Protecting your privacy is very important to us. In the following, we will provide in details how we deal with your information. We strictly adhere to the requirements of the GDPR and process data according to its principles.
You will find detailed information about "Tesma sport" and the handling of your data below.
1. Who we are and who is responsible for data processing
2.Scope of privacy Statement
3. What data does Tesma sport process and how is it collected?
4. For what purpose do we process data and what is our legal basis (justification) for doing so?
5. Who receives your data?
6. For how long do we process and store data?
7. Your rights as data subject
8. Must you provide us with data?
9. Automated decision-making and profiling
11. Our security measures
12. Links to other websites
1. WHO WE ARE AND WHO IS RESPONSIBLE FOR DATA PROCESSING
Tesma sport d.o.o. is company based in EU Slovenia, Senično 62, 4294 Križe, therefore, the company is responsible for data processing.
Is your data no longer correct, do you want to exercise your rights or do you have anything else on your mind? Just let our Customer Service staff know.
Email: [email protected]esmasport.si
Phone: 00386 4 59 58 760
2. SCOPE OF THE PRIVACY STATEMENT
This privacy statement applies to the Tesma sport d.o.o. within Europe, to all Tesma sport websites and all our other online appearances, including social media sites and in particular the Facebook fan page.
3. WHAT DATA DOES TESMA SPORT PROCESS AND HOW IS IT COLLECTED?
a) How does Tesma sport collect personal data?
We either collect the data ourselves, e.g. through your entry on our website, announcements in the store etc., or we obtain it from a third party, e.g. through via Facebook-Connect. Furthermore, we may also process data that we obtain from publicly available sources.
b) What data does Tesma sport process?
In compliance with data minimisation, Tesma sport only processes data that is required for the performance of the contract, the fulfilment of legal obligations or within the scope of our legitimate interests, or if you have expressly agreed to this. Wherever possible, Tesma sport (pseudo)-anonymises your data. You can read more on the subject under point 12, Security measures. Tesma sport does not process any special categories of customer data as laid out in Art. 9 GDPR.
The personal data processed by Tesma sport includes:
- personal data such as name, address, birthday, place of birth and delivery address,
- physical data such as weight, height, shoe size, clothing size, but only to the extent that it will not be possible to identify you personally,
- contact details such as telephone number, email address,
- data and information from electronic data interchange, such as IP addresses, cookies, pixels, apps, etc;
- order data from purchase orders,
- advertising and sales data,
- general communication data, such as inquiries and consultations via Customer Service,
- data which Tesma sport collects itself or through its partners, such as purchasing behaviour, payment behaviour and interests,
- data for the fulfilment of legal and official obligations,
- data for the fulfilment of contractual obligations such as warranties or guarantees,
- credit card data, which is masked before processing and used only within the context of abuse control,
- other account data, only for bank deposits and (return) transfers.
4. FOR WHAT PURPOSE DO WE PROCESS DATA AND WHAT IS OUR LEGAL BASIS (JUSTIFICATION) FOR DOING SO?
Tesma sport wants to offer you an optimum product range and the best possible selection of products and services, specifically tailored to your preferences and interests. We must also take into account country-specific circumstances such as language, currency and, if necessary, different regulations.
We process data on the basis of the above-cited legal grounds and the purposes associated with them.
a) For the fulfilment of (pre)contractual obligations (Art. 6 (1) lit b GDPR)
- Fulfillment of your purchase according to our GTCs,
- Advice and information in the buying process,
- Provision of services, such as travel and courses,
We collect, store, process and analyse the data mentioned above in order to enhance your shopping experience in our web shop and stores and to offer you the best advice and services such as travel, sports courses, contests and other events as well as the option to participate in all Tesma sport offers, and also to inform you about products, trends, innovations and services.
