DATA PROTECTION DECLARATION IN ACCORDANCE WITH THE REQUIREMENTS OF THE EU GDPR OF 25 MAY 2018

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection regulations is:

simplicity networks GmbH
Heinrich-Hertz-Straße 2
59302 Oelde
Germany
Tel.: 00800 - 338 670 48 (free of charge)
E-mail: eshop@opus-fashion.com or eshop@someday-fashion.com
Website: opus-fashion.com or someday-fashion.com

Managing Director authorised to represent the company: Stefan Leewe
Responsible registry court: Münster
Commercial Registry Number: HRB 14936

II. Name and address of the Data Protection Officer

The data controller's Data Protection Officer is:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy
Langemarckstraße 20
45141 Essen
Germany
Tel.: +49 (0) 2522 8330-3155
E-mail: dataprotection@simplicity.ag

III. General information on data processing

1. Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 (a) of the EU Data Protection Ordinance (GDPR) serves as the legal basis for the processing of personal data.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 (d) GDPR applies as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.

2. Data deletion and storage duration

The data subject's personal data will be deleted or blocked as soon as the reason for storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
(1) Information regarding the used browser type and version
(2) The user’s operating system
(3) The user's IP address
(4) Date and time of access
(5) Websites from which the user's system accesses our website

The data is also stored in our system's log files. This data is not stored together with other personal user data. The data you provide helps us to design and continuously improve your shopping experience in our online shop. For this purpose, user profiles are created using a pseudonym. When this purpose is achieved, log data is deleted.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.

3. Purpose of the data processing

Temporary storage of IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for providing the website, this will be undertaken once the respective session has ended.

Any data is to be stored in log files will be stored for seven days at most. Further storage is possible. In this case, the user's IP addresses will be deleted or distorted, so that identification of the accessing client is no longer possible.

5. Objection and removal option

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website and to protect our legitimate interests. Consequently, there the user inherently has no option to object.

V. Use of cookies

1. Description and scope of data processing

Cookies are small text files that are used by websites to make the user experience more efficient. When you visit our website, your surfing behaviour can be statistically evaluated in this way. This is primarily done using third-party cookie analysis programmes. The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools.

2. Types of cookies

Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be restricted. The following data is stored and transmitted in the cookies: (1) Items in a shopping basket (2) Log-in information We also use cookies on our website that enable an analysis of the user's surfing behaviour. The following data can be transmitted in this way (1) Frequency of page views (2) Utilisation of website functions

3. Duration of storage

Cookies are stored on the user's end device and transmitted by it to our website. You have and retain full control over the use of cookies and can delete cookies in your browser or via the cookie settings on our website, completely deactivate the storage of cookies or selectively accept certain cookies. Please use the help functions of your browser to find out how you can change these settings. This may limit the functionality of our websites. By giving consent to the use of cookies on the basis of a notice (‘cookie banner’) provided by us on the website, the user consents to the use of cookies. You can customise your cookie settings at any time by clicking on ‘Cookie settings’ in the footer.

4. Categories of cookies

So that you can set your desired data protection settings for your visit to our website as individually as possible, we give you the option of setting your preferences via the cookie settings with regard to the categories ‘Essential’, ‘Preferences’ and ‘Marketing’.

5. Data processing with Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site. We only use cookies in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG with your express consent, which we obtain with our cookie banner on our website. Four cookies are used:
_ga: This cookie is used to distinguish the browser from other browsers. The maximum storage period is 24 months.
_gid: This cookie is used to distinguish website users. It is stored for a maximum of 24 hours.
_ga_#: This cookie is used to attribute individual events. The maximum storage period is 24 months.
dc_gtm_UA: This cookie is used to run the Google Analytics script and collects statistical data. The storage period is one minute.
All data collected via cookies is collected for statistical purposes only. We need the data to determine which data traffic takes place on the website and where it comes from, and to determine whether the website is functioning smoothly in all areas and how we can make it more usable. No user profiles are created or conclusions drawn about the identity of a user. All user data stored in Google Analytics is deleted after 14 months at the latest. The event data stored in Google Analytics is deleted after 38 months at the latest.
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We use the "demographic characteristics" function of Google Analytics on our website. The demographic characteristics enable us to identify information about the age, gender or general interests of our website users without the information relating to an identified or identifiable person. We use this data to further develop our offer and to present it to our website users in a targeted manner. The data collected originates primarily from the Google network (e.g. Google accounts) or from third-party providers.
We also use "Google Signals" on our website. Google Signals enables us to link the visitor data collected by our website with Google information from accounts of logged-in users of the Google account if the user of a Google account has consented to this type of linking in the account settings for the purpose of ad personalisation. The processing is thus carried out on the basis of an expressly granted consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. By using Google Signals, we pursue the purpose of obtaining relevant information about the use of our offers on different devices ("cross-device"). The declaration of consent can be revoked at any time by deactivating this option in the Google account for the purpose of display personalisation. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The information generated by the cookies in question about the use of our website is generally transmitted to a Google server in the USA and stored there. However, the IP address will be shortened and anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to analyse the use of the website, to compile reports on the activities on the website and to provide further services associated with the use of the website and the Internet to the operator of the website. For this purpose, we have concluded an order processing contract with Google in accordance with Art. 28 GDPR. The data will not be passed on. No data from other sources is associated with the data collected. We use the Google Tag Manager for integration on our website. Further information can be found under 6. data processing with the Google Tag Manager.
Insofar as the full IP address is transmitted to a Google server in the USA, the transmission is based on Art. 45 para. 1 GDPR in conjunction with the EU-US Data Privacy Framework, in which Google has been certified by the US Department of Commerce.
Data processing with Google Analytics on our website is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent is voluntary and can be withdrawn at any time with effect for the future by changing the settings currently specified in our cookie banner. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can also object to the storage of cookies by making the appropriate setting in your browser software. You can also prevent Google from collecting the data generated by the cookie and relating to the use of the website (including IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de). Please note that the setting must be made individually for each device and each different browser.

