Privacy

Data Protection Declaration

 

§ 1        Name and Address of the Responsible Party

§ 2       Name and Address of the Data Protection Officer

§ 3       General Information regarding Data Processing

§ 4       Supplying of the Website and Generation of Log Files (“Informational Usage”)

§ 5       Usage of Cookies

§ 6       Data Processing in ETERNA’s Online Shop

§ 7       Provision of Data in Order to Implement the Agreement

§ 8       Provision of Data for the Validation and the Verification of Addresses as well as the Credit Check

§ 9       Initiating Contact

§ 10     Newsletter; Product Recommendations for Similar Goods; Direct Advertising by Letter

§ 11      Participation in Sweepstakes, Prize Competitions or Other Campaigns

§ 12     Usage of cookies and similar technologies

§ 13     Customer Evaluation Request by eKomi

§ 14     Voucher Offers from Sovendus GmbH

§ 15     Usage of Facebook, Google, Instagram, YouTube, VIMEO and Microsoft

§ 16     Data Security

§ 17     Your Affected Party Rights

§ 18     Currentness of and Changes to This Data Protection Declaration

 

 

§ 1       Name and Address of the Responsible Party

The Responsible Party in accordance with the General Data Protection Regulation and other national data protection laws of the member countries as well as any other provisions under data protection law is:

ETERNA Mode GmbH
Medienstraße 12
94036 Passau (Germany)
Telephone: (+49) 08 51 / 98 16-0
Fax: (+49) 08 51 98 16-465
E-Mail: contact@eterna.de,

hereafter also referred to as “ETERNA”.

If you have any questions regarding the collection, processing or usage of your personal data, the disclosure, correction, blocking or deletion of data as well as the revocation of any consents that have been issued, please contact contact@eterna.de.

 

§ 2       Name and Address of the Data Protection Officer

The data protection officer can be contacted by e-mail at datenschutz@eterna.de as well as by using the contact data specified in § 1 with the addition “Data Protection Officer”.

 

§ 3       General Information regarding Data Processing

(3.1) Scope of the Processing of Personal Data

We process our users’ personal data in principle only insofar as this is required for the supplying of a functional website as well as of our contents and services. The processing of our users’ personal data is done upon a regular basis only after having received the user’s consent to do so. An exception shall be valid in such cases in which it is not possible to obtain prior consent owing to the respective actual reasons and the processing of the data is permitted by the statutory directives.

 

(3.2) Legal Basis for the Processing of Personal Data

Insofar as we obtain a consent for the affected party for the processing procedures for the personal data, Art. 6 Para. 1 Clause 1 lit. a) EU General Data Protection Regulation (GDPR) shall serve as the legal basis.
With regards to the processing of personal data which is required for the fulfilment of an agreement whose contractual party is the affected party, Art. 6 Para. 1 Clause 1 lit. b) GDPR shall serve as the legal basis. This shall also be valid for processing procedures which are required for the implementation of the pre-contractual measures.
Insofar as a processing of personal data is required for the fulfilment of a legal obligation which our company must fulfil, Art. 6 Para. 1 Clause 1 lit. c) GDPR shall serve as the legal basis.
In the case that vital interests of the affected party or another natural person makes a processing of personal data necessary, Art. 6 Para. 1 Clause 1 lit. d) GDPR shall serve as the legal basis.
If the processing is required in order to safeguard an entitled interest of our company or of a third party and the interests in safeguarding the fundamental rights and the fundamental freedoms of the affected party do not outweigh the initially-mentioned interest, then Art. 6 Para. 1 Clause 1 lit. f) GDPR shall serve as the legal basis for the processing.

 

(3.3) Data Deletion and Storage Duration

The personal data of the affected party shall be deleted or blocked as soon as the purpose of the storage is no longer valid. Moreover, storage may be done if this has been prescribed by the European or national lawmakers in regulations, laws or other directives issued by the European Union to which the Responsible Party is subject. A blocking or a deletion of the data shall also then be done if a storage timeframe prescribed by the aforementioned norms lapses unless a necessity exists for the continued storage of the data for a conclusion or a fulfilment of a contractual agreement.

 

§ 4     Supplying of the Website and Creation of Log Files (“Informational Usage”)

(4.1) Description and Scope of the Data Processing

During each visit to our Internet site (i.e. even in the case of a merely informational usage of our website), our system automatically collects data and information from the computer system of the accessing computer. Consequently, your Internet browser transmits usage data which are stored in log files (so-called server log files). The data sets stored in this manner contain the following data:

 

-     User’s browser type/browser version,

-     User’s operating system,

-     Device ID (Google Advertising ID, Apple Advertising ID)

-     User’s IP address/Internet service provider,

-     Date/time of day of the access,

-     Websites from which the user’s system accessed our Internet site,

-     Websites which have been visited by the user’s system via our website (Referrer-URL),

-     http-response-Code

 

The data are stored in our system’s log files. A storage of these data together with other personal data of the user is not made.

 

(4.2) Legal Basis for the Data Processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(4.3) Purpose of the Data Processing

The temporary storage of the IP address by the system is required in order to enable a delivery of the website to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session. The storage in log files is done in order to ensure the website’s functionality. In addition, the data serve us for the purposes of the optimisation of the website and for the guaranteeing of the security of our information technology systems. However, an evaluation of the data for marketing purposes is not done in this context.

These purposes also form the basis for our entitled interest in the data processing in accordance with Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(4.4) Duration of the Storage

The data are deleted as soon as they are no longer required for the attainment of the purpose of their collection. If the data are collected in order to provide the website, this shall be the case if the respective session has ended. In the case that the data are stored in log files, this shall be the case after by no later than seven days. A more extensive storage shall be possible. In this case, the users’ IP addresses shall be deleted or distorted so that a categorisation to the accessing client is no longer possible.

 

(4.5) Possibility of Lodging an Objection and Deletion

The collection of the data in order to provide the website and the storage of the data in log files is mandatorily required for the operation of the Internet site. Consequently, the user has no right of objection in this regard.

 

§ 5       Usage of Cookies

(5.1) Description, Scope and Purpose of the Data Processing

(5.1.1) Our website uses cookies. Cookies are text files which are stored in the Internet browser and/or by the Internet browser on the user’s computer system. If a user visits a website, then a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters which enables a clear identification of the browser when visiting the website again. Cookies help to optimise the offerings of the website or also of the online shop in that, for example, your personal preferences are stored or the storage of your virtual shopping basket is enabled. The collected information permits no inferences to be drawn regarding a specific person and contain no data like your name.

 

This website uses

 

-     Technically required cookies
These technologies are required to activate the core functionality of the website. Technically required cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The ETERNA online shop cannot function properly without these cookies.

-     Functionality cookies,
Functional cookies help us to make the ETERNA online shop experience even better for you and provide you with advanced features (e.g. our referral program "friends refer friends", our store finder or videos).

-     Analysis and statistics cookies
These cookies help us to understand how visitors interact with the ETERNA online shop by providing data about which websites or search terms bring users to our online shop, how long they typically stay on our pages or how many sub-pages they visit on average. We use this data to improve the content of our websites and to produce statistics for internal market analysis purposes on the performance of our websites. This data does not allow any direct conclusion to your person. All data collected by us is only processed in aggregated form.

-     Marketing and Retargeting cookies
These technologies are used by advertisers to deliver content and ads that are relevant to you and your interests. This allows you to buy your favorite products through ads from anywhere - for example, from search engines and social networks. Marketing and retargeting cookies help us and our (advertising) partners to deliver personalized advertising and to limit the frequency with which you see an ad. They also help us to assess the effectiveness of advertising campaigns.

 

(5.1.2) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.

 

(5.1.3) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The maximum storage period of cookies set by ETERNA is 60 days. You can delete the cookies in the security settings of your browser at any time.

