Privacy policy

Introduction

This privacy statement provides information on what personal data is collected when using the website www.shop.outdooractive.com (hereinafter: "website"), for what purposes and in what way the data concerned is used, and what rights users have.

For reasons of reader-friendliness, we use the generic masculine in this text. However, it goes without saying that all genders are meant equally.

Status: March 14, 2023

Responsible

Outdooractive AG
Missener street 18
87509 Immenstadt
Phone: +49 8323 8006-0
Email: shop@outdooractive.com

 

Register court: Local court Kempten
Registration number: HRB 15575
Sales tax identification number according to § 27a UStG: DE 261707005

 

Outdooractive Aktiengesellschaft
Chairman of the supervisory board: Mathias Pauli
CEO: Hartmut Wimmer

Further details can be found in our legal disclosure.

Data Protection Officer

You can reach and contact our data protection officer at the following address:

datalegis GmbH
Gero Wilke
Bismarckallee 10
79098 Freiburg

Phone: 0761 / 45 89 27 23
Email: privacy@outdooractive.com

Your Rights

You have the following rights with regard to the personal data concerning you:   

  • the right to information (Art. 15 GDPR),   
  • the right to rectification (Art. 16 GDPR),   
  • the right to erasure ("right to be forgotten") (Art. 17 GDPR),   
  • the right to restriction of processing (Art. 18 GDPR),   
  • the right to object to processing (Art. 21(1) GDPR),   
  • the right to data portability (Art. 20 GDPR).

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).

Definitions of Terms

This section provides you with an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

- Controller: "Controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

- Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, evaluation, storage, transmission or deletion.

Objection to or Revoking the Use of your Personal Data

(1) You can withdraw your consent to the use of your data at any time. Revoking your consent influences the admissibility of the use of your personal data after we have received it.

(2) Insofar as we base the use of your data on a balance of interest, you may object to its use. In the event of any such objection, we ask you to clarify your reasons for not allowing us to use your data. We will examine the situation further in the event that this objection may be considered justifiable. We will then either no longer use your personal data, adjust any further use of this data, if necessary, or give compelling reasons worthy of protection as to why we continue to use your personal data

(3) You may, of course, object to the use of your personal data for the purposes of advertising and data analysis.

(4) Please send your revocation or objection to the contact details given in our legal disclosure above.

 

Use of Personal Data when Using our Website for Informational Purposes

(1) If you access our website without first registering or providing us with information in any other way ("informational use"), we only collect the personal data that your web browser transmits to our server. If you want to view our website, we collect the data listed below as a technical requirement for us to display our website to you and to ensure stability and security:

  • IP address
  • Date and time of the request
  • Time zone in relation to Greenwich Mean Time (GMT)
  • The request’s content (specific page)
  • Access status / http status code
  • Volume of data transferred each time
  • Website from which the request originated
  • Browser
  • Operating system and its interface
  • The language and version of the browser software

This data is also stored in so-called log files on our servers. These do not affect your IP address or other data assigned to you. This data is not stored together with any other personal data of yours.

(2) The collection and temporary storage of the IP address is necessary in order for our website to function on your device. For this, your IP address must be saved for the duration of your visit to our website. The storage of the above-mentioned data in log files serves to ensure functionality and to optimize our website whilst also safeguarding the security of our information technology systems. This data is not analyzed for marketing purposes. Our legitimate interest in using the data lies in the purposes stated above. The legal basis for the collection and temporary storage of the aforementioned data and the log files is Art. 6 Para. 1 Sentence. 1 section. f) GDPR.

(3) The aforementioned data that is used for viewing our website will be deleted when the respective session has ended. The data in log files will be deleted after fourteen days at the latest. The collection of the above data for viewing our website is absolutely necessary for the operation of the website. There is no possibility to object to this.

 

 Contact

If you contact us by e-mail, the personal data you send us with your e-mail will be stored. The data will only be used to answer your questions. The data will not be passed on to third parties.

The processing of the aforementioned personal data is solely for the purpose of handling your inquiries. Our legitimate interest in processing the data also lies in the aforementioned purposes. Insofar as you have given us your consent for this, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a) DS-GVO. Otherwise, the legal basis for the processing of this data, in particular in the event that the data is transmitted to us by you by sending an e-mail, is Art. 6 para. 1 p. 1 lit. f) DS-GVO. Insofar as you want to work towards the conclusion of a contract through your e-mail, Art. 6 para. 1 p. 1 lit. b) DS-GVO represents an additional legal basis.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when we have conclusively processed your requests.

You can revoke the consent given to us to process your personal data at any time. When contacting us by e-mail, you can object to the storage of your personal data at any time. We would like to point out that in this case your request cannot be processed any further. You can declare the revocation or the objection by sending an e-mail to our e-mail address given in the imprint.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a period are removed or replaced by wildcards. The shortening of the IP address is intended to prevent or make it significantly more difficult to identify a person by their IP address.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and operational interests or is made where it is necessary for the fulfillment of our contract-related obligations or where we have the consent of the data subjects or legal permission.

