Privacy policy for the website and app

Version: 12/16/2024

We take the protection of your data seriously and want you to feel secure when visiting our website. In the following, we will inform you about what personal data we collect when you visit our website, in compliance with applicable data protection regulations:

• https://www.carhartt-wip.com/en
• your use of the Carhartt WIP App
• placing orders in the Carhartt-WIP Online Shop / placing orders through the Carhartt WIP APP
• use of the Carhartt-WIP Customer Account
• use of tracking and analytical tools,
• use of Carhartt-WIP web radio https://www.carhartt-wip.com/musicplayer
• use of direct marketing measures, including in particular newsletters, social media marketing, competitions and surveys
• for job postings

(hereinafter collectively referred to as the “website”), for what purposes and on what legal basis we use this data, and how we use it to optimize our services for you, as well as your rights as a data subject.

1. Controller, data protection officer

(1) The controller in accordance with Art. 4 para. 7 of the General Data Privacy Regulation (GDPR) is

Work in Progress Textilhandels GmbH
Hegenheimer Strasse 16
D-79576 Weil am Rhein/Germany
Phone: +49 (0)7621 9666
E-Mail:  info@carhartt-wip.com

hereinafter referred to as „WORK IN PROGRESS TEXTILHANDELS GMBH“, „we“ or „us“. Further information about this provider is available in our Imprint..

(2) To contact the data protection officer: email dpo@carhartt-wip.com or mail our postal address as stated above, for the attention of the “Data protection officer“.

2.1 Types of data to be processed

• Inventory data (e.g., customer master data, such as names, addresses)
• Contact details (e.g. email, phone and mobile numbers)
• Content data (e.g., text entries, photographs, videos)
• Contract data (e.g. subject matter, term, customer category)
• Payment data (e.g. bank details, debit and credit card information, PayPal account, payment history)
• CRM data, particularly customer history and customer statistics
• Usage data (e.g. pages visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)
• Details of your likes and preferences
• Data as per sections 4 and 5
• Data as per section 8 (Online Shop)
• Applicant data
• Data processing by third-party providers

2.2 Categories of data subjects

• Visitors to and users of the website and online offers
• Customers, prospective customers and business partners
• Applicants
• Recipients of newsletters, direct marketing contacts

(Below, we will also refer to the data subjects collectively as “users”.)

We will use your personal data

• to provide the website and the online product range, its functions and contents
• For cookie consent management
• To create and manage your personal customer account
• To identify you as a contractual partner
• To process your online purchases from us. This includes your orders and returns of purchases made through our web shop, payment processing, as well as messages regarding delivery status and any problems with delivery. Your personal data may also be processed for the purpose of handling complaints or warranty rights in the event of defects.
• To respond to contact requests and for communications with users
• For the purposes of establishment, enforcement, exercise or defense of legal claims and legal disputes, as well as for the discovery, investigation and prevention of criminal offenses
• For security measures
• For reach measurement, tracking of direct marketing measures, customer journey
• For direct marketing purposes, e.g. in the form of an e-mail newsletter, social media marketing or postal advertising
• For purposes of conducting product and service satisfaction surveys and analyzing them

(1) If you use our website for informational purposes only, that is, if you do not register or otherwise provide us with information, we only collect the personal data which your browser automatically transmits to our server. If you would like to view our website, we will collect the following data, which is technically necessary for us to display our website to you and ensure stability and security (on the legal basis of Art. 6 para. 1 (f) of the GDPR):

• IP address
• Date and time of inquiry
• Time zone difference to Greenwich Mean Time (GMT)
• Content of request (specific page)
• Access status/HTTP status code
• Amount of data transferred each time
• Website from which the request originates
• Browser
• Operating system and interface
• Language and version of browser software

(2) User IP addresses are deleted or anonymized after the end of use. In the case of anonymization, IP addresses are altered so that individual details about personal or factual circumstances can no longer be assigned to an identified or identifiable natural person, or only with a disproportionate investment of time, cost and labor.

(1) The newsletter distribution process uses the services and IT systems of an external service provider (Emarsys eMarketing Systems AG) whom we have commissioned to process orders.

(2) As part of our website hosting, your data that we process is processed by the hosting company commercetools GmbH, which works for us on the basis of a data processing agreement.

(3) If web analysis services and third-party providers are used, the data will be transmitted to the extent described here.

(4) Technological and analytical service providers, providers and partners providing services related to logistics, transportation and delivery and/or their partner companies, customer care service providers,

We process and store your personal data for as long as needed to fulfill our contractual and legal obligations. We will delete your personal data as soon as they are no longer required for the above-mentioned purposes. In some cases, this personal data may be stored for the period during which claims can be asserted against our companies (that is, statutory limitation periods of three or up to thirty years). We also store your personal data to the extent to which we are legally obligated to do so. Corresponding obligations to provide evidence and retain records apply on the basis of commercial, tax and social security regulations.

We fundamentally do not use fully automated decision-making processes pursuant to Art. 22 of the GDPR to establish and implement business relationships. In order to provide you with targeted information and advice about products, we or service providers acting on our behalf may use web analytics tools, especially tracking technology. These instruments and technologies enable needs-based communication and advertising. In this regard, we refer to Section C.2 (Newsletter Tracking).

(1) We advertise job openings on our website. We collect, process and use your personal data to process your online application. The legal basis for this is specified in Art. 6 Para. 1 (b) of the GDPR. Your online application data are sent directly to the management via e-mail. We use appropriate technical and organizational measures to ensure that your personal data are handled confidentially in compliance with legal requirements.

(2) Please note that the transmission of data via e-mail is unencrypted and the data could potentially be viewed or altered by unauthorized persons. You are welcome to send us your documents by mail. After the application process is completed, but no later than after six months, your personal data will be automatically deleted unless you explicitly consent to having your data stored for a longer period.

