1. Purpose of the data processing
1.1 Accessing the solution
Each time you access our solution, for example under https://www.find-size.com or through a website of a vendor (hereinafter "Vendor") which gives access to our solution, your device transfers a couple of data points to us which we store in our logfiles. This data may include:
· browser type and browser version
· operating system used
· internet service provider
· the IP address
· hostname of the accessing computer
· time of the server inquiry
· websites from which you reach our solution (so-called referrer)
· websites accessed by the user's system via our solution
· bytes transfered
· access status
We process such data temporarily to provide you with the requested content (Art. 6 (1) lit. (f) GDPR) and we store and process such data for a period of seven days (unless an unusual incident requires a longer storage period (e.g. after a hacker attack)) for security reasons in order to identify potential attacks on our systems and optimize our systems (Art. 6 (1) lit. (f) GDPR). Thereafter, this data is being anonymized.
The collection of data for the provision of the solution and the storage of the data in logfiles is mandatory for the operation of the solution. Consequently, there is no possibility of objection on the part of the user.
1.2 Using the solution
When you use our solution, you are asked to provide a couple of data points. This data may include:
· your age
· your height
· your weight
· a video of yourself
This data is required for the solution to calculate your body measurements and the size of cloths which the solution recommends to you based on such body measurements. Thereafter, the video is deleted and the body measurements together with your age, your weight and your height are stored by us together with your Size-ID. The Size-ID enables you to use your measurements in any other online shop of any vendor that uses the Presize solution. Your data is deleted or anonymized 3 months (90 days) after you used the Size-ID the last time, unless you have voluntarily provided us with your email address, in which case we store your data together with the Size-ID until you request a deletion by sending an email to firstname.lastname@example.org (see section 1.5 for further information on emails and newsletters and section 6 for further information on your rights). If you provide us with your e-mail address, we will also send the Size-ID to this address along with your body measurements as well as, from time to time, updates on the Presize solution and new partner shops where you can use the Size-ID. The legal basis for any such processing is the contractual relationship you have with us (Art. 6 (1) lit. (b) GDPR).
To improve future size recommendations, we use an ID that allows us to link the order to a product ID and size ordered, as well as return data, including returned and unreturned items and reasons for returns.
In an anonymized state, all of the aforementioned data may be used by us to further train our solution or to run anonymized analyses.
We process some data in case certain events on the Vendor's website (only where our solution is shown) and in our solution itself are triggered. For example, if you click a link or use a function, we store information about that link or that function, together with some other information, like the size or the region you likely come from. All of this data is anonymized data. It does not allow us to reidentify you and does not allow us to link different visits with each other. The purpose of the data analysis is to learn more about how users use our solution (Art. 6 (1) lit. (f) GDPR). You may object to this analytics purposes by emailing email@example.com.
1.4 Cookies and local storage
We use a so-called functional cookie and a functional local storage. Both consist of information which are temporarily stored on your device. They are necessary for the Presize solution to function.
For example, if you have used our solution to calculate your body measurements, they store the Size-ID as described in section 1.2 above and therefore help us re-identify you during your visit in order to show you size recommendations for other products.
1.5 E-mails and newsletter
You can choose to enter your e-mail address when using our solution ("Save your Size-ID") for us to send your Size-ID with your body measurements as well as updates on the Presize solution and new partner stores where your Size-ID is usable. Additionally, you have the option to sign up for our e-mail newsletter to receive regular news about Presize, product recommendations, exclusive offers, articles, and information about events we partake in.
If you have selected one or both options in the input field, we proceed with a double-opt-in procedure. After sending the e-mail registration form, you will receive an e-mail asking you to confirm your e-mail address. This way, we ensure you do not receive our e-mails in an unsolicited, abusive, or accidental manner. The steps of the double-opt-in process are documented separately to prove your consent for receiving advertising content, following legal requirements (Art. 6 Abs. 1 lit. a DSGVO). In this respect, the time of registration, confirmation, and your Internet protocol address (IP address) are stored. We use this data exclusively to send you the requested information and do not pass it on to third parties. Further data is only collected on a voluntary basis. You can withdraw your consent for the storing of data, the e-mail address, and the receiving of e-mails and newsletters at any time, either by sending an e-mail to firstname.lastname@example.org or via the "unsubscribe" link present in all Presize e-mails. Once unsubscribed, the data you have provided us to receive the newsletter is deleted as is your e-mail from our recipient list. Data stored by us for other purposes remains unaffected, as does the legality of the data processing operations already carried out.