 

Data Processing in third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Delete Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Within the scope of our data protection notices, we may provide users with further information on the deletion as well as on the retention of data that specifically applies to the respective processing operations.

Use of Personal Data in Respect of Cookies

(1) In addition to the above-mentioned data, we use technical aids for various functions when using our website, in particular cookies, which can be stored on your end device. Cookies are small text files that are stored on the storage medium of your end device, e.g. on a hard drive, and which provide us, as the body that sets the cookie, with certain information. Cookies cannot execute programmes or transmit viruses to your end device. When you call up our website and also at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. This website uses the following types of cookies, the scope and functionality of which are explained below.

(a) Cookies that are stored associated with your web browser:   

  • Transient cookies: these cookies are automatically deleted when you close your web browser. These include, in particular, session cookies. These store a so-called session ID, by means of which various requests from your web browser can be assigned to the common session. This makes it possible to recognise your terminal device when you return to our website. Session cookies are deleted as soon as you log out or close the web browser.   
  • Persistent cookies: These cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete these cookies at any time in your web browser settings.   
  • Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. Here too, you can consent or object.

(b) Cookies also store data and information such as multilingualism (language setting) and search terms entered (search function). Details can be found in our Consent Manager and on our website on cookies.

(2) The processing of personal data through the above cookies serves the following purposes:

(a) Technically necessary cookies: The technical structure of our website requires us to use techniques, in particular cookies. Without these, our website cannot be displayed or used completely and/or without errors. For example, some functions of our website require that your web browser can still be identified after a page change. In these cases, these are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in our Consent Manager and on our website on cookies. As far as technically necessary cookies are concerned, our legitimate interest in data processing lies in the above purposes. The legal basis in these cases is Art. 6 para. 1 p. 1 lit. f) GDPR.

(b) Optional cookies (with your consent): We set various cookies only after your consent, which you can select during your first visit to our website via the so-called cookie consent tool. The functions will only be activated in case of your consent. These cookies are used in particular to enable us to analyse visits to our website and thereby improve our website and/or individual functions as well as the user experience as a whole, e.g. also to make it easier for you to use our website via different browsers or terminal devices, to recognise you when you visit us again or to serve advertising (possibly also to tailor advertising to interests, to measure the effectiveness of advertisements or to show interest-oriented advertising).

The legal basis for this processing is Art. 6 para. 1 p. 1 lit. a) GDPR. Revocation of your consent is possible at any time without affecting the permissibility of the processing until revocation. The functions used by us, which you can display and revoke via the Consent Manager, as well as the cookies used, the data processed and the purposes of the processing are described in detail there and on our website on cookies.

(3) The above cookies are stored on your terminal device and transmitted from it to our server. You can therefore configure the processing of data and information by cookies yourself. You can make corresponding configurations in the settings of your web browser, through which you can, for example, reject third-party cookies or cookies altogether. In this context, we would like to point out that you may then not be able to use all the functions of our website properly. If you would like to prevent data from being processed by Flash cookies, you must make the appropriate settings in your Flash player or install an add-on, e.g. for the Google Chrome web browser the add-on "Adobe Flash Killer Cookie" or for the Firefox web browser the add-on "Better Privacy". If you want to prevent the use of HTML5 storage objects, you must use your web browser in private mode - if available. Alternatively, you can also make the appropriate settings in our Consent Manager. Regardless of this, we recommend a regular manual deletion of cookies as well as your browser history.

 

Shopping

For the operation of our online store we use Shopify.

Shopify provides a platform through which e-commerce services are offered and carried out. The services and processes carried out in connection with them include, in particular, online stores, websites, their offers and content, community elements, purchase and payment processes, customer communication, and analysis and marketing; service provider: Shopify International Limited, Victoria Buildings, 2nd Floor,1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; Website: https://www.shopify.de; Privacy Policy: https://www.shopify.de/legal/datenschutz.

Shopify stores your data on a secure server. If you are located in the EU, European Economic Area (EEA) or Switzerland, your data is processed and stored in Ireland by Shopify International Ltd. However, Shopify notes that data may be transferred to other regions, including the United States and Canada. Shopify strictly adheres to the agreement between the EU and the U.S. or the agreement between Switzerland and the U.S. on data collection (for more details, see Shopify's privacy policy here).

Shopify sets cookies while you navigate our homepage. These are small text files that are stored in your Internet browser or by the Internet browser on your computer system. When you visit a website as a user, a cookie may be stored on your operating system. This cookie contains a unique string of characters that allows the browser to uniquely identify you when you return to the website. Cookies are set to make our website user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

 

Name

Language

Region

 

In addition, cookies enable an analysis of user behavior when visiting the website. In this way, the following data can be transmitted

 

Keywords entered

Frequency of homepage visits

Use of the website functions

 

The data collected in this way is pseudonymized by technical precautions. It is therefore not possible to assign the data to an individual user. The data is not stored together with other personal data of the users.