(3) Within the scope of your employment, you must provide the personal data that are necessary to establish, implement and terminate the employment relationship and to fulfill the associated contractual obligations, or personal data that we are legally obligated to collect. Without these data, we will not be able to enter into an employment contract with you. We are only allowed to process any further data in the context of weighing interests pursuant to Art. 6 Para. 1 (f) of the GDPR, within the limits of consent granted to us, and within the scope of existing legal provisions.

With the exception of the processing described above, we do not transfer your data to recipients that are based outside the European Union or the European Economic Area.

If you consent to the use of tracking technologies that use cookie banners, you thereby also consent to your personal data being transferred to the USA when cookies are utilized. The USA are an unsafe third-party country whose data protection standards are not comparable to EU standards. Furthermore, certain providers offer no other guarantees that would compensate for this deficit. Accordingly, there is a risk that state agencies could access your personal data during transmission without you having any effective legal protection against such access.

For this purpose, we also commission providers of tracking and targeting technologies whose servers are located in the USA and with whom data are transferred based on standard contractual clauses of the EU Commission.

Alternatively, an appropriate level of data protection is ensured for service providers located in the USA based on the Data Privacy Framework (DPF) (https://www.dataprivacyframework.gov/). The EU-US DPF, the British extension of the EU-US DPF and the Swiss-US DPF were respectively developed by the US Department of Commerce and the European Commission, the British government and the Swiss federal administration to provide U.S. organizations with reliable mechanisms for the transfer of personal data from the European Union, the United Kingdom and Switzerland to the United States while also ensuring data protection levels that are compatible with the legal provisions of the EU, United Kingdom and Switzerland.

1. General information

Personal data may also be processed as part of tracking. Personal data means all data that can be related to you personally. It is not possible to execute programs or transfer viruses to the end device that you are using. Your browser uses cookies when you visit our website. Cookies are small text files that your browser stores on your hard drive. If you visit the website again, we can retrieve this stored cookie information. We and our service providers use browser and flash cookies along with other current technologies, including small graphics known as tracking pixels, pixel tags, web beacons or clear GIFs, in connection with the provision of our services to track how our users use our online product range. We generally refer to such other technologies and cookies as “cookies”.

We would also like to point out that you can generally deny the use of cookies in your browser settings or delete cookies. Please refer to the relevant manufacturer's instructions for detailed explanations of the specific procedures.

If our app is available and you use it, protocol data are generated using Hypertext Transfer Protocol (Secure) (HTTP(S)). Your end device (model and IMEI), operating system, accessed (sub)page, date and time of access, country (according to IP address), technical usage data (e.g. which products were accessed, shopping cart information and completion of purchase) are processed. A feature called IP anonymization is activated in the app. This means that the IP address which is transmitted for technical reasons is anonymized or altered by shortening the IP address (deletion of the last octet of the IP address) before it is stored.

Cookies and tracking technologies in the app are collectively referred to as “tracking technologies”.

We use various types of tracking technologies, including strictly necessary tracking technologies, functional tracking technologies, tracking technologies for analysis purposes, and tracking technologies for marketing purposes. Further information about these different types of tracking technologies is provided below.

Within our company, we only transfer your personal data to departments and persons who need these data to fulfill their contractual and legal obligations or safeguard our legitimate interests. There is no automated individual decision-making process within the meaning of Art. 22 of the GDPR.

a) Depending on the owner, tracking technologies can be classified as follows:

• First-party cookies: These are cookies that are sent to the user's computer or device from a computer or domain which is managed by the publisher itself, and from which the platform or service requested by the user is provided.
• Third-party cookies: These are cookies that are sent to the user's computer or device from a computer or domain that is not managed by the publisher, but by another entity that processes the data which are obtained through cookies.

b) Depending on the intended use, tracking technologies can be classified as follows:

aa) Strictly necessary tracking technologies

Some of the functions on our website or app cannot be provided without the use of technically necessary tracking technologies. We collect technical communication and usage data in these tracking technologies, such as the IP address, technical log information, login information if applicable, and a unique cookie/user ID that allows us to recognize you when you return to our website or open our app.

You are required to provide your personal data in order to use the website or app. Please note that you will not be able to use the website or app fully if you do not provide your data to the extent defined above.

bb) Functional tracking technologies

Functional tracking technologies are used to provide you with a better browsing experience. These tracking technologies are not strictly necessary, but make it easier for you to visit the website or app by storing communications and usage data such as font, country and currency settings along with a unique cookie/user ID that allows us to recognize you when you return to our website or open our app.

You do not have to provide your personal data to use the website or app. Please note that if you do not provide the data within the scope specified above, this may negatively affect the display and user-friendliness (usability).

cc) Tracking technologies for analytics

We use various tracking technologies for analytics; for example, to gain a better understanding of the use of the website or app and improve our product range. For this purpose, we collect technical communication and usage data such as your IP address, technical log information, login information if applicable, and a unique cookie/user ID that enables us to recognize you when you return to our website or open our app again. We also collect certain data related to your order, as well as analysis data, that is, aggregated data that are used to make inferences.

You do not have to provide your personal data to use the website or app.

dd) Tracking technologies for marketing purposes

We use various tracking technologies for advertising and targeted marketing purposes; that is, for personalized advertising. This also includes the use of tracking technologies from various social media providers, such as Facebook.

For this purpose, we collect technical communication and usage data such as your IP address, technical log information, login information if applicable, and a unique cookie/user ID that enables us to recognize you when you return to our website or open our app again. We also collect certain data related to your order, as well as analysis data, that is, aggregated data that are used to make inferences.

ee) The legal basis for processing consists of the consent provided to us (Art. 6 Para. 1 (a) of the GDPR).

1. Newsletter subscription

(1) With your consent, you can subscribe to our e-mail newsletter (hereinafter referred to as “newsletter”) which we will use to inform you about our products, sales, events, competitions and surveys.

