- General Information
- Data processing on our website
- Processing of Server Log Files
- Consent Management Tool
- Customer account
- Online Shop
- Email about availability (‘Back in Stock/Coming Soon’)
- Analysis and reach measurement
- Online Marketing Services
- Services and third-party content
- Data processing on our Social Media
- Closed warehouse sale
- Further data processing (online and offline)
1. General Information
If you have any questions or feedback concerning this information or wish to contact
us to exercise your rights, please send your enquiry to
Closed Direct GmbH
Straßenbahnring 6, 20251 Hamburg
+49 40 44 18 40 0
In order to exercise your rights and for questions please reach out to us via the following channels:
E-Mail to: firstname.lastname@example.org
Closed Direct GmbH
Phone: 00800 999 888 11
(free of charge from all networks, Mo – Fr 9.00h – 18.00h)
1.2 Legal Basis
The legal term ‘personal data’ refers to all information relating to an identified or identifiable human. We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We solely process data with legal permission. We process personal data solely with your consent (Art. 6 section 1 letter a) GDPR), to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 section 1 letter b) GDPR), to comply with a legal obligation (Art. 6 section 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 section 1 letter f) GDPR). If you apply for an open position in our company, we will, additionally, process your personal data to decide on whether to hire you (section 26 para. 1 sentence 1 BDSG).
1.3 Period of Storage
Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law. From the end of the calendar year in which the data was collected, we will retain personal data contained in our accounting data for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in order to document consent, as well as data relating to complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
1.4 Categories of Recipients
For certain processing activities, we rely on processors. These processing activities include,
for example, hosting, maintenance and support of IT systems, customer and order management, order
processing and fulfilment, accounting, marketing measures or file and data carrier destruction. A
processor is a natural or legal person, public authority, agency or other body which processes personal
data on behalf of the controller. Processors only process data on explicit instruction and are contractually
obliged to implement appropriate technical and organizational measures ensuring data protection.
Apart from that, we may transfer your data to third controllers such as postal and delivery services, payment services, our bank, tax consultants/auditors or the fiscal authority if necessary. If applicable, further recipients are mentioned below.
1.5 Data transfer to third countries
Our data processing activities may involve the transfer of certain personal data to third countries, i.e.
countries in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined
that the third country ensures an adequate level of data protection. In absence of such an adequacy decision
by the European Commission, the personal transfer may only be transferred to a third country if appropriate
safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is
Unless an adequacy decision is in place and specified otherwise below, we use the EU standard contractual clauses as appropriate safeguards for transfers of personal data to third countries. You have the possibility to receive a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact. Insofar you consent to the transfer of personal data to third countries, the transfer is legally based on Art. 49 para. 1 letter a) GDPR.
1.6 Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. Data stored for the purpose of granting you your right of access and for the preparation thereof will only be processed for this purpose and for the purpose of data protection audits. Any further processing is restricted in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 para. 1 letter c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
1.7 Your rights
As the data subject, you are entitled to assert your rights against us. In particular,
you have the following rights:
- Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
- Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
- Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
- Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
- Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 para. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
- If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
1.8 Right to object
Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.
1.9 Data protection officer
You can contact our data protection officer via the following address:
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
2. Data processing on our website
During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is generally considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.
2.1 Processing of Server Log Files
In the case of purely informative use of our website, general information is collected automatically (i.e. not via registration), which your browser transmits to our server. This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request, HTTP status code and firewall logfiles. The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 para. 1 letter f) GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after 30 days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.
are stored by your browser when you visit a website. This makes the browser identifiable so it can be
You can delete cookies at any time in the security settings of your browser. You can object to the use of
cookies in your browser settings in general or for particular cases.
2.3 Consent Management Tool
This website uses a consent management banner for the management of cookies and similar technologies.
The consent banner enables users of our website to consent to individual processing activities or to revoke
consent. By confirming the ‘Accept all’ button or by saving individual cookie settings, you consent to the use
of the respective cookies. The legal basis under data protection law is your consent within the meaning of Art.
6 para. 1 letter a) GDPR.