Some of the cookies used are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and allow us to recognize your browser on your next visit (so-called persistent cookies). Cookies are stored on your computer and transmitted to our website. Therefore, you as a user have full control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are not accepted, the functionality of our website may be limited.

If you select a direct payment portal to complete your purchase, Shopify stores your credit card information. Your personal information is encrypted during the online checkout process using PCI-DSS (Payment Card Industry Data Security Standard). Your checkout information is stored only as long as necessary to complete the transaction. After that, your purchase processing data will be deleted.

The legal basis for this data processing is Art. 6 (1) (f) DS-GVO. The purpose of using Shopify is to sell our products quickly, easily and securely online. Likewise, we want to simplify the use of our websites and make the visit more attractive for you. By working with Shopify, we learn how our website is used and can thus constantly optimize our offer and better tailor it to your needs and interests. For this purpose, our legitimate interest lies in the processing of personal data pursuant to Art. 6 (1) (f) DS-GVO.

Order

In addition, we offer the possibility on the website to request and purchase our products without registering for a customer account via an order form. The following data is collected during the ordering process via the order form:

First and last name (required)
Billing or shipping address (required)
E-mail address (required)

The purpose of the order form is to conclude a contract with us. The data processed in the order form is thus used to conclude or terminate the contract with the user.

The legal basis for this data processing is Art. 6 para. 1 lit. b) DSGVO (contract performance and pre-contractual measures), as the user provides us with the data based on the respective contractual relationship (e.g. management of the customer account, processing of the purchase contract).

Payment Methods

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively, "payment service providers").

We offer various payment methods via the Shopify platform. The data processed by the Payment Service Providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the payment service providers transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.

For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.

Further information on processing procedures, methods and services of the payment providers offered:

Business Services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data in order to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., in principle after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

Integration of Zoho Desk

Email enquiries that reach us via support@outdooractive or service@outdooractive.com, or enquiries that are entered via the support form, are processed automatically using Zoho's "Desk" software. This enables us to direct the support quickly and purposefully into the right channels.  

In the process, the personal data you provide to us (e.g. name, e-mail address, your request, etc.) is processed; we do not pass on any data to Zoho. Depending on the content of your request, the data required to process this request may vary. The provision of further data is voluntary. We only use the data you provide for processing your specific enquiry. The data provided will be treated confidentially. This data is transmitted to Zoho Desk servers in Europe (Holland and Ireland) and thus within the European Union and processed there by Zoho on our behalf. 

Zoho Desk does not process your data if you use our website for information purposes only and do not contact us. The use of Zoho Desk is therefore optional. 

In order to oblige Zoho Desk to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Zoho Desk. 

The aforementioned transmission and processing of data serves the purpose of being able to answer your enquiries quickly and efficiently. This is also our legitimate interest in the processing of the above data by the third-party provider. Insofar as you have given your consent, the legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR Insofar as the use of the content or function of Zoho Desk serves to initiate or execute a contract with us, Art. 6 (1) sentence 1 lit. b)  GDPR constitutes an additional legal basis for the processing. Otherwise, Art. 6 para. 1 p. 1 lit. f) GDPR is the legal basis for the processing.You can revoke your consent to the processing of your personal data at any time. You can also object to the storage of your personal data at any time. Please note that in this case you may not be able to use our website or individual functions of our website to their full extent. 

Subject to statutory retention obligations, stored data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Information of the third party provider: ZOHO CORPORATION B. V., Beneluxlaan 4B, 3527 HT UTRECHT, The Netherlands. https://www.zoho.eu/gdpr.html

For more information about Zoho Desk's privacy policy, data processing practices, settings to protect your personal data and your rights, please visit the following Zoho Desk web pages:

 

Privacy Policy: https://www.zoho.com/de/privacy.html?lb=de

Informationon the German Data Protection Regulation (GDPR): https://www.zoho.com/de/desk/gdpr.html

Security-Whitepaper: https://www.zoho.com/de/security.html?lb=de

Cookie-Policy: https://www.zoho.com/de/privacy/cookie-policy.html

Terms of Use: https://www.zoho.com/de/terms.html

 

The legal basis is your consent, Art. 6 Abs. 1 S. 1 lit. a) GDPR.

Outdooractive Plattform

We offer links to other Outdooractive AG services on the store.outdooractive.com website. The general terms and conditions for these services can be viewed at https://www.outdooractive.com/de/terms-and-conditions.html.

The data protection provisions for these offers can be viewed at  https://www.outdooractive.com/de/privacy.html .

Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.