Legitimate interests of Tesma sport or a third party are:
- the execution of marketing activities, in particular personalised advertising in cooperation with third parties, e.g. advertising partners,
- the implementation of loyalty programs for customers,
- the provision of a customer account and customer profile on Tesma sport's websites
- the processing and storage of communication contents from emails, phone calls or other communication means (e.g. in the event of complaints, requests for information in accordance with point 6),
- the dispatch of your order by order processors, in particular carriers who may also receive your email address and telephone number for delivery and tracking purposes,
- maintaining the functionality of our website, our online shops and other Tesma sport online media,
- the analysis of purchasing behaviour by Tesma sport and advertising partners,
- the implementation of monitoring measures to protect employees, customers and the property of Blue Tomato, suppliers and other partners,
- the enforcement of legal claims and defence against unjustified claims,
- measures to combat and prevent fraud, e.g. credit card fraud,
- consultation of credit agencies and data exchange for credit checks,
- the implementation of measures for the further development of the product and service range,
- statistical evaluations
- coordination, business development and strategic measures within the Tesma sport.
According to Art. 21 GDPR, in individual cases it is possible to object to data processing on the basis of legitimate interests. You can find out more about this under point 6.
c) Within the scope of your consent (Art. 6 (1) lit a)
Apart from points a) and b), Tesma sport only processes your personal data after you have given us your consent, e.g. for sending newsletters or using cookies (more on this under point 10, Cookies policy). Your consent can be revoked at any time. Please also refer to point 6 in this respect.
5. WHO RECEIVES YOUR DATA?
a) General provisions
Tesma sport has clear rules on who may receive personal data. Within the Tesma sport, your data is made available only to those departments and employees who require it to fulfill contractual, legal and supervisory tasks and obligations and to safeguard the legitimate interests listed under point 3 b).
Furthermore, your data is also made available to processors commissioned by Tesma sport, i.e. companies that support us in fulfilling our corporate goals and tasks, such as IT companies, payment providers, suppliers, deliverers, printers, to the extent necessary to perform the tasks assigned to them. Tesma sport concludes written agreements with these processors which oblige them to comply with the same requirements that apply to Tesma sport.
In addition, Tesma sport also makes personal data available to third parties with whom Tesma sport cooperates within the scope of the aforementioned processing purposes or who may have a legitimate interest within the scope of the cooperation, e.g. payment providers or trading platforms. If there is a legal or official obligation, public authorities may also receive data from us.
b) Data transfer to third countries
Data will only be transferred to countries outside the EU if the country has an adequate level of protection according to Art. 45 GDPR or if other safeguards according to Art. 46 GDPR appropriately protect your data.
Tesma sport has drawn up binding corporate rules within the Group, which must be approved by the data protection authorities in accordance with Art. 46 (2) lit b, in addition to the standard data protection clauses pursuant to Art. 46 (2) lit c. Tesma sport transmits data on the basis of these safeguards.
c) Other data transmission to the USA
For the sake of completeness, we would like to point out that in the USA the surveillance measures of US authorities allow the general storage of all personal data of all persons whose data has been transmitted from the EU or Switzerland to the USA. This is done without differentiation, restriction or exception with respect to the aim pursued and without an objective criterion that would make it possible to restrict the US authorities' access to data and its subsequent use to very specific, strictly limited purposes which justify the interference associated with both access to, and use, of such data. Furthermore, we would like to point out that, in the USA, there are no legal remedies available to data subjects which would allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights by US authorities. We explicitly draw your attention to this legal and factual situation so that you can make an informed decision when you agree to the use of your data.
We would also like to expressly point out that the USA and in particular companies outside the "EU-U.S. and Swiss-U.S. Privacy Shield Framework" do not provide an adequate level of data protection.
6. FOR HOW LONG DO WE PROCESS AND STORE DATA?
We retain your data for the duration of the business relationship and in order to carry out advertising activities within the framework of legitimate interests, for as long as you do not exercise your right to object to this processing according to Art 21 GDPR or, where you have given us your consent, if you do not revoke it. For more information, refer to point 6.
Longer retention periods may be required due to legal storage and documentation obligations. In particular, this refers to the Business Code (UGB) as well as other national and European legal requirements.
