DATA PROTECTION

If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to

ROY ROBSON FASHION GmbH & Co. KG
Bleckeder Landstraße 18-20
21339 Lüneburg
Tel. 04131-8870 E-Mail  office@royrobson.com

2. Legal bases

The data protection term “personal data” refers to all information that relates to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (Section 25 para. 1 TDDDG or Art.  6 Para. 1 letter. a GDPR), for the performance of a contract to which you are party or, at your request, for the implementation of pre-contractual measures (Art. 6 Para. 1 letter. b GDPR), to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 letter c GDPR). 6 Para. 1 letter. f GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 para. 1 p. 1 BDSG or Art. 6 para. 1 letter b GDPR).

3. duration of storage

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for ten years and store personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. categories of recipients of the data

We use processors within the scope of processing your data. The processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee suitable technical and organizational measures for data protection. We may also transfer your personal data to bodies such as postal and delivery services, your bank, tax consultants/auditors or the tax authorities. Further recipients may result from the following information.

5. data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if suitable guarantees are in place in accordance with Art. Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless there is an adequacy decision and unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of receiving or viewing a copy of these EU standard data protection clauses. Please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 letter a GDPR.

6. processing in the exercise of your rights

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

These processing operations are based on the legal basis of Art. 6 para. 1 letter c GDPR in conjunction with Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

7. your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.
• You have the right to request that we rectify your data in accordance with Art. 16 GDPR.
• You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
• If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.
• If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8. right of objection

In accordance with Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 letter e or f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. Art. 21 para. 2 and para. 3 of the GDPR.

 

9. data protection officer

You can reach our data protection officer using the following contact details:

E-mail: datenschutzbeauftragter@royrobson.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de
 

I. Data processing on our websites

1. general information about our websites

ROY ROBSON FASHION GmbH & Co KG operates several websites. When you use the websites, we collect information that you provide yourself. In addition, during your visit to our websites, we automatically collect certain information about your use of the website. Under data protection law, the IP address is also considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
The following information applies to all websites operated under the responsibility of ROY ROBSON FASHION GmbH & Co KG. If special data processing takes place on individual websites, this will be indicated accordingly.

a. Cookies

We use cookies and similar technologies (“cookies”) on our websites. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases.

The use of cookies is in part technically necessary for the operation of our websites and is therefore permitted without the user’s consent. We may also use cookies to offer special functions and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 para. 1 TDDDG and, if applicable, Art. 6 para. 1 letter a GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings link  Cookie settings

of our Consent Management Tool.

b. Consent Management Tool

Our websites use the Borlabs Consent Management Tool from Borlabs GmbH (Germany, EU) to control cookies and the processing of personal data.

The consent banner enables users of our websites to give their consent to certain data processing operations or to withdraw their consent. By confirming the “Accept all” button or by saving individual cookie settings, you consent to the use of the associated cookies.
The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a GDPR.

The banner also helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and other log data relating to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

You can revoke your consent for cookies here: Link

c. Meta pixel

We use Meta Pixel, a meta business tool from Meta Platforms Ireland Limited (Ireland, EU), on our websites. Information on the contact details of Meta Platforms Ireland Ltd. and the contact details of the data protection officer of Meta Platforms Ireland Ltd. can be found in the data policy of Meta Platforms Ireland Ltd. at  https://www.facebook.com/about/privacy.

The meta pixel is a JavaScript code snippet that enables us to track the activities of visitors on our websites. This tracking is called conversion tracking. The meta pixel collects and processes the following information (so-called event data) for this purpose:

• Information on the actions and activities of visitors to our websites, such as searching for and viewing a product or purchasing a product;
• Specific pixel information such as the pixel ID and the Facebook cookie;
• Information on buttons clicked by visitors to the websites;
• Information present in the HTTP headers, such as IP addresses, information about the web browser, the location of the page and the referrer;
• Information on the status of the deactivation/restriction of ad tracking.

