Data protection policy for customers and prospective customers
(Last updated: 1st of July 2019)
Part 1: Data protection information regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection seriously: the following aims to provide you with information on how we process your data, and what rights and claims you have in accordance with the data protection regulations. Valid as from 25 May 2018.
The data protection information set out below covers all activities relevant to data protection which are carried out by all members of the Jack Wolfskin Group, as well as services provided for external companies, see companies listed under 1. Personal data is processed by the companies listed under 1 in line with the same principles and methods, meaning that a uniform data protection policy applies.
1. Contact information and controller responsible for data processing
Controller responsible with regard to data protection law
Jack Wolfskin Ausrüstung für Draussen GmbH & Co. KGaA
Jack Wolfskin Kreisel 1
Tel. +49 (0)6126 954 0
Fax: +49 (0)6126 954 159
Jack Wolfskin Retail GmbH
Jack Wolfskin Kreisel 1
Tel. +49 (0)6126 954 0
Fax: +49 (0)6126 954 159
Jack Wolfskin UK LTD
Suite 1, 3rd Floor
11-12 St. James Square
Contact information of our Data Protection Officer:
Jack Wolfskin Ausrüstung für Draussen GmbH & Co. KGaA
Data Protection Officer
Jack Wolfskin Kreisel 1
1. Contact information and controller responsible for data processing
We process personal data in accordance with the provisions governing the General Data Protection Regulation (GDPR), the Federal Data Protection Act of Germany (BDSG) and other applicable data protection regulations (see below). The specific data that is actually processed, and how this is done, is mainly geared to the services which have been agreed to or applied for. Further details or additional information in relation to the processing of personal data can be obtained from the respective contracts, forms, declaration of consent and/or other information which has been made available (e.g. as part of using our website or our terms and conditions of business). Furthermore, this information on data protection may be updated from time to time and can be referred to by visiting our website https://www.jack-wolfskin.co.uk/data-protection.
2. Purposes and the legal basis on which we process your data
Processing personal data is done for the purpose of performing our contract(s) with you and carrying out your orders, as well as to undertake measures and activities which form part of pre-contractual relations, e.g. with prospective customers. In particular, processing information enables us to deliver our products and related services in accordance with your orders and wishes whilst at the same time providing appropriate services, measures and activities. This includes first and foremost the following: corresponding with you regarding details of the proof of transactions, orders and other agreements, as well as quality assurance by means of corresponding documentation, proceedings as a gesture of goodwill, measures for managing and optimising business processes as well as fulfilling general duty to take care, managing and controlling affiliated companies (e.g. parent company); statistic evaluations concerning corporate management, recording costs and financial control, reporting, internal and external communication, crisis management, settlement of accounts and tax assessments of company services, risk management, assertion of legal claims and defence regarding legal proceedings; guaranteeing IT security (incl. system or plausibility tests) and general security, of which security for premises and plants, ensuring and awareness of householder’s rights (e.g. by means of entry checks); guaranteeing integrity, authenticity and availability of data, prevention and investigation of offences; checks by supervisory boards or monitoring bodies (e.g. audits).
2.2 Purposes of legitimate interests by ourselves or third parties (Art. 6 Para. 1 f GDPR)
In addition to fulfilling the actual contract (or pre-contract), we also process your data in cases where it is necessary in order to protect our legitimate interests, and those of third parties, particularly for the following purposes:
- In addition to fulfilling the actual contract (or pre-contract), we also process your data in cases where it is necessary in order to protect our legitimate interests, and those of third parties, particularly for the following purposes:
- For advertising, market research and opinion polls, insofar as you have not expressed objection to your data being used;
- For obtaining information and exchanging data with credit agencies, insofar as this exceeds our commercial risk;
- For checking and optimising processes for needs analysis;
- For further developing services and products as well as existing systems and processes;
- For disclosure of personal data as part of due diligence in the context of company sales negotiations;
- For comparing with European and international antiterror lists, going beyond legal requirements;
- For enhancing our data, including for use or research of publicly available data;
- For statistical evaluations or market analysis;
- For benchmarking;
- For enforcing legal requirements and defence in legal disputes which cannot be attributed directly to the contractual relationship;
- For limited storage of data when deleting it is not possible due to the special nature of storing it, or is only possible with unreasonable effort;
- For development of scoring systems or automated decision-making processes;
- For preventing and investigating crimes, where this is not solely for the fulfilment of legal requirements;
- For fraud prevention;
- For security of buildings and facilities (e.g. via access control and video surveillance), where this exceeds general due diligence obligations;
- For internal and external investigations, security checks;
- For listening in on or recording telephone conversations for quality control or training purposes;
- For obtaining or maintaining certification of a private or official regulatory nature;
- For guaranteeing and recognising domiciliary rights using appropriate measures and video surveillance to protect our customers and employees, as well as to secure proof in the case of crime, as well as preventing it.
