Home
Data protection declaration

Information on Data Protection

This data protection notice informs you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The controller for data processing (unless otherwise stated below) is Closed Direct GmbH (hereinafter referred to as "we" or "us").

Our data protection notice consists of two parts. Part A provides you with general information on data protection at Closed and explains, among other things, what rights you have and where you can assert them. Part B is dedicated to the various groups of data subjects and explains in detail what data we collect and process about you. We address you in your role as:

a. Visitors to our websites;
b. Customers of our online shop;
c. Interested parties and visitors to our warehouse sale;
d. Interested parties and customers of our stationary stores;
e. Newsletter subscribers;
f. Social media visitors;
g. Contact persons at service providers, suppliers and business partners;
h. Applicants;
i. Special information for customers from Switzerland.

A. General information

1. Our contact details

If you have any questions or suggestions regarding this information or would like to assert your rights, please send your enquiry to

Closed Direct GmbH
Straßenbahnring 6, 20251 Hamburg
info@closed.com
+49 40 44 18 40 0

or contact our Customer Care at

customercare@closed.com
Phone: 00800 999 888 11
(Free of charge for all networks, Mon - Fri 9.00h - 18.00h)

2. On what basis do we process your data?

The data protection term "personal data" refers to all information that relates to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the German BDSG. Data processing by us only takes place on the basis of legal authorisation. We only process personal data with your consent (Art. 6 para. 1 lit. a GDPR), for the fulfilment of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR), for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 lit. f GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 para. 1 sentence 1 BDSG).

3. Your rights

You decide on your data! As a data subject, you therefore have the right to assert your data subject rights against us. You have the following rights within the framework of the data protection laws applicable to you:

In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request access as to whether or not we process personal data relating to you and, if so, to what extent.
You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

In accordance with Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 lit. e or f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and Section 34 para. 2 BDSG.

4. Where do we process your data?

In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is required in such a third country. This applies to all transfers to countries in this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR are met.

Unless there is an adequacy decision and unless otherwise stated below, we use the EU Standard Contractual Clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of obtaining or viewing a copy of these EU Standard Contractual Clauses. Please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 lit. a GDPR.

5. To whom and why do we pass on your personal data?

In order to provide our services and operate economically as a company, we use various external companies to which we transfer personal data in some cases. If other specific recipients contain personal data for some groups of data subjects, we will inform you about this in Part B.

Hosting provider: We commission certified service providers to host our data who have the highest security standards.
IT service providers and SaaS providers: We use the services of various service providers who support us as processors and simplify and optimise our processes.
Advertising and marketing providers: With the help of various advertising and marketing providers, we aim to increase our brand awareness, promote demand for our products and increase customer loyalty. To this end, campaigns are planned, played out and their success is measured and analysed. These providers are usually also processors.
Payment providers: In order to process payments in our online shop, we share your data with payment providers and banks that process your data as controllers and/or processors.
Trading partners and shipping service providers: We may transfer your personal data to fulfilment service providers, postal and delivery services and trading partners in order to offer and deliver our goods to you in various markets.
Affiliated companies: We are a group of companies, which means that data transfer between the companies is not excluded.
Administration and authorities: In order to comply with legal regulations or to respond to court orders or other similar official requests, further transfers may take place. This also includes transfers to the tax authorities and tax consultancy/auditing firms.

6. How long do we store your data?

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting data for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

7. How do we use "cookies" and other tracking technologies?

We use cookies and similar technologies on our websites. We have summarised more information about how we use these technologies in our cookie banner. The banner can be accessed via the footer of our websites. There you will also find a list of other companies that place cookies on our websites and process data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, a list of cookies that we place and an explanation of how you can refuse certain types of cookies.

8. How can you contact our data protection officer?

You can reach our data protection officer using the following contact details:

Email: datenschutzbeauftragter@closed.com
Herting Oberbeck Datenschutz GmbH
https://www.datenschutzkanzlei.de

B. Specific information - How and why we process your data

a. Visitors to our website

1) We process pseudonymised information about the device and browser you are using, server log files, your network connection and your IP address for the following purposes:

Ensuring the security, operability and stability of our websites, including defence against attacks;
Integration of third-party content.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the flawless functionality and stability of the website.

2) We process information about your behaviour on the website. This includes the IP address and user IDs, some of which are assigned by third-party providers, and is used for the following purposes:

Reach measurement and analysis of visitor behaviour to optimise our websites, increase customer satisfaction and analyse errors;
(Conversion) tracking to measure reach and determine commission for our affiliate partners and influencers;
Remarketing to acquire new customers through personalised display of our advertising.

