- General Information
- Data processing on our website
- Processing of Server Log Files
- Consent Management Tool
- Customer account
- Online Shop
- Email about availability (‘Back in Stock/Coming Soon’)
- Google Analytics
- Online Marketing Services
- Services and third-party content
- Data processing on our Social Media
- Closed warehouse sale
- Further data processing (online and offline)
1. General Information
If you have any questions or feedback concerning this information or wish to contact
us to exercise your rights, please send your enquiry to
Closed Direct GmbH
Straßenbahnring 6, 20251 Hamburg
+49 40 44 18 40 0
In order to exercise your rights and for questions please reach out to us via the following channels:
E-Mail to: firstname.lastname@example.org
CLOSED Direct GmbH
Phone: 00800 999 888 11
(free of charge from all networks, Mo – Fr 9.00h – 18.00h)
Telefax: +49 (0) 40 73 350 062 01
1.2 Legal Basis
The legal term ‘personal data’ refers to all information relating to an identified or identifiable human. We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We solely process data with legal permission. We process personal data solely with your consent (Art. 6 section 1 letter a) GDPR), to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 section 1 letter b) GDPR), to comply with a legal obligation (Art. 6 section 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 section 1 letter f) GDPR). If you apply for an open position in our company, we will, additionally, process your personal data to decide on whether to hire you (section 26 para. 1 sentence 1 BDSG).
1.3 Period of Storage
SUnless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law. From the end of the calendar year in which the data was collected, we will retain personal data contained in our accounting data for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in order to document consent, as well as data relating to complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
1.4 Categories of Recipients
For certain processing activities, we rely on processors. These processing activities include,
for example, hosting, maintenance and support of IT systems, customer and order management, order
processing and fulfilment, accounting, marketing measures or file and data carrier destruction. A
processor is a natural or legal person, public authority, agency or other body which processes personal
data on behalf of the controller. Processors only process data on explicit instruction and are contractually
obliged to implement appropriate technical and organizational measures ensuring data protection.
Apart from that, we may transfer your data to third controllers such as postal and delivery services, payment services, our bank, tax consultants/auditors or the fiscal authority if necessary. If applicable, further recipients are mentioned below.
1.5 Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries
in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined
that the third country ensures an adequate level of data protection. In absence of such an adequacy decision
by the European Commission, the personal transfer may only be transferred to a third country if appropriate
safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is met.
Unless otherwise stated in the following we use the standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087. Insofar you consent to the transfer of personal data to third countries, the transfer is legally based on Art. 49 para. 1 letter a) GDPR.
1.6 Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. Data stored for the purpose of granting you your right of access and for the preparation thereof will only be processed for this purpose and for the purpose of data protection audits. Any further processing is restricted in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 para. 1 letter c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
1.7 Your rights
As the data subject, you are entitled to assert your rights against us. In particular,
you have the following rights:
- Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
- Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
- Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
- Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
- Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 para. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
- If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
1.8 Right to object
Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.
1.9 Data protection officer
You can contact our data protection officer via the following address:
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
2. Data processing on our website
During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is generally considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.
2.1 Processing of Server Log Files
In the case of purely informative use of our website, general information is collected automatically (i.e. not via registration), which your browser transmits to our server. This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request, HTTP status code and firewall logfiles. The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 para. 1 letter f) GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after 14 days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.
are stored by your browser when you visit a website. This makes the browser identifiable so it can be
You can delete cookies at any time in the security settings of your browser. You can object to the use of
cookies in your browser settings in general or for particular cases. The Federal Office for Information
Security provides further information on this:
2.3 Consent Management Tool
This website uses a consent management banner for the management of cookies and similar technologies.
The consent banner enables users of our website to consent to individual processing activities or to revoke
consent. By confirming the ‘Accept all’ button or by saving individual cookie settings, you consent to the use
of the respective cookies. The legal basis under data protection law is your consent within the meaning of Art.
6 para. 1 letter a) GDPR.
In addition, the banner helps us to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. Processing this data is necessary to document your consent. The legal basis results from our legal obligation to document consent (Art. 6 para. 1 letter c) in conjunction with Art. 7 para. 1 GDPR.)
2.4 Customer account
We offer you the possibility to create a customer account for the CLOSED Online Shop on our website.