In addition, the banner helps us to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. Processing this data is necessary to document your consent. The legal basis results from our legal obligation to document consent (Art. 6 para. 1 letter c) in conjunction with Art. 7 para. 1 GDPR.)
2.4 Customer account
We offer you the possibility to create a customer account for the Closed Online Shop on our website.
Here you can store personal information for orders in the Closed Online Shop in order to be able to
order even more conveniently and quickly in the future. At the same time, your personal customer account
contains service information for you, such as access to your purchase history.
When you register for a customer account, we set up password-protected access to your personal master data (in particular title, name, address, date of birth, telephone number, email address) and order data (e.g. goods, payment data, shipping service provider).
We process the personal data provided by you to manage and maintain the customer account until it is deleted by you. Please note that the deletion only deletes the customer account and the information associated with it and does not affect your orders and the personal data stored in relation with orders.
The personal data stored in connection with an order from Closed are processed and stored by us for the purpose of fulfilling the contract concluded with you or for carrying out pre-contractual measures (Art. 6 para. 1 letter b) GDPR).
If you wish to use the Closed Online Shop without a personal customer account, you can also place an order as a guest. For this purpose, the required personal master and order data must be entered in the order form in the Closed Online Shop during the ordering process. The same data is processed as when setting up a personal customer account.
2.5 Online Shop
2.5.1 Data processing for the fulfilment of orders
If you order a product via our website, we process personal data exclusively for the purpose of fulfilling the contract or to be able to provide you with the ordered product. For the booking or ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay in advance by bank transfer. If we offer you a purchase on account, we process the information required for this only for the purpose of fulfilling the contract. The payments are carried out by our fulfilment service provider, who acts on our behalf. Furthermore, we transfer your data required for delivery to one of our shipping service providers as specified in the order. The respective legal basis for the processing is Art. 6 para. 1 letter b) GDPR. All data fields marked as mandatory are required for processing your booking or order. Failure to provide this data will result in us not being able to process your booking or order. The provision of further data is voluntary.
2.5.2 Payment provider PAYONE
On our website, you have the option of making payment via the payment service provider PAYONE
(Lyoner Straße 9, 60528 Frankfurt am Main, Germany). The payment data you provide during the
ordering process will be transferred to PAYONE, insofar as this transfer is necessary to carry
out the payment process. The legal basis for this transmission is Art. 6 para. 1 letter b) GDPR.
PAYONE is the sole controller of the processing of the payment data in the course of the subsequent payment process. You can find more information on data protection at PAYONE here: https://www.payone.com/DE-de/dsgvo
2.5.3 Payment via PayPal
In addition, you may pay via Paypal. Please note that the respective payment details are collected and processed
by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg as sole controller.
Paypal only transfers the address data stored at PayPal to us which we exclusively process for the purpose
of fulfilling the contract. The legal basis is Art. 6 para. 1 letter b) GDPR.
For further information about data protection at Paypal please go to: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5
2.6 Email about availability (‘Back in Stock/Coming Soon’)
On our website, we offer you the subscription of an email-service informing you about the availability of sold-out or not yet available goods. For this purpose, we process your email addresses and send you a message as soon as the product you requested is available for purchase again. If you do not have a customer account with us, you will receive a confirmation email in advance to verify the email address. The legal basis is Art. 6 para. 1 letter b) GDPR, as we store your data solely for sending the notification you have ordered. Your data will be stored until the product is available and then deleted unless you subsequently open a customer account with us. Please note that our notification does not constitute a reservation of the respective products.
2.7.1 Subscribing and unsubscribing
We regularly inform subscribers of the newsletter on news about our services. A valid email address is required to register for the newsletter. In order to verify your email address, you will first receive a registration email in which you may confirm your registration by clicking on a link (double opt in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name based on the consent you have given us. This is based on the Article 6 section 1 letter a) GDPR. You can withdraw the consent you have given at any time with effect for the future, e.g. by clicking on the ‘unsubscribe’-link in the newsletter or by reaching out to us via one email@example.com. Such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal. Furthermore, we collect your IP address, the date and the time of the registration. This is necessary to prove that consent has been given. The legal basis for this arises from our legal obligation to document the consent (Art. 6 section 1 letter c), Art. 7 section 1 GDPR).