 

(5.2) We use the Usercentrics service provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany ("Usercentrics") to comply with our obligations under data protection law, in particular to manage and control automated data processing and data protection consents. This service helps us to obtain the consent required by law for cookies and tracking. When you visit our website, the Usercentrics script is automatically loaded. On your first visit, a window will be opened (so-called "cookie banner") in which you can give your consent to the use of cookies in general or make user-defined settings. Usercentrics saves this selection and then loads further cookies according to your consent or other legal requirements. On subsequent visits, the cookie banner will no longer open, but Usercentrics will immediately load the cookies according to your selection on your first visit. You can change this selection at any time with effect for the future under "Cookie Settings" in the lower section of our website (so-called footer). You can also view the cookie settings at https://www.eterna.de/#uc-corner-modal-show.


Usercentrics collects the date and time of your visit, device information, browser information, your anonymized IP address and information about your selection in the data protection settings. To the extent that these data allow conclusions to be drawn about your person, Usercentrics does not use them for its own purposes and processes them exclusively within the European Union. Further information on data protection at Usercentrics is available at https://usercentrics.com/de/datenschutzerklaerung/.

The legal basis for the use of Usercentrics is Art. 6 Para. 1 lit. c GDPR, as the use of Usercentrics is necessary to comply with our legal obligations regarding data protection, in particular the GDPR.

 

(5.3) Legal Basis for the Data Processing

The legal basis for the processing of personal data while using cookies is Art. 6 Para. 1 Clause 1 lit. f) GDPR. The aforementioned purposes also form the basis for our entitled interest in the processing of your personal data.

 

(5.4) Possibility of Lodging an Objection and Deletion

Cookies are stored on the user’s computer and are transmitted by this computer to our website. Thus, as the user, you also have full control over the usage of cookies. By making changes to the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Any cookies that have already been stored can be deleted at any time. This can also be done in automated fashion. However, if cookies are deactivated for our website, all functions of the website may possibly no longer be able to be used comprehensively.

The following links will help you to adjust your settings in order to reject or accept cookies in the browsers that are most-commonly used:

-     Internet Explorer / Windows Edge: https://windows.microsoft.com/de-de/windows-vista/block-or-allow-cookies

-     Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

-     Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

-     Safari: https://support.apple.com/kb/ph21411?locale=de_DE

-     Opera: https://help.opera.com/Windows/10.20/de/cookies.html.

 

§ 6       Data Processing in ETERNA’s Online Shop

(6.1) If you would like to order something in ETERNA’s online shop, you have the choice of whether you would like to enter your data that are required for your order only upon a one-time basis for this order (guest order) or whether you would like to create a password-protected customer account whereby your data will be stored for subsequent additional purchases.

 

(6.2) Guest Order

(6.2.1) Description and Scope of the Data Processing

Your personal data shall be entered into an input mask and transmitted to us and then stored. For your order as a guest, we require the following personal data as “mandatory data”:

-       Form of address,

-       Forename,

-       Surname,

-       Street, building number, postal code, city, country (invoicing and/or deviating delivery address),

-       Birthdate,

-       E-mail address,

-       Dress size

 

Without filling in the fields that have been marked as being obligatory fields, it is not possible to make an order. Moreover, we shall store the user’s IP address as well as the date and time of day that access is made.

 

(6.2.2) Legal Basis for the Data Processing

The data processing shall be done for your order and shall be required in accordance with Art. 6 Para. 1 Clause 1 lit. b) GDPR for the processing of your order and/or for the fulfilment of the obligations resulting from the purchasing agreement that has been concluded.

 

(6.2.3) Purpose of the Data Processing

These data are collected

-       In order to be able to identify you as our customer;

-       In order to be able to process, fulfil and complete your order;

-       In order to be able to conduct correspondence with you;

-       For invoicing purposes;

-       In order to handle any liability claims as well as in order to assert any claims against you.

 

We require your birthdate in order to guarantee a transparent identification of the customer and/or the customer’s data. In addition, you must be at least 18 years old in order to be able to make an order in ETERNA’s online shop.
If you should have selected purchase on account as the payment method, for the purpose of the credit check, your birthdate shall also be passed on to our service provider.
Because ETERNA will send you a confirmation of receipt and/or an order confirmation via e-mail, the disclosure of your e-mail address is also required.

 

(6.2.4) Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose of their collection. This shall then be the case for the data that have been stored for the fulfilment of the purchasing agreement if the data are no longer required for the implementation of the agreement. Even after the conclusion of the agreement, a necessity may exist to store the contractual partner’s personal data in order to fulfil contractual or statutory obligations. Thus, the personal data which we collect for the implementation of your order are stored until the statutorily-prescribed retention timeframe lapses and then deleted unless we are obliged to implement a longer storage timeframe in accordance with Art. 6 Para. 1 Clause 1 lit. c) GDPR owing to retention and documentation obligations under tax and commercial law (from the German Commercial Code, German Tax Code or German Fiscal Code), you have approved a more extensive storage timeframe in accordance with Art. 6 Para. 1 Clause 1 lit. a) GDPR or an entitled interest exists in accordance with Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(6.3) Data Processing in Conjunction with a Customer Account

(6.3.1) Description and Scope of the Data Processing

(6.3.1.1) Registration

On our Internet site (in particular also in the context of an order process of our online shop) we offer users the possibility to register with a customer account by entering personal data (so-called "basic data") and to participate in the bonus program. The data is entered into an input mask, transmitted and stored.
The following basic data are collected as mandatory data during the registration process:

-       Form of address,

-       Forename,

-       Surname,

-       Street, building number, postal code, city, country,

-       Birthdate,

-       E-mail address,

-       Password.

 

Without providing these basic data, an online registration is not possible. Moreover, we store the user’s IP address as well as the date and time of day that access is made. Insofar as you have opted to voluntarily disclose a professional title or a telephone number, these data shall also be stored.

By submitting the digital application form, you initiate the creation of a personalized, password-protected customer account. After registration, a confirmation e-mail is sent, which completes the creation of the customer account. A further confirmation is not necessary.

 

(6.3.2) Data Collection after Registration

After registration has been made, your personal customer number shall be awarded. In addition, your purchases (date, article, article number, quantity, price, currency and type of transaction) shall be registered.
We also collect and store other voluntary information that you provide in your customer account, such as your preferences ("SHIRTID").

 

(6.4) Legal Basis for the Data Processing

By logging in with your customer account, you have consented to the processing of your data, which is why the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. Furthermore, the processing of the data you have provided is necessary for the implementation of the customer loyalty programme, so that Art. 6 para. 1 sentence 1 lit. b) GDPR is an additional legal basis for the processing of the data.

 

(6.5) Purpose of the Data Processing

The collected data is necessary for the implementation of the customer loyalty program. Your name and date of birth are used to verify your legal age and for identification purposes. The e-mail address or postal address you provide will be used for sending the vouchers and for regular information about your current points balance or about special promotions in connection with the bonus programme (including double or extra points). The registration of your purchases and the resulting loyalty points is the basis for the voucher dispatch.
Via the customer account you can view the data of your completed, open or recently shipped orders and correct/manage the data you provided during registration.

 

(6.6) Duration of the Data Processing

The data shall be deleted as soon as they are no longer required for the attainment of the purpose of their collection. This shall be the case for the data collected during the registration process if the registration has been deleted or changed.

 

(6.7) Right of Objection; Right of Deletion

In order to delete the registration or to change the data stored about you, you can send an e-mail to service@eterna.de or a message (e.g. fax or letter) to ETERNA’s contact data which are stated in § 1.

 

(6.8) CRM System from Salesforce

(6.8.1) The personal data collected by you in connection with the registration in the customer account are transferred to the CRM system ("Customer Relationship Management") of the cloud provider Salesforce (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany; "Salesforce") and managed there. The data protection regulations of Salesforce can be viewed here: https://www.salesforce.com/de/company/privacy/. Further information on the GDPR can be found at https://www.salesforce.com/de/campaign/gdpr/. Of course, an order processing contract was concluded between ETERNA and Salesforce.

