Privacy Policy

A. Privacy Policy for Use of This Website

1. Name and Contact Information of the Controller and Data Protection Officer

This privacy notice applies to data processing by:

Controller:
Sassa Mode GmbH
Legally represented by the Managing Directors:
Alexander Kerschbaumer, Michael van Snek, Remco Vermeij
Mauchentalstraße 71, 72574 Bad Urach, Germany
Email: [email protected]
Phone: +49 (0)7125/1441-0
Fax: +49 (0)7125/1441-86

Company Data Protection Officer:
Nathan Binkowski
c/o Mauchentalstraße 71, 72574 Bad Urach, Germany
Email: [email protected]

2. Collection and Storage of Personal Data and Nature and Purpose of Use

a) When Visiting the Website

When you access our website www.sassa.eu, the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following data is collected without your intervention and stored until automatic deletion:

• IP address of the requesting computer

• Date and time of access

• Name and URL of the requested file

• Website from which access occurs (referrer URL)

• Browser used and, if applicable, the operating system of your computer and the name of your access provider

These data are processed for the following purposes:

• Ensuring a smooth connection to the website

• Ensuring convenient use of our website

• Evaluation of system security and stability

• Other administrative purposes

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the data collected to draw conclusions about your person.

In addition, we use cookies and analytics tools when you visit our website. Further details can be found in sections 4 and 5 of this Privacy Policy.

The website provider automatically collects and stores information in server log files that your browser automatically transmits to us. These include:

• Browser type and version

• Operating system used

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

These data cannot be assigned to specific individuals. We do not combine them with other data sources. However, we reserve the right to check these data retrospectively if we become aware of concrete indications of unlawful use.

b) When Using Our Contact Form

If you have any questions, you can contact us via the form provided on the website. A valid email address is required so we know who sent the inquiry and can respond accordingly. Additional information may be provided voluntarily.

Data processing for the purpose of contacting us is based on your voluntarily given consent per Art. 6(1)(a) GDPR. The personal data collected for use of the contact form will be automatically deleted after your inquiry has been resolved.

3. Data Disclosure

Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if:

• You have given your express consent pursuant to Art. 6(1)(a) GDPR

• Disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data

• There is a legal obligation to disclose pursuant to Art. 6(1)(c) GDPR

• It is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the performance of a contract with you

4. Cookies

We use cookies on our website. These are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Cookies allow specific, device-related information to be stored during your use of the website. They help us:

• Determine how often and how many users visit our pages

• Analyze usage patterns

• Make our offering more user-friendly

Cookies may remain stored beyond a browser session and retrieved during future visits. If you prefer not to have cookies stored on your device, you can configure your browser to reject cookies.

Cookies do not harm your device and do not contain viruses, trojans, or other harmful software.

The data processed through cookies is necessary for the purposes mentioned and to protect our legitimate interests, as well as those of third parties, according to Art. 6(1)(f) GDPR.

Types of Cookies Used:

• Session Cookies: Help us recognize that you’ve already visited certain pages of our website. They are automatically deleted after your visit.

• Temporary Cookies: Enhance user experience by remembering your previous settings and entries. These are stored on your device for a set period and recognized upon your return.

• Analytical Cookies: Used to statistically record website usage and improve our offering (see Section 5).

Most browsers accept cookies automatically. You can configure your browser to:

• Reject cookies entirely

• Notify you before a new cookie is created

Please note: completely disabling cookies may limit the functionality of our website.

5. Analytics Tools / Plug-ins

a) Tracking Tools

The tracking measures described below are used based on Art. 6(1)(f) GDPR. Our intent is to design our website to meet user needs and continually optimize it. These measures also help us statistically evaluate usage for the purpose of improving our offering.

aa) Google Analytics

We use Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), for demand-oriented design and optimization of our website.

This involves creating pseudonymized usage profiles and using cookies (see Section 4). The information generated by the cookie includes:

• Browser type/version

• Operating system

• Referrer URL (previously visited page)

• Hostname of accessing computer (IP address)

• Time of server request

This data is transferred to a Google server in the USA and stored there. It is used to evaluate website use, compile reports on activity, and provide related services.

Data may also be transferred to third parties where legally required or where they process the data on Google’s behalf. Your IP address will never be merged with other Google data and is anonymized (IP masking).

