language and country

PRIVACY POLICY

1. Name and contact data of the data controller and also the company data protection officer

This Privacy Policy applies to data processing by:

Controller: Calida Group Digital GmbH (hereinafter referred to as Calida Group Digital)
Gewerbepark BWB 2, 83052 Bruckmühl, Germany

E-mail: [email protected]
Telephone: +49 8062 72133-10
Fax: +49 8062 72133-499

The company Data Protection Officer of Calida Group Digital can be contacted under the above address, for the attention of the Data Protection department, or at [email protected].

2. Collection and storage of personal data and also nature and purpose and their use

a) When visiting the website

When you access our website www.calida.com , the browser on your end device automatically sends information to our website server. This information is temporarily saved in a log file. The following infor-mation is collected without any action on your part and saved until automated deletion:

  • IP address of the querying computer,

  • date and time of the access,

  • name and URL of the accessed file,

  • website from which the access was made (referrer URL),

  • browser type and version and also further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, language setting etc.).

We process these data for the following purposes:

  • ensuring trouble-free connection to the website,

  • ensuring comfortable use of our website,

  • evaluating system security and stability and also

  • for further administrative purposes.

The legal foundation for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f General Data Protection Regulation (GDPR). Our justified interest follows from the above purposes for the data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we also use cookies and analytics services during visits to our website. Further explanations can be found under sections 4 and 5 of this Data Protection Policy.

b) When ordering as a guest

If you would like to order products as a guest via our website, we collect the following information:

  • salutation, given name, surname,

  • a valid email address,

  • address,

  • payment data, depending on the payment method you chose (for example credit card data, bank details or PayPal account data).

  • if you purchase products on account: your date of birth and telephone number.

These data are collected

  • in order to identify you as our contractual partner;

  • to check the entered data for plausibility;

  • to process the payment of your order;

  • to process any warranty claims which may arise and also to assert any claims against you;

The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and pre-contractual measures.

To ensure smooth and simple processing of your order and for faster clarification of queries, you can also provide other data:

  • your telephone number and

  • an alternative delivery address.

Provision of these data is voluntarily.

Your personal data which we collect for the order are saved until the end of the statutory warranty period and then automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties (under Commercial Code, Criminal Code or Tax Code) or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

c) When setting up a user account

You can set up a password-protected user account with us in which we save your personal data. The purpose of this is to provide you with the greatest possible comfort through easier, faster and more personal purchasing in the processing of your orders.

If you would like to set up a password-protected user account with us, we need the following information from you:

  • salutation, given name, surname,

  • address and also

  • a valid email address.

In addition, to open a user account you have to enter a password of your choice. Together with your email address this provides access to your user account. In your user account you can view and change the data saved about you at any time.

For faster clarification of queries, you can also provide your telephone number. This is voluntarily and not required for opening the user account.

In addition, you can state your date of birth so that we can surprise you with a present (e.g. a discount or a special offer) if you subscribe for the newsletter.

We only save your personal data in a user account, if you have voluntarily given your consent to us under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

Creating a user account is not required for using our website or for orders you would like to place with us. We also offer you the possibility of placing your order as a guest (see section 2. b)). In that case however, you have to enter all your data again for every order.

After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties (under Commercial Code, Criminal Code or Tax Code) or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

d) When registering for our newsletter

We distribute a newsletter that contains personalised product recommendations from our own product range and information about special benefit programmes for customers (including contests, discounts and sales). As part of the compilation and distribution of the newsletter, we process personal data about you, including behaviour-related information, and work with the company Emarsys eMarketing Systems AG (hereinafter: “Emarsys”).

Provided that you have given your express consent in accordance with Article 6 (1), Sentence 1, point a of the General Data Protection Regulation (GDPR), we will use your e-mail address for the purpose of sending you our newsletter. The provision of an e-mail address is the only requirement for a subscription to the newsletter.

You will subsequently receive a registration confirmation via e-mail that you must confirm in order to receive our newsletter (double opt-in). This serves as proof to us that you actually initiated the registration process.

If you have not registered for our newsletter, we regularly use your e-mail address following an order to send you our newsletter with information about products similar to the ones that you just ordered, provided that you do not object to this practice. The processing of personal data is authorised in this connection under Article 6 (1), Sentence 1, point f of the GDPR as a result of our legitimate interest in conducting direct marketing activities.

You may cancel the newsletter at any time without stating your reasons by using the unsubscribe link in the e-mail, by making the request directly in your user account or by directly notifying [email protected]. You will then no longer receive the newsletter.

Our newsletter is offered exclusively as personalised information in order to draw your attention to special offers that may be of interest to you and fulfil your needs. For this reason, other available information about you, including customer data from your user account, purchasing history and usage behaviour (e.g. wish lists, basket contents, finding favourite products, CALIDA friends+forever and accessed product pages) is used in addition to your e-mail address to offer personalised content. On the basis of your consent or our legitimate interest in conducting optimised direct marketing, your purchasing and usage behaviour in the online shop at calida.de is tracked and analysed for the purpose of selecting content, and is linked to your user account. We do not make additional use of the profile information or transmit it to third parties.

