Privacy Statement Online Shop
Online shop privacy notice
We are happy to see you on our online shop and pleased to see your interest in our products. Esprit would like you to feel comfortable when using our websites and our app, and feel secure about the confidentiality of your data. Data protection is part of the corporate philosophy of Esprit. Therefore, we consider transparency in the handling of the data of our customers to be extremely important. We would like to inform you below on which personal data we collect, for which purposes we process your personal data and which rights you are entitled to.
Pursuant to Art. 4(1) of the General Data Protection Regulation (hereinafter: GDPR), personal data is all information which refers to an identified or identifiable natural person. A natural person is considered identifiable, when able to be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, to a code number, to location data, to an online code or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.
Short overview
A. General information
I. Name and address of the Controller
II. Contacting the Data Protection Officer
B. Data-processing operations
I. Provision of website
II. Use of cookies
III. Data processing in the event of the use of our online shop
IV. Newsletter
V. Contact form, live chat and email contact, reporting faults
VI. Registration as an Esprit Friend
VII. Store Finder
VIII. Product reviews and customer satisfaction surveys with Medallia
IX. Customer surveys with Qualtrics
X. Processing of data for the purpose of booking a personal shopping appointment
C. Your data-privacy rights
D. Disclosure to third parties
E. Version
A. General information
I. Name and address of the Controller
The controller for the online shop according to the GDPR and other national data protection regulations of the member states, as well as additional data protection regulations, is:
Esprit Retail B.V. & Co. KG
Esprit-Allee 1
40882 Ratingen
Germany
Phone:
Bulgaria: 02 448 7251 (landline)
Croatia: 01 777 6227 (landline)
Estonia: 068 670 47 (landline)
Greece: 021 11 98 75 51 (landline)
Hungary: 01 999 3404 (landline)
Ireland: 01 54 100 62 (landline)
Latvia: 066 1551 91 (landline)
Lithuania: 0520 52 690 (landline)
Luxembourg: 028 261 460 (landline)
Malta: 0277 81 424 (landline)
Portugal: 021 555 33 17 (landline)
Romania: 031 22 95 404 (landline)
Slovakia: 02 333 252 85 (landline)
Slovenia: 01 777 29 60 (landline)
E-Mail: service@esprit.eu
II. Contacting the Data Protection Officer
Our Data Protection Officer can be contacted at
B. Data-processing operations
I. Provision of website and app
1. Description and scope of data processing
Where the website or app is used purely for informational purposes, i.e. when you do not register or provide us with further information, we collect only that information which your internet browser or app sends to our server when you access our website:
• IP address (as appropriate, in an anonymous, shortened form)
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (actual page)
• Access status/HTTP status code
• Data volumes transmitted
• Website from which the request emanates
• Browser type or app used
• Operating system and its interface
• Language and version of the browser software
The data are also stored in the log files of our system. A storage of these data together with other personal data will not take place. The data of the server log files are stored separately from other personal data entered.
2. Purpose and legal basis of the data processing
If you would like to view our website or use our app, we will collect the data stated under 1. as they are necessary from a technical point of view in order to display our website to you and to guarantee the stability and security of the system. The storage in log files is carried out in order to ensure the functionality of the website and of the app. Moreover, the data serve to optimize the website and app, and to ensure the security of our IT systems. Our legitimate interest in the data processing is also based on these purposes according to Art. 6(1f) GDPR.
3. Duration of storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. In the event of the entry of the data for the provision of the website, this is the case if the respective session is ended, i.e. if you leave our website.
4. Options to object and to have data removed
The entry of the data for the provision of the website and app, and the storage of the data is absolutely essential for the operation of the website. There is therefore no possibility for the user to use the website or app without such processing of data.
II. Use of cookies
1. Description and scope of data processing
We would also like to tailor our services as individually to the user as possible in the future, and consistently improve them in order to be able to offer interesting information and an optimal purchasing experience for you. Therefore, we use cookies. Cookies are small text files, stored on your hard disk drive as allocated by your internet browser, and via which certain information is received. This type of cookie contains a characteristic string, which enables a clear identification of the internet browser when the website is accessed once again. Cookies cannot execute any programs or transmit viruses to your computer. We use cookies in order to make our website more user-friendly in design. If you would not like to receive any cookies, you can configure this accordingly via the settings of your internet browser. However, please note that certain cookies are necessary in order to use all functions of our website. If you use our app, the latter identifies the respective user using cookies.
We use both session cookies, which are only in use for the duration of an online visit, as well as those, which are used in the long term. In particular, long-term cookies are used in order to be able to provide you, the customer, with permanently recurring settings in the online shop, such as information individually tailored to your needs, in order to improve ease of use and to present you with personalized offers based on your previous purchases.
We use the following types of cookies, the scope and functionality of which are explained below:
• Transient cookies (see “a”)
• Persistent cookies (see “b”).
a) Transient cookies
Generally, transient cookies – including, in particular, “session cookies” – are automatically deleted when you close your internet browser, or when a session has expired. These cookies store a so-called session ID, with which various inquiries of your internet browser can be allocated to the joint session. In this way, your computer can be recognized again if you return to our website. The session cookies are as a rule deleted when you log out or close the internet browser. The following data is stored and transmitted via session cookies:
• Language settings
• Any log-in information
• Visitor ID
• Time stamp with the start and end of the current session.
b) Persistent cookies
Persistent cookies are deleted automatically after a stipulated duration, which can make a distinction depending on the cookie. You can delete or deactivate the cookies in the security settings of your internet browser at all times, as determined by you. For the needs-based design and for the optimization of our websites, data are entered and stored and usage profiles are created from these data by using pseudonyms. Usage profiles are, however, not aggregated with the data about the holder of the pseudonym without the explicit consent of the visitor. When accessing our website, the users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy statement.
Esprit uses the following persistent cookies:
aa) Webtrekk
We use a cookie from the company Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany in order to analyze and evaluate customer usage behavior on our website.
You can object to this data entry and storage at all times with effect for the future. Please click on the following “link”
By confirming the link, a so-called opt-out cookie will be set on your computer. This cookie has a validity of 5 years. Please note that if all cookies on your computer are deleted, this opt-out cookie will also be deleted, i.e. if you continue to intend to object to the data collection using a pseudonym by Webtrekk, you must set the opt-out cookie once again. The opt-out cookie is set via the internet browser and computer. If you visit our websites from your home and from your workplace or by using different internet browsers, you must activate the opt-out cookie on the different internet browsers or on the various computers.
