Welcome to our OSOND online shop! We appreciate your interest in our company. The protection of your personal data is important to us. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation acts that apply to our company.
Our data protection notice explains what personal data we gather from you via our website, what we use this for, when we delete this and how your data is protected as best as possible by means of security measures. In addition, we disclose the respective legal framework that authorises us to process data accordingly. Furthermore, you will be informed of your statutory rights in connection with the processing of your data. In order to provide you with the best possible transparency in connection with our processing of data, you will first find generally valid information concerning the processing of personal data and then detailed information concerning the following topics:
- Tracking measures and the setting of cookies
- Data processing in the newsletter
- Purchasing in the online shop
- Payment systems/fraud prevention
- Web shop protection against attacks (Cloudflare)
Personal data are any information that enables the identification of a natural person. This includes, in particular, names, birthdays, addresses, telephone numbers, e-mail addresses but also your IP address. Anonymous data exist if no personal relationship can be established to the user.
The responsible party within the meaning of data protection legislation is:
Charnequinha do Sossego,
Data collection/personal data
We collect personal data in accordance with the legal requirements. All personal data that we collect from you via the website will only be processed for the purposes described in greater detail below. This collection takes place within the framework of the legal provisions already named, more specifically, only with your consent.
Article 6 EU GDPR in particular specifies when data processing is allowed. OSOND collects data if:
- Processing is necessary for the performance of a contract/prior to entering into a contract (Article 6(1) lit. b EU GDPR)
- Processing is necessary for compliance with a legal obligation (Article 6(1) lit. c EU GDPR)
- Processing is necessary for the purposes of the legitimate interests of our company except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1) lit f. EU GDPR). In particular, we view an overriding, legitimate interest in data processing in the following cases:
- Fraud prevention and reduction of payment default
In order to minimise the risk of default, a credit check is conducted within the order process. This check determines which payment options are displayed. All transferred orders which indicate fraud are checked downstream by an employee and relevant measures for preventing fraud are initiated – you can find further information in the “Payment systems/fraud prevention” rubric.
- Protecting the security of our systems/investigating errors
For technical security reasons, particularly to protect against hacking attempts on our web server, data will be saved pursuant to Article 6(1) lit. f EU GDPR. No connection is established to individual users. In particular, we collect the following data: The web browser and operating system that are used/name of the internet service provider/information about the website you are visiting us from/information about the website/that you retrieve on our site, the date and time of your visit/the name of requested files/whether a file was transferred/the amount of data that is transferred/the IP address assigned by your internet service provider. Of course, personal data that is collected will be kept confidential.
- Fraud prevention and reduction of payment default
Storage period and criteria for determining this period
OSOND processes and saves your personal data only for the period required to achieve the particular processing purpose, or if there is a legal retention period (in particular for commercial or taxation purposes). Once this purpose has been achieved or the retention requirement has expired, the respective data will be routinely erased.
In certain cases it is necessary to transfer processed personal data in the course of data processing. In this respect, there are various recipient sites and recipient categories.
Where necessary, we will transfer your personal data within the OSOND. Of course, we comply with the legal framework associated with this process and ensure that your data is lawfully processed. Your personal data are accessible only by authorised employees who require data access because of their responsibilities, e.g. to fulfil your order or to contact you in case of an enquiry.
Personal data will be transferred to the following categories of recipients while respecting the legal requirements:
- Service providers within the framework of fulfilment
- Delivery services, distributors, payment services
- Companies that conduct credit checks
- Companies that provide marketing services
- Service providers that are part of communication systems
- Government authorities and institutions to the extent that this is necessary or required
Safe transfer of your data
We employ the proper technical and organisational security measures to protect data that we save as best as possible from random or intentional manipulation, loss, destruction or access by unauthorised parties. The security level is constantly being monitored together with security experts and adjusted to new security standards.
It goes without saying that the security of your data is also important to us when transferred within OSOND – secure transfer procedures are selected accordingly: data is generally transferred via a transfer encoded connection. Here we apply state of the art protocols such as TLS 1.2 with PFS. Therefore only encoded data is exchanged from and to our website. We offer HTTPS as the transfer protocol for our website, always using the current encryption protocols.
Rights of the data subject
We are happy to inform you in the following of the rights that may be available to you free of charge as an affected party.
- Access: We are happy to inform you about whether, and if so, which personal data of yours we have and are processing.
- Rectification: If we are storing erroneous personal data, then of course we will be happy to correct them.
- Restriction: You can have the processing of your personal data restricted under certain legal conditions. This is possible, for example, if you contest the accuracy of the data we have.
- Erasure: We are happy to delete your personal data following a request by you, regardless of our deletion management, provided that this is legally possible for us.
- Objection: You can object to the data processing procedures we use to process your personal data, which we base on balancing the interests of all parties, by indicating the specific grounds for objection.
- Withdrawal: Of course, if you have given us consent to process data, you can also withdraw such consent with future effect without indicating the reason.
- Data portability: We are happy to make personal data concerning you which we have received as part of concluding a contract or through consent and based on an automated data processing procedure available to you or a third party named by you in a commonly-used, machine-readable format.