Due to our warranty obligations and the guarantees of our suppliers, or on the basis of statutory regulations, retention periods of 3 years (short period of limitation) or, in individual cases, also considerably longer retention periods (long period of limitation) may be necessary.
7. YOUR RIGHTS AS DATA SUBJECT.
The GDPR grants you comprehensive protection and information rights and particularly the right to object and withdraw in accordance with point g). You can contact Tesma sport with your request or complaint at any time.
Your rights, which you can normally exercise free of charge, in detail:
a) Right to be informed according to Art. 15 GDPR
You have the right to obtain information free of charge concerning the personal data stored about you and, if necessary, the right to correct, block or delete it, and to withdraw given consents. Please contact our data protection officer if you would like to know how your data is used.
b) Right to rectification according to Art. 16 GDPR
Is your data no longer correct, do you want to exercise your rights or do you have anything else on your mind? Just let our Customer Service staff know.
Email: [email protected]esmasport.si
Phone: 00386 4 59 58 760
c) Right to erasure or restriction according to Articles 17 and 18 GDPR
Upon request and under the conditions of Art. 17 GDPR, we will delete your data unless we are entitled to its further use.
Under the conditions of Art. 18 GDPR, where we cannot delete the data, you can request a restriction of our data processing.
We will also always inform data recipients of your request and ask them to comply with it.
d) Right to data portability: regulated in Art 20 GDPR
You can request us to make your personal data available to you.
e) Right to object in accordance with Art. 21 GDPR and to withdraw consent in accordance with Art. 13 GDPR
If the processing of your data is based on your consent according to Art. 6 (1) lit a, you can withdraw this consent at any time.
If we process your data on the basis of our legitimate interests, you can object to such processing in accordance with Art. 21 GDPR. We will then immediately check whether your request is justified.
To exercise your right to withdraw and object, simply contact our Customer Service or the Data Protection Officer.
f) Automated individual decision-making, including profiling, in accordance with Art. 22 GDPR
You have the right not to be subject to a decision based on automated processing and profiling if this has legal effect or significantly affects you in a similar manner.
Tesma sport uses automated decision making and profiling according to point 9.
8. MUST YOU PROVIDE US WITH DATA?
We need your data to process your order. When you make data available to us, you are obliged to provide truthful information. In the case of wrong information, i.e. if the age you indicate is incorrect, we are entitled to assert any resulting damages and to also file a complaint, if this is of criminal relevance.
You are not obliged to provide data or to give your consent for processing if the data is not relevant for the fulfillment of the contract.
However, due to the different age limits for approval and legal capacity, we may need to know your age in some cases.
9. AUTOMATED DECISION-MAKING AND PROFILING.
a) Automated decision-making.
Automated decision-making only takes place if you decide to purchase on account.
Identity and credit check for the payment method 'Purchase on account'
If you choose the payment method "Purchase on account" during the order process, you will be asked for your consent to make the necessary data available to SixPayment services for processing the payment and for an identity and credit check. If you give your consent, your data (first and last name, street name, house number, postcode, city, date of birth, telephone number) as well as data in connection with your order will be transmitted to SixPayment In order to check your identity and creditworthiness, SixPayment or partner companies commissioned by SixPayment transmit data to (business) credit agencies and receive information from these agencies and, where applicable, information about your creditworthiness on the basis of mathematical-statistical procedures, the calculation of which includes address data, among other things. Furthermore, where necessary, SixPayment employs third party assistance for the detection and prevention of fraud. Data obtained with this assistance may be stored in an encrypted form which only SixPayment can read at a third party location. This data is used only if you select the payment method "Purchase on account" of our cooperation partner SixPayment otherwise, this data expires automatically after 30 minutes.
Third party cookies are set by contractual partners who collect user information on the basis of a contractual relationship with Tesma sport in order to optimise and/or personalise marketing activities.
- necessary cookies (first party cookies only)
- essential cookies (first party and third party cookies)
- Advertising cookies/pixels (third party cookies)
b) Cookies/pixels used by Tesma sport
In the following list we give you an extensive description of all the cookies/pixels used by Tesma sport, in which personal data are used.
