Data protection at a glance
Who is responsible for the collection of data on this website?
How and why do we collect your data?
Manual collection of data
We collect your data if you share it with us. For example, you may provide us with your data when you use our contact form or if you register your details with us. If you provide us with your data in this way, we predominantly use it to contact you directly in order to process your requests or in order to provide you with (contractually agreed) services.
Automatic collection of data
Other data is collected automatically by our IT systems as soon as you visit this website. In particular, this data includes technical data (e.g. your internet browser and operating system or the time at which you access our website). It also includes data on how you use our website. This data helps us to ensure that our website is fully functional, to optimize our website and to improve your user experience on our website.
What rights do you have concerning your data?
You are entitled at any time to receive information free of charge about the source and recipients of the personal data we have stored about you and the purposes for which we are processing it. You also have the right to request that we rectify, block, or delete your data. If you wish to exercise these rights or if you have any questions about data protection, you can contact us at any time using the address provided in Section 1 above. You are also entitled to lodge a complaint with the competent supervisory authority.
Analysis tools and third-party tools
1. General information and mandatory information
We would like to point out that the transmission of data online (e.g. communication by e-mail) may be vulnerable to security breaches. It is not possible to fully protect data from access by third parties.
Data controller and data protection officer
The data controller for the processing of data on this website is:
Triebeser Straße 16
07937 Zeulenroda-Triebes, Germany
T: +49 (0) 36628 66 — 10 00
We have appointed an internal company data protection officer (pursuant to Article 37 et seq. GDPR):
Triebeser Str. 16
07937 Zeulenroda-Triebes, Germany
T: +49 (0) 36628 66 — 13 39
This website uses SSL encryption for security reasons and in order to protect the transmission of confidential information, such as orders or requests that you send to us as the website operator. Your connection is being encrypted if a padlock symbol appears in your browser address bar and the start of the URL in your address bar changes from “http://” to “https://”.
When SSL encryption is activated, the data that you transfer to us cannot be read by third parties.
2. Your rights concerning data protection
Access, blocking, erasure, restriction of processing, objection
As part of the applicable statutory provisions, you have various rights relating to the processing of your personal data. You can contact our data protection officer at any time using the details provided if you would like to exercise your rights or if you have any questions concerning your personal data.
Each data subject has the following rights under the GDPR:
- The right of access to the personal data stored about you (pursuant to Article 15 GDPR),
- The right to have your personal data rectified (pursuant to Article 16 GDPR),
- The right to erasure (pursuant to Article 17 GDPR),
- The right to the restriction of processing (pursuant to Article 18 GDPR),
- The right to object to your data being processed (pursuant to Article 21 GDPR).
The right to access and the right to erasure are subject to the restrictions laid down in Sections 34 and 35 of the German Federal Data Protection Act (BDSG).
The right to data portability
You have the right (pursuant to Article 20 GDPR) to have data that we have processed by automated means on the basis of your consent or in order to perform a contract to be given to you or to a third party in a commonly used and machine-readable format. If you request that this data be transmitted directly to another controller, this will only take place if technically feasible.
Withdrawal of your consent to the processing of your data
If we are processing your data on the basis of your consent (e.g. in accordance with Article 6 (1) a GDPR), you have the right to withdraw this consent at any time. To exercise this right, you simply need to notify us of your request by e-mail. This withdrawal of consent will not affect the legality of the data processing that has already taken place.
The right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with a supervisory authority in the event of infringements of data protection legislation.
3. Collection of data on our website
Cookies are used on some parts of this website to make it more user-friendly, efficient, and secure. Cookies are small text files that your browser stores on your device.
The majority of the cookies we use are session cookies. These are automatically deleted from your device when you leave our website. Other cookies remain on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.
You can configure your browser to alert you when cookies are created so that you can choose whether to accept them on a case-by-case basis. You can also configure it to always decline cookies or to decline them in certain cases as well as to automatically delete cookies when you close your browser. Please note that deactivating cookies may limit the functionality of this website.
Server log files
The provider of this website automatically collects and stores information in server log files automatically transferred to us by your browser when you visit this website. This information includes:
- Your browser type and browser version
- Your operating system (if applicable)
- The referrer URL
- The URL visited, including the protocol and method
- Your computer’s hostname
- The date and time of the server request
- Your IP address
- GeoIP country code
This data is not merged with other sources of data.