2.3 Purposes where you have given your consent (Art. 6 Para. 1 a GDPR)
Processing your personal data for specific purposes (e.g. using your email address for marketing purposes) is possible once you have given your consent. You are normally able to revoke this at any time. This also applies to revoking declarations of consent which you confirmed to us prior to the GDPR coming into effect on 25 May 2018. We will let you know about the consequences of revoking consent or not giving consent in a separate text concerning consent.
Revoking consent generally applies to the future. Any processing that was conducted prior to revoking consent is not affected by the regulation and remains lawful.
2.4 Purposes regarding fulfilment of legal obligations (Art. 6 Para. 1 c GDPR) or which are carried out in the public interest (Art. 6 Abs. 1 e GDPR)
Like everyone involved in business, we, too, are subject to a whole host of legal obligations. These are, first and foremost, legal requirements (e.g. trade and tax laws), but also, where applicable, regulatory and official obligations (e.g. court verdicts). For purposes of processing, this involves, where applicable, checking identity and age, prevention of fraud and money laundering, preventing, fighting and investigating the finance of terrorism and offences where assets are in danger, comparisons with European and international anti-terror lists, complying with monitoring and reporting of fiscal obligations, as well as archiving data for data protection purposes and data security, plus checks by tax authorities and other authorities. Furthermore, the disclosure of personal data can be required during the course of official/judicial measures for purposes of taking of evidence, persecution or enforcement of claims according to civil law.
3. The data categories processed by us insofar as we did not receive them directly from you, and their origin
Where this is necessary for rendering our services, we process personal data received permissibly from other companies or other third parties (e.g. credit agencies, directory publishers). Further, we process personal data taken permissibly from publicly accessible sources (e.g. telephone directories, commercial registers and register of associations, register of residents, records of debtors, land registers, press, internet and other media) or otherwise received or purchased and which we have permission to process.
Relevant personal data categories may include, in particular:
- Personal data (name, date of birth, place of birth, gender, nationality, marital status, profession/industry and comparable data)
- Contact data (address, e-mail address, telephone number and comparable data)
- Address data (registration data and comparable data)
- Payment/cover confirmation for bank and credit cards
- Information on your financial situation (credit-rating data, including score, i.e. data regarding assessment of the financial risk)
- Customer history, order history, including clothes size
- Data on your use of telemedia provided by ourselves (e.g. time when you opened our website, apps or newsletters, IP address, our pages/links that you clicked on or entries and comparable data)
- Image and video data
4. Recipients or categories of recipients of your data
Internal controllers or organisational units within the companies belonging to the Jack Wolfskin Group (referred to in section 1) receive your data, which they require in order to fulfil our contractual and legal obligations, or as part of processing and implementing our justified interest. Your data is only passed on to external sites,
- in conjunction with handling the contract;
- to Jack Wolfskin Store operators, in connection with promotions initiated by Jack Wolfskin Stores;
- to Jack Wolfskin store operators, in connection with your application for a customer account or a Jack Wolfskin loyalty programme as well as your purchase from a participating Jack Wolfskin Store or the official Jack Wolfskin Online Shop insofar as you have a customer account or are participating in a Jack Wolfskin loyalty programme;
- for the purpose of fulfilling legal obligations where we are required to provide information, notify or pass on data, or where passing on data is in the public interest (see 2.4);
- where external service providers process data on our behalf as a commissioned processing company or a company that undertakes functions (e.g. exter-nal data processing centres, support/maintenance of EDP/IT applications, archiving, document pro-cessing, call centre services, compliance services, financial control, data screening for anti-money laundering purposes, checking data validation and plausibility, data destruction, purchas-ing/procurement, customer management, letter-shops, marketing, media engineering, research, risk control, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logis-tics);
- as a result of our justified interest or that of a third party in the context of the purposes listed under 2.2 (e.g. authorities, credit agencies, debt-collecting agency, solicitors, courts, experts, affiliated companies and committees and regulatory boards);
- if you have given us consent to pass onto third parties.
We will not pass on your data to any third parties. Where we commission service providers as part of processing an order, your data is subject to the same security standards there as it is when stored with us. In all other cases, the recipients of data may only use this data for the purposes for which it has been transferred.