Here you can store personal information for orders in the CLOSED Online Shop in order to be able to
order even more conveniently and quickly in the future. At the same time, your personal customer account
contains service information for you, such as access to your purchase history.
When you register for a customer account, we set up password-protected access to your personal master data (in particular title, name, address, date of birth, telephone number, email address) and order data (e.g. goods, payment data, shipping service provider).
We process the personal data provided by you to manage and maintain the customer account until it is deleted by you. Please note that the deletion only deletes the customer account and the information associated with it and does not affect your orders and the personal data stored in relation with orders.
The personal data stored in connection with an order from CLOSED are processed and stored by us for the purpose of fulfilling the contract concluded with you or for carrying out pre-contractual measures (Art. 6 para. 1 letter b) GDPR).
If you wish to use the CLOSED Online Shop without a personal customer account, you can also place an order as a guest. For this purpose, the required personal master and order data must be entered in the order form in the CLOSED Online Shop during the ordering process. The same data is processed as when setting up a personal customer account.
2.5 Online Shop
2.5.1 Data processing for the fulfilment of orders
If you order a product via our website, we process personal data exclusively for the purpose of fulfilling the contract or to be able to provide you with the ordered product. For the booking or ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay in advance by bank transfer. Furthermore, we transfer your data required for delivery to one of our shipping service providers as specified in the order. The respective legal basis for the processing is Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory are required for processing your booking or order. Failure to provide this data will result in us not being able to process your booking or order. The provision of further data is voluntary.
2.5.2 Payment provider PAYONE
On our website, you have the option of making payment via the payment service provider PAYONE
(Lyoner Straße 9, 60528 Frankfurt am Main, Germany). The payment data you provide during the
ordering process will be transferred to PAYONE, insofar as this transfer is necessary to carry
out the payment process. The legal basis for this transmission is Art. 6 para. 1 letter b) GDPR.
PAYONE is the sole controller of the processing of the payment data in the course of the subsequent payment process. You can find more information on data protection at PAYONE here: https://www.payone.com/DE-de/dsgvo
2.5.3 Payment via PayPal
In addition, you may pay via Paypal. Please note that the respective payment details are collected and processed
by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg as sole controller.
Paypal only transfers the address data stored at PayPal to us which we exclusively process for the purpose
of fulfilling the contract. The legal basis is Art. 6 para. 1 letter b) GDPR.
For further information about data protection at Paypal please go to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5
2.5.4 Purchase on account via Payolution (part of the Unzer Group)
If you select purchase on account on our website, we use the payment service provider Payolution
(Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg).
For this purpose, your personal information required for the processing of this payment method (first name, last name, address, e-mail address, telephone number, date of birth, IP address, gender) together with the data required for the execution of the transaction (item, invoice amount, due date, total amount, invoice number, tax amount, currency, order date and time) will be forwarded to Payolution for the purpose of risk assessment and invoicing. In addition, an identity and/or solvency check may also be carried out by Payolution through queries and requests for information to publicly accessible databases and credit agencies. Please also refer to the supplementary information on data processing for invoice purchases by Payolution.
Payolution is the sole controller of the processing of the payment data in the course of the subsequent payment process. You can find more information on data protection at Payolution here: https://www.unzer.com/en/datenschutz/#datenschutzhinweise-gem-art-1314-und-21-dsgvo
2.6 Email about availability (‘Back in Stock/Coming Soon’)
On our website, we offer you the subscription of an email-service informing you about the availability of sold-out or not yet available goods. For this purpose, we process your email addresses and send you a message as soon as the product you requested is available for purchase again. If you do not have a customer account with us, you will receive a confirmation email in advance to verify the email address. The legal basis is Art. 6 para. 1 letter b) GDPR, as we store your data solely for sending the notification you have ordered. Your data will be stored until the product is available and then deleted unless you subsequently open a customer account with us. Please note that our notification does not constitute a reservation of the respective product.
