Your browser’s Javascript functionality is turned off. Please turn it on so that you can experience the full capabilities of this site.

1 Introduction

We, Wortmann Fashion Retail GmbH & Co. KG, as the operator of the online offering, are the Controller responsible for the processing of the personal data of the users of the online offering. You can find our contact details in the legal notice (Impressum) of the online offering; the contact persons for questions regarding the processing of personal data are named directly in this Privacy Policy.

We take the protection of your privacy and your private data very seriously. We collect, store, and use your personal data only in accordance with the content of this Privacy Policy as well as the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and national data protection laws.

With this Privacy Policy, we inform you to what extent and for what purposes personal data is processed in connection with the use of the online offering.

1.1 Personal Data

Personal data is information relating to an identified or identifiable natural person. This includes all information about your identity, such as your name, email address, or postal address. Information that cannot be linked to your identity (such as statistical data on the number of users of the online offering, for example) is not considered personal data.

You can generally use our online offering without disclosing your identity and without providing personal data. In that case, we only collect general information about your visit to our online offering. However, for some of the services offered, personal data will be collected from you. This data will then be processed by us fundamentally only for the purpose of using this online offering, in particular to provide the requested information. When collecting personal data, only the data that is strictly necessary must be provided. In addition, further information may be possible, which is then provided on a voluntary basis. We will indicate in each case whether it is a mandatory field or optional information. We will then inform you about the specific details in the relevant section of this Privacy Policy.

Automated decision-making based on your personal data does not take place in connection with the use of our online offering.

1.2 Processing of Personal Information

Your information is stored by us on specially protected servers within the European Union. These are protected by technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons. Access to your data is only possible for a few authorized persons. They are responsible for the technical, commercial, or editorial support of the servers. Despite regular checks, however, complete protection against all dangers is not possible.

Your personal data is transmitted encrypted over the internet. We use SSL (Secure Socket Layer) encryption for data transmission.

1.3 Disclosure of Personal Data to Third Parties

We generally use your personal information only to provide the services you have requested. Insofar as external service providers are used by us as part of the provision of services, their access to the data is also exclusively for the purpose of providing the service. Through technical and organizational measures, we ensure compliance with data protection requirements and also obligate our external service providers to do so.

Furthermore, we do not pass the data on to third parties without your explicit consent, especially not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data transfer or insofar as we are entitled or obligated to do so on the basis of legal provisions and/or official or judicial orders. This may involve, in particular, providing information for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights.

Insofar as we transmit your personal data ourselves or through service providers to countries outside the European Union, we comply with the special requirements of Art. 44 et seq. GDPR for this purpose and also oblige our service providers to comply with these regulations. We will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured in particular by an adequacy decision of the EU Commission or by appropriate safeguards in accordance with Art. 46 GDPR.

1.4 Legal Bases for Data Processing

Insofar as we obtain consent for the processing of your personal data, Art. 6(1)(a) GDPR serves as the legal basis for data processing.

Insofar as we process your personal data because this is necessary for the performance of a contract or within the framework of a quasi-contractual relationship with you, Art. 6(1)(b) GDPR constitutes the legal basis for data processing.

Insofar as we process your personal data to fulfill a legal obligation, Art. 6(1)(c) GDPR is the legal basis for data processing.

Art. 6(1)(f) GDPR is also considered as a legal basis for data processing if the processing of your personal data is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights, and freedoms do not override the protection of personal data.

Within the scope of this Privacy Policy, we always indicate the legal basis upon which we base the processing of your personal data.

1.5 Data Deletion and Storage Duration

We generally delete or block your personal data whenever the purpose of storage no longer applies. However, storage may take place beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, we delete or block your personal data after the end of the corresponding requirements.

To delete your account, please contact our customer service via service.de@capriceshoes.com

2 Use of Our Online Offering

2.1 Information About Your Device

Every time you access our online offering, regardless of your registration, we collect the following information about your device: the IP address of your device, your browser's request, and the time of this request. In addition, the status and the amount of data transferred within the scope of this request are recorded. We also collect product and version information about the browser used and the operating system of the device. We further record from which website the access to the online offering occurred. The IP address of your device is only stored for the time of the use of the online offering and is subsequently deleted or anonymized by shortening. The remaining data is stored for a limited period of time.

We use this data for the operation of the online offering, in particular to detect and eliminate errors, to determine the utilization of the online offering, and to make adjustments or improvements. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

2.2 Use of Cookies

For our online offering – as on many websites – cookies are used. Cookies are small text files that are stored on your device and save certain settings and data for exchange with the online offering from us via your browser. A cookie usually contains the name of the domain from which the cookie file was sent, as well as information about the age of the cookie and an alphanumeric identifier.

Cookies enable us to recognize your device and to make any presettings and preferences immediately available. The cookies we use are – as far as possible – so-called session cookies, which are automatically deleted again after the end of the browser session. Occasionally, cookies with a longer storage period can also be used so that your presettings and preferences can also be taken into account during your next visit to our online offering.

Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. It is also possible to delete already stored cookies manually via the browser settings. Please note that you may only be able to use our online offering to a limited extent or not at all if you reject the storage of cookies or delete necessary cookies.

Insofar as cookies are not necessary for our online offering, we ask for your consent to the use of cookies when you first visit the online offering. With regard to non-essential third-party cookies, you will find a more detailed description of the third-party services we use below. The legal basis for the associated data processing, including any data transfer, is your consent within the meaning of Art. 6(1)(a) GDPR. Consent once given can be revoked at any time with effect for the future, in particular by changing the selected settings.

The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offering within the meaning of Art. 6(1)(f) GDPR and – insofar as contracts are concluded or fulfilled via our online offering – the fulfillment of the contract within the meaning of Art. 6(1)(b) GDPR.

3 Integration of Third-Party Services

For some functions in our online offering, we rely on third-party services. The respective services are predominantly optional functions that must be explicitly selected or used by you. We have concluded contractual agreements with the respective providers for the provision or integration of their services and, within the scope of our possibilities, advocate that the third-party providers also transparently inform about the scope of the processing of personal data and comply with data protection regulations.