5. Length of time that your data may be stored
We will process and store your data for the duration of our business. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various legal obligations in terms of retention and documenting, which stem from, e.g. the German Commercial Code (HGB) and the tax code (AO). The deadlines given in the respective tax code for storing and documenting data are up to ten years beyond the end of the business or legal relationship.
Further, special legal provisions require a longer retention term such as, e.g. retaining means of evidence as part of the legal provisions governing statute of limitations. In accordance with Sections 195 et seq. of the German Civil Code (BGB), the normal statute of limitations is three years; however, statutes of limitations of up to 30 years can also be applied.
If data is no longer required for fulfilling contractual or legal obligations and rights, this shall be deleted on a regular basis, unless the further processing of this data - limited in terms of time - is required in order to meet the purposes of a prominent justified interest listed under 2.2. Such a prevailing justified interest is the case if, for example, deleting is not possible or is only possible as a result of a disproportionate amount of effort due to the special nature of storing the data, and processing for other purposes by means of technical and organisational measures has been ruled out.
6. Processing your data in a third country or through an international organisation
Transferring data to sites in states outside of the European Union (EU) or the European Economic Area (EEA) (so-called third countries) occurs if it should become necessary in order to execute an order/contract from or with you, if it is legally prescribed (e.g. duty to report according to tax law), if there is a justified interest by ourselves or on the part of a third party, or if you have given your consent.
Here, the processing of your data in a third country may also occur in conjunction with engaging with service providers in the context of processing orders. Insofar as the EU Commission has not agreed a resolution with the country in question regarding a reasonable level of data security, we guarantee that corresponding contracts exist in line with data protection requirements of the EU, meaning that your rights and liberties are protected and guaranteed to a reasonable extent. Detailed information is available upon request.Information on suitable or appropriate guarantees and regarding the possibility to get a copy from them, can be requested from the company data protection officer.
7. Your data protection rights
You can assert your data protection rights against us under certain circumstances
- Indeed, you are entitled to obtain information from us concerning data stored with us according to provisions governing Art. 15 GDPR (including restrictions, where applicable, in accordance with Section 34 of the Federal Data Protection Act).
- We will rectify data stored about you in line with Art. 16 GDPR if the data is irrelevant or inaccurate.
- If you so wish, we will erase your data in accordance with the principles governing Art. 17 GDPR in-sofar as other legal regulations (e.g. legal retention requirements or restrictions as per Section 35 of the Federal Data Protection Act) or a prevailing interest on our part (e.g. defending our rights and claims) do not stand in the way.
- Taking into consideration the prerequisites set out in Art. 18 GDPR, you may request that we restrict the processing of your data.
- Furthermore, you may lodge an objection to your data being processed in line with Art. 21 GDPR, resulting in us having to stop the processing of your data. Nevertheless, this right to object shall only apply on grounds relating to your particular personal situation, whereby the rights of our company may come into conflict with your right to objection.
- You also have the right to receive your data in a structured, commonly used and machine-readable format in line with the provisions governing Art. 20 GDPR, or to have the data transmitted to a third party.
- Furthermore, you have the right to revoke any consent already given concerning the processing of personal data with future effect (see 2.3).
- Further, you have the right to lodge a complaint with a data supervisory authority (Art. 77 GDPR). Nevertheless, we would recommend always sending a complaint to our data protection officer in the first instance.
Your application concerning the exertion of your rights should, wherever possible, be in writing and sent to the address above, or directly to our data protection officer.
8. Extent of your obligations to make your personal data available to us
You are only required to make data available which is needed in order to start and carry out a business relationship or regarding a pre-contractual relationship with us, or data which is necessary in line with legal provisions. We will not normally be in a position to conclude or carry out a contract without this information. This may refer to data subsequently required as part of the business relationship. Where we have requested data from you beyond the above, we will point out separately that these details are given on a voluntary basis.
9. Existence of an automated decision on a case-by-case basis (including profiling)
We do not use a purely automated individual decision-making process in line with the provisions governing Article 22 GDPR. Insofar as we introduce this type of process on a case-by-case basis in the future, we will let you know about it separately if this is legally prescribed.
Under certain circumstances, we sometimes process your personal data with the aim of evaluating specific personal aspects (profiling). In order to provide tailored information and advice about our products, we also apply evaluation tools where necessary. This results in a range of products, communication and advertising which is more tailored to your needs, including market research and opinion surveys.
