Privacy Policy

The security of your data and the protection of your privacy is important to us. We are committed to protecting your privacy and to complying with statutory data protection provisions. In the following, we explain how we handle your personal data. 

Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case.

You can exercise the following rights at any time using the contact details of our data protection officer, or by using our contact form and selecting the concern “Data protection”:

• Information about your data stored with us and its processing (Art. 15 GDPR), 
• Correction of inaccurate personal data (Art. 16 GDPR), 
• Deletion of your data stored with us (Art. 17 GDPR), 
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
• Objection to the processing of your data stored with us (Art. 21 GDPR) and
• Data portability, provided you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR). 

If you have given us consent, you can revoke this at any time with effect for the future. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

You can contact a supervisory authority at any time with a complaint, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the responsible body.

A list of the regulatory authorities (for the non-public sector) with their address can be found here.

4.1 Salesforce Commerce Cloud

Nature and purpose of the processing: 

We use the e-commerce platform of Salesforce Commerce Cloud, a service of Salesforce.com Germany GmbH, Erika-Mann-Str. 63, D-80636 Munich. 

Salesforce stores this website on its servers (hosting). In connection with hosting, Salesforce processes personal data on our behalf that arises from the following actions of the user: 

• when visiting our website; 
• as part of an order in our online shop; 
• when creating and using a user account; 
• as part of the use of the contact form;
• in connection with our newsletters. 

Further details, in particular on the legal basis and storage period, can be found under the individual processing activities. 

Since Salesforce is headquartered in the United States, this does not preclude data processing on Salesforce servers in the United States.

We have entered into a contract with Salesforce for data processing. In addition, we have contractually ensured that the data is hosted by Salesforce on servers based in the European Union. The location of the servers is Frankfurt am Main. With regard to the data processing that takes place within the scope of hosting our website, we have concluded a “Data Protection Addendum” (DPA) with Salesforce. The EU Standard Contractual Clauses form part of this DPA. In addition, Salesforce has implemented approved “Binding Corporate Rules” in the company to ensure compliance with data protection. 

Salesforce restricts access to data to those access possibilities permitted by law. Salesforce Commerce Cloud is also certified by reliable security standards, including PCI-DSS, SOC2, and ISO 27001. For more information on privacy related to Salesforce Commerce Cloud, please refer in particular to the Salesforce Privacy Policy.

4.2 Server log files 

Nature and purpose of the processing: 

Information of a general nature is automatically collected when you access our website, i.e. if you do not register or otherwise transmit information. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address, referrer URL, the date and time of access and similar.

The data is processed for the following purposes in particular: 

• to ensure problem-free connection to the website;
• to ensure the smooth running of our website;
• to ensure and evaluate system security and stability, in particular for the detection of abuse, and
• to ensure the technically error-free presentation and optimisation of our website.

We do not use your data to form conclusions about you personally. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

Legal basis and legitimate interest: 

The processing is carried out in accordance with Art. 6 (1) f) GDPR, on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and detecting abuse. 

Recipient:

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

Data is stored in server log files in a form that allows identification of the data subjects for a maximum period of 14 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of such an event, server log files are stored until the security-relevant event is resolved and fully clarified. 

Provision prescribed or required: 

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services in general may not be available or may be limited. 

4.3 Contact form, email contact, customer service 

Nature and purpose of the processing: 

The data you enter will be stored for the purpose of individual communication with you. This requires a valid email address, first and last name, and the selection of the concern. This is used for the assignment of the enquiry and the subsequent response to it. The provision of further data is optional. 

Our website contains a contact form that can be used for electronic communication. If a user chooses this option, the data entered in the input mask is transmitted to us and stored. 

The following data is also stored at the time the message is sent:

1. Date and time of the request 
2. Browser and User Vendor 
3. Selected country and language 

Alternatively, it is possible to contact us via the email addresses provided. In this case, the user’s personal data transmitted with the email will be stored. This includes the date and time of the email, email address, IP addresses and information on the servers involved in the email communication. 

You can also contact our customer service using the telephone number provided. We collect log data that includes your phone number and duration of the conversation. As a matter of principle, we do not record conversations. 

Regardless of the type of communication you choose, we collect the content of your request. 

Legal basis and legitimate interest: 

We process data on the basis of our legitimate interest to enable you to contact us easily (Art. 6 (1) f) GDPR). The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions. 