3.1 Google Analytics

We use Google Analytics for statistical evaluations. Google Analytics is a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter: "Google"). Within the framework of Google Analytics, Google uses, among other things, cookies for the evaluations. The type and scope of the use and evaluation of cookies are determined by Google. The information generated by the cookies about your use of the online offering is transmitted to a Google server and stored there. In this context, it cannot be ruled out that data is transferred to the USA, which may allow government authorities to access this data.

Due to standard IP anonymization, however, your IP address is previously shortened by Google on servers within the European Union.

On our behalf, Google uses this information to evaluate your use of the online offering, to compile reports on website activity, and to provide further services related to website use and internet use to us as the operator of the online offering. Furthermore, Google may use the data for its own purposes. Within the scope of these purposes, Google may, for example, profile user behavior or link the data with other data, such as an existing Google account. We have no influence on these data processing operations. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data. For more information, please refer to Google's privacy information, which is linked below for you.

We also use the "demographics" function of Google Analytics. This allows reports to be created containing statements on the age, gender, and interests of site visitors. This data stems from interest-based advertising by Google as well as visitor data from third-party providers. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the following paragraph. Further information on the "demographics" function can be found at Google at https://support.google.com/analytics/answer/2799357?hl. Further information on Google Analytics can be found at http://tools.google.com/dlpage/gaoptout?hl or http://www.google.com/intl/de/analytics/privacyoverview.html. We point out that on our websites, Google Analytics has been extended by the code "anonymizeIp();" in order to anonymize IP addresses, whereby the last octet is deleted.

The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this.

3.2 Commanders Act

As part of our online offering, we also use Commanders Act, a service from Fjord Technologies 3 rue Saint -Georges, 75009 Paris. This is a management tool for marketing campaigns. We use the service as a consent tool and for editing metadata. Through its use, we can offer our services to you as a user.

Commanders Act processes and stores information about your user behavior on our website. For this purpose, Commanders Act uses, among other things, cookies, i.e., small text files that are stored locally in the cache of your web browser on your device and enable an analysis of your use of our website.

The legal basis for managing your consent settings is, on the one hand, our legitimate interest in optimally designing our online offering. In addition, data processing takes place to obtain and document the legally required consents for the use of certain technologies, Art. 6(1)(c) GDPR.

For any further data processing by Commanders Act, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR.

Further information on data processing by Commanders Act can be found at https://www.commandersact.com/de/datenschutz/.

3.3 BrowseAid

For our online offering, we use the BrowseAid service provided by Machinas Ecommerce SRL, Sector 3, Str. DECEBAL, Nr. 25-29, Lvl. 9, 030965 Bucharest, Romania (hereinafter: "Machinas").

BrowseAid supports us in analyzing and improving our online offering by removing digital barriers and ensuring the accessibility of our content. We are obliged to do this under the Accessibility Strengthening Act (BFSG); further information can be found on our website at https://capriceshoes.com/de-DE/barrierefreiheitserklaerung/accessibility-declaration-caprice.html. Within the scope of use, your IP address is recorded, among other things, and cookies are set in your respective end device. Further information about data processing by Machinas can be found at https://browseaid.com/privacy-policy.

The legal basis for data processing is the fulfillment of our legal obligations under Sec. 3 Para. 1 Sentence 1 BFSG in conjunction with Art. 6(1)(c) GDPR[HM1].

3.4 Microsoft Clarity

For statistical evaluation, we use the Microsoft Clarity service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: "Microsoft") on our online offering.

To evaluate user behavior, Microsoft also uses cookies, among other things. The information generated in this way about your use of our online offering is transferred to Microsoft servers and stored there. In this context, it cannot be ruled out that data is transferred to the USA, which may allow government authorities to access this data. We have made the technical default settings so that the data is pseudonymized by Microsoft before transmission to the Microsoft servers, in particular in the form of IP masking (pseudonymization of the IP address).

The evaluation of user behavior is based on a pseudonymous user ID.

In addition, further pseudonymized data such as usage data (e.g., access times, visited content), meta and communication data (e.g., IP address, devices used), location data (e.g., information on the geographic location of the device) and movement data (e.g., mouse movements and scroll movements) are used.

Data processing is carried out to evaluate the use of our online offering. According to Microsoft, the information stored on Microsoft servers can also be used for advertising purposes. We have no influence on the further data processing by Microsoft. Further information on data processing at Microsoft can be found at: https://clarity.microsoft.com/ and https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR.

3.5 Mapp Intelligence

We use the services of Mapp Digital Germany GmbH (formerly Webtrekk), Schönhauser Allee 148, 10435 Berlin ("Mapp Digital") for statistical evaluations. During your visit to our online presence, information transmitted by your browser is collected and evaluated for our web controlling. The collection is carried out by a pixel embedded on each internet page, as well as through the use of cookies, provided you have consented to the use of cookies.

Further information can be found at https://mapp.com/de/datenschutz/ and at https://mapp.com/privacy-mapp-cloud/.

The collected data is used to create anonymous usage profiles, which are used as a basis for web statistics. However, there is no personal identification of individual users or a merger with other data. The creation of web statistics is our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR; insofar as the data is collected using cookies, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR[HM3]. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this.

3.6 Amplitude

On our online offering, we also use the analytics service Amplitude, provided by Amplitude Inc., 501 2nd Street, Suite 100 San Francisco, CA 94107, USA, to evaluate usage.

Within the scope of using the service, your order number as well as your IP address in anonymized form are recorded. In addition, the service records several parameters such as clicks and page views to evaluate the usage of our online offering. By means of this statistical data, a usage evaluation of our online offering and thus an optimization of your visitor experience is to be achieved. If the order number is not recorded, only evaluations without any personal reference are carried out.

For more information on privacy at Amplitude, please visit: https://amplitude.com/privacy.

The legal basis for the use of Amplitude is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future. If the order number is not recorded, the legal basis is our legitimate interest in the optimal design of our online offering according to Art. 6(1)(f) GDPR[HM0].

3.7 A/B Tasty

We use the AB Tasty tool from AB Tasty SAS, 17-19 Rue Michel-le-Comte, 75003 Paris, France for AB testing and for the continuous improvement of the online offering. The cookies used allow us to modify the page and analyze changes. The Privacy Policy and further explanations on cookie usage can be found here https://www.abtasty.com/de/datenschutzerklarung/ and here https://support.abtasty.com/hc/en-us/articles/6416315967004-Cookies-Privacy. A more detailed explanation of the opt-out options can be found at https://support.abtasty.com/hc/en-us/articles/6397541297820.