(2) (2) We use a double opt-in procedure for registering for newsletter subscriptions. This means that after you register, we will send you an e-mail to the e-mail address that you have provided, asking you to confirm that you would like to receive the newsletter. If you do not confirm your registration within 14 days, your information will be automatically deleted. We also store the IP addresses that you use for registering and confirming and the times at which you register and confirm. The purpose of this process is to be able to confirm your registration and clarify any potential misuse of your personal data.

(3) The only mandatory information that we need to send you the newsletter is your e-mail address. The provision of further information is voluntary and will be used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter.

(4) Your consent pursuant to Article 6 para 1 (a) of the GDPR constitutes the legal basis for the above-mentioned processing in the context of subscribing to the newsletter.

(5) You can revoke your consent to receive the newsletter at any time by unsubscribing from the newsletter. You can unsubscribe by clicking on the link provided in all newsletter emails or sending a message to the contact specified in section 1.1 of this privacy policy.

(6) The data that you provided when you subscribed to the newsletter will be deleted if you unsubscribe from the newsletter.

(1) We hereby point out that we analyze the user behavior of newsletter recipients. For this analysis, the e-mails that we send to you contain web beacons or tracking pixels which represent single-pixel image files. For analysis, we relate the data or parts of it as specified in section 2.1 of this privacy policy and the web beacons to your e-mail address and an individual ID. Links in the newsletter also contain this ID. We use the data that we obtain in this way to create a user profile to let us customize the newsletter to the interests of our customers. In the process, we collect information about when you read our newsletters and which links you click on in them, and use this information to draw conclusions about your personal interests. We may link this data to your actions on our website.

(2) Your consent pursuant to Article 6 Para. 1 (a) of the GDPR provides the legal basis for the tracking described above, provided that you have registered for the newsletter subscription.

(3) If the newsletter is sent to you after a purchase without you having separately registered for the newsletter and declared your consent, the legal basis for the tracking described above is found in Article 6 Para. 1 (f) of the GDPR. Our legitimate interest in data processing in the context of tracking lies in our need to customize our newsletter to the interests of our customers.

(4) You can object to the tracking described above at any time by unsubscribing from the newsletter. You can unsubscribe by clicking on the link provided in every newsletter e-mail or sending a message to the contact specified in section 1.1 of this privacy policy. The information that is obtained through tracking is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data anonymously and purely for statistical purposes.

(5) Tracking is also not possible if you have disabled images by default in your e-mail program. In this case, the newsletter will not be displayed fully, and you may not be able to use all of the newsletter's functions. If you display the images manually, the above-mentioned tracking will take place.

(1) Emarsys is a marketing service that we use to track the surfing and shopping behavior of our customers in order to improve customer loyalty on the basis of this information. This can include, for example, reminders about products in the shopping cart, product recommendations based on viewed products or product groups, recommendations on similar products for items that you have already purchased or viewed, and personalized discount offers. These collected data are stored in an aggregated and pseudonymized form in your customer profile and displayed, for example, with product recommendations in the newsletter. Based on this information, individual product recommendations can then be displayed in the newsletter. The processing purposes consist of analysis, implementing e-mail campaigns, as well as performing segmentation, personalization and tracking.  

(2) The service is provided to us by Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany. Data processing takes place exclusively within the European Union.

(3) Your consent pursuant to Art. 6 Para. 1 (a) of the GDPR constitutes the legal basis for the processing of your data by this service. Data processed include the IP address, date and time of visit, usage data, products viewed, pseudonymized cookie ID and user behavior. The data will be deleted as soon as they are no longer required for processing purposes.

(4) The lawfulness of data processing by Emarsys on our behalf is governed by contracts concluded in compliance with Art. 28 of the GDPR.

(5) Emarsys’ privacy policy is available at the following link: https://emarsys.com/en/privacy-policy/

(1) To improve our products and services, we may contact you, for example, for the purposes of surveys, especially following product purchases or support requests to ask you for feedback. We also commission other service providers to conduct market and product research and test new technologies in our products that may potentially collect personal data. These data help us to stay ahead of the competition.

(2) The aforementioned processing in the context of our surveys, particularly to analyze and evaluate these surveys, is carried out with the involvement of the services and IT systems of the following service provider, whom we have commissioned as our processor:

Zenloop GmbH

Erich-Weinert-Straße 145

10409 Berlin, Germany

(3) Compliance with the law is ensured by contracts concluded in compliance with Art. 28 of the GDPR and the EU standard contractual clauses.

(4) The consent that you provided in compliance with Article 6 Para. 1 (a) of the GDPR when you subscribed to the newsletter or our legitimate interest after a purchase in compliance with Article 6 Para. 1 (f) of the GDPR constitutes the legal basis for the above-mentioned processing. Our legitimate interest in data processing lies in improving our products and services for our customers. By rating a product or service or taking part in a survey, you are consenting to this legitimate interest. If you do not agree with this legitimate interest, we will anonymize your data, so that they will no longer be personal data.

(1) We also use the data that you provide in the context of a purchase to send you print media.

(2) We use the services and IT systems of various service providers whom we have commissioned as our processors to perform the above-mentioned processing, and in particular to send out print media.

(3) Compliance with the law is ensured by contracts concluded in compliance with Art. 28 of the GDPR as well as the EU standard model clauses.

(4) Our legitimate interest after a purchase in compliance with Article 6 Para. 1 (f) of the GDPR constitutes the legal basis for the above-mentioned processing. Our legitimate interest in data processing lies in advertising our products and services and improving customer relations.

1. Using the online shop

When you order goods from our online store, we collect and process the personal data that are necessary for the fulfillment of your order. The mandatory information (name and address) required for the performance of the contracts is identified separately. Any further information is provided on a voluntary basis. Article 6 Para. 1 (b) of the GDPR constitutes the legal basis for processing these personal data.

When you register for a customer account (by creating an account under “Login”) (this is not required to make a purchase from us), we process the following personal data: An e-mail address and a password that you have generated. As a registered customer, you can access your profile and view the orders that you have placed or are currently in the process of placing. You can delete your customer account at any time by sending a message to the contact specified in section 1.1. or sending an e-mail to onlineshop@carhartt-wip.com. Article 6 Para. 1 (b) of the GDPR constitutes the legal basis for processing these personal data.

