When we talk about "your data", we are referring to personal data. This includes all information which allows us to identify you straight away or by combining it with other information. Examples: Your name, your telephone number, your customer number, order numbers or your email address. All information which cannot be used to identify you (even by combining it with other data) is classified as non-personal data. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all the data in this record counts as personal data. If we delete the personal data from a piece of information or a record on your person, the remaining data in this record no longer counts as personal data. This procedure is referred to as anonymisation. The following generally applies: If we request that you share particular personal information with us, you may of course refuse to do this. You can decide which information you share with us. We may, however, be unable to provide you with the desired services (at least not optimally). For example, you cannot have a package delivered without giving a delivery address. If particular information is required in connection with a service (mandatory information), we will inform you by marking it accordingly.

1.1. Profile data

Profile data is personal and demographic information on your person (so-called master data), along with your individual interests, which you share with us when registering for a customer account. Your profile data includes, for example:

• Your first and last names
• Your contact details
• Your preferences, eg in relation to brands, product types or styles
• Demographic information such as your gender, age and place of residence

Mandatory information is usually your name, your email address and a password you choose yourself. Your email address and the password will later constitute your login details. Other mandatory information may also be required for the use of access-restricted, fee-based or personalized services, such as your date of birth or your title (eg in order to transfer you to the relevant JoDis shop page for your product preference).

Profile data may also include further information on your person and your interests. These may be collected in the process of registering for the service, or only subsequently. This is the case, for example, if you later add voluntary information to your profile or you wish to use your customer account to register for a service which requires additional mandatory information.

Hint!

If you are logged into your customer account, you can view your personal data there and can usually edit it directly there, eg in order to update your address after a move.

1.2. Contact details

If you contact us, we collect your data. Depending on how you contact us (eg by phone or by email), your contact details may include your name, postal addresses, telephone number, email addresses, detail on your social network profiles (for example we receive your Facebook ID if you contact us via Facebook), user names and similar contact details.

1.3. Order data

If you order something from JoDis, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information:

• Order number
• Details on the purchased items (name, size, color, price etc.)
• Payment method information
• Delivery and billing addresses
• Messages and communication relating to purchases (eg notice of revocation, complaints and messages to customer service)
• Delivery and payment status, eg “completed” or “dispatched”
• Return status, eg “successfully completed”
• Information on service providers involved in executing the contract (for order purchasing perhaps shipment numbers of parcel services)

Hint!

You can view your essential shopping data in your customer account in the areas "My orders", "My returns" and "My address book".

1.4. Payment data

We offer you the common payment methods in online retail - especially advance payment or credit card. We collect the payment details shared by you in order to execute the payment. We receive further payment details from external payment service providers and credit agencies which we work with in executing payments and carrying out credit checks. We only forward information to our payment service providers which is necessary for processing payment.

Payment details include:

• Preferred payment method
• Billing addresses
• IBAN and BIC or account number and sort code
• Credit card details
• Creditworthiness data

The payment details also include other information directly connected to payment processing and credit checking. This applies, for example, to information which external payment service providers use for identification.

JoDis ApS, Oliefabriksvej 61, 2770 Kastup, Denmark, is responsible for executing payments, managing claims and performing credit checks in connection with all private purchases from the JoDis webshop and other fee-based services from JoDis.

Creditworthiness data consists of our own records on your previous payment behavior towards JoDis. Cooperation with external payment service providers and credit agencies is on a country-specific basis, in order to take country-specific features and requirements into account. Under "Who is my data forwarded to?" you can find information on external payment service providers.

1.5. Data of interest

When you interact with our services, data arises which we use to find out which content, topics, products, product types, brands or styles you are interested in. For example, we can use shopping data, wish list content and your age (if this information is available to us) and comparison with users with similar features to find out which styles and product categories you are interested in. Thus, we can show the products which will probably be most relevant to you first the next time you perform a search. Along with the interests you have directly shared with us, we can also derive your interests from other data we have collected. If, for example, you repeatedly visit a particular area of ​​the JoDis webshop, we can extrapolate your interests from your access data by means of usage analysis. For this purpose, we also receive demographic information and statistics on our users from our external advertising partners (such as age, gender, region), as well as device and access data and interests. We take care that our advertising partners only provide JoDis with aggregate, encrypted and anonymous data, so that we cannot assign the data to any particular person, especially any particular user. This information may help us to understand our users better, perhaps within the framework of customer structure analyzes and user segmentation. You can find further information on the processing of your data for advertising purposes under "How does JoDis use my data for marketing?".

1.6. Messages and conversation content

When you communicate with us or other users regarding products (eg product evaluations) and other topics by phone, post, social media, contact forms or any other medium, we collect the content of your messages. We may forward your messages to the office responsible for your concerns, perhaps to partner companies. If your messages are forwarded to another company, you of course have the option to tell us that the data should only be used by JoDis. If so, we will not forward your information to the responsible office, or will only do so without your personal information, provided that your concerns can be processed in this way. If you transmit messages to us for other users via functions provided for this purpose (eg product evaluations), we may publish these within the scope of our services.

JoDis also uses social network services such as Facebook, Instagram and Twitter to communicate with customers and users. We use these popular platforms to offer you further contact and information options beyond our in-house communication channels. Please bear in mind, however, that we do not have any influence on the terms of use for social networks and the services they offer, and only limited influence on their data processing. We therefore ask you to carefully check which personal data you share with us via social networks. We cannot influence the behavior of social media operators, other users or third parties who may work with the operators of the social networks or also use these services.