 

(6.8.2) Salesforce indeed has a branch in Germany, but it has its Headquarters in the USA. Thus, it cannot be ruled out that the aforementioned data will be transmitted to the USA. However, Salesforce is certified in accordance with the EU-US Privacy Shield and guarantees that your data will also be subjected to an appropriate data protection level in the USA. You can find additional information regarding the certification by clicking on the following link: https://www.privacyshield.gov.

 

(6.8.3) The processing of your data by Salesforce takes place on the basis of Art. 6 para. 1 sentence 1 letter a) GDPR (because you have registered with a customer account and thus consented) and Art. 6 para. 1 sentence 1 letter b) GDPR ("processing for the fulfilment of the bonus program").

 

(6.8.4) You have the possibility to revoke your consent to data processing or to object to data processing at any time. As already explained under (6.7), you have the possibility to delete the registration of the customer account at any time and thus to object to the further use of your data.

 

(6.9) SHIRTID

You have the possibility to create a SHIRTID in your customer account and save your product preferences. You can view the available products in our online shop without any obligation or have them sent to you conveniently by e-mail. The legal basis for this is Art. 6 para. 1 p. 1 lit. a) GDPR. The following information is saved: fit, size, sleeve length, Cuff, collar shape, favourite colour and favourite pattern.
You can change or delete the SHIRTID at any time in your customer account.

 

§ 7       Provision of Data in Order to implement the Agreement

In order to process your order, we cooperate with the following service provider(s) who support us, in whole or in part, during the implementation of the agreements that have been concluded. Specific personal data are transmitted to these service providers based upon the following information. We shall pass on your payment data during the payment processing to the commissioned credit institute insofar as this is required for the processing of the payment. Insofar as payment processing service providers are commissioned, we shall explicitly notify you of this in the following. The personal data which we collect shall be passed on during the implementation of the agreement to the transport company which has been commissioned with the delivery insofar as this is required for the delivery of the goods. The legal basis for the dissemination of the data in this regard is Art. 6 Para. 1 Clause 1 lit. b) GDPR.

 

(7.1) Payment Transaction; Payment Processing Service Providers

The payment transaction via the popular payment methods is done exclusively via an encrypted SSL connection. ETERNA wishes to point out that the payment methods may possibly be contingent on the country where your order is made. You can find detailed information in this regard during the concrete ordering process.

 

(7.1.1) Credit Card (only valid for DE, AT, CH, GB, FR, NL, BE, LU, IRL, ES, DK)

If you make payment via credit card, we will pass on your payment data during the processing of the payment to SIX Payment Services AG, Hardturmstrasse 201, CH-8021 Zurich, tel.: +41 58 399 9111, e-mail: info.ch@six-payment-services.com (hereafter, “SIX”).

The transmission of your data to SIX is done upon the basis of Art. 6 Para. 1 Clause 1 lit. a) GDPR (Consent) and Art. 6 Para. 1 Clause 1 lit. b) GDPR (Processing for the Fulfilment of an Agreement).

SIX reserves the right to conduct a credit check for the credit card payment methods. For this, your payment data may possibly be passed on as required to credit agencies in accordance with Art. 6 Para. 1 lit. f) GDPR upon the basis of SIX’s entitled interest in the determination of your ability to pay. SIX uses the result of the credit check with regards to the statistical payment default probability for the purpose of the decision-making regarding the offering of the respective payment method or not. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result from the credit check, they have their basis in a scientifically-recognised mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.

Additional data protection information – among others, regarding the credit agencies used –can be found in SIX’s Data Protection Declaration: https://www.six-payment-services.com/privacy-statement. Moreover, you can find more extensive information regarding SIX by clicking on the following link https://www.six-payment-services.com/gdpr.

You have the option at any time of revoking your consent for the data processing and/or objecting to the data processing. However, a revocation shall not affect the validity of the data processing procedures that have been done in the past.

 

(7.1.2) PayPal (only valid for DE, AT, CH, GB, FR, NL, BE, LU, IRL, ES, DK)

On our website, we offer, among other options, the option of payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter, “PayPal”).

If you select the option of making payment via PayPal, the payment data which you have entered shall be transmitted to PayPal.

The transmission of your data to PayPal shall be made upon the basis of Art. 6 Para. 1 Clause 1 lit. a) GDPR (Consent) and Art. 6 Para. 1 Clause 1 lit. b) GDPR (Processing for the Fulfilment of an Agreement).

Please review the more extensive data protection information in PayPal’s Data Protection Declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

You have the option at any time of revoking your consent for the data processing and/or objecting to the data processing. However, a revocation shall not affect the validity of the data processing procedures that have been done in the past.

 

(7.1.3) Amazon Payments (only valid for DE, AT, FR, NL, BE, LU, GB, IRL, ES)

If you select the “Amazon Payments” payment method, the processing of the payment shall be done via the payment processing service provider Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg (hereafter: “Amazon Payments”) to whom we will pass on your information that was disclosed during the ordering process in addition to the information regarding your order.

The transmission of your data shall be done upon the basis of Art. 6 Para. 1 Clause 1 lit. a) GDPR (Consent) and Art. 6 Para. 1 Clause 1 lit. b) GDPR (Processing for the Fulfilment of an Agreement).

By visiting the following Internet address, you can receive additional information regarding Amazon Payments’ Data Protection Guidelines: https://pay.amazon.com/de/help/201751600.

You have the option at any time of revoking your consent for the data processing and/or objecting to the data processing. However, a revocation shall not affect the validity of the data processing procedures that have been done in the past.

 

(7.1.4) Ticket Plus Classic and/or Ticket Plus Shopping (only valid for DE, AT)

On our website, we offer, among other options, the option of payment via Ticket Plus Classic or Ticket Plus Shopping. The provider of this payment service is Edenred Deutschland [Germany] GmbH, Claudius-Keller-Str. 3C, 81669 Munich (Germany), e-mail: info-de@edenred.com, Web: https://www.edenred.de

In order to pay via Ticket Plus in our online shop, simply select “Ticket Plus” as the payment method during the ordering process. Please enter the 19-digit card number (on the card’s front side), the cardholder’s name, the expiration date and the three-digit security code (on the card’s back side). After entering the data, please click on “Continue” and complete the purchase.

The transmission of your data shall be made upon the basis of Art. 6 Para. 1 Clause 1 lit. a) GDPR (Consent) and Art. 6 Para. 1 Clause 1 lit. b) GDPR (Processing for the Fulfilment of an Agreement).

You can find additional information regarding this payment method at https://www.meinticketplus.de as well as https://www.meinticketshopping.de.

You have the option at any time of revoking your consent for the data processing and/or objecting to the data processing. However, a revocation shall not affect the validity of the data processing procedures that have been done in the past.

 

(7.1.5) iDEAL (only valid for NL)

If you select the "iDEAL" payment method, the payment will be processed by the payment service provider Currence iDEAL BV (hereinafter referred to as "iDEAL"), to whom we will pass on the information you provided during the ordering process, together with the information about your order.
The transmission of your data takes place on the basis of Art. 6 para. 1 sentence 1 lit. a) DSGVO (consent) and Art. 6 para. 1 sentence 1 lit. b) DSGVO (processing for the performance of a contract).
Further information on the data protection provisions of iDEAL can be found at the following Internet address: https://www.ideal.nl/disclaimer-privacy/.
You have the possibility to revoke your consent to data processing or to object to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

 

(7.1.6) Validation and Verification of Addresses; Credit Check

Please note that for the purpose of address validation and verification as well as credit checks, personal data is sent to GFKL PayProtect GmbH, Am Europa-Center 1b, 45145 Essen, Germany, or to info-score Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany (in AT: Credify Informationssysteme GmbH, Gumpendorfer Straße 21, 1060 Vienna, Austria), (in NL: Experian Netherlands B.V., Grote Markstraat 49, NL-2511 BH Den Haag), (in CH: CRIF AG Hagenholzstrasse 81, 8050 Zurich, Switzerland.), (in BE: Focum, situé à Bellevue 3, 9050, Gent, Belgique). Further details can be found under §8 of this privacy policy.