2.7.1 Subscribing and unsubscribing
We regularly inform subscribers of the newsletter on news about our services. A valid email address is required to register for the newsletter. In order to verify your email address, you will first receive a registration email in which you may confirm your registration by clicking on a link (double opt in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name based on the consent you have given us. This is based on the Article 6 section 1 letter a) GDPR. You can withdraw the consent you have given at any time with effect for the future, e.g. by clicking on the ‘unsubscribe’-link in the newsletter or by reaching out to us via one email@example.com. Such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal. Furthermore, we collect your IP address, the date and the time of the registration. This is necessary to prove that consent has been given. The legal basis for this arises from our legal obligation to document the consent (Art. 6 section 1 letter c), Art. 7 section 1 GDPR).
Apart from this, we analyse the reading behaviour and open rates regarding our newsletter. For this, we collect and process pseudonymous user data which will not be merged with your email address or your IP address. Legal basis for the analysis of our newsletter is Art. 6 para. 1 letter f) GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time via one of the means of communication mentioned above.
2.7.3 Service Provider
We use the MailChimp service by The Rocket Science Group LLC d/b/a MailChimp (USA) for the management
of subscribers, the dispatch of the newsletter and the analysis. Your email address is therefore transferred
from us to MailChimp. The processing is carried out on our behalf and is based on the legal basis of Art. 6 para.
1 letter f) GDPR and serves our legitimate interest in optimising and economically sending our newsletter.
If you do not want your data to be processed by MailChimp, you should not subscribe to or unsubscribe from
the newsletter. The newsletter service offers statistical evaluation options of user data. This includes information
on whether an email has reached the recipient or whether it was rejected by the server.
Please note the information in the section ‘Data transfer to third countries. For further information on data protection at MailChimp, please go to MailChimp's data privacy information at https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
2.8 Google Analytics
We use Google Analytics by Google Ireland Limited (Google Ireland/EU) on our website.
In part this data consists of information stored on your device. Apart from this the cookies will store further information on your device. Such a storage of information by Google Analytics or access to information already stored on your device is only carried out with your consent.
Google Ireland will process this data on our behalf to analyse the interaction with our website by users, to compile reports on the activities on our website and to provide us with further services related to the use of our website and the internet. The processed data can be used to create pseudonymous user profiles.
Setting of cookies and the further processing described above is subject to your consent. Legal basis for processing relating to Google Analytics is, thus, Art. 6 para. 1 letter a) GDPR. You may withdraw your consent with effect for the future at any time.
The data processed on our behalf in order to provide Google Analytics can be transferred to any country in which Google Ireland or Google Ireland’s sub-processors have subsidiaries. This transfer is legally based on standard contractual clauses in the sense of Art. 46 para. 2 letter c) GDPR.
We only use Google Analytics while IP anonymisation is activated. This means that the user’s IP address will be shortened within the EU or the European Economic Area. The IP address transferred by the browser of the user is not merged with other data
You can also prevent the collection of information generated by cookies by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this Link.
2.9 Online Marketing Services
2.9.1 Google Ads and Remarketing
We use the online marketing program Google Ads by Google Ireland Limited (Ireland/EU),
which enables us to advertise via the Google search engine. If you visit our website
via a Google ad, Google sets a cookie on your device (conversion cookie). Every Ads
customer sets a different conversion cookie. Thus, these cookies cannot be traced back
over the websites of different Ads customers. The information collected with the cookie
serve to create conversion statistics. In this way, we learn about the total number of
users which clicked on a Google ad. We do not learn information which could make the
individual user identifiable. Insofar as personal data is processed in the course of this
the legal basis is Art. 6 para. 1 letter a) GDPR.
We also use the Google Analytics advertising features (remarketing). This feature, in conjunction with Google's cross-device capabilities, allows us to better target ads and present users with ads that are relevant to their interests. Through remarketing, users are shown ads and products that have been identified as being of interest on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalised advertising messages that have been adapted to a user depending on previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another end device of the user (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalised advertising messages can be served on each end device on which you log in with your Google account. The aggregation of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google. Insofar as personal data is processed in this context, this is done with your consent and is based on the legal basis of Art. 6 para. 1 letter a) GDPR. For these linked services, data is then collected for advertising purposes via Google Analytics. To support the remarketing function, Google Analytics collects the Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device advertising.