You can:

• Prevent cookie storage via your browser settings (may limit site functionality)

• Block Google Analytics by installing a browser add-on:
  https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, for mobile devices, you can opt out by clicking a special link (set an opt-out cookie). This only works in the current browser for our website. If you delete cookies, you'll need to opt out again.

Further info: Google Analytics Help

b) Google Maps

Our website uses the Google Maps service from Google. By using this feature, you consent to the collection, processing, and use of automated data by Google and its representatives or third parties.

Google Maps Terms of Use: Google Maps Terms

bb) Google Ads Conversion Tracking

We also use Google Ads Conversion Tracking to statistically record and evaluate website usage. If you reach our site via a Google ad, Google Ads sets a cookie (see Section 4) on your device.

• These cookies expire after 30 days and don’t contain personal information.

• If you visit specific pages before the cookie expires, Google and we can recognize that you clicked the ad and reached our page.

6. Social Media Plug-ins

We use social plug-ins from various social networks on our website based on Art. 6(1)(f) GDPR to increase the visibility of our company. This promotional purpose is considered a legitimate interest under the GDPR. Responsibility for data protection-compliant operation lies with the respective providers.

We use the "two-click method" to protect visitors to our website as best as possible. This means plug-ins are only activated when you explicitly click on them.

a) Facebook

We use Facebook social plug-ins (such as the “LIKE” or “SHARE” button). This service is provided by Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

When you access a page on our site containing such a plug-in, your browser connects directly to Facebook's servers. The content of the plug-in is transferred directly to your browser and integrated into the website.

As a result, Facebook receives information that your browser has accessed the corresponding page, even if you do not have a Facebook account or are not logged in. This information (including your IP address) is sent directly to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can associate your visit with your account. When you interact with plug-ins (e.g., click the “LIKE” button), this information is also sent to a Facebook server and stored. It may also appear on your Facebook timeline.

Facebook may use this data for advertising, market research, and tailoring its platform to users. For more information on Facebook’s privacy practices and settings, visit:
https://www.facebook.com/about/privacy/

To prevent Facebook from assigning data to your Facebook account, log out of Facebook before visiting our website.

b) Instagram

Our website includes plug-ins from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The plug-ins are marked with the Instagram logo (e.g., camera icon).

When you visit a page with an Instagram plug-in, your browser connects directly to Instagram’s servers. The content is sent to your browser and embedded on the website.

Instagram receives information about your visit, including your IP address—even if you’re not logged into Instagram or do not have an account. If you are logged in, your visit will be associated with your profile.

Interacting with the plug-in (e.g., clicking the Instagram button) transmits data to Instagram and may display it on your account.

For more information, see Instagram’s privacy policy:
https://help.instagram.com/155833707900388/

To prevent Instagram from associating data with your account, log out before visiting our site. You can also block Instagram plug-ins using browser add-ons.

c) Pinterest

We use social plug-ins from Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

These are recognizable by the “Pin it” button, shown on a red or white background. See an overview here:
https://developers.pinterest.com/docs/getting-started/introduction/

When you open a page containing the plug-in, your browser connects to Pinterest’s servers. Information (including your IP address) is transmitted and stored in the USA—even if you don’t have a Pinterest account.

If you’re logged in to Pinterest, your visit is linked to your profile. Interaction (e.g., clicking “Pin it”) also sends data to Pinterest, which is then stored and may appear in your profile or contacts' feeds.

More on Pinterest’s privacy policy:
https://about.pinterest.com/privacy-policy

To prevent Pinterest from linking your visit to your account, log out beforehand or block Pinterest plug-ins via browser tools.

7. Your Data Protection Rights (Rights of the Data Subject)

You have the right to:

• Access (Art. 15 GDPR): Request information about your personal data processed by us. This includes the purposes of processing, categories of data, recipients or categories of recipients, intended retention period, existence of rights to rectification, erasure, restriction, or objection, origin of your data (if not collected directly from you), and the existence of automated decision-making including profiling, if applicable.

• Rectification (Art. 16 GDPR): Request immediate correction of incorrect data or completion of incomplete personal data stored by us.

• Erasure (Art. 17 GDPR): Request the deletion of your stored personal data, provided processing is not required for:

  • Exercising the right to freedom of expression and information,

  • Fulfilling a legal obligation,

  • Reasons of public interest, or

  • Establishing, exercising, or defending legal claims.