 

(7.2) Shipping Service Provider

The delivery of our goods to you shall be made by the shipping service provider DHL (Deutsche Post [German Postal Service] AG, Charles-de-Gaulle-Straße 20, 53113 Bonn).

Before sending the goods, we shall pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 Clause 1 lit. a) GDPR for the purpose of coordinating a delivery timeframe and/or announcing the delivery insofar as you have granted your express consent for this during the ordering process. Otherwise, we shall pass on only the name of the recipient and the delivery address to DHL for the purpose of rendering the delivery in accordance with Art. 6 Para. 1 Clause 1 lit. b) GDPR. The dissemination shall be made only insofar as this is required for the delivery of the goods. In this case, it is not possible to coordinate the delivery timeframe with DHL and/or the announcement of the delivery in advance.

The consent may be revoked at any time with effectiveness for the future. However, a revocation shall not affect the validity of the data processing procedures that have been done in the past.

 

(7.3) Ready-to-Wear Service

Insofar as you use our ready-to-wear service, this service and the subsequent delivery of the goods shall be implemented by the Persil Online Service (Persil Service GmbH, Färberstraße 10, 30453 Hanover). We shall pass on the recipient’s name as well as your delivery address to Persil Service GmbH for the purpose of making delivery in accordance with Art. 6 Para. 1 Clause 1 lit. b) GDPR. The dissemination of such data shall be made only insofar as this is required for the delivery of the goods. We have no control over any possible additional data processing by Persil Service GmbH. Please review the Data Protection Guidelines in this regard at https://www.geschickt-gereinigt.de/datenschutz/.

 

§ 8       Provision of Data for the Validation and Verification of Addresses as well as the Credit Check

For the purpose of the address validation and the address verification, personal data are transmitted to GFKL PayProtect GmbH, Am Europa-Center 1b, 45145 Essen.
For the purpose of the credit check, personal data are transmitted to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden.

 

(8.1) Validation and Verification of Addresses

(8.1.1) Description and Scope of the Data Processing

For the purposes of the validation and verification of addresses, during the ordering process, the following data that are provided in ETERNA’s online shop:

-       Street,

-       Building number,

-       Postal code,

-       City as well as the

-       Country.

Are transferred to GFKL PayProtect GmbH, Am Europa-Center 1b, 45145 Essen.

For this purpose, GFKL PayProtect GmbH procures information from the following service providers:

Address Validation:

-       Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss,

-       ACS Informatik [Informatics] GmbH, Offenbachstraße 47, 81245 Munich

-       AddressDoctor GmbH, Röntgenstraße 9, 67133 Maxdorf

 

Address Verification:

-       Creditreform Boniversum GmbH, Hellersergstraße 11, 41460 Neuss

-       arvato infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden

-       Deutsche Post Direkt [German Postal Direct Service] GmbH, Junkersring 57, 53844 Troisdorf.

 

(8.1.2) Legal Basis for the Processing

The address validation and the address verification serves the purpose of fulfilling the purchasing agreement concluded with us because, by using these methods, it can be checked whether the ordered goods can be sent at all to the address provided during the ordering process. In this regard, Art. 6 Para. 1 Clause 1 lit. b) GDPR constitutes a legal basis. An additional legal basis for this form of data processing is Art. 6 Para. 1 Clause 1. lit. f) GDPR.

 

(8.1.3) Purpose of the Data Processing

This address validation and address verification serve the purpose of checking whether the goods that you have ordered can be sent at all to the designated address. Therein also lies our entitled interest. Moreover, this also lies in your interest because such a reconciliation of the address will detect any inputting errors made in the address that you provided during the ordering process and you can thus correct this.

 

(8.1.4) Right of Objection

You can object at any time to the transmission of these data to GFKL PayProtect GmbH.

 

(8.2) Credit Check for a “Purchase on Account” (only valid for DE, AT, NL, BE, CH)

(8.2.1) Description and Scope of the Data Processing

ETERNA also offers the “on account” payment option. Insofar as you choose this payment method during the ordering process, ETERNA shall transmit the required personal data to a service provider who has been carefully selected in order to conduct the credit check. The transmission of the personal data shall only then be made in a down streamed fashion for the purposes of the aforementioned address validation as well as address verification and shall also be done only if the “on account” payment method has been selected. ETERNA thus intends to prevent a potential loss of a payment claim as well as any fraud which is associated with a “purchase on account”.

If the “on account” payment method is selected, in order to safeguard its entitled interests, ETERNA shall obtain credit information upon the basis of mathematical-statistical procedures while using the address data. ETERNA shall procure the required information from infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden. (only valid for AT: Credify Informationssysteme GmbH, Gumpendorfer Straße 21, 1060 Wien), (only valid for NL: Experian Netherlands B.V., Grote Markstraat 49, NL-2511 BH Den Haag), (only valid for CH: CRIF AG Hagenholzstrasse 81, 8050 Zürich, Schweiz.), (only valid for BE: Focum, situé à Bellevue 3, 9050, Gent, Belgique)
In this regard, ETERNA shall transmit the following personal data that are required for a credit check, i.e.

-       Name,

-       Birthdate,

-       Address

Upon the basis of this information, a statistical probability of a credit default shall be calculated and, based upon this, the decision shall be made regarding the detailed implementation of the contractual relationship. Your concerns that are worthy of protection shall be taken into consideration in accordance with the statutory directives.

If the credit check has a positive result, an order on account is possible. However, if the credit check has a negative result, our shop system will offer you no payment on account option.

 

(8.2.2) Internal scoring

ETERNA is entitled to use information received in the course of the order or the current customer relationship to calculate the probability of default (internal scoring) in cases where the customer wishes to order from ETERNA using an insecure method of payment. For example, if a certain dunning level is reached, no purchase on account can be offered any more.

 

(8.2.3) Fraud prevention

The data provided in the context of your order can be used by ETERNA to check whether an atypical order process exists (e.g. simultaneous ordering of a large number of goods at the same address using different customer accounts). In principle, ETERNA has a legitimate interest in carrying out such a check (e.g. to avoid payment defaults/identity theft).

 

(8.2.4) Legal Basis for the Processing

Consequently, the collection, storage and dissemination of the personal data shall be done for the purpose of conducting the credit check in order to avoid a payment default and upon the basis of Art. 6 Para. 1 Clause 1 lit. b) GDPR and of Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(8.2.5) Purpose of the Data Processing

The credit check shall serve exclusively for the avoidance of a payment default because, in the case of a “purchase on account”, you shall first receive the goods and you must only then thereafter make the payment. In this regard, we shall render “advance performance”. Thus, we also have an entitled interest in this regard.

 

(8.2.6) Right of Objection

You can at any time object to a transmission of your data to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden. (only valid for AT: Credify Informationssysteme GmbH, Gumpendorfer Straße 21, 1060 Wien), (only valid for NL: Experian Netherlands B.V., Grote Markstraat 49, NL-2511 BH Den Haag), (only valid for CH: CRIF AG Hagenholzstrasse 81, 8050 Zürich, Schweiz.), (only valid for BE: Focum, situé à Bellevue 3, 9050, Gent, Belgique) However, at this juncture, ETERNA wishes to point out that, if you lodge such an objection against the transfer of the data for the purpose of your credit check, the “on account” payment method shall not be offered.