If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 (1) b) GDPR). 

Recipient:

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website and our mail server. In addition, an externally contracted service team is available for your enquiries. 

Third country transfer:

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period:

We only process your personal data for as long as is necessary to fulfil the intended purposes. In addition, we are subject to statutory retention periods stipulated in the German Commercial Code (Handelsgesetzbuch) or the German Fiscal Code (Abgabenordnung), which generally last 6 to 10 years. 

Provision prescribed or required: 

The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with your name, email address and the reason for the enquiry. 

4.4 Cookies

A cookie is a small set of data created when you visit a website and temporarily stored on the system of the user of the website. If the server of this website is accessed again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained by this method. Cookies can in particular make it easier to navigate a website.

For detailed information about cookies and what cookies are used on this website (after consent), see Cookie settings.

5.1 Newsletter  

Nature and purpose of the processing: 

For the delivery of our newsletter, we collect personal data that is transmitted to us via an input mask. We need a valid email address in order to register you successfully. 

In order to verify that a registration is actually made by the owner of a particular email address, we use the “double opt-in” (DOI) procedure for online registrations. This means that you will receive an email after registering for the newsletter in which you must reconfirm your newsletter registration. 

When signing up for a newsletter in one of our BOGNER stores, we only need your signature (“single opt-in”) to confirm the accuracy of your data. A renewed confirmation of the newsletter registration by email is therefore not required.  

At the time of DOI confirmation, the following data will also be stored: 

1. Date and time 
2. Country and language 
3. Channel: Webshop or Store ID

In addition, we evaluate your reading and usage behaviour in order to constantly improve our newsletter and adapt it to your interests and requirements. For this purpose, we analyse whether and what you read or click on in the BOGNER News by email in order to make it even more attractive, to form customer groups and to design special offers for these groups. 

Legal basis: 

We send our newsletter and evaluate it on the basis of your consent (Art. 6 (1) a) GDPR). 

Recipient: 

We use a service provider, who acts as our contract processor, for its dispatch and any evaluations that may take place. 

We also use service providers to evaluate your usage behaviour and click data. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States.

Storage period: 

The data will only be processed in this context as long as the relevant consent has been given. 

Provision prescribed or required: 

The provision of your personal data is voluntary and based solely on your consent. Unfortunately, we cannot send you our newsletter or make you customised offers without your consent.  

Withdrawal of consent: 

You can withdraw your consent to the storage of your personal data and its use for the dispatch of the newsletter, or the evaluation of the newsletter, at any time with effect for the future. You will find a corresponding unsubscribe link in every newsletter.  

You can also revoke your consent via the other contact options provided on the website. 

Profiling:

We evaluate your use of the newsletters sent to you and the subsequent visits to the BOGNER website in order to further improve the newsletter and the web offer, and to optimise them according to the specific interests of the visitors. You can unsubscribe from website tracking at any time under “My Account”, or in every newsletter you will find a corresponding unsubscribe link.

5.2 Email marketing (existing customers) 

Nature and purpose of the processing: 

If you have provided us with your email address when purchasing goods, we reserve the right to send you regular offers from our range by email. If you have initially objected to the use of your email address for promotional purposes, you will not receive any additional offers by email. 

In addition, we evaluate your reading and usage behaviour in order to constantly improve our mailings and adapt them to your interests and requirements. To do this, we analyse whether and what you read or click on in the BOGNER News via email. 

If you begin an order while logged into your profile but do not complete it, we’ll send you a reminder email about the incomplete transaction, as long as there is no objection to promotional communications.

Legal basis and legitimate interest:  

In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) f) GDPR, in conjunction with balancing in accordance with Art. 7 (3) UWG (Unfair Competition Act). 

Recipient:

We use a service provider, who acts as our contract processor, for its dispatch and any evaluations that may take place.  

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

The data will only be processed in this context as long as you have not objected to such processing. 

Provision prescribed or required: 

The provision of your personal data is voluntary. If you object to the use of email marketing, we will not be able to send you any interesting offers by email.

Profiling: 

We evaluate your use of the mailings sent to you and the subsequent visits to the BOGNER website, in order to further improve the mailings and the web offer and to optimise them according to the actual interests of the visitors. 

