Data protection declaration

in accordance with the requirements of the EU GDPR of 25 May 2018

 

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:

Simplicity trade GmbH
Heinrich-Hertz-Straße 2
59302 Oelde
Germany
Tel.: 00800 - 338 670 48 (free of charge)


E-mail: info@simplicity.ag
Website: de.simplicity.ag or en.simplicity.ag

Managing Director authorised to represent the company: Stefan Leewe
Responsible registry court: Münster
Commercial Registry Number: HRB 14936

 

II. Name and address of the Data Protection Officer

The data controller's Data Protection Officer is:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy
Langemarckstraße 20
45141 Essen
Germany
Tel.: +49 (0) 2522 8330-3155
E-mail: dataprotection@simplicity.ag

 

III. General information on data processing

1. Scope of the personal data processing

We collect and utilise our users' personal data only insofar as this is necessary for provision of an operational website and of our content and services. Collection and utilisation of our users' personal data is only undertaken periodically with the user's consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.

2. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 (a) of the EU Data Protection Ordinance (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 (d) GDPR applies as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.

3. Data deletion and storage duration

The data subject's personal data will be deleted or blocked as soon as the reason for storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

 

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
(1) Information regarding the used browser type and version
(2) The user’s operating system
(3) The user's IP address
(4) Date and time of access
(5) Websites from which the user's system accesses our website

The data is also stored in our system's log files. This data is not stored together with other personal user data. This process is anonymised. It is not possible to draw any conclusions about you personally. The data you provide helps us to design and continuously improve your shopping experience in our online shop. For this purpose, user profiles are created using a pseudonym. A connection between the person behind the pseudonym and the collected usage data is not established. When this purpose is achieved, log data is deleted.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.

3. Purpose of the data processing

Temporary storage of IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for providing the website, this will be undertaken once the respective session has ended.

Any data is to be stored in log files will be stored for seven days at most. Further storage is possible. In this case, the user's IP addresses will be deleted or distorted, so that identification of the accessing client is no longer possible.

5. Objection and removal option

Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there the user has no option to object.

 

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

Two types of cookies are used. Temporary cookies are automatically deleted when you close your browser (so-called session cookies). Other Cookies remain on your end device and enable us and our partner companies to recognise your browser on your next visit (persistent Cookies). This type of cookie allows you to be recognized when you return to the site. These serve to make our website more user-friendly, effective and secure. Some elements of our website require that the calling browser can be identified even after changing pages.

The following data is stored and transmitted in the cookies:
(1) Items in a shopping cart
(2) Log-in information

We also use cookies on our website which enable analysis of the user's surfing behaviour.

The following data can be transmitted in this way:
(1) Frequency of page views
(2) Use of website functions

The user data collected in this way is pseudonymised via technical arrangements. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users' other personal data.

When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings. They therefore regulate the handling of cookies themselves. For authorisation, rejection, inspection and deletion please use the help function of your browser.

2. Data processing with Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is activated on our website, your IP address will be stored by Google in shortened form within member states of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened in exceptional cases.
Google will use the information generated by the cookies on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. When you visit a Google Display Network website, Google uses a cookie to store a number in the user's browser. This number is used to record your visits. It is used to uniquely identify a web browser on a particular computer and not to identify a person. Users' browsers can then be assigned to a demographic category based on the websites they visit, such as a specific gender, age group or parental status. In addition, some websites provide demographic information that users share on certain websites, such as social networks. Google may also use demographic features derived from Google profiles. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

By using our website you agree to the processing of data relating to you and collected by Google, and to the processing of data as described above and for the purpose described above. You may refuse the saving of cookies by selecting the appropriate settings in your browser. We would like to point out, however, that doing this may mean that not all functions of this website can be used to their full extent.
You can also prevent the disclosure to Google and processing by Google of the data generated by cookies about your use of the website (incl. your IP address), by downloading and installing the browser plugin available via the following Link.

3. Data processing with the Google Tag Manager

The Google Tag Manager manages website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not collect any personal data.

4. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 (f) GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 para. 1 (a) GDPR.

5. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website are not offered without the use of cookies. In this case, it is necessary that the browser be recognised even after changing the page.

We require cookies for the following applications:
(1) Shopping cart

The user data collected by technically necessary cookies shall not be used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimise our service.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 para. 1 (f) GDPR.

6. Duration of storage, objection option and removal option

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.

