Legal info

Data Privacy

The following statement provides an overview of what personal data TOM TAILOR E-Commerce GmbH collects during your visit to our website, for what purpose and how it is used.


CONTROLLER 

  • The controller within the meaning of the General Data Protection Regulation is:
  • TOM TAILOR E-Commerce GmbH
  • Garstedter Weg 14
  • 22453 Hamburg
  • e-shop@tom-tailor.eu


CONTACT 

TOM TAILOR E-Commerce GmbH offers you the opportunity to contact customer services via the webpages for all questions regarding online orders, invoices or returns. You may contact TOM TAILOR E-Commerce GmbH by phone or by arranging a callback. When contacting us, personal data such as your name, date of birth, e-mail address and telephone number will be collected, should this be necessary to process your request. This data is processed to the necessary extent, so as to provide the services offered. The data will then be deleted if is no longer required to fulfil your request. 

Alternatively, you may contact us via the e-mail address provided or via the chat function in the TOM TAILOR online shop. In this case, all personal data of the user, which is transmitted via e-mail or chat, will be stored. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (b) GDPR. Article 6(1) sentence 1 point (f) GDPR shall form the legal basis insofar as the service in question is a service from which no contract can be derived. 

REGISTRATION 

The internet pages of TOM TAILOR E-Commerce GmbH offer the possibility of registration by means of entering personal data. The data is entered into an input mask, as well as transmitted to us and stored. The data will not transferred to third parties. During the registration process, data such as your name, address, e-mail address, date of birth and telephone number will be collected. Registration is required for the provision of certain contents and services on the Internet pages. The data is processed based on your consent. Consent is obtained during registration with reference to this privacy statement. In case of a withdrawal of the declaration of consent, the data will be deleted. You may withdraw your consent regarding the above-mentioned registration, processing and use of your data at any time with effect for the future by sending a message to abmeldung@tom-tailor.com or to TOM TAILOR E-Commerce GmbH, Postfach (P.O. Box) 1700, 31817 Springe. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (a) GDPR. 


NEWSLETTER 

On the internet pages offered by TOM TAILOR E-Commerce GmbH there is a possibility of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us and stored. The data encompasses your name, date of birth, title and e-mail address (only the title and e-mail address are mandatory fields). The data is collected so as to forward the newsletter. The data is processed based on your consent. Consent is obtained during login process with reference to this privacy statement. In case of a withdrawal of the declaration of consent, the data will be deleted, unless there is a need for further storage of the data, e.g. due to legal requirements. 

As far as you are already a customer of the online shop or will become one in the future, we would like to tailor this newsletter to your individual interests and product preferences and, for this purpose, create a personal user profile on the basis of the information you provide and the information stored in your customer account and your automatically generated usage and transaction data (see the text passage on cookies for more details). 

If you register for the newsletter, you agree that TOM TAILOR E-Commerce GmbH may create and use the aforementioned personal user profile to send you a personalised newsletter.  

You may withdraw your consent regarding the above-mentioned registration, processing and use of your data at any time with effect for the future by sending a message to abmeldung@tom-tailor.com or to TOM TAILOR E-Commerce GmbH, Postfach (P.O. Box) 1700, 31817 Springe. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (a) GDPR. 


DECLARATION OF CONSENT REGARDING THE NEWSLETTER SUBSCRIPTION 

I agree that, for the purpose of optimising the offer and product information in line with my interests and needs, my (SURNAME, FIRST NAME, TITLE, BILLING AND DELIVERY ADDRESS, E-MAIL ADDRESS, TELEPHONE NUMBER, BIRTH DATE, CUSTOMER NUMBER, PAYMENT DATA) may be processed and used and this information may be combined with usage and transaction data (e.g. name, surname, title, billing and delivery address, e-mail address, telephone number, birth date, customer number, payment data). The data is combined in a database together with usage and transaction data (e.g. time of the order, information on the purchased / returned goods including individual and total prices, discounts, participation in promotions and use of vouchers), which is collected when ordering via the online shop. The data stored in the user profile will be used by comparing it with the product range of the TOM TAILOR E-Shop to provide me with an offer optimisation in line with my interests and needs, as well as product information, by means of a newsletter. 

I may withdraw my consent regarding the collection, processing and use of my data as described above at any time with effect for the future via the link provided in each newsletter or by sending a message to abmeldung@tom-tailor.com or to TOM TAILOR E-Commerce GmbH, Postfach 1700, 31817 Springe. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (a) GDPR. 


POSTAL ADVERTISING 

We use the data you provide when placing an order to forward advertising from us (e.g. information about special offers, discount campaigns etc.) by post. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (f) GDPR. 


COMPETITIONS 

The internet pages of TOM TAILOR E-Commerce GmbH offer the possibility of entering competitions by means of entering personal data. The data is entered into an input mask, as well as transmitted to us and stored. The data will not transferred to third parties. 

Your e-mail address will be collected when taking part in competitions. 

This data is processed within the framework of activities necessary to facilitate the competitions. Subsequently, the data will be deleted, unless the data is still required for the performance of a contract or pre-contractual measures. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (b) GDPR. 