3.8 Use of Salesforce (Commerce Cloud & Einstein)

For the operation of our online offering and the management of our customer relationships, we use services of salesforce.com Germany GmbH (Erika-Mann-Str. 31, 80636 Munich; hereinafter: "Salesforce"). The Salesforce Commerce Cloud (formerly Demandware) is a cloud-based B2C platform for managing our online shop. This includes providing the shop system, optimizing for mobile devices, and personalizing the shopping experience. In doing so, data such as order history, shopping carts, and interaction data are processed. To manage existing and potential customer contacts and to organize sales and communication processes, we consolidate customer data in the Salesforce Cloud. We use the Salesforce Einstein service for image recognition and natural language processing. This helps us to refine search queries, automate content, and offer you personalized product suggestions. When using Salesforce services, it cannot be ruled out within the scope of technical processes that (personal) data is stored on servers of Salesforce, Inc. in the USA in this context and that US security authorities may gain access to the data. However, Salesforce, Inc. is an active participant in the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection. In addition, Salesforce has adopted Binding Corporate Rules (BCRs) to ensure the protection of personal data even during transfers within the Salesforce corporate group. You can access these rules online at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf. The use of Salesforce services takes place on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interests lie in the efficient management of our customer relationships, the provision of a secure and high-performance online shop, and the continuous optimization of our service offerings. Further information on data processing by Salesforce can be found at https://www.salesforce.com/de/company/privacy/.

Cookies are also used when using Salesforce. The legal basis for the use of cookies is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting other preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected. [HM5]

3.9 Bloomreach

For our online offering, we use the Bloomreach service of Bloomreach Inc., 700 E El Camino Real 130 Mountain View, CA 94041, USA. Bloomreach is a cloud-based e-commerce experience platform and a B2B service specializing in marketing automation, product search, and content management systems. We use Bloomreach to centralize, consolidate, and store customer data. This increases transparency across various customer touchpoints throughout the customer journey and creates a database for the targeted, personalized implementation of further customer service measures.

The personal data processed by Bloomreach as well as the content of the online offering are stored on Bloomreach servers. Processed personal data may include information such as names, contact details, job titles, account credentials, billing information, IP addresses, device and browser data, location data, online activities, interaction and transaction history, user preferences, and other data provided directly by you or collected during your visit to our website. Among other things, they can be used to determine the content of the online offering relevant to the user and to analyze and evaluate user behavior. It cannot be ruled out that data is transferred to the USA in this context and that US security authorities may gain access to the data. All data processed in this context is used exclusively for the processing purposes stated by us. The use is based on our legitimate interests in accordance with Art. 6(1)(f) GDPR; which arise from the processing purposes in this respect. Further information on data protection at Bloomreach can be found at: https://www.bloomreach.com/de/legal/privacy.

Cookies are also used when using Bloomreach. The legal basis for the use of cookies is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser. Otherwise, the collected data will be stored until you request us to delete it, or you delete the cookies set by Bloomreach yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.[HM6]

3.10 Use of SAP Emarsys (Scarab Research)

For our online offering, we use the service of SAP Emarsys (Scarab Research), a company of Emarsys Interactive Services GmbH (Stralauer Allee 6, 10245 Berlin), which belongs to the SAP Group. This service is used to analyze user behavior in order to optimize our website and display personalized content and product recommendations (so-called recommendation engine). Pseudonymized data about your interactions with our website (e.g., viewed products, cart content) are collected and evaluated.

As part of this service, cookies are stored on your device. This includes, in particular, the Scarab Research control cookie, which is used in connection with the website's Content Delivery Network (CDN). This cookie is used for technical control and the efficient delivery of personalized content via the CDN, as well as identifying visitors across different sessions. Data processing takes place based on your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this. Further information on data processing by SAP Emarsys can be found in the Emarsys privacy policy at https://emarsys.com/de/privacy-policy/ and in the general SAP privacy notices at https://www.sap.com/germany/about/legal/privacy.html.[HM7]

3.11 Prismic

On our online offering, we use the Prismic service of New Prismic SAS (9, Rue de la Pierre Levée, 75011 Paris, France; hereinafter: "Prismic"). Prismic is a cloud-based Headless Content Management System (CMS) including a Content Delivery Network (CDN) that helps us efficiently manage content and deliver it quickly across various digital channels.

By using Prismic, the presentation layer of our website is separated from content management, allowing central and high-performance delivery of content. Technical data such as your IP address as well as device and browser information are processed to correctly deliver the requested content. The use of Prismic is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interests lie in the stable, fast, and cross-media provision of our website content and an efficient administration of our content workflow. Further information on data protection at Prismic can be found at https://prismic.io/legal/privacy.

Cookies are also used when using Prismic, enabling us to recognize your browser and optimize the use of provided features. The legal basis for using these cookies is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this[HM8].

3.12 Use of Minubo

In our online offering, we use the Minubo service of minubo GmbH, Schwanenwik 24, 22087 Hamburg. Minubo primarily supports us in the statistical evaluation of key e-commerce metrics such as order values, orders, returns, cancellations, and other customer data. For this purpose, Minubo consolidates the (personal) data of our end customers from various sources and third-party services (such as the shop, the ERP or CRM system, or Google Analytics) into a central environment to provide us with statistical evaluations for the economic management of our company in a clear format. The use is based on our legitimate interests according to Art. 6(1)(f) GDPR, which consists of analyzing and optimizing our online offering to improve our profitability.

Minubo also uses cookies and other browser technologies for this purpose. The legal basis for the use of cookies by Minubo is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser. Otherwise, the collected data will be stored until you request us to delete it, delete the cookies set by Minubo yourself, or the purpose for data storage no longer applies, whereby mandatory statutory retention periods remain unaffected.

Further details can be found in the privacy policy of minubo GmbH at: https://www.minubo.com/de/datenschutzerklaerung.[HM9]

3.13 Retargeting and Remarketing

Retargeting or remarketing refers to technologies where users who have previously visited a certain website are still shown relevant advertisements after leaving that website. For this, it is necessary to recognize internet users beyond the respective website, for which cookies of the corresponding service providers are used; furthermore, previous user behavior is taken into account. For example, if a user views certain products, these or similar products can later be shown to them as advertisements on other websites. This is personalized advertising adapted to the needs of individual users. For this personalized advertising, it is not necessary to identify the user beyond recognition. Therefore, the data used for retargeting or remarketing is not merged with other data by us.

