Data Protection Policy
Deuter Sport GmbH is happy that you have visited our website. Data protection and data safety while our website is being used are very important to us. Therefore, we would like to take this opportunity to inform you about which of your personal data we collect when you visit our website and the purposes for which we use that data. Since changes in the law or our internal company processes may require us to amend this data protection policy, please consult it regularly. This data protection policy applies to Deuter Sport GmbH’s website, located at https://www.deuter.com.
1. Name of the Controller
The controller and service provider is Deuter Sport GmbH, Daimlerstraße 23, 86368 Gersthofen (hereinafter referred to as “Deuter”).
2. Name and Address of the Data Protection Officer
Our data protection officer is: Sebastian Meyer, Schwanweg 1, 90562 Heroldsberg. You may direct any questions about data protection to our data protection officer at any time, preferably by email to: Datenschutz@schwan-stabilo.com.
3. General Information About Data Processing
We collect and use our users’ personal data only to the extent necessary to provide a functional website and our content and services.
3.1 Personal Data
Personal data comprises all information regarding an identified or identifiable individual. This includes information such as your name, age, address, telephone number, birth date, email address, IP address, and user behaviour. Personal data does not include information that we cannot use to identify you without a disproportionate effort (due to the anonymization of personal data, for example).
3.2 Processing of Personal Data
Processing refers to any operation or set of operations – automated or not – performed on personal data or sets of personal data, including their collection, recording, organization, ordering, storage, adaptation, alteration, retrieval, consultation, use, disclosure through transmission, dissemination, or other means of disclosure, alignment, combination, restriction, deletion, or destruction.
3.3 Legal Bases for Processing Personal Data
As a rule, personal data is collected and used only with the user’s consent. Insofar as we obtain the data subject’s consent to the processing of his/her personal information, the legal basis is Art. 6(1)(a) of the General Data Protection Regulation (GDPR).
An exception applies in those cases where it is practically impossible to obtain prior consent and the processing of such data is legally permitted. If personal data is processed to perform a contract to which the data subject is party, the legal basis is Art. 6(1)(b) GDPR. This also applies to data processing that is necessary to carry out pre-contractual measures.
To the extent that the processing of personal data is necessary to comply with a legal obligation to which we are subject, the legal basis is Art. 6(1)(c) GDPR.
If the data processing is necessary to protect a legitimate interest of the controller or of a third party, and if the data subject’s interests, fundamental rights, and fundamental freedoms do not outweigh the aforementioned interest, the legal basis is Art. 6(1)(f) GDPR.
4. Data Processing Operations
Personal data is collected on this website when you provide it to us voluntarily (by filling out forms or sending emails, for example). We use this data for the purposes stated in each case or, for example, for the purposes arising from the request to contact you via your email address. Personal data is transmitted to third parties only when expressly permitted by law or if you have consented to such a transmission during an active business relationship.
4.1 Informational Use of the Website
You may visit our website without providing your personal data. If you use our website only for informational purposes and therefore do not transmit any of your personal data, we will not process any personal data except the data transmitted by your browser that enables you to visit the website. To provide our website, we must process certain kinds of information about you that is transmitted automatically so that your browser can display our website and you can use it. Each time you visit our website, this information is collected automatically and stored in our server log files. This information relates to the system of the calling computer. The following information is processed in such cases:
- User IP address
- Date and time of access
- Access method (Get/Post)
- Protocol (such as https)
- Status (such as error messages)
- Data volume retrieved
- User browser and operating system
The legal basis for this data processing is Art. 6(1)(f) GDPR. This data must be processed to provide a website, so the processing protects a legitimate interest of our company.
This data is deleted when it is no longer needed to display the website. For the website to operate, the data must be collected to provide the website and (temporarily) stored in log files. Data may be stored for longer in certain cases when this is legally required.