Some of this event data is information that is stored on the device you are using. In addition, the meta pixel also uses cookies to store information on the device you are using. Such storage of information by the meta pixel or access to information that is already stored on your device only takes place with your consent in accordance with Section 25 para. 1 TDDDG.

The event data collected via the meta pixel is used to target our advertisements and to improve ad delivery on meta products such as the social media platforms Facebook and Instagram, to personalize functions and content and to improve and secure the meta products. For this purpose, the event data collected on our websites using the meta pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have entered into an agreement with Meta Platforms Ireland Ltd. on processing as joint controllers, which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things

• that we are responsible for providing you with all information acc. Art. 13, 14 GDPR on the joint processing of personal data;
• that Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects under Art. 15 to 20 GDPR with regard to personal data stored by Meta Platforms Ireland Ltd. following joint processing.
  
  

You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum .

Meta Platforms Ireland Ltd. is solely responsible for the subsequent processing of the submitted Event Data. For more information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how to exercise your rights against Meta Platforms Ireland Ltd., please refer to Meta Platforms Ireland Ltd.’s Data Policy at  https://www.facebook.com/about/privacy.

We have also commissioned Meta Platforms Ireland Ltd. to prepare reports on the impact of our advertising campaigns and other online content (campaign reports) and to generate analyses and insights about users and their use of our websites, products and services (analyses) on the basis of the event data collected via the meta pixel. For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Ltd. The transmitted personal data is processed by Meta Platforms Ireland Ltd. as our processor in order to provide us with the campaign reports and analyses.

The collection and transfer of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the creation of analyses and campaign reports will only take place if you have given your prior consent. The legal basis for the processing of personal data is therefore Art. 6 para. 1 letter a GDPR.

The data processed on our behalf will be transferred by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses, but reserves the right to use an alternative means of transfer recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.

d. WP Statistics

We use the WP Statistics service on our websites, a WordPress plugin from VeronaLabs OÜ (Estonia, EU). WP Statistics provides us with various statistics about the use of our website, e.g. the number of website visitors and their origin. These statistics allow us to improve our website and tailor it to the needs of our visitors.
When using the service, your IP address is collected and then anonymized.
Your data is processed on the basis of Art. 6 para. 1 letter f GDPR and is based on our legitimate interest in the optimization and economic operation of our website.
Further information on data protection when using WP Statistics can be found at  https://wp-statistics.com/2018/08/16/wp-statistics-gdpr/?utm_source=WordPress&utm_medium=link&utm_campaign=ProductIntroduction.

e. YouTube

We use the YouTube service of Google Ireland Limited (Ireland, EU) on our websites to integrate videos. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies. We use YouTube in “extended data protection mode” so that YouTube does not use cookies to analyze the use of our website.

The processing of your data is based on your consent in accordance with Art. 6 para. 1 letter a GDPR. Your consent is managed via our Consent Management and can be revoked at any time.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at  https://www.google.com/policies/privacy.

2. further data processing on our websites

In addition, further data processing takes place on certain websites, about which we will inform you below.

a. Data processing on https://royrobson.com/

i. Contact form

Our website contains contact forms that you can use to send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address line of the browser). All data fields marked as mandatory are required to process your request. If you do not provide this data, we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of answering your request.

If your request is aimed at the conclusion or execution of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f GDPR.

ii. Dealer area

If you as a retailer would like to use our retailer area, e.g. to download images and film material from our collections, you must register via the website. The information required can be found in the registration form. The provision of the information marked as mandatory is mandatory in order for the registration to be completed. The data provided will be processed for the purpose of providing the service. The legal basis for this processing is Art. 6 para. 1 letter f GDPR. If you are personally a contractual partner of ours, the processing is carried out on the legal basis of Art. 6 para. 1 letter b GDPR.

iii. Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. Once you have registered, we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify your e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

iv. Vimeo

On our website, we use the Vimeo service of Vimeo, Inc. (USA) for the integration of videos. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Vimeo and Vimeo may set its own cookies.
Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
When using the service, a transfer of your data to the USA cannot be excluded. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Vimeo can be found in Vimeo’s privacy policy at  https://vimeo.com/privacy.