1.7. Social network data

JoDis maintains profile pages (also called "fan pages") on various social networks. Additionally, JoDis services may incorporate social networking features. These may be messenger services and so-called social plug-ins or social logins such as "Sign in with Facebook". If you are in direct contact with us through our social media profiles or if you use social networking features integrated into our services and you are a member of the respective social network, we may receive data from the social network operator that allows you to be identified . Usually, we can see the following data:

• Your public profile information stored on the respective social network (eg name, profile picture)
• Details of the device type you are using
• The account ID of your profile on the respective network (eg Facebook ID)

Please also refer to the notes on the processing of social network data related to social network features under "Info on websites and apps" and "Information about Social Media Fan Pages". JoDis currently uses the Facebook messenger service and social plug-ins / logins for the following social networks:

• Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The link to Facebook's privacy policy is available here: https://www.facebook.com/business/gdpr .
• Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The link to Twitter's privacy policy is available here: https://gdpr.twitter.com/en.html .
• Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). The link to Pinterest's privacy policy is available here: Pinterest's Privacy Policy.

1.8. Geographical and site data

For particular purposes, we also collect data on your device's current location when you use our services. Two different technologies are used for this. If you approve your device's location services for an app, a website or another online service by JoDis, JoDis processes the location data collected by your device and provided to us in order to provide you with location-specific services.

Some of the apps we use show you shops in your area or suggest products which correspond to your current location. If you allow JoDis to access your device's location services, your location may be regularly processed by JoDis (eg even if you are not currently using the app). This serves to improve the user experience, for example by loading location-dependent content faster when you use the app at your location, or displaying location-based push notifications. We do not use this data to produce any motion profiles. You can obtain further information on location-based services if required. We also collect location data derived from your device's IP address (down to the city level). An anonymised IP address shortened to three characters is used for this purpose. Therefore, this cannot be used to identify your internet connection or device.

What are IP addresses?

Each device connected to the internet must be assigned a multiple-character, unambiguous number (example: 193.99.144.85). This is referred to as an IP address. The first three characters of an IP address are usually assigned to a particular region or a particular internet provider. The approximate location of the internet connection can therefore be derived from the IP address. This procedure (so-called geolocalisation) is used by us and many other online shops, for example to identify fraud and suspicious orders (eg it may be suspicious in particular situations if an order from your customer account uses an IP address from a country where you have never previously made any orders).

1.9. Photos and other personal content

Some of our service-specific applications allow you to share photos and other personal content with us or other users, in order to communicate with us or other users or to personalize services (eg by uploading a profile picture, using the JoDis app's photo search or communicating with a stylist).

When we use your photos, we only do so after a direct invitation to you, for example with phrases like "Tag us in your pictures, and use #jodismoment for a chance to be featured" in an Instagram posting or story. After that we shall always follow up with a message, which for example could be: "Hello, we love your photo! Would we be ok to feature it on our Instagram feed? Your photo would also be visible on our website."

1.10. Information shared during campaigns and surveys

If you take part in a campaign (eg competition) or survey (eg customer satisfaction survey for market research purposes) offered by JoDis, we ask you for personal information. For example, if you take part in a competition we generally ask you for your name and email address, so that we can inform you if you win and to ensure that each participant only takes part in the competition once. We may ask you for further information for some campaigns and surveys. This may be the case, for example, if we carry out a campaign with a partner and the partner needs information on you in order to make the prize available to you. In such cases we will, however, always inform you separately about the information required and how we use it.

1.11. Device and access data

When using online and mobile services, it is inevitable that technical data will be generated and processed in order to provide the features and content offered and to display them on your device. We refer to this data as "Device and Access Data". Device and Access Data are created whenever online and mobile services are used. It does not matter who the provider is.

Device and Access Data are therefore created, for example, when using:

• Websites
• Apps
• Social media fan pages
• Email newsletters (ie if your newsletter interaction is recorded)
• Location-based services

JoDis collects device and access data for online and mobile services offered by JoDis itself. Secondly, JoDis may receive device and access data from online and mobile services of other companies, as long as they are social media or advertising partners of JoDis or participate in the same online advertising networks (eg the "Google Network"). Additional information is available under “How does JoDis use my data for advertising?” and “Information about Social Media Fan Pages”.

Device and Access Data includes the following categories:

• General device information, such as information on the device type, operating system version, configuration settings (eg language settings, system authorizations), information on internet connection (eg name of the mobile data network, connection speed) and on the app used (eg name and version of the app).
• Identification data (IDs), such as session IDs, cookie IDs, unambiguous device ID numbers (eg Google advertising ID, Apple Ad ID), third party account IDs (if you use social plug-ins or social logins) and other common internet technologies , to facilitate recognition of your web browser, your device or a particular app installation.
• Access data automatically transmitted by apps and web browsers whenever you access web servers and databases (within the framework of so-called HTTP requests). This is standardized information on the required content (such as the name and file type of a retrieved file) as well as further information on server access (such as amount of data transferred and error codes), on your device (eg device type, operating system, software versions, device identifications, IP address, the site previously visited and the time of access).

In this chapter, we also inform you of the legal basis on which we process data for the individual purposes. Depending on the legal basis for our processing of your data, you may have additional data protection rights alongside your permanent rights such as the right to information. For example, in individual cases you have the right to object to the processing of your data. You can find further information under "Which data protection rights do I have?".

2.1. Order processing and providing online services as well as localized and individualized services

We process your data in the necessary scope to fulfill contracts and to provide and execute further services requested by you, as described in the Privacy Notice. The purposes of the necessary data processing therefore depend on the purpose of the contract agreed with you (including our Trade Terms and any service-specific terms and conditions or terms of use) or services requested by you.

