Data Protection Policy of ShoeSize.Me AG
The online shoe fitting platform and community
1 Purpose and Applicability
1.1 With this Data Protection Policy ShoeSize.Me AG with its headquarters at Industriestrasse 78, 4600 Olten, Switzerland (hereinafter: “ShoeSize.Me”, “we” or “us”) describes how personal data are collected and processed.
1.2 The term "personal data" in this Data Protection Policy shall mean any information that identifies, or could reasonably be used to identify any person.
1.3 This Data Protection Policy is in line with the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU), it may be relevant for us.
2 Controller / Data Protection Officer / Representative
2.1 The Controller of data processing as described in this Data Protection Policy is ShoeSize.Me. You can notify us of any data protection related concerns using the following contact details: ShoeSize.MeAG, Industriestrasse 78, CH-4600 Olten, Switzerland, email: privacy@ShoeSize.Me
2.1 You can contact our data protection officer pursuant to art. 37 GDPR using the following contact details: Wilhelm Steitz, Grundfeld 18a, 85778 Haimhausen, Germany and the email privacy@ShoeSize.Me who additionally is our representative in the EEA according to article 27 GDPR.
3 Collection and Processing of Personal Data
3.1 We process personal data concerning our Users, that have registered an account on our ShoeSize.Me-Platform. We collect our Users’ personal data that
3.1.1 have been provided to us concerning body dimensions, owned shoes or apparel by the Users themselves via the ShoeSize.me-Platform, and
3.1.3 have been provided to us by our business partners, i.e. online shops for shoes and apparel, via the use of plug-ins or in the form of purchase and return data which data can be interrelated to our stored personal data concerning the specific User.
3.2 We collect no personal data from other sources.
4 Purpose of Data Processing and Legal Grounds
4.1 We primarily use collected personal data for Users in order to store and maintain personal information about body dimensions and to improve the shopping experience by automating the size selection of footwear or other apparel based on the User’s foot and/or other body dimensions.
4.2 Further, we pseudonymise collected personal data and use such pseudonymised data preliminary in order to provide shoe size recommendation software for our business partners so to reduce purchase returns.
4.3 In addition, we may process Users’ personal data for the following purposes, which are in our (or, as the case may be, any third parties') legitimate interest, such as:
4.3.1 providing and developing our software, services and websites, apps and other platforms, on which we are active;
4.3.2 review and optimization of procedures regarding needs assessment for the purpose of direct customer approach;
4.3.3 advertisement and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings);
4.3.4 market and opinion research, media surveillance;
4.3.5 asserting legal claims and defense in legal disputes and official proceedings;
4.3.6 prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
4.3.7 ensuring our operation, including our IT, our websites, apps and other appliances;
4.4 If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
5 Cookies /Tracking and Other Techniques Regarding the Use of our Website
5.2 By using our websites and apps you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly or uninstall the app, should the respective setting not be available.
5.3 In addition, we provide plug-ins to our business partners, i.e. online shops for shoes and apparel, which establish a direct connection to the servers of ShoeSize.Me. The content of the plugin is transmitted to the browser of ShoeSize.Me. Through this integration, ShoeSize.Me receives the information that the browser of a User, that is registered with ShoeSize.Me, has accessed the corresponding page of business partner’s website. This information (including User IP address) is transmitted to a server of ShoeSize.Me in Germany and stored there.
5.4 ShoeSize.Me can associate your visit to our website with your possible ShoeSize.Me profile. If you interact with the plugins and get shoe size recommendations, this information will also be sent directly to a ShoeSize.Me server and stored there, however the data will be pseudonymised.
6 Data Transfer and Transfer of Data Abroad
6.1 In the context of our business activities and in line with the purposes of the data processing set out in this Data Protection Policy, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us, but if not otherwise required the data is pseudonymised. In particular, the following categories of recipients may be concerned:
6.1.1 our service providers (IT-providers, hosting providers);
6.1.2 other parties in possible or pending legal proceedings (both hereinafter “Recipients”.
6.2 Certain Recipients may be in Switzerland and Europe, but others may be located in the USA. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission).
7 Retention Periods for your Personal Data
We process and retain Users’ personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the registration, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible.
8 Data Security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.
9 Your Rights
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent. Please further note that the exercise of these rights maybe in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 2 above.
10 Amendments of this Data Protection Policy
We may amend this Data Protection Policy at any time without prior notice.The current version published on our website shall apply. If the Data Protection Policy is part of an agreement with you, we will notify you bye-mail or other appropriate means in case of an amendment.
Version October 2018