Privacy Policy

of ABOUT YOU Holding SE, Domstraße 10, 20095 Hamburg (as of June 2024).

In the following Privacy Policy, we inform you about the processing of personal data carried out by ABOUT YOU Holding SE, Domstraße 10, 20095 Hamburg ("ABOUT YOU" and/or "Controller") in accordance with the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG"). Our Privacy Policy applies to the following websites, applications, and other services (hereinafter collectively referred to as "Services"): www.ir.aboutyou.de.

Please read our Privacy Policy carefully. If you have any questions or comments about our Privacy Policy, please contact us at datenschutzbeauftragter@aboutyou.de.

 

 

1. Name and Contact Details of the Controller

This Privacy Policy applies to data processing by

ABOUT YOU Holding SE,
Domstraße 10, 20095 Hamburg
Phone: +49 40 638 569 359
E-mail: ir@aboutyou.com

represented by the Management Board members Tarek Müller, Hannes Wiese, and Sebastian Betz.
Chairman of the Supervisory Board: Sebastian Klauke

Website: www.corporate.aboutyou.de

for the following services: www.ir.aboutyou.de

2. Contact Details of the Data Protection Officer

You can contact the Data Protection Officer of the Controller at

ABOUT YOU Holding SE
Attn: Sebastian Herting - Data Protection Law Firm
Domstraße 10
20095 Hamburg Deutschland

E-Mail: datenschutzbeauftragter@aboutyou.de

3. Purposes of Data Processing, Legal Bases and Legitimate Interests pursued by the Controller or a Third Party and Categories of Recipients

3.1. Access to our Websites/Applications

3.1.1. Log-Files


Each time you access Services, information is sent to the server of our service by the respective Internet browser of your respective end device and temporarily stored in Log-Files. The data records stored in the Log-Files contain the following data: Date and time of access, name of the page accessed, IP address of the requesting device, device type, cfRayId, referrer URL (origin URL from which you came to our service), the amount of data transferred, loading time, product and version information of the browser used in each case and the name of your internet access provider. We process the Log-Files in order to be able to provide our Services reliably and securely.
Insofar as we process personal data (e.g., the IP address), the legal basis for this is Art. 6 para. 1 f) GDPR. Our legitimate interest arises from the

    • Ensuring a smooth connection setup,
    • To ensure convenient use of our Services,
    • Evaluation of system security and stability.

It is not possible to draw any direct conclusions about your identity from the information and we will not do so. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

Insofar as we use cookies or similar technologies in connection with the processing of log files described above, this is absolutely necessary in order to provide the services you have requested. We may use these cookies without your consent on the basis of Section 25 (2) No. 2 Telecommunications-Digital Services Data Protection Act ("TDDDG").

3.1.2. Cookies and Tracking


General Information

In our Services, we and our Partners use Cookies or similar technologies (together also referred to as "Cookies"). Cookies are small text files that can be stored on your respective end device (laptop, tablet, smartphone, etc.) when you visit and/or use our Services. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the Cookie that results in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity and/or can draw conclusions about your person.

Some of the Cookies used are deleted again at the end of the browser session (so-called session Cookies). Such Cookies enable us to improve the security of our services, for example, by preventing bot attacks.

Other Cookies remain on your end device and enable us to recognize your end device on your next visit (so-called persistent or cross-session cookies). These Cookies are used, for example, to show you personalized ads and content in our Services.

Consent to the Use of Cookies

We use most Cookies on the basis of your consent. We ask you for this consent in our Consent Management Platform ("CMP" and/or "Preference Center"). There it is described as "Store and/or retrieve information on your device". If you give your consent, this is the legal basis for the use of Cookies (§ 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 a) GDPR). We store the decision you have made in this respect as to whether you wish to give your consent so that we can implement it accordingly. An exception to this consent requirement only applies to cookies that are absolutely necessary for the provision of a service expressly requested by you. We may use these Cookies without your consent on the basis of Section 25 (2) No. 2 TDDDG.

Consent to the Processing of your Data based on Cookies

In our CMP we also ask you - where necessary - for your consent to the processing of your data based on these Cookies. In doing so, we request consent not only for us, but also for the processing of such data by our Partner

In our CMP you will find in particular detailed information on the purposes for which we and our Partners would like to process your data on the basis of your consent, as well as a list of our Partners with further information on the data processing they wish to carry out on the basis of your consent.

The decision you make in the CMP as to whether or to what extent you wish to give your consent to the processing of your data based on Cookies, we store it under a so-called Consent ID (e.g. d13b5c50-6x7a-4d7b-9962-3846c8abba), which you can also find at the end of our Privacy Policy in order to be able to implement it accordingly. This pseudonymous consent ID is generated individually for you as a website user in order to provide legal proof of the settings you have made in our CMP and the consents given/withdrawn therein, stating the time (date, time). You can view the consent ID at any time in our CMP at any time under the "Settings" section.

