads: https://privacy.microsoft.com/de-de/privacystatement.

13.13. SCARAB RESEARCH

Our website uses Scarab Research, a service provided by Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, ("Emarsys") to personalize and automate the display of advertisements. This service "tags" visitors to its partners' websites with anonymous browser cookies. Users tagged by the service receive an anonymous identifier. The browser cookies track the products viewed by the visitor and the pages visited by the partner for which the ads are delivered.

We process your data with the help of Scarab Research for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 (1) lit. a GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by Emarsys eMarketing Systems AG. Further information can be found in the privacy policy for Scarab Research: https://emarsys.com/de/datenschutzrichtlinie/.

13.14. HUMAN BOT DEFENDER

Our website uses HUMAN Bot Defender provided by HUMAN Security, Inc, 111 W 33rd St Fl 11, New York City, New York, 10001, USA, to determine whether a request originates from a human user or a bot. HUMAN Bot Defender stores a cookie and collects personal data such as your IP address, connection metadata (e.g. requests, browser data, TLS information) and records mouse movements. With the help of this information, HUMAN Bot Defender can distinguish human website visitors from bots and thus protect our website from unauthorized access, excessive traffic and attacks by bots. The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in fraud prevention and security. The transfer of data to the USA takes place on the basis of the standard data protection clauses concluded between us and the provider. HUMAN Security, Inc. maintains strict measures to protect your data. You can find more information on this in the HUMAN Bot Defender privacy policy at https://www.humansecurity.com/data-security-and-privacy-faq and https://www.humansecurity.com/privacy.

13.15. DRESSLIFE

We use the service Dresslife provided by Dresslife GmbH, WalderseestraรŸe 7, 30163 Hanover on our website. This is a service that helps us to reduce return rates and thus offer our products more affordably and sustainably. Dresslife stores a cookie and uses it to collect and process pseudonymized information about your search queries and product views in our store. This enables us to specifically display products that you potentially like and that are still available in your size, for example. The legal basis for storing the cookie and processing the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TTDSG. Your consent is voluntary and can be revoked at any time. When using Dresslife, personal data is transmitted to servers in the USA. This is done on the basis of the EU-US Data Privacy Framework, under which Dresslife is certified. Information on data protection at Dresslife can be found at https://dresslife.com/privacy-policy/.

13.17. ATLAS SOLUTIONS

We have integrated Atlas Solutions on our website. Atlas Solutions is a service provided by Atlas Solutions that displays targeted advertising to users. Atlas Solutions uses cookies and other browser technologies to analyze user behavior and recognize users. Atlas Solutions collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Atlas Solutions delivers targeted advertising based on behavioral profiling and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of Atlas Solutions, Atlas Solutions. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.

We process data with the help of Atlas Solutions for the purpose of optimizing our advertising campaigns and for marketing purposes based on your consent pursuant to Art. 6 (1) lit. a. GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by Atlas Solutions. Further information can be found in the Atlas Solutions privacy policy: https://atlassolutions.com/business/good-questions/privacy-and-data.

13.18. CDNJS

We use CDNJS to properly deliver the content on our website. CDNJS is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our website. A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cloudflare, Inc. whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of CDNJS.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 (1) f GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Cloudflare, Inc. is certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnZKAA0&status=Active. Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

13.19. CRITEO CDN

We use Criteo CDN to properly serve content on our website. Criteo CDN is a service of Criteo S.A., which acts as a content delivery network (CDN) on our website to ensure the functionality of other services of Criteo S.A.. For said services, you will find a separate section in this Privacy Policy. This section is only about the use of the CDN.
A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Criteo S.A., Paris, Ile-de-France, FR, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Criteo CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo CDN: https://www.criteo.com/de/privacy/.

13.20. CRITEO DYNAMIC RETARGETING

We use the Criteo Dynamic Retargeting service of Criteo S.A., Paris, Ile-de-France, FR, to display specific and relevant ads to groups of users using targeting technologies. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot generally be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.

We process data with the help of Criteo Dynamic Retargeting for the purpose of optimizing our advertising campaigns and for marketing purposes based on your consent pursuant to Art. 6 (1) lit. a. GDPR. The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo Dynamic Retargeting: https://www.criteo.com/privacy/.

