c b

Data protection information

of About You Holding AG, Domstraße 10, 20095 Hamburg (as at: April 2021)

In the following data protection information, we inform you about the processing of personal information carried out by About You Holding AG, Domstraße 10, 20095 Hamburg ("ABOUT YOU" and/or "we" and/or "responsible party") in accordance with the German Data Protection Regulation ("DSGVO") and the German Federal Data Protection Act (BDSG 2018). Our data protection information applies to all websites, applications and other services and performances (hereinafter collectively referred to as "Services") which are offered by ABOUT YOU in Europe.

Please read our privacy policy carefully. If you have any questions or comments about our privacy policy, please contact us at datenschutzbeauftragter@aboutyou.de.

Content

1. name and contact details of the controller

2. contact details of the data protection officer

3. purposes of the data processing, legal bases and legitimate interests pursued by the controller or a third party, as well as categories of recipients

3.1 Accessing our websites/applications

3.1.1 Log files

3.1.2 Cookies, Tracking

3.1.3 Consent Management

3.1.4 Newsletter

3.4 Online presence and service optimisation

3.4.1 Google Analytics

3.5 Contacting

4. processors

5. storage period and data deletion

6. recipients outside the EU

7. your rights

7.1 Overview

7.2 Right of objection

7.3 Right of withdrawal

8 Overview of cookies and other technologies

1. name and contact details of the controller

This data protection information applies to data processing by

About You Holding AG
Domstraße 10
20095 Hamburg, Germany
Phone: +49 40 638 569 359
Email: ir@aboutyou.com

represented by the board of directors: Tarek Müller, Hannes Wiese and Sebastian Betz

for the following websites / applications: https://ir.aboutyou.de/

2. contact details of the data protection officer

You can contact the company data protection officer(s) of the data controller at reach.

About You GmbH
z. Hd. Sebastian Herting - Data Protection Office
Domstrasse 10
20095 Hamburg Germany

Email: datenschutzbeauftragter@aboutyou.de

3. purposes of the data processing, legal bases and legitimate interests pursued by the controller or a third party, as well as categories of recipients

3.1 Accessing our websites/applications

3.1.1 Log files

Each time services are accessed, information is sent by the respective internet browser of your respective end device to the server of our service and temporarily stored in log files, the so-called log files. The data records stored in this process contain the following data, which are stored until automatic deletion: Date and time of the request, name of the requested page, IP address of the requesting device, referrer URL (URL from which you came to our service), the amount of data transferred, loading time, as well as product and version information of the browser used and the name of your access provider.

The legal basis for the processing of the IP address is Article 6(1)(f) DSGVO. Our legitimate interest results from the

  • Ensure smooth connection establishment,
  • Ensuring a comfortable use of our services,
  • Evaluation of system security and stability.

A direct conclusion to your identity is not possible on the basis of the information and will also not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

3.1.2 Cookies, Tracking

On various pages, we use cookies or similar technologies (together also referred to as "cookies") to make visiting our services attractive and to enable the use of certain functions as well as to statistically record the use of our services. Cookies are small text files that are automatically created by your browser and stored on your respective end device (laptop, tablet, smartphone or similar) when you visit and/or use our services. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that arises in connection with the specific end device used. This does not mean, however, that we can gain direct knowledge of your identity and/or draw conclusions about you. Most of the cookies used are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your terminal device the next time you visit us (so-called permanent or cross-session cookies).

We use cookies to provide and optimise our services. We use a large number of cookies exclusively on the basis of your consent. An exception to this consent requirement only applies to cookies that are absolutely necessary for the provision of our services. We generally divide cookies and similar technologies into three categories according to their purpose:

Essential cookies

These cookies are absolutely necessary for the function of our services. This applies, for example, to cookies that shop login data after registration in our online shop, so that the user remains logged in to our online shop even after switching to another page, or for cookies that ensure that a user-specific configuration of the service functions (selected language, etc.) is maintained over sessions. In addition, we carry out so-called reach measurements on the basis of such cookies, with which we determine how our services are used in order to be able to provide them to our users in a needs-based form. Furthermore, these cookies contribute to a safe and proper use of our services. According to the law, we do not require your consent for the use of such cookies.

