1. Processing activities
1.1 Accessing the solution
Each time you access our solution, for example under https://www.find-size.com any website which gives access to our solution, your device transfers a couple of data points to us which we store in our logfiles. This data may include:
· browser type and browser version
· operating system used
· internet service provider
· the IP address
· hostname of the accessing computer
· time of the server inquiry
· websites from which you reach our solution (so-called referrer)
· websites accessed by the user's system via our solution
· bytes transfered
· access status
We process such data temporarily to provide you with the requested content (Art. 6 (1)lit. f) GDPR) and we store and process such data for a period of seven days (unless an unusual incident requires a longer storage period (e.g. after ahacker attack)) for security reasons in order to identify potential attacks on our systems and optimize our systems (Art. 6 (1) lit. f) GDPR). Thereafter, this data is being anonymized.
The collection of data for the provision of the solution and the storage of the data in logfiles is mandatory for the operation of the solution. Consequently, there is no possibility of objection on the part of the user.
1.2 Using the solution
When you use our solution, you are asked to provide a couple of data points. This data may include:
· your age
· your height
· your weight
· a video of yourself
This data is required for the solution to calculate your body measurements and the size of clothes which the solution recommends to you based on such body measurements. Thereafter, the video is deleted and the body measurements together with your age, your weight and your ID is stored by us together with your Size-ID. The Size-ID enables you to use your measurements in any other online shop of any vendor that uses the Presize solution. Your data is deleted or anonymized 3 months (90 days) after you used the Size-ID the last time – unless you enter your email address (optional), then the Size-ID is sent to your email address along with your body measurements as well as updates on the Presize solution and new partner shops where the Size-ID can be used. You can request the deletion by emailing firstname.lastname@example.org. The legal basis for any such processing is the contractual relationship you have with us (Art. 6 (1) lit. b GDPR). In an anonymized state, all of the aforementioned data may be used by us to further train our solution.
In case you access our solution from a website of a vendor ("Vendor"), for example a clothing online shop, the following applies:
- We and the Vendor operate as so-called joint controllers when collecting your data. We have agreed with the Vendor that we will provide you the basic information on the processing of your personal data in that respect and that we will act as your single point of contact, in particular when you exercise your data subject's rights.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject (e.g. accounting, commercial and tax law), Art.6 (1) lit. c) GDPR serves as a legal basis.
4. Transfer to recipients outside the EEA
We might transfer personal data to recipients located outside the European Economic Area (EEA) into so-called third countries. In such cases, prior to the transfer, we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), due to an agreement based on so-called EU model clauses with the recipient (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=en) or, in the case of the USA, based on the EU-US Privacy Shield (https://www.privacyshield.gov/list)) or, in case we transfer data to a Vendor (section 1.2 above) which is located outside the EEA, the transfer outside the EEA is permitted because it is necessary for the implementation of pre-contractual measures taken (Art. 49 (1) lit. b) GDPR).
5. Retention of Personal Data
Personal data is stored for as long as is necessary for the above-mentioned purposes. If not otherwise indicated, the data will be deleted at the latest one year afterits collection, but not until the expiry of applicable statutory retention periods of civil, commercial and tax law.
6.1 General Rights
You can request access to the personal data stored about you and have the right to receive the data you provided in a common and machine-readable format. In addition, you may, in justified cases, request the deletion, correction or limitation of the processing of your personal data. If your personal data is transferred to a country outside the EU that does not offer adequate protection, you can request a copy of the contract that ensures adequate protection of personal data. You also have a general right to complain to us or a supervisory authority in particular in the member state of your residence, place of work or place of suspected infringement about our data processing.
6.2 Right to object
If we use your personal data on the basis of our legitimate interests (Art. 6 (1) lit. f) GDPR), you may object to the processing and use of your data. In this case, we will no longer use your data unless our interests prevail.
6.3 Contacting us or our data protection officer
In order to exercise the aforementioned rights, please contact us directly in writing or via e-mail or contact our data protection officer under email@example.com