 

(8.3) Information regarding for credit information

You can detailed information regarding infoscore Consumer Data GmbH. (only valid for AT: Credify Informationssysteme GmbH, Gumpendorfer Straße 21, 1060 Wien), (only valid for NL: Experian Netherlands B.V., Grote Markstraat 49, NL-2511 BH Den Haag), (only valid for CH: CRIF AG Hagenholzstrasse 81, 8050 Zürich, Schweiz.), (only valid for BE: Focum, situé à Bellevue 3, 9050, Gent, Belgique) in accordance with Art. 14 European Union’s General Data Protection Regulation (“EU GDPR”), i.e. information regarding the business purpose, the purposes of the data storage, the data recipients, the right of self-disclosure, the right of deletion or correction, etc. at https://finance.arvato.com/icdinfoblatt (only valid for AT: https://www.credify.at/datenschutz); (only valid for NL: https://www.experian.nl/contact/contact-consumenten); (only valid for CH: only valid for CH: https://www.crif.ch/datenschutz/), (only valid for BE: https://www.focum.be)

 

(8.4) Note regarding the Free Self-Disclosure credit information

If you have any questions regarding the aforementioned automated credit check, we ourselves can issue no information owing to data protection reasons. In this case, please contact the following party in writing:
infoscore Consumer Data GmbH
Rheinstraße 99
76527 Baden-Baden or online:
https://finance.arvato.com/de/verbraucher/selbstauskunft/selbstauskunft-anfordern.html

Exclusively for the purpose of payment claim collection, we shall transmit your personal data to infoscore Forderungsmanagement [Payment Claim Management] GmbH, Gütersloher Str. 123, 33415 Verl.

For AT:
For reasons of data protection, we cannot provide any information ourselves on questions relating to the automated credit assessment described above. Please contact us in writing in this case:
Credify Information Services GmbH,
Gumpendorfer Street 21
1060 Vienna or by e-mail to:
datenschutz@credify.at

Further information is available at: https://www.credify.at/art-14-GDPR-info/ - point 8


We inform you that, in the event that you do not comply with this request for payment in due time and do not settle the claim in full without contesting the existence of the claim, your claim data (name, address data and the outstanding amount) will be transmitted to Credify Informationsdienstleistungen GmbH, Gumpendorfer Straße 21, 1060 Vienna, for lawful use within the scope of its trade licence in accordance with §151 GewO (address publisher) and §152 GewO (credit agency for credit relationships). Credify Informationsdienstleistungen GmbH invokes legitimate interests within the meaning of Art 6 (1) lit f EU-GDPR for the storage of this data and the transfer to requesting third parties. Detailed information on data processing at Credify Informationsdienstleistungen GmbH within the meaning of Art. 14 EU-GDPR can be found on their website at https://www.credify.at/datenschutz.

For NL:
If you have any questions regarding the above-mentioned automated credit assessment, we cannot provide any information ourselves for data protection reasons. In this case, please contact the subsequent party in writing:
infoscore Nederland B.V. [administration of payment claims],
K.R. Poststraat 90-5
8441 ER Heerenveen or online:
https://www.experian.nl/contact/contact-consumenten
The following information is required: copy of the identity card, address and name of the audited company (ETERNA).
For the sole purpose of debt collection, we will transfer your personal data to infoscore Nederland B.V., K.R. Poststraat 90-5, 8441 ER Heerenveen.

For CH:
For reasons of data protection, we are unable to provide any information ourselves in the event of questions relating to the automated credit assessment described above. In this case, please contact us in writing:
CRIF LTD.
Hagenholzstrasse 81
8050 Zurich, Switzerland or online:
https://www.crif.ch/privatpersonen/selbstauskunft/
Further information is available at: https://www.crif.ch/privatpersonen/haeufig-gestellte-fragen/

Exclusively for the purpose of debt collection, we transfer your personal data to info-score CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland.

For BE:
For reasons of data protection, we cannot provide any information for questions in connection with the automated credit assessment described above. Please contact us in writing in this case:
Focum (headquarters: Bellevue 3, 9050, Ghent, Belgium).or online:
https://www.focum.be/consumenten/gegevens-opvragen/

For the sole purpose of debt collection we will transfer your personal data to info-score Nederland B.V., K.R. Poststraat 90-5, 8441 ER Heerenveen.

 

§ 9     Initiating Contact

(9.1) Description and Scope of the Data Processing

Upon your contacting ETERNA via e-mail or telephone, your e-mail address and, if you disclose this, the personal data (e.g. your name and your telephone number) also disclosed with the e-mail shall be stored by ETERNA in order to answer your questions. In this context, no dissemination of the data shall be made to third parties. The data shall be used exclusively for the processing of the conversation.
In order to provide you with good customer service, we work together with external communication service providers who have access to the following data for the purpose of processing your orders and customer enquiries: First name, last name, postal address, e-mail address, telephone number, order history, communication data.

 

(9.2) Legal Basis for the Processing

By having sent us an inquiry via e-mail, you are considered to have granted your consent for the processing of your data that have thus been transmitted which is why the legal basis of this data processing is Art. 6 Para. 1 Clause 1 lit. a) GDPR. Moreover, the processing of the data provided by you shall be required for the processing of your inquiry so that Art. 6 Para. 1 Clause 1 lit. f) GDPR shall constitute an additional legal basis for the processing of the data.

 

(9.3) Purpose of the Data Processing

The processing of the personal data shall serve us solely for the processing of your contact inquiry.

 

(9.4) Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose of their collection. Any mandatory statutory directives – particularly retention timeframes – shall remain unaffected.

 

(9.5) Rights of Objection and Deletion

You shall have at all times the right to revoke your consent for the processing of your personal data or to object to the storage of your personal data. Please keep in mind that, in such a case, the conversation cannot be continued.

 

§ 10     Newsletter; Product Recommendations for Similar Goods; Direct Advertising by Letter

(10.1) ETERNA Newsletter

(10.1.1) Description and Scope of the Data Processing

You have the option of subscribing to the free-of-charge ETERNA newsletter by means of which we inform you of our current interesting offers. The promoted goods are named in the Declaration of Consent. For the registration for the newsletter, ETERNA uses the so-called double opt-in procedure. That means that ETERNA, upon your registration, will use the e-mail address that you have provided in order to send a confirmation e-mail to the designated e-mail address whereby ETERNA will ask you to confirm that you wish to receive the newsletter. Thus, it is ensured that no third party has used your data. You must confirm your registration within 24 hours in order to activate your registration.

The mandatory information for the sending of the newsletter is solely your e-mail address. The disclosure of additional, specially-marked data is voluntary and shall be used solely for a personalisation of the newsletter.

Moreover, ETERNA shall respectively store your IP addresses in addition to the date and time of day during the registration and the confirmation. The purpose of the procedure is to document your registration and, where applicable, to be able to identify any potential misuse of your personal data.

 

(10.1.2) Legal Basis for the Processing

The processing of the data entered in the newsletter registration form shall be done exclusively upon the basis of your consent in accordance with Art. 6 Para. 1 Clause 1 lit. a) GDPR.

 

(10.1.3) Purpose of the Data Processing

The collection of the user’s e-mail address shall serve the purpose of sending the newsletter.

 

(10.1.4) Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose of their collection.

 

(10.1.5) Right of Objection; Right of Deletion

You may at any time cancel the subscription to the newsletter (i.e. revoke at any time the consent that has been issued). The revocation may be declared by clicking on the link that is provided in each newsletter e-mail, via e-mail to service@eterna.de or via a message (e.g. fax or letter) to ETERNA’s contact data that are stated in § 1. However, the legality of the data processing procedures that have already been done shall remain unaffected by the revocation.

 

(10.2) Product Recommendations for Similar Goods from ETERNA

In addition to the purpose of implementing the contractual agreement, ETERNA shall use the e-mail which you provide in conjunction with the purchase of an item to notify you of its own similar products via direct advertising upon a regular basis by e-mail. This shall be done regardless of whether you have registered for the newsletter or not.