• Restriction of Processing (Art. 18 GDPR): Request restriction of processing if:

  • You contest the accuracy of the data,

  • Processing is unlawful but you oppose erasure,

  • We no longer need the data, but you need it to establish, exercise, or defend legal claims,

  • You have objected to processing pursuant to Art. 21 GDPR.

• Data Portability (Art. 20 GDPR): Receive your personal data in a structured, commonly used, and machine-readable format, or request the transfer to another controller.

• Withdraw Consent (Art. 7(3) GDPR): Withdraw previously given consent at any time. This means we can no longer continue processing based on that consent for the future.

• Lodge a Complaint (Art. 77 GDPR): File a complaint with a supervisory authority. Typically, you can contact the authority at your habitual residence, place of work, or our business location.

8. Right to Object

If your personal data is processed based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time on grounds relating to your particular situation.

In the case of direct marketing, you have a general right to object without the need to specify a particular situation.

To exercise your right of objection or withdrawal of consent, simply email us at [email protected].

9. Data Security

We apply appropriate technical and organizational security measures to protect your data from:

• Accidental or intentional manipulation

• Partial or total loss

• Destruction

• Unauthorized access by third parties

You can tell whether a page on our website is transmitted securely by the closed key or lock icon in your browser’s status bar.

Our security measures are continuously improved in line with technological developments.

B. Data Protection in Contractual Relationships

We collect, process, and use personal data in the context of contractual relationships only as permitted or required by the GDPR, the German Federal Data Protection Act (BDSG), or other applicable legal regulations—or with your consent.

1. Name and Contact Details of Controller and Data Protection Officer

(See Section A.1 for details.)

2. Collection and Storage of Personal Data and Purpose of Use

When you engage our services, we collect the following information:

• Salutation, first name, last name

• Valid email address

• Address

• Phone number (landline and/or mobile)

• Information necessary for fulfilling your order

We collect these data:

• To identify you as our customer

• To provide appropriate consultation

• For correspondence

• For invoicing

• To manage liability claims or assert legal rights

Processing is based on Art. 6(1)(b) GDPR and is necessary for the performance of a contract or pre-contractual steps.

Your data will be stored in compliance with legal retention periods (e.g., under the German Commercial Code, Criminal Code, or Tax Code) and deleted thereafter unless further storage is authorized under Art. 6(1)(a) GDPR.

3. Disclosure of Data to Third Parties

We do not share your personal data with third parties, except when:

• You’ve given express consent (Art. 6(1)(a) GDPR)

• It's required for legal claims and there’s no reason to believe your interests override ours (Art. 6(1)(f) GDPR)

• We're legally obligated to do so (Art. 6(1)(c) GDPR)

• It’s necessary for the performance of a contract with you (Art. 6(1)(b) GDPR)

a) Shipping Providers

Your address details may be passed to delivery companies to fulfill shipping.

b) Financial Institutions

We may share payment information with your bank or payment service providers.

c) PayPal

When using PayPal (including credit card, direct debit, or “purchase on account”), we share data with:

PayPal (Europe) S.à.r.l. et Cie, S.C.A.,
22-24 Boulevard Royal, L-2449 Luxembourg

PayPal may perform credit checks and use scoring based on scientific, mathematical-statistical methods (including address data). For full privacy info:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

d) Klarna

When selecting Klarna at checkout, payment processing is handled by:

Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden

Their privacy policy:
https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

Klarna may use cookies to personalize your checkout experience. Details:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf

e) Social Plug-ins

As outlined in Section 6, social media plug-ins may transfer data to third-party providers (Facebook, Instagram, Pinterest) using the two-click method.

4. Links to External Websites (Facebook, Instagram, Pinterest)

Our emails and website may contain links to social media platforms. For data collection, processing, and use by these platforms, and your associated rights, refer to their respective privacy policies on our website under “Privacy Policy.”

5. Your Rights as a Data Subject

You have the same rights as outlined in Section 7, including access, correction, deletion, restriction, portability, withdrawal of consent, and the right to lodge a complaint.

6. Right to Object

If we process your data based on legitimate interest (Art. 6(1)(f) GDPR), you have the right to object based on your personal circumstances.
To object, email: [email protected]

C. Updates to this Privacy Policy

This privacy policy is current as of April 26, 2018.

As our website and offerings evolve, or as legal/regulatory requirements change, we may update this policy. The current version is always available at www.sassa.eu under “Privacy Policy” and can be printed at any time.