It is processed within the server log files so that we can fulfil our legitimate interest (pursuant to Article 6 (1) f GDPR). Our legitimate interest is to provide you, as one of our users, with a functional website tailored to your needs (e.g. in the right language for your country) so that our website is presented in an attractive manner and can be optimized continuously. In addition, collecting this data allows us to prevent or protect ourselves against cyber attacks, to perform error analysis, and to detect potential cases of fraud.
The data is processed by Netigo GmbH and T-Systems Multimedia Solutions GmbH on the basis of data processing agreements pursuant to Article 28 GDPR, in which we require the service providers to protect our customers’ data and not to disclose it to unauthorized third parties. The data is only processed in the EU and is not disclosed to third parties. The server log files are stored by the providers for 30 days before being deleted.
How to contact us
Our website provides various means for you to contact us. For example, if you would like to ask us any questions or give us any feedback, you can do this using the contact form provided on our website or the contact details listed (in particular our e-mail address).
When using the contact form, you are required to enter some personal details about yourself before you can send your inquiry to us. For example, you need to provide us with your name and e-mail address. We need this information to communicate with you and to provide you with a fast, high-quality service. This is in our legitimate interest (pursuant to Article 6 (1) f GDPR). In addition, details concerning your request help us to forward it to the right department quickly. You can also choose to give us your telephone number if you would like us to contact you in this way.
We will only use and store your data for the purpose of processing your request. We will pass on the information you enter to the relevant members of staff, who will process your request according to your requirements. We will only share your data with third parties if doing so is necessary in order to process your request.
We will store your request and the data provided in your request for the purpose of processing your request and so that we can respond to any follow-up questions. We will keep this data until you ask us to delete it or until we have fulfilled the purpose for which we were storing it. Any mandatory legal provisions – in particular retention periods – will remain unaffected by this.
Registration — User account for our online shop
You must set up a password-protected customer account before placing any orders on our online shop. Your customer account contains an overview of all the orders you have placed to date as well as all active orders.
The operator does not assume any liability for the misuse of passwords unless this misuse was caused by the operator itself.
We store all the data that you provide as a customer during the order process or when registering. This includes:
Registration form (https://www.bauerfeind-sports.com/uk/login)
- First name
- Last name
- Item prices
- Applied Promotions
- Voucher codes
- Shipping address
- Delivery options
- Payment details
- Billing address (if different from shipping adress)
- Ordered items
My account area
- Your personal details entered during registration
- Your saved adresses
- Your order history
We only transmit personal data to third parties if this is necessary in order for us to perform a contract. For example, we may share your data with the delivery company we engage to deliver your goods or the bank responsible for processing your payment. Otherwise, we only disclose your data if you have expressly agreed to this. We do not share your data with third parties, e.g. for marketing purposes, without your express consent.
The legal basis for the processing of your data is Article 6 (1) b GDPR, which permits data to be processed in order to perform a contract or in order to take steps prior to entering into a contract.
We and other users of our products and services are very interested in hearing your thoughts. For this reason, our website provides you with the opportunity to add reviews, e.g. about our products. These reviews are visible to anyone who visits our site and are meant to provide objective user information. When you write a review, you can choose whether you would like to provide your name or a pseudonym as well. In such cases, your name or pseudonym will be displayed and stored alongside your review, the title of your review and the date on which you wrote it.
The reviews and the data associated with them will remain on our website until the content to which they relate has been completely deleted. Bauerfeind reserves the right to immediately delete comments containing illegal or offensive content.
We process the data you provide when using the review function on the basis of our legitimate interest (Article 6 (1) f GDPR). We are very interested in making genuine product reviews available to users of our products.
3.1. Collection of data by social media
Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
We use Vimeo due to our interest in providing an attractive website. This represents a legitimate interest within the meaning of Article 6 (1) f GDPR.
3.2. Collection of data by services provided by Google Inc.
This website uses various services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of these individual services is described in more detail below.
Our use of the following services and the associated collection of personal data (in particular IP addresses) is generally based on our legitimate interest in analyzing, improving and making our website content appear attractive as well as on our legitimate interest in tailoring any advertising to your needs (Article 6 (1) f GDPR).
We have activated IP anonymization on our website. This means that Google will shorten your IP address before transmitting it to the USA, provided the IP address originates from a member state of the European Union or a state that is party to the Agreement on the European Economic Area. The operator of this website contracts Google to use this information to evaluate how you use the website, to create reports about the website activity, and to provide other services relating to the use of the website and the internet. The IP address transmitted from your browser during the Google Analytics process is not linked to other data held by Google.