After you have decided to make a purchase as a customer or guest, we collect the following data to process the order: First and last name, telephone number and date of birth, address, or delivery address if applicable. You can use the following methods of payment: credit card, Klarna (only available in Germany), PayPal or advance payment. If you pay by credit card (Visa or MasterCard), we process the name, card number, expiry date and CVV number.

Art. 6 Para. 1 (b) of the GDPR constitutes the legal basis for the processing of your order and payment data.

Your address, payment and order data will be stored after the execution of the contract for the duration of the tax and commercial law retention period requirements of six or ten years and then deleted, unless you have consented to further storage or further data processing is required to assert, exercise or defend legal claims. Article 6 Para. 1 (c) of the GDPR constitutes the legal basis for the processing of personal data for the purpose of fulfilling the legal archiving and retention requirements.

We use Fit Analytics on our website. You can use this tool to help you find the right clothing size. In order to use the tool, you need to provide the following data on a voluntary basis: Gender, height, weight, age, reference article or brand (optional), body type, wearing preference and previous purchases.

We also use Fit Analytics to measure reach, as well as for marketing and optimization purposes. Fit Analytics is a function that makes it possible to identify your visit to our website with a cookie so that we can contact you again. These data can be used to create user profiles under a pseudonym. The collected data will not be used to identify you personally without your consent and will not be merged with your personal data via the pseudonym holder. The legal basis for this is Art. 6 Para. 1 (f) of the GDPR. Supplementary data protection information for Fit Analytics can be found here: https://www.fitanalytics.com/privacy-policy.

We process the data provided by you to fulfill your order. In order to fulfill the contract, we will transfer your data to the transport company commissioned with delivery (for example, DHL), insofar as this is necessary for delivering ordered goods. We also pass on the payment data collected for this purpose to the credit institution that you have commissioned to process payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers will also collect these data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. The privacy policy of the respective payment service provider applies in this regard. We are authorized to pass on these personal data in compliance with Art. 6 Para. 1 (b) of the GDPR. Our service providers may only process or use your data for the purposes for which they were transmitted to them. You can access these data at all times. Where data are passed on to external service providers, we have taken technical and organizational measures to ensure that data protection regulations are fulfilled.

1. Contact form, e-mail contact, Google reCAPTCHA

(1) A contact form that can be used to contact us electronically is available on our website. If a user takes advantage of this option, the data entered in the input screen will be transmitted to us and stored. The corresponding data, particularly including personal data, address data, contact data and messages (free text field), can be seen directly in the respective input screen.

At the time of sending, the following data are also stored:

• User’s IP address
• Date and time at which the form is sent

(2) Reference is made to this privacy policy when the data are sent. Alternatively, you can contact us using the e-mail addresses provided. In this case, the user's personal data that were transmitted by e-mail will be stored. The data are used exclusively to process the request.

(3) Art. 6 Para. 1 (f) of the GDPR constitutes the legal basis for processing the data transmitted in the context of using the contact form or sending an e-mail. If the purpose of the contact by email is to receive support and inquire about the customer's current orders or conclude a contract, the additional legal basis for the processing consists of Art. 6 Para. 1 (b) of the GDPR.

(4) We will process the personal data from the input screen solely for the purpose of establishing contact. In the case of contact by email, this also constitutes a necessary legitimate interest in data processing. The other personal data processed during the sending process are used to prevent misuse of the contact form and ensure the security of our information technology systems.

(5) The data will be deleted as soon as they are no longer needed for the purposes for which they were collected. This applies in the case of personal data from the input screen of the contact form and personal data sent by e-mail, when the respective conversation with the user has ended. The conversation has ended when it can be concluded from the circumstances that the subject matter of the conversation has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of no more than seven days.

This website uses the product Speed Kit from Baqend GmbH, Stresemannstr. 23, 22769 Hamburg, Germany to reduce page load times. To do this, publicly accessible data are delivered via the Baqend GmbH infrastructure. No personalized or personal content is transferred or stored herein. IP addresses are anonymized immediately after they are transmitted. Further information is available here: SpeedKit privacy policy

(1) Instead of registering directly on our website, you can register using Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

(2) If you decide to register with Facebook Connect and click on the “Login with Facebook”/“Connect with Facebook” button, you will be automatically redirected to the Facebook platform. You can then log in there with your user data. This will link your Facebook profile to our website and/or services. This link will give us access to your data that are stored on Facebook. This primarily includes:

• Your Facebook name
• Your Facebook profile and title image
• E-mail address stored with Facebook, Facebook ID
• Facebook friend lists, Facebook Likes information
• Date of birth, gender
• Country, language

These data are used to set up, provide and personalize your account with us.

(3) More information is available in the Facebook Terms of Use and Privacy Policy. You can find this at: https://facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.

We use the “Google reCAPTCHA” service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) to protect our website and form submissions. This service is used to check whether entries on our website are made by a natural person or abusively performed by automated processing (bots).

Google reCAPTCHA analyzes your behavior on our website (such as mouse movements, length of stay and IP address) and collects various information about your device (such as the browser type, operating system, screen resolution and language settings). These data are transmitted to a Google server in the United States and processed there.

Processing takes place on the basis of Art. 6 Para. 1 (f) of the GDPR. We have a legitimate interest in protecting our website against abusive automated use and ensuring the security of our IT systems.

Google also processes your data in the United States. We hereby point out that the USA does not offer a level of data protection equivalent to that of the EU. There is a risk that authorities may be able to access your data. We have concluded standard contractual clauses with Google in accordance with Art. 46 of the GDPR to ensure an adequate level of protection.

For details on how Google processes data using reCAPTCHA, please refer to Google's privacy policy and the terms of use for Google services.