You can exercise your rights as a data subject at any time using the contact options provided or consult with us regarding data protection. You can contact our data protection organisation via the following email address: [email protected]
Right to lodge a complaint with a supervisory authority
Of course, you have the freedom to contact the proper supervisory authority for you at any time. Alternatively, our supervisory authority is also available to you. This is:
Comissão National de Proteção de Dados
Av. D. Carlos I, 134-1°
You can contact our data protection organisation at any time via the following email address: [email protected]
Links to other providers
Our website also contains clearly recognisable links to the websites of other companies. If and when there are links to the websites of other providers, we have no influence on the contents. For this reason we cannot assume any warranty or liability for this content. The respective provider or operator of these websites are always responsible for the content of these websites. The linked websites were evaluated for possible statutory violations and recognisable violations of the law at the time of linking. We did not identify illegal content at the time of linking. It is not possible, however, to constantly control the content of linked websites without specific evidence that the law has been broken. Should violations become known, these links shall be removed immediately.
General information concerning the function of cookies
Session and technical cookies
Session cookies identify the user during his session on the website and allow his interaction with the same. They are deleted from the system once the session is finished, i.e. once the browser is closed, being therefore of a temporary nature.
Technical cookies are for internal use, essential for the basic operation of our site, such as those that allow access to the site as a user and permanence as such in the same. These cookies make e.g. the checkout process or setting the site language possible. The uninstallation of these cookies prevents the proper functioning of some features and services offered by our site.
Of course, you can also disable, restrict or even delete cookies manually on your terminal device via the settings in your browser or with the aid of software. Please note: if you disable cookies, then you may not be able to use all functions completely.
Data processing in the newsletter (Article 6(1) lit. a EU GDPR)
You can sign up to receive our free newsletter on our website. If you have agreed to receiving the OSOND Newsletter, we will use your e-mail address to send information (personalised where possible) about products, campaigns, competitions and news from the fashion industry as well as surveys on general customer satisfaction. We store and process this data for the purpose of sending the newsletter.
Multi device user profile for personal and individual communication and product recommendations
Furthermore, if you have consented to receiving a newsletter tailored to your individual interests, then in addition to processing your e-mail address, we will also process your name and profile information for the purpose of sending the newsletter. With your consent, we will record your user behaviour on this website, our mobile fashion apps and newsletters from us.
The processing takes place pursuant to Article 6(1) lit. a EU GDPR and you can exercise your rights as a data subject at any time. If you have any questions, please contact us at [email protected]. You can withdraw your consent regarding receipt of the newsletters or the creation of personalised use profiles at any time with future effect by unsubscribing from the newsletter: there is the link for unsubscribing at the end of every newsletter.
Making purchases in the online shop (Article 6(1) lit. b EU GDPR)
You do not need to create a customer account in our shop if you decide to order from our online shop as a guest. If you order again, you will need to provide your data once again to process the order.
Payment systems (Article 6(1) lit. b and f EU GDPR)
You can select from different payment methods in our online shop. To that end, the respective data relevant to payment are collected so that your order and payment can be processed. In addition, your IP address will be processed out of technical necessity and as a legal safeguard.
Certain personal data are required in order to fulfil the contract, see mandatory fields. Unfortunately, without these data, we must refuse to enter into this contract, as we will not be able to perform it. The data will be transferred accordingly to our payment service provider to be processed.
Our payment system uses SSL encryption so that your data are protected when transferred.
Note concerning credit card payments: if you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass the information provided during the ordering process (name, address, account number, bank code, credit card number (if applicable), invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. You can find more information about Stripe’s data protection at the URL https://stripe.com/de/privacy#translation.
Note concerning PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg. If the data subject selects “PayPal” as a payment option when ordering, then data of the data subject will automatically be transferred to PayPal. By selecting this payment option, the data subject consents to the required transferring of personal data to process the payment. The personal data that will be transferred to PayPal generally includes first name, surname, address, e-mail address, IP address, telephone number, mobile number or other data that are necessary for processing the payment. Personal data necessary for concluding the sales contract also include data related to the respective order. You can access details concerning PayPal’s data protection at the URL https://www.paypal.com/de/webapps/mpp/ua/privacy-prev.
Web shop protection against attacks (Cloudflare)
This page uses SSL encoding for security reasons and to protect the transfer of confidential content such as the requests that you send to us as a website operator. You can recognise an encrypted connection when the address bar in your browser changes from “http://” to “https://”and by the padlock icon in your browser. When the SSL encryption is activated, the data you send us cannot be read by third parties. We use the service from Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA so that we can offer you secure data transfer using SSL encryption on our website, protect ourselves against attacks and optimise our loading times. Cloudflare is a certified participant in the EU-US Privacy Shield Frameworks. Cloudflare has undertaken to handle all personal data from all European Union (EU) member states pursuant to the Privacy Shield framework according to these valid principles. You can find more information about the Privacy Shield Framework on the Privacy Shield List by the US Department of Commerce at https://www.privacyshield.gov. Cloudflare collects statistical data about your visit to this website. The following is included in the access data: Name of the accessed website, file, date and time of access, data volume transferred, confirmation of successful retrieval of data, browser type and version, user’s operating system, referrer URL (webpage that sent user to the site), IP address and the requesting provider. Cloudflare uses protocol data for statistical evaluation for operating, security and offer optimisation purposes. Please also read the data protection provisions of Cloudflare, which can be accessed here: https://www.cloudflare.com/privacypolicy/
We base our activities on our legitimate interest in accordance with Article 6(1) lit. f of the EU GDPR. You can exercise your rights as a data subject at any time. If you have any questions, please contact us at [email protected].