CREDIT ASSESSMENT / REPORTING TO CREDIT AGENCIES 

For the purpose of fraud prevention and to minimise possible risks of non-payment, we carry out a credit assessment. In this context, we transmit personal data, namely your name, date of birth and address, as well as information on the claim amount and the due date via Arvato Payment Solutions GmbH, Gütersloher Straße 123, 33415 Verl to the credit agency infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden. Furthermore, information on your previous payment history and creditworthiness information based on mathematical statistical methods using address data will be obtained from Arvato Payment Solutions GmbH, Gütersloher Straße 123, 33415 Verl by Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden. 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (f) GDPR. 

If you do not make a payment to us despite this being due, TOM TAILOR will transfer your data concerning the non-contractual transaction (amount of our outstanding claim(s), associated goods, name and address data) under the terms of Article 6(1) point (f) GDPR (e.g. if the obligation to pay has been established by a court decision or if you have acknowledged the claim) to Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden. 


ACTIVE PAYMENT METHOD CONTROL

During the ordering process, you are offered only those payment methods that you can actually use (active payment method control). For this purpose, we transmit your contact data (name, address, date of birth, e-mail address, if applicable) as well as information on the goods / services you have ordered (e.g. order value, product group, value of goods, if applicable inquiry channel and type of delivery) to Arvato Payment Solutions GmbH, Gütersloher Straße 123, 33415 Verl. Arvato Payment Solutions GmbH will transmit your contact data via informa Solutions GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany as the processor of the order to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany ("ICD") for credit assessment. The ICD will, among other things, based on address data and payment experiences from the past using mathematical statistical procedures (in particular methods of logistic regression and comparisons against groups of people who have displayed similar payment behaviours in the past) will create a forecast regarding payment probabilities (score) and will forward this score to us. Taking into account the details of the goods / services you have ordered, the score provided by ICD, your contact details (name, address and, if applicable, date of birth and e-mail address) and any previous payment behaviour data / historical information you may have provided to us, a balanced decision will be made against the background of fraud prevention and the minimisation of possible non-payment risks as to whether we can also offer riskier payment methods to you, such as open account. 

In addition, informa Solutions GmbH uses the services of Fraud.net Inc, 330 7th Avenue, New York City, NY 10001, USA, as a further processor for fraud prevention and detection. Fraud.net holds "EU–U.S. Privacy Shield" certification. Data is processed and stored within the EU. 

More detailed information on the ICD and Arvato Payment Solutions GmbH in the sense of Article 14 of the European General Data Protection Regulation ("EU GDPR"), i.e. information on the business purpose, the purposes of data storage, the data recipients, the right of self-disclosure, the right to deletion or rectification etc. may be found under the following link: https://finance.arvato.com/icdinfoblatt or https://documents.myafterpay.com/tnp/privacy-statement/de_de/ 

The legal basis for the processing of your personal data is Article 6(1) sentence 1 point (f) GDPR. 


LINKS TO THE INTERNET PAGES OF VARIOUS SOCIAL NETWORKS

You will find links to the websites of various social networks in the footer of our website. For information on the storage and use of your data, as well as your rights and setting possibilities so as to protect your privacy, please refer to the data protection information provided by the respective network operator. 


DATA TRANSMISSION TO THIRD COUNTRIES

Unfortunately, when using Internet technologies, data transfer to third countries, and especially the USA, cannot be avoided. In particular, but not exclusively, the services of Google, Facebook, Criteo, and/or their partners and New Relic are affected. When selecting our partners, we make sure that the requirements for the transfer of personal data to third countries are met. 


CREATION OF LOG FILES 

Every time you access the Internet pages of TOM TAILOR E-Commerce GmbH, information transmitted by your browser is automatically and temporarily stored. In the created log files, the browser type/version, operating system used, name and URL of the retrieved file, reference URL (the page previously visited), host name of the accessing computer (IP address), as well as the date and time of the server inquiry are recorded. This data is not merged with other data sources. The storage and processing of this data exclusively serves the purpose of system security and optimisation of the Internet offer. The legal basis for this is Article 6(1)(f) GDPR. It is our legitimate interest to be able to offer you an optimised internet offer on the one hand, as well as to secure the system on the other hand. Your personal data will not be transmitted to third parties and will be deleted after 24 hours.


COOKIES

We also use so-called cookies for the collection and storage of data. Cookies are data packages stored in your end device by your browser at our instigation. They will do no harm there. They do not contain executable code and therefore no viruses and do not allow us to spy on you. There are two types of cookies: temporary, so-called session cookies and persistent cookies. 

Session cookies are automatically deleted when you close the browser. They store a so-called session ID, by means of which various browser requests can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The use of session cookies is necessary for us to be able to provide you with the respective Internet pages. The legal basis for the processing of your personal data whilst using session cookies is Article 6(1) point (f) GDPR. 

Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookies. Persistent cookies must be distinguished according to whether they are technically necessary or not. If the answer is in the affirmative for individual cases, these too must be based on Article 6(1) point (f) GDPR. The use of technically unnecessary cookies takes place with your consent. These cookies are only placed when you have actively provided your consent. The legal basis for the processing of data is Article 6(1) point (a) GDPR. You may withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until an according withdrawal.  