The most important purposes are:

• The provision, personalization and needs-based design of our services such as the JoDis shop (including the websites, apps and cross-device and cross-platform functions).
• The provision of local services, eg at events and trade fairs.
• The execution of customer programs
• The execution of order processes and customer service, including dispatch and payment processing, claim management as well as the processing of returns, complaints and warranty claims.
• The provision of messages, reports, newsletters and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.

Examples

You can request email information on the availability of out-of-stock items in the JoDis shop. You can request push-service information on particular events or offers and other subjects. If you have signed up, you will regularly receive our JoDis newsletter with information on current promotions.

• The guarantee of the general security, operability and stability of our service including defense from attacks.
• Non-promotional communication with you on technical, security-related and contractually relevant subjects (eg fraud warnings, account blocking or contractual changes).
• The mediation of contracts via our trading and sales platform, perhaps within the framework of the JoDis partner program or JoDis Wardrobe.
• The issuing, redemption, delivery of JoDis vouchers.
• The execution of campaigns and competitions.

JoDis uses the service of external payment providers for payment processing. You can find information on external payment providers under section "Who is my data forwarded to?".

Legal basis

Insofar as the purpose relates to the execution of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6 (1) b GDPR. Otherwise, the legal basis is Article 6 (1) f GDPR, whereby we may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests.

2.2. Individualized shopping

We process your data for the provision of comfortable and useful services which correspond as well as possible to your needs and interests. Because the JoDis webshop's range encompasses many products, it is necessary that we present our content and offers in a needs-based manner so that you can find products you are actually interested in. This requires a user-specific evaluation of the relevance of products and content. To personalize shopping in the JoDis shop we use device and access data which we collect for usage analysis. Alongside this, we also use device and access data which we receive from advertising partners while you visit the JoDis webshop.

If you are logged in with your customer account while visiting the JoDis webshop, we also use profile data, interest data and shopping data to personalize your shopping experience. We refer to this form of shopping personalization as on-site optimization. Only such shopping personalization allows us to present you with suitable search results, product suggestions, style recommendations and other content corresponding to your actual interests. Without such shopping personalisation, as carried out today by many online shops as standard, your search for relevant products would be less convenient and more protracted and the utility of our range for you would be lower.

Shopping personalization does not, of course, prevent you from accessing all content. It does, however, allow you to see content which is more relevant to you more quickly.

We have collected more details on the operating principle of JoDis's websites and apps under “Shopping personalisation”. You can find further details on the operating principle of personalized JoDis Services under "Personalised services".

Legal basis

The legal basis for the processing of your data for shopping personalization within the framework of personalized services is Article 6 (1) b GDPR. The legal basis for the processing of your data within the framework of on-site optimization is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

2.3. Research, Machine Learning and Artificial Intelligence

We process the data collected on our customers for scientific research in the areas relevant to JoDis. This includes in particular the research areas of machine learning, artificial intelligence, natural language processing and deep learning. Research at JoDis concentrates on solutions to real, everyday online shopping problems and is meant to serve the improvement and development of the existing services range. In this way, for example, we can develop services which can suggest products targeted to your interests and needs and recognize styles and assign products which correspond to your actual interests. In doing this, of course, we observe recognized scientific data protection standards. This also means that we only process your data in summarized, anonymised or pseudonymised form for research purposes, for example by replacing all identifiable data such as your name with other values.

Research at JoDis includes the following purposes:

• The development of machine learning procedures allowing estimates, forecasts and analysis of the needs and interests of our users.
• The development of technical solutions for real customer problems which our specialist departments and fashion manufacturers encounter in day-to-day business (eg difficulties in finding suitable products, reducing the probability of bad buys, sizing).
• The development of technical solutions for optimizing business and logistics processes.
• The development of technical solutions facilitating the improvement and development of shopping personalization and fraud prevention.
• The registration of patents and publication of specialist articles.
• Participation in research communities and academic cooperation partners.

Example

The size recommendations for shoes in the JoDis shop we want to use a machine learning algorithm. In developing the learning algorithm, JoDis wants to use shopping data with shoe orders, returns due to sizing and sizing information from various manufacturers. We intend to use this to develop an intelligent size recommendation procedure for shoes in order to predict which shoe models are too large or too small.

Legal basis

The legal basis for the processing of your data within the framework of the research purposes described above is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

2.4. Prevention of fraud and selection of payment methods

In order to combat the risk of data security breaches, data pertaining to users of our services is encrypted in transmission. This applies both to ordering and to registering for a customer account. For this we use the coding system SSL (Secure Socket Layer). Encryption prevents third parties from viewing the data.

To provide additional protection from external attacks, we rely on special security technologies which constantly check our systems and identify and report anomalies. We also use technical and organizational measures to secure our systems against loss, destruction, unauthorized access or distribution of customer data by unauthorized persons. In this manner we wish to keep the risk of unauthorized access as low as possible, because protecting your data is our top priority.

However, we - like other companies - cannot guarantee absolute protection. We also use technical and manual procedures for fraud prevention in order to protect us and our users from misuse of data, especially by fraudulent orders.

Apart from this, we apply technical and manual processes to prevent fraud, so that we and our users are protected against misuse of their data; especially regarding misuse linked to fraudulent orders. For this purpose, JoDis gathers and evaluates your device- and access data under a pseudonym when processing an order (including IP address, identifications, user behavior), order statistics and profile data (for example at which point your delivery addresses were changed then) . Linked to this, the posting is also compared to your previous user and order habits. Also, we perform a general comparison to the total order history with JoDis, and in which events fraudulent actions occurred, or we had suspicion of this. The purpose of this comparison is to reveal any fraudulent patterns and to prevent fraud and identity theft, by comparing these patterns. If we find a high likelihood of fraud, based on our analysis, we may choose to cancel the order or deactivate an account, in order to minimize the risk of false orders and to protect users whose account might have been seized.