We use the services of Mailgun via an API to ensure the secure sending and verified delivery of automated e-mail confirmations and e-mail notifications. The provider of this service is Mailgun Technologies Inc, 535 Mission St, San Francisco, CA 94105, USA. We have concluded data processing agreement with Mailgun.
We might process your personal data insofar as it is necessary for the fulfillment of a legal obligation to which our company is subject (e.g. accounting, commercial and tax law), court orders or other binding decisions of public authorities (Art. 6 (1) lit. (c) GDPR).
If necessary, we process your personal data to satisfy our legitimate interests (Art. 6 (1) lit. (f) GDPR), including the following:
· participation in conferences and events, business cards, etc., in case we see interesting business opportunities and you have provided us with such information,
· to complete a corporate transaction (e.g., corporate restructuring, sale or assignment of assets, merger),
to protect, enforce and defend our rights, property and interests.
2. Data transfers
We may share personal information with third parties.
2.1 Reporting obligations
In order to protect our rights or the rights of third parties, we may disclose data to rights holders, consultants, courts and authorities in accordance with legal provisions.
We do not share your body measurements, any size recommendations, the Size-ID or even the video with any Vendor. Instead, the integration of our solution ensures that the size recommendations are shown only to you in your browser and you are free to choose another size.
2.3 Service providers (processors)
For example, we use Mixpanel, Inc., USA, to analyse your visits, as described in section 1.3 above. Mixpanel stores data in the EU.
2.4 Transfer to recipients outside the EEA
We might transfer personal data to recipients located outside the European Economic Area (EEA) into so-called third countries. In such cases, prior to the transfer, we ensure that either the data recipient provides an appropriate level of data protection (e.g. due to a decision of adequacy by the European Commission for the respective country (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), due to an agreement based on so-called EU model clauses with the recipient (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=en) or, in case we transfer data to a Vendor (section 1.2 above) which is located outside the EEA, the transfer outside the EEA is permitted because necessary for the implementation of pre-contractual measures taken (Art. 49 (1) lit. (b) GDPR).
3. Retention of personal data
We will store your personal data as long as it is necessary for the respective purposes, which is usually to provide the services you have requested. In some cases, we are obliged to store your data for longer in order to comply with statutory retention periods.
If we process data on the basis of legitimate interests (Art. 6 (1) lit. (f) GDPR), these will be stored until you object to the processing or until your legitimate interests prevail.
We have specified retention periods for certain processing purposes.
4. Your rights
4.1 General rights
You can request information about your stored personal data. If you have provided personal data based on a contract or consent, you have the right to receive this data in a commonly used and machine-readable format.
In addition, you can also request the deletion, rectification or restriction of the processing of your data in certain cases.
You can withdraw your consent at any time with future effect.
If your personal data are transferred to a country outside the EU that does not offer adequate protection, you can request a copy of the contract or other means that ensure adequate protection of personal data.
You also have a general right to complain to us or a supervisory authority in particular in the member state of your residence, place of work or place of suspected infringement about our data processing. The supervisory authority responsible for Presize is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
4.2 Right to object
To the extent we base the processing of your personal data on our legitimate interests (Art. 6 (1) lit. (f) GDPR), you may object to such processing at any time. In this case, we will not process such personal data any longer, unless our interests prevail. You can object to the use of data for direct marketing purposes at any time without a weighing of interests.
4.3 Contacting us or our data protection officer
In order to exercise the aforementioned rights, please contact us directly in writing or via e-mail or contact our data protection officer under email@example.com.