However, this may lead to some website functions no longer being usable.
bb) Adclear
We use a cookie from the company AdClear GmbH, Torstrasse 106, 10119 Berlin, Germany in order to analyse and evaluate customer usage behavior on our website.
You may opt out of AdClear’s campaign tracking. To do so, an “adclearoptout” cookie can be set from our website domain. This opt out will apply until and if you delete the cookie. The cookie is set for the specified domain, for each internet browser and user of a computer. If you access our website from several devices and internet browsers, you must then object to the collection of your data separately on each device and internet browser.
In order to opt out of AdClear’s data collection, please click HERE
cc) New Relic
We continue to use a cookie from New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA.
The New Relic Inc. plugin enables us to undertake statistical evaluations of the speed, availability and performance of the website. Personal data are not processed in this respect. The purpose and scope of data collection, as well as the settings options for protecting the privacy of users, can be seen in the New Relic privacy notices: https://newrelic.com/termsandconditions/privacy.
dd) Criteo
We continue to use the Criteo service on our website: Criteo SA, Rue Blanche, 75009 Paris, France. Thanks to these tools, users who have already visited our website and are interested in our offers, are offered targeted advertisements on other websites which also make use of the Criteo service (“re-marketing”). The integration of this advertising occurs based on information about visits to respective websites, where such information is stored on cookies on your computer. These text files will be read out in the context of subsequent website visits, for the purpose of targeted product recommendations. A randomly generated identification number is stored in the cookie for this reason. It will not be possible to assign this number, nor the information about your website visits, to you personally.
The cookie is generally stored for a maximum period of one year, before being automatically deleted. You can prevent the storage and use of information by the Criteo service by clicking on the following link (http://www.criteo.com/de/datenschutzrichtlinie) and moving the “Opt Out” slider to “ON”. If you select “ON”, a new cookie (an opt-out cookie) will be set in your internet browser. This cookie tells the Criteo service that Criteo may no longer collect or process data about your usage behavior. You have the option of reactivating this feature by sliding to “OFF”. Please note that this setting must be carried out for each internet browser that you use. If all cookies are deleted from your internet browser, then the opt-out cookie is also deleted.
ee) Conversant
In addition, we use the services of Conversant, Inc., 30699 Russell Ranch Road #250, Westlake Village, CA 91362, USA, who collect and store, in anonymized form, our website visitors’ surfing behavior. This is done for marketing purposes, and is based on cookies. Conversant supports us with advertising content on other websites (“publisher”). The data collected is used only to analyse our marketing activities. It is not used for any other purpose, nor disclosed to third parties. You can object to the completely anonymous analysis of your surfing behavior, by clicking on this link for Conversant http://www.conversantmedia.com/opt-out.
ff) Tealium
When you activate the “Shop your favourite products from anywhere by ad.” function on our website, we use the Collect tag from the company Tealium Inc., which places a cookie on your end device for the analysis and evaluation of customer usage behaviour on our website. The Tealium Collect cookie enables us to collect anonymous data about how you interact with our website and which products you are interested in from our online shop. Based on this, we can display advertising banners that are relevant to you in other places on the Internet.
The legal basis for the collection of data in both of the above-mentioned cases is your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time by deactivating the “Shop your favourite products from anywhere by ad.” function in your privacy settings. Please note that withdrawing your consent does not affect the legality of us processing your data based on consent up until the time of your withdrawal.
gg) RTB House
When you activate the “Shop your favourite products from anywhere by ad” function on our website, we will place cookies from the service provider RTB House on your device. This service is provided by RTB House, S.A, 61/101 Złota Street, 00-819 Warsaw, Poland. Using cookies from RTB House enables us to collect anonymous data about how you interact with our website and which products you are interested in from our online shop. Based on the information retrieved from the cookies set by RTB House, we can then provide you with targeted advertisements from websites that also use the service provider RTB House. This is called remarketing.
The legal basis for this data collection is your consent (Article 6(1)(a) GDPR).
You can withdraw your consent at any time by deactivating the “Shop your favourite products from anywhere by ad” function in your privacy settings. Please note that withdrawing your consent does not affect the legality of us processing your data based on consent up until the time of your withdrawal.
If you withdraw your consent by deactivating the “Shop your favourite products from anywhere by ad” function, a new cookie (opt-out cookie) will be set in your Internet browser. This cookie informs the RTB House service that RTB House may not store any personal information about you.
hh) Other website modules
We, Esprit Retail B.V. & Co. KG use cookies on our website for functions that we have developed ourselves.
We use a so-called "Discount Wheel" on the website for certain promotional periods. Here, Esprit Friends can take part in a prize draw by clicking on a button and randomly receive a voucher code as a prize. This module uses the cookie "hasSpun" to store whether participation in the promotion has already taken place. The cookie is only set when you click the button to participate.
2. Legal basis of data processing
The legal basis for the processing of personal data by using cookies is Art. 6 (1f) GDPR.
3. Purpose of data processing
Transient cookies are used in order to simplify the use of our website and app. Several functions of our website and app cannot be offered without the use of cookies. For this it is necessary that the internet browser is also recognized again after a change in site. Transient cookies are therefore used for example, for the functional capability of the shopping basket, the assumption of language settings and the memorizing of search terms.
The use of persistent analysis cookies is carried out for the purpose of personalizing and improving the quality of our website and its contents. From the cookie analysis we find out how the website is used and can so therefore consistently optimize our offer.
The aforementioned purposes constitute our legitimate interest in the processing of the personal data according to Art. 6(1f) GDPR. Without your consent a collection of analysis data is merely carried out in an anonymized or pseudonymized form. We cannot recognize your identity from this.
4. Duration of storage; option to object and to have data removed
Cookies are stored on your computer and transmitted by this computer to our website. Therefore, as a user you have also the full control over the use of cookies. By a change in the settings in your internet browser you can deactivate or limit the transmission of cookies. Already stored cookies can always be deleted. This can also be carried out automatically.