We use the services of Emarsys to technically perform the individual configuration. Emarsys analyses the information described above on our behalf for the purpose of planning content for the newsletter. In this process, opening, clicking, bounce, order, log-off and conversion rates are evaluated. The analysis also uses cookies or pixel tags that collect information such as the IP address, browser type/version, e-mail client and time of access. As a result, we can see who opened the e-mail and clicked the links contained in it. You can cancel our newsletter at any time if you object to this analysis.

A processor agreement pursuant to Article 28 of the GDPR has been concluded with Emarsys. Under this agreement, Emarsys warrants that it will process data in compliance with the GDPR and guarantees that the rights of data subjects will be protected.

You will find more information on Emarsys’s tracking activities here.

f) When registering with "CALIDA friends+forever"

The information on data protection when registering for the "CALIDA friends+forever" loyalty program can be found here www.calida.com/cms/friends-forever/data-privacy.

g) When using our contact form

If you have questions of any nature, you can get in touch with us via a form availa-ble in the website contact information. This requires the stating of a valid email address and also your given name and surname so that we know who sent the query and how we can answer it. The telephone number can be provided voluntarily.

The data for the purpose of contacting us are processed under Art. 6 Subs. 1 Sen-tence 1 lit. a GDPR on the basis of your voluntarily given consent.

The personal data we collected for using the contact form will be automatically deleted after your query has been dealt with.

h) Advertising by mail

We will use the address provided by you within the framework of your order to regularly send you information on our products and offers by mail, as long as you have not indicated your objection to us. In this context, we process your name and address in accordance with Article 6 (1) sentence 1 (f) GDPR and our legitimate interest to inform our customers about our product range.

i) Participation in a contest

If you participate in one of the contests on our website, we will use your data (name, address, e-mail address, possibly gender and birthday) that you enter into the input box. We will use the data to conduct the contest and determine whether you are eligible to participate, to inform you about any prize that you may have won and to improve our future contests.

Upon presentation of your voluntary authorisation, the legal basis for processing data in connection with the contest will be Article 6 (1) point (a) of the General Data Protection Regulation. The processing of data required to conduct each contest is based on Article 6 (1) point b of the GDPR.

Data will be stored and processed as long as this is required to conduct the contest. We will erase all of your personal data collected in connection with the contest no later than two weeks after the contest has ended, provided that you have not authorised its continued use beyond this date.

The winners’ personal data will be erased no later than three years after the end of the contest. The data may not be erased at an earlier point in time due to the potential need to reconstruct the contest as part of a legal recourse process initiated against it.

We conduct our contests with the assistance of the service provider Emarsys. Emarsys sends confirmation of participation to contestants on our behalf as well as notifies winners using their e-mail addresses and names. You will find more information regarding the sharing of data with Emarsys in section 3. h) aa) of this data protection document.

3. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those given below.

a) Transfer to CALIDA AG

Your personal data will also be transferred to CALIDA AG, Industrie Münigen, Bahn-hofstrasse CH-6208 Oberkirch, Schweiz.

The data will be transferred under the joint responsibility for data protection for internal administrative purposes and for ensuring central customer management.

The data will be transferred on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR, whereby the stated purposes are to be considered as justified interests within the meaning of this regulation.

b) Contract processing

In so far as this is legally permissible and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR required for the processing of contractual relationships with you, your per-sonal data will be transferred to third parties. This includes in particular transfer to shipping companies for the purpose of delivering the goods you ordered. The transferred data may be used by the third parties solely for the stated purposes.

c) Payment processing

When fulfilling the contract, we sometimes work with payment service providers for processing payment. In this context, we forward the purchase amount and, as necessary, other data about you to the provider. The categories of data forwarded for this purpose differ according to the provider and the selected option. Any forwarding of personal data to providers takes place on the basis of Article 6 (1), Sentence 1, point f of the GDPR. We have a legitimate interest within the meaning of the above regulation, namely that of being able to offer you the respective payment option. Details of the providers follow here:

Adyen: If a payment is made with a credit card or a SEPA direct debit mandate, the payment will be processed by our payment service provider Adyen (Adyen N.V., Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands). In such instances, your IP address; such order information as your invoice total, customer number, e-mail address and payment ID; and the credit-card or bank account data that you input will be provided to Adyen for the purpose of further payment processing. Adyen will provide this information to other third parties when it is necessary to process the payment (e.g. banks and credit-card companies).

Adyen will be solely responsible for the processing of payment data that subsequently occurs as part of payment processing. Data will be collected and transmitted in encrypted form. We will not have access to this information. You can find more information on data protection regarding Adyen here.

Adyen also provides us with other payment-related services. In this case, your IP address, customer data, order and invoice data as well as payment data related to the payment service being used will be provided to Adyen if this information is required in order to include the payment services on our website for you. You will find information about the individual payment services and possible integration via Adyen below.