Your right to object to the collection of your data
You can block the storage of cookies by adjusting your browser settings accordingly; please note, however, that in such cases you may not be able to make full use of all the features available on this website. You can also prevent Google from collecting and processing the data generated by the cookie about your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent Google Analytics from capturing your data by clicking on the following link. This results in an opt-out cookie being created in your browser, preventing your data from being captured when you visit this website in the future on your current browser: Deactivate Google Analytics.
The processing of data on our behalf
We have concluded a data processing agreement for our use of Google Analytics and fully comply with the strict provisions of German data protection authorities when using this service.
Collection of demographic data by Google Analytics
This website uses the Demographics feature provided by Google Analytics. This feature enables reports to be created that contain statements about the age, gender, and interests of visitors to this site. This data is gathered from Google’s personalized advertising as well as visitor data from third-party providers. This data cannot be attributed to any specific individuals. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can prohibit the general collection of your data by Google Analytics by following the steps outlined above.
Google Analytics Remarketing
This feature enables the advertising target groups compiled by Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. This means that interest-based, personalized advertising adapted to you in accordance with your previous usage and browsing behavior on an end device (e.g. a smartphone) can also be displayed on another of your end devices (e.g. tablet or PC).
Google will link your web and app browser history with your Google account for this purpose, provided that you have given Google your consent. This means that the same personalized adverts will be displayed to you on any end device on which you are logged in to your Google account.
To support this function, Google Analytics collects Google-authenticated user IDs. These are temporarily linked to our Google Analytics data and enable target groups to be defined and created for cross-device advertising.
You can permanently turn off cross-device remarketing/targeting by deactivating personalized advertising in your Google account by following this link: https://www.google.com/settings/ads/onweb/.
The linking of the data collected with your Google account takes place exclusively on the basis of your consent, which you can give or withdraw from Google (Article 6 (1) a GDPR). The collection of data that is not linked to your Google account (e.g. because you do not have a Google account or have withdrawn your consent for this data to be linked) takes place on the basis of Article 6 (1) f GDPR. The legitimate interest stems from the website operator having an interest in the anonymous analysis of visitors to the website for advertising purposes.
Google AdWords and Google conversion tracking
We use conversion tracking as part of Google AdWords. When you click on an advert displayed by Google, a conversion tracking cookie is stored on your device. These cookies expire after 30 days and are not used for personal identification purposes. If you visit certain pages on this website before the cookie has expired, Google and we can detect that you clicked on the advert and were forwarded to this page.
Each Google AdWords customer receives a different cookie. This means that cookies cannot be tracked across the websites of Adwords customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for AdWords customers who have decided to make use of conversion tracking. This process informs customers of the total number of users who have clicked on their advert and who have been forwarded to a page with a conversion tracking tag. Customers do not, however, receive any information that can be used to personally identify users. If you do not wish to participate in this tracking process, you can opt out by simply deactivating the use of the Google conversion tracking cookie in your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Google reCAPTCHA (hereinafter referred to as “reCAPTCHA”) is used to check whether the data entered on our website (e.g. via our contact form) has been inputted by a human or an automated program. To achieve this, reCAPTCHA analyzes various aspects of the behavior of visitors to our website. This analysis begins automatically as soon as a visitor accesses the website. During the analysis process, reCAPTCHA evaluates various pieces of information (e.g. IP address, the length of time the user spends on the website, and the way the user moves their mouse cursor). The data collected during the analysis process is forwarded to Google.
The analysis work performed by reCAPTCHA runs completely in the background and website users are not informed that it is taking place.
The data is processed on the basis of Article 6 (1) f GDPR. The website operator has a legitimate interest in protecting the website from malicious automated spying and spam.
This page uses the Google Maps API. Your IP address needs to be stored in order for you to use Google Maps. This information is generally transmitted to and stored on a Google server in the USA. The operator of this site has no influence over the transmission of this data.
We use Google Maps due to our interest in making our website more attractive and in making it easier for our visitors to find the addresses provided on our website. This represents a legitimate interest within the meaning of Article 6 (1) f GDPR.
3.3. Online marketing and partner programs
Amazon partner program
We participate in the Amazon EU partner program. The provider of this program is Amazon EU S.à.r.l, 5 Rue Plaetis, L-2338 Luxembourg, Luxembourg.
Our website contains Amazon adverts and links to Amazon websites, in particular Amazon.co.uk, Amazon.de, Amazon.fr, Amazon.it and Amazon.es. We earn advertising fees through this program. As part of this process, Amazon creates cookies so that it can track the origins of orders placed on its sites. These cookies allow Amazon to detect that you have clicked on the partner link on our website.