5.3 Advertising by letter post 

Nature and purpose of the processing: 

We reserve the right to use your contact data (title, name, address) and date of birth - insofar as we have received this additional information from you within the framework of the contractual relationship - to send you interesting offers concerning our products by post. If you have initially objected to the use of your data for this purpose, we will not send any mailings. 

Legal basis and legitimate interest: 

The processing for sending advertising by letter post is based on our legitimate interest in personalised, direct advertising (Art. 6 (1) f) GDPR). 

Recipient: 

We use a service provider for the dispatch who acts as our contract processor. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

The data will only be processed in this context as long as you have not objected to such processing. 

Provision prescribed or required: 

The provision of your personal data is voluntary. If you object to advertising by letter post, we will not be able to send you any interesting offers by letter post.

5.4 Advertising blacklist 

Nature and purpose of the processing: 

After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we store your email address or your name and address (in the case of postal advertising) in our internal advertising blacklist. We only use your data for matching with our future advertising files. This ensures that your advertising objection or the revocation of your consent is permanently respected. 

Legal basis and legitimate interest: 

The lawfulness of processing personal data provided to us for the purpose of inclusion in our advertising blacklist is based on a legitimate interest (Art. 6 (1) f) GDPR), so that we can exclude you from advertising (by email or letter post) in the future. 

Recipient: 

The recipients of the data may be technical service providers who support the processing of our advertising blacklists as contract processors. 

Storage period: 

Entries in the BOGNER internal advertising blacklist are stored permanently. Deletion of the entry by the data subject is possible at any time by notifying us of your deletion request via our contact form and selecting the concern “Data protection”.

Provision prescribed or required:  

The provision of your personal data is voluntary. If you object to the inclusion of your data in our advertising blacklist, we cannot guarantee that you will receive advertising from us at a later date (if the legal basis exists). 

Objection: 

You have the right to object to the use of your email address for the aforementioned purpose at any time with effect for the future. You can also revoke your consent via the other contact options provided on the website. 

5.5 Online surveys 

Nature and purpose of the processing: 

Your personal data will be processed in a pseudonymised form within the scope of the survey. It is not possible for us to draw any direct conclusions about you as a person. The purpose of processing personal data within the scope of the surveys is, for example, to increase customer satisfaction and optimise the shopping experience. 

If the survey is linked to a special offer, a voucher for example, you will receive the relevant voucher code at the end of the survey. On the basis of this voucher code, only your participation in a survey can be traced back to you. The result will be provided to us in anonymized form.

Legal basis and legitimate interest: 

If you are already a BOGNER customer, or have subscribed to our newsletter and have not objected to the use of your data for advertising purposes, the processing is based on a legitimate interest (Art. 6 (1) f) GDPR). We have a legitimate interest in increasing the satisfaction of our customers and optimising their shopping experience. 

Recipient: 

The recipients of the data may be technical service providers who act as contract processors for the implementation of the survey.

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

We do not assign answers to you personally, but only record that you have received a corresponding link to the survey. If you have redeemed a voucher, we record that you have taken part in the survey. These characteristics are stored in your customer profile. You can find information on deleting your customer profile below. 

Provision prescribed or required: 

The provision of your personal data is voluntary. If you choose not to participate in the customer survey, we will not be able to improve our offer based on your anonymous answers. You may not be able to receive or use any offers, such as vouchers, associated with participation in the customer survey. 

Objection:

You are entitled to object to the use of your address for the aforementioned advertising purpose at any time with effect for the future. You will find a corresponding contact in each covering letter. You can also object your consent via the other contact options provided on the website.

6.1 Creation of customer account in the BOGNER Store

Nature and purpose of the processing: 

In our BOGNER stores, you have the option to create a customer account. To do this, we collect your contact details and link your purchases to your account. This has many advantages for you, e.g. we can make recommendations for you in a later purchase or we already know your size. 

In addition to the data you have provided, the following data is stored at the time you create your customer account:  

1. Date and time 
2. Channel: Store ID 

Legal basis:

As part of the account creation process, your consent is obtained for the processing of this data in accordance with Art. 6 (1) a) GDPR. 

Recipient: 

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website. The data is not passed on to third parties. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

You can change the data we have on file for you or delete your user account at any time. 

Your customer account will be deleted if you make a request via our contact form and select the concern “Data protection”. Please note, however, that there are legal retention obligations for certain data, at the very least for paid orders you have completed. 