Besides using our website for information only, you may also use it actively (to contact us, for example). In such a case, we process the following personal data concerning you (in addition to the aforementioned processing):
- First name
- Last name
- Email address
- Telephone number
4.2 Active Use of the Website – Contact Form
If you send us inquiries using our contact form, we will process your first and last name and your email address. You may then voluntarily provide your address and telephone number, send us an individual message in the message field, or both. You are not required to send us this data, but we cannot fulfil your contact request completely or at all unless you do.
The legal basis for the possible readout of information stored on your end device is § 25(2)(2) of the German Telecommunications and Telemedia Data Protection Act ( “TTDSG”).
The legal basis for the subsequent processing of the data sent when you contact us is Art. 6(1)(f) GDPR. If you contact us, the required legitimate interest in the data processing lies in processing your request.
If an email contact is made in order to enter into a contract, the legal basis for the processing is Art. 6(1)(b) GDPR.
As soon as your request has been addressed and the matter in question has been resolved, the personal data processed via the contact form will be deleted. Data may be stored for longer in certain cases when this is legally required.
If you consent to your data’s transmission to country representatives for faster processing, we reserve the right to transmit your name, email address, and request to third parties (our partner companies). This may involve country representatives in the following countries: Argentina, Australia, Belgium, Brazil, Bulgaria, Chile, Denmark, Ecuador, Estonia, Finland, France, Georgia, Greece, Great Britain, Hong Kong, India,Indonesia, Iran, Ireland, Iceland, Israel, Italy, Japan, Canada, Korea, Latvia, Lithuania,Luxembourg, Malaysia, Mexico, Moldova, New Zealand, The Netherlands, Norway, Austria, Peru, Philippines,Poland, Portugal, Romania, Russia, Saudi Arabia, Sweden, Switzerland, Singapore,Slovakia, Slovenia, Spain,South Africa, Taiwan, Thailand,Czech Republic, Turkey, Ukraine, Hungary, United Arab Emirates.
Without your consent, your personal data will not be sent to third parties when you use the contact form.
4.3 Registration for a Customer Account and Registration Process
We give users the opportunity on our website to register by providing their personal data. The data is entered using an input mask, transmitted to us, and stored. Personal data is not transmitted to third parties unless this is necessary to perform a contract. The following personal data is collected during the registration process:
- as mandatory information: Title, first and last names, address, email address, and a password that you choose
- as voluntary information: Telephone number
- IP address
- Date and time of registration
We use the processed data to provide you with a customizable user account that allows you to use certain content and services on our website, such as Deuter’s online shop. We process your email address so that we can send you new access information if you ever forget this information.
You may modify your stored personal data at any time in your customer account.
The personal data provided on that occasion are processed to implement pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
As soon as the registration on our website is cancelled or changed, the data processed during the registration process will be deleted. Data may be stored for longer in certain cases when this is legally required.
As a user, you can cancel your registration at any time. To do this, send us an email with your request to: firstname.lastname@example.org.
4.4 Dealer Locator
a) OUTTRA tools
We have implemented OUTTRA tools for the Dealer Locator function, which is provided by 81 MEDIA GmbH, Ziegelbrennerstr. 5, 73074 Stuttgart. The display of this function requires the tool to request the visitor’s IP address. The tool uses the IP address only to send relevant information to the browser (meaning, the user). Therefore, the IP address is necessary to display this function.
The visitor’s IP address processed for the purpose of the Dealer Locator function is anonymized on OUTTRA’s server. The anonymized IP address is used to query a database, which allows for the visitor’s approximate localization based on the non-anonymized part of the IP address. The visitor is then shown nearby dealers on the website.
The legal basis for this processing of personal data is Art. 6(1)(f) GDPR. Our legitimate interest lies in the sale and advertising of products and services as well as the related functionality of the website.
If the demand for the availability of merchandise leads to a contract formation, the legal basis is Art. 6(1)(b) GDPR.
Pursuant to Art. 21 GDPR, you may object at any time to the future processing of your personal data, which is carried out on the basis of Art. 6(1)(f). The objection can be made specifically to processing for direct marketing purposes.