As a follow up on the information provided in your customer account, JoDis may transfer your name and the addresses you have listed in your profile, to an external information service provider. The purpose is to achieve that you are in fact enlisted with JoDis and can be reached at the addresses provided.

The typical indications which - often in combination - could point to a high likelihood of fraud attempt in progress, are the following:

• Your delivery address was changed shortly before order processing and/or is located in an area with increased risk of fraud.
• Your order is particularly extensive and/or includes products that are in high demand, and/or orders are placed at a time which is unusual for your area (eg in the night).
• Before placing the order, suspicious log in attempts were made to your account, which suggests an automated process.
• Your customer account is being used from a suspicious IP address.
• Your customer account is being used from an unknown or suspicious device. If our safety measures suspects an attempt of fraud is in progress, or there is an increased risk of fraud, the case at hand is shared with the JoDis Customer Service team in order to manually follow up.

In order to consider the risk of fraud, suitable preventive actions may be taken, such as temporarily locking the customer account or limiting the available payment methods.

Legal basis

When the processing of your data happens in order to prevent fraud, the legal basis can be found in article 6, paragraph 1, letter b in DSGVO.

3.1. Transfer of data linked to an open debt claim, to a financial service provider

If you despite several reminders have not paid an open claim, we may transfer the needed data to a financial service provider, in order to have that financial service provider take over the collection of the claim in question. Alternatively, we can choose to sell the open claim to a financial service provider, who will then be able to make the claim in their own name.

Legal basis

The legal basis for transferring data linked to the administrative collection of debt is art. 6 pieces. 1 b) in GDPR (the Data Protection Regulation); the transfer of data within selling the debt claim happens on the basis of art. 6 pieces. 1 f) in GDPR.

4.1. Info

Depending on the purpose, we use the data we have stored for data analysis. For example, we use summarized (aggregated), statistical, depersonalised (anonymised) profile information or data which can only be assigned to persons via further intermediate steps (pseudonymised profile information) as well as shopping and device and access data in order to understand and analysis purchasing processes using data analysis. This gives us anonymous or pseudonymised findings on our users' general usage behaviour. We process your data on the basis of balancing interests to protect our legitimate interests or those of third parties (such as advertising partners).

JoDis's legitimate interest or that of third parties in data processing derives from the relevant purposes and is, unless otherwise indicated, of a competitive and economic nature.

Legal basis

If data processing for the above purposes occurs with your consent, the legal basis is Article 6 (1) a GDPR (consent). This data processing data otherwise occurs on the basis of Article 6 (1) f GDPR, whereby the legitimate interests are for the above purposes.

4.2. Development of products and technology

We use your data for product and technology development including the development and improvement of personalized services. In doing this we use aggregated, pseudonymised or anonymised data and machine learning algorithms, perhaps from our research, which facilitate estimates, forecasts and analysis in the interests of our users. In this way, for example, we can develop services which can suggest products targeted to your interests and needs and recognize styles and assign products which correspond to your actual interests.

Data is processed in relation to product and technology development particularly for the following purposes:

• The development and improvement of personalized services and technologies for data analysis, advertising and personalized online shopping.
• The development of technologies and concepts to improve IT security, prevent fraud and improve data protection eg by pseudonymisation, encryption and anonymisation technologies.
• The development and testing of software solutions for the optimization of necessary business and logistics processes.

Legal basis

The legal basis for the processing of your data for product and technology development purposes is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

4.3. Business management and optimization

We transmit and process your data where necessary for administrative and logistical processes and to optimize business processes within JoDis in order to design these in a more efficient and legally secure way and to fulfill our contractual and legal obligations (eg retention obligations under commercial and tax law ).

Data processing for business management and business optimization includes, for example, the following purposes:

• The execution and improvement of customer service.
• The prevention and clarification of criminal offences.
• Guaranteeing the security and operability of our IT systems.

Legal basis

The legal basis for the processing of your data for business management and optimization is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes. Where we process your data on the basis of legal specifications, eg retention obligations and money laundering tests under tax law, the legal basis is Article 6 (1) c GDPR.

4.4. Based on your consent

If you have given us your consent for the processing of personal data, your consent is the primary basis of our data processing. Which of your data we process on the basis of your consent depends on the purpose of your consent.

Typical purposes include:

• Subscription to a newsletter.
• Participation in surveys and market research studies.
• Processing of your location data by Google Maps in specific cases, such as offering information on the nearest pick-up points of your order.

4.5. Withdrawal information

You can withdraw consent at any time with effect for the future, eg by e-mail or letter. If the relevant service supports this function, you can adjust and withdraw consent to receive newsletters and other notifications. You can find the link to the preference center in each newsletter. Each newsletter also contains a corresponding unsubscribe link. You can find further instructions under “Which data protection rights do I have?”

4.6. Other purposes

If data protection law allows it, we can use your data for new purposes such as carrying out data analyzes and developing our services and content without your consent. It is a prerequisite for this that these new purposes for which the data is to be used were not fixed or foreseeable when the relevant data was collected and the new purposes are compatible with the purposes for which the relevant data was originally collected. For example, new developments in the legal or technical sphere and new business models and services may lead to new processing purposes.

Examples

• If you create a wish list in the JoDis app, you can view and edit this later on the JoDis website.
• If you search for products on the JoDis website, we save your search terms. This allows us to show the results first which are probably particularly relevant to you when you search the JoDis website in the future.
• If you place a product in the basket, we can give you recommendations on the selection of a suitable clothing size on the basis of your previous orders and returns.
• If you have subscribed to our newsletter, we can present you with products which fit your previous orders. • We also consider your previous orders when recommending new products to you that may fit your shopping preferences.