We use the DoubleClick Floodlight marketing service provided by Google Ireland Limited (Ireland/EU). The service enables us to track and analyse the actions of users who visit our website after they have seen or clicked on one of our advertisements. For this purpose, so-called ‘floodlight tags’ or tracking pixels and cookies are placed on our website. By means of this function, we can determine the efficiency of our online campaigns on our website.
Further information on the use of data for advertising purposes can be found in Google's privacy information at www.google.com/policies/technologies/ads/
2.9.2 Facebook Pixel
We use the Facebook Pixel, a Facebook business tool by Facebook Ireland Limited (Ireland, EU) on our website.
Information on contact details of Facebook Ireland and the data protection officer of Facebook Ireland
are available in the data guideline by Facebook Ireland at https://www.facebook.com/about/privacy.
- Information about actions and activities of the visitors of our website, e.g. searching and clicking on a product or buying a product;
- Specific Pixel information like the Pixel ID and the Facebook cookie;
- Information about the buttons clicked by the visitors of our website;
- Information contained in the HTTP-headers such as IP addresses, information about the web browser, the location of the page and the referrer;
- Information on the status of deactivation/restriction of the advertisement tracking.
In part this event data is information which is stored in your device. Apart from this the Facebook
by the Facebook Pixel or access to information already stored on your device is only carried out with
Tracked conversions are shown in the dashboard of our Facebook advertisement manager and of Facebook analytics. We can use the tracked conversions to measure effectivity of our ads, to determine Custom Audiences for the targeting of ads, for dynamic ad campaigns and to analyse the effectivity of conversion funnels on our website. The functions of Facebook Pixels used by us are described in detail in the following.
Processing of event data for marketing purposes: The event data collected by the Facebook Pixel are used for targeting our ads and for optimization of the delivery of our ads, for the personalisation of functions and content as well as for the optimisation and security of Facebook products.
For this, event data is collected on our website by the Facebook Pixel and transferred to Facebook Ireland. This is subject to your consent. Thus, the legal basis for the collection and transfer of the personal data to Facebook Ireland is Art. 6 para. 1 letter a) GDPR.
Facebook and we are joint controllers of the collection and transfer of the event data. We have concluded an agreement with Facebook regarding joint controllership in which the respective responsibilities for the data protection obligations are determined between Facebook and us. Inter alia we have agreed with Facebook
- that we are responsible for providing you with all information in accordance with Art. 13, 14 GDPR about the joint controllership of processing personal data;
- that Facebook Ireland is responsible for safeguarding the rights of the data subject pursuant to Art. 15-20 GDPR in regard to the personal data stored by Facebook after the joint controllership.
The agreement concluded between Facebook and us is available at
Facebook Ireland is the controller of processing of event data after the transfer. Further information on how Facebook Ireland processes your data including the legal basis Facebook Ireland relies on and the opportunity to assert your rights against Facebook Ireland is available in Facebook Ireland’s privacy guideline at https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes: In addition, we have commissioned Facebook Ireland to create reports on the effectivity of our marketing campaigns and other online content (campaign reports) and to provide analysis and insight about the users of our website, products and services (analysis) based on the event data collected by the Facebook Pixel. For this, we transfer the personal data contained in the event data to Facebook Ireland. The personal data transferred to Facebook Ireland is processed by Facebook Ireland on our behalf in order to provide us with campaign reports and analysis.
The processing of personal data for the purpose of providing analysis and campaign reports is subject to your consent. Thus, the legal basis for this is Art. 6 para. 1 letter a) GDPR.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. This transfer is legally based on the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section ‘Data transfer to third countries’ in this regard.
We have implemented the affiliate service of the provider Conversant (Conversant Europe Ltd ("CJ"), 1st Floor, 2 Television Centre, 101 Wood Lane, London W12 7FR, United Kingdom) on our website in order to control our recommendation programmes. Cookies and similar technologies are used for this purpose, which are only set with your consent in accordance with Art. 6 para. 1 letter a) GDPR. Further information on data processing by Conversant can be found here: https://www.conversantmedia.eu/legal/privacy-policy-services-de?hsLang=de
2.10 Services and third-party content
We use services and content (hereinafter collectively referred to as ‘content’)
provided by third parties on our website. To implement such content, we rely on a two-click-solution.
With the two-click-solution no connection to the third-party provider is made at first. Instead, a placeholder
is loaded from our own server. This placeholder may be a preview image for the implemented maps or videos.