We use such technologies to place ads on the internet. To place these ads, we rely on third-party providers. Among other things, we use offerings from Google that enable an automatic display of products interesting to the internet user. This function is implemented via cookies. It cannot be ruled out that in the course of this process, data is transferred to Google in the USA and that US security authorities may gain access to the corresponding data.

Further information about this technology can be found in the Google Privacy Policy at https://policies.google.com/privacy?hl=de. The installation of cookies for Google Remarketing and Google AdWords Conversion Tracking can be completely prevented from the outset by adjusting the respective browser software by visiting the website http://www.google.com/policies/privacy/ads/ and changing the appropriate setting. Regardless of the above options to prevent data processing using cookies in connection with Google Remarketing and Google AdWords Conversion Tracking, the use of corresponding cookies or these services by us is subject to your explicit consent.

3.14 Affiliate Marketing

As part of our online offering, we also use affiliate marketing. This is an online-based sales form where providers of other online offerings (often called "merchants" or "advertisers") link to our online offering. If the referral leads to a page view or a purchase in our online offering, a remuneration can be paid as a click or sale commission. For affiliate marketing, we work with a service provider.

The service provider uses cookies to track activities. The tracking cookie does not store any personal data; it only stores an identification number of the affiliate, i.e., the partner mediating the potential customer, and an order number. The purpose of storing this data is to process commission payments. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR.[HM10] Consent once given can be revoked at any time with effect for the future, in particular by changing the selected settings.

3.15 Google Maps

We use the Google Maps map service for our online offering. Google Maps is a service provided by Google. Only technically necessary cookies are set for the maps integrated into our online offering.

To comply with data protection regulations, the terms of use for the map service contain data protection regulations that serve to protect you. Google's terms of use for the map service can be found at https://www.google.com/intl/de_US/help/terms_maps.html, general explanations from Google regarding data protection are available at https://policies.google.com/privacy?hl=de&gl=de.

The legal basis for the integration of the map service is Art. 6(1)(f) GDPR; our legitimate interest lies in providing map material for your orientation. Our legal basis for setting cookies in connection with the use of Google Maps is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected[HM11].

3.16 Use of Web Fonts

For our online offering, web fonts from the providers Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and Adobe (Adobe Systems Software Ireland Limited: 4-6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland) are used as external fonts. The integration of these web fonts is done via a server call, usually a server from Google or Adobe. Through this, it is transmitted to the server which of our web pages you have visited. The IP address of the browser of the visitor's end device is also stored by Google or Adobe. It cannot be ruled out that data is transferred to the USA in this context and that US security authorities may gain access to the data. Further information on data processing by Google or Adobe can be found in the privacy notices of Google and Adobe, which you can access here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

www.adobe.com/de/privacy/policies/typekit.html

The legal basis for the integration of web fonts is Art. 6(1)(f) GDPR; our legitimate interest is the optimization of our online offering[HM12].

3.17 Use of YouTube

YouTube videos are integrated into our online offering, for the playback of which we use a plugin from the YouTube service operated by Google (hereinafter: "YouTube"). The operator of the service is Google. We use the YouTube service in extended privacy mode to protect your privacy as well as possible. When you visit a page of our online offering where a YouTube video is embedded, Google initially only receives the information necessary for integration, and no cookies for usage analysis are set. Only when you play the embedded video does Google receive further information; Google may also set cookies to analyze your user behavior. When the video is played, Google's YouTube servers are informed, for example, from which page of our online offering you are playing the video.

If you are logged into your Google account, you enable Google or YouTube to associate your surfing behavior directly with your personal Google profile. We therefore recommend that you only play embedded YouTube videos if you agree with the associated data processing by Google. You can prevent data association with your Google profile by logging out of your YouTube account. Further information on the handling of user data can be found in Google's privacy policy at https://www.google.de/intl/de/policies/privacy/, which also applies to YouTube.

We use YouTube so that we can show you videos and thus inform you better about us and our services. The legal basis for embedding the videos is our legitimate interest within the meaning of Art. 6(1)(f) GDPR; however, the playback of the videos and the associated further data processing only take place on the basis of your consent within the meaning of Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this[HM13].

3.18 Embedding of Videos via bunny.net

Videos are integrated into our online offering via the bunny.net service using the native video player or an iframe. The operator of the service is BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia (hereinafter: "Bunny").

When you access an internet page of our online offering on which a video is integrated via Bunny, a connection to Bunny's servers is established. The video or the content of the iframe is transmitted by Bunny directly to your browser and integrated into the page. The server is informed, for example, which internet pages of our online offering you have visited. If you interact with the video, this information is also transmitted to Bunny's servers.

Further information on data protection at Bunny can be found in Bunny's privacy policy at https://bunny.net/privacy/.

We use Bunny so that we can show you videos and inform you about us and our services. The legal basis for embedding the videos is our legitimate interest within the meaning of Art. 6(1)(f) GDPR.[HM14]

3.19 Use of Syte.AI

To facilitate the product search for similar products, we use Syte.AI. This is a service of Syte Visual Conception Ltd., 20 Haharash street, Tel Aviv, 6761310 Israel (hereinafter: "Syte").

If you use the search function for similar products in our webshop and select a specific product, Syte analyzes the product you have selected regarding its shape and appearance. Subsequently, products with similar visual characteristics are suggested to you. In order to offer this service, Syte must use your IP address. If you do not wish to use the service, your data will not be transferred to Syte.

The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future, for example by adjusting the cookie settings in your browser or setting preferences in our cookie consent tool. Otherwise, the collected data will be stored until the purpose for data collection no longer applies or you request us to delete it. Mandatory statutory retention periods remain unaffected by this[HM15].

4 Order Processing

We use your personal data for orders only within our company and affiliated companies, as well as with the companies commissioned to process orders.

4.1 Storage and Data Transfer for Orders

For order processing, we work with various companies that are responsible for payment processing and logistics. We ensure that our partners also comply with data protection regulations. For example, we pass on your address data (name and address) to the respective transport company that delivers the ordered products to you. The legal basis for this is Art. 6 (1)(b) GDPR. The processing of your personal data is necessary to fulfill the contract with you.