 

VI. MyFonts Web Fonts

Our website uses fonts provided by the company MyFonts Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA. When you access the website, data is also retrieved from a MyFonts server, which allows MyFonts to obtain information about your IP address and browser type. In doing so, MyFonts also learns, among other things, that you have accessed the font via our website. Some browsers allow you to restrict or modify the data transmitted to the server. Whether this is possible depends on the manufacturer of the browser used. Even if MyFonts only needs the transmitted information, in particular the IP address, to deliver the content retrieved, it is beyond our knowledge and influence whether and to what extent MyFonts also evaluates or stores this information statistically. Further information on data protection at MyFonts can be found under the following link: https://www.myfonts.com/info/terms-and-conditions.

 

VII. Google Maps

Our website uses the map service Google Maps. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

More information on the handling of user data can be found in the Google data protection declaration: https://www.google.de/intl/de/policies/privacy/.

 

VIII. Career Portal

You can apply for open positions online on our career portal. The portal is operated by the company softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin (hereinafter: softgarden) on our behalf. You can send your application without registration at softgarden. Within the scope of your application you can make entries in various input fields. Mandatory fields will be marked when sending the application. Your application data will be stored at softgarden in a German or French data center. Your data will only be used for the respective application process and will be deleted immediately afterwards, unless an employment contract is concluded. If necessary, we will ask you whether we may store your data for a period of 6 to 12 months for the possible consideration of further vacancies. With your application you agree that the personal data provided by you will be processed by us and the company softgarden for the purpose of fulfilling the application selection process.

 

IX. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. The data from the contact form is transmitted to us when you subscribe to the newsletter.

The following data is collected during registration:
(1) Email address
(2) Date and time of subscription

During the registration process, your consent is obtained for processing data and reference is made to this data protection declaration.
If you purchase goods or services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.

No data is disclosed to third parties in connection with data processing for sending newsletters. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for processing data after the user registers for the newsletter is, if the user's consent to this has been obtained, Art. 6 Para. 1 (a) GDPR.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 para. 3 of the Unfair Competition Law (UWG).

3. Purpose of the data processing

The user's email address is collected in order to deliver the newsletter.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active.

5. Objection and removal option

The subscription to the newsletter can be cancelled by the user at any time. A link to do this can be found in every newsletter.

 

X. Email contact

1. Description and scope of data processing

You can contact us via the e-mail address provided. In this case, the user's personal data that is transmitted along with the e-mail will be stored.
The data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent.
The legal basis for processing the data transferred in the course of sending an email is Article 6 paragraph 1 (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.

3. Purpose of the data processing

The processing of personal data in the input screen is used by us only for processing the contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

5. Objection and removal option

The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.
The responsible body within the meaning of the BDSG is Simplicity trade GmbH, Heinrich-Hertz-Strasse 2, 59302 Oelde, represented by its Managing Director, Mr Stefan Leewe.

You may at any time and for no fee receive information about the data we have stored about you without stating any further reason. You can also have your data collected by us blocked, corrected or deleted at any time. Furthermore, you can revoke your consent to the collection and use of data given to us at any time without stating any reasons. Please contact the following e-mail addresses: datenschutz@opus-fashion.com or datenschutz@someday-fashion.com with the subject "Data Protection Objection". We will take care of it immediately. We will be happy to answer any further questions you may have about our data protection policy and the processing of your personal data.
All personal data stored in the course of contacting us will be deleted as a result.

 

XI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the data controller:

1. Right to information

You can request that the data controller confirm whether we will process personal data that concerns you.
If such processing takes place, you can request to be informed by the data controller regarding the following information:
(1) the purposes of processing the personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned storage duration of personal data concerning you or, if specific information in this respect is not possible, criteria for determining the storage period;
(5) the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data has not been collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 paras. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. The right of rectification

You have a right of rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction immediately.

3. The right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:
(1) you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller does not need the personal data for longer than the purposes of the processing, but you need it for the assertion, exercising or defence of legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

Where the processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the European Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data that concerns you has been processed unlawfully;
(5) The deletion of personal data is required to comply with legal obligations according to European Union law or the laws of the Member States to which the data controller is subject;
(6) The personal data that concerns you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Transfer of personal data to third parties

If the data controller has made the personal data concerning you public and is in accordance with Article 17 para. 1 of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right of freedom of expression and information;
(2) for the performance of a legal obligation required for processing under European Union law or the law of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 (h) and (i) and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
It is your right to have the controller inform you regarding such recipients.

6. Right to data portability

You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as
(1) processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
(2) the processing is undertaken using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. The right to revoke the data protection declaration of consent

You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing taking place on the basis of this consent before its revocation.

9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or fulfilment of a contract between you and the data controller;
(2) is permissible on the basis of legislation of the European Union or the Member States, to which the data controller is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests, or
(3) is undertaken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on behalf of the data controller, to state his or her own position and to challenge the decision.

10. The right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.