6. Data processing with the Google Tag Manager

We use Google Tag Manager on our website, a service of Google LLC (‘Google’) to connect external web services to a website. It is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use the Google Tag Manager to connect our website with the Google Analytics and Google Ads services, among others, provided that consent within the meaning of Art. 6 para. 1 sentence 1 (a) GDPR has been given for the respective services on our website and this consent has not been revoked. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The Google Tag Manager is only used to implement the services on our website. No personal data is collected, stored or processed in the process. Information and setting options for the currently defined consents can be found in the cookie banner. Further information can be found in Google's usage guidelines for Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html

7. Data processing with Google Ads

We use Google Ads, an advertising system of Google Inc (‘Google’), to advertise our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. As part of this, we use the ‘Conversion Tracking’ function on our website. We also use Google Analytics to analyse data from Google Ads for statistical purposes. If our website is accessed via a Google advert, a cookie is stored on the end device. Conversion cookies lose their validity after a maximum of 90 days and are not used for personal identification. If certain pages of our website are visited and the cookie has not yet expired, we and Google can recognise that the respective user has clicked on one of our ads placed on Google and has been redirected to our site. Six cookies are used:
_gcl_au: This cookie is used to optimise marketing. It stores which ads were used to acquire a user and therefore enables the attribution of conversions to ads.
ads/ga-audiences: This cookie is used to optimise marketing. It enables the (re-)targeting of specific users. The storage period is one session.
IDE: This cookie is used to optimise marketing. It enables the display of personalised ads based on user behaviour. The maximum storage period is 24 months.
pagead/1p-user-list/#: This cookie is used to optimise marketing. It enables the provision of interest and target group information about a user. This allows ads to be placed in a more targeted manner. The storage period is one session.
pagead/landing: This cookie is used to optimise marketing. It contains data on user behaviour on websites. It is used to control how often users see the same adverts. The storage period is one session.
test_cookie: This cookie contains information about the cookie support of the respective user's browser. The maximum storage period is one day.
The information collected with the help of conversion cookies is used by Google to compile visit statistics for our website. These statistics tell us the total number of users who have clicked on our advert and also which pages of our website were subsequently accessed by the respective user. However, we or other Google Ads advertisers do not receive any information that can be used to personally identify users. We use the Google Tag Manager for the integration on our website. Further information can be found in our privacy policy under Google Tag Manager.
Data processing with Google Ads on our website is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent is voluntary and can be revoked at any time with effect for the future by changing the currently specified Google Analytics settings in our cookie banner. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The cookie banner can be found in the footer of the website. You can also prevent the installation of conversion cookies by selecting the appropriate settings in your browser, e.g. a browser setting that generally deactivates the automatic setting of cookies. The relevant Google privacy policy can be found at the following link: https://policies.google.com/privacy?gl=de

8. Data processing with Google Remarketing

We use the so-called remarketing function of Google Ads and Google Analytics, web analysis services of Google Inc (‘Google’), to advertise our website and the products available on it. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using the remarketing function, a cookie is set in the browser as soon as our website is visited. If the Google search or a website registered in the Google advertising network is called up at a later time, Google can use this cookie to recognise that a specific page in our offer has been visited, that a specific product has been placed in the shopping basket and that this has been purchased.
In Google Ads, we can then add the visitor to our website to a so-called remarketing list, a list of users who have visited certain pages on our website. These remarketing lists can be used to retrieve statistics and define target groups to whom selected adverts can be presented in the Google search network and the Google display network.
By using the remarketing function, we want to ensure that our adverts presented on the Google search network and the Google display network are only shown to people who have indicated to us by visiting the website that they are potentially interested in an advertised product and therefore do not feel annoyed or disturbed by the adverts. We can also use the services used to exclude the possibility of displaying an advert for a product to people who have already purchased the product. Furthermore, for statistical and market research purposes, we can also check whether a user was redirected to our website after clicking on an advert and analyse whether the advert was of interest to them.
We cannot draw any conclusions about the identity of the visitor from the data collected for the remarketing function via Google Ads. Google processes the data pseudonymously. This means that the user's name or email address are not processed, but only the relevant visit data stored in the cookie. This does not apply if a user has expressly allowed Google to process the data without pseudonymisation. This has no effect on data processing on our website as the website operator.
Data processing with Google Remarketing on our website is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent is voluntary. It can be revoked at any time with effect for the future by changing the currently specified Google Analytics settings in our cookie banner. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The cookie banner can be found in the footer of the website.
If the visit to our website should not be recorded via the Google cookie and the data should not be used to display adverts in the Google search and on websites that are connected to the Google advertising network, you can also object to this as follows:
A corresponding setting can be made in the browser that generally deactivates the automatic setting of cookies or only blocks specific cookies.If you wish to object specifically to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated. The relevant Google privacy policy can be found at the following link: https://policies.google.com/privacy?gl=de

9. Data processing with Google Conversion Tracking

This website also uses Google Conversion Tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Adwords places a cookie on the end device if our website is accessed via a Google advert. These cookies lose their validity after a maximum of 90 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the website of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
Data processing with Google Conversion Tracking on our website is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent is voluntary. It can be revoked at any time with effect for the future by changing the currently specified Google Analytics settings in our cookie banner. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The cookie banner can be found in the footer of the website. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies. The relevant Google privacy policy can be found at the following link: https://policies.google.com/privacy?gl=de