The data will be stored by us as long as it is necessary to fulfill the contract. Furthermore, we store this data to fulfill post-contractual obligations and due to commercial and tax law retention periods for the legally prescribed period. This retention period is usually 10 years at the end of the respective calendar year.

4.2 Payment Processing for Orders, PayPal

Depending on the chosen payment method, payment processing for orders may be carried out by engaging a service provider.

When paying by credit card, your necessary data such as name, address, and purchase details are forwarded to the respective credit card company.

When paying via PayPal, you will be redirected to the PayPal website via a link. Your personal data will be processed. This includes your name, address, email address, possibly phone number, and bank account or credit card data. Please note the General Terms and Conditions, Terms of Use, and Privacy Principles of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg on the website www.paypal.com.

As a precaution, we point out that PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or "purchase on account" via PayPal. Your payment data will be exchanged with credit agencies based on PayPal's legitimate interests in determining your identity and your solvency pursuant to Art. 6(1)(f) GDPR. The result of the credit check is usually a so-called "score value", which describes your statistical probability of payment default and is used by PayPal to decide whether and, if applicable, which payment method is offered to you. Further information on the credit check at PayPal can be found at https://www.paypal.com/de/legalhub/paypal/creditchk.

Please note that PayPal also uses cookies and other tracking technologies. These serve to ensure the functionality and security of the payment process as well as for marketing purposes. Data processing is based on your consent pursuant to Art. 6(1)(a) GDPR (this applies in particular to marketing cookies) or based on legitimate interests pursuant to Art. 6(1)(f) GDPR (such as ensuring technical functionality, but especially also for fraud prevention). If you use PayPal, you always have the option to adjust your selected cookie preferences at PayPal under https://www.paypal.com/myaccount/privacy/cookiePrefs?locale=de_DE. PayPal account holders can also turn off personalized advertising in the "Data & Privacy" section or revoke any consent given by you (e.g., for marketing cookies) with effect for the future. Further information can be found in PayPal's statement on cookies and other tracking technologies at https://www.paypal.com/de/legalhub/paypal/cookie-full.

If you select a Klarna service for payment, your necessary data, in particular name, contact data, and other identification information as well as payment information and credit details, will be forwarded to and processed by Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden ("Klarna"). Information on data protection at Klarna can be found at https://www.klarna.com/de/datenschutz/ and https://www.klarna.com/international/privacy-policy/.

For a purchase on account, a credit check is carried out as part of the ordering process, about which we provide more detailed information below. In the case of a positive credit check, you will receive the corresponding invoice from our service provider, which can be paid by you via bank transfer to our account. If you pay in advance, no assessment by service providers takes place; shipping takes place after receipt of payment.

The legal basis for payment processing is Art. 6 (1)(b) GDPR. The processing of your personal data is necessary to fulfill the contract with you, whereby the payment method can be freely chosen by you.

4.3 Credit Check

Depending on the chosen payment method, a check of your creditworthiness may be necessary. In this case, subject to your consent to the credit check, we use external service providers to whom we transmit your data (name, address, date of birth, order value). We transmit the data for this purpose to REAL Solution Factoring GmbH, Normannenweg 32, 20537 Hamburg[HM16].

The legal basis for the credit check is Art. 6(1)(a) GDPR. If you do not wish to give your consent to the credit check, you may have to select another payment method.

As part of the credit check, an assessment is obtained regarding the probability of default with regard to our claim from the order. We exclusively receive a probability value (score value) from our service provider, but no further details. Based on this value, we then evaluate whether the desired payment method can be offered. After completion of the check, the score value is deleted by us and is not stored as part of the order data. It is therefore also not possible for us to subsequently evaluate why, for example, a certain payment method was not possible.

5 Customer Account

You can create a customer account for our online offering on a voluntary basis. In the customer account, all information about your person and the use of the various offers are managed centrally. In this way, you have the opportunity to manage, update, and, if necessary, delete all data. The legal basis for processing the data for registration, given consent, is Art. 6(1)(a) GDPR. Insofar as you register with us for the fulfillment or initiation of a contract, the legal basis for processing the data is additionally Art. 6(1)(b) GDPR.

5.1 Registration for the Customer Account

You can register online for the customer account. To create the customer account, only the provision of your name, an email address, and securing via a password are necessary. We reserve the right to offer other options for registration in addition to registration via the online offering, for which the regulations apply accordingly.

To use the full range of functions of the customer account, it may be necessary to verify the email address provided during registration. For this purpose, we will then send a confirmation link to the email address provided, which must be accessed by you. This procedure serves on the one hand for the security of your data, and on the other hand also to ensure communication regarding services, delivery status, or payment situation to a valid email address.

5.2 Collection of Data via the Customer Account

All data on the use of the online offerings is stored in the customer account insofar as you log in with your customer account. This includes in particular personal data (name, age, addresses, delivery and payment information), vouchers, wish lists, purchase history, communication history, search and navigation behavior, consent to individual services (e.g., newsletter), discount affinity, and information about main interests provided explicitly or implicitly by the customer. We can create segments from this data and assign customers to these segments. Membership in such segments is also stored in the customer account. Location-based data such as your delivery addresses or your location will be stored – provided you have given your consent for this.

Your current location may be used to provide you with location-based offers. If you do not want the data to be stored in your customer account in individual cases, you can use the respective offers without using your customer account. If you want to stop storing data in the customer account altogether, you can have your customer account deleted.

5.3 Social Login

We offer you the opportunity to use your existing profile on the social networks Meta (formerly Facebook; Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA) and Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) for registration and login to our online offering. For this purpose, you can click on the corresponding symbols of Facebook or Google during registration or login. By clicking on the respective symbol, a new window opens in which you can log in to the respective provider. You will also be informed there about which data will be forwarded for authentication and for registration or login. Based on your consent, it is also possible that further data from your profile will be passed on to us. This data (such as your age or your "Like" behavior) is then used by us to optimize our offers, including adapting our offers to your interests. The legal basis for data processing is your consent according to Art. 6(1)(a) GDPR.