Your individual payment data will be stored in encrypted form by Adyen if you have consented to this step. We do not have access to this payment data. If necessary, we will store only a portion of the payment information (e.g. the last four digits of a credit-card number) to provide you with an overview of means of payment on your user account on our website. You may revoke your consent for this payment data to be stored at any time with future effect. The data will then be promptly erased, provided that this information is not needed to process selected payments.

PayPal: If you enter your payment data on our website, we forward the data necessary for processing payment to PayPal (Europe) S.a.r.l. et Cie, S.C.A. (“PayPal”). If data is forwarded to the PayPal website, we have no access to the data collected by PayPal. You will find more information on data protection related to PayPal here.

Amazon Pay: If you enter your payment data on our website, we forward the data necessary for processing payment to Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxemburg (“Amazon Pay”). If data is forwarded to the Amazon Pay website, we have no access to the data collected by Amazon Pay. You will find more information on data protection related to Amazon Pay here.

Klarna: If you select the payment options provided by Klarna (“purchase on account”, “direct payment with Sofort” and “direct debit mandate”), personal data such as contact and order data will be transmitted to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). Klarna can thereby assess whether you can make use of the payment options it offers and tailor the payment options to your needs. The integration of Klarna direct payment with Sofort and direct debit mandate of Klarna will be conducted via Adyen (see above).  You will find privacy information regarding Klarna in the bank’s data protection policies and here.

Heidelpay: When paying via credit card, name and address of the credit card holder as well as credit card number and expiry date will be forwarded to the financial institution Heidelpay GmbH, Vangerowstrasse 18, 69115 Heidelberg. You will find more information on data protection related to Heidelpay here.

d) For identity and creditworthiness checks

If we make advance outlays for your purchase, for example for a purchase on account, we may obtain a credit check on the basis of mathematical-statistical methods pursuant to Art. 6 Subs. 1 Sentence 1 lit. a and b GDPR on the basis of your express consent and if it is required for concluding or fulfilling the contract.

To that end, we transfer your personal data required for the creditworthiness checks (given name and surname, street, number, postal code, town, date of birth, telephone number and in the case of purchase per direct debit the given bank details) to an external service provider. For identity and creditworthiness checks we work together with creditpass GmbH.

On the basis of your personal data, creditpass GmbH gives us information about the statistical probability of payment default. We use this information for a balanced decision on creating, performing or ending the contractual relationship.

The credit check can contain probabilities (score values), which are calculated on the basis of scientifically recognised mathematical-statistical methods and which include inter alia address data in their computation.

e) Transmission to CaperWhite GmbH

In the context of our mobile cash point solution (tablets) in our retail stores, we offer you the option to purchase our products using the tablets and to view your customer data.

In the context of the mobile cash point solution ("Omni-Channel"), we transmit your customer master data and data on the order history (see Section 2. b)) to CaperWhite GmbH, Ludwigstr. 73A, 70176 Stuttgart.

This service provider was carefully selected and commissioned by CALIDA AG as part of our group of companies, is bound to their instructions and is controlled on a regular basis in particular with respect to the adequate technical and organisational measures for ensuring data security. For this, CaperWhite GmbH uses servers located in Europe, and no data will be transmitted to the U.S.

Data are transmitted on the basis of our legitimate interests and the legitimate interests of CALIDA AG as defined in Art. 6 (1) Sentence 1 (f) GDPR. Our legitimate interest is to optimise and improve customer management and our portfolio of services offered.

h) Provision of data to Emarsys and shipcloud

As part of our offerings, we must send you notifications on occasion and provide information to you in the process. We share your personal data with third parties who help us disseminate the notifications in this connection. We share this personal data with third parties on the basis of our legitimate interests under Article 6 (1), page 1, point f of the GDPR.

aa) Provision of data to Emarsys

We work with the service provider Emarsys to distribute your notifications. Emarsys performs a number of jobs on our behalf, including the sending of order confirmations, shipping confirmations, cancellations, confirmations of contest participation and prizes as well as notifications related to user accounts and other confirmation notifications.
We provide your data (Name, first name, e-mail address, address, shipping address, delivery address, account details) to Emarsys for the sole purpose of processing your online order.
We have concluded a data processing agreement with Emarsys. Under this agreement, Emarsys affirms that it will process data in compliance with our instructions as well as guarantees that the rights of data subjects are protected.
You will find more information on data protection in connection with Emarsys here.

bb) Provision of data to shipcloud

As part of our order processing, we also work with the service provider shipcloud GmbH, Heinz-Fangman-Str. 2-4, Haus 4, 42287 Wuppertal (“shipcloud”). shipcloud handles the dispatch of the dispatch confirmation (complete and/or partial delivery of the goods) and the dispatch of your invoice for your order. You can also track your order with the help of shipcloud’s service. Finally, with the help of shipcloud we inform you about processing status of any products you return.
We provide your data (Name, first name, e-mail address, address, shipping address, delivery address, billing address, if applicable, account details) to shipcloud for the sole purpose of processing your online order.
We have concluded a data processing agreement with shipcloud. Under this agreement, shipcloud affirms that it will process data in compliance with our instructions as well as guarantees that the rights of data subjects are protected.
You will find more information on data protection in connection with shipcloud here.