You may delete the cookies in the security settings of your browser at any time. Using cookies, it is possible for us to trace your usage behaviour for the above-mentioned purposes and to the appropriate extent. They should also enable you to surf our Internet pages in an optimised way. In addition, we use persistent cookies for direct marketing purposes on the Internet, for example to offer you personalised advertising or to evaluate the success of our advertising measures.  

You may set your Internet browser so that our cookies cannot be stored on your terminal device or that any cookies already stored are deleted.  

If you do not accept the cookies, this may lead to restrictions regarding the function of the Internet pages. 

With your consent, we also integrate cookies from third parties. In this case, the corresponding data packages are stored in your browser or transmitted to them by third parties. You may usually prevent the use of third-party cookies by adjusting your browser settings accordingly. The legal basis for the processing of your personal data whilst using third-party cookies is Article 6(1) point (a) GDPR. In this case, you may also withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until an according withdrawal.  

You may withdraw your consent in regard to these placed cookies at any time. 

If you have set up your browser or use plugins to block external scripts, which is especially the case when using adblockers or script blockers, the cookie preferences button will not be displayed. Since in this case the processing of data is already prevented on your part, no processing will take place on our site in accordance with your settings. Thus, there is no need for a withdrawal of the processing of data using third-party cookies. 

Your additional existing rights may be found in the section below entitled "Rights of the data subject" as part of the general principles of data processing. 


DATA DELETION / STORAGE PERIOD

Your personal data will be deleted, as soon as the purpose for which it was stored no longer applies. Furthermore, data may be stored as intended by the European or national legislator in EU directives, laws or other regulations under which TOM TAILOR E-Commerce GmbH shall be obligated. The data shall also be deleted upon the prescribed storage period as per the aforementioned standards expiring, unless there is a need for further storage of the data for the entering into or performance of a contract.


RIGHTS OF THE DATA SUBJECT

If your personal data is being processed, then you are a data subject within the meaning of the GDPR and you are entitled to the below-described rights against us. 

Access: You have the right to receive free information and confirmation from us at any time about the personal data stored about you, as well as a copy of this data. 

Rectification: You have the right to rectification and/or completion, should the personal data processed in relation to you is incorrect or incomplete. 

Restriction of processing: You have the right to request a restriction of processing, if one of the following conditions is met: 

The accuracy of the personal data is disputed by you, namely for a period of time which allows us to verify the accuracy of the personal data. 

The processing is unlawful, you object to the deletion of personal data and instead demand that the use of personal data be restricted. 

We no longer need the personal data for the purposes of processing, but you do need the data for the establishment, exercise or defence of legal claims. 

You have objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether our legitimate reasons outweigh yours. 

Deletion: You have the right to request the immediate deletion of personal data relating to you if one of the following reasons applies and provided that the processing of such data is unnecessary 

The personal data has been collected or otherwise processed for purposes for which it is no longer necessary. 

You withdraw the consent upon which the processing was based and there is no other legal basis for the processing. 

You object to the processing in accordance with Article 21(1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21(2) GDPR. 

The personal data were processed unlawfully. 

The deletion of personal data is necessary, so as to comply with a legal obligation under Union law or the law of the Member States to which we are liable. 

Data portability: You have the right to receive any personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transfer such data to another responsible person without hindrance from us. In exercising this right, you also have the right to request that the personal data concerning you be transferred directly by us to another controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be impaired as a result. 

Objection: You have the right to object at any time to the processing of personal data relating to you, which is carried out "exclusively" on the basis of legitimate interests by us or third parties (Article 6(1) point (f) GDPR). In case of an objection, we will no longer process the personal data, unless we can prove compelling reasons for processing, which are worthy of protection and outweigh your interests, rights and freedoms, or unless such processing serves the establishment, exercise or defence of legal claims. 

Withdrawal of consent: You have the right to withdraw your data protection declaration of consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until an according withdrawal. 

So as to exercise of your rights, please contact the above-mentioned controller, as your rights need to be implemented there as well. However, you may also contact the data protection officer, especially if your request requires a higher degree of confidentiality: 

You may contact the data protection officer for TOM TAILOR E-Commerce GmbH by post via the following address: TOM TAILOR E-Commerce GmbH, Data Protection Officer, Garstedter Weg 14, 22453 Hamburg, Germany or via e-mail at datenschutz@tom-tailor.com


RIGHT OF LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are a resident, where you work or where the alleged infringement took place, if you consider that the processing of personal data concerning you is in breach of the GDPR. 


The data protection supervisory authority responsible for us is 

Free and Hanseatic City of Hamburg
Data protection officer in terms of data protection and freedom of information  
Prof. Dr. Johannes Caspar
Ludwig-Erhard-Straße 22, 7th floor, 20459 Hamburg
Phone: +49 (0)40 / 428 54 - 4040
Fax: +49 (0)40 / 428 54 - 4000
E-mail: mailbox@datenschutz.hamburg.de