10. Data processing with Google BigQuery

Google BigQuery, a component of the Google Cloud Platform, is used to store and analyse the data provided by Google Analytics. It is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This platform enables complex analyses on large data sets and supports real-time data processing and data export. The platform is also used to document the consent history of newsletter subscribers. We collect your email address for this purpose. Otherwise, we do not collect or transmit any information that could identify you.
Data processing with Google BigQuery on our website is carried out on the basis of Art. 6 para. 1 lit. a) GDPR. Consent is voluntary. It can be revoked at any time with effect for the future by changing the currently specified settings in our cookie banner. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for the documentation of the consent history of our newsletter subscribers is Art. 6 para. 1 sentence 1 lit. c) GDPR. Our obligation to process the consent history arises from Art. 5 para. 2 GDPR. We keep the proof of the consent history permanently in order to be able to fulfil our obligation to the data protection supervisory authority arising from Art. 5 para. 2 GDPR. Deletion will only take place when the purpose pursued for the processing has been fully completed and when we no longer have a legal interest in having to keep the evidence within the meaning of Art. 17 para. 3 lit. e) GDPR.
The information collected may be transferred to Google servers in the USA. The transfer takes place on the basis of Art. 45 para. 1 in conjunction with the EU-US Data Privacy Framework, in which Google has been certified by the US Department of Commerce. To protect your data, we have concluded an order processing contract with Google in accordance with Art. 28 GDPR and can thus ensure that Google processes your data strictly in accordance with our instructions.
Information on data protection for Google Cloud services can be found at https://cloud.google.com/privacy/gdpr?hl=de.

11. Data processing with Meta

11.1. Meta-Pixel and Conversions API

We use the meta pixel and the conversion API and business tools of Meta Platforms Inc. Hacker Way, Menlo Park, California 94025 on our website. If based in the EU: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The use is made in accordance with Art. 6 para. 1 lit. a) GDPR on the basis of consent. Once consent has been given, the data is processed to analyse and optimise the campaign playout. Information on Facebook Ireland's contact details can be found in Facebook Ireland's data policy at https://www.facebook.com/about/privacy
If Meta does not wish to process the data, consent to the processing of the data does not have to be given.Consent to the processing of data can also be withdrawn at a later date.The subsequent revocation of previously granted consent only has effect for the future.A revoked declaration of consent has no influence on the legality of processing that took place in the past.
The meta pixel is a JavaScript code snippet that makes it possible to track the activities of visitors to our website.The Conversions API is a server-side event tracking tool. This tracking is called conversion tracking. The meta pixel and the Conversions API collect and process the following information for this purpose:
(1) Information on the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product. This allows individual preferences and preferences of the data subject to be determined and forwarded to Meta, whereby usage profiles of the data subject can also be created.
(2) Specific pixel information such as the pixel ID and the Meta cookie
(3) Information available in the HTTP headers, such as IP addresses, information about the web browser, the location of the page and the referrer
(4) Information on the status of the deactivation/restriction of ad tracking.
Information about the orders is used to measure the effectiveness of the adverts by recording whether the user has placed an order after clicking on a Facebook advert. In addition, the meta pixel is used to create specific target groups and to display relevant adverts to customer segments. The target group is determined by Facebook categorising visitors to an online offer as a target group for the display of ads by storing a cookie text file on the user device. This categorisation makes it possible to only display Facebook ads to users who have shown an interest in our online offering. In this way, we ensure that users are shown adverts tailored to their interests. The meta pixel makes it possible to track the user across all websites that have integrated this extension into their website. We process the data anonymously, but the data transmitted to Meta can be used by Meta to create user profiles or for other purposes. Further information can be found in Facebook's data policy at https://www.facebook.com/about/privacy Further detailed information about Meta Pixel can be found here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142
We collect and transfer the data to Meta Platforms Ireland in accordance with Art. 26 GDPR as joint controllers. For this purpose, we have concluded a joint controllership agreement with Meta, in which we have defined the distribution of data protection obligations between us.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is Art. 45 para. 1 GDPR in conjunction with the Data Privacy Framework, in which Meta Platforms Inc. has been certified by the US Department of Commerce.

11.2. Meta-Login (Meta Connect)

We also use the Facebook login on our website, which can be used to log in to our website with the Facebook account (so-called Facebook Connect function). Facebook Connect is a service of the social network Facebook, which is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Additional registration on our website is then not required. To log in, you will be redirected to the Facebook website, where you can log in with your user data. This links the Facebook profile and our website. Through the link, Facebook transmits the information to which the user has consented (title, first name, surname, email address). We use this information to be able to identify the user when they use our website.
The legal basis for this data processing is Art. 6 para. 1 lit. a) GDPR. If Meta does not wish to process the data, consent to the processing of the data does not have to be given. Consent to the processing of data can also be withdrawn at a later date. The subsequent revocation of previously granted consent only has effect for the future. A revoked declaration of consent has no influence on the legality of processing carried out in the past.
We collect and transmit the data to Meta Platforms Ireland in accordance with Art. 26 GDPR as joint controllers. For this purpose, we have concluded a joint controllership agreement with Meta, in which we have defined the distribution of data protection obligations between us.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is Art. 45 para. 1 GDPR in conjunction with the Data Privacy Framework, in which Meta Platforms Inc. has been certified by the US Department of Commerce.
Further information on Facebook Connect and the privacy settings can be found here: https://www.facebook.com/privacy/policy/version/25238980265745528

12. Data processing with Microsoft Advertising

12.1. Search

We use Microsoft Advertising, an advertising system of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (‘Microsoft’), to advertise our website. As part of this, a cookie is set for visitors who come to our website via an advert in the Bing search engine. We use the cookie together with Universal Event Tracking, a code with which we can collect data about the use of the website. This cookie stores data that provides information about the use of our website - including the time spent on the website, the pages accessed and whether a purchase was made. The data is pseudonymised and can be read by both Microsoft and us for statistical purposes. The information collected is transferred to Microsoft servers in the USA. The legal basis for the transfer is Art. 45 para. 1 GDPR in conjunction with the Data Privacy Framework, in which Microsoft has been certified by the US Department of Commerce. We have concluded an order processing contract with Microsoft in accordance with Art. 28 GDPR and can therefore guarantee that Microsoft processes the data strictly in accordance with our instructions. The maximum storage period is 390 days. Data processing with Microsoft Advertising on our website is carried out on the basis of Art. 6 para. 1 lit. a) GDPR. Consent is voluntary. This can be revoked at any time with effect for the future by changing the current settings in our cookie banner. The cookie banner can be found in the footer of the online shop. A corresponding setting can also be made in the browser that generally deactivates the automatic setting of cookies. Microsoft may be able to track user behaviour across multiple electronic devices through cross-device tracking and is therefore able to display personalised advertising on websites and in apps. You can object to the processing of data for this purpose by clicking on the following link: https://account.microsoft.com/privacy/ad-settings/signedout? Further information on Microsoft Advertising's analytics services can be found at https://help.bingads.microsoft.com Further information on data protection at Microsoft can be found in Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