Please note that you can set your internet browser so that you are informed about the setting of cookies and can make individual decisions about their acceptance or you can exclude the acceptance of cookies generally or for certain cases. Each internet browser differs in the type, how it manages the cookie-settings. This is described in the help menu of each internet browser, it is explained to you how you can change your cookie-settings. You will find the settings for the respective browser by using the following links:
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Opera: http://help.opera.com/Windows/10.20/en/cookies.html
Please note that if you do not accept cookies, the functionality of our website or our app could be limited.
5. Use of other analytics tools
a) Use of Facebook Pixel – Facebook Remarketing and Conversion Tracking
We use the Facebook tag by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”) on our website. Firstly, this tag is for the purpose of conversion tracking, which allows us to understand how our marketing activities work, which serves the purpose of presenting you product information that is even more relevant in future using the social media network Facebook.
We also use the “Custom Audiences” remarketing function of the Facebook Tag on our website. This remarketing function serves the purpose of targeting visitors to the website with interest-based advertising on the social media network Facebook.
This tag creates a direct connection to the Facebook server when the website is visited. This tells the Facebook server which of our pages you have visited. Facebook allocates this information to your personal Facebook user account, if you have one. When you visit the social media network Facebook, you will subsequently be shown personalised, interest-based Facebook ads.
The legal basis for this data processing is our legitimate interest (Article 6(1)(f) GDPR) in presenting you with product information that is relevant to you.
You have the right to object to your personal data being processed based on Article 6(1)(f) GDPR at any time.
Please also note that Facebook may pursue its own, additional data processing purposes, beyond the purposes we describe here, in connection with providing the Facebook social media network. You can find further information on the collection and use of data by Facebook, on your respective rights and ways to protect your privacy in the data protection information from Facebook at https://www.facebook.com/about/privacy/.
b) Light Reaction
In order to collect statistical data about the use of our website and app, and to optimise our advertising so that it is tailored to your interests and with special offers for you, we use technology from Light Reaction. Our legitimate interest in the processing of the personal data is also constituted in these purposes according to Art. 6(1f) GDPR.
Light Reaction is part of the Xaxis programmatic media group; Xaxis is a company operating globally as part of the GroupM media investment group; GroupM is part of the WPP plc. group. Quisma GmbH is the legal person responsible for the data collected by the business division Light Reaction, contactable at the following address: Light Reaction, c/o Quisma, Rosenheimer Strasse 145D, 81671 Munich, Germany.
This provider processes the following data, amongst other data:
– Technical identifiers, e.g. cookie IDs, mobile advertising ID (e.g. IDFAs and Google Advertising IDs),
– Other technical data such as the IP address and data derived from one IP address (such as inaccurate geolocation data displaying the country, region, town/city and/or postal code of the device), the type of internet browser, the browser language and operating system, the type of connection (wired or wireless), the network via which the device is connected, and the mobile phone service provider (where available), longitude/latitude of (mobile) device
– Data on online activity, such as records of the types of pages visited (in order to determine interests), the page you visited before and after viewing an advertisement, date and time of online activity, frequency of visits to a page, search terms used on a page, interaction with an advertisement (i.e. if a user clicks on an advertisement).
– User data received from third parties (customers and service providers of Light Reaction), such as online and offline user data collected by third parties, data on demographics and interests. In the event that Light Reaction receives offline user data, there will be no names, postal addresses, telephone numbers, email addresses or similar user data included which might enable the identification of a specific person associated with these IDs.
More information on the use and processing of data can be found in Light Reaction’s privacy statement, at http://lightreaction.com/de/policy_new/.
You may object to this data collection and storage at all times, also with effect for the future, by clicking on the “opt-out” button: http://lightreaction.com/de/policy_new/.
c) Pinterest
We use advertising services belonging to the social media network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. In doing so, we book advertisements via what are called pins within Pinterest. If you arrive at one of our advertisements via one of the pins that we have booked, this information will be processed by Pinterest and transferred to us as statistics (conversion). This enables us to obtain a rough idea of how many users have clicked on our pins. However, we do not receive any information that could personally identify the user. Where personal data is processed here, it is done so on the basis of Article 6 Subparagraph 1 Point (f) of the GDPR. You can object to your data being tracked in our privacy settings.
d) Use of the Remarketing or Similar Audiences function from Google Inc.
We use the Remarketing or Similar Audiences function on our website, made by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function serves the purpose of analysing visitor behaviour and interests.
In carrying out this analysis of website use, which forms the basis for the creation of advertisements tailored to visitor interests, Google uses cookies. The cookies allow information on the website visits and anonymised data on website use to be collected. No personal data from the visitors is saved. If you visit another website in the Google Display Network, you will be shown advertisements which are highly probable to reflect the product and information areas you have previously visited.
Your data will also be forwarded to the USA if found to be necessary. Google is certified in accordance with the US-EU Privacy Shield framework and is therefore obliged to comply with European data privacy guidelines.
Processing occurs on the basis of Art. 6 Para. 1 Lit (f) of the GDPR, with the legitimate interest of providing website visitors with targeted advertisements, where website visitors will be shown personalised advertisements tailored to their interests.
You can withdraw your consent at any time.
You can find more information on Google Remarketing and the related data privacy statement on: https://www.google.com/privacy/ads/.
e) Use of Google AdWords conversion tracking
We use the online advertising program “Google Adwords” and conversion tracking. Google conversion tracking is an analysis service developed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad shown by Google, a conversion tracking cookie is saved on your computer. These cookies have limited validity periods, do not contain personal information and cannot be used to identify you. If you visit certain pages on our website and the cookie has not yet expired, Google and we can see that you have clicked on the ad and were redirected to this page. Each Google AdWords client receives a different cookie. It is thus ensured that no cookies can be tracked via the websites of AdWords clients.
Information collected via the conversion cookie serves the purpose of creating conversion statistics. Here we find the total number of users that click on our ads and have been redirected to our website with a conversion tracking tag. We do not receive any information which can be used to identify users. Processing occurs on the basis of Art. 6, Para. 1, Lit (f) of the GDPR with the legitimate interest of providing targeted advertisements and analysing the effect and efficiency of these advertisements.
You have the right to withdraw consent to processing of your personal data based on Art. 6, Para. 1, Lit (f) of GDPR.
You can also block cookies from being saved by choosing the relevant settings in your browser. Please note that you may not be able to use all functions of the website in this case. You will then not be included in conversion tracking statistics.