(1) Our website uses Google Analytics, a web analysis service provided by Google Inc. („Google"), if you have consented to this in the cookie management tool. Google Analytics uses “cookies” - that is, text files that are placed on your computer - to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers located in the United States. However, if IP anonymization is activated on this website, Google will shorten your IP address within member states of the European Union or in other states that participate in the agreement on the European Economic Area. Only in exceptional cases, will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, compile reports about website activity and provide other services associated with website activity and internet usage for the website operator.

(2) The IP address that is transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(3) You can prevent cookies from being stored by selecting the appropriate settings in your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (including your IP address) from being transmitted to Google and processed by Google by downloading and installing the browser plugin that is available from Google:

(4) This website uses Google Analytics with the extension “anonymizeIp()”. This means that IP addresses are further processed in an abbreviated form, so that the possibility of relating them to persons is excluded. Insofar as the data collected about you are personally identifiable, they will be excluded immediately, and the personal data will therefore be deleted immediately.

(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained help us to improve our product range and make it more interesting to you as a user. There is an agreement with Google Analytics concerning order processing based on the EU standard contractual clauses (Art. 44 et seqq. of the GDPR). The consent that you have provided (Art. 6 Para. 1 (a) of the GDPR) constitutes the legal basis for the use of Google Analytics.

(6) Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: https://marketingplatform.google.com/about/analytics/terms/gb/, privacy policy overview: http://www.google.com/intl/en/analytics/learn/privacy.html, and privacy policy: http://www.policies.google.com/privacy.

(1) This website uses Google Tag Manager as part of Google Analytics. Tags are small code elements on our website that are used to measure traffic and visitor behavior, track the impact of online advertising and social channels, use remarketing and orientation to target groups, and test and optimize our website, among other things. Google Tag Manager is a solution that allows us to manage website tags via a single interface. The Tag Manager Tool itself (which implements the tags) is a cookie-free domain. The tool triggers other tags that may collect data under specific circumstances. Google Tag Manager does not access these data. If deactivation is performed at the domain or cookie level, it will remain disabled for all tracking tags that are implemented using Google Tag Manager.

(2) The legal basis for processing consists of the consent that you have provided (Art. 6 Para. 1 (a) of the GDPR). Further information on Google Tag Manger is available on the internet at: https://www.google.com/analytics/terms/tag-manager/

(1) This website continues to use the online marketing tool DoubleClick by Google, provided that you have consented to this in the cookie management tool. DoubleClick uses cookies to deliver ads that are relevant to users, improve campaign performance reports, or prevent users from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser, and can therefore prevent them from being displayed multiple times. DoubleClick can furthermore use cookie IDs to record conversions that are related to ad requests. This applies, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser to make a purchase. According to Google, DoubleClick cookies do not contain any personal information.

(2) Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool, and therefore inform you according to our current state of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

(3) You can prevent participation in this tracking process in several ways:

a) by setting your browser software correspondingly; in particular, suppressing third-party cookies will prevent you from receiving ads from third-party providers;

b) by deactivating conversion tracking cookies by setting your browser to block cookies from the domain “www.googleadservices.com”; https://www.google.de/settings/ads - however, this setting will be deleted if you delete your cookies;

c) by disabling interest-based ads from providers that are part of the “About Ads” self-regulation campaign through the link http://www.aboutads.info/choices - however, this setting will be deleted if you delete your cookies;

d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers at http://www.google.com/settings/ads/plugin. We hereby point out that you may not be able to use all the functions of this product range to their full extent in this case.

The legal basis for the processing of your data consists of the consent that you have provided in accordance with Art. 6 Para. 1 (a) of the GDPR.

(4) Further information on DoubleClick by Google is available at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, and on data privacy at Google in general: https://policies.google.com/privacy. Alternatively, you can go to the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

If you have consented in the cookie management tool, our website uses Google Audience, a service provided by Google Inc.. Among other things, Google Audience uses cookies which are stored on your computer and other mobile devices (such as smartphones, tablets, etc.) and enable it to analyze the use of these devices. The data are partly analyzed across devices. By means of this, Google Audience gains access to the cookies created by Google Ads and Google Analytics. During use, data, especially IP address and user activities, may be transmitted to a Google Inc. server and stored there. Where appropriate, Google Inc. may also transfer this information to third parties if this is required by law or the data are processed by third parties.

The legal basis for the processing of your data consists of the consent that you have provided in accordance with Art. 6 Para. 1 (a) of the GDPR.

We use technologies to collect and store pseudonymized data to improve and customize this website. Econda uses these data to create pseudonymized user profiles. We do not transfer your data to third parties or other countries.

Information about the third-party provider: Econda by DYMATRIX GmbH, Lautenschlagerstraße 2, 70173 Stuttgart, Germany, +49 711 22 007 88-0, info@dymatrix.de, https://www.dymatrix.de/en

Purpose of data processing:

- Analytics

- Optimization

Econda operates in anonymous mode, which does not store any personal data such as IP addresses or customer/order numbers. No cookies are set, and recognition or profiling is not possible. It is not possible to assign this information to a user profile.

Anonymous tracking is performed on the basis of Art. 6 Para. 1 (f) of the GDPR, since there is a legitimate interest in measuring reach and optimizing the website. Personal data are only processed with the consent of the user (Article 6 Para. 1 (a) of the GDPR).

Data collected:

- Device information

- Pages visited

- Information on the order process

- Access data

- Customer data at login

Data processing and storage only takes place for as long as needed for the respective purpose or as long as a legal retention period applies. The data are deleted afterwards. Further information is available here: [https://www.dymatrix.de/en/cx-platform/web-analytics](https://www.dymatrix.de/en/cx-platform/web-analytics).

1. General information

The social network services of Facebook and Instagram are offered and administered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin, Ireland.