Neither the tool, 81 MEDIA GmbH, nor Deuter Sport GmbH stores any personal data after the visitor’s browser session ends.
On the website, via an API, we use the map service Google Maps, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Maps informs users where they can find Deuter’s products near them.
Google Ireland Ltd. processes your IP address for the use of GoogleMaps.
Your personal data is processed based on your express consent provided in accordance with Art. 6(1)(a) GDPR. You may revoke this consent at any time by clicking on the slider for the Dealer Locator function to deactivate it (note that consent cannot be revoked retroactively).
In this context, personal data may be transmitted outside the EU and the EEA, specifically to the USA. Google LLC and Google Ireland Ltd. are verified under the Data Privacy Framework Program, so an adequacy decision in accordance with Art. 45 GDPR exists for this transfer into a non-EU country.
Further information on Google’s data protection policy can be found athttps://policies.google.com/privacy?hl=de
4.5 The Order Process for Deuter’s Online Shop
To process orders made on Deuter’s online shop, we need the following personal data concerning you: First and last names, address, email address, telephone number, date of birth, and, if applicable, gender and size. You are not required to send us this data, but we cannot process your order without it.
Please note that we use third-party companies. We work with Unzer GmbH, Schöneberger Str. 21 a, 10963 Berlin, to offer you a convenient option for online payment. The following data is transmitted to the service provider during the payment process:
- Name of the invoice recipient
- Billing address
- Name of the shipping recipient
- Shipping address
- Order number
- Content of the order (items, quantity, price, discounts, etc.)
You may view Unzer’s data protection policy at https://www.unzer.com/de/datenschutz/.
Your data will then be forwarded to the credit institution or online payment service commissioned with processing the payment. If you create an account with the selected payment service providers, they may also collect this data themselves. In that case, you must log in to the payment service provider with your access information during the order process. In this regard, the respective payment service provider’s data protection policy applies.
The legal basis for processing your personal data to perform a sales contract you have entered into with us, and especially for making the payment, is Art. 6(1)(b) GDPR. This also applies to processing data to perform pre-contractual measures. We might also be legally obligated to transmit your personal data (performance of strong customer authentication in accordance with EU Directive 2015/2366 (PSD 2) and the German Payment Services Supervision Act (ZAG). The legal basis for any data transfers we may be legally required to make will be Art. 6(1)(c) GDPR in conjunction with the corresponding provisions in EU Directive 2015/2366 (PSD 2) and the German Payment Services Supervision Act (ZAG).
Once the contract has been fully performed and the purchase price fully paid, your data will be restricted for further use and erased after the retention periods under tax and commercial law have expired, unless you have expressly consented to the further use of your data. Data may be stored for longer in certain cases when this is legally required.
a. Payment via PayPal
If you opt to pay via PayPal during the order process, your personal data will be automatically transmitted to PayPal via the payment service provider PAYONE described above. PayPal is a service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. PayPal acts as an online payment service provider as well as a trustee. It also offers buyer protection services.
As a rule, the following personal data is transmitted to PayPal: First name, last name, address, email address, IP address, or other data needed to process payment. The performance of the sales contract also requires personal data concerning the individual order (such as item quantity, the item number, the invoice amount, taxes, and other invoicing information).
This corresponds to our legitimate interest in offering an efficient and secure payment method under Art. 6(1)(f) GDPR. In this context, we transmit the aforementioned data to PayPal to the extent necessary to perform the contract pursuant to Art. 6(1)(b) GDPR.
PayPal also reserves the right to collect personal data from the buyer. According to PayPal, this may include the following information:
- Telephone number
- Account number
PayPal may transmit your personal data to affiliated companies, service providers, or subcontractors to the extent necessary to meet contractual obligations or if the data is processed on commission.