These types of procedures can also be used to assess your credit rating and creditworthiness, and for the purposes of fighting against money laundering and fraud. So-called "score values" are used to assess your creditworthiness and credit rating. Scoring employs a mathematical process which calculates the probability of a customer being able to keep up with payment obligations as set out in the contract. Consequently, these scores help us to assess creditworthiness and take decisions on contracts, and are incorporated in our risk management. The calculation is based on a recognised, tried-and-tested mathematical and statistical process and weighs up your data, especially income, expenditure, and current liabilities, job, employer, term of employment, experiences resulting from previous business relations, repayment of previous loans in line with the contract terms as well as information obtained from credit agencies.
Details concerning nationality as well as special categories of personal data are not processed in this respect as per Art. 9 GDPR.
Our data protection statement, as well as information on how we process our data in accordance with Articles (Art.) 13, 14 and 21 GDPR may change from time to time. Any amendments will be published on this page. Older versions are available in our archive for you to consult
Data protection information last updated: 15.05.2018
Part 2: data protection statement for our website
This website and all internet-based services and applications (hereafter "website") are the responsibility of JACK WOLFSKIN Retail GmbH, a limited company with registered offices at Jack-Wolfskin-Kreisel 1, 65510 Idstein/Ts, and established according to German law and registered in the Commercial Register of the local court of Wiesbaden under HRB 24710. (Hereinafter "we", "us", or "JACK WOLFSKIN").
Your privacy is important to us at Jack Wolfskin and we strictly comply with the regulations set by the German Data Protection Act, as well as relevant international data protection regulations.
The following data protection statement gives you an overview of the ways in which we use your personal data and the ways we protect it when you use our website.
1. Collection, processing and use of personal data
In some cases you will be asked to provide your data directly to us, for example when, filling out a form.
In this case, we will use and process your data, e.g. name and email address. Any personal details provided as a result of using our website are processed in the manner described in our data protection statement.
We use technology to optimise and improve the online experience of our website. For this reason, your data is sometimes recorded by us or by one of our partners through the interaction between your computer and our website. Such information could include (but is not limited to):
- The IP address of your device (e.g. IP address of your computer, tablet etc.)
- Information about your use of the website (e.g. time and date of your visit, referral URLs or page views);
- Information about your device (e.g. type and version of your internet browser and version of your operating system).
When this data is used, anonymised user profiles may be generated. Cookies may also be used for this purpose.Cookies are small text files which are saved locally by your internet browser when you visit our website.
These cookies allow your internet browser to be recognised by our website when you visit our website again and data is required where this has not been expressly authorised by you as the user, data collected by the aforementioned technologies cannot be used to personally identify the visitor to the website and will not be combined with personal information about the anonymised users.
The vast majority of cookies are so-called session cookies, which are automatically deleted when the website is closed.If you do not wish for the cookies used on our website to be stored on your computer, then you may need to change your browser settings to either block cookies in general or to accept or reject them on a case-by-case basis. Please note that blocking cookies may affect the functionality of the website and that this setting must be managed on each device used (e.g. computer and tablet) and browsers, i.e. on the respective device/ browser.
The cookies used on our website have been grouped into the following categories. You have the option at any time to choose which of the cookie categories you wish to activate and which you want to deactivate via the cookies setting.
Cookies are used in order to use the basic functions of our website, such as playing videos. Our website is unable to function without the use of these cookies. Consequently, these settings cannot be disabled if you wish to use our site.
2.2.1 Google analytics
If IP anonymisation has been activated for the website, only a shortened version of IP addresses from Member States of the European Union or the European Economic Area is transmitted to Google in the USA. Only in specific cases will the complete IP address be transferred to the Google server in the USA and shortened there.
On behalf of those responsible for this website, Google uses the information to analyse your use of our website, create reports about the use of the website for the website owners and to carry out other services connected to the use of the internet and this website. The IP address generated by your internet browser, which is an integral element of Google Analytics, is not mixed with other data held by Google.
You can prevent cookies being saved by changing the relevant settings in your internet browser. Please note, however, that the full use of our website may be limited in this case. You can also prevent data generated by the use of website cookies (including your IP address) being collected and processed by Google by downloading and installing the browser plug-in below. You can find the link here:
As an alternative to the browser add-on or within browsers on mobile devices, click this link to prevent the collection of data by Google Analytics on this website in future (the opt-out only works in the browser and for this domain). This saves an opt-out cookie to your device. If you delete the cookies in your browser you will need to click this link again:
2.2.2 Google ReCaptcha
We integrate this function in order to recognise bots, e.g. when entering information into our online forms ("ReCaptcha") provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
You can opt out using the following link:
3. Data storage
We will only store data received and collected in the Member States of the European Union. We will take all reasonable technical and organisational precautions to protect your data from unauthorised use or unlawful publishing, deletion, loss or unlawful changes.