Apart from this, we analyse the reading behaviour and open rates regarding our newsletter. For this, we collect and process pseudonymous user data which will not be merged with your email address or your IP address. Legal basis for the analysis of our newsletter is Art. 6 para. 1 letter f) GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time via one of the means of communication mentioned above.
2.7.3 Service Provider
We use the JUNE service by JUNE – Online Marketing Cloud based in Hamburg for the management of subscribers, the dispatch of the newsletter and the analysis. Your email address is therefore transferred from us to JUNE. The processing is carried out on our behalf and is based on the legal basis of Art. 6 para. 1 letter f) GDPR and serves our legitimate interest in optimising and economically sending our newsletter. If you do not want your data to be processed by JUNE, you should not subscribe to or unsubscribe from the newsletter. The newsletter service offers statistical evaluation options of user data. This includes information on whether an email has reached the recipient or whether it was rejected by the server.
2.8 Analysis and reach measurement
This website uses functions of the web analysis service Fathom, a service of Conva Ventures Inc
Fathom only collects your IP address and your browser information (user agent), which is hashed / pseudonymised immediately after collection in such a way that it is no longer possible to assign it to a person. We do not gain access to your personal data at any time. No cookies or other technologies that access your device are used. A transmission of personal data processed in this context to the USA or other third countries is excluded for system-related reasons. Data from European users are exclusively located on servers in Germany. For more information, please visit https://usefathom.com/features/eu-isolation.
The processing of your personal data is based on Art. 6 section 1 letter f GDPR and serves our legitimate interest in analysing our website performance and measuring reach.
2.8.2 Google Analytics
We use Google Analytics by Google Ireland Limited (Google Ireland/EU) on our website.
Google Analytics is a web analysis service, which enables us to collect and analyse data relating to the behaviour of the visitors to our website. Google Analytics allows us to measure interaction data from different devices and from different sessions. This allows us to put individual user actions in context and analyse long-term relationships.
Google Ireland will process this data on our behalf to analyse the interaction with our website by users, to compile reports on the activities on our website and to provide us with further services related to the use of our website and the internet. The processed data can be used to create pseudonymous user profiles.
Setting of cookies and the further processing described above is subject to your consent. Legal basis for processing relating to Google Analytics is, thus, Art. 6 para. 1 letter a) GDPR. You may withdraw your consent with effect for the future at any time.
We only use Google Analytics while IP anonymisation is activated. This means that the user’s IP address will be shortened within the EU or the European Economic Area. The IP address transferred by the browser of the user is not merged with other data. The IP address is shortened on servers in the EU.
2.9 Online Marketing Services
2.9.1 Google Ads and Remarketing
We use the online marketing program Google Ads by Google Ireland Limited (Ireland/EU),
which enables us to advertise via the Google search engine. If you visit our website
via a Google ad, Google sets a cookie on your device (conversion cookie). Every Ads
customer sets a different conversion cookie. Thus, these cookies cannot be traced back
over the websites of different Ads customers. The information collected with the cookie
serve to create conversion statistics. In this way, we learn about the total number of
users which clicked on a Google ad. We do not learn information which could make the
individual user identifiable. Insofar as personal data is processed in the course of this
the legal basis is Art. 6 para. 1 letter a) GDPR.
We also use the Google Analytics advertising features (Remarketing/Signals). This feature, in combination with Google's cross-device features, allows us to better target ads and present users with ads that are relevant to their interests. Remarketing displays ads and products to users that have been identified as being of interest on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalised advertising messages that have been adapted to a user depending on previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another end device of the user (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account. The aggregation of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users' Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.
We use the DoubleClick Floodlight marketing service provided by Google Ireland Limited (Ireland/EU). The service enables us to track and analyse the actions of users who visit our website after they have seen or clicked on one of our advertisements. For this purpose, so-called ‘floodlight tags’ or tracking pixels and cookies are placed on our website. By means of this function, we can determine the efficiency of our online campaigns on our website.