Amazon cookies are stored on the basis of Article 6 (1) f GDPR. We have a legitimate interest in this because the advertising fees we receive as a member of the Amazon partner program can only be calculated by means of these cookies.
Further information about how Amazon uses data can be found in Amazon’s Privacy Notice, which is available at: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&language=en_GB&nodeId=3312401.
Our website measures conversions using the Facebook pixel feature provided by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
The Facebook pixel allows us to track users’ behavior once they have been forwarded to our website after clicking on a Facebook advert. This enables us to analyze the effectiveness of Facebook adverts for statistical and market research purposes and in order to improve our future marketing activities.
The data collected is anonymous to us as the operator of this website and we cannot use it to identify our users. However, the data is stored and processed by Facebook, which means that a connection may be made to your Facebook profile and the data may be used for Facebook’s own advertising purposes in line with the Facebook Data Policy. Facebook uses this data to display adverts both on Facebook and on third-party sites. As a website operator, we have no control over how this data is used.
More information about the protection of your privacy can be found in Facebook’s Data Policy: https://www.facebook.com/about/privacy/.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you will need to be logged in to Facebook.
If you do not have a Facebook account, you can opt out of behavioral advertising by Facebook by visiting the website of the European Interactive Digital Advertising Alliance at http://www.youronlinechoices.com.
You can also prevent the Facebook pixel from capturing your data on our website by clicking on the following link. This results in an opt-out cookie being created in your browser, preventing your data from being captured when you visit this website in the future on your current browser: Deactivate Facebook Pixel.
The following information provides details about the contents of our newsletter. It also explains our subscription and mailing procedures, the methods we use for performing statistical analysis, and your rights to object. When you subscribe to our newsletter, you are consenting to receive the newsletter and to the procedures and methods described.
Contents of the newsletter
We only send the newsletter to recipients who have provided their consent in accordance with Article 6 (1) a GDPR or when it is legally permissible to do so . If the registration includes a specific description of the contents of the newsletter, this will be material to consent by the users. Our newsletter also contains information about our offers and promotions as well as about our company. It may also include information that specifically refers to blog posts, our services, or our online presence.
Use of the mailing service provider Campaign Monitor
We have commissioned Campaign Monitor Pty Ltd, 404/3-5 Stapleton Ave, Sutherland NSW 2232, Sydney, Australia as a third-party service provider to distribute and analyze our newsletter. We have concluded a Data Processing Agreement with Campaign Monitor. In this Agreement, we require Campaign Monitor to protect our customers’ data and not to disclose it to third parties. A copy of this Agreement is available for you to read via the following link: https://www.campaignmonitor.com/assets/files/terms/campaign-monitor-eu-data-transfer-clauses.pdf.
When you subscribe to our newsletter, the data (e.g. e-mail address) you provide during the registration process will be forwarded to Campaign Monitor and stored there. The service provider is based in Australia and the data is processed on servers in the USA.
Double opt-in and logging
After you have subscribed to the newsletter, Campaign Monitor will send you an e-mail asking you to confirm your registration (this is the “double opt-in” procedure). This confirmation is required so as to ensure that no one can register using someone else’s e-mail address.
Newsletter registrations are logged as evidence that the registration process complies with legal requirements. This means that the registration and confirmation times as well as the IP address are stored. Changes to your data stored by Campaign Monitor will also be logged.
If you wish to subscribe to the newsletter offered on the website, you will need to provide us with an e-mail address and information that will enable us to verify that you own the e-mail address you have given (double opt-in procedure) and that you consent to receiving the newsletter.
We also ask you to provide your name on an optional basis. This information is used solely to personalize the newsletter. You also have the option of providing your date of birth/age, sex, sports activities, and your favorite Bauerfeind products, and you can indicate the part of your body for which you wish to boost performance. This information enables us to specially tailor the contents of the newsletter to your interests. You can visit the preference center at any time to view and correct and/or delete the information that you chose to provide. Simply click on the “Preferences” link at the end of each newsletter.
Collection and analysis of statistics
Campaign Monitor also helps us to analyze our newsletter campaigns. This enables us to determine whether a newsletter message has been opened, when and from which location it was opened, and, if applicable, which links were used. In this way, we can determine which links are particularly popular, among other things. It is true that it is technically possible for us to attribute this information to the individual recipients of the newsletter. However, neither we nor Campaign Monitor aim to monitor individual users. The analyses are used to identify our users’ reading habits on a group basis and to tailor our content to them, or to send out varying content that relates to our users’ interests.