The legal basis for any data processing that takes place is Art. 6 para. 1 f) GDPR. We have a legitimate interest in processing your decision to give your consent so that we do not have to ask you each time you access our services whether you wish to give your consent.

If you have given your consent to the processing of your data, Art. 6 para. 1 a) GDPR is the legal basis for this data processing.


Reference Right of Withdrawal

You can revoke your consent(s) in whole or in part at any time with effect for the future by changing your settings in our CMP here and clicking on "Confirm selection" or by clicking on "Reject all". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)". Your revocation does not change the legality of the data processing carried out on the basis of the consent(s) until the revocation.


 

3.2. Data Processing for Advertising Purposes

As part of our Services, we offer you the opportunity to subscribe to our newsletter. We use the double opt-in procedure (DOI procedure) to ensure that no errors have been made when entering your e-mail address: After you have entered your e-mail address in the registration field and given your consent to receive our newsletter, we will send you a confirmation link to the e-mail address you have provided. Only when you click on this confirmation link will your email address be added to our mailing list for sending our newsletter. The legal basis for this processing is Art. 6 para. 1 a) GDPR.


Reference to the Right of Withdrawal

You can revoke your consent at any time with effect for the future by using the unsubscribe option at the end of each newsletter.


3.3. Personal User Experience

We and our Partners want to offer you the most personal user experience possible on our Services. In our CMP we therefore ask for your consent for the processing purposes described in Sections 3.3.1 to 3.3.4 described below.The legal basis for the data processing described in these Sections is Art. 6 para. 1 a) GDPR.
In addition, we process your data in order to provide our Services securely and reliably and in the form requested by you. You can find more information on this in Section 3.3.5. The legal basis for the data processing described there is Art. 6 para. 1 f) GDPR. We have a legitimate interest in offering our Services securely and reliably and in providing services expressly requested by you.

3.3.1. Identification on Third Party Pages


For certain Services, we need to be able to assign users to our own or third party pages, e.g. to be able to show you advertisements for our products on third-party pages. For this purpose, we or our Partners assign a pseudonymous identifier (ID). In addition, we and our Partners can assign you on third party pages with the help of your pseudonymized email address or telephone number.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for data processing is Art. 6 para. 1 a) GDPR.

3.3.2. Personalized Ads and Content


So that we can offer you the full ABOUT YOU experience, we and our Partners use certain information (e.g. browser information, click path, date and time of visit, geographical location, IP address, usage data, websites visited) with your consent to present you with advertisements and content tailored to you on our services and on third party pages, which may be based on your preferences, for example.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for data processing is Art. 6 para. 1 a) GDPR.

3.3.3. Market Research


With your consent, we and our Partners use certain information about the interaction with content and ads on our Services and on third party pages to better understand how they are received by our users. To do this, we combine data sets (such as user profiles, statistics, market research and analytics data) that provide information about how you and other users interact with content and ads. We can use this information to identify common characteristics, e.g., to determine which content is relevant for which target groups.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for data processing is Art. 6 para. 1 a) GDPR.

3.3.4. Product Development


With your consent, we and our Partners use information about your activities on our Services and on third party pages (e.g., your interaction with ads or content) because it helps us to improve our products and services and to develop new products and services based on user interactions, the type of target group, etc. This purpose does not include the development or improvement of user profiles or user identifiers.

You can find out which information we or the respective Partners would like to use on the basis of your consent in the Partner list.

The legal basis for data processing is Art. 6 para. 1 a) GDPR.

3.3.5. Performance


We need certain information in order to provide our Services securely and reliably. To do this, we monitor and prevent unusual and potentially fraudulent activity (e.g. in relation to advertising, ad clicks by bots) and ensure that systems and processes function properly and securely. The information may also be used to resolve any issues you or we have with the delivery of content and ads or your interaction with them. In addition, we need certain information to provide you with our Services in the form you have requested.

You can find out what information we or the respective Partners use for these purposes in the Partner list.

The legal basis for data processing is Art. 6 para. 1 f) GDPR. We have a legitimate interest in offering our Services securely and reliably and in providing the Services you have expressly requested.

3.4. Contacting

You have the option of contacting us in several ways. By e-mail, by telephone or by post. When you contact us, we use the personal data that you voluntarily provide to us in this context solely for the purpose of contacting you and processing your request.

The legal basis for this data processing is Art. 6 para. 1 a), Art. 6 para. 1 b), Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in responding to inquiries from our users that are of a general nature and not directly related to a contractual relationship.

4. No Requirement to Provide Data

In principle, you are not obliged to provide us with your personal data. However, the use of certain areas of our Services may require the provision of personal data, in particular the purchase of goods. If you do not wish to provide us with the data required for this, you will unfortunately not be able to use the relevant areas of the Services.

5. Recipients of Personal Data

5.1. Transmission of Data to Third Parties

We will only pass on your data to third parties outside ABOUT YOU if this is legally permissible (e.g. because we or the third party have a legitimate interest in passing it on, we are legally obliged to pass it on or on the basis of your consent).