You can find out which cookies fall into the category of cookies that are absolutely necessary in our preference centre. here.

Functional cookies

These cookies enable us to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use in our Services. If you do not allow these cookies, some or all of these services may not work properly. These cookies also allow us to conduct market research.

We only use these cookies on the basis of your consent.

You can find out which cookies fall into the functional cookie category in our preference centre here.

Marketing cookies

These cookies can be set by us or our partners via our services in order to show you relevant content/advertising both on our sites and on third-party sites. In the process, so-called profiles can be formed on the basis of your interests. A direct identification of a person is usually not possible through this information, as only pseudonymous browser and/or device information is used. If you do not allow these cookies, you will experience less relevant content/advertising tailored to your interests.

We only use these cookies on the basis of your consent.

You can find out which cookies fall into the marketing cookie category in our preference centre here.

If we use cookies on the basis of your consent, you give this consent by clicking on the "Ok" button on the banner displayed when you visit our services - if necessary after you have made certain settings. If you do not wish to give your consent, you can simply click on "Settings" and "Confirm selection".

By clicking on "Ok", you consent to the use of cookies. On the other hand, in this way we obtain your consent - where necessary - to the processing of your data based on these cookies, including the transfer of such data to our marketing partners (third parties). Our marketing partners also use cookies and other technologies to personalise, measure and analyse content/advertising.

Notice of right of withdrawal

You can revoke your consent in whole or in part at any time with effect for the future by changing your settings in our Preference Center here.

Browser settings

Of course, you can also set up your browser so that it does not place cookies on your end device. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you can let your browser know when you receive a new cookie or how you can delete all cookies you have already received and block them for all further cookies.

Please proceed as follows:

In Internet Explorer:
  1. Select "Internet Options" in the "Extras" menu.
  2. Click on the "Privacy" tab.
  3. Now you can make the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
  4. Confirm the setting with "OK".
In Firefox:
  1. In the "Extras" menu, select the "Settings" item.
  2. Click on "Data protection".
  3. Select the entry "Create according to user-defined settings" in the drop-down menu.
  4. Now you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions, which websites you always or never want to allow to use cookies.
  5. Confirm the setting with "OK".
In Google Chrome:
  1. Click on the Chrome menu in the browser toolbar.
  2. Now select "Settings".
  3. Click on "Show advanced settings".
  4. Click on "Content settings" under "Privacy".
  5. Under "Cookies" you can make the following settings for cookies:
    • Delete cookies
    • Block cookies by default
    • Delete cookies and website data by default after exiting the browser
    • Allow exceptions for cookies from specific websites or domains

We would like to point out that in this case not all functions of our services can be used to their full extent.

Overview of cookies and other technologies

You can find an overview of the cookies and other technologies used on our pages here.

3.1.3 Consent Management

We use a consent management tool ("OneTrust") provided by OneTrust, LLC (UK headquarters: Cannon Green, 27 Bush Lane, London EC4R 0AA, UK and US headquarters: 1350 Spring Street NW, Suite 500, Atlanta, Georgia 30309, USA ) to manage your preferences and document consent from users of our services. OneTrust is used, among other things, to store cookie settings for the entire website. OneTrust stores information about the categories of cookies used by the website and whether users have given or revoked their consent to the use of each category. This allows us to prevent cookies in each category from being set in the user's browser unless consent is given. OneTrust uses cookies for information storage, which have a normal lifetime of one year, so that the preferences of returning visitors are stored.

The legal basis for this data processing is Art. 6 para. 1 c), f) DSGVO.

3.1.4 Newsletter

Within the scope of our services, we offer you the possibility to register for our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receive our newsletter (possibly only for certain topics), we will send you a confirmation link to the email address you provided. Only when you click on this confirmation link will your email address be included in our distribution list for sending our newsletter. The legal basis for this data processing is Article 6(1)(a) DSGVO.