Under certain circumstances, PayPal will transmit the personal data we transmit to it to credit agenciesto verify identity and creditworthiness. PayPal uses the result of the credit check and calculates the statistical probability of non-payment to decide whether to provide the respective payment method. The credit report may contain probability values (also called “score values”). Any score values included in the credit report results are based on a scientifically recognized mathematical and statistical procedure.
You may revoke your consent to PayPal’s processing of your personal data at any time. Nevertheless, withdrawing your consent does not affect the lawfulness of processing performed before that withdrawal, provided that the personal data must be processed, used, or transmitted for contractual payment processing.
You may view PayPal’s data protection policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
b. Payment by Instant Bank Transfer
We allow payment by instant bank transfer through the payment service provider Klarna Bank AB, Chausseestrasse 117, 10115 Berlin(Klarna). This corresponds to our legitimate interest in offering a safe, efficient payment method pursuant to Art. 6(1)(f) GDPR. In this context, we transmit the following data to Klarna to the extent necessary to perform the contract under Article 6(1)(b) of the GDPR:
- First name
- Last name
- Transfer amount
Depending on how your bank manages online accounts, various verification steps may be necessary: If your bank accepts transfer orders only if your account contains sufficient funds, Klarna will not verify your account coverage. In all other cases, Klarna verifies whether the account balance and the overdraft credit limit, minus any pending transactions, can cover the amount to be wired.
If the risk of abuse is higher than normal, Klarna reserves the right to check instant transfers from the last 30 days to determine whether they were successfully carried out. No credit checks are carried out on the basis of historical payment data.
The check is carried out either via your bank's HBCI interface or via the user interface of your online banking, as though you were logging yourself in. If you have several accounts, information about unselected accounts is not stored. Klarna also stores your online banking user identification (login name/account number) as a hash value. PIN and TAN codes are not stored.
We cannot influence this process, and we only receive the result of whether the payment was made or rejected, your account number, bank routing number, subject, amount, and date.
For its billing purposes, Klarna stores your name, account number, bank routing number, subject, date, and transfer amount for the legal retention periods. The legal basis for this is § 28(1) sentence 1 (1) of the German Data Protection Law (BDSG).
We will store your data until the payment processing is complete and the retention periods under commercial and tax law expire. This also includes the time needed to process refunds, manage receivables, and prevent fraud.
You can find information on your objection and removal options toward Klarna at https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de.
If you transmit your personal data to the service provider during the invoicing process, they will delete it after 24 months. After the deletion, the service provider will keep backups of that data, which it will delete after another 12 months. Data may be stored for longer periods if this is legally required (for retention periods under tax and commercial law, for example).
We use the following shipping services to perform the contract: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn. DHL may transmit your personal data to local package delivery services. We also offer the option of tracking the items you have ordered. To do this, we use the service provider PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster.
To perform the contract in accordance with Art. 6(1)(b) GDPR, we transmit your personal data to the shipping company commissioned with the delivery to the extent necessary to deliver the items ordered.
If you have given us your express consent for the purpose of delivery notification or coordination during or after your order, we will transmit your email address and telephone number to the selected shipping service provider in accordance with Art. 6(1)(a) GDPR so they can contact you before delivery for the purpose of delivery notification or coordination.
You may revoke your consent at any time by sending a message to email@example.com or directly to the shipping service provider at the following address:
DHL Paket GmbH
After your revocation, we delete your personal data provided in this instance, unless it is subject to legal retention obligations.
4.7 Application management
If you are interested in applying for any of the job positions posted on our website, you may send us an email anytime to firstname.lastname@example.org or send your application materials to the following mailing address: Deuter Sport GmbH, Daimlerstraße 23, 86368 Gersthofen. We process all the data you provide in such an instance.
The legal basis for processing the personal information thus provided is Art. 6(1)(b) GDPR in conjunction with § 26(1) sentence 1 of the German Data Protection Act.
We assure you that we will process the personal data you provide only to carry out the application process. The data retention period lasts six months from the end of the application process to permit a defence against any complaints filed under the General Act on Equal Treatment (AGG).