Withdrawal of consent: 

You have the option to cancel your customer account at any time by contacting us via the contact form and selecting the concern “Data protection”.  

Provision prescribed or required: 

Creating a customer account is voluntary. It is beneficial for the fulfilment of a contract with you (via our online shop), or for the implementation of pre-contractual measures, but not a requirement. 

6.2 Creating a user account/registration in the online shop

Nature and purpose of the processing: 

We offer you the option to register on our website. This has many benefits for you, for example, you can view your order history at any time, benefit from a faster checkout and a more personalised shopping experience. Under “My Account”, you can save more information and change it regularly.

If you save your preferred delivery and billing address, you do not have to enter them again when you place a new order. This makes your shopping faster and more convenient. Registration is possible with your title, first and last name and the assignment of a password.

In addition to the data you have provided, the following data is stored at the time of registration: 

1. Date and time 
2. Country and language 
3. Channel: Web shop

Once you have created a user account, you will receive a registration confirmation email.

If you have forgotten your password, you can use a reset link and assign a new password.  

Legal basis: 

As part of the registration process, your consent is obtained for the processing of this data in accordance with Art. 6 (1) a) GDPR. 

Recipient: 

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website. The data is not passed on to third parties. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

You can change the data we have on file for you or delete your user account at any time. 

You can delete your account at any time under “My Account” – “Manage Account”. Please note that as an unregistered customer, you are waiving benefits such as a convenient and personal shopping experience thanks to quick checkout, an overview of your complete order history and saved preferences. 

Withdrawal of consent:  

Alternatively, you have the option to cancel your customer account at any time by contacting us via the contact form and selecting the concern “Data protection”.

Provision prescribed or required: 

Registration is voluntary. It is beneficial for the fulfilment of a contract with you (via our online shop), or for the implementation of pre-contractual measures, but not a requirement. 

6.3 Transaction-based emails 

Transaction-based emails are automated emails sent through specific visitor actions or after business transactions. This is not a newsletter, but emails that are sent automatically based on your actions (e.g. order confirmation, shipping confirmations, registration confirmations, etc.). 

Legal basis: 

The legal basis for sending these transaction-based emails is Art. 6 (1) b) GDPR or our legitimate interest pursuant to Art. 6 (1) f) GDPR to increase customer retention and satisfaction. 

Recipient:

Sending via a specialized service provider is required here, to ensure delivery of the emails to your email account. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

The data for sending emails is only stored for the duration of the sending. The storage duration is thus limited in time. Data content will not be saved. 

Provision prescribed or required:

The provision of your data is necessary for the fulfilment of the contract. Without sending transaction-based emails, we cannot offer you various services.

6.4 Online-Order (provision of chargeable services)

Nature and purpose of the processing: 

We process the data that you provide as part of your order for the purpose of implementing or processing your order. This also includes the return or exchange and product-related complaints. 

Your personal data will only be used to the extent necessary to process this order and to deliver the products and services requested. 

In addition, order and payment data collected for the above-mentioned purpose will also be used under certain conditions and restrictions to detect fraud and theft in connection with online sales and to comply with applicable laws (e.g., requirements relating to tax laws and statutory accounting procedures). 

Legal basis: 

The processing of the data required for the conclusion of the contract, or as required by law, is based on Art. 6 (1) b) and c) GDPR. 

The processing of your personal data to detect fraud and theft is based on our legitimate interest as a company (pursuant to Art. 6 (1) f) GDPR). 

Recipient: 

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website or, for example, for implementing your payment to us. 

With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with the applicable data protection regulations. 

In order to fulfil our contract with you, we pass on your name and address to shipping and logistics service providers commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. 

Depending on the payment method you select during the order process, we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the payment service selected by you during the order process. 

Other recipients of your personal data are, for example, public bodies and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation, tax advisors, business and payroll tax auditors (statutory audit mandate). 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Storage period: 

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for the purpose of proper accounting and tax law requirements. 

Provision prescribed or required: 

The provision of your personal data is contractually necessary in order for us to be able to carry out our purchase contract with you. Without the provision of your personal data, we cannot complete your order. 

6.5 In-store purchases (paid services provided)

Nature and purpose of the processing: 

We use your personal information to process your purchase and payment processes and manage your claims, returns and reimbursements in a secure and effective manner. 