5.1. What are individualized services?

Individualized services allow us to offer you better, more practical and more secure services. To this end we use the data we have stored about you in order to determine your needs and interests. On this basis we can offer you more relevant content corresponding to your needs and interests. Of course, you still have access to all content. Personalization allows you to see content which is more relevant to you more quickly, or content is specially presented to you (eg in the form of individual product recommendations).

5.2. Why do I need a customer account?

Most of our personalized services require you to set up a customer account so that we can save data we collect on you at a central location.

5.3. Which customer account data is saved?

Data which we collect about you is saved on your customer account, along with your customer number (customer ID). The customer number is a randomly generated sequence of numbers which does not contain any personal data. Your data is associated with your customer number, in order to link you to your customer account. The customer number also functions as a pseudonym.

5.4. Which data is used for the individualisation?

Personalized content is generally selected on the basis of all data stored on your customer account. If device and access data is used which is not saved on your customer account, these are only pseudonymised for the relevant personalization (so eg in connection with your customer number, but not in connection with your named or other directly identifying profile data) for the duration of the usage. Not used:

• Creditworthiness data
• Information for campaigns and surveys
• Job applications
• Notifications (eg from customer service)

5.5. Your options

You can view most of the data we have stored on your customer account at any time. If required you can also edit this data on your account and influence personalisation, perhaps by providing your preferences. If personalization is based on device and access data, you can prevent the collection of this data by deactivating the collection of this data by tracking tools. Please bear in mind, however, that you will receive less or no personalized content and services. Please bear in mind that the data used for personalized services are also needed for other purposes (including the provision of our services), in which case the collection of the data required will continue to be collected. However, the advertising presented to you will then not be personalized.

6.1. Provider

You can find the responsible service provider in the imprint of the relevant website or app.

6.2. Which data is stored?

We generally collect all the data which you directly share with us via our services.

Device and access data

Whenever you access our services and databases, we collect device and access data and record it in so-called server log files. The IP address it contains is anonymised shortly after the end of the relevant session, as soon as storage is no longer required to maintain the functionality of the relevant website. If it is available and activated on your device, we also collect a device-specific ID number (eg a so-called “promo ID” if you are using an Android device or an “ad ID” if you are using an Apple device) . This device ID is issued by the manufacturer of your operating system and can be read by websites and apps and used to present content on the basis of your usage habits. If you do not want this, you can deactivate it at any time in your device's browser settings or system settings.

Login

We set up password-protected personal access for users who register for a customer account or another service. If you do not log out again after logging in with your login details, most services automatically keep you logged in. Depending on the type of service, a cookie or similar technology is used for this. This function allows you to use part of our services without having to log in again every time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your profile information or submit an order. You can find more information under "Personalised services".

Social Plug-ins

Our services may contain social plug-ins (“plug-ins”) from various social networks. These plug-ins allow you, for example, to share content or recommend products. The plug-ins are deactivated as standard and therefore do not send any data. You can activate the plug-ins by clicking on the corresponding button (eg "activate social media". The plug-ins can also be deactivated again with a click. If the plug-ins are activated, your web browser sets up a direct connection to the web servers of the relevant social network. The content of the plug-ins is then transferred by the social network directly to your web browser and integrated by the latter into our website. Integrating the plug-ins allows the social network to receive the information that you have called up the relevant page of our internet offering and can collect your device and access data.

If you are logged into the social network, the latter may also assign the visit to your account with the relevant social network. If you interact with the plug-ins, for example by clicking the Facebook "like" button or making a comment, the corresponding information will be transmitted by your browser directly to the social network and stored there.

The purpose and scope of the data collection, and the further processing and use of the data by the particular social networks and your rights and configuration options concerning this to protect your privacy, can be found in the privacy notices of the respective social networks and websites . You can find the links to these below. Even if you are not registered with the social networks, websites with active plug-ins may send data to the networks. An active plug-in will place a cookie with an ID each time you call up the website. Because your web browser sends this cookie without being asked every time you connect to a server, the social network could in principle create a profile of which websites the user belonging to the ID had called up. And it would also be quite possible to assign this ID to a person, for example if they later registered with the social network.

Social Plug-ins from Facebook

We use plug-ins by the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), on several websites. You can find the link to Facebook's Privacy Policy here: https://www.facebook.com/business/gdpr

Social Plug-ins from Twitter

We use plug-ins by the social network Twitter, operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”), on several websites. You can find the link to Twitter's privacy policy here: https://gdpr.twitter.com/en.html

Social Plug-ins from Pinterest

We use plug-ins by the social network Pinterest, operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”), on several websites. You can find the link to Pinterest's privacy policy here: Pinterest's privacy policy. LINK MISSING!

Social Logins

Our services may offer you the option of registering with us directly using your social network accounts. If you wish to use this function, you will first be forwarded to the relevant social network's offering. There you will be asked to log in with your user name and password. Of course, we do not ourselves take note of your login details. If you are already logged in, this step will be skipped. The relevant social network then notifies you and asks you to confirm which data are transmitted to us (eg public profile, friends list, email address and current residence). We use the data transmitted to create your customer account, but will not, of course, save your friends list, for example. No further permanent connection between your customer account and your social network account will take place. We also receive social network data from the providers of the relevant social networks..

6.3. Individualized shopping experience

Our services use the device and access data from the usage analysis, which are collected when you use our service, for shopping individualisation. Depending on the type of service, this may include common tracking technologies using tracking pixels and identification cookies or similar Ids (so-called tagging). In addition, our advertising partners may collect your device and access data in this way, in order to provide us with information on your interests and demographic data (such as age, gender, region) during your use of our services. This allows us to present you with advertising and/or particular offerings and services which correspond to your interests (for example product recommendations based on the fact that you have only viewed trainers in the last few days).