Furthermore, you can also deactivate personalised advertisements in the Google advertisement settings.
You can find further information and the Google data privacy statement on: https://www.google.de/policies/privacy/.
f) Use Use of Bing ads Universal Event Tracking
On our website, we use technologies from Bing ads to collect and save data, which is then used to create anonymous user profiles. This is a service of the Microsoft Corporation, One Microsoft Way Redmond, WA 98052‐6399, USA. This services allows us to monitor user activity on our website if users have come to our site via Bing advertisements. If you come to our website via one of these advertisements, a cookie will be saved on your computer.
A Bing UET Tag is integrated in our website. This is a code which is used alongside the cookie to save non personal data about use of the website. Information on your personal identity is not collected. Data collected will be transferred to the Microsoft server in the USA and saved for a maximum of 180 days. You can prevent the collection and processing of data on your website use via cookies by by deactivating cookies. The functionality of the website may be affected by this. Microsoft may also monitor your user behaviour across several electronic devices via cross‐device‐tracking. It therefore can display personalised advertisements on Microsoft websites and in Microsoft apps. You can deactivate this function via the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB.
You can find further information on Bing analysis services on the Bing ads website https://help.bingads.microsoft.com/#apex/3/en/53056/2.
You can find further information on data protection at Microsoft in the Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement.
g) Airship
The App is showing the native Push Consent, so by selecting “Receive relevant content and information” the App enables Push and shares Push Tokens with Airship.
The ESPRIT App enables Airship data collection (any feature enabled & In-App automation enabled) and sents following data to Airship:
· Channel ID, Locale, TimeZone, Platform, Opt in state (push and notifications), SDK version, Accengage Device ID (Accengage module for migration), App Version
· In Addition to this following customized fields for Esprit are sent - app_country, app_language, language, country, countryCode, model, login_status
The App enables Analytics, Tags and Attributes, to contact and send the following data to Airship:
· Events, Associated Identifiers, Registered Notification Types, Time in app, App Version, Device model, Device manufacturer, OS version, Carrier, Connection type, Framework usage, Channel and Contact Tags, Channel and Contact Attributes, External IDs (named user)
· In Addition to this following customized fields for Esprit are sent- product_line_preferences
Customized data is enabled according to Login Status:
· The App enables customized data and sents following data to airship – birthdate, card_number, epoints, firstname, friendid, friend_id, friend_level, points_gold, points_platin, postal_code
· In addition to Airship, Data is saved in SFMC
The consents are saved in the App Settings under “Consent settings” so that a user is able to revert this setting if he wants to.
h) Firebase
The App shows the consent for Google Analytics for Firebase (GA4F) SDK, so by selecting “Hilf uns die Esprit App noch besser zu machen!” the App starts to collect basic app-usage data. With the Firebase SDK in place, a number of events are collected automatically.
Default events which will be collected are:
· app_exception
· app_update
· first_open
· os_update
· screen_view
· session_start
The following parameters are collected by default with every event, including custom events.
· Language, page_location, page_referrer, page_title, screen_resolution
Any other data collected for the purposes of measuring technical diagnostics related to the app. We send an event when a user receives an error code from API.
The consents are saved in the App Settings under “Consent setting” so that a user is able to revert this setting if he wants to.
i) Tealium in App
Implemented page view event, based on following code snippet for the following pages (<page description> - <page name value> :
· Homepage - startpage (we track via web view WKScriptMessage, see last bullet point)
· Product Overview Page (PLP) - plp
· Single Product View (PDP) - pdp
· Wishlist - wishlist
· Basket - basket
· Search View
· Scanner View (base view, help view, history view, results view)
· Locale selection view
· Airship inbox view
· Every time we receive event from web view with type trackView (we pass that to tealium) → WKScriptMessage
j) Camera permissions
To protect the privacy of the user, the App requires to get permission from users before accessing their camera. The user must explicitly grant permission for the app to access cameras and microphones. Before the App can use the capture system for the first time, the App shows an alert asking the user to grant access to the camera, as shown below. The App remembers the user’s response to this alert, so subsequent uses of the capture system don’t cause it to appear again. The user can change permission settings for the App in Settings > Privacy.
Requesting Authorization for Media Capture on the App:
· Microphone
· Photo Library
· Camera
III. Data processing in the event of use of our online shop
1. Description and scope of data processing
a) Purchasing from the online shop
When you place an order in the Esprit online shop via our website or app, the following personal data may be collected, processed and used so that we can process your order, along with the information about the items you wish to buy:
• Surname,
• First name,
• Title,
• Addresses for billing and delivery,
• Email address,
• Telephone number (optional),
• Date of birth,
• Customer number,
• payment information
(“Customer master data”).
Your data will be sent to us using the latest in technical safety standards: SSL 256-bit encryption (SSL = Secure Socket Layer) encryption.
So as to ensure the best possible service for our customers, we will pass your personal data on to other companies within the framework of what is legally permissible, where we have deployed such companies as contract processors; we do so exclusively for the sake of the proper fulfillment of the contract, and only to the extent necessary, and ensure that your data is processed only following our instructions.
b) Prevention and detection of misuse
When our online shop is visited, we automatically check whether there are reasons for us to assume that it is being misused. This is done for example by using the purchase contract data (e.g. name, address, email address, delivery address, method of payment and the final digits of your card number). Visitor IDs are also used, each of which may contain anonymous control data from your device (e.g. screen resolution or operating-system version), via which your device can be recognized again on subsequent visits with a certain degree of probability. We commission service providers as contract processors for this checking process. The IP address transmitted for the creation of the Visitor ID is not used for profiling purposes, and is immediately shortened so that no personal reference can be made. Your data for the purchase contract execution are encrypted with a key – known only to us and according to the state of the art, so that the service provider cannot make any personal reference. If misuse is suspected, a member of our team will check the assessment and the underlying evidence. If contract conclusion is rejected, we will inform you thereof, and – upon request – share with you the important reasons for it. If you want to make a statement in this matter you can do so at: service@esprit.eu. The decision will then be re-checked by a member of our team. Your Visitor ID is deleted after five months.