In addition to the third parties named in our Privacy Policy and in our CMP, we may disclose personal data to a third party in particular in the following cases

  • if we are obliged to do so due to legal requirements or by enforceable official or court order in individual cases (vis-à-vis authorities);
  • in connection with legal disputes (with courts or our lawyers) or tax audits (with auditors);
  • when we work together with tax consultants;
  • in connection with possible criminal acts to the competent investigating authorities;
  • in the event of a sale of the business (to the purchaser).

Insofar as we pass on your data to third parties on the basis of your consent, the explanation can also be provided when consent is obtained.

5.2. Transmission to Processors

We use so-called Processors in some areas when processing your data. A Processor is a natural or legal person who processes personal data on our behalf and on the basis of our instructions, whereby we remain responsible for the data processing. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the Controller.

Insofar as the Processors are not already named in this Privacy Policy, these are in particular the following categories of Processors:

  • IT service provider (sending e-mails and newsletters, investor relations management platform, provider of the LiveStream integration for Annual General Meeting )

6. Storage Period and Data Deletion

ABOUT YOU only stores personal data for as long as is necessary for the purposes stated in this Privacy Policy, in particular to fulfill our contractual and legal obligations. We may also store your personal data for other purposes if and for as long as further storage for certain purposes is permitted by law.

7. Recipients outside the EEA

We also pass on personal data to third parties or Processors based in countries outside the European Economic Area ("EEA"). In this case, we ensure that the recipient either has an adequate level of data protection or has your express consent before transferring the data.

An adequate level of data protection exists, for example, if the European Commission has adopted a so-called adequacy decision for the respective country (Art. 45 GDPR). For the USA, the European Commission has decided that an adequate level of data protection exists there if the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has a current certification for this. If the recipients of your personal data are located in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).

Alternatively, we ensure an adequate level of data protection by agreeing the so-called EU standard contractual clauses of the European Commission with recipients (Art. 46 GDPR). In this case, we carry out transfer impact assessments and agree additional protective measures with the recipient or implement them where necessary. Specifically, we agree Module 1 of the EU standard contractual clauses with recipients who are (independent) controllers and Module 2 of the EU standard contractual clauses with recipients who act as our Processors.

These are third parties or Processors in the following countries: USA (we rely on the "DPF" in this respect). You can obtain a copy of the specifically agreed regulations for ensuring an appropriate level of data protection from us. To do so, please contact datenschutzbeauftragter@aboutyou.de or to the contact information specified in Section 2.

8. Your Rights

8.1. Overview

In addition to the right to revoke your consent given to us, you have the following additional rights if the respective legal requirements are met:

  • the right of access about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you;
  • the right to have inaccurate data corrected or to have incomplete data completed (Art. 16 GDPR),
  • to have your data stored by us deleted (Art. 17 GDPR), provided that the applicable requirements are met and, in particular, no statutory or contractual retention periods or other statutory obligations or rights to further storage are to be observed by us,
  • the right to restrict the processing of your data (Art. 18 GDPR) if the accuracy of the data is contested by you (for a period enabling us to verify the accuracy of the personal data); the processing is unlawful but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR (pending the verification whether our legitimate grounds override yours),
  • the right to data portability in accordance with Art. 20 GDPR, i.e., the right, in the case of processing based on your consent (Art. 6 para. 1 a) GDPR) or for the performance of a contract (Art. 6 para. 1 b) GDPR), which is carried out using automated procedures, to receive data stored by us about you in a common, machine-readable format or to request that it be transferred to another controller (the latter, insofar as this is technically feasible),

You can assert the aforementioned rights to which you are entitled at datenschutzbeauftragter@aboutyou.de.

You also have the right to lodge a complaint with a supervisory authority. In particular, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.


8.2. Rights of Objection

You have the right to object at any time to the processing of your personal data for advertising purposes ("advertising objection").

In addition, you have the right to object to data processing on the basis of Art. 6 para. 1 f) GDPR for reasons arising from your particular situation. We will then stop processing your data unless we can - in accordance with the legal requirements - demonstrate compelling legitimate grounds for further processing that outweigh your rights, or the processing serves to assert, exercise or defend legal claims.

You can assert your rights of objection at datenschutzbeauftragter@aboutyou.de.


8.3. Right of Withdrawal

Insofar as we process data on the basis of your consent, you have the right to withdraw your consent at any time. Your revocation does not affect the legality of the data processing carried out on the basis of the consent(s) until the revocation.

You can generally assert your right to object at datenschutzbeauftragter@aboutyou.de.

You can revoke your consent to the use of Cookies or the processing of your personal data based on them in whole or in part at any time by changing your settings in our CMP here and clicking on "Confirm My Choices" or by clicking on "Reject all". You can also always find our CMP at the bottom of the page under the link "Preference Center (Consent Management)".