Our goal when doing this is to make our offering as attractive to you as possible and to present you with advertising corresponding to your interest areas. Of course, you can continue to use all content and functions.

This on-site optimization does, however, allow us to first show you content and functions which are more relevant for you. On-site optimization is carried out automatically by our systems, which recognize that users have repeatedly called up products and content from particular categories.

You can find further information under “How does JoDis use my data for advertising?” If you do not want on-site optimization, you can deactivate this function at any time. To do this, please deactivate the “data processing” function.

6.4. Information on website cookies

Our website uses cookies. Accepting cookies is not a prerequisite for using our websites. We would, however, like to point out that our websites can only function on a limited basis if you do not accept cookies. You can set your browser up in such a way that cookies are only saved if you agree to this.

What are cookies?

Cookies are small text files which are saved by your web browser and which save particular settings and data for exchange with our web server.

A distinction is generally made between two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies which are stored for a longer period. Storing this data helps us to design our websites and services for you accordingly and makes them easier for you to use, for example by saving particular entries so that you do not have to repeat them constantly.

The cookies used by our website may come from JoDis or advertising partners. If you only wish to accept the JoDis cookies, but not our advertising partners' cookies, you can choose the corresponding setting in your browser (eg “block third-party cookies).

The help function in your web browser's menu bar generally shows you have to reject new cookies, and to turn off cookies which have already been received. We recommend that you completely log out after you finish using our website on shared computers which are set to accept cookies and Flash cookies.

Our services use three categories of cookies:

• Necessary cookies: These cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the basket function, such that the goods in your basket remain saved while you continue with the purchase. The necessary cookies also serve to save particular inputs and settings which you have made so that you do not have to constantly repeat them, and to adapt JoDis content to your individual interests. Only limited use of the website is possible without necessary cookies.
• Statistical cookies: These cookies collect device and access data to analyze the use of our website, such as which areas of the website are used how (so-called surfing behaviour), how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our website and to find out what our users are interested in, and to measure how effective our advertising is. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
• Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data, in order to adapt personalized advertising on JoDis websites to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our websites. This allows us to display personalized advertising on other websites and in other providers' apps which fits your interests (so-called retargeting). Marketing cookies can be blocked without adversely affecting the navigation and operation of the website. Shopping personalization may, however, not be possible. We have collected country-specific overviews of all cookies used in the JoDis shop. You can find these under "Information on individual websites".

6.5. Online advertising/Retargeting

Our website contains cookies and similar tracking technologies from advertising partners which operate an online advertising network. This also allows our advertising partners to collect your device and access data and to present you with personalized advertising on other websites and in other providers' apps targeted to your interests (eg advertising based on which products you have previously viewed in the JoDis shop). You can find further information under “How does JoDis use my data for advertising?” You can deactivate the processing of your data for retargeting at any time. To do this, please deactivate the "Data processing" function in the JoDis shop. In the JoDis webshop you can find this function directly next to the link to this Privacy Notice. For other websites and apps you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Deactivate further advertising.

6.6. User analysis

We use common tracking technologies to evaluate devices and access data. This allows us to find out how our offering is being used by our users in general. We do this using identification cookies and similar identifiers. This allows us to find out, for example, which content and topics are particularly popular, when our services are used the most, from which regions (down to the city level) our services are used and which browsers and devices our users generally use.

We may also carry out so-called A/B tests in the course of usage analysis. A/B tests are a special kind of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website or app in order to find out which version performs better, is more popular or lets users find their desired content quicker. Producing a version A and version B and testing both versions provides data which makes it easier and faster to make changes to services and content.

You can find out which tracking tools our websites and apps use under “Information on individual websites”). You can also find information there on deactivating usage analysis. You can deactivate the processing of your data for usage analysis at any time. To do this, please deactivate the "Data processing" function in the JoDis shop. In the JoDis web shop you can find this function directly next to the link to this Privacy Notice. In other services, please do this by deactivating usage analysis.

7.1. Provider / Responsible party

The responsible JoDis company, which acts as the content provider responsible for a fan page, is visible in the Legal Info of the respective fan page. The Facebook and Instagram social networks are both provided by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Insofar as you communicate directly with us via our fan pages or share personal content with us, JoDis shall be responsible for processing your data. An exception applies to the data processing for usage analysis (Page Insights) which is described in the following; in this case, we are jointly responsible with Facebook.

Facebook's data processing of your data

Please note that Facebook also processes your data when you use our fan pages for their own purposes, which are not covered in this Privacy Notice. We have no influence over these data processing operations of Facebook. In this regard, we refer you to the privacy policy of the respective social networks:

• https://www.facebook.com/business/gdpr

• https://www.facebook.com/help/instagram/2000935033561463?helpref=related

7.2. Which data are collected?

When you visit our fan pages, JoDis collects all communications, content and other information that you provide us directly, eg when you post something on a fan page or send us a private message. Of course, if you have an account on the social network, we can also see your public information, such as your username, information in your public profile, and content that you share with a public audience. For more information, see "Which data does JoDis process".

Usage analysis (page-Insights)

Whenever you interact with fan pages, Facebook uses cookies and similar technologies to track the usage behavior of fan page visits. On this basis, fan page operators receive so-called "Page Insights". Page insights contain only statistical, depersonalised (anonymised) information about visitors to the fan page, which can therefore not be assigned to a specific person. We do not have access to the personal information Facebook uses to create Page Insights ("Page Insights data"). Selection and processing of Page Insights data is performed exclusively by Facebook. Page insights offer us information about how our fan pages are used, what interests visitors to our fan pages have, and what topics and content are particularly popular. This allows us to optimize our fan page activities, eg by better tailoring to the interests and usage habits of our audience when planning and selecting content. JoDis and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfills the data protection obligations under the GDPR with regard to Page Insights data processing. You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum .

Facebook has summarized the important parts of this agreement (including a list of Page Insights data) for you here: https://www.facebook.com/legal/terms/information_about_page_insights_data

Legal basis

If you have given consent to the creation of Page Insights data to Facebook, the legal basis is Article 6 (1) a GDPR (Consent). Otherwise, the legal basis is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

Obviously, your privacy rights are described in "Which data protection rights do I have?" also apply to the processing of your data in connection with our fan pages. For the purposes of processing your Page Insights data with Facebook, we have agreed with Facebook that Facebook is primarily responsible for providing you with information about the processing of your Page Insights data and for enabling you to exercise your privacy rights under the GDPR (eg right two objects). You can find more information about your data protection rights in connection with Page Insights and how you can exercise them directly with regard to Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data

You can also address your inquiry to JoDis; we will then forward your inquiry to Facebook.

8.1. How do I sign up for newsletters?

When sending out our notifiable newsletters (such as the JoDis shop newsletter), we use the so-called double opt-in procedure or single opt-in procedure (country-dependent), ie we will only send you the newsletter if you have given explicit prior consent to us activating the newsletter. If a double opt-in is required in your country, you must also have confirmed that the email address you have shared with us belongs to you.

For this purpose, we will send you a notification email and ask you to confirm by clicking on one of the links in this email that you are the owner of the email address you have shared with us. We may waive this measure if you have already confirmed to us in this way for another purpose that you are the owner of this email address.

8.2. Unsubscribe to newsletters

If you no longer wish to receive emails from us, you can unsubscribe at any time by using the unsubscribe link available in every newsletter you receive from us. You may also send a notification in text form (eg email or letter) to the JoDis Customer Service team.

8.3. Which data are collected?

If you subscribe to a newsletter, we temporarily store your IP address and save the time of your subscription and confirmation. This way we can prove that you actually subscribed and identify any unauthorized use of your email address. We collect device and access data when you interact with newsletters, transactional emails, as well as push notifications. For this evaluation, the newsletters contain links to image files stored on our web servers. When you open a newsletter, your email program loads these image files from our web server. We collect the device and access data under a randomly generated ID number (newsletter ID), which we will not use to identify you without your consent. This way we can understand whether and when a newsletter was opened.

The links contained in the newsletters likewise contain their newsletter ID so that we can determine which content is read. In order to personalize the communication, we collect open and click data to provide you with relevant communication. We aggregate the data for newsletter ID and connect your newsletter subscription with your customer account in order to personalize newsletter content according to your interests and usage habits and to statistically analyze how our users use the newsletter service. This shopping personalization is an integral component of the JoDis webshop newsletter.

You may object to the personalization at any time by changing your settings in the "Data Preferences" section on JoDis's website. We connect this data to other data which we collect within the framework of usage analysis, as long as you opt in for analytics tracking in the “Data Preferences” section on our website.

Alternatively, you can deactivate the display of images in your email program. In this case, however, the newsletter will not be displayed to you in full.

If you do not wish to receive any individual product recommendations from us by email, you can informally object to it at any time by clicking the unsubscribe link which you will find in every email, or by sending an email to our Customer Service team.

We also stored the following data for this purpose:

• Date of issue
• Voucher value
• Voucher code
• Personalization data (if you provide this)
• Name of voucher holder (for personal vouchers)
• Time of voucher redemption
• Name of the redeeming party and the customer account ID of the account used for redemption.

If you are looking for sneakers on the website of a JoDis advertising partner, we can take this information into account in your product searches in the JoDis shop. This allows us eg to show you sneakers first in the feed on the homepage. If you inform us of preferences in your customer account or you have already bought sneakers from us, we can also take this information into account in our recommendations.

11.1. Advertising formats and channels

The advertising formats used by JoDis and JoDis's advertising partners include presentations in the JoDis webshop (within the framework of on-site and in-app optimization), adverts on social networks (eg Facebook ads, Instagram ads, YouTube video ads) and advertising spaces mediated via the online advertising networks used by JoDis such as DoubleClick by Google.

11.2. Information which we use to create target groups

In creating target groups we use our own findings from data analysis on our users' usage and purchasing behavior and customers as well as our market research on user segmentation which we apply to the user data collected by JoDis. In doing this we especially consider aggregated, pseudonymised or anonymised shopping data, search histories, interests data and demographic profile data as well as device and access data.

For example, a target group may be: "Women between 25 and 35 years old who are fashion-conscious and interested in sneakers, and who have ordered a pair of sneakers in the last year". Our advertising partners also have the option to provide us with their own data for user segmentation, which was collected by the advertising partners themselves. The advertising partners must undertake only to provide JoDis with aggregated, encrypted or anonymous data, so that we cannot assign the data to any particular person, especially any particular user of the JoDis webshop.

Some target groups are created on the basis of the users' surfing behaviour. This is the case if advertising is only intended to be presented to users who have recently visited a particular website or searched for particular content.

11.3. How do we use this information in online advertising on the JoDis shop and in other JoDis services

We use the above information within the framework of on-site optimization in order to present you with more relevant information and content when you search for products, call up your feed or visit a product area.

On-site and in-app optimization is based on cookies and similar identification technologies for the pseudonymous collection of device and access data. This data is not used to identify you personally, but rather to evaluate your usage pseudonymously. Your data is never permanently combined with other personal data we have stored on your person. This technology allows us to present you with products and/or particular offerings and services with content based on your device and access data (for example advertising geared to the fact that you have only viewed sports clothing in the last few days).