Your personal data will only be used to the extent necessary to complete the purchase. 

In addition, payment data collected for the above-mentioned purpose will also be used under certain conditions and restrictions to detect fraud and theft in connection with sales and to comply with applicable laws (e.g., requirements relating to tax laws and statutory accounting procedures). 

Our business premises are equipped with video cameras for theft prevention. 

Legal basis and legitimate interest: 

The processing of the data required for the conclusion of the contract, or as required by law, is based on Art. 6 (1) b) and c) GDPR. 

The processing of your personal data to detect fraud and theft is based on our legitimate interest as a company (pursuant to Art. 6 (1) f) GDPR). 

Recipient: 

Your data will only be passed on to service providers working on our behalf, e. g. for order fulfilment and payment processing. 

With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with the applicable data protection regulations. 

In order to fulfil our contract with you, we pass on your name and address to shipping and logistics service providers commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. 

Depending on the payment method you select during the order process, we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the payment service selected by you during the order process. 

Other recipients of your personal data are, for example, public bodies and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation, tax advisors, business and payroll tax auditors (statutory audit mandate).

Storage period: 

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for the purpose of proper accounting and tax law requirements. 

Provision prescribed or required:

The provision of your personal data is contractually necessary in order for us to be able to carry out our purchase contract with you. Without the provision of your personal data, we cannot complete your order. 

6.6 Address matching and updated data

Nature and purpose of the processing: 

Regardless of whether you order from us as a guest or as a registered customer, the addresses you provide while placing your orders or in your user account are passed to a contract processor who uses the Deutsche Post street catalogue to check the completeness and accuracy of your details. We only use the address in question for this purpose, without your name, for comparison with the street directory. 

To ensure that your data is up to date, we use a contract processor to correct, update, cleanse and enrich customer addresses. In the course of this process, the customer information you provide (first name, last name and address) is imported into a Black Box system. The Black Box is an encapsulated on-site system that does not allow access to BOGNER customer data. 

Legal basis: 

The legal basis for the processing of your data is Art. 6 (1) b) GDPR, namely for the fulfilment of contractual obligations or for the performance of pre-contractual measures. 

Recipient: 

The recipients of the data are service providers who act as contract processors for the maintenance of your address data, as well as for the optimisation of dispatch. 

Storage period: 

After matching, the data is stored exclusively for the ordering and invoicing process. We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for the purpose of proper accounting and tax law requirements. 

Provision prescribed or required: 

The provision of your personal data is contractually necessary in order for us to be able to carry out our purchase contract with you. Without the provision of your personal data, we cannot complete your order. 

6.7 Setting up a personal customer profile 

Nature and purpose of the processing: 

We create a customer profile for you for better consideration of your wishes and preferences. For this purpose, we combine the following data into a customer profile: 

• contact information (e.g. your first and last name, your address, etc.)
• purchase and contract processing data (e.g. purchase value, return, product interest)
• order history
• newsletter opt-in
• registration in the online shop
• email statistics
• events in BOGNER stores
• participation in sweepstakes
• customer survey responses 

We use your customer profile data for our own statistical purposes to make our products and services even more attractive, to form customer groups and to create general and/or customer group-specific offers. In addition, the data will be used to determine your interest in our products and to provide personalised content (e.g. email marketing or letter advertising). 

Legal basis and legitimate interest: 

The legal basis for the evaluation of your purchase and contract data is based on our legitimate interest (Art. 6 (1) f) GDPR) to optimise and personalise our advertising activities. 

The legal basis for the evaluation of your usage behaviour/clicking data is based on your consent, which we have obtained as part of your newsletter registration.

Recipient: 

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website and for retail support. 

We also use service providers to evaluate your usage behaviour and click data. 

Storage period: 

The data will only be processed in this context as long as you have not objected to such processing. 

Third country transfer: 

The use of Salesforce Commerce Cloud does not preclude processing in the United States. 

Provision prescribed or required: 

The provision of your personal data is neither legally nor contractually required. However, without this data, we cannot optimise our offer and adapt it to your personal preferences. 

Objection and withdrawal of consent: 

You can object to the processing for the purpose of advertising at any time by using our contact form and selecting the concern “Data protection”. In addition, you can revoke your consent to the analysis of your usage behavior/click data at any time for the future.