To perform the authentication, a connection is established between your device and the servers of the respective provider. Through this, the provider learns in particular your IP address, and possibly other information about your device. We have no influence on the data processing by the provider in this regard. The privacy policies of the respective provider apply here at http://www.facebook.com/policy.php or https://policies.google.com/privacy.

5.4 Use of Data from the Customer Account

We use the stored data to process the joint business relationship and – if appropriate consent is given – to present you with interesting and relevant offers via all communication channels you use. Based on the stored data, we try to determine which offers are relevant to you.

We will contact you within the scope of the business relationship via the contact details provided when you use individual services. For example, you will automatically receive order notifications or information on the delivery status; we inform you according to your chosen preferences. Contact can be made by email, via messages on your smartphone, or via other digital communication channels. In addition, you can choose optional communication channels and occasions; this includes in particular special newsletters and app messages.

5.5 Storage Duration and Deletion

The data generated when using the customer account is generally stored for the duration of the existence of the customer account but can also be deleted prematurely upon request. Much of the data can be viewed directly online and – except for the email address – changed or deleted. You can delete your customer account at any time by notifying us of your wish to delete it, for example via the general contact form. In the event of immediate deletion, the data may not be able to be restored later in the event of renewed registration. [HM17]

6 Communication with Us

You can contact us in various ways, including via the contact form on our website. We are also happy to inform you regularly via our email newsletter.

6.1 Contact Form

Insofar as you wish to use the contact form in our online offering, we collect the personal data you provide in the contact form for this purpose, in particular your name and email address. We also store the IP address as well as the date and time of the request. We process the data transmitted via the contact form exclusively for the purpose of being able to answer your inquiry or concern.

You can decide for yourself what information you transmit to us via the contact form. The legal basis for the processing of your data is your consent pursuant to Art. 6(1)(a) GDPR.

After the matter has been processed by us, the data will initially be stored in the event of any follow-up questions. Deletion of the data can be requested at any time; otherwise, deletion occurs after the matter has been completely resolved; statutory retention obligations remain unaffected.

6.2 Newsletter

The dispatch of the CAPRICE newsletter is carried out by Wortmann Fashion Retail GmbH & Co. KG, Klingenbergstraße 1-3, D-32758 Detmold, and Wortmann KG Internationale Schuhproduktionen, Klingenbergstraße 1-3, D-32758 Detmold under joint data protection controllership. The two aforementioned companies can thus send you the CAPRICE newsletter requested by you as part of your consent, either jointly or independently of each other. In accordance with data protection regulations, the two companies have entered into an agreement to demarcate their responsibilities. You can assert your data subject rights, in particular the revocation of the consent given with regard to the dispatch of the newsletter, against either of the two companies and in particular use the contact details provided in this Privacy Policy for this purpose.[HM18]

When you subscribe to our newsletter, your email address is used for our own advertising purposes until you unsubscribe. You will receive regular information by email on current topics as well as emails for special occasions, such as special promotions. The emails can be personalized and customized based on the information we have about you.

For subscription to our newsletter, unless you have given us your consent in writing, we use the so-called double opt-in procedure, i.e., we will only send you a newsletter by email if you have previously expressly confirmed to us that we should activate the newsletter dispatch. We will then send you a notification email and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this email.

When displaying the newsletter and clicking on individual links from the newsletter, information that is automatically transmitted is collected and evaluated. For this purpose, a cookie with an unlimited duration is set when a link from the newsletter is called up for the first time. If the cookie has been deleted in the meantime or if you use another browser, the cookie will be saved again. With the help of the cookie, you are recognized and your user behavior on our websites can be evaluated. The data collected serves to create personal user profiles. In this way, we try to continuously improve the service for you and inform you even more individually about suitable offers and promotions. The links from the newsletter contain a random but unique identification number. We or external service providers acting on our behalf can collect and store this number when you access these links via your computer to retrieve additional information from our website. The number in the links is not merged with your name and other personally identifiable information without explicit consent for this. You can object to the collection and evaluation of the use of links described above by clicking on [Opt-Out-Link]. If you exercise this option, an anonymous opt-out cookie will be stored in your browser, informing about your objection and thereby preventing data collection. The opt-out cookie remains effective in the browser you are using until you delete it with the tools of this browser. However, if you delete the cookie or use another browser or computer, we will no longer be able to recognize that you have declared such an objection. The evaluation of the use of the newsletter and your consent to receive the newsletter are not affected by this.

The legal basis for the processing of your data is your consent according to Art. 6(1)(a) GDPR if you have explicitly registered for the newsletter. Within the framework of legal requirements, it may also be possible that you receive our newsletter from us without explicit consent because you have ordered goods or services from us, we have received your email address in this context, and you have not objected to receiving information by email. In this case, our legitimate interest in the transmission of direct advertising according to Art. 6(1)(f) GDPR is to be regarded as the legal basis.

If you no longer wish to receive any newsletters from us at all, you can revoke your consent once given at any time with effect for the future or object to the further receipt of the newsletter without incurring any costs other than the transmission costs according to the base rates. Simply use the unsubscribe link contained in every newsletter or send a message to us or our Data Protection Officer.

6.3 Review Platforms

If you were satisfied with our performance, you are welcome to review us on the corresponding platforms. Of course, you can also voice justified criticism via the review platforms, but it is usually more useful to contact us directly to clarify the matter.

6.3.1 Use of eKomi

We have provided corresponding links in our online offering to the eKomi platform of eKomi Holding GmbH, Zimmerstraße 11, D-10969 Berlin, which lead directly to the corresponding page and display our current rating. For the display of the current rating, it is technically necessary that the respective content is loaded directly from the respective platform. For the content and external websites of the platform, their privacy terms apply, which can be accessed at https://www.ekomi.de/de/datenschutz/.

We believe that displaying current reviews serves transparency and is in our legitimate interest within the meaning of Art. 6(1)(f) GDPR. If you want to submit a review on the pages of the review platforms or read previous reviews, accessing the linked websites is at the same time the legal basis for the accompanying data processing by the respective provider[HM19].

7 Social Media

In addition to our online offering, we also use various social media channels for transmitting information and communication, to which you will then find links in our online offering. Specifically, we use the social networks Facebook, Pinterest, Instagram, and YouTube. You can recognize the links by the respective provider's logo.