12.2. Remarketing

We use the so-called remarketing function of Microsoft Advertising, an advertising system of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (‘Microsoft’), to advertise our website and the products available on it. By using the remarketing function, a cookie is set in the browser as soon as our website is visited. We use the cookie together with Universal Event Tracking, a code with which we can collect data about the use of the website. If the Bing search or a website registered in the Microsoft advertising network is then called up later, Microsoft can use this cookie to recognise that a specific page in our offer has been visited, that a specific product has been placed in the shopping basket and that it has been purchased. In Microsoft Advertising, we can then add the visitor to our website to a so-called remarketing list, a list of users who have visited certain pages on our website. These remarketing lists can be used to retrieve statistics and define target groups to whom selected adverts can be presented in the Microsoft search network and the Microsoft display network. By using the remarketing function, we want to ensure that our adverts presented in the Microsoft search network and the Microsoft display network are only shown to people who have given us an indication of potential interest in an advertised product by visiting the website. Furthermore, for statistical and market research purposes, we can also check whether a user was redirected to our website after clicking on an advert and analyse whether the advert was of interest to them.
We cannot draw any conclusions about the identity of the visitor from the data collected for the remarketing function via Microsoft Advertising. Microsoft processes the data pseudonymously. This does not apply if a user has expressly allowed Microsoft to process the data without pseudonymisation. This has no effect on data processing on our side as the website operator.
Data processing with Microsoft Advertising on our website is carried out on the basis of Art. 6 para. 1 lit. a) GDPR. Consent is voluntary. It can be revoked at any time with effect for the future by changing the currently specified settings in our cookie banner. The cookie banner can be found in the footer of the online shop. A corresponding setting can also be made in the browser that generally deactivates the automatic setting of cookies. The information collected is transferred to Microsoft servers in the USA. The legal basis for the transfer is Art. 45 para. 1 GDPR in conjunction with the Data Privacy Framework, in which Microsoft has been certified by the US Department of Commerce. Wir haben mit Microsoft einen Auftragsverarbeitungsvertrag gem. Art. 28 DSGVO geschlossen und können dadurch gewährleisten, dass Microsoft die Daten streng nach unseren Weisungen verarbeitet. Microsoft kann unter Umständen durch so genanntes Cross-Device-Tracking das Nutzungsverhalten über mehrere elektronischen Geräte hinweg verfolgen und ist dadurch in der Lage, personalisierte Werbung auf Webseiten und in Apps einzublenden. Der Verarbeitung der Daten für diesen Zweck kann unter folgendem Link widersprochen werden: https://account.microsoft.com/privacy/ad-settings/signedout? Nähere Informationen zu den Analysediensten von Microsoft Advertising sind unter https://help.bingads.microsoft.com ersichtlich. Weitere Informationen zum Datenschutz bei Microsoft sind in den Datenschutzbestimmungen von Microsoft unter: https://privacy.microsoft.com/de-de/privacystatement zu finden.

13. Data processing with OneSignal

We use the service of OneSignal, 201 S. B Street, San Mateo, CA 94401 (hereinafter referred to as ‘OneSignal’) to send push notifications if you have consented to receiving them by granting the corresponding authorisation. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR. Consent can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. OneSignal receives information about the installed browser or app and the respective usage when the browser or app is called up. Further data is also collected: the temporary unique device identifier, the current location, linked to the temporary unique device identifier, IP address, type of your device, type and version of the operating system, language settings, time zone and network settings.
We retain the data until consent is revoked or the subscription is cancelled. In the event of inactivity, we delete the data after three months at the latest. The transfer of data to the USA takes place on the basis of Art. 45 para. 1 GDPR in conjunction with the Data Privacy Framework, in which OneSignal has been certified by the US Department of Commerce. In addition, we have concluded an order processing agreement with OneSignal in accordance with Art. 28 GDPR and can thus ensure that it processes the data strictly in accordance with our instructions. Subscription to the notifications can be suspended or cancelled at any time in the settings of the respective browser.
The data protection information and further information from OneSignal can be found here: https://onesignal.com/privacy_policy

14. Data processing with Usercentrics

We have integrated the consent management platform ‘Usercentrics’ on our website in order to obtain consent for data processing or the use of cookies or comparable technologies. This is a service provided by Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany. The tool allows users to give or refuse their consent to certain functions of our website, such as the integration of external elements, statistical analyses, reach measurements and personalised advertising. It is also possible to give consent for individual purposes or functions only. Settings that have already been made can be changed at any time via the tool. The aim of integrating Usercentrics is to give the users of our website the freedom to decide on the aforementioned purposes and to offer the option of adjusting the settings at any time. The data is processed on the basis of the following legal bases

· Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with Art. 25 para. 2 no. 2 TDDDG: to fulfil our legal obligations.
· Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Art. 25 para. 2 no. 2 TDDDG: to protect our legitimate interests.

Our legitimate interests consist in particular in the legally compliant management of consents and the storage of user settings and preferences in relation to cookies and other functionalities. The following pseudonymised data is processed as part of the use of Usercentrics

· Settings of the consents granted or refused
· IP address (pseudonymised)
· Browser information
· Date and time of the visit

The data is stored as long as the user settings are active. After one year, consent is requested again. The settings made are then saved again for this period. If consent is not renewed, the previous data will be retained until the next interaction.

We have concluded an order processing contract with Usercentrics GmbH in accordance with Art. 28 GDPR. If the data is transferred, Usercentrics ensures that the processing is carried out strictly in accordance with our instructions and that all data protection regulations are complied with.