List of Cookies/Pixels used by Tesma sport
c) Revocation and objection options
- Microsofts Windows Internet Explorer
- Microsoft's Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile
By using browser extensions such as Ghostery you can deactivate individual cookies and determine which cookies are set. Installing the extension is quick and easy and it is available for all major browsers.
In the case of "third party cookies", the service providers themselves often offer deactivation options. The most important ones are listed under point d).
In addition, Tesma sport gives you the option of accepting or rejecting the use of a cookie via a cookie banner in each new session.
d) Website analysis and social media
Google Analytics is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies," which are text files that are stored on your computer, to help the Blue Tomato website analyse how users use the site. The information collected by the cookie regarding the use of our websites (including your IP address) is usually transferred to a Google server in the USA and stored there. Tesma sportpoints out that the code "gat._anonymizeIp();;" has been added to Google Analytics on the websites of Tesma sport to ensure an anonymous collection of IP addresses (so-called IP masking). Your IP address is only recorded by Google in a shortened form, which guarantees anonymisation and does not allow any conclusions to be drawn about your identity. If IP anonymisation is activated on our websites, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use the mentioned information to evaluate your use of the Tesma sport websites, to compile reports on the website activities for Tesma sport and to provide other services associated with the use of websites and the Internet to Tesma sport. The IP address that your browser transmits within the scope of Google Analytics is not merged with any other data held by Google. A transfer of this data by Google to third parties only takes place dur to legal regulations or within the scope of order data processing. Under no circumstances will Google match your data with other data collected by Google. With your consent you agree to the processing of the data collected about you by Google in the aforementioned manner of data processing and for the named purpose. You can prevent the storage of cookies by selecting the appropriate settings on your browser and other options as set out under point 10 c); however, Tesma sport points out that in this case you may not be able to use all the functions on our websites to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of this website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link. For more information about Google Analytics and data protection, see http://tools.google.com/dlpage/gaoptout?hl=de.
DOUBLECLICK BY GOOGLE
USE OF SOCIAL MEDIA PLUGINS
We do not use social media plugins. The signs and logos of Facebook, Instagram, Twitter and YouTube visible on Tesma sport websites are exclusively links to the pages of these services. If you click on one of these icons, the service provider will not receive any personal data from you.
You can share and view Tesma sport content there. By using the services of the respective provider you submit to their data protection regulations. See also our indications under point 12, Links to external websites.
e) Email marketing
By subscribing to the newsletter, your email address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time by clicking on the "Unsubscribe" link at the end of a newsletter, without incurring any costs other than the transmission costs according to the basic rates of your access provider. As a newsletter subscriber, we will regularly send you carefully selected offers of similar products from our range by email. Tesma sport has commissioned the service provider Mailchimp to individualise and improve our newsletter design. By linking different communication channels, records are created using cookies, which enable Tesma sport to inform you about current products and offers that meet your needs. By subscribing to the newsletter you also agree that we will forward your email address to Mailchimp.
11. OUR SECURITY MEASURES
Your personal data is encrypted during the order process using "Secure Socket Layer" (SSL) over the Internet (address transmission is excluded for newsletter subscriptions). Here we use the highly secure 128-bit encryption (SSL 3.0, RC4) from GeoTrust. Credit card data are not stored, but are collected and processed directly by our payment service provider "SixPayments".
We protect our website and other systems using technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.
In all processing activities, we observe the principles of the GDPR as laid out in Art. 5. and subject all processing activities to close scrutiny within the framework of our data protection management system. We also periodically carry out external data protection audits.
Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
12. LINKS TO OTHER WEBSITES
Tesma sport's websites contain links to websites of other companies. Tesma sport has no influence on the design and content of these third party websites, nor do we have any control over how the providers of these websites handle your information. Therefore, our privacy statement and our responsibility and liability do not extend to linked websites. If you have any questions, please contact these companies directly.