Campaign Monitor also enables us to further divide the recipients of our newsletter into different categories (e.g. favorite sports). This means that the newsletter can be more tailored to the target groups in each case.
Online access and data management
Consent to the sending of the newsletter is based on Article 6 (1) a and 7 GDPR as well as Section 7 (2) no. 3 and (3) of the German Act on Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG). You can use the “unsubscribe” link in the newsletter to withdraw your consent to the storage of data and the e-mail address at any time, and its use for sending the newsletter. This withdrawal of consent will not affect the legality of the data processing that has already taken place.
The use of the service provider Campaign Monitor, the performance of statistical surveys and analyses, and the logging of the registration process are carried out on the basis of our legitimate interests according to Article 6 (1) f GDPR. We are interested in using a newsletter system that is user-friendly and secure. It should also serve our own commercial interests and be tailored to the users’ expectations.
Please also note that, according to the legal provisions in Article 21 GDPR, you can withdraw your consent to the future processing of your personal data at any time. In particular, consent to data processing for direct marketing purposes can be withdrawn.
Unsubscribing/withdrawal of consent
You can unsubscribe from our newsletter at any time. This means that you have withdrawn your consent. You will find the link to unsubscribe from the newsletter at the bottom of each newsletter. After unsubscribing, your e-mail address will be stored on a blocking list and will only be used to ensure that we no longer send e-mails to your e-mail address.
You will find additional information on the Campaign Monitor Privacy Notice, which is available at: https://www.campaignmonitor.com/policies/#two.
3.4. Payment processing
If you have concluded a contract with us that obliges you to make a payment to us in order to receive a particular product or service, we may collect your payment data (e.g. your bank account number for a direct debit instruction) so that we can process your payment. The basis for this is the performance of a contract pursuant to Article 6 (1) b GDPR. Generally speaking, you will be able to choose your preferred payment method from a number of options we make available to you.
Encrypted payment transactions on this website
Payment transactions using common methods of payment (Visa/Mastercard, direct debit) take place exclusively via an encrypted SSL connection. Your connection is being encrypted if the start of the URL in your browser address bar changes from “http://” to “https://” and if a padlock symbol appears alongside it.
When communication is encrypted, the payment details that you transmit cannot be intercepted by third parties.
Payment service provider Ingenico
This website uses the payment service provider (PSP) INGENICO FINANCIAL SOLUTIONS SA-NV, Boulevard de la Woluwe 102, 1200 Brussels, Belgium and Stichting Beheer Derdengelden Ingenico Financial Solutions, Boulevard de la Woluwe 102, 1200 Brussels, Belgium (hereinafter referred to as “Ingenico”). We use Ingenico’s payment services so that you can pay via a certified service provider if you choose to pay by PayPal or credit card.
If you select one of these two payment methods, you will be transferred to a secure website provided by Ingenico and, if applicable, PayPal. Here you can enter your credit card details or log in to your PayPal account to make your payment. The payment is managed by Ingenico, which acts as a technical interface between you as the customer, Bauerfeind, and the banks involved. The use of this service means that Bauerfeind never gains access to your personal bank or account details. Ingenico only uses your data to process the current order. Your data will not be used or shared with third parties in any other way.
The processing of data on our behalf and security
We have concluded a data processing agreement with Ingenico, in which we require Ingenico to protect our customers’ data and not to disclose it to unauthorized third parties. Ingenico is also certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). This certification program was established by brands such as Visa, Mastercard, and American Express with the aim of ensuring that card and account details are protected and the strictest security standards are upheld.
The transmission of your data for the purpose of processing payments takes place on the basis of the performance of a contract (pursuant to Article 6 (1) b GDPR) between you as the customer and us. We integrate Ingenico’s services on the basis of our legitimate interest (pursuant to Article 6 (1) f GDPR). These services allow us to provide you, as a customer, with a secure way of making a payment via a certified payment service provider that protects your sensitive data by offering a high level of security. We have also chosen the PayPal and credit card payment methods on the basis of our legitimate interest (pursuant to Article 6 (1) f GDPR) in offering users of our online shop payment methods that are widespread, modern, convenient, and accepted among our customers.
Please note that in order to pay by PayPal you will need to have set up a PayPal account. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) is responsible for this. Further information can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.