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and saves on your end device (laptop, tablet, smartphone or suchlike when you visit our website. Cookies do not cause any harm to your computer and do not contain any viruses, trojans or other malware.

The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.

Cookies are used on the one hand so that we can make the use of our offerings more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages our website, you have already logged on in your user account or for displaying the shopping cart. These are automatically deleted after you leave our website.

In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.

On the other hand, we use cookies to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you (see section 5). These cookies enable us to automatically recognise that you were here before the next time you visit our website. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are required for the stated purposes to protect our justified interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.

5. Analytical tools

The following tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.

Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.

These interests are to be considered as justified within the meaning of the aforementioned regulation.

The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.

a) Criteo

This website uses technologies from Criteo GmbH to collect and save information on the surfing behaviour of website visitors in anonymised form for marketing purposes. This is done by means of cookies (see section 4). Criteo uses an algorithm to analyse surfing behaviour and can then display targeted personalised advertising banners adverts on other websites (publisher). Under no circumstances can the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our offerings. There will be no other use or transfer to third parties.

You can object to the anonymised analysis of your surfing behaviour on this website by clicking on this link: https://www.criteo.com/privacy/.

If you have opted out (opt-out cookie) and you would like to see personalised Criteo banners again, please click here: https://www.criteo.com/privacy/.

Further information about the Criteo technology can be found in the Criteo data protection policy: https://www.criteo.com/privacy/.

b) intelliAd

This website uses the web analytics service intelliAd, which is provided and operated by emarketing AG, Landsberger Strasse 110, 80339 Munich, Germany, on behalf of the website operator. Anonymised usage data is processed and stored in aggregated form for the purpose of demand-oriented design and optimisation of this website. The data collected does not allow either the operator of the website or emarketing AG to draw conclusions about individual users. When intelliAd tracking is used, cookies are stored locally. You have the right to object to the processing of your usage data. To do so, use the intelliAd opt-out function. You can also set your browser so that it generally prevents cookies from being set. To improve tracking accuracy, the "first-party tracking" method is used. In this process, a first-party cookie (ia-8363035313236323131303) is set on the customer domain. Complete IP addresses are also not stored in the procedure and are only processed in anonymised form.

You can find intelliAd’s Privacy Policy at https://www.intelliad.com/privacy-policy/.

c) New Relic

We use the "New Relic" web analysis service from New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA, for reachability and performance monitoring of our server. Cookies may be used for this (see section 4). Pseudonymised use profiles are used to measure and analyse the technical performance data (for example response and loading times) which help to improve server performance.

Further information about data protection in conjunction with New Relic can be found here https://newrelic.com/privacy.

d) MaxMind

We transfer your IP address to the service provider MaxMind, Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, hereinafter "MaxMind"), to determine your approximate location (e.g. country, town, district) and offer you individual store locator services based on your current location (e.g. the location of the nearest store). The IP address will be sent to and saved on a MaxMind server in the USA. MaxMind is subject to the EU-US Privacy Shield, so that an adequate data level is guaranteed. We use your location data processed in that manner solely for this function. The data are deleted once you finish using it.

Further information about data protection in conjunction with MaxMind can be found here https://www.maxmind.com/en/privacypolicy?pkitlang=en.

When opening the store finder you will also be asked by your browser whether you want to send your exact location to us. In so far as you give your consent to the browser operator pursuant to Art. 6 Subs. 1 Sentence 1 lit. a GDPR, your browser will send your exact location to us, so that as part of the store locator function we can offer you individual services (e.g. the location of the nearest store) based on your exact location (address). We use your location data processed in that manner solely for this function. The data are deleted once you finish using it.

In your browser you can make a corresponding setting to the browser software to block geo-localisation; we must point out that in this case you may not be able to use all the functions (e.g. Storefinder) on this website.

e) DoubleClick

Our website uses cookies (see section 4) to collect and analyse information for optimising advertising. We use targeting technologies from Google LLC (Double Click, Double Click Exchange Buyer, Double Click Bid Manager).

These technologies enable us to provide you with targeted advertising reflecting your personal interests. The cookies used collect information, for example, about which of our products you are interested in. From this information we can also show you offers on third-party websites that are geared especially to your inter-ests as reflected in your past user behaviour. Your user behaviour is captured and analysed solely pseudonymised and it does not enable us to identify you. In par-ticular, the information is not merged with your personal data.

The cookie is automatically deleted after 30 days.

You can also make settings for displaying interest-based advertising via the Google advertising settings manager.