Further information on the use of data for advertising purposes can be found in Google's privacy information at https://www.google.com/policies/technologies/ads
2.9.2 Facebook Pixel
We use the Facebook Pixel, a Meta Business-Tool by Meta Platforms Ireland Limited (Meta Platforms Ireland Ltd./EU) on our website.
Information on contact details of Meta Platforms Ireland Ltd. and the data protection officer of Meta Platforms Ireland Ltd.
are available in the data guideline by Meta Platforms Ireland Ltd. at https://www.facebook.com/about/privacy.
- Information about actions and activities of the visitors of our website, e.g. searching and clicking on a product or buying a product;
- Specific Pixel information like the Pixel ID and the Facebook cookie;
- Information about the buttons clicked by the visitors of our website;
- Information contained in the HTTP-headers such as IP addresses, information about the web browser, the location of the page and the referrer;
- Information on the status of deactivation/restriction of the advertisement tracking.
In part this event data is information which is stored in your device. Apart from this the Facebook
by the Facebook Pixel or access to information already stored on your device is only carried out with
Tracked conversions are shown in the dashboard of our Facebook advertisement manager and of Facebook analytics. We can use the tracked conversions to measure effectivity of our ads, to determine Custom Audiences for the targeting of ads, for dynamic ad campaigns and to analyse the effectivity of conversion funnels on our website. The functions of Facebook Pixels used by us are described in detail in the following.
Processing of event data for marketing purposes: The event data collected by the Facebook Pixel are used for targeting our ads and for optimization of the delivery of our ads, for the personalisation of functions and content as well as for the optimisation and security of Facebook products.
For this, event data is collected on our website by the Facebook Pixel and transferred to Facebook Ireland. This is subject to your consent. Thus, the legal basis for the collection and transfer of the personal data to Facebook Ireland is Art. 6 para. 1 letter a) GDPR.
Facebook and we are joint controllers of the collection and transfer of the event data. We have concluded an agreement with Facebook regarding joint controllership in which the respective responsibilities for the data protection obligations are determined between Facebook and us. Inter alia we have agreed with Facebook
- that we are responsible for providing you with all information in accordance with Art. 13, 14 GDPR about the joint controllership of processing personal data;
- that Facebook Ireland is responsible for safeguarding the rights of the data subject pursuant to Art. 15-20 GDPR in regard to the personal data stored by Facebook after the joint controllership.
The agreement concluded between Facebook and us is available at
Facebook Ireland is the controller of processing of event data after the transfer. Further information on how Facebook Ireland processes your data including the legal basis Facebook Ireland relies on and the opportunity to assert your rights against Facebook Ireland is available in Facebook Ireland’s privacy guideline at https://www.facebook.com/about/privacy.
Processing of event data for analysis purposes: In addition, we have commissioned Facebook Ireland to create reports on the effectivity of our marketing campaigns and other online content (campaign reports) and to provide analysis and insight about the users of our website, products and services (analysis) based on the event data collected by the Facebook Pixel. For this, we transfer the personal data contained in the event data to Facebook Ireland. The personal data transferred to Facebook Ireland is processed by Facebook Ireland on our behalf in order to provide us with campaign reports and analysis.
The processing of personal data for the purpose of providing analysis and campaign reports is subject to your consent. Thus, the legal basis for this is Art. 6 para. 1 letter a) GDPR.
A transfer of data to Facebook Inc. in the USA cannot be ruled out. This transfer is legally based on the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the section ‘Data transfer to third countries’ in this regard.
2.9.3 Meta Conversion API
We use the service Conversions API of Meta Platforms Ireland Limited (Ireland, EU) to measure and evaluate activities that visitors perform on our website.
For this purpose, a connection from our servers to the servers of Meta Platforms Ireland Limited (Meta) is established via the Conversions API in order to transmit certain marketing data from our systems to Meta. This enables us to display ads in the systems of Meta Platforms Ireland Limited such as the Facebook platform in a more targeted manner and to measure the success of our ads and advertising campaigns. The marketing data transmitted from our systems for this purpose may be customer information (e.g., the email address, name, IP address or other online IDs) information about actions and activities on our website and information about actions taken offline (e.g., purchases in our store or telephone orders). In the process, certain customer information is hashed and thus pseudonymized before transmission.