Google reCAPTCHA v3
On our website, we use the reCAPTCHA function by Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland (“Google”). We implement this function in order to determine if input was received from a natural person or improperly from machine and automated sources.This service involves forwarding your IP address and other data required by Google for the reCAPTCHA service to Google and occurs on the basis of our legitimate interest in determining individual wilful intent behind internet activities and avoiding misuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR. When using Google reCAPTCHA, personal data may also be transferred to Google LLC’s servers in the USA. In the event that personal data is transmitted to Google LLC, headquarted in the USA, Google LLC has obtained certification under the US-European data protection convention Privacy Shield, guaranteeing compliance with the level of data protection valid in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.
You can view further information on Google reCAPTCHA and Google’s data privacy policy here: https://www.google.com/intl/de/policies/privacy/.
d) Payment methods
In the context of payment in our online shop, we collect certain personal information from you in order to handle the payment process.
In addition to purchase on account, where we send an invoice to your specified contact address, we also offer various other payment methods, in order to make the experience of shopping in our online shop as convenient as possible. These include the following services:
aa) Payal
We have integrated components of PayPal into our online shop. PayPal is an online payment service provider, independent of Esprit. Payments are processed via PayPal “accounts”, which have virtual private and business accounts. In addition, PayPal offers the option of making payments via credit card, if the user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no “classic” account number. Via PayPal, it is possible to make online payments to third parties, and to receive payments. Furthermore, PayPal can act as a trustee and offers buyer-protection services.
PayPal’s European operator of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.
If you select “PayPal” as a payment method during the ordering process in our online shop, the data on the subject is automatically sent to PayPal. By selecting this payment option, you consent to the transfer to PayPal of personal data required for payment processing.
The personal data transmitted to PayPal usually comprise: first name, surname, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. In order for the processing of the purchase contract, other personal data connected to the respective order are also required.
The data is transmitted for the purpose of payment processing and fraud prevention. In particular, we transmit personal data to PayPal if there is a legitimate interest in transmission. The data exchanged between PayPal and us may, in certain circumstances, be transmitted by PayPal to credit agencies. Such transmission is for the purpose of checking identity and credit rating.
PayPal may pass on the personal data, if necessary, to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of the contractual obligations, or if the data are to be processed on PayPal’s behalf.
You have the option of revoking consent to PayPal handling your personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for the purpose of (contractual) payment-processing.
PayPal’s applicable privacy provisions can be retrieved at https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
bb) Payment by credit card
We will also continue to offer you the option of paying by credit card. In this case we will transfer your data to the service provider Computop Wirtschaftsinformatik GmbH, who will check with the respective credit institutions (Visa, Mastercard etc.) that your payment data is correct. Your credit card will be charged via a payment form from Computop’s PayGate payment platform. Computop is a manufacturer of software enabling secure payments for banks and leading service providers. As a partner of the credit services sector, Computop undergoes regular security certification. Computop meets the PCI Security Standard, so you can pay securely online. http://www.computop.com/uk/solutions/online-payments/credit-and-debit-cards/.
So that you do not have to re-enter your card details for your next purchase, we offer to save your credit card information, as an additional service. In order to offer you the best possible security for your credit card information, we do not store the data ourselves, but instead have Computop store it in encrypted form.
For each credit card you use, Computop provides us with an individual pseudo-card number for your credit card, which includes just the last 3 digits of your actual credit card number. This allows you, at the time of the next payment process, to pay with your last used credit card, indicating the last 3 digits of your card number, without us storing your actual credit card data, or having to transmit them once again as part of the Computop checkout process. You simply need to enter your verification code, which is sent to Computop. This procedure increases the protection of your credit card details, as they remain under virtual lock and key at Computop during this process. Select the credit card to be used for payment, and we will send only the pseudo card number and the verification code in encrypted form to Computop; then, via the pseudo-card number, Computop recognizes which of the credit card numbers stored in the system is to be debited.
When you pay by credit card with us, the following data will be stored: the credit card type, cardholder name, card number and expiration date, but not the card verification code. This data will be stored by Computop Wirtschaftsinformatik GmbH in encrypted form for a period of 36 months. We do this to make it easier for you to make purchases in our online store in the future by selecting the registered credit card.
The following data will be processed when you pay by credit card:
• Card type (American Express, Mastercard or VISA)
• Cardholder name
• Card number
• Card verification code
• Expiration date
Strong user authentication is required by law when paying by credit card, and enables a customer-friendly, faster authentication process known as frictionless flow. In order to achieve this, the following data will also be processed in addition to the credit card data listed above:
• Basic payment account data (address details, information about the account holder’s address changes, card use frequency and the frequency and extent of changes to account access passwords)
• Billing address, delivery address and contact details for the order
• Information about the use of gift cards (card balance and frequency of use)
e) Tracking delivery
After placing an order via our online shop, you will receive status messages from the respective shipping company for your delivery, by way of package notification.
For this purpose, we will give your email address to one of the following, depending of the shipping method selected
Parcelforce, Royal Mail, Pond Street, SHEFFIELD S98 6HR
or DHL Vertriebs GmbH, Charles-de-Gaulle-Strasse 20, 52113 Bonn, Germany
others, who are likewise obliged to maintain data privacy. If you do not agree to this, you may object by contacting: service@esprit.eu.
f) Back-in-stock emails
We also offer you the option, in the event that an article you select is no longer available in your size, of us informing you by email when it is available again. To do so, we ask for your email address, so we can contact you accordingly.
2. Purpose and legal basis of data processing
a) We will use the personal data we receive upon your use of our online shop to initiate and execute purchase contracts concluded via the online shop, and for customer service and advice. In addition, we also use your personal data for the assertion of rights arising from the purchase contracts concluded or initiated with you. The legal basis for the processing of your data as part of the purchase and purchase-initiation is Art. 6(1b) GDPR.
b) The purpose of the credit check is to avoid and minimize payment failures and the corresponding risks. Since credit checks only occur if we ship the goods in advance of receiving secured funding (e.g. in the case of purchase on account), we have a legitimate interest in the processing of the data. Detailed information on Infoscore Consumer Data GmbH within the meaning of Art. 14 GDPR, i.e. information regarding the corporate purpose, the purposes of data storage, the data recipients, the right to information, the right to deletion and correction, etc. can be found via the following link: https://finance.arvato.com/icdinfoblatt. The legal basis for the transmission of your data for the purpose of credit checking is Art. 6(1b) and (1f) GDPR. Transmissions made on the basis of these provisions must be carried out only to the extent necessary to safeguard the justified interests of our company or of third parties, and to the extent that they do not prevail over the legitimate interests of the data subjects.