If you contact us directly, communicate with us or share personal content via our social media profiles, we are responsible for processing your data.

a) Processing of your data by Facebook. You should also note that when using our social media profiles in accordance with your consent when using Facebook services, Facebook also processes your data for its own purposes, which we cannot explain in further detail in this privacy policy. We also have no influence over Facebook's processing activities. In this sense, Facebook is a joint controller as part of the joint processing of your data. You can find the information required under Article 13 Para. 1 (a) and (b) of the GDPR in the Facebook and Instagram data policy at:

Facebook privacy policy: https://www.facebook.com/about/privacy/ Instagram privacy policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&locale=en

These links also provide further information about how Facebook processes your personal data, including the legal basis on which Facebook relies and options for exercising your rights vis-à-vis Facebook.

We have also enabled Automatic Advanced Matching as part of the Facebook Pixel feature. This feature of Pixel allows us to send hashed e-mails, names, genders, cities, states, zip codes, birth dates or phone numbers to Facebook as additional information, provided that you have made this data available to us. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our products or services.

The legal basis for the processing of your data consists of the consent that you have provided in accordance with Art. 6 Para. 1 (a) of the GDPR.

The social network services of TikTok are offered and administered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

If you contact us directly, communicate with us or share personal content via our social media profiles, we are responsible for processing your data. Furthermore, please note that TikTok also processes your data for its own purposes when you use our social media profiles in accordance with your consent when using TikTok services, which we cannot explain in further detail in this privacy policy. We also have no influence over TikTok's processing activities. In this sense, TikTok is a separate data controller. You can find the information required under Art. 13 Para. 1 (a) and (b) of the GDPR in TikTok's data policy at:

https://www.tiktok.com/legal/page/eea/privacy-policy/en-DE

Further information about your privacy settings on TikTok is also available at the following link: https://support.tiktok.com/en/account-and-privacy

The following information is intended to inform you about the data privacy aspects of our presence on X (hereinafter “X account”).

(1) The X account is an online presence within the platform operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter International Company (hereinafter “Twitter”), located at One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for data processing of persons residing outside the United States.

(2) We hereby point out that your use of the X short message service offered here and its functions takes place at your own risk. This applies in particular to the use of interactive functions (such as sharing or rating).

(3) On the one hand, X processes the data voluntarily entered by yourself, such as your name and username, email address, phone number or the contacts in your address book when you upload or synchronize it.

On the other hand, X also analyzes the content that you share to determine which topics are of interest to you, stores and processes confidential messages that you send directly to other users, and is able to determine your location using geolocation data such as GPS or Galileo, information about wireless networks, or your IP address to send you advertising or other content. X may use analysis tools such as Twitter or Google Analytics for analytical purposes under its own responsibility. We have no influence over whether X uses such tools and have not been informed of any such potential uses. Furthermore, the data obtained by X during the analysis are not available to us. We can only view certain non-personal information on posting activity via your account, such as the number of profile or link clicks by a specific poster.

(4) Lastly, X also receives information when you view content, even if you have not created an account. This information, which is known as “log data,” may include your IP address, browser type, operating system, information about the website that you previously visited and pages you have viewed, your location, your mobile phone provider, the device you are using (including the device ID and application ID), the search terms that you used, and cookie information.

(5) X buttons or widgets embedded in websites and the use of cookies enable X to record your visits to these websites and associate them with your X profile. These data can be used to offer you customized content or advertising. On our pages, X content is only integrated in a manner which complies with data privacy as passive elements and active elements, protected by the “two-click solution”.

(6) You can find options to restrict the processing of your data in the general settings for your X account and under “Privacy and Security”. You can also use the settings on mobile devices (smartphones, tablet computers) to restrict X's access to contact and calendar data, photos, location data, etc.. However, this depends on the operating system that you are using.

(7) Information on data processed by X and purposes for which they are used is available in X's privacy policy: https://x.com/en/privacy

(1) Our website uses social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). These plugins are identified with an Instagram logo - for example, in the form of an “Instagram camera”. An overview of Instagram plugins and what they look like is available here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges

(2) When you access a page on our website that contains a plugin of this type, your browser will establish a direct connection to Instagram's servers. The content of the plugin is transmitted directly from Instagram to your browser and integrated into the page. Via this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the United States and stored there. If you are logged into Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information will also be posted to your Instagram account and displayed to your contacts there.

(3) For information about the purpose and scope of data collection and further processing and use of these data by Instagram, along with your rights in this regard and how to set options to protect your privacy, please consult Instagram's privacy policy: https://help.instagram.com/155833707900388/ If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the Instagram plugins from loading by using add-ons for your browser; for example, by using the script blocker „NoScript“ (http://noscript.net/).

(1) Our site uses social plugins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you access a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plug-in then transmits protocol data to the Pinterest server in the USA. All collected data are anonymous to us and do not provide any information about the identity of the user. Collected data include device information (such as type and brand), utilized operating system, the IP address of the device being used, access time, campaign type and content, response to the campaign in question (such as purchase or newsletter registration) and device IDs that consist of individual characteristics of the end device. This enables us to recognize your device on our website.

(2) We use Pinterest to optimize our online product range and customize the use of our Pinterest campaigns according to demand. A “Pinterest Tag” (individual code snippet) is used in the advertising campaign. If a Pinterest user sees the ad or clicks on it, the further actions and the target groups that have shown interest are tracked. By using this tag, we can ensure that Pinterest ads are only displayed to Pinterest users who have already shown an interest in our product range, and that displayed ads match the potential interests of the user. These data help us to measure the conversion of the campaign in question. This information is used for statistical and market research purposes and helps us to optimize the advertising campaigns. The legal basis is Art. 6 Para. 1 (f) of the GDPR.

(3) The data are stored in accordance with statutory retention periods and automatically deleted thereafter. If you log in to your Pinterest account after visiting our website or if you visit our website while logged in, this data may be stored and processed by Pinterest. Pinterest may be able to associate this information with your Pinterest account and may also use it for its own advertising purposes. Further information is available in Pinterest's privacy policy: https://policy.pinterest.com/en/privacy-policy. You can object to this special data processing at any time by either deactivating the relevant settings under “Personalization” in your Pinterest account https://help.pinterest.com/en/article/personalization-and-data or clicking on Opt-Out.