If we cannot consider your application for the time being, you may also consent to our storage of the documents submitted during this application process and the information entered on our website in our application database pursuant to Art. 6(1)(a) GDPR, which enables us to contact you in the future if a position matching your application profile becomes available. You must expressly consent to the use of your application data once more when submitting an application to the appropriate office. You may revoke your consent to this storage of your personal data for a maximum period of 12 months at any time (note that consent cannot be revoked retroactively). In such a case, please simply send an email to email@example.com.
To receive our email newsletter, we need your email address to which the newsletter will be sent.
You are not required to give us this data, but we cannot send you our newsletter without it.
Please note that when we send the newsletter we currently work with the company HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA, which processes your data on our behalf and ensures that the emails are sent properly. Your data will not be passed on to third parties beyond that extent in connection with sending the newsletter. You can find more information about HubSpot, your data protection rights in that regard, and how to change your settings to protect your privacy at: https://legal.hubspot.com/de/privacy-policy.
When you sign up for the newsletter, your email address will be used for our own marketing purposes until you unsubscribe from the newsletter. You can unsubscribe using the link provided at the end of every newsletter. Personalized user responses may be accessed by using the newsletter software. By signing up for our newsletter, you agree to the tracking permission and the processing of personal responses. You can revoke the tracking permission at any time through the link provided at the end of every newsletter, thereby cancelling the newsletter.
To optimize the newsletter, we look at how often readers open it and the links that readers click (analysis of user behavior).
We use the double opt-in procedure for sending the newsletter, meaning we will send you the newsletter only if you have previously confirmed your registration by clicking on a link contained in a confirmation email sent to you for that purpose. We do this to ensure that only you, as the holder of the email address that was provided, can sign up for the newsletter. You must confirm your newsletter registration promptly after receiving the confirmation email or the registration will be automatically deleted from our database.
The legal basis for processing the data provided after the user subscribes to the newsletter and provides their consent is Art. 6(1)(a) GDPR. You may revoke this consent at any time by clicking on the link provided in every email newsletter or by sending an email to firstname.lastname@example.org (note that consent cannot be revoked retroactively).
Your data will be stored for as long as you remain subscribed to the newsletter. Your data will be erased after you unsubscribe from the newsletter. Data may be stored for longer periods in individual cases if this is legally required.
We offer you the opportunity at irregular intervals to participate in contests by completing a form on our website. If you wish to participate in our contests, we will need your name and email address for this purpose. Depending on the prize in the contest, we may ask you for your address, telephone number, size, and gender. Further data may be required under the respective terms and conditions for participating in a contest.
This data is used solely to notify the winner and send or provide the prize. You are not required to send us this data, but we might not be able to consider your participation in the contest unless you do.
The legal basis for processing the data the user provides when signing up for the contest is Art. 6(1)(b) GDPR; in other words, the processing is necessary to carry out pre-contractual measures or to perform a contract.
As soon as a contest ends and the winner is selected and notified, the personal data you provided on the contest form is deleted. This is without prejudice to the relevant legal retention periods. During the legal retention period, your personal data will remain restricted and will not be used for any other data processing.
5. Transmission of personal information to third parties
Your personal data will generally not be transmitted. Your personal data will be sent to third parties only if
- we are obligated to do so to comply with administrative or judicial orders,
- if we are entitled to do so (if it is necessary for prosecuting criminal offenses or exercising and enforcing our rights, for example),
- or if you have given your prior consent.
6. Cookies and External Services
7. Social Media Plugins
Our website contains social media plugins for the social networks Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), Instagram (Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA), Pinterest (Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA), X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland), YouTube (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), and LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). These plugins might collect personal data from website visitors that is transmitted to the respective service and linked to the visitor's respective service. Deuter itself does not collect any personal data through the social media plugins or their use.