c) The same purposes as for b) also apply to the detection and prevention of abuse. The legal basis for the detection and prevention of abuse is also Art. 6(1b) and (1f) GDPR.
d) Your data will be processed as part of the payment transaction in order to implement the payment method you selected. Article 6 paragraph 1 points a) and b) of the General Data Protection Regulation (GDPR) serve as the legal basis for the transfer of your data to external payment providers. Strong customer authentication must be implemented whenever a credit card is used as part of a payment transaction. Article 6 paragraph 1 point c) of the GDPR serves as the legal basis for processing your data in conjunction with provisions of Directive EU 2015/2366, (the revised Payment Services Directive, PSD2) and the Payment Services Supervision Act. Insofar as, within the framework of processing a credit card payment, the purpose is to implement a more user-friendly authentication process, i.e. frictionless flow, your data will be processed based on our legitimate interest pursuant to Art. 6 Para. 1 point b) of the DSGVO.
e) The forwarding of your email address and telephone number to postal-service providers is carried out for the purpose of informing you about the status of your shipment, so that you can plan for when the package arrives at the shipping address. The legal basis for the transmission of data to the postal-service provider is Art. 6(1b) and (1f) GDPR.
f) Data processing for “click and reserve” and “click and collect” services is performed in order to enable the identification of the customer at the relevant offline store. The legal basis for the “click and reserve” and “click and collect” services is Art. 6(1b) GDPR.
g) Data processing for the back-in-stock messages occurs in order to inform you when the corresponding article is available in your size. The legal basis for the back-in-stock email is Art. 6(1a) GDPR. You may revoke the consent you grant at any time, by sending an email to service@esprit.com, with effect for the future.
3. Duration of storage
We principally process and store your data for the duration of our contractual relationship. This shall also include the initiation of a contract (pre-contractual legal relationship).
In addition, we are subject to various storage and documentation obligations, which among others arise from the German Commercial Code (HGB) and the Fiscal Code (AO). The deadlines stipulated therein with regard to the storage or documentation are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Further special statutory regulations may require a longer storage duration such as the retention of evidence within the scope of the legal statute-of-limitations. According to the Sections 195 et seqq. of the German Civil Code (BGB), the regular statute of limitations is three years, however statute of limitations of up to 30 years can also be applicable.
If the data are no longer necessary for the fulfillment of contractual or statutory obligations and rights, these will be regularly deleted, unless their limited further processing is necessary in order to fulfill the purposes listed above, as a result of a mainly legitimate interest.
In the context of payment by credit card, we store the following data for the designated periods, if you have agreed to storage when selecting the payment method “credit card”:
• PCN Pseudo-card number: this ID is stored for 36 months
• Name of cardholder: this is stored for 12 months.
• Expiry date: this is stored for 12 months,
IV. Newsletter
Information on the newsletter offered on our website can be found in the separate data protection regulations referring to the newsletter at: https://www.esprit.eu/data-protection-regulations-for-newsletter/data-protection-newsletter.html.
V. Contact form, Contact by chat or e-mail, reporting faults
1. Description and scope of data processing, operation of ESPRIT customer services by ESPRIT Europe GmbH
On our website, we provide, among other things, a contact form, chat software, an e-mail address, a fax number, a telephone number and a problem report form. Furthermore, you have the possibility to contact us via various social media platforms (Facebook, Instagram). This allows you to contact our customer service directly.
Customer services are operated by Esprit Europe GmbH, Esprit-Allee, 40882 Ratingen, a company of the Esprit corporate group.
If and to the extent that you wish to contact us via the contact form provided on our websites, via chat, e-mail, telephone, fax, via a problem report form or via social media platforms and request information about your orders or your customer status, it may be necessary for the reasonable processing of your request that you provide us with certain personal data such as your name, address, e-mail address, date of birth, order or invoice number. This data will only be used for the verification and processing of your request. In the event that you contact us via a social media platform, we would like to point out that this is not owned or controlled by Esprit and that the protection and confidentiality of the data made available to us via the respective social media platform cannot therefore be guaranteed. For questions regarding data protection, please contact the operators and owners of the respective social media platform.
To deal with your query, we will forward the details mentioned above to Esprit Europe GmbH, who will contact you independently in the following.
In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the query.
2. Purpose and legal basis of data processing
The processing of personal data via the respective contact channel is only used to process your inquiry and handle your request. This also gives rise to the required justified interest to process the data.
The other personal data that is processed during the send process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
Art. 6(f) GDPR forms the legal basis for processing the data that you provide to us in the course of your inquiry. If the aim of the contact is the conclusion of a contract, then Art. 6(1B) GDPR forms an additional legal basis.
3. Duration of storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. With regard to the personal data from the input screen of the contact form and the data transmitted by email, this shall be the case if the respective conversation with the user has ended. A conversation is ended if it is evident, based on the circumstances, that the relevant matter has been conclusively settled. However, we may need to store certain personal data from the communication exchanged in the longer term (e.g. for the purpose of providing evidence if, in the context of the communication, arrangements were made with regard to purchases, goodwill decisions by Esprit, agreements regarding payments and claims for defects, etc.)
The personal data that is additionally collected during the send process will be deleted after a maximum period of seven days.
VI. Registration as an Esprit Friend
You may at any time – either during your actual order process, or independently thereof – register as an Esprit Friend and take part in our customer loyalty program. For more information on registering as an Esprit Friend, and on the nature and extent of the personal data processed in the Esprit Friends program, please refer to the privacy statement for Esprit Friends, available at: https://www.esprit.eu/data-privacy-statement-esprit-friends/data-privacy-statement-esprit-friends.html.
VII. Store Finder
1. Description and scope of data processing
We offer a Store Finder service that displays all Esprit Stores and sale points on the basis of postcodes or based on your geolocation.
2. Purpose and legal basis of data processing
The data is processed for the purpose of providing the Store Finder service in our online shop. If you have agreed to provide your geolocation data, the data will only be processed for the purpose of finding your particular location. If you do not use the Store Finder on the basis of a postcode but instead would like the system to determine your geolocation, you can activate this option via the technical query in your internet browser. Your location will then be determined in line with the technical consent provided pursuant to Art. 6(1a) GDPR. You can revoke your consent at any time by sending an email to dp@esprit.com.