You have the right to object to the processing of your personal data at any time, insofar as this is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. You can send your objection by e-mail to datenschutz@usercentrics.com. Further information on data processing by Usercentrics and Usercentrics' privacy policy can be found here: https://usercentrics.com/privacy-policy/

15. Data processing with Fitanalytics

Fit Analytics is a size calculation service. The company that processes the data is Fit Analytics Innovation GmbH, Rosenthaler Str. 36, 10178 Berlin, Germany.
The purposes of data collection and processing are described below. Consent is only valid for the stated purposes. The data collected cannot be used or stored for any purpose other than those listed below.
(1) Size calculation
(2) Analysis
The technology used is cookies. This list contains all (personal) data collected by or through the use of this service: Browser information, operating system, referrer URL, date and time of the visit, host name and the anonymised IP address. The legal basis for the processing of the aforementioned data is Art. 6 para. 1 sentence 1 lit. a) GDPR. The processing is therefore carried out on the basis of expressly granted consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The place of processing is the European Union. The data will be deleted after 13 months at the latest or as soon as it is no longer required for the specified processing purposes. The data will be stored for the time required to fulfil the purposes. The data recipient is Fit Analytics Innovation GmbH. We have concluded an order processing contract with them in accordance with Art. 28 GDPR and can thus guarantee that data processing is carried out strictly in accordance with our instructions.
The data processor's privacy policy can be found at the following link: https://www.fitanalytics.com/privacy-policy
The cookie policy of the data processor can be found at the following link: https://www.fitanalytics.com/privacy-policy#cookies

16. Data processing with NewRelic

We use the NewRelic software on our website. This is a service provided by New Relic Inc, 188 Spear St., Suite 1200 San Francisco, CA 94105, which enables us to analyse website usage and monitor performance. The information stored by the cookie about your use of this website is transmitted to a NewRelic server in the USA. We do not collect or transmit any information that could identify you. We process the data on the basis of our legitimate interest in optimising the marketing of our online offering in accordance with § 25 para. 2 No. 2 TDDDG.
We use the stored information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage.
You can find further information on data protection at: https://newrelic.com/termsandconditions/privacy

17. Data processing with AWIN

Our website uses the advertising network of AWIN AG, Otto-Ostrowski-Str. 1A, 10249 Berlin for affiliate marketing. To document transactions, AWIN stores cookies on the end devices of users who visit or use websites or other online offers. These cookies serve the sole purpose of correctly allocating the success of an advertising medium and the corresponding billing within the network. Personal data is not collected, processed or used by AWIN. Only the information about when a specific advertising medium was clicked on by an end device is placed in a cookie. In the AWIN tracking cookies, an individual sequence of digits is stored, which cannot be assigned to the individual user, with which the partner programme of an advertiser, the publisher and the time of the user's action (click or view) are documented. AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser as well as the associated order number.
The storage of ‘Awin cookies’ takes place on the basis of an expressly granted consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data will be deleted after one year at the latest. We collect and transmit your data to AWIN in accordance with Art. 26 GDPR as joint controllers. For this purpose, we have concluded a joint controllership agreement with AWIN in which we have defined the distribution of data protection obligations between us.
We would like to point out that the data collected by AWIN may also be transferred to insecure third countries that do not have a data protection level comparable to that of the EU. The transfer takes place after express consent has been given on the basis of Art. 46 para. 2 lit. c) GDPR in conjunction with additional suitable guarantees.
Further information on AWIN's data processing can be found at the following link: https://www.awin.com/de/datenschutzerklarung

18. Data processing with Pinterest

We use the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) on our website, which enables us to show our website visitors who have already shown an interest in our website and our content/offers and who are Pinterest members relevant adverts and offers on Pinterest. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest informs us when our website is visited via so-called ‘events’ that, among other things, our website has been accessed and which parts of our offer are of interest. The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user.
The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR on the basis of a voluntarily given declaration of consent. You can object to the collection of data for the display of interest-based advertising on Pinterest at any time in the Pinterest account settings at https://www.pinterest.de/settings. This tool can also be deactivated via the cookie settings. The subsequent revocation of a previously granted consent only has effect for the future. A revoked declaration of consent has no influence on the legality of processing that took place in the past. The data will be deleted when the purpose no longer applies or after 12 months at the latest. You can view the cookies that have been set and their duration at any time in your browser settings and delete them manually.
The information collected may be transferred to Pinterest servers in the USA. The transfer takes place in accordance with Art. 45 para. 2 lit. c) GDPR on the basis of standard contractual clauses in conjunction with additional suitable guarantees. With regard to the processing of personal data, there is joint responsibility between simplicity and Pinterest in accordance with Art. 26 GDPR. As part of this cooperation, it is necessary that the joint controllers have access to the personal data. As a data subject of the data processing, the rights under Art. 26 para. 3 GDPR in conjunction with Art. 15-21 GDPR can be asserted against each of the controllers.
Further information on the collection and use of data by Pinterest can be found at the following link: https://policy.pinterest.com/de/privacy-policy.