We use the following plugins and tools. Our legitimate interests in accordance with Art. 6 Para. 1 (f) of the GDPR constitute the legal basis for the use of these plugins. In some cases, we require your consent to process your data (Art. 6 Para. 1 (a) of the GDPR).

(1) We have embedded YouTube videos in our online product range. These videos are stored at http://www.youtube.com and can be played directly from our website. All of these videos are embedded in “privacy-enhanced mode”, which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. The data stated in paragraph 2 will only be transmitted if you play the videos. We have no influence on this data transfer.

(2) When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. Furthermore, the data described in section 2 (Visiting the website) of this privacy policy will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to, or you do not have a user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want the account to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as a user profile and uses them for advertising, market research and/or to customize its website. Such analysis takes place in particular (even for users who are not logged in) to provide customized advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. However, you will have to contact YouTube to exercise this right.

(3) YouTube is a subsidiary of Google. Further information on the purpose and scope of data collection and processing by YouTube is available in the privacy policy. You can also obtain further information about your rights and the settings options to protect your privacy here: https://policies.google.com/privacy. Google also processes your personal data in the United States and has agreed to submit to the EU-US Privacy Shield:  https://www.privacyshield.gov/EU-US-Framework.

(1) This website uses SoundCloud. SoundCloud is a service provided by SoundCloud Limited and its subsidiaries, including SoundCloud, Inc. (hereinafter referred to as “SoundCloud”).

(2) SoundCloud automatically processes data when you use the platform, or collects data via the use of cookies and other web analysis services as described in the cookie policy. According to SoundCloud, this data includes the following, among other things:

• Usage data – We collect data about your interactions with the platform, including pages visited and links clicked, streaming, offline listening or downloading of tracks, uploading or recording tracks, connecting to Facebook or Google+ accounts, sharing tracks with other users, following or unfollowing other users , joining or leaving groups, posting comments, conducting searches, the time, frequency and duration of visits to the platform, and information about whether you interact with e-mail messages - i.e. whether you have opened, clicked on or forwarded the e-mail message.
• Login data – We automatically collect login data when you visit the platform, even if you have not registered for an account or logged in. Among other things, this information includes details about how you used the platform (including links to third-party sites or services), Internet Protocol (IP) address, access time, browser type and operating system, device information, device event information (such as crashes and browser type), and pages you viewed or interacted with directly before and after visiting the platform.
• Cookies – We use cookies or similar technologies, such as pixels, local storage and mobile device identifiers. We may also authorize our business partners to use these tracking technologies on the platform or engage others to track your usage of our platform on our behalf. Further information about how we use these technologies is available in our cookie policy.
• Location data – When you use certain features of the platform, we may collect data about your general location (such as your IP address). We use these data to provide you with location-based services (such as ads and personalized content). Most mobile end devices allow you to control or disable the use of location services for applications in the device settings.
• Device data – We collect information from and about the end devices that you use, including how you interact with the platform, as well as data about the device itself, such as its hardware model, operating system, IP address, cookie data, device settings, mobile device and advertising identifiers, installed apps, browser type, language, battery level, and time zone. The advertising ID (IDFA) of Apple iOS and the advertising ID (IDFA) of Google Android are examples of end device IDs. This information enables us to identify your activities, associate them with each other, and provide you with personalized content and similar advertising across all end devices.
• SoundCloud widget – Other websites can integrate SoundCloud widgets. When you visit a page with an embedded SoundCloud widget, we may receive specific data, including data about the page that you visited. SoundCloud and the widget may be able to recognize you; in some cases, the widget may also be used to display personalized content to you. We are informed whenever you interact with a widget. Websites that contain the widgets can also receive this information.

(3) Further information on data privacy guidelines is available online at: https://soundcloud.com/pages/privacy

(1) This site uses web fonts provided by Google to ensure that fonts are displayed consistently. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

(2) For this purpose, the browser that you are using needs to connect to Google's servers. This means that Google is informed that our website has been accessed via your IP address. Using Google Web Fonts is in the interests of a consistent and attractive presentation of our online product range. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 (f) of the GDPR. If your browser does not support web fonts, your computer will use a standard font. Further information about Google Web Fonts is available at https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/.

The following applications are used exclusively for the Carhartt WIP APP

Firebase Analytics offers analytical solutions for any number of data points and over 500 event types with up to 25 attributes. The data are displayed in dashboards and graphics to provide insights into user behavior.

The provider of the software is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for users of Google services who routinely reside in the European Economic Area or Switzerland.

The legal basis for processing consists of Art. 6 Para. 1 (f) of the GDPR. Our legitimate interests lie in the continuous improvement of the application and the processes, as well as targeted and effective elimination of errors and bugs; and furthermore, in maintaining the service so that it can function as intended; for example, by correcting errors, performing follow-up, and preventively avoiding problems

a) Firebase Crashlytics

As an app debugging tool, Firebase Crashlytics provides app developers with real-time, in-depth insights into bugs and crashes to assist them in correcting common error patterns. In order to solve problems quickly and effectively, we use the tool to analyze their causes. Firebase Crashlytics utilizes the Crash Reporting Service to collect detailed information when an app unexpectedly crashes or stops responding on a device. This enables developers to respond to potential errors.

b) Firebase Remote Config

Firebase Remote Config is a feature management tool that enables us to closely control the behavior and appearance of our application.

c) Firebase Cloud Messaging (FCM)

Firebase Cloud Messaging (FCM), formerly known as Google Cloud Messaging (GCM), enables the transmission and receipt of notifications for Android and iOS.

a) Adjust provides the following functionalities:

• Measurement: You can measure all of your marketing activities in one place with innovative solutions to help you stay ahead of the curve. Track everything – from paid to owned media, offline and beyond.
• Analysis: Merge your data for the right decision. Decisions at any time. Deliver incredible results with combined analyses, powerful reports and intuitive visualizations.
• Automation: Optimize workflows, and scale your growth with automation. Optimize campaigns, maximize budgets, and boost team efficiency with Pulse, a powerful, time-saving automation suite.