3. Duration of storage
Your location data will only be used for the specific localization process and is not stored for an extended period.
VIII. Product reviews and customer satisfaction surveys using the Medallia survey tool
We want you to be satisfied with our services and products. So, it's important that you can tell us about your shopping experience with us in an easy and straightforward way. For this, we use a Medallia customer satisfaction tool to conduct customer satisfaction surveys and receive your product reviews. We will explain the details of how this works in the following section.
There are various ways to take part in our customer satisfaction survey:
1. Through the Esprit Store
(a) If you use your Esprit Friends card to make a purchase, we will send you a separate email afterwards to invite you to take part in our customer satisfaction survey. If you follow the link in this email, it will take you directly to the website with the customer satisfaction survey. The legal basis for sending the invitation email is your consent in accordance with Article 6(1)(a) of the GDPR.
(b) You can also take part in the customer satisfaction survey by scanning the QR code with your smartphone or tablet, which you will find on your purchase receipt or on the participant card in store. The QR code links you directly to the website, where you can take part in the customer satisfaction survey. We collect data about the type of device you are using so that we can determine the participation rates for different devices. For this analysis, we use collected data in an aggregated form, which means that you can no longer be identified as an individual. The legal basis for the processing is Article 6(1)(b) of the GDPR for accessing the website and Article 6(1)(f) for processing data in connection with analysis.
2. Through the Esprit eShop
(a) If you participate in the Esprit Friends programme, we send you a separate email after you have made your purchase inviting you to take part in our customer satisfaction survey. If you follow the link in this email, it will take you directly to the website with the customer satisfaction survey. The legal basis for sending the participation email is your consent in accordance with Article 6(1)(a) of the GDPR.
(b) After you have made your purchase in the e-shop, a pop-up window appears inviting you to take part in our customer satisfaction survey. Click on the link and it will take you directly to the customer satisfaction survey. We also collect your IP address and browser information – just as we do every time you visit our website. Additionally, we collect data about the type of device you are using so that we can determine the participation rates for different devices. For this analysis, we use collected data in an aggregated form, which means that you can no longer be identified as an individual. The legal basis for the processing is Article 6(1)(b) of the GDPR for accessing the website and Article 6(1)(f) for processing data in connection with analysis.
3. Through the Esprit app
(a) After you have made a purchase, we send you a separate email inviting you to take part in our customer satisfaction survey. If you follow the link in this email, it will take you directly to the website with the customer satisfaction survey. The legal basis for sending the email inviting you to participate in the survey is your consent in accordance with Article 6(1)(a) of the GDPR.
(b) After you have made your purchase in the app, a pop-up window appears inviting you to take part in our customer satisfaction survey. Clicking the link takes you directly to the customer satisfaction survey. We collect data about the type of device you are using so that we can determine the participation rates for different devices. For this analysis, we use collected data in an aggregated form, which means that you can no longer be identified as an individual. The legal basis for the processing is Article 6(1)(b) of the GDPR for accessing the website and Article 6(1)(f) for processing data in connection with analysis. You can obtain more detailed information from the data protection notice for the Esprit app.
4. Data collection when participating in the customer satisfaction survey
When you take part in the customer satisfaction survey, we collect your personal data. This includes your first name, surname, telephone number and email address. We require this data should we need to contact you personally.
The legal basis for processing this data is your consent in accordance with Article 6(1)(a) of the GDPR.
In addition, when you complete the customer satisfaction survey, we process your IP address to enable the connection between your device and the Medallia server (see below). We also collect data on your device, operating system and browser so that we can understand the participation rates for different devices and continue to optimise our surveys for each device and browser. We also collect data on how you interact with our surveys, i.e. how long you stay on certain pages and on which page you complete a survey. We use this information to make our surveys even more customer friendly. We use the data about your device in an aggregated form for analysis, which means that you can no longer be identified as an individual.
The legal basis for the processing is Article 6(1)(b) of the GDPR for accessing the website and Article 6(1)(f) for processing the data in connection with analysis.
Transferring personal data
The customer satisfaction survey is carried out by the service provider Medallia, Inc. situated in California, USA (“Medallia”). The transfer of personal data is carried out based on the consent provided by you in accordance with Article 6(1)(a) of the GDPR and in connection with Article 28 of the GDPR (Processor).
Medallia is located outside the European Economic Area (EEA). The company is headquartered in the USA. In the case of data transfer to the USA, the same level of data protection cannot currently be guaranteed as in the countries of the European Union. Please be aware of this when you share your consent to the processing. Learn more here.
Processing and storage
We aim to process your personal data only where absolutely necessary. We will therefore store your personal data only for the length of time needed to fulfil the original purpose for which it was collected or – if applicable – so long as a longer retention period is mandatory or justifiable by law.
All the results of the survey are stored and processed such that no participant in the survey can be identified.
IX. Customer surveys using the Qualtrics tool
Your opinion is important to us, regardless of whether it is about your satisfaction with your shopping experience with us, our products and services in general or your opinions and impressions regarding the fashion world. As such, we occasionally run customer surveys in our online shop in which you can express your opinion on various topics.
Data collection when participating in the customer survey
In general, it is possible for you to participate in our customer surveys anonymously. As far as is required in the context of the customer survey or if you so wish, we collect data from you in the form of your name, surname, telephone number and e-mail address. If you wish, we use this data to contact you personally after the survey.
The legal basis for processing this data is your consent in accordance with Article 6(1)(a) of the GDPR.
When you complete the customer satisfaction survey, we always process your IP address to enable the connection between your device and the server on which the customer survey is hosted. We also collect data on your device, operating system and browser so that we can understand the participation rates for different devices and continue to optimise our surveys for each device and browser. We also collect data on how you interact with our surveys, i.e. how long you stay on certain pages and on which page you complete a survey. We use this information to make our surveys even more customer friendly. We use the data about your device in an aggregated form for analysis, which means that you can no longer be identified as an individual.
The legal basis for the processing is Article 6(1)(b) of the GDPR for accessing the website and Article 6(1)(f) for processing the data in connection with analysis.