By clicking on the links, the corresponding social media pages are opened, for which this Privacy Policy does not apply. Please refer to the corresponding privacy policies of the individual providers for details on the provisions applicable there; you can find them at:

Facebook: http://www.facebook.com/policy.php

YouTube: https://www.google.de/intl/de/policies/privacy/ (YouTube)

Instagram: https://help.instagram.com/155833707900388

Pinterest: https://about.pinterest.com/de/privacy-policy

Before accessing the corresponding links, no personal information is transmitted to the respective providers. Your access to the linked page is at the same time the basis for data processing by the respective providers.

For our use of the social media channels Facebook, Instagram, and Pinterest, the following notes regarding the associated processing of your personal data also apply.

If you have any questions regarding the use of personal data by us in connection with the use of social media channels, you can contact us and our Data Protection Officer at any time. Insofar as you have general questions about data protection related to social media channels, we would ask you to contact the respective providers directly, whose contact details are provided below.

We would also like to point out here that the Federal Office for Information Security (BSI) provides general information on the safe use of social networks on its website at https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Onlinekommunikation/Soziale-Netzwerke/soziale-netzwerke_node.html.

7.1 Facebook Fanpage

In addition to our own online offering, we also operate a Fanpage on the social network Facebook. Through the Fanpage, we provide information about our activities and offer a channel for communication. The operator of the social network Facebook is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Meta"). In this respect, we rely on the technical platform and services of Meta.

7.1.1 Demarcation of Responsibility

We point out that you use the Fanpage and its functions on your own responsibility, especially with regard to interactive functions such as commenting, sharing, or rating. Alternatively, you can also access the information offered via the Fanpage on our homepage.

Within the possibilities of Facebook, we try to ensure the protection of your privacy and your private data. Insofar as your personal data is processed by us in connection with the visit to the Fanpage, the explanations in this Privacy Policy apply without restriction. Due to the integration of the Fanpage into Facebook's offering, it must also be noted that personal data is simultaneously processed by Meta. When visiting the Fanpage, Meta collects, among other things, your IP address and further information, which may be stored in the form of cookies on the device you are using or in the respective browser. We have no influence on the data processing by Meta; Facebook is not acting as a processor for us under our responsibility. For data processing by Facebook, the guidelines of Facebook – at least according to Meta – apply, which are available at https://de-de.facebook.com/policy.php. We point out that the data collected about you by Meta in this context may also be transferred outside the European Union.

From a data protection perspective, joint controllership by Meta and us must be assumed for the operation of the Fanpage and the evaluation of user data when visiting the Fanpage. In accordance with data protection requirements, we have entered into an internal agreement with Meta to demarcate responsibility.

7.1.2 Facebook Insights

Meta offers Fanpage operators the opportunity to obtain an overview of the use of the Fanpage and its users via the Page Insights functions. Statistical data, in particular, can be accessed and evaluated via Page Insights. We use the data from Page Insights to make the Fanpage as attractive and efficient as possible. For this purpose, Meta provides us with data that Meta itself has generated. Further information on the functionality and responsibility for the Page Insights function is provided by Facebook at https://www.facebook.com/legal/terms/page_controller_addendum.

7.1.3 Messenger

Users who are registered on Facebook also have the option to communicate directly via Facebook Messenger. Insofar as you contact us via Messenger, the data transmitted will be stored and used by us exclusively for answering your inquiry. The legal basis for the processing of your data is your consent within the meaning of Art. 6(1)(a) GDPR as well as our legitimate interest within the meaning of Art. 6(1)(f) GDPR. Our legitimate interest lies in recording and processing customer inquiries, evaluating customer inquiries, and controlling abuse.

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. For your personal data, this is the case when the respective conversation has ended. For us, the conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified. You always have the option to revoke your consent to the processing of personal data; in this case, the data will be immediately deleted by us if there is no basis for further storage.

7.1.4 Further Information on Facebook

If you have any questions regarding the use of personal data by us in connection with the use of the Facebook Fanpage, you can contact us and our Data Protection Officer at any time. The contact details and communication channels are explained in our Privacy Policy. Insofar as you have questions about data protection at Facebook, we would ask you to contact Meta directly.

7.2 Instagram Account

We also have an account on the social network Instagram. Through the Instagram account, we provide information about our activities through our own publications and offer another channel for communicating with us. The social network Instagram is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Meta").

Please keep in mind that you use Instagram and its functions on your own responsibility, especially with regard to interactive functions such as commenting, sharing, or rating.

7.2.1 Data Protection Responsibility

Within the possibilities of Instagram, we try to ensure the protection of your privacy and your private data. Insofar as your personal data is processed by us in connection with visiting the Instagram account, the explanations in this Privacy Policy apply without restriction. Due to the integration of the account into Meta's offering, it must also be noted that personal data is simultaneously processed by Meta. When calling up our Instagram content, Meta collects, among other things, your IP address and further information, which may be stored in the form of cookies on the device you are using or in the respective browser. We have no influence on the data processing by Instagram; Meta is in particular not acting as a processor for us under our responsibility. For data processing by Facebook, the guidelines of Meta – at least according to Meta – apply, which are available at https://www.facebook.com/help/instagram/155833707900388. We point out that the data collected about you by Meta in this context may also be transferred outside the European Union.

From a data protection perspective, two separate responsibilities of Meta and us must be assumed for the operation of the account on Instagram and the associated communication and evaluation possibilities. Insofar as your personal data is processed by us in connection with your visit to our Instagram presence and we alone decide on the purposes and means of this data processing, we are responsible for this data processing. This is usually the case if you communicate directly with us via the "Instagram Direct Messaging" function and transmit your data to us in the process. Insofar as your personal data is processed by Meta and Meta alone decides on the purposes and means of data processing, Meta alone is responsible for this data processing. This applies in particular to the evaluation of user behavior by Meta for its own purposes.

7.2.2 Instagram Insights

Meta offers operators of Instagram accounts the opportunity to obtain an overview of the use of the account and its users via the "Instagram Insights" function. Statistical data, in particular, can be accessed and evaluated via Instagram Insights. We use the data from Instagram Insights to make the Instagram account as attractive and efficient as possible. For this purpose, Meta provides us with data that Meta itself has generated under its own responsibility. The data we receive from Meta are mostly anonymized data and statistics. Insofar as we receive personal data in this context, we are responsible for our further processing of this data for evaluating the use of our Instagram account.