The described processing of your data is based on Art. 6 para. 1 letter a) GDPR and is based on your consent.
We have implemented the affiliate service of the provider Epsilon (Epsilon International, 1st Floor, 2 Television Centre, 101 Wood Lane, London W12 7FR, United Kingdom) on our website in order to control our recommendation programmes. Cookies and similar technologies are used for this purpose, which are only set with your consent in accordance with Art. 6 para. 1 letter a) GDPR. Further information on data processing by Epsilon can be found here: https://legal.epsilon.com/eu/privacy-policy-services
2.9.5 Microsoft Advertising
The information is also used to create conversion statistics, i.e. to record how many users have reached one of our websites after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that can be used to personally identify users.
2.9.6 Affiliate and Influencer Marketing
We use third-party tracking technologies to measure the effectiveness of our affiliate and influencer marketing campaigns. These tracking tools may collect information about your interactions with our website, including the pages you visit and the links you click on. We use the services Stylight from Stylight GmbH (Germany, EU) and Lefty from Modern Agency SAS (France, EU).
The information collected may include personal data such as IP addresses, device information, browser types and usage activity. This data is used exclusively to analyze the performance of our affiliate and influencer marketing activities.
Cookies are placed on your end device to integrate the service. Cookies are also set with your consent, which you can revoke at any time with effect for the future via our Consent Management Tool.
Further information on data protection at Stylight can be found at: https://about.stylight.com/privacy-policy-de_de.
You can find further information on data protection from Lefty at: https://help.lefty.io/en/articles/2070888-lefty-privacy-policy.
2.10 Services and third-party content
We use services and content (hereinafter collectively referred to as ‘content’)
provided by third parties on our website. To implement such content, we rely on a two-click-solution.
With the two-click-solution no connection to the third-party provider is made at first. Instead, a placeholder
is loaded from our own server. This placeholder may be a preview image for the implemented maps or videos.
A connection to the third-party server will only be made upon a further click on the respective placeholder.
Thus, the IP address is only transferred, if you confirm the transfer by clicking on a placeholder.
The data processing is carried out with your consent and is based on Art. 6 section 1 letter a) GDPR.
We have implemented the following content provided by third parties on our website:
‘YouTube’ by Google Ireland Limited (Ireland/EU) for the display of videos. We use Google in privacy enhanced mode. For further information, please go to our consent management tool.
‘Spotify’ by Spotify AB (Sweden) for the implementation of audio content.
We use further services and content on our website which are necessary for the flawless operation of our website and for providing specific functions of the website. For implementing such content, it is necessary to process your IP address, so that the contents can be sent to your browser. Your IP address will, therefore, be transferred to the respective third-party providers. This data is processed in order to safeguard our legitimate interests and finds its legal basis in Art. 6 section 1 letter f) GDPR. You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have implemented the following content provided by third parties on our website:
‘JUNE Key CDN’ (Germany) to display images.
‘MaxMind’ by MaxMind Inc. (USA) for providing country-specific shops relying on IP localization.
"Cloudflare" by Cloudflare Inc. (USA) as CDN to display product images and to ensure the security of our website.
3. Data processing on our Social Media
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:
- Facebook of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter "Meta"
- Instagram of Meta Platforms Ireland Limited, (Ireland, EU)
- LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter "LinkedIn"
- TikTok of TikTok Technology Limited, (Ireland, EU), hereinafter "TikTok"
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
3.1 Visiting a Social Media page
When you visit our social media page, through which we present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are solely responsible for this processing of personal data. You will find further information about the processing of personal data in their data protection declarations, which we link to below:
- Meta (https://www.facebook.com/privacy/explanation). Meta offers the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads
- LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)
- TikTok (https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE)
The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymised form, with the help of which we gain knowledge about the types of actions that people take on our page (so-called "page insights"). These page insights are generated on the basis of certain information about individuals who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Article 6 section 1 letter GDPR.