19. Data processing with trbo

On our website, trbo GmbH, Leopoldstr. 41, 80802 Munich (http://www.trbo.com) collects and stores data from which pseudonymous user profiles are created in order to offer personalised customer benefits. Trbo is an onsite personalisation platform for addressing customers individually, personally and in real time. For this purpose, in accordance with Art. 6 para. 1 lit. a GDPR i.V.m. Art. 25 TTDSG, cookies can be used for this purpose, which enable the recognition of an Internet browser. These user profiles are used to analyse visitor behaviour and are evaluated to improve our website and tailor it to your needs. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately. No personal information about the identity of the user is disclosed. We have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR. This enables us to ensure that the service provider processes the data strictly in accordance with our instructions and does not use it for other purposes. We would like to point out that the data collected by Trbo may also be transferred to insecure third countries that do not have a data level comparable to that of the EU. The transfer takes place after express consent has been given on the basis of Art. 46 para. 2 lit. c) GDPR in conjunction with additional suitable guarantees. The cookie loses its validity after 1095 days. It can be revoked at any time by clicking on the following link: https://www.trbo.com/opt-out/

20. Data Processing with Bloomreach

We use the services of Bloomreach B.V., Fred. Roeskestraat 109, 10 EE Amsterdam, for the evaluation and implementation of interest-based marketing measures, in particular for the processing of newsletter dispatch, automated marketing campaigns and the analysis of surfing behaviour on the website. Roeskestraat 109, 1076 EE Amsterdam. This information is collected and summarised in the form of pseudonymised user profiles and events in order to improve our website and our email marketing measures. Upon identification through login or the placement of an order, these pseudonymised user profiles are merged with customer data in order to adapt our marketing activities to the interests of our customers. Bloomreach processes data (e.g. e-mail address) exclusively in accordance with our instructions. For this purpose, we have concluded an order processing contract with Bloomreach in accordance with Art. 28 GDPR and thereby ensure that the data is neither used for our own purposes nor for the purposes of third parties, nor is it sold or passed on to unauthorised third parties. Cookies may be stored on your computer for these purposes. You can prevent the storage of cookies by selecting the appropriate settings in your browser software.
We use the following cookies for the use of Bloomreach to collect information about the use of our website. Further information on this can be found in the cookie settings. These can be found in the footer of the online shop.
The data collected by the cookies contains the following information
(1) IP address and broad localisation data
(2) Login data
(3) Time zone setting
(4) Operating system and platform
(5) Information about visits including URL
(6) Search terms
(7) Information about what was searched for or viewed on our website
(8) Information about the shopping basket and the selected checkout options (products added, size, payment method, delivery method)
(9) Reaction and response time of the website
(10) Duration of visits to certain pages
(11) Information about website interactions (e.g. scrolling, clicks and mouse-overs) and the methods used to leave the page
(12) Activities of users
(13) Surfing on websites
The cookie settings can be managed at any time in the footer of the online shop and previously granted consent can be revoked. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
The provider Bloomreach also works with other service providers who may process personal data as subcontractors. A list of the subcontractors used can be found at the following link: https://www.bloomreach.com/en/legal/subprocessors
Further data (first and last name, gender, email address, date and time of registration, order information) are processed by Bloomreach if you have registered for our email newsletter, created a customer account or placed an order. In this case, we use the collected data to create a user profile in order to provide the newsletter and other marketing measures tailored to your interests.
If the user profile is to be deleted, an email can be sent to the following email addresses: eshop@opus-fashion.com or eshop@someday-fashion.com
The tracking data collected in Bloomreach is stored for a maximum of six months. Only information about the first session and account updates are stored for a maximum of one year. The following data is stored until we are expressly informed to delete the data from the system:
(1) Account created
(2) Information about campaigns sent and interactions with them
(3) Information about consents
(4) Purchases, Purchased products, Returned products, Cancelled products
(5) Merging of user profiles
(6) Information about stored vouchers
Further information on data protection at Bloomreach can be found at the following link: https://exponea.com/de/privacy-policy/
An example of the use of Bloomreach for automated marketing campaigns is the sending of reminder emails for a customer's shopping basket or the sending of a campaign for the customer's birthday.

21. Data processing with Sovendus

For the selection of an interesting voucher offer, we transmit personal data to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus). Sovendus is a provider of a virtual platform for the sale of shopping vouchers, the generation of e-mail newsletter subscribers and the provision of special offers from various product providers.
The email address is used to take into account any objection to advertising by Sovendus (Art. 21 para. 3, Art. 6 para. 1 lit. c GDPR). The IP address is used by Sovendus exclusively for data security purposes and is generally anonymised after seven days (Art. 6 para. 1 lit. f GDPR). We also transmit the order number, order value with currency, session ID, coupon code and timestamp to Sovendus for billing purposes (Art. 6 para. 1 lit. f GDPR). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your e-mail address and you click on the voucher banner displayed only in this case, we will send the country to Sovendus to prepare the voucher (Art. 6 para. 1 lit. b, f GDPR).
With regard to the processing of personal data, there is joint responsibility between simplicity and Sovendus in accordance with Art. 26 GDPR. As part of this cooperation, it is necessary for the joint controllers to have access to the personal data. Sovendus will process the data to take into account any objection to advertising and for reasons of data security. Further information on the processing of data by Sovendus can be found in the online data protection information at www.sovendus.de/datenschutz. As a data subject, the rights under Art. 26 para. 3 GDPR in conjunction with Art. 15-21 GDPR can be asserted against any of the data controllers.
For further information on the processing of your data by Sovendus, please refer to the online data protection information at www.sovendus.de/datenschutz.

22. Data processing with Zendesk

In order to provide the best possible customer service before, during and after the order, we use the services of the Zendesk platform. The operator is Zendesk Inc, 1019 Market Street, San Francisco, CA 94102 USA. Zendesk aggregates various processes (email, telephone) for a customer so that we have a clear overview of the previous history when providing advice. If a customer contacts our customer service, these entries relating to the enquiry are stored in Zendesk.
The processing of data for these purposes is based either on Art. 6 para. 1 S. 1 lit. b) GDPR and is carried out to the extent necessary for the fulfilment of the contract or Art. 6 para. 1 S. 1 lit. f GDPR. Insofar as the processing is based on Art. 6 para. 1 S. 1 lit. b) GDPR, we fulfil our contractual obligations, e.g. within the scope of the guarantee / legal warranty. In addition, we process the data with Zendesk on the basis of Art. 6 para. 1 S. 1 lit. f) GDPR for the traceability and documentation of the processes, for the clarification of questions and for the internal evaluation and improvement of our service, in which we have a legitimate interest in each case.
We have concluded an order processing contract with the service provider Zendesk in accordance with Art. 28 GDPR. This enables us to ensure that the service provider processes the data strictly in accordance with our instructions and does not use it for other purposes. Zendesk contractually assures us that the personal data will be stored within the EU and will not be transferred to the USA.
Further information on data protection at Zendesk can be found at the following link: https://www.zendesk.de/company/customers-partners/privacy-policy/
The data is stored for as long as is necessary to fulfil the purpose or as long as processing is not objected to. The data will be deleted after the purpose has been fulfilled.