Further information and the data protection policy concerning advertising and Google can be found in the Google Data Protection Policy and Terms of Use.

f) Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically capture and analyse the use of our website in order to optimize our offerings for you. To this end, Google Adwords saves a cookie (point 4.) on your computer in so far as you access our website via a Google advertisement.

These cookies expire after 30 days and do not permit personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked the advertisement and was redirected to that page.

Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the webpages of Adwords customer. The information generated via the conversion cookie is used to produce conversion statistics for Adwords customers who have opted to use conversion tracking. The Adwords customers find out the total number of users who clicked their advertisement and were redirected to a page containing a conversion tracking tag. They do not receive any information, however, which can be used to identify users personally.

If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that it blocks cookies from the "www.googleadservices.com" domain.

You can find Google's privacy notice on conversion tracking here: https://services.google.com/sitestats/en.html

g) Google Adwords Remarketing

We use Google Remarketing Tags from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google")) on our website.

These technologies enable us to provide you with advertising customized to you. The cookies used (point 4.) capture, for example, information about the products in which you have shown an interest. We use this information to show you offers on third-party sites that reflect your interests as established by your previous use behaviour. Your use behaviour is captured and analysed entirely pseudonymously and does not enable us to identify you. In particular, the information is not combined with your personal data.

Google complies with the data protection provisions in the "US Safe Harbor" Convention and is registered in the US Department of Commerce "Safe Harbor" programme. Google uses this information to analyse your use of the website, to compile reports about the website activities for the website operator and to render other services related to the use of the website and the Internet.

Google may also transmit this information to third parties, in so far as this is required by law or if third parties process these data on behalf of Google. Third-party providers, including Google, display advertisements on websites on the Internet and use stored cookies to place advertisements on the basis of a user’s previous visits to the website. Permission to collect and store data can be withdrawn at any time with effect for the future.

If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies.

Further information about the Google data protection policy can be found here: https://policies.google.com/privacy?hl=en

h) Facebook Custom Audiences (EN)

In addition, we also use Facebook website custom audiences of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This is a marketing service at Facebook. It enables us to have individually co-ordinated and interest-based advertising on Facebook shown to certain groups of pseudonymised visitors to our website who also use Facebook.

A Facebook custom audience pixel is integrated in our website. This is a Java Script code via which personal data concerning the use of the website is stored. This includes your IP address, the browser used as well as the originating and destination page. This information is transmitted to Facebook servers in the USA. Facebook is subject to the EU-US privacy shield, so that an appropriate data level is guaranteed.

There, an automated comparison will be made to ascertain whether you have stored a Facebook cookie. Via the Facebook cookie, it will automatically be established whether you belong to the target group relevant for us. If you belong to the target group, you will be shown corresponding adverts by us on Facebook. During this process, you will not be personally identified, either by us or by Facebook, through the comparison of the data.

You can also prevent the use of Facebook custom audiences by clicking on this link. Through this opt-out, any future recording of your personal data when visiting this website is prevented.

i) Facebook pixel

We use the tracking pixel of Facebook. The social network Facebook is offered by Facebook Inc. or, if you are located in the EU, by Facebook Ireland Ltd. The Facebook pixel enables us to see how you respond to our advertisements on Facebook, for example when you click on a link in the ad that takes you to our website. Custom conversions allow us to measure and analyse the effectiveness of measures aimed at target groups in connection with Facebook. As a result, we gain a better overview of the success of our campaigns in connection with Facebook and can continually optimise them.

The tracking pixel is installed on your device when you respond to an ad we have placed on Facebook, for example because you click on a link to our site in the ad. In this context, a pixel ID is created and stored in a cookie, allowing us to analyse your user behaviour until the tracking pixel expires. The tracking pixel is not used to identify you personally.

k) Adition

We use the service ADITION from ADITION technologies AG, Oststrasse 55, D-40211 Düsseldorf, Germany (hereinafter: “Adition”), to optimise the advertising that we display. In this context, pseudonymised user profiles are produced and cookies (see point 4) are used. In addition, in individual cases ADITION uses stored cookie information for statistical surveys. The information processed by the cookie concerns the use of this website (such as browser type and version, operating system, referrer URL (the site visited prior to visiting this site), the cookie ID, the host name of the accessing computer (IP address), and the time of the server request).

You have the option at any time of using a cookie opt-out to prevent your usage data from being recorded by the system. Clicking on this link will keep your data from being recorded. In this case, ADITION replaces the current cookie with a new opt-out cookie. This new opt-out cookie deletes previously stored information, including the IP address, and prevents further personal data from being recorded. You will find further information in the data privacy statement of ADITION.

l) Sociomantic

We use the service Sociomantic from dunnhumby Deutschland GmbH, Paul-Lincke-Ufer 39/40, 10999 Berlin, Germany (hereinafter: “Sociomantic”). With this service, users who have already visited our website and taken an interest in our offer can be addressed again through targeted advertising on the web pages of Sociomantic’s partner network. The advertising shown is based on information about the user’s visit to the respective websites, which is stored in cookies (see point 4) and pixel tags, among other things. These cookies are read during subsequent website visits in order to make targeted product recommendations. For this purpose, a randomly created identification number is stored in the cookies. Neither this number nor any information about your visit to the websites can be assigned to you personally. Neither we nor Sociomantic will connect this information with personal data or pass your personal data on to third parties.