To increase the protection of your data on our website, the social plugins are integrated into our website using what is known as the “2-click solution.” This ensures that no automatic connection to the servers of the respective providers is established when a page of our website containing these social media plugins is visited. The social media plugin function is activated in two steps. To activate a social media plugin, you must first click on the relevant link on our website. This activates the social media plugin, at which point your browser establishes a connection to the servers of the respective provider. You may interact with the social media plugin after the second click and, for example, submit your recommendation.
After clicking on a social media plugin, the respective service provider is informed that you have visited the corresponding page of our online service. Please note that you do not need to have a user account for the relevant service or be logged into it. If you do have a user account for the relevant service provider and are logged into this account when you visit our website, the data collected by the social media plugin is assigned directly to your account. If you do not wish for the service provider to associate you with your profile, you must log out of your user account before clicking on one of the social media plugins.
the social media plugins might transmit personal data to countries outside the EU/EEA (especially to the USA). To ensure that your personal data is adequately protected if transmitted to such non-EU countries, we have entered into what are known as EU-US Standard Contractual Clauses with Google. The European Court of Justice has decided that the USA does not have a sufficient level of data protection according to EU standards. Therefore, since there is no adequacy decision or suitable guarantees, your data might be processed by US authorities for control and monitoring purposes—possibly with no option for legal recourse. Whenever possible, we are in contact with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.
The legal basis for using social media plugins for storing information on your end device and reading it later is your express consent provided in accordance with § 25(1) sentence 1 of the German Teleservices Data Protection Act (TTDSG). You may revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager (note that consent cannot be revoked retroactively). The ensuing processing of your personal data is based on your express consent provided in accordance with Art. 6(1)(a) GDPR. You may revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager (note that consent cannot be revoked retroactively).
For information on the scope and purpose of data collection by the respective service and the further processing and use of your data, please refer to the data protection information directly on the website of the respective service. You will also find additional information there about your relevant data protection rights and options for protecting your privacy.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
b) Instagram, Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
c) Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA
d) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
e) Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland
f) YouTube,1600 Amphitheater Parkway, Mountain View, California 94043, USA
g) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
8. Fan pages on Facebook, Instagram, YouTube, LinkedIn, XING, Pinterest, and X
We operate fan pages on the following social networks: Facebook, Instagram, YouTube, LinkedIn, XING, Pinterest and X . As the operator of these fan pages, we are a “controller” as defined by Art. 4(7) GDPR, together with the operators of these networks. If you visit one of our fan pages, personal data will be processed by the controllers. As a controller for the fan pages, we have entered into agreements with the social networks which, among other things, regulate the terms and conditions for using these pages. We have included this data protection policy in the relevant fan pages, where you can find additional information, or at deuter.com:
- Facebook data protection policy
- Instagram data protection policy
- YouTube data protection policy
- LinkedIn data protection policy
- XING data protection policy
- Pinterest data protection policy
- X data protection policy
9. Security Measures to Protect Data Stored by Us
We are committed to protecting your privacy and treating your personal data confidentially. To prevent the loss or misuse of the data that we store, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological developments. Due to the structure of the Internet, however, it is possible that data protection rules and the aforementioned security measures might not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data that is disclosed—even if by email—can be read by third parties. We have no technical influence over this. The user is responsible for protecting the data he/she provides against any misuse, either through encryption or otherwise.
Our website contains hyperlinks to websites of other providers. Activating a hyperlink will take you from our website directly to the website of the hyperlink’s provider. It might be a website of one of Deuter’s partner companies. You will recognize this through the change in URL, among other things. We cannot accept any responsibility for the confidential handling of your data on other websites. To obtain information on how your personal data is handled on another website, please consult that website directly.
11. External Service Providers
We use external service providers to provide services and to process your data in connection with our services. The service providers process the data exclusively according to our instructions and are obligated to comply with all applicable data protection regulations. All processors have been carefully selected and will have access to your data only to the extent and for the period required to provide their services, or to the extent to which you have consented to the processing and use of your data.