13.21. FACEBOOK PIXEL

We use Facebook Pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and to subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with Facebook Ireland Ltd.

We process your data with the help of Facebook Pixel for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 (1) a GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Facebook Ireland Ltd. Meta Platforms, Inc. and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.

13.22. FACEBOOK PLUGIN

We have integrated components of Facebook Plugin on our website. Facebook Plugin is a service of Facebook Ireland Ltd. and offers us the opportunity to aggregate content from the social media platform and display it on our website. When you access this content, you establish a connection to servers of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Facebook Plugin. If a user is registered with Facebook Ireland Ltd, Facebook Plugin can associate the content viewed with the profile.

The use of the service is based on our legitimate interests, i.e. interest in a platform-independent provision of content in accordance with Art. 6 (1) f GDPR. The concrete storage period of the processed data cannot be influenced by us, but is determined by Facebook Ireland Ltd. Meta Platforms, Inc. and its subsidiaries are certified under the Data Privacy Framework. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant- detail?id=a2zt0000000GnywAAC&status=Active. Further information can be found in the privacy policy for Facebook Plugin: https://www.facebook.com/policy.php.

13.23. MINUBO

We use the e-commerce BI software Minubo from Minubo GmbH, Großer Burstah 31, 20457 Hamburg, Germany on our website. Minubo enables us to analyze and optimize as well as ensure the economic operation of our online store. For this purpose, classic e-commerce key figures (order values, orders, cancellations, returns, conversion rates, sessions, etc.) are collected and clearly processed. In particular, addresses, e-mail addresses, names, gender, age, order value, number of orders and transaction IDs are processed.
A data collection takes place here via other systems such as Google Analytics (see there). Minubo only uses these systems as a source and merges the existing data. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data protection at Minubo can be found at https://www.minubo.com/en/legal/privacy-policy.

13.24. Feed Dynamix

We use technologies of Feed Dynamix GmbH, Ludwigstraße 31 | 60327 Frankfurt/Main, on our website for its demand-oriented design as well as for the optimization of our marketing activities. Feed Dynamix collects and processes anonymized data and creates usage profiles from this data using pseudonyms. For this purpose, cookies may be used, which allow the recognition of an Internet browser. However, usage profiles are not merged with data about the bearer of the pseudonym without your express consent. In particular, IP addresses are made unrecognizable immediately after they are recorded, which means that it is not possible to assign usage profiles to IP addresses. The analysis of user behavior is carried out - insofar as personal data is concerned - on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time.

13.26. CONTENTSQUARE

If you provide us with appropriate consent in our Cookie Consent Tool, we use the web analytics service of ContentSquare S.A.S., 5 boulevard de la Madeleine, 75001 Paris, France, on our Website. ContentSquare collects interaction data of your visit to our website (such as scrolling, clicks or your time spent on the page) and processes it in pseudonymized form for marketing purposes and to optimize the user-friendliness of our website. The data collection is carried out, among other things, through the use of cookies, which are only placed with your prior consent.

ContentSquare processes the following data:

  • Device properties, in particular operating system and browser
  • IP address of your device (pseudonymized)
  • Date and time of the website visit
  • Time spent on the website
  • Addresses of the pages visited
  • Address of the website visited immediately before, if contact to our website is established via a link (the so-called "referrer")
  • Geographical data (country from which the website is accessed)
  • Information about interactions with website elements (e.g. clicks, mouse movements, scrolls, hover)
  • Product-related transaction data

ContentSquare uses the aforementioned information to evaluate the use of our website and generate reports that help us improve our website and our services. Since usage is pseudonymized, we cannot draw any conclusions about specific individuals.

Information on data protection at ContentSquare can be found in their privacy policy at https://contentsquare.com/de/privacy-and-security/ and https://contentsquare.com/de/gdpr/.