b) The third-party provider is Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin, Germany.

c) The legal basis for the processing of your data for purposes of measurement and analysis consists of the consent that you have provided in accordance with Art. 6 Para. 1 (a) of the GDPR. The legal basis for processing your data for automation purposes consists of our legitimate interest in automating processes and procedures.

d) Adjust’s data privacy policy is available here: https://www.adjust.com/terms/privacy-policy/

a) Adyen is a payment technology service provider with a banking license. This means that Adyen offers its customers payment and financial services, such as payment processing for customers and platforms by credit card, bank transfer and other payment methods, card issuing, account services (for merchants), fraud detection services and other services.

b) The third-party provider is Adyen N.V., Simon Carmiggeltstraat 6, 1011 DJ, Amsterdam, Netherlands.

c) What data categories does Adyen process?

• Know Your Customer („KYC“) identification: Name, date of birth, contact information and account number.
• Financial information of customers or users. Bank account and credit card numbers.
• Information on purchaser transactions. Credit card data, debit card data, transaction amounts, dates and times of transactions:
• Internet or similar network activities: Use of cookies for Adyen advertising purposes: see the cookie policy https://www.adyen.com/policies-and-disclaimer/cookie-policy

The legal basis for the processing of your personal data consists of Art. 6 Para. 1 (b) of the GDPR regarding the execution and processing of payments and Art. 6 Para. 1 (f) of the GDPR regarding the preservation of our legitimate interests in protection against bad debt and fraud.

d) The privacy policy is available here: https://www.adyen.com/privacy-policy

The BFF integration layer which is provided by Google Cloud EMEA Limited serves as an interface between our app and various services such as Commercetools and Sanity. In this context, the BFF processes incoming and outgoing requests in order to collect, forward and aggregate data between the platforms.

In order to improve performance and user experience, data that are related to product detail pages and product lists are cached for storage purposes. These data are stored for a maximum of two minutes, and are then automatically deleted.

We maintain extensive records to analyze and correct rare errors (referred to as edge cases) in the ordering process. These logs may include personal data such as:

• E-mail address,
• Address,
• User IP address (in relation to payment inquiries).

Log data are used exclusively for debugging purposes, and are subject to strict security measures to ensure the protection of your data.

Your data are processed on the basis of Art. 6 Para. 1 (f) of the GDPR. Our legitimate interest lies in ensuring efficient and secure data processing to analyze and optimize our website.

Our website uses the Stape.io service that is provided by Stape, LLC. Stape.io supports us in server-side tagging and secure processing of analytical data to ensure the efficiency and security of our website.

We only use Stape.io's EU servers, thereby ensuring that your personal data are processed and stored within the European Union. Processed data may include IP addresses, browser information, device information, and interaction data (such as click behavior) which is required for executing server-side tags.

Your data are processed on the basis of Art. 6 Para. 1 (f) of the GDPR. Our legitimate interest lies in ensuring efficient and secure data processing to analyze and optimize our website.

the processed data are only stored as long as they are needed for the above-mentioned purposes. As soon as the purpose no longer applies, the data are deleted, provided that there are no legal obligations to retain them.

Details on data processing by Stape.io are available in their privacy policy.

You have the following rights regarding the processing of your personal data, provided that the legal requirements are met:

I. The right to information (Art. 15 of the GDPR)

II. The right to rectification (Art. 16 of the GDPR)

III. The right to erasure (“right to be forgotten“) (Art. 17 of the GDPR)

IV. The right to restriction of processing (Art. 18 of the GDPR)

V. The right to data portability (Art. 20 of the GDPR)

VI. The right to object (Art. 21 of the GDPR)

According to Art. 21 para 1 of the GDPR, you have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data which are based on Art. 6 Para. 1 (e) or (f) of the GDPR, including profiling based on those provisions. According to Art. 21 para 2 of the GDPR, you have the right to object to the processing of your personal data for direct marketing at any time, including profiling, insofar as it is related to such direct marketing.

VII. The right to withdraw consent (Art. 7 Para. 3 of the GDPR)

VIII. The right to lodge complaints with supervisory authorities (Art. 77 Para. 1 of the GDPR).

1. Links to other websites

(1) Our website may contain links to websites operated by third parties that are not subject to this privacy policy. These third-party websites have their own privacy policies, and may also use cookies or other tracking technologies. The respective operator or responsible person of the corresponding website is responsible.

(2) We verify links to external websites before linking them. However, we have no influence over whether their operators comply with data privacy regulations. If violations or infringements become known to us, we will remove the corresponding links immediately.

We have implemented various technical and organizational measures to ensure an appropriate level of data security in the processing of your personal data.

In order to ensure the confidentiality, integrity and availability of your personal data, we have implemented amongst other things the following technical and organizational measures (this list is not definitive):

• Encryption of personal data
• Pseudonymization of personal data
• Consistent application of the “need to know principle” (access to your personal data is strictly limited to those employees who require access in order to provide the requested products and services)
• Employees and service providers are bound to confidentiality
• Implementation of numerous precautionary measures to protect your personal data against unauthorized access, loss or alteration
• The service providers whom we commission are contractually obligated to guarantee the same appropriate levels of security.

All technical and organizational measures that we use are state-of-the-art at all times. We have implemented technical and organizational security measures to protect your personal data against loss, destruction, manipulation and unauthorized access in accordance with Art. 24, 32 of the GDPR. All our employees and all third parties involved in data processing are obligated to comply with the GDPR requirements and treat personal data confidentially.

This site uses SSL or TLS encryption for security reasons and to protect transmissions of confidential content, such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, as well as by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transfer to us cannot be read by third parties.

We reserve the right to modify our security and data privacy measures if it becomes necessary due to technical developments or legal changes. In such cases, we will also amend our data privacy policy accordingly. Accordingly, please note the respectively current version of our privacy policy.