You may at any time object to the usage of your e-mail address for the sending of product information by ETERNA without any costs being incurred by you than the communication costs incurred at the basic rates. You may declare your objection by clicking on the link that is provided in each product recommendation e-mail, via e-mail to service@eterna.de or via a message (e.g. fax or letter) to ETERNA’s contact data that are stated in § 1.

 

(10.3) Newsletter Tracking

(10.3.1) The sending of the newsletter and the product information e-mail are made via “eMail Studio”, a newsletter-mailing platform from the Salesforce cloud provider (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany; “Salesforce”). You can review the Data Protection Guidelines of the mailing service provider here: https://www.salesforce.com/de/company/privacy/. You can find additional information regarding the GDPR at https://www.salesforce.com/de/campaign/gdpr/.

 

(10.3.2) The e-mail addresses of the recipients are stored on Salesforce’s servers. Salesforce uses this information in order to send and evaluate the newsletter as well as the product information e-mails by our mandate. Moreover, Salesforce uses these data in order to optimise or improve its own services, e.g. in order to technically optimising the mailing process and the presentation of the newsletter/the product information e-mails or for statistical purposes in order to determine which countries the recipients are from. The usage of these data shall be done in pseudonymised form, i.e. without any categorisation to a user.

 

(10.3.3) The newsletter and the product information e-mails contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved upon opening the e-mail from Salesforce’s server. During this retrieval, initially technical information, e.g. information regarding the browser and your system as well as your IP address and the time of the retrieval, is collected. This information is used in order to technically improve the services based upon the technical data or the target groups and their reading behaviour based upon their retrieval locations (which are determinable via the IP address) or the access times. The statistical data collections also likewise include the determination of whether the newsletter and/or the product information e-mail are being opened, when they are opened and which links are clicked. This information can be categorised for technical reasons to the individual recipients whereby the evaluations serve merely to identify the reading habits of our users and to adapt our contents to them, to improve them or send different contents based upon our users’ interests.

 

(10.3.4) Salesforce indeed has a branch in Germany, but has its Headquarters in the USA. Thus, it cannot be ruled out that the aforementioned data will be transmitted to the USA. Salesforce is certified in accordance with the EU-US Privacy Shield and guarantees that your data will also be subjected to an appropriate data protection level in the USA. You can find additional information regarding the certification by clicking on the following link: https://www.privacyshield.gov.

 

(10.3.5) The legal basis for the data processing is, owing to your registration for the newsletter, Art. 6 Para. 1 Clause 1 lit. a) GDPR and/or, owing to the product recommendation e-mail, Art. 6 Para. 1 Clause 1 lit. f) GDPR. You can at any time cancel the newsletter as well as object to the usage of your e-mail address in order to send product information. In this case, Salesforce shall no longer process your data for the aforementioned purposes. In this context, we make reference to the statements in (10.1.5) as well as (10.2) of these Data Protection Guidelines.

 

(10.4) Direct Advertising by Letter

(10.4.1) Description and Scope of the Data Processing

ETERNA shall use the postal address (in addition to your name) which you have provided in conjunction with the purchase of an item to notify you via direct advertising (e.g. in order to send interesting offers and information about our products) upon a regular basis by letter.

 

(10.4.2) Legal Basis for the Processing

The legal basis for the direct advertising by letter is Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(10.4.3) Purpose of the Data Processing

The data collection of your name as well as your address also serves the purpose of sending you direct advertising by letter. In accordance with Recital 47 to the GDPR, the processing of personal data for the purpose of direct advertising may be regarded as being a type of processing which serves an entitled interest. In this context, it must be taken into consideration particularly that a customer relationship already exists between you and ETERNA as the result of your purchase and we thus have an entitled interest in notifying you henceforth of current offers.

 

(10.4.4) Duration of the Storage

The data shall be deleted as soon as they are no longer required for the attainment of the purpose of their collection.

 

(10.4.5) Right of Objection

You may at any time object to this form of direct advertising by letter by ETERNA. You may declare your objection via e-mail to service@eterna.de or via a message (e.g. fax or letter) to ETERNA’s contact data that are stated in § 1.

 

§ 11     Participation in Sweepstakes, Prize Competitions or Other Campaigns

ETERNA conducts sweepstakes, prize competitions or other campaigns in irregular intervals. Insofar as the disclosure of personal data (e.g. your name, your address or your e-mail address) is required in order to participate, ETERNA shall use them exclusively for the implementation of the sweepstakes, the prize competition or any other campaign. You can review the details in this regard in the respectively-separate Participation Terms and Conditions as well as separate Data Protection Guidelines.

 

§ 12     Usage of Cookies and similar technologies

The cookies or similar technologies (e.g. Webanalyse tools/tracking measures) listed below and used by us are carried out on the basis of Art. 6 Para. 1 S. 1 lit. f) GDPR. With the measures we use, we want to ensure that our website is designed in line with requirements and continuously optimised. In addition, we use the tools to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the aforementioned regulation.

A list of the cookies we use, descriptions of the purposes of the cookies and further information on the respective cookies can be found at https://www.eterna.de/#uc-corner-modal-show; in our cookie consent solution.

You can accept or reject individual or all cookies separately in our cookie approval solution on your first visit to our website and then at any time by placing a green tick next to the respective cookie or removing it and then clicking on "Save settings".

Your settings made in the Cookie Consent Solution will be stored on your computer or mobile device. You will therefore need to re-enter them if you delete your browsing history or use a different device or Internet browser.

 

(12.1) Fit Analytics

For the purpose of size advice, we offer an online size advisor that helps you choose the right size of clothes during the ordering process. The size advisor can be opened by clicking the button "[Size Advisor]" and is operated by Fit Analytics GmbH, Sanderstraße 28, 12047 Berlin, https://www.fitanalytics.com.
When using the size advisor you can, if you wish, send the following data to Fit Analytics in order to receive a size recommendation:

-       Body height

-       Weight

-       Figure type (Chest/Stomach)

-       Wearing preferences (e.g. "tighter" or "wider")

-       Age (optional)

-       Reference mark and article (optional)

 

These usage data are collected by Fit Analytics exclusively in anonymous form and are processed only for the purpose of calculating the appropriate size for each customer and to continuously optimize the procedures underlying the recommendations. A so-called "session cookie" is used for this purpose, which stores the data listed below:

-       Recommended dress size

-       Session ID (randomized sequence of numbers)

-       Time and date stamps

-       Browser type

-       Anonymized IP address (by means of IP masking)

 

The storage of the IP address is only tracked in a shortened (anonymized) form and is additionally encrypted by means of a hashing procedure. It is used exclusively for session recognition and to defend against cyber-attacks (such as DoS attacks). The session cookie is valid for ten days, so that returning customers can be automatically identified within this period and you no longer need to re-enter the data required for size recommendation. In this case, the recommended size can also be displayed directly on the product detail page without having to open the size advisor again.

To calculate the recommended size, Fit Analytics also uses anonymized purchase and returns data collected when you place an order in our online store. The collected data does not allow any conclusion on a natural person and includes the following information:

-       Time and date stamp of the purchase

-       Order number

-       Product number

-       Selected dress size

-       Price (currency if applicable)

 

You can prevent the session cookie from being saved by configuring your web browser accordingly. Please refer to Fit Analytics' privacy policy for more information and contact details.

 

§ 13     Customer Survey Inquiry from eKomi

(13.1) Description and Scope of the Data Processing

For the purposes of customer and product assessments by ETERNA’s customers and for the internal quality management, ETERNA has integrated the evaluation software from eKomi Ltd., Markgrafenstraße 11, 10969 Berlin (“eKomi”) into its website. ETERNA would thus like to offer you the possibility of submitting an assessment after you have completed your purchase. eKomi is a company which specialises in the Web-based collection of authentic customer opinions, product assessments and recommendations. You can find detailed information regarding this third-party provider at https://www.ekomi.de.
After the goods are shipped, eKomi will send a link to a purchasing assessment page to randomly-selected customers together with the request to submit an assessment of your purchase from ETERNA (“customer survey inquiry”). Your submission of such a customer survey is done absolutely voluntarily.