Legal basis: Consent in accordance with Art. 6 para. 1 lit. a GDPR, which we obtain via the consent banner on our website and which you can withdraw or adjust at any time via the footer of the website.

b. Customers of our online shop

1) We process the data that you provide about yourself when you place an order in our online shop and that we collect in connection with the order, such as your name, address, email address, payment information and information about purchased goods, including purchase history. Processing is carried out for the following purposes:

Fulfilment of our service: This includes processing your order, dispatching the goods, handling payment and returns management;
Customer account: At your request, a password-protected customer account will be created, through which your personal data and purchase history can be viewed;
(Internal) customer administration;
Customer Care: This includes answering questions about your order or our products and processing complaints.

Legal basis: Contract fulfilment pursuant to Art. 6 para. 1 lit. b GDPR. Contract fulfilment is not possible without the provision of the data.

Non-commercial communication on technical, contractual and security-related topics (e.g. order and dispatch confirmations, forgotten password messages, customer account confirmation);
Internal analysis of purchasing behaviour and segmentation according to interest groups as preparation for marketing measures.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to promote customer loyalty.

to comply with legal regulations and retention obligations.

Legal basis: Compliance with legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR

Deviations for our customers in Australia, Denmark, Finland, Great Britain, Canada, Liechtenstein, Monaco, Norway, Sweden and Cyprus: The contractual partner for the purchase of our goods is Global-e, which processes your data as an independent controller and delivers the ordered goods and informs you about the status of your order. The data is transmitted to Global-e on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR as part of the checkout process. Further information about Global-e can be found in their GTC and in their data protection information.

All other data processing, in particular the provision of the customer account, first-level customer care and shipping preparation, is the responsibility of Closed Direct GmbH in order to ensure a pleasant customer relationship and flawless fulfilment. The legal basis for this data processing is the fulfilment of the contract between the customer and Global-e in accordance with Article 6 para. 1lit. b GDPR.

2) We process your contact data, in particular your email address, for the following purposes:

To inform you about the availability of sold out or not yet available goods via email, if you actively request this. For verification purposes, we will send you a confirmation email in advance if you do not have a customer account with us. Your data will be stored until the product is available and then deleted unless you subsequently open a customer account with us.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to promote customer loyalty.

c. Interested parties and customers of our stationary stores

1) We process the data that you provide to us about yourself when placing orders by telephone or in one of our stores and that we collect in connection with the order, such as your name, address, email address, payment information and information about purchased goods, including purchase history. Processing is carried out for the following purposes:

Provision of our services: This includes the processing of your order, the dispatch of the goods as well as the processing of payment and the integration of external payment providers and returns management;
(Internal) customer administration;
Customer Care: This includes, for example, answering questions about your order or our products and processing complaints.

Legal basis: Contract fulfilment pursuant to Art. 6 para. 1 lit. b GDPR. Contract fulfilment is not possible without the provision of the data.

2) We process your contact data, in particular your email address or telephone number, for the following purposes:

To inform you about the availability of sold out or not yet available goods, if you actively request this. We may send you a confirmation email in advance for verification purposes if you do not have a customer account with us. Your data will be stored until the product is available and then deleted unless you subsequently open a customer account with us;
To inform you via WhatsApp about the availability of sold out or not yet available goods or to answer questions about our goods if you actively request this via WhatsApp;
To process enquiries that reach us in our stores, by email or by telephone conscientiously and efficiently.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to promote customer loyalty.

3) We process personal data in connection with the video surveillance systems installed in our stores and outlets. The controller for video surveillance in the outlets is Closed Outlet GmbH (Straßenbahnring 6, 20251 Hamburg, +49 40 44 18 40 0, info@closed.com). Data processing in connection with the recordings is carried out for the following purposes:

Prevention and investigation of criminal offences (in particular theft, robberies, fraud, damage, vandalism);
Exercise of domiciliary rights.

Legal basis: Legitimate interest in the stated purposes in accordance with Art. 6 para. 1 lit. f GDPR. The recordings are deleted 72 hours after recording. A longer storage period only takes place if this is necessary for the enforcement of legal claims or the prosecution of criminal offences in specific individual cases.

d. Interested parties and visitors to our warehouse sale

1) Closed Outlet GmbH (Straßenbahnring 6, 20251 Hamburg, +49 40 44 18 40 0, info@closed.com) processes your data, in particular your name and contact details in connection with the warehouse sale, for the following purposes:

Distribution of personalised invitations and reminders for warehouse sales by email and post;
Booking and management of time slots.

If you have not registered for the warehouse sale yourself, we have received your data from people who have registered you as an accompanying person.