Notice of right of withdrawal

You can revoke your consent at any time with future effect by using the unsubscribe option at the end of each newsletter.

3.4 Online presence and service optimisation

3.4.1 Google Analytics

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analysis service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google"), on the basis of Article 6 (1) (f) DSGVO.

In this context, Google creates pseudonymised usage profiles on our behalf with the help of cookies. The information generated during your use of this website, such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • time of the server request

The data collected by Google will be used on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will only be stored in abbreviated form and the information about your use of the website will not be merged with other Google data.

You may refuse the use of cookies (including Google Analytics cookies) by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection and processing of information generated by your use of this website by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout?hl=en .

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link.

If you would like to change your cookie settings, please click here . An opt-out cookie will be set to prevent future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found on the Google Analytics website.

3.5 Contacting

You have the option of contacting us in several ways. By e-mail, by telephone, by fax, by post or via our contact form. When you contact us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your enquiry.

The legal basis for this data processing is Art. 6(1)(a), Art. 6(1)(b), Art. 6(1)(c) DSGVO as well as Art. 6(1)(f) DSGVO

4. processors

In the course of processing your data, we use so-called processors in some areas. A processor is a natural or legal person, authority, institution or other body that processes personal data on our behalf, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller.

5. storage period and data deletion

ABOUT YOU will only store personal data for as long as is necessary for the purposes stated in this privacy policy, in particular to fulfil our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the continued storage for certain purposes is permitted by law.

If complete deletion is not possible or not required for legal reasons, we block this information. For example, it is blocked if commercial or tax retention obligations apply, for example from the German Commercial Code (HGB) and the German Fiscal Code (AO). Here we are obliged to retain this information for tax audits and audits for up to ten years. Even if no statutory retention obligation applies, we can refrain from immediate deletion in certain legally permitted cases. This applies, for example, if the information in question may still be needed for legal prosecution or legal defence. The relevant criterion for the duration of the blocking is then the respective statutory limitation periods, after the expiry of which we then delete the information.

6. recipients outside the EU

With the exception of the processing described above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The aforementioned processing operations include the transfer of data to the servers of the tracking technology providers commissioned by us. These servers may be located in the USA. The data transfer takes place on the basis of so-called standard contractual clauses of the EU Commission. In addition, we ensure an appropriate level of data protection through further suitable measures.

7. your rights

7.1 Overview

In addition to the right to revoke your consent given to us, you have the following further rights if the respective legal requirements are met:

  • the right to information about your personal data stored by us (Art. 15 DSGVO), in particular you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of their data, if this has not been collected directly from you;
  • the right to have inaccurate data corrected or to have correct data completed (Art. 16 GDPR),
  • the right to have your data stored by us deleted (Art. 17 DSGVO), insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed by us,
  • the right to restrict the processing of your data (Art. 18 DSGVO), insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure; the controller no longer requires the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 DSGVO,
  • the right to data portability according to Art. 20 DSGVO, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to demand the transfer to another responsible person.
  • the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
You can assert the aforementioned rights to which you are entitled at datenschutzbeauftragter@aboutyou.de.

7.2 Right of objection

Under the conditions of Art. 21 (1) DSGVO, data processing may be objected to for reasons arising from the particular situation of the data subject.

The above general right of objection applies to all processing purposes described in this Privacy Policy that are processed on the basis of Article 6(1)(f) of the GDPR. Unlike the specific right to object to data processing for marketing purposes, the GDPR only requires us to implement such a general right to object if you provide us with overriding reasons for doing so (e.g. a possible risk to life or health).

7.3 Right of withdrawal

If we process data on the basis of your consent, you have the right to revoke this consent at any time. The revocation of the consent does not have the consequence that the data processing carried out on the basis of the consent up to the time of the revocation becomes ineffective.

8 Overview of cookies and other technologies

You can find an overview of the cookies used on our pages here.