If you do not want on-site optimization, you can deactivate this function at any time. To do this, please deactivate the "Data processing" function in the JoDis webshop. In the JoDis web shop you can find this function directly next to the link to this Privacy Notice. In other services, please do this by deactivating web analysis or app analysis.

Please bear in mind that data used for on-site and in-app optimization is also used for other purposes (including the provision of our services). The collection of the data used for this is therefore not prevented by deactivation. The advertising presented to you will, however, no longer be personalized.

11.4. On social networks

If we advertise via advertising formats offered by social networks (eg YouTube, Facebook, Instagram), we have the option of forwarding encrypted information on JoDis users (eg device and access data such as advertising and cookie IDs, email addresses) which we believe belong to an advertising customer's target group or show particular features (eg age group, region, interests). The relevant social network will then - either on our behalf as an order processor or with the consent of the relevant user - decrypt the transmitted data and display the advertising booked by us to the user as part of his existing usage relationship with the relevant social network (if he is a member of the relevant social network).

If you do not want us to use your data to present you with personalized advertising on social networks, you can deactivate the forwarding of your data. To do this, please deactivate the "Data processing" function in the JoDis shop. In the JoDis web shop you can find this function directly next to the link to this Privacy Notice. In other services, please do this by deactivating web analysis or app analysis.

If you have consented to the forwarding of your data to social networks, you can withdraw your consent at any time. You may also have the option of deactivating the use of your data for personalized advertising by the social networks you use by directly contacting the relevant providers.

For further information, directly contact:

Facebook (Facebook, Instagram):

● Information on Facebook adverts

● Advertising settings for Facebook

Google (Google advertising network, YouTube, Google search):

● Information on Google adverts

● Advertising settings for Google

11.5. On advertising spaces mediated via online advertising networks (Retargeting)

Advertising partners which run an online advertising network may use cookies and similar technologies to pseudonymously collect your usage behavior using device and access data on the JoDis shop and in other providers' apps.

These advertising partners use the data collected in order to identify the probability of you belonging to the target group we are addressing, and take this into account when choosing the adverts on the advertising spaces mediated via their online advertising network. This standard internet technology is referred to as retargeting.

Retargeting allows us to run advertising which is as relevant to you as possible and to measure the efficiency and reach of the advertising materials, but also to check our advertising partners' bills for campaigns we are running. You can get further information on the operators of the respective advertising spaces and the online advertising networks charged with mediating them. You can find an overview of advertising partners and information on deactivation under "Information on individual websites".

You can deactivate the processing of your data for retargeting at any time. To do this, please deactivate the "Data processing" function in the JoDis webshop. On the JoDis webshop you can find this function directly next to the link which you used to reach this Privacy Notice. In other services, please do this by deactivating usage analysis.

You can deactivate retargeting by participating online advertising networks for our websites on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Deactivate further advertising. Please bear in mind that the data used for retargeting is also needed for other purposes (including the provision of our services). The collection of the data used for this is therefore not prevented by deactivation. The advertising presented to you will then not, however, be personalized.

12.1. Shipping companies

We work with external shipping companies (eg UPS) to deliver orders. These shipping companies receive the following data to execute the relevant order:

• Your name
• Your delivery address
• Your post number if applicable (if you wish to have the order delivered to a UPS packing station)
• Your email address if applicable (if the shipping company wishes to inform you of the provisional delivery date by email)

12.2. Payment service providers

JoDis offers different payment options, such as advance payment and payment by credit card. For this purpose, payment data can be transferred to payment service providers with whom we work. You can find more details about processing of personal data by payment service providers in their privacy policies: https://www.nets.eu/gdpr

12.3. Social media networks

As part of advertising campaigns we forward data to social network providers within the scope of data protection law. You can find further information under "How does JoDis use my data for advertising?".

12.4. Authorities and other third parties

If we are obliged by an official or court decision or it is for prosecution purposes, we will if necessary forward your data to prosecution authorities or other third parties.

Important information:

• In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach sufficient proof of identity to your request by email or post. It is generally sufficient for this if you send your request to us using the email address saved to your account.
• You can change most of your information yourself in your customer account. For other cases please contact customer service.
• If you have given consent for the processing of your data, you may withdraw it at any time. Withdrawal has no effect on the admissibility of the processing of your data which took place before the withdrawal.
• You may object to the processing of your data for advertising purposes, including direct marketing (including in the form of data analysis) at any time without giving reasons.
• If we are processing your data on the basis of balancing of interests according to Article 6 (1) f GDPR (eg the reporting of creditworthiness to an external credit agency), you may object to the processing.

When asserting your objection, we ask you to give the reasons why you do not wish us to continue processing your data. In the event of a justified objection, we will check the state of affairs and either stop or adjust the processing, or inform you of the urgent reasons worthy of protection why we are entitled to continue the processing.

If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing.

14.1. What does blocking mean?

If data is blocked, restriction of access rights and other technical and organizational measures are used to ensure that only a few employees can access the relevant data. These employees may also only use the blocked data for the above purposes (eg for submission to the tax office in the event of a tax audit). Blocking will occur, for example, in the following cases:

● Your order and payment details and perhaps other details are generally subject to various legal retention obligations, such as the Trade Act and the Tax Code. The law obliges us to retain this data for tax audits and financial audits for up to ten years. Only then can we finally delete the relevant data.

● Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing or prosecution or legal defense (eg in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation period. After the relevant limitation periods expire, the relevant data will finally be deleted.

Deletion may be waived in the cases allowed by law if the data is anonymous or pseudonymous and deletion would rule out or seriously hinder processing for scientific research or statistical purposes.