We cannot attribute the information obtained via page insights to individual user profiles interacting with our pages. We have entered into joint controller processing agreements with the operators of the social media platforms, which set out the distribution of data protection obligations between us and the operators. Details of the processing of personal data to create page insights and the agreement entered into between us and the operators can be found at the following links:
- Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data)
- LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum)
- TikTok (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms)
You also have the option of asserting your rights against the operators. You can find more information on this at the following links:
- Meta (https://www.facebook.com/privacy/explanation)
- LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de)
- TikTok (https://privacytiktok.zendesk.com/hc/en-us/requests/new)
We have agreed with the operators that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at https://www.dataprotection.ie/) or any other supervisory authority.
3.2 Communication via Social Media sites
We also process information that you have provided to us via our company page on the relevant social media platform. Such information may be the username used, contact details or a message sent to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting people who make enquiries. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have consented (Art. 6 para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR).
4. Closed warehouse sale
If you register for our warehouse sale via our website, we process personal data
for booking appointments and sending invitations. The controller of the data processing is
Closed Outled GmbH
Straßenbahnring 6, 20251 Hamburg
+49 40 44 18 40 0
The data collected as part of the appointment booking is necessary for the organisation of the event and is processed by us for this purpose. The legal basis for the data processing is Art. 6 para. 1 letter f) GDPR. For the booking, we use a service provider who acts as processor on our behalf.
Furthermore, we send postal invitations for future warehouse sales. This processing activity is also justified under Art. 6 para. 1 letter f) GDPR. You have the right to object to this form of data processing at any time.
5. Further data processing (Online und Offline)
5.1 Contact via email
If you send us a message via our contact email address, we will process the transferred data in order to process the request. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 para. 1 letter f) GDPR
We use the Freshdesk ticketing system, a service provided by Freshworks Inc (USA), to answer requests in a simple and structured manner. Freshworks processes your data as an outsourced processor exclusively on our instructions and for the purpose of answering your request.
5.2 (Potential) Customer Data
If you reach out to us as a customer or potential customer, we process your data in order to establish and execute the contractual relationship to the extent necessary. This usually includes processing of personal master, contract and payment data provided to us as well as contact and communication details of our contact persons at commercial customers and business partners. The legal basis for this is Art. 6 para. 1 letter b) GDPR. Additionally, we process data of customers and potential customers for purposes of analysis and marketing. This processing activity finds its legal basis in Art. 6 para. 1 letter f) GDPR and serves our interest in improving our product range and informing about our services in a targeted manner. Further data processing can take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).
5.3 Use of the email address for marketing purposes
We may use the email address you provided when registering or ordering from us to inform you about our own similar products and services offered by us. The legal basis is Art. 6 para. 1 letter f) GDPR in conjunction with. section 7 para. 3 UWG. You can object to this at any time without any costs arising by virtue thereof, other than the transmission costs pursuant to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an email to firstname.lastname@example.org
5.4 Offline orders
If you order a product by telephone, we process personal data exclusively to execute the contract or to be able to provide you with the product you have ordered. During the ordering process, we only process data which you have provided yourself. To enable delivery of the products you ordered, we transfer the data required for delivery to one of our shipping service providers as specified in the order. The legal basis for the processing is Art. 6 section 1 letter b) GDPR. All data fields marked as mandatory must be filled in to enable us to process your order. Failure to fill in the mandatory fields results in our inability to process your order. The provision of further data is voluntary.
5.5 Customer Communication via WhatsApp
You can contact us via the WhatsApp Business service of WhatsApp Ireland Limited (Ireland, EU) in order to get in touch with us and, for example, to make enquiries about the availability of products. In this case, we process the telephone number you use and the other information you provide in order to answer your questions. WhatsApp acts as a processor and is obliged to process the data exclusively for our purposes.
Your data is processed within the scope of our legitimate interest in providing a pleasant customer service. The legal basis is Art. 6 para. 1 letter f GDPR.
Further information on data protection at WhatsApp can be found in WhatsApp's data processing conditions at https://www.whatsapp.com/legal/business-data-processing-terms.
When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the review of your application. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you a position, we will retain the data you provide for up to six months for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is section 26 para. 1 BDSG. If we keep your applicant data for a period longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal of consent does not affect the lawfulness of the processing, which has taken place prior to the withdrawal.