You can prevent tracking by Sociomantic clicking on this link and activating the “Opt-out“ box found there. This will place an opt-out cookie in the browser you used when you clicked on this button. The opt-out cookie will work only on this browser and only for our website. It will be placed on your device. If you delete cookies from this browser, you will have to install the opt-out cookie again. You will find further information in the privacy policy of Sociomantic.

m) AppNexus

We use the services of AppNexus Inc., 28 W 23rd Street, 4th Floor, New York, NY, 10010, USA (hereinafter: “AppNexus”). AppNexus has a technology platform that we can use to purchase, sell, and deliver online advertising. In this context, pseudonymised user profiles are produced and cookies (see point 4) are used. The information created by the cookie about your visit to this website (such as browser type and version, operating system, referrer URL (the site visited prior to visiting this site), the cookie ID, the host name of the accessing computer (IP address), and the time of the server request) are transferred to an AppNexus server in the USA and stored there.

AppNexus observes the data protection provisions of the US Privacy Shield and is registered with the US Privacy Shield programme of the U.S. Department of Commerce. Through this certification, AppNexus warrants that it will process data in compliance with the General Data Protection Regulation (GDPR) and guarantee the protection of the rights of the affected parties.

You can prevent tracking by AppNexus by clicking on this link and the “Opt-out“ button found there. This will place an opt-out cookie in the browser you used when you clicked on this button. The opt-out cookie will work only on this browser and only for our website. It will be placed on your device. If you delete cookies from this browser, you will have to install the opt-out cookie once again. You will find further information in the privacy statement of AppNexus.

n) Google Analytics

We use Google Analytics, a web analytics service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (hereinafter referred to as “Google”), on our website. In this context, pseudonymised user profiles are produced and cookies are used. The information created by the cookie about your use of our website (such as the IP address of the computer system used to access it, the time of access, the referrer URL, and information on the browser and operating system used) is usually transferred to Google servers in the U.S. and processed there. Google observes the data protection provisions of the US Privacy Shield and is registered with the US Privacy Shield programme of the U.S. Department of Commerce. As a result, there are safeguards offering compliance with EU data protection law. Google Analytics is used to protect our legitimate interests (Article 6 (1) sentence 1 point (f) GDPR) in analysing and optimising our online offer and operating this website cost-effectively. Consequently, Google processes the information on our behalf to evaluate use of the website, to compile reports on website activities and to provide us with other services relating to website and Internet use for purposes of market research and tailoring these Internet pages to user needs.

We have concluded a data processing agreement with Google on the use of Google Analytics. Under that agreement, Google warrants that it will process data in compliance with the General Data Protection Regulation (GDPR) as well as guarantee that the rights of data subjects are protected.

We use Google Analytics only with IP anonymisation enabled. That means the user’s IP address will be truncated by Google within member states of the European Union or in other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address sent to a Google server in the U.S. and truncated there.

We have enabled the advertising functions of Google Analytics. This results in reports on target groups, demographic attributes (such as age and gender) and the interests of site visitors, as well as on our marketing campaigns. The data for these reports comes from campaigns conducted using Google services, interest-based advertising by Google, the Google Display Network, and visitors’ data from third-party providers. Your identity is not disclosed directly to us as part of that. We can use these reports to improve analysis of user behaviour even further in connection with our online offers, and optimise the way we address our target groups.

If you do not wish your user behaviour to be included in these reports, you can, for example, disable this function by using the ad settings in your own Google account or prevent recording of data by Google Analytics as described further below. You can also restrict the recording of data by not logging on to your own Google account when you visit our pages.

We do not use Universal Analytics with a user ID, which is offered by Google.

The recorded data may be transmitted to third parties where this is required by law or third parties process the data on our behalf. The user data recorded by means of cookies is automatically erased after 14 months.

You can prevent installation of cookies by making the relevant setting in your browser software. However, we point out that if you do so, you may not be able to use all of the features of this website in full. You can also prevent recording of the data relating to your use of the website and generated by the cookie (including your IP address) and processing of this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, in particular for browsers on mobile devices, you can also prevent data being recorded by Google Analytics by clicking on the following link. Analytics opt-out

You can find more information on data privacy in connection with Google Analytics in the Google Analytics Help, for example. You can find information on Google’s use of data in its Privacy Policy.

o) Emarsys Web Extend and Smart Insight

We use Emarsys Webextend and Smart Insight of Emarsys eMarketing Systems AG (hereinafter: “Emarsys”) to evaluate the behaviour of our website visitors and to personalise the newsletter (see 2. d). In this context, pseudonymised user profiles are produced. In addition, cookies (see Item 4) and JavaScript snippets are employed.