Transferring personal data
The customer satisfaction survey is carried out by the service provider Qualtrics, which is a subsidiary of SAP. All servers used by us for the Qualtrics service are located in the European Union. The transfer of personal data is carried out based on the consent provided by you in accordance with Article 6(1)(a) of the GDPR and in connection with Article 28 of the GDPR (Processor).
Processing and storage
We aim to process your personal data only where absolutely necessary. We will therefore store your personal data only for the length of time needed to fulfil the original purpose for which it was collected or – if applicable – so long as a longer retention period is mandatory or justifiable by law.
X. Processing of data for the purpose of booking a personal shopping appointment
We are offering you the option to book an appointment for a personal shopping consultation in our Esprit stores. This document details the ways in which we process your data for this purpose.
1. Description and scope of data processing
Whenever you book a personal shopping appointment with us, we record your IP address and the time at which you accessed the booking tool, your name, your e-mail address, the date and time of the appointment you have booked, information regarding the store for which the appointment has been booked, as well as other information that you provide to us as part of the booking process.
We use cituro, an appointment booking tool developed by Florian Heymel Consulting, Schertlinstraße 48, 86159 Augsburg, to process the booking. We engage Florian Heymel Consulting as a processor to receive and process the booking requests on our behalf.
The appointment booking tool requires a cookie to be placed on the user’s device. This cookie assigns the booking made by you to your current visit to our website.
Some of our Esprit stores are run by franchisees. From the perspective of data protection laws, these stores are to be considered as independent bodies that are responsible for data processing. When booking a personal shopping appointment in a store run by a franchisee, the previously mentioned information, with the exception of your IP address and the time at which you accessed the booking tool, must be passed on to the relevant franchise store in order to process your booking.
Your data will not be passed on to third parties beyond the scope mentioned above.
2. Purpose and legal basis for processing
The purpose for processing this data is to provide the option to book an appointment and to process the booking. We also use your connection data (IP address and time of access), as well as the name and e-mail address provided by you, in order to prevent improper use of the appointment booking tool.
The legal basis for the processing of your connection data, your name, the date and time and the store for your appointment reservation, and the legal basis for passing on your reservation data to our franchise stores, if you book your personal shopping appointment at one of these stores, is the performance of a contract (Article 6(1)(b) GDPR). The legal basis for the processing of your data for the purpose of preventing improper use of the appointment booking function is our legitimate interest in the fault-free provision of this function (Article 6(1)(f) GDPR). The legal basis for the processing of all further data provided on a voluntary basis by you is your consent (Article 6(1)(a) GDPR).
3. Duration of storage
We will store your data for as long as it is required to process your appointment reservation. If you withdraw your consent or object to us processing your data, we will delete the relevant data at this point in time.
C. Your data protection rights
Under certain conditions, you may assert the following data protection rights against us:
• Right to withdraw consent: If you have consented to certain types of processing activities, you can withdraw your consent at any time with future effect. However, please note that this withdrawal does not affect the legitimacy of the processing activities that took place before you withdrew your consent, or if the processing is justified on the grounds of another legal basis.
• Right of access: You have the right to obtain information from us about your data stored in our company according to the regulations of Art. 15 GDPR (if applicable with restrictions according to Section 34 BDSG)
Right to rectification: Following an application from you we will rectify the data stored in relation to your person according to Art. 16 GDPR if these are incorrect, incomplete or faulty.
• Right to erasure: If you request it, we will erase your data according to the principles of Art. 17 GDPR, if this is not opposed by other statutory regulations (e.g. statutory storage obligations or the restrictions according to Section 35 GDPR) or by a prevailing interest on our part (e.g. for the defense of our rights and claims).
• Right to restriction of processing: By taking the prerequisites of Art. 18 GDPR into consideration, you can request the restriction of the processing of your data.• Right to object: You can also object to the processing of your data in accordance with Art. 21 GDPR. This right to object exists if there are certain reasons that arise from your special situation, and only for data processing the legitimacy of which is based on a consideration of the various interests, which relates to profiling or that is carried out for the purpose of direct advertising. In this case, your data will no longer be processed unless we are legally entitled to decline your objection. Nonetheless, if you object to direct marketing, including profiling, we will no longer process your data for these purposes, without you having to provide grounds.
Insofar as you have granted consent to direct marketing, but no longer wish to receive it, you may revoke your consent at any time, with future effect.
• Right to data portability: In accordance with the regulatory requirements of Art. 20 GDPR, you also have the right to receive your data in a structured, common and machine-readable format, or to have the same transmitted to a third party.
• Complaints submitted to the data privacy authority: You also have the right to lodge a complaint with any competent data privacy supervisory authority (Art. 77 GDPR). However, we recommend that a complaint is always first lodged with our Data Protection Officer (dp@esprit.com), so that we can address your concerns as quickly and in the most customer-focused manner possible.
To ensure that your request is processed promptly, please direct your submissions regarding the exercise of your rights to the address below or directly to our Data Protection Officer in writing.
Esprit Retail B.V. & Co. KG
Esprit-Allee 1
40882 Ratingen
Germany
D. Disclosure to third parties
By granting your consent, your personal customer data will be saved and processed in our CRM system and transferred to our e-mail and push message distribution system (Salesforce Marketing Cloud) in order to communicate with customers by e-mail or push messages. This distribution system is operated by Salesforce Inc. Your data (customer number, name, address, telephone number, e-mail, marketing permissions etc.) are hosted in the European Union by Salesforce. Salesforce does not allocate your data to you. This is technically ensured. When you grant us your consent, we use this system to collect information on e-mail usage (mailing, opening, clicks) to improve our service for you and to send you more customised information. If you no longer want this, you may object at any time by unsubscribing from the newsletter and/or push messages.
We have also engaged additional service providers, who will have access to your data as data processors and process this data for purposes we have specifically defined. These data processors may be marketing service providers, website hosting service providers, IT support service providers or website analysis service providers. You can find information on these service providers in the paragraphs of this data protection statement about the respective data processing procedures.
Should it be legally necessary, we would also be obligated to transfer certain data to third parties. Depending on the circumstances, this may include legal authorities, outside advisers, business partners, courts, experts as well as in-house committees and control bodies where necessary.
E. Version
This data privacy information was most recently updated on 15.09.2023. Esprit reserves the right to update this data privacy information periodically.