A connection to the third-party server will only be made upon a further click on the respective placeholder.
Thus, the IP address is only transferred, if you confirm the transfer by clicking on a placeholder.
The data processing is carried out with your consent and is based on Art. 6 section 1 letter a) GDPR.
We have implemented the following content provided by third parties on our website:
‘YouTube’ by Google Ireland Limited (Ireland/EU) for the display of videos. We use Google in privacy enhanced mode. For further information, please go to our consent management tool.
‘Spotify’ by Spotify AB (Sweden) for the implementation of audio content.
We use further services and content on our website which are necessary for the flawless operation of our website and for providing specific functions of the website. For implementing such content, it is necessary to process your IP address, so that the contents can be sent to your browser. Your IP address will, therefore, be transferred to the respective third-party providers. This data is processed in order to safeguard our legitimate interests and finds its legal basis in Art. 6 section 1 letter f) GDPR. You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have implemented the following content provided by third parties on our website:
‘JUNE Key CDN’ (Germany) to display images.
‘Fonts.com’ by Monotype Inc. (USA) for the display of fonts and measuring clicks for the purpose of accounting.
‘MaxMind’ by MaxMind Inc. (USA) for providing country-specific shops relying on IP localization.
3. Data processing on our Social Media
We operate company pages on multiple social media platforms via which we want to inform on our company and create opportunities for customers to connect. We operate company pages on the following social media platforms:
Visiting a company page on social media or interacting with it can result in your personal data being processed. The information in your social media account constitutes personal data. This also encompasses messages and statements made with the account. Additionally, certain information about your visit to a company page is often collected automatically during your visit which may also be personal data.
3.1 Visit of a social media page
3.1.1 Facebook and Instagram page
Certain information about you is processed relating to your visit to our Facebook or Instagram page
on which we present our company or individual products. Facebook Ireland Ltd (Ireland/EU – ‘Facebook’)
is the sole controller of this processing. Further information about the processing of personal data by
Facebook is available via
Facebook provides the opportunity to object to certain processing activities; corresponding information
and opt-out-methods are available via
Facebook provides us with anonymised statistics and insights for our Facebook and Instagram page, which enable us to gain knowledge about the ways in which people interact with our page (so called ‘insights’). These insights are created based on certain information about persons who have visited our page. Facebook and we are joint controllers of this processing. The processing serves our legitimate interest in evaluating the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 section 1 letter f) GDPR. It is impossible to match the information obtained via insights to individual accounts which interact with our Facebook page. We have concluded an agreement with Facebook on joint controllership in which the data protection duties are allocated between Facebook and us. Details of the processing of personal data for the creation of insights and of the agreement we concluded with Facebook are available via https://www.facebook.com/legal/terms/information_about_page_insights_data. Regarding these processing activities, you may also exercise your rights (see above ‘Your Rights’) against Facebook directly. Further information is available in Facebook’s privacy statement via https://www.facebook.com/privacy/explanation.
Please note that user data is also processed in the USA and other third countries according to Facebook’s data protection guidelines. Facebook only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
3.1.2 LinkedIn company page
Generally, the LinkedIn Ireland Unlimited Company (Ireland/EU – ‘LinkedIn’) is the sole controller of
the processing of your personal data relating to a visit to our LinkedIn page. Further information about
LinkedIn processing personal data is available at
If you visit or follow our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights which enable us to gain knowledge about the ways in which interact with our page (so called ‘insights’). For this purpose, LinkedIn processes, in particular, such data that you already shared with LinkedIn by adding it to your profile like, for example, position, country, field of work, seniority, company size and employment status. Further, LinkedIn collects information on how you interact with our LinkedIn company page, for example whether you follow our LinkedIn company page. LinkedIn does not share personal data with us by providing us with the insights. We only have access to a summarized version of the insights. Also, we are unable to make conclusions about individual members from the information in the insights. LinkedIn and we are joint controllers of the processing regard the page insights. The processing serves our legitimate interest in analysing the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 para. 1 letter f) GDPR. We have concluded an agreement with LinkedIn on joint controllership in which the data protection duties are allocated between LinkedIn and us. The agreement is available via https://legal.linkedin.com/pages-joint-controller-addendum. The agreement stipulates the following:
- LinkedIn enables you to exercise your rights pursuant to the GDPR. In order to do so, you can contact LinkedIn online via https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de or via the contact details in the data protection guidelines. You can contact the Data Protection Officer of LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also reach out to us via the contact details mentioned above for the exercise of your rights relating to the processing of your personal data for insights. In such a case, we will forward your request to LinkedIn.