Emarsys receives the information generated by the cookies about the use of the website (e.g. IP address, browsing information and the item numbers of products that were viewed or placed into the basket). The cookies are erased at the end of a session or no later than a year after they were put into place.

We use the information obtained by Webextend to enhance existing customer profiles and to enable individualised content. For this purpose, we use information including receipt and read confirmations of e-mails as well as information about the computer and Internet connection, operating system, platform, your surfing history, your ordering history, the date and time of your visit to the home page and products/items that you viewed.

If you have registered for our newsletter, if you have a user account and have logged onto it or if you visit our site by clicking on a link in a newsletter, we will link the collected information to your profile on the basis of your consent (see 2. d).

The use of Web Extend and Smart Insight is based on our legitimate interest (Article 6 (1), Sentence 1, point f of the GDPR) in analysing and optimising our online and advertising offers. For this reason, Emarsys processes information on our behalf in order to assess the use of our website and our newsletter as well as to compile reports about the activities of our customers and interested individuals.

A processor agreement pursuant to Article 28 of the GDPR has been concluded with Emarsys. Under this agreement, Emarsys warrants that it will process data in compliance with the GDPR and guarantees that the rights of data subjects will be protected.

You may prevent the data processing on our website by Emarsys by clicking here. This will cause an opt-out cookie to be placed, which prohibits collecting data about your usage behaviour on our website by Emarsys in the future. The opt-out cookie will work only on this browser and only for our website. It will be placed on your device. If you delete cookies from this browser, you will have to install the opt-out cookie again. This will not delete the information processed thus far for the purpose of offering a personalised newsletter solution. If this is no longer the case and you do not wish to take advantage of the personalised newsletter offer, then you can unsubscribe from our CALIDA newsletter at any time. Simply send an e-mail letting us know that you wish to unsubscribe to [email protected].

p) Meta Conversion API (Facebook)

On our website we use the tracking tool Meta Conversion API from the American Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Via this data interface, we exchange data about your behaviour with Facebook based on our legitimate interest (Article 6 (1) point (f) DSGVO) or your consent (Article 6 (1) point (a) DSGVO). This allows us to show you personalised advertisements. We and Facebook also use this data to process your transactions. Through the Conversions API, Facebook receives information about your visit to our website and your behaviour there. If you are registered with a service offered by Facebook, Facebook can assign the visit to your account.

Because Meta also processes your data in the likes of the USA, we would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can result in various risks for the legality and security of the data processing. Meta uses standard contractual clauses (SCC) as the basis for Data Processing outside of the European Union, e.g. in the USA. Meta thereby undertakes to comply with the European level of data protection when processing your data, even outside the European Union.

You can find information on Meta’s processing based on standard contractual clauses here https://www.facebook.com/legal/EU_data_transfer_addendum and here https://www.facebook.com/legal/terms/dataprocessing.

You can find information about the data that is processed by the Meta Conversions API here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

You can find information about the data security conditions that Meta uses to protect your data here: https://www.facebook.com/legal/terms/data_security_terms

You can deactivate the tool at any time in your cookie settings. If you are logged into Facebook, you can make changes here: https://www.facebook.com/settings/?tab=ads#

q) Hotjar

"We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site."

6. Social media plug-ins

We use social plug-ins on our website on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR in order to make our company more well known. The underlying promotional purpose is to be considered as a justified interest within the meaning of the GDPR. The responsibility for the data protection compliant operation is to be ensured by the pertinent provider. We integrate these plug-ins using the two-click method so as to give visitors to our website the best possible protection.

a) Facebook

Our website uses plug-ins from the Facebook social network which is offered by Facebook Inc.. The Facebook plug-ins are marked by a Facebook logo or the label "Like" or "Share". An overview of the Facebook plug-ins and their appearance can be found under https://developers.facebook.com/docs/plugins.

If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Facebook’s servers. Facebook will send the content of the plug-ins directly to your browser and integrate it in the website.

This integration will give Facebook the information that your browser has opened the corresponding page of our website, even if you do not have a Facebook profile or not currently logged in with Facebook. This information (including your IP ad-dress) will be sent by your browser directly to a Facebook server in the USA and saved there.

If you are logged in with Facebook, Facebook can directly associate the visit to our website with your Facebook profile. If you interact with the plug-ins, for example click the "Like" button, this information will also be directly sent to a Facebook server and saved there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The purpose and scale of the data collection and the further processing and use of the data by Facebook and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Facebook data protection information: http://www.facebook.com/policy.php.