v. GoogleMaps

We use Google Maps from Google Ireland Limited (Ireland, EU) on our website to display maps and for virtual tours. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies.
Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
When using the service, a transfer of your data to the USA cannot be excluded. Please also note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at  https://www.google.com/policies/privacy.

b. Data processing on https://100years.royrobson.com/

We use Adobe Fonts from Adobe Systems Software Ireland Limited (Ireland, EU) on our website for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Adobe. For licensing reasons, it is necessary for the page views to be counted, which is why your browser transmits our Adobe customer ID as the website operator, among other things. No cookies are set in the process. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website. If your browser does not support web fonts, a standard font will be used by your computer.

The processing of your data takes place on the basis of Art. 6 para. 1 letter f GDPR and is based on our legitimate interest in the uniform and appealing presentation of our website.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Adobe can be found in Adobe’s privacy policy at  https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

 
II Data processing on our social media pages

We have a company page on several social media platforms. In this way, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

• Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter referred to as “Meta”;
• Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter referred to as “Meta”;
• LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter referred to as “LinkedIn”;
• TikTok of TikTok Technology Limited, (Ireland, EU), hereinafter referred to as “TikTok”;
• XING of NEW WORK SE, (Germany, EU), hereinafter referred to as “XING”.

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, during your visit to a social media site, certain information is often automatically collected, which may also constitute personal data.

1. visiting a social media page

hen you visit our social media page, which we use to present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. Further information on the processing of personal data can be found in their privacy policies, which we link to below:

• Meta (https://www.facebook.com/privacy/explanation). Meta offers the option of objecting to certain data processing; information and opt-out options in this regard can be found at  https://www.facebook.com/settings?tab=ads;
• LinkedIn(https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)
• TikTok(https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE)
• XING(https://privacy.xing.com/de/datenschutzerklaerung/druckversion)

The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, with the help of which we gain knowledge about the types of actions that people take on our site (so-called “page insights”). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6 para. 1 letter f GDPR.

We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have entered into agreements with the operators of the social media platforms on processing as joint controllers, in which the distribution of data protection obligations between us and the operators is defined. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and the operators can be found under the following links:

• Meta(https://www.facebook.com/legal/terms/information_about_page_insights_data);
• LinkedIn(https://legal.linkedin.com/pages-joint-controller-addendum);
• TikTok(https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms);
• XING(https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit).
  
  

You also have the option of asserting your rights against the operators. You can find further information on this under the following links:

• Meta(https://www.facebook.com/privacy/explanation);
• LinkedIn(https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de);
• TikTok(https://privacytiktok.zendesk.com/hc/en-us/requests/new);
• XING(https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen).
  
  

We have agreed with Meta, LinkedIn and TikTok that the Irish Data Protection Commission will be the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

2. communication via social media sites

We also process information that you have provided to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting people who make inquiries. The legal basis for data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

III. further data processing

1. applications

If you apply to our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 sentence 1 BDSG or Art. 6 para. 1 letter a GDPR. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR is freely revocable. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

2. contact by e-mail

If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request. We process this data on the basis of our legitimate interest in contacting inquiring persons.

The legal basis for data processing is Art. 6 para. 1 letter f GDPR.

3. contractual relationship

In order to establish or execute the contractual relationship with our customers, suppliers and business partners, it is regularly necessary to process the personal data provided to us, such as the name and contact details of the respective contact person. The legal basis for this processing is Art. 6 para. Letter f GDPR and we base this processing on our legitimate interest. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this serves to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

4. use of the e-mail address for marketing purposes

We may use the e-mail address you provide to inform you about our own similar products and services.

The legal basis is Art. 6 para. 1 letter f GDPR in conjunction with. § Section 7 para. 3 UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to newsletter@royrobson.com.

Status: [2.0, August 2023]