Legal basis: Legitimate interest in enabling a warehouse sale in accordance with Art. 6 para. 1 lit. f GDPR. You have the option to object to this data processing by contacting us by email or using the unsubscribe link in the emails. If you unsubscribe, your data will be deleted.

2) We process personal data in connection with the video surveillance systems installed at our warehouse sale. Data processing in connection with the recordings is carried out for the following purposes:

Prevention and investigation of criminal offences (in particular theft, robberies, fraud, damage, vandalism);
Exercise of domiciliary rights.

e. Newsletter subscriber

1) We process the name and contact details that you provide to us when registering for our newsletter for the following purposes:

Sending personalised advertising mailings with information and updates on our goods, promotions and events for the purpose of promoting sales and acquiring new customers ;
Verification of your email address via double-opt-in.

2) We process pseudonymous information about how our newsletter is used (click behaviour, opening rate and time, length of stay) for the following purposes:

Performance measurement to optimise our content and improve our products.

The legal basis for data processing in connection with our newsletter is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you can withdraw at any time by contacting us using the contact details above or by using the unsubscribe link.

f. Contact persons at service providers/ suppliers/ business partners

1) We process data that you provide to us about yourself and the company in which you work, such as your name, email address and telephone number, for the following purposes:

Fulfilment of the contract with the company in which you work (this includes contract management, documentation on ongoing cooperation, invoicing and communication).

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the fulfilment of the contract between the company in which you work and us.

g. Applicants

1) Data that you provide to us in the course of your application or that a recruitment agency transmits to us. This is information about your CV, your previous career and other data that we process for the following purposes:

Determining whether employment is possible;
Initiation of an employment relationship.

Legal basis: Contract initiation in accordance with Art. 6 para. 1 lit. b GDPR and Section 26 para. 1 sentence 1 BDSG.

Fulfilment of statutory retention obligations or defence against legal claims.

Legal basis: Compliance with legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

Inclusion in our talent pool to be contacted again later if no employment relationship materialises for the time being.

Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR, which you can withdraw at any time by contacting us using the contact details above.

If we are unable to offer you employment, we will retain the application documents you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

h. Social media visitors

1) Controller of the social media providers

When you visit our social media pages (Facebook, Instagram, LinkedIn, TikTok) on which we present our company, certain information about you as a visitor is processed.

Further information:

Facebook and Instagram:

Privacy Policy of Meta Platforms Ireland Limited
Opt-out option

LinkedIn: Privacy Policy of LinkedIn Ireland Unlimited Company

TikTok: Privacy Policy of TikTok Technology Limited

2) Joint controllership of the social media providers and Closed (joint controllers)

The social media providers collect and process event data and send us anonymised statistics and data for our pages that help us to gain insights into the various activities that visitors carry out on our site (so-called "Page Insights"). These Page Insights are created on the basis of certain information about people who have visited our site(s).

Further information:

Facebook and Instagram:

Joint Controller Agreement
Data subject rights can also be asserted against Meta. Further information on this can be found in the Privacy Policy.

LinkedIn:

Joint Controller Agreement
Data subject rights can be asserted via this contact form at LinkedIn. You can contact LinkedIn's data protection officer via this link.
LinkedIn and Closed have agreed that the Irish Data Protection Commission is the competent supervisory authority overseeing the processing of Page Insights. You can lodge your complaint with the Irish Data Protection Commission (see www.data protection.ie) or with another supervisory authority.

TikTok:

Joint Controller Agreement
Data subject rights can be asserted via this form at TikTok.
TikTok and Closed have agreed that the Irish Data Protection Commission is the competent supervisory authority overseeing the processing of Pages Insights. You can lodge your complaint with the Irish Data Protection Commission (see www.data protection.ie) or with another supervisory authority.

3) Under the controller of Closed

We process information that you have made available to us via our social media channels on the respective social media platform. This information may be the name used, contact information or a message to us.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in communicating with interested parties and followers.

i. Special information for customers from Switzerland

If you are a data subject within the scope of the Swiss Federal Act on Data Protection, the information under this point also applies.

The legal references made in this data protection notice are aimed at data subjects in Switzerland in accordance with the comparable provisions of the Swiss Federal Act on Data Protection. This applies in particular to the applicable rights of data subjects under Art. 25-29, 32 DSG.

Data processing may take place in the following countries outside Switzerland:

Germany,
Other EU and EEA countries,
USA.

We guarantee an appropriate level of data protection. This is ensured by

An established adequate level of data protection pursuant to Art. 16 para. 1 DSG for the recipient country;
Standard data protection clauses that the Swiss supervisory authority (“EDÖB”) has previously approved, issued or recognised, in particular the Standard Contractual Clauses of the European Commission;
A treaty under international law in which an appropriate level of data protection is regulated.