Further information on Instagram Insights is provided by Meta at https://help.instagram.com/1533933820244654.

7.2.3 Instagram Direct Messaging

On Instagram, you have the option to communicate directly with us via the "Instagram Direct Messaging" function. Insofar as you contact us via the Instagram Direct Messaging function, the transmitted data will be stored and used by us exclusively for answering your inquiry. The legal basis for the processing of your data is your consent within the meaning of Art. 6(1)(a) GDPR as well as our legitimate interest within the meaning of Art. 6(1)(f) GDPR. Our legitimate interest lies in recording and processing customer inquiries, evaluating customer inquiries, and controlling abuse.

7.2.4 Further Information on Instagram

If you have any questions regarding the use of personal data by us in connection with the use of our Instagram account, you can contact us and our Data Protection Officer at any time. The contact details and communication channels are explained in our Privacy Policy. Insofar as you have questions about data protection at the social network Instagram offered by Meta, we would ask you to contact Meta directly.

7.3 Pinterest Profile

We also have an account on the social network Pinterest. Through the account, we provide information about our activities and offer another channel for communication. The social network Pinterest is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter: "Pinterest"). We point out that you use the social network and its functions on your own responsibility. This applies in particular to the use of interactive functions.

7.3.1 Processing of Personal Data

The data collected about you during the use of the service is processed by Pinterest and may be transferred to countries outside the European Union. The processed data includes, among other things, data voluntarily provided by you, such as name, username, email address, and phone number, the content you create, upload, or receive, such as photos and videos, your IP address, information on the device you use, information on visited websites and content, as well as your location. We have no influence on the type and scope of data processed by Pinterest, the type of processing and use, or the transfer of this data to third parties. Information on what data is processed by Pinterest and for what purposes it is used can be found in Pinterest's privacy policy at https://policy.pinterest.com/de/privacy-policy.

We process the data you enter on Pinterest, in particular username and the content published under your account, to the extent that we may include your posts in our offering by pinning or linking them or by writing posts ourselves that refer to your account. The data freely published and distributed by you on Pinterest is thus included in our offering and made accessible to our followers.

You have options to restrict the processing of your data in the general settings of your Pinterest account. In addition, on mobile devices, you can restrict Pinterest's access to your data in the settings options. However, this depends on the operating system used.

7.3.2 Pinterest Analytics

Pinterest offers operators of Pinterest accounts the opportunity to obtain an overview of the use of the account and its users. Statistical data, in particular, can be accessed and evaluated via the analytics functions. We use the data to make the Pinterest account as attractive and efficient as possible. For this purpose, Pinterest provides us with data that Pinterest has generated under its own responsibility. The data we receive from Pinterest are mostly anonymized data and statistics. Insofar as we receive personal data in this context, we are responsible for our further processing of this data for evaluating the use of our Pinterest account. Further information on this is provided by Pinterest at https://business.pinterest.com/de/analytics-and-measurement.

7.3.3 Messenger

On Pinterest, you have the option to communicate directly with us via the Messenger. Insofar as you contact us via this function, the transmitted data will be stored and used by us exclusively for answering your inquiry. The legal basis for the processing of your data is your consent within the meaning of Art. 6(1)(b) GDPR as well as our legitimate interest within the meaning of Art. 6(1)(f) GDPR. Our legitimate interest lies in recording and processing customer inquiries, evaluating customer inquiries, and controlling abuse.

7.3.4 Further Information on Pinterest

If you have any questions regarding the use of personal data by us in connection with the use of the Pinterest account, you can contact us and our Data Protection Officer at any time. The contact details and communication channels are explained in our Privacy Policy. Insofar as you have questions about data protection at Pinterest, we would ask you to contact Pinterest directly.

8 Your Rights and Contact

We attach great importance to explaining the processing of your personal data as transparently as possible and to informing you about your rights. If you would like more information or wish to exercise your rights, you can contact us at any time so that we can take care of your concern.

8.1 Data Subject Rights

You have extensive rights regarding the processing of your personal data. First of all, you have a comprehensive right of access and can request the rectification and/or erasure or blocking of your personal data if necessary. You can also request a restriction of processing and have a right to object. With regard to the personal data you have provided to us, you also have a right to data portability.

If you wish to assert any of your rights and/or receive further information about them, please contact our customer service. Alternatively, you can also contact our Data Protection Officer.

8.2 Withdrawal of Consent and Objection

Consent once given by you can be freely revoked at any time with effect for the future. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. Contacts for this are also our customer service and our Data Protection Officer.

If the processing of your personal data is not based on consent but occurs on another legal basis, you can object to this data processing. Your objection leads to a review and, if necessary, termination of data processing. You will be informed of the result of the review and – if data processing is to be continued nevertheless – you will receive further information from us on why data processing is permissible.

8.3 Data Protection Officer and Contact

We have appointed an external Data Protection Officer who supports us in data protection matters and whom you can also contact directly. For questions regarding our handling of personal data or further information on data protection topics, our Data Protection Officer and his team are at your disposal:

Attorney at Law Dr. Sebastian Meyer, LL.M.
c/o BRANDI Rechtsanwälte
Adenauerplatz 1, 33602 Bielefeld
Phone: 0521 / 96535-812
Email: dataprotection@wortmann-retail.com

If you wish to contact our Data Protection Officer personally via email, you can also reach him at sebastian.meyer@brandi.net.

8.4 Complaints

If you believe that our processing of your personal data is not in accordance with this Privacy Policy or applicable data protection regulations, you have the right to lodge a complaint with the supervisory authority. You can also complain to our Data Protection Officer. The Data Protection Officer will then review the matter and inform you of the result of the review.

9 Further Information and Changes

9.1 Links to Other Websites

Our online offering may contain links to other websites. These links are usually marked as such. We have no influence on the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that you also inform yourself about the respective privacy policies on other websites.

9.2 Changes to this Privacy Policy

We reserve the right to change this Privacy Policy at any time with effect for the future. A change is made in particular in the event of technical adjustments to the online offering or changes in data protection requirements. The currently valid version of the Privacy Policy can always be accessed directly via the online offering. We recommend that you inform yourself regularly about changes to this Privacy Policy.

Status of this Privacy Policy: February 2026