Profiling: 

Using the tracking tools and merging your contact and purchase data, we evaluate your behaviour on our website and analyse your interests. To do this, we create a customer profile. 

6.8 Product availability  

Nature and purpose of the processing: 

If a product is sold out in your size, you can choose to be informed by email as soon as the item becomes available again in the requested size. We need the size you requested as required information as well as a valid email address in order to send you this information. As soon as the item is available again, you will receive a notification of availability via email. 

Legal basis and legitimate interest: 

The processing of your data is necessary for the implementation of pre-contractual measures (Art. 6 (1) b) GDPR). 

Storage period: 

Your email address will be stored for 30 days exclusively for this purpose. If the item does not become available again after 30 days, your email address will be automatically deleted. 

Recipient: 

The recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website and for the use of this service. 

Provision prescribed or required:

The provision of your personal data is contractually necessary in order to be able to follow up on your request. Without the provision of your personal data, we cannot send you a notification as soon as the requested item is available again. 

You have a choice of different payment service providers for the processing of your payment.

7.1 Payment service provider Ratepay

Payment on account 

On our website, we offer, among other things, payment with the services of Ratepay. The provider is Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (hereinafter “Ratepay”). 

When selecting the payment type payment on account, your contact details (name, address, email address), the transaction (cart value, product group) and the data required for the payment method will be transmitted to Ratepaybased on your granted consent (Art. 6 (1) a) GDPR). Ratepaymakes a corresponding assessment (including a credit check) on the basis of recognised mathematical-statistical procedures. You have the option to withdraw your consent to data processing at any time. There are no disadvantages to you as you can choose a different payment method. 

The use of the data described in the RatePay Privacy Policy for risk assessment when using a Ratepay payment method also applies to testing for the purpose of an optimal selection of payment methods. For more details, please refer to the Ratepay Payment Terms and the Ratepay Privacy Policy.  

7.2 Payment service provider Adyen BV 

Pay via PayPal, Google Pay and Apple Pay 

If you choose the payment service provider Adyen as the payment type, payment will be processed through the payment service provider Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands. The payment service provider accepts payments from customers using the various payment methods for BOGNER in its own account and pays the monies from the sale of the products to BOGNER. 

The data processed will depend on the payment method selected. It includes data such as contact details (name, address, email address), the transaction (shopping cart value, product group), the payment method and the data required for this. This data is processed for the purpose of payment processing (Art. 6 (1) b) GDPR). 

Adyen also processes your data for the purposes of preventing payment fraud and also shares this data with its customers as required (Art. 6 (1) f) GDPR). For more information on data processing at Adyen N.V., please see the following link. 

Payment by credit card 

When you pay by credit card, we collect and process personal data and forward this information to the card-issuing institution for payment processing and to our payment service provider Adyen N.V., Simon Carmiggelstraat 6-50, 1011 DJ, Amsterdam, Netherlands in compliance with legal requirements, such as customer authentication in accordance with the EU Payment Services Directive PSD2. 

This includes the name of the credit card holder, the credit card number, terminal number, expiry date of the credit card (month and year), country of origin of the credit card, date of birth of the customer placing the order, order number, customer email address, customer number, address data (street, address suffix, postcode, city and country) and, in the case of commercial customers, the VAT ID and the company name. 

As the merchant, we also cooperate with one or more merchant acquirers in the case of credit card payments. Acquirers are payment service providers regulated in accordance with the German Payment Services Supervision Act (Zahlungsdienstaufsichtsgesetz, ZAG), which carry out the acceptance and settlement of payment transactions for us. 

We and the acquirer are separately responsible for the processing, each in our own technical sphere of data influence, i.e. we are responsible for our internal network up to the secured transmission via the internet.

BOGNER is represented on various social networks. For information on the storage and use of your data, as well as information on your rights and options regarding the settings for your privacy protection, please refer to the Privacy Policy of the respective network operator: 

Facebook and Instagram

BOGNER is represented on the social networks Facebook and Instagram. These platforms are provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. We maintain these Facebook/Instagram pages to provide information to their users, potential users and also to our customers about our products and services. 

We cannot rule out that when our company presence on these social networks is accessed, that a third country transfer, e.g. to servers located in the USA, takes place. Furthermore, we would like to point out that as the operator of a Facebook/Instagram fan page with Facebook, we are jointly responsible for the processing of the personal data of the visitors to this page (Art. 26 GDPR). We have concluded corresponding contracts with Facebook for this purpose. 