- LinkedIn and we have agreed that the Irish data protection commission shall be the responsible supervisory authority monitoring the processing for insights. You always have the right to lodge a complaint with the Irish data protection commission (see www.dataprotection.ie) or any other supervisory authority.
Please note that user data is also processed in the USA and other third countries according to LinkedIn’s data protection guidelines. LinkedIn only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
Generally, the New Work SE (Germany/EU) is the sole controller of the processing of your personal data relating to your visit to our Xing profile. Further information on the processing of personal data by New Work SE is available via https://privacy.xing.com/de/datenschutzerklaerung.
Generally, Google Ireland Limited (Ireland/EU) is the sole controller of the processing of your personal data relating to your visit to our YouTube channel. Further information on the processing of personal data by YouTube and Google Ireland Limited is available via https://policies.google.com/privacy.
Generally, Pinterest Europe Ldt. (Ireland/EU – ‘Pinterest’) is the sole controller of the processing of your personal data relating to your visit to our YouTube channel. Further information on the processing of personal data by YouTube and Google Ireland Limited is available via https://policy.pinterest.com/de/privacy-policy.
3.2 Comments and direct messages
Additionally, we process information which you provide us with via the respective social media platform. Such information can include the username, contact details or a message to us. We are the sole controller of such processing activities. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 para. 1 letter f) GDPR. Further data processing can take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).
4. Closed warehouse sale
If you register for our warehouse sale via our website, we process personal data
for booking appointments and sending invitations. The controller of the data processing is
Closed Outled GmbH
Straßenbahnring 6, 20251 Hamburg
+49 40 44 18 40 0
The data collected as part of the appointment booking is necessary for the organisation of the event and is processed by us for this purpose. The legal basis for the data processing is Art. 6 para. 1 letter f) GDPR. For the booking, we use a service provider who acts as processor on our behalf.
Furthermore, we send postal invitations for future warehouse sales. This processing activity is also justified under Art. 6 para. 1 letter f) GDPR. You have the right to object to this form of data processing at any time.
5. Further data processing (Online und Offline)
5.1 Contact vie email
If you send us a message via our contact email address, we will process the transferred data in order to process the request. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 para. 1 letter f) GDPR.
5.2 (Potential) Customer Data
If you reach out to us as a customer or potential customer, we process your data in order to establish and execute the contractual relationship to the extent necessary. This usually includes processing of personal master, contract and payment data provided to us as well as contact and communication details of our contact persons at commercial customers and business partners. The legal basis for this is Art. 6 para. 1 letter b) GDPR. Additionally, we process data of customers and potential customers for purposes of analysis and marketing. This processing activity finds its legal basis in Art. 6 para. 1 letter f) GDPR and serves our interest in improving our product range and informing about our services in a targeted manner. Further data processing can take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).
5.3 Use of the email address for marketing purposes
We may use the email address you provided when registering or ordering from us to inform you about our own similar products and services offered by us. The legal basis is Art. 6 para. 1 letter f) GDPR in conjunction with. section 7 para. 3 UWG. You can object to this at any time without any costs arising by virtue thereof, other than the transmission costs pursuant to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to firstname.lastname@example.org
5.4 Offline orders
If you order a product by telephone, we process personal data exclusively to execute the contract or to be able to provide you with the product you have ordered. During the ordering process, we only process data which you have provided yourself. To enable delivery of the products you ordered, we transfer the data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 section 1 letter b) GDPR. All data fields marked as mandatory must be filled in to enable us to process your order. Failure to fill in the mandatory fields results in our inability to process your order. The provision of further data is voluntary.
When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the review of your application. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you a position, we will retain the data you provide for up to six months for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is section 26 para. 1 BDSG. If we keep your applicant data for a period longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal of consent does not affect the lawfulness of the processing, which has taken place prior to the withdrawal.