VI. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. The data from the contact form is transmitted to us when you subscribe to the newsletter.

The following data is collected during registration:
(1) Email address
(2) Date and time of subscription

During the registration process, your consent is obtained for processing data and reference is made to this data protection declaration.

If you purchase goods or services on our website and provide us with your email address, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.

No data is disclosed to third parties in connection with data processing for sending newsletters. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for data processing after the user has registered for the newsletter, and only if the user has given their consent, is Art. 6 Para. 1 (a) GDPR.

The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 6 Para. 1 (f) GDPR.

3. Purpose of the data processing

The user's email address is collected in order to deliver the newsletter.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active.

5. Objection and removal option

The subscription to the newsletter can be cancelled by the user at any time. A link to do this can be found in every newsletter.

VII. Registration

1. Description and scope of data processing

On our website, we offer users the ability to register with the entry of personal data. The data is entered into an input screen, transmitted to us, and stored.

The following data is collected and stored during the registration process:
(1) The user's IP address
(2) First and last name
(3) Email address
(4) Place of residence and address
(5) Date of birth
(6) Gender
(7) Date and time of subscription
(8) User-defined password

The user's consent to processing this data is obtained during the registration process.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent.

If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 (b) GDPR.

3. Purpose of the data processing

The user’s registration is used to process orders, make deliveries of goods and process payments. Furthermore, it is used for the provision of services, e.g. creation and dispatch of newsletters, provided that you have consented to this.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for data collected during the registration process for fulfilment of a contract or implementation of pre-contractual measures, if the data is no longer necessary for fulfilment of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

5. Objection and removal option

As a user you have the option of cancelling the registration at any time. You can change the data stored about you at any time.

You may at any time and for no fee receive information about the data we have stored about you without stating any further reason. You can also have your data collected by us blocked, corrected or deleted at any time. Furthermore, you can revoke your consent to the collection and use of data given to us at any time without stating any reasons. To do so, please contact the following e-mail addresses: datenschutz@opus-fashion.com or datenschutz@someday-fashion.com with the subject "Privacy Policy Objection".

If the data is required for the fulfilment of a contract or the implementation of pre-contractual measures, early erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.

VIII. Data processing for advertising purposes

1. Description and scope of data processing

For marketing purposes, we use the information about your previous purchases, which is included in the transaction data, to provide relevant offers.

2. Legal basis for data processing

The legal basis for data processing for advertising purposes is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

3.1. Postal product recommendations

As an existing customer, you will regularly receive product recommendations, vouchers, discount coupons or other promotions from us by mail. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. In doing so, we use the postal address you provided in the context of the purchase to advertise our own goods and / or services that are similar to those that you have purchased from us based on an order you have already placed.

3.2 Product recommendations by e-mail

As an existing customer, you will regularly receive product recommendations from us by e-mail. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. In doing so, we use the e-mail address you provided during the purchase process to advertise our own goods and / or services that are similar to those you have purchased from us based on an order you have already placed.

4. Duration of storage

We process your data as long as necessary to fulfill the purposes described in this privacy policy. This includes, in particular, the fulfillment of our contractual and legal obligations. If necessary, we will also store your data for other purposes, insofar as further storage for specific purposes is permitted by law, e.g. for the defense of legal claims.

5. Objection and removal option

As a user, you have the option to have the data stored about you changed at any time.

You will receive information about your data stored by us free of charge at any time without giving reasons. In addition, you can have your data collected by us blocked, corrected or deleted at any time. At any time, you can object to the use of your data for advertising purposes without giving any reason. To do so, please contact us at the following e-mail addresses: datenschutz@opus-fashion.com or datenschutz@someday-fashion.com with the subject "Objection to data protection".

IX. General information on payment processing

1. Description and scope of data processing

For the purpose of payment processing, we collect and process your card and transaction data.

The following user data is collected and stored depending on the payment method:
(1) First and last name
(2) Address
(3) Account number/IBAN
(4) Bank code/BIC
(5) Invoice amount
(6) Currency
(7) Transaction number

(1) First and last name
(2) Address
(3) Credit card number (including check digits and validity period)
(4) Invoice amount
(5) Currency
(6) Transaction number

Within the framework of concluding a purchase via our online shop, the user's consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent.

If the processing of the data serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 (b) GDPR.

3. Purpose of the data processing

Data processing for payment processing is for the fulfilment of a purchase contract with the user or is necessary for the execution of pre-contractual measures.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the performance of a contract or for the execution of pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

5. Objection and removal option

As a user you have the ability to change the data stored about you at any time.

X. Data transfer in the context of payment processing

1. Description and scope of data transmission

Your data is collected and used exclusively by us. It will not be passed on to third parties. It is not part of our business to sell your customer information. We only pass on your personal data within the framework of commissioned data processing relationships. This serves to fulfil the contract concluded with you. In this case, we remain the controller within the meaning of the GDPR, while the data processor is a service provider that collects, processes and stores your personal data in accordance with our instructions. We reserve the corresponding rights of control over the respective service providers. This ensures that your data is processed exclusively for the purposes that are based on the customer relationship between you and us as the online shop.
We have commissioned a reliable payment service provider, BS PAYONE GmbH, to process payments (direct debit Germany, direct debit Austria, Sofortüberweisung, PayPal, EPS, Bancontact, credit card, Apple Pay). For this purpose, we will transmit to BS PAYONE GmbH your data mentioned in the above paragraph (VIII., paragraph 1). BS PAYONE GmbH may use this data for the purpose of payment processing under its own responsibility and pass it on to us. It is obliged to handle the information in accordance with German and European data protection laws. Detailed information on BS PAYONE GmbH within the meaning of Art. 14 GDPR, i.e. information on the business purpose, the purposes of data storage, the data recipients, the right of self-disclosure, the right to erasure or rectification, etc. can be found at the following link: https://static.opus-fashion.com/Datenverarbeitung_im_Rahmen_der_Zahlungsabwicklung.pdf.