Because only such customers can submit a purchasing rating who have bought a product from ETERNA, it is necessary that ETERNA forward the personal data that you have provided and/or order data to eKomi – thus your name, your e-mail address as well as the order number.

eKomi will receive the data from ETERNA exclusively for the purpose of obtaining the customer survey.

 

(13.2) Legal Basis for the Data Processing

The legal basis for the processing of your aforementioned personal data is Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(13.3) Purpose of the Data Processing

Feedback from our customers in the form of customer and product assessments enables us to control our online shop. By reviewing the assessments that have been submitted, we are able to compile information about customer satisfaction. This helps us to constantly improve our website and its user-friendliness. These purposes also create the basis for our entitled interest in the processing of the data in accordance with Art. 6 Para. 1 Clause 1 lit. f) GDPR.

 

(13.4) Rights of Objection and Deletion

You can at any time object to the sending of such a customer assessment inquiry by ETERNA. You can declare your objection via e-mail to service@eterna.de or by sending a message (e.g. fax or letter) to ETERNA’s contact data that are stated in § 1.

 

§ 14     Voucher Offers from Sovendus GmbH

We participate in the partner network of Sovendus GmbH, Hermann-Veit-Str. 6, 76133 Karlsruhe, https://www.sovendus.de; hereafter: “Sovendus”) in order to be able to offer you vouchers for purchases made in other shops which participate in Sovendus’ network.

For the selection of a voucher offer that is interesting to you currently, we pseudonymised and encrypt the hash value of your e-mail address and your IP address before transmitting them to Sovendus GmbH, Hermann-Veit-Str. 6, 76133 Karlsruhe (Sovendus) (Art. 6 Para. 1 Clause 1 lit. f) GDPR). The pseudonymised hash value of the e-mail address is used for the consideration of any objection that may possibly be lodged against Sovendus’ advertising (Art. 21 Para. 3, Art. 6 Para. 1 Clause 1 lit. c) GDPR). The IP address is used by Sovendus exclusively for the purposes of data security and, as a rule, are anonymised after seven days (Art. 6 Para. 1 Clause 1 lit. f) GDPR). Moreover, for invoicing purposes, we pseudonymised the order number, the order amount with the currency, session ID, coupon code and time stamp before sending them to Sovendus (Art. 6 Para. 1 lit. f) GDPR).

If you are interested in a voucher offer from Sovendus, no advertising objection has been lodged in conjunction with your e-mail address and you click on the voucher banner displayed only in this case, we shall send the encrypted form of address, name, postcode, country and your e-mail address to Sovendus in order to prepare the voucher (Art. 6 Para. 1 Clause 1 lit. b), f) GDPR).

Please review more extensive information regarding the processing of your data by Sovendus in its Online Data Protection Guidelines at https://www.sovendus.de/datenschutz.

 

§ 15     Usage of Facebook, Google, Instagram, YouTube, VIMEO and Microsoft

(15.1) ETERNA maintains online presences on the social networks Facebook, Google+, Instagram, YouTube as well as VIMEO in order to inform you of its services as well as news from the fashion and lifestyle segments. This serves the purpose of safeguarding our prevailing entitled interests in an optimal marketing of our website during a reconciliation of interests in accordance with Art. 6 Para. 1 Clause 1 lit. f) GDPR. In order to increase the protection of your data when visiting our website, these buttons have not been integrated into the website in unrestricted fashion as plugins, but rather merely while using an HTML link. This integration guarantees that, when visiting a page of our website which contains such buttons, no connection is created with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser will open and access the webpage of the respective service provider where you can (where applicable, after entering your log-in data) press the Like or Share button, for example.

 

(15.2) In the following, you will find detailed information regarding the respective providers of the online websites as well as – by clicking on the respective links – a description of the respective data processing.

 

(15.2.1) Facebook

The provider of Facebook is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (Ireland).

The purpose and scope of data collection, the continued processing and usage of the data by Facebook as well as your related rights and setting options for the protection of your private sphere can be found in Facebook’s Data Protection Guidelines which you can retrieve by clicking on the following link: https://www.facebook.com/privacy/explanation.

You can object to the usage of data for advertising purposes by Facebook by clicking on the following links via an opt-out:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Or
https://www.youronlinechoices.com/.

We wish to expressly point out to you that Facebook Ireland limited is a subsidiary of the American company Facebook Inc. (1 Hacker Way, Menlo Park, California, 94025, USA). Accordingly, a transmission of the data to the USA cannot be ruled out. However, Facebook Inc. has nonetheless obligated itself to fulfil the EU-US Privacy Shield which guarantees that the data will also be subjected to an appropriate data protection level in the USA. You can find additional general information regarding certification by clicking on the link: https://www.privacyshield.gov; you can retrieve the current Privacy Shield status of Facebook by clicking on the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

(15.2.2) Google

The Google+ service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The purpose and scope of the data collection, the continued processing and usage of the data by Google as well as your related rights and setting options for the protection of your private sphere can be found in Google’s Data Protection Guidelines which you can retrieve by clicking on the following link: https://policies.google.com/privacy.

Owing to the location of Google’s Headquarters, a transmission of the data to the USA cannot be ruled out. However, Google has obligated itself to fulfil the EU-US Privacy Shield which guarantees that the data in the USA will also be subjected to an appropriate data protection level. You can find additional information regarding the certification by clicking on the link https://www.privacyshield.gov; you can retrieve the current Privacy Shield status of Google by clicking on the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

(15.2.3) Instagram

The Instagram service is provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (Ireland)). You can find detailed information regarding the purpose and the scope of the data collection, the continued processing and usage of the data by Instagram as well as your related rights and setting options for the protection of your private sphere in Instagram’s Data Protection Guidelines which you can retrieve by clicking on the following link: https://instagram.com/about/legal/privacy/.

We wish to expressly point out to you that Facebook Ireland limited is a subsidiary of the American company Facebook Inc. (1 Hacker Way, Menlo Park, California, 94025, USA). Accordingly, a transmission of the data to the USA cannot be ruled out. However, Facebook Inc. has nonetheless obligated itself to fulfil the EU-US Privacy Shield which guarantees that the data in the USA will also be subjected to an appropriate data protection level. You can find additional information regarding the certification by clicking on the link https://www.privacyshield.gov; you can retrieve the current Privacy Shield status of Facebook by clicking on the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

(15.2.4) Two-click solution from YouTube

On our website, a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: YouTube) is loaded. We use this data to ensure the full functionality of our website. The website does not embed Youtube videos directly into the web presence. A profiling by third parties is therefore excluded. In order to be able to view our videos, users must first click on the preview image. The video can only be viewed after clicking away the hint or logging in. Only in this moment data is transferred.
In this context, your browser may transmit personal data to Youtube. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest consists in an error-free function of the website. The data will be deleted as soon as the purpose of their collection has been fulfilled. Further information on the handling of the transferred data can be found in the data protection declaration of Youtube: https://policies.google.com/privacy

You can prevent the collection and processing of your data by Youtube by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

 

(15.2.5) Two-click solution from VIMEO

We use "Vimeo" on our website to display videos. This is a service of Vimeo, LL C, 555 West 18 th Street, New York, New York 10011, USA, hereinafter referred to as "Vimeo" only.
The website does not embed VIMEO videos directly into the web presence. The creation of a profile by third parties is therefore excluded. In order to view our videos, users must first click on the preview image. Only after clicking away the reference or logging in can the video be viewed. Only in this moment data is transferred.
Some of the user data is processed on Vimeo servers in the USA. Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active Vimeo guarantees, however, that the data protection regulations of the EU will also be observed when processing data in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our Internet presence.
If you visit a page of our website in which a video is embedded, a connection to the Vimeo servers in the USA will be established to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website are also recorded.
If you are logged in to Vimeo while visiting one of our Internet sites where a Vimeo video is embedded, Vimeo may assign the information collected to your personal user account. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.