Facebook acknowledges joint responsibility for the Insights data with the operators of the sites and assumes the primary responsibility, see: https://www.facebook.com/legal/terms/page_controller_addendum

If you have a Facebook/Instagram profile and are logged in, Facebook can, for example, analyse your usage behaviour and create a usage profile corresponding to this behaviour. This user data is regularly processed for market research and (personalised) advertising purposes. 

The processing of the data is based on your consent in accordance with Art. 6 (1) a) GDPR. 

If you wish to make requests for information or assert your user rights, it is possible to assert these rights against us or Facebook. Further information regarding the collection and use of data, as well as your rights and protection options, can be found at https://facebook.com/about/privacy and https://instagram.com/about/legal/privacy/

YouTube

BOGNER is also represented on YouTube. YouTube is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)). 

We cannot rule out that a third country transfer, e.g. to servers located in the USA, takes place when our YouTube channel is accessed. This may allow YouTube to track your visit to our website. 

When you use YouTube, your personal data will be collected, transferred, stored, disclosed and used by Google. Google analyses your user behaviour and creates a corresponding usage profile, regardless of whether you have a Google account. This information may be used to tailor content or advertising to you. 

The processing of the data is based on your consent in accordance with Art. 6 (1) a) GDPR. 

Further information regarding the collection and use of data as well as your rights and protection options can be found at https://policies.google.com/technologies/product-privacy?hl=de and https://policies.google.com/privacy?hl=de&gl=de. 

LinkedIn

BOGNER maintains a company presence on LinkedIn. It is located on a platform operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. 

On our site, we provide information and offer users the option to communicate with each another. The company presence is used for job applications and information/PR. 

When you visit, follow or engage with our LinkedIn company site, LinkedIn processes personal data to provide us with statistics and insights in an anonymised form. This gives us insights into the types of actions that visitors take on our site (so-called “page insights”). LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile. In addition, LinkedIn will process information about how you interact with our LinkedIn corporate page, such as whether you are a follower of our LinkedIn corporate page. LinkedIn does not provide us with any personal data. Nor is it possible for us to draw conclusions about individual members using the information provided by page insights. 

This processing of personal data within the framework of page insights is carried out by LinkedIn and us as joint controllers. We have entered into a Joint Controller Agreement with LinkedIn that covers data processing and sets out the distribution of the data protection obligations between us and LinkedIn. The agreement can be accessed at the following link. Under this agreement, LinkedIn is responsible for responding to data subject requests. In this regard, you have the option to contact LinkedIn online, or contact LinkedIn via the contact details in the Privacy Policy.  

You may contact us regarding the exercise of your rights in connection with the processing of personal data within the scope of page insights, by using the contact form and selecting the concern “Data protection”. We will forward your request to LinkedIn in such a case.  

The processing of the data is based on your consent in accordance with Art. 6 (1) a) GDPR, which you have granted to LinkedIn as part of your registration. 

For more information about LinkedIn’s data processing, please see the LinkedIn Privacy Policy 

We cannot rule out that a third country transfer, e.g. to servers located in the USA, takes place when our LinkedIn page is accessed. This may allow LinkedIn to track your visit to our website.

We only handle personal data insofar as data protection regulations allow. In so doing, we also strive to use all the necessary technical and organisational security measures to adequately protect your personal data from unauthorised access and misuse at all times. 

Your data will only be passed on to service providers (contract processors) if it is necessary for the fulfilment of our contractual duties. All service providers are obliged to treat your data confidentially on the basis of an order processing agreement. 

Insofar as we store or process personal data, this is done within a secure data centre. To protect the security of your data during transmission, we use encryption procedures (e.g. SSL) via HTTPS. Our servers are secured by means of a firewall and virus protection. Back-up and recovery procedures, as well as role and authorisation concepts, are standard for us. 

Our employees are obliged to observe the regulations of the GDPR and the BDSG (Federal Data Protection Act) when handling data.

We reserve the right to adapt this Privacy Policy so that it always complies with the current legal requirements or in order to implement changes to our services in the Privacy Policy, such as when introducing new services. The new Privacy Policy will then apply to your next visit.