If you do not want Facebook to associate the information collected about your visit to our website directly to your Facebook profile, you have to log out from Facebook before visiting our website. You can also completely block the loading of the Facebook plug-ins with add-ons for your browser, e.g. with the "Facebook Block-er" http://webgraph.com/resources/facebookblocker/.

b) Twitter

Plug-ins from the social network Twitter Inc. are also integrated in our website. You can recognise the Twitter plug-ins ("Twitter" button) by the Twitter logo (a white bird on a blue background) and the label "Twitter". If you open a page of our website that contains such a plug-in a direct connection between your browser and the Twitter server will be opened. This will give Twitter the information that you have visited our website with your IP address. If you click on the Twitter button while you are logged in with your Twitter account, you can link the contents of our pages to your Twitter profile. This enables Twitter to associate the visit to our pages to your user account.

We must point out that as provider of the pages we receive no knowledge about the content of the transferred data or their use by Twitter. Further information about this can be found here https://twitter.com/privacy.

If you do not want Twitter to be able to associate the visit to our pages, please log out from your Twitter user account.

c) Google+

Our website uses plug-ins from the Google Plus social network offered by Google. The plug-ins can be recognised, for example, by buttons or the label "+1" on a white or coloured background. An overview of the Google plug-ins and their appearance can be found here: https://developers.google.com/+/plugins.

If you open a page of our website that contains such a plug-in, your browser opens a direct connection to Google’s servers. Google will send the content of the plug-ins directly to your browser and integrate it in the website. This integration will give Google the information that your browser has opened the corresponding page of our website, even if you do not have a Google Plus profile or not currently logged in with Google Plus. This information (including your IP address) will be sent by your browser directly to a Google server in the USA and saved there. If you are logged in with Google Plus, Google can directly associate the visit to our website with your Google Plus profile.

If you interact with the plug-ins, for example click the "+1ike" button, this infor-mation will also be directly sent to a Google server and saved there. The information is also published on Google Plus and displayed there to your contacts.

The purpose and scale of the data collection and the further processing and use of the data by Google and also your pertinent rights and settings possibilities to protect your private sphere can be found in the Google data protection information https://developers.google.com/+/web/buttons-policy.

If you do not want Google to associate the information collected about your visit to our website directly to your Google Plus profile, you have to log out from Google Plus before visiting our website. You can also completely block the loading of the Google plug-ins with add-ons for your browser, e.g. with the "NoScript" script blocker http://noscript.net/.

7. Trusted Shops seal

For the purpose of displaying our Trusted Shops seal, the comments that may be shown there and the presentation of Trusted Shops products to the consumer after order placement, the Trusted Shops Trustbadge is integrated into the website.

This serves to protect our broadly warranted interest in the optimal marketing of our product range within the context of consideration of interests pursuant to Section 6 (1) p. 1 letter f of the General Data Protection Regulation. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather St. 15C, 50823 Cologne, Germany.

When Trustbadge is accessed online, the web server will automatically store a server logfile, which contains such information as your IP address, date and time that the site was accessed, the amount of transferred data and the requesting provider (access data) and will document the retrieval. The access data will not be analysed and will be automatically overwritten no later than seven days after you completed your visit to the site.

Other personal data will transmitted to Trusted Shops only if you have authorised such transmissions, decided to use Trusted Shops’ products after completing an order or have already registered for usage. In this case, the contractual arrangement between you and Trusted Shops will apply.

8. SOVENDUS vouchers

After a purchase at www.calida.com we offer you the possibility to obtain vouchers for online portals via the Sovendus GmbH network.

As part of a process to provide you with an interesting voucher offer, we will send the hash value of your e-mail address and IP address in pseudonymised and encrypted form to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (Section 6 (1 f) of the General Data Protection Regulation). The pseudonymised hash value of the e-mail address will be used to determine whether any objection to receiving advertising from Sovendus has been filed (Section 21 (3) and Section 6 (1 c) of the General Data Protection Regulation). The IP address will be used by Sovendus solely for the purpose of data protection and, as a rule, will be anonymised after seven days (Section 6 (1 f) of the General Data Protection Regulation). For invoicing purposes, we will provide a pseudonymised order number, order amount in the currency used for the transaction, session ID, coupon code and time stamp to Sovendus (Section 6 (1 f) of the General Data Protection Regulation). If you are interested in receiving a voucher offer from Sovendus, no objection to advertising has been linked to your e-mail address and you click on the voucher banner displayed only for this sale, we will send your encrypted form of address, name and e-mail address to Sovendus for the purpose of preparing a voucher (Section 6 (1 b) of the General Data Protection Regulation).

To learn more about the way that Sovendus processes your data, please see the online privacy statement at https://www.sovendus.de/en/privacy_policy/.

9. Data subject rights

You have the right:

  • pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;

  • pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;

  • pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;

  • pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;

  • pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;

  • pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future and

  • pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.

10. Right to object

In so far as your personal data are processed on the basis of justified interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.

If you want to exercise your right to object, simply send an email to [email protected].

11. Data Security

All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

12. Actuality of and changes to this Data Protection Policy

This Data Protection Policy is the latest version and was last amended as of 07.05.2021.

The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under www.calida.com/cms/Legal-and-general-information/data-privacy.