ContentSquare is a European company that generally stores and processes personal data on servers within the EU. Should ContentSquare exceptionally transfer Personal Data to countries outside the European Union, this will be performed on the basis of appropriate safeguards pursuant to Art. 46 of the GDPR, unless an adequacy decision within the meaning of Art. 45 of the GDPR already exists for the third country concerned. Appropriate safeguards include, in particular, the standard contractual clauses of the European Commission, in which case it is ensured that the recipient maintains appropriate additional measures to adequately secure the data.

ContentSquare deletes all data by default after 13 months, according to its own information.

The legal basis for data processing is your consent pursuant to Art. 6 para 1 lit. a GDPR. Your consent is voluntary and can be withdrawn at any time by adjusting the settings in the Consent Tool.

13.27. PREFIXBOX

We use the search service of Prefixbox Ltd, 22 Vereker Road, London W14 9JS, United Kingdom, on our website. Prefix processes the data mentioned below with the purpose of optimizing the search function on our website. The data collection is performed, among other things, through the use of cookies, which are placed only with your consent.

Prefixbox processes the following data:

  • Browser type (desktop/mobile) - saved
  • First party cookies
    • _pfbuid: this is an automatically generated identifier indicating that the same visitor has visited the client's website again.
    • _pfbsesid: this is an automatically generated identifier that helps identify user visits.
    • _prefixboxIntegrationVariant: this cookie is used in A/B testing; your placement in the control or treatment group is logged and your shopping behavior is matched with that of other users.
    • _pfbx_user_search_engine_layout_type: The user search engine cookie stores the preferred search engine layout you specify and automatically applies the structure on future visits.
    • _pfbx_configuration_{random_GUID}_{pfbx_website_tracker}_{pfbx_application_tracker}: caches the application configuration to speed up load time.
    • _pfbx_preview_application: the cookie is used during the preview of the prefixbox application.
    • _pfbx_preview_merchandising: the cookie is used during the prefixbox merchandising preview.
    • _pfbx_preview_abtest: The cookie is used during the prefixbox A/B test preview.
    • _pfbx_apiKeys_{pfbx_website_tracker}:
    • _pfbx_application_information: The cookie is used to identify the loaded prefixbox application.
    • _pfbx_custom_properties: The cookie is used for testing.
    • _pfbx_scrollPosition: This is used for holding the user's latest position on the search engine result page.
    • _pfbx_previousUrl: This is used for holding the latest url from the navigation history.
    • _pfbx_state_before_similar: This is used for storing the latest application state when clicking on a similar product.
    • _pfbx_product_recommendation_collection: Used for collecting product page visits for product recommendations.
  • Browser related events
    • Patterns: search terms and products
    • Events
    • Search field: focus on/off
    • Query executed
    • Search result found/not found
    • Product click
    • Shopping cart event
    • Order completed

The user's IP address is not stored by Prefixbox.

With the help of the aforementioned information, Prefixbox evaluates the use of our website and thus optimizes the search function of our website in order to provide our users with the best possible search results. Since data is used pseudonymously, neither we nor Prefixbox can draw conclusions about specific persons.

Information on data protection at Prefixbox can be found in their privacy policy at https://www.prefixbox.com/de/privacypolicy.

If Prefixbox transfers personal data to countries outside the European Union, this will be performed on the basis of appropriate safeguards pursuant to Art. 46 of the GDPR, unless an adequacy decision within the meaning of Art. 45 of the GDPR already exists for the third country concerned. Appropriate safeguards include, in particular, the European Commission's standard contractual clauses, in which case it is ensured that the recipient maintains appropriate additional measures to adequately secure the data.

The legal basis for the data processing is our legitimate interest in optimizing the search function on our website pursuant to Art. 6 para 1 lit. f GDPR. Your consent is voluntary and can be withdrawn at any time by adjusting the settings in the Consent Tool.

13.28. TIKTOK PIXEL

If you provide us with your explicit consent within our Consent Tool, we use a tracking pixel of the social network TikTok on our website, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

With the help of this pixel, TikTok can identify you as a visitor to our website as a target group for the display of advertisements, so-called TikTok ads. We therefore use the TikTok pixel to display ads placed by us on the TikTok social network only to users who are also interested in our website or who have certain characteristics, in particular interests in certain topics or products (so-called Custom Audiences). The purpose of this is not only to make our ads more effective, but at the same time to ensure that our ads correspond to the potential interest of users and are not annoying or irrelevant to anyone. In addition, the pixel allows us to track the effectiveness of our ads on the TikTok social network for statistical and market research purposes. Through the pixel, we are able to track whether users have been redirected to our website by clicking on an ad in TikTok (so-called conversion).