In this context, personal data may be transferred to countries outside the EU/EEA, specifically to the USA. To ensure that your personal data is adequately protected if transmitted to such non-EU countries, we have entered into what are known as EU-US Standard Contractual Clauses with our service providers. The European Court of Justice has decided that the USA does not have a sufficient level of data protection according to EU standards. Therefore, since there is no adequacy decision or suitable guarantees, your data might be processed by US authorities for control and monitoring purposes—possibly with no option for legal recourse. Whenever possible, we are also in contact with the service provider to ensure the protection of your personal data with any additional measures that may be necessary.
12. Storage Period
Your personal data will be erased as soon as the respective goal of its processing has been achieved or subsequently ceases to apply.
To meet contractual commitments, data collected from you may be stored for as long as the contract remains in effect and, depending on the scope of the contract, for another 6 or 10 years beyond that to comply with legal retention obligations and to respond to any inquiries or claims made after the contract expires.
If we believe that data is necessary to investigate or defend claims against us or to initiate criminal prosecution or bring claims against you, us [sic] or third parties, we may retain it for as long as such proceedings might be brought.
For customer service purposes, data collected from you may be stored for 3 to 10 years after its collection, unless you request the deletion of this data and there are no contractual or legal retention obligations that conflict with this deletion request.
Relevant verification and retention obligations arise from the German Commercial Code and the German Tax Code, among others.
In this case, the legal basis for the processing is found in the individual regulations, in conjunction with Art. 6(1)(c) GDPR.
If no contract is formed, we will erase your data after 3 years, at the end of the legal limitation period.
13. Rights of Data Subjects
13.1 Right to Information, Art. 15 GDPR
You have the right to request information from us at any time about your data that we have stored, as well as its origin, the recipients or categories of recipients to whom this data is forwarded, and the purpose of the storage.
13.2 Right to Object, Art. 7(3) GDPR
If you have provided your consent to the use of your data, you may revoke it at any time without being required to give reasons. Revoking consent applies only to the future and does not affect the legitimacy of any processing based on the consent before its withdrawal. To revoke consent, please send an email to email@example.com or a written message to Deuter Sport GmbH, Daimlerstraße 23, 86368 Gersthofen.
13.3 Right to Rectification, Art. 16 GDPR
You may request that your data that we are storing be corrected if it is inaccurate or completed if it is incomplete.
13.4 Right to Erasure and Right to Restriction of Processing, Art. 17 and 18 GDPR
You have the right to the restriction of processing, and to erasure, of personal data concerning you that we are storing. If legal retention obligations or other legal reasons prevent erasure, the processing of your data can still be restricted.
13.5 Right to Data Portability, Art. 20 GDPR
If you request the personal data you have provided to us, we will provide or transmit the data to you (or to another controller at your request) in a structured, commonly used and machine-readable format, if doing so is technically possible.
13.6 Right to Object, Art. 21 GDPR
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation pursuant to Art. 21 GDPR, provided that the data processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.
13.7 Contact for the Enforcement of the Rights of Data Subjects
To enforce the rights of data subjects, you may contact us by sending an email to firstname.lastname@example.org or a letter to Deuter Sport GmbH, Daimlerstraße 23, 86368 Gersthofen .
If you contact us, we will store the data you provide (your email address, and possibly your name and telephone number) to answer your questions or respond to your request. In this case, we will erase the data collected once its storage is no longer necessary or, if we have legal retention obligations, we will restrict its processing.
14. Right to Lodge a Complaint with a Supervisory Authority, Art. 77 GDPR
You have the right to register a complaint with the supervisory authority with jurisdiction over the processing of your personal data if you think your rights under the GDPR have been infringed.
15. Data Transmission to Affiliated Companies
Data may be transferred to affiliated companies within the Schwan-STABILO Group for operational reasons and to ensure IT operations and security.
16. Automated Decision-Making Process/Profiling
We do not carry out any automated decision-making processes or profiling (the automated analysis of your personal circumstances).
Effective: October 2023