For the purpose of functionality and usage analysis, Vimeo uses the web analysis service Google Analytics. Google Analytics stores cookies on your end device via your Internet browser and sends information about the use of our Internet pages in which a Vimeo video is embedded to Google. It cannot be excluded that Google processes this information in the USA.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this under the item "Cookies" above.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our Internet presence and in the legitimate interest of Vimeo to analyze user behaviour statistically for optimization and marketing purposes.
Vimeo offers additional information on the collection and use of data, as well as on your rights and options for protecting your privacy, at https://vimeo.com/privacy.

 

(15.2.6) Google Maps

In our Internet presence we use Google Maps to display our locations (store-locater) and, if necessary, to provide directions. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only "Google".

Through the certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is called up.
If you call up the Google Maps component integrated into our website, Google will store a cookie on your terminal device via your Internet browser. In order to display our location and to create a route description, your user settings and data are processed. We cannot exclude the possibility that Google uses servers in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization of the functionality of our Internet presence.
Through the connection to Google established in this way, Google can determine from which website your enquiry has been sent and to which IP address the directions are to be sent.
If you do not agree with this processing, you have the possibility to prevent the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this above under the item "Cookies".
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms of Business for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
Google also offers a variety of other services at https://adssettings.google.com/authenticated and https://policies.google.com/privacy for further information.

 

(15.2.7) Microsoft

This is a service of Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA. This service allows us to track the activities of users on our website if they have come to our website through ads from Bing Ads when using the Bing search engine and a cookie has been placed on their computers by Bing Ads on the particular web page where our ad is displayed. For this purpose, a Bing UET tag is included on our website. This is a code that is used in conjunction with the cookie to store some non-personal information about your use of the website. Information about your identity is not collected. The purpose of this data processing is to determine whether the product information and recommendations displayed to you were relevant to you.

The information collected is transferred to the Microsoft server in the USA and stored there for a maximum of 180 days.

The legal basis for this data collection is your consent (Art. 6 para. 1 letter a) GDPR).

You can revoke your consent at any time by deactivating the relevant Microsoft Advertising cookie under Marketing and Targeting in your cookie settings. Please note that if you revoke your consent, the lawfulness of our processing of your data on the basis of the consent up to the time of revocation will not be affected.

You can also prevent the collection of data generated by the cookie and relating to your use of the website and the processing of this data by deactivating the setting of cookies. This may limit the functionality of the website. In addition, Microsoft may use cross-device tracking to track your usage across multiple electronic devices and may be able to display personalized advertisements on or in Microsoft Web pages and apps. You can deactivate this behaviour by clicking the link below: Cookie settings https://www.eterna.de/#uc-corner-modal-show
For more information about Bing's analysis services, please visit the Bing Ads website: https://help.bingads.microsoft.com/#apex/3/de/53056/2

 

(15.3) Please keep in mind that the exercising of your affected party rights can be done most effectively against the respective provider because merely the respective provider has direct access to your data. Insofar as you require support in this regard, please feel free to contact us via the contact data that have been provided for ETERNA.

 

§ 16     Data Security

Within the website visit, we use the popular SSL procedure (Secure Socket Layer) in conjunction with the respectively-highest encryption level which is supported by your browser. As a rule, this entails a 256-bit encryption. You can recognise an encrypted connection by the fact that the browser’s address line has changed from http:// to “https://” and by the lock symbol in your browser line.
Moreover, we utilise suitable technical and organisational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are constantly being improved based upon the technological development.

 

§ 17     Your Affected Party Rights

If your personal data are processed, you are considered to be the affected party in accordance with the GDPR and you shall be entitled to the following rights vis-à-vis us as the Responsible Party.

You can declare these rights against us via an e-mail sent to service@eterna.de or via a message (e.g. fax or letter) sent to the contact data specified in § 1.

Right of Information, Art. 15 GDPR
You have the right to demand that we confirm whether your personal data are being processed. If this is indeed the case, then you have a right to request information regarding these personal data and (particularly) regarding the

-       Processing purposes,

-       The category of the personal data,

-       The categories of recipients to whom your data have been or are being disclosed,

-       The planned storage duration,

-       The valid existence of a right of correction, deletion, restriction of the processing or objection,

-       The valid existence of a right of complaint,

-       The origin of your data insofar as we have not collected them,

-       As well as the existence of automated decision-making including profiling and, where applicable, detailed information in this regard.

 

Right of Correction, Art. 16 GDPR
You have a right to request the correction and/or completion of your personal data by the Responsible Party insofar as your processed personal data are incorrect or incomplete. We must undertake the correction in a prompt manner.



Right of Deletion (“Right to be Forgotten”), Art. 17 GDPR
You have the right to demand the deletion of your personal data which we have stored unless (particularly) the processing is required for the exercising of the right of free expression and information, for the fulfilment of a legal obligation, for reasons encompassing the public’s interest or in order to assert, exercise or ward off legal claims.

 


Right of Restriction of the Processing, Art. 18 GDPR
You have the right to demand the restriction of the processing of your personal data insofar as you dispute the accuracy of the data, the processing is illegal but you reject their deletion and we no longer require the data, but you nonetheless require them in order to assert, exercise or ward off legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

 


Right of Notification, Art. 19 GDPR
If you have asserted the right of correction, deletion or restriction of the processing against us, we shall be obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of the processing unless this is determined to be impossible or is associated with disproportionate expenditures.

You shall have the right to request that we disclose information about these recipients to you.



Right of Data Portability, Art. 20 GDPR
You have the right to receive your personal data, which you have provided to us, in a structured, standard and machine-readable format or to demand the transmission thereof to another Responsible Party.



Right of Objection, Art. 21 GDPR
You have the right, for reasons which are based upon your particular situation, to at any time lodge an objection against the processing of your personal data which is made in accordance with Art. 6 Para. 1 Clause 1 lit. e) or lit. f) GDPR; this shall also be valid for a profiling supported by these provisions.

We shall no longer process your personal data unless we can document mandatory reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or warding off legal claims.

If your personal data are processed in order to operate direct advertising, you have the right to at any time lodge an objection against the processing of your personal data for the purpose of such advertising; this shall also be valid for the profiling insofar as it is in conjunction with such direct advertising.
If you object to the processing for purposes of direct advertising, then your personal data shall no longer be processed for these purposes.



Right of Revocation of the Declaration of Consent Granted in Accordance with Data Protection Law, Art. 7 Para. 3 GDPR
You shall have the right to at any time revoke your consent which has been issued to us. This shall have the consequence that we may no longer continue the data processing in the future which was based upon this consent. However, the revocation of the consent shall not affect the legality of the processing that was done based upon the consent until it was revoked.



Right to Lodge a Complaint to a Government Supervisory Agency, Art. 77 GDPR
Notwithstanding any other legal remedy under administrative law or issued by a court, you shall have the right to lodge a complaint to a government supervisory agency – particularly in the member country of your residence, your workplace, or the location of the purported violation if you are of the belief that the processing of your personal data violates the GDPR.

 

§ 18     Currentness of and Changes to This Data Protection Declaration

(18.1) This Data Protection Declaration is being drafted in the version of: 2020/05/27.

 

(18.2) Owing to the continued development of our website or owing to changed statutory and/or government directives, it may become necessary to modify this Data Protection Declaration. The respectively-current Data Protection Declaration may be retrieved and printed out at any time on our website by clicking (here).