The use of the TikTok pixel as well as the storage of cookies is based on your consent according to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TTDSG. Your consent is voluntary and can be withdrawn at any time by adjusting your settings in our Consent Tool.

The processing of statistical data is carried out by us and TikTok as joint controllers. We have entered into a Joint Controller Agreement with TikTok that governs the allocation of data protection responsibilities between us and TikTok. This agreement states, among other things, that we will provide you (within the scope of this Privacy Policy) with all information pursuant to Art. 13, 14 GDPR regarding the processing of personal data. Further, it was agreed that TikTok is responsible for ensuring the rights of data subjects pursuant to Art. 15 to 20 GDPR. You can access the Joint Controller Agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.

For more information on data processing by TikTok, please refer to the privacy notices at https://www.tiktok.com/legal/privacy-policy-eea?lang=en.

13.29. SNAP PIXEL

If you provide us with your explicit consent within our Consent Tool, we use a tracking pixel of the social network Snapchat (Snap-pixel) on our website, which is operated by Snap Inc., 2772 Donald Douglas, Loop North Santa Monica, CA 90405, USA.

With the help of this pixel, Snapchat can identify you as a visitor to our website as a target group for the display of advertisements, so-called Snapchat ads. We therefore use the Snap-pixel to display ads placed by us on the Snapchat social network only to users who are also interested in our website or who have certain characteristics, in particular interests in certain topics or products (so-called Custom Audiences). The purpose of this is not only to make our ads more effective, but at the same time to ensure that our ads correspond to the potential interest of users and are not annoying or irrelevant to anyone. In addition, the pixel allows us to track the effectiveness of our ads on the Snapchat social network for statistical and market research purposes. Through the pixel, we are able to track whether users have been redirected to our website by clicking on an ad in Snapchat (so-called conversion).

The use of the Snap-pixel as well as the storage of cookies is based on your consent according to Art. 6 para. 1 lit. a GDPR and ยง 25 para. 1 TTDSG. Your consent is voluntary and can be withdrawn at any time by adjusting your settings in our Consent Tool. If personal data is transferred to servers in the USA, this is based on your consent pursuant to Art. 49 para. 1 lit. a GDPR, after we have informed you that certain risks may be associated with data processing in the USA, in particular due to access by US secret services.

The processing of statistical data is carried out by us and Snapchat as joint controllers. We have entered into a Joint Controller Agreement with Snapchat that governs the allocation of data protection responsibilities between us and Snapchat. This agreement states, among other things, that we will provide you (within the scope of this Privacy Policy) with all information pursuant to Art. 13, 14 GDPR regarding the processing of personal data. Further, it was agreed that Snapchat is responsible for ensuring the rights of data subjects pursuant to Art. 15 to 20 GDPR.

For more information on data processing by Snapchat, please refer to the privacy notices at https://www.snap.com/en-US/privacy/privacy-center

14. Purchase ratings (Trustpilot).

Purposes of processing and legal basis: We invite feedback on experiences with KICKZ and the related shopping experience at various points in time as part of the customer relationship. The legal basis for the invitation to provide purchase-related customer feedback is Section 7 (3) UWG (Art. 6 (1) lit. f DSGVO, legitimate interest). Recipients of the data: To enable the submission of purchase ratings, we use the external processor Trustpilot A/S, based in Copenhagen, Denmark. This is contractually obligated in accordance with Art. 28 DSGVO. The privacy policy of Trustpilot can be found at https://uk.legal.trustpilot.com/for-reviewers/end-user-privacy-terms

 

KICKZ.com GmbH
Landwehrstrasse 60
D-80336 Munich
Germany

Phone:
+49 (0) 89 324 781 0

Fax:
+49 (0) 89 324 781 99

E-mail:
info@kickz.com

Top Back to top