To safeguard our interests, we automatically check all order transactions for possible fraudulent and/or abusive behaviour on the basis of Art. 6 para. 1 lit. a GDPR. An employee of the online shop decides whether it is a conspicuous order process.

The data is processed for the following purpose:
(1) Fraud prevention
(2) Protection of the user account
(3) Prevention of automatically created and falsified user accounts by bots
(4) Identification of stolen identities or payment data
(5) Product optimisation and further development against fraud

The following data is processed:
(1) Purchase contract data, order information, bank details and shopping basket information
(2) Device and usage data
(3) Biometric behaviour

The online shop has commissioned informa Solutions GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany, to carry out abuse prevention and detection by way of order processing in accordance with Art. 28 GDPR.

The data will be automatically deleted after six months.

Please click here to revoke your consent.

'2. Legal basis for data transmission

The legal basis for these transfers is Art. 6 para. 1 (b) and Art. 6 para. 1 (f) of the European Data Protection Regulation (EU GDPR). Transmission on the basis of these provisions may only take place if this is necessary to safeguard the legitimate interests of our company or third parties and does not outweigh the interests of the fundamental rights or freedoms of the data subjects which require the protection of personal data. Detailed information on the ICD within the meaning of Article 14 EU GDPR, i.e. information on the purpose of the business, data storage purposes, data recipients, the right of self-information, the right to cancellation or correction, etc. can be found under the following link.

3. Purpose of data transmission

Data transmission takes place for the purpose of payment processing and serves the fulfilment of a purchase contract with the user or is necessary for the execution of pre-contractual measures. In addition, the data processing serves the purpose of better assessing and minimizing the risk associated with a business case or advance payment for certain types of payment.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Objection and removal option

Each data subject has the right of access under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR, the right to limitation of processing under Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data portability under Article 20 GDPR, each under the legal conditions. The restrictions according to paras. 34 and 35 of the German federal data protection law (BDSG - new version) apply to the right to access and the right to erasure. Within the scope of application of Swiss data protection law, the conditions and restrictions provided therein apply.

XI. Email contact

1. Description and scope of data processing

You can contact us via the e-mail address provided. In this case, the user's personal data that is transmitted along with the e-mail will be stored.

The data is used exclusively for processing the conversation and handling your request.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent.

The legal basis for processing the data transferred in the course of sending an email is Article 6 paragraph 1 (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.

3. Purpose of the data processing

The processing of personal data in the input screen is used by us only for processing the contact.

The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems. Herein lies also the necessary legitimate interest in the processing of the data.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

5. Objection and removal option

The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.

The responsible body within the meaning of the BDSG is simplicity networks GmbH, Heinrich-Hertz-Strasse 2, 59302 Oelde, represented by its Managing Director, Mr Stefan Leewe.

You may at any time and for no fee receive information about the data we have stored about you without stating any further reason. You can also have your data collected by us blocked, corrected or deleted at any time. Furthermore, you can revoke your consent to the collection and use of data given to us at any time without stating any reasons. Please contact the following e-mail addresses: datenschutz@opus-fashion.com or datenschutz@someday-fashion.com with the subject "Data Protection Objection". We will take care of it immediately. We will be happy to answer any further questions you may have about our data protection policy and the processing of your personal data.

All personal data stored in the course of contacting us will be deleted as a result.

XII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the applicable data protection laws and you have the following rights against the data controller. Within the scope of application of Swiss data protection law, the conditions and restrictions provided therein apply:

1. Right to information

You can request that the data controller confirm whether we will process personal data that concerns you.

If such processing takes place, you can request to be informed by the data controller regarding the following information:
(1) the purposes of processing the personal data;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the planned storage duration of personal data concerning you or, if specific information in this respect is not possible, criteria for determining the storage period;
(5) the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data has not been collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 paras. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information regarding whether your personal information will be transmitted to a third country other than Switzerland or the member states of the EEA or an international organization. In this context, you may request to be informed of the appropriate guarantees in connection with the transmission.

2. The right of rectification

You have a right of rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction immediately.

3. The right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:
(1) you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the data controller does not need the personal data for longer than the purposes of the processing, but you need it for the assertion, exercising or defence of legal claims, or
(4) if you have filed an objection to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

Where the processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the European Union or of a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data that concerns you has been processed unlawfully;
(5) The deletion of personal data is required to comply with legal obligations according to European Union law or the laws of the Member States to which the data controller is subject;
(6) The personal data that concerns you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

b) Transfer of personal data to third parties

If the data controller has made the personal data concerning you public and is in accordance with Article 17 para. 1 of the GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs Persons requesting deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary
(1) to exercise the right of freedom of expression and information;
(2) for the performance of a legal obligation required for processing under European Union law or the law of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 (h) and (i) and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

5. Right to information

If you have exercised your right to have the data controller correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the controller inform you regarding such recipients.

6. Right to data portability

You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as
(1) processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
(2) the processing is undertaken using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Article 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. The right to revoke the data protection declaration of consent

You have the right at any time to revoke your data protection declaration of consent. The withdrawal of consent shall not affect the lawfulness of processing taking place on the basis of this consent before its revocation.

9. Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or fulfilment of a contract between you and the data controller;
(2) is permissible on the basis of legislation of the European Union or the Member States, to which the data controller is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests, or
(3) is undertaken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on behalf of the data controller, to state his or her own position and to challenge the decision.

The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, work or where the alleged breach takes place, if you consider that the processing of your personal data constitutes a breach of the GDPR.

The supervisory authority to which the complaint is lodged will inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy under Article 78 GDPR.