Privacy policy
Data Controller:
Mert Karaöz
Pestalozzistraße 11
91052 Erlangen
Email: support@fortyfour-sneaker.com
Phone: +49 152 22086703
We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information on how we handle your data.
1. Access Data and Hosting
You can visit our website without providing personal information. Each time a website is accessed, the web server automatically saves a so-called server log file, which includes the name of the requested file, your IP address, the date and time of the request, the amount of data transferred, and the requesting provider (access data) and documents the retrieval. These access data are used solely for the purpose of ensuring the trouble-free operation of the site and improving our services. This serves to protect our overriding legitimate interests in the correct representation of our offer according to Art. 6 Para. 1 Sentence 1 lit. f GDPR.
Hosting
The services for hosting and displaying the website are partially provided by our service providers within the framework of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in the designated forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
Our service providers have servers in the following countries, for which the European Commission has determined an adequate level of data protection: Canada.
2. Data Processing for Contract Fulfillment and Contact
2.1 Data Processing for Contract Fulfillment
For the purpose of contract fulfillment (including inquiries and processing of any warranty and performance claims as well as any legal updating obligations) according to Art. 6 Para. 1 Sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it during your order. Mandatory fields are marked as such because we need this data for the contract fulfillment and cannot process the order without it. The data collected can be seen from the respective input forms.
Further information on the processing of your data, particularly on the transfer to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After the complete fulfillment of the contract, your data will be restricted for further processing and deleted after the expiration of tax and commercial law retention periods according to Art. 6 Para. 1 Sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data according to Art. 6 Para. 1 Sentence 1 lit. a GDPR or we reserve further data use that is legally permissible and about which we inform you in this declaration.
2.2 Customer Account
If you have consented to it according to Art. 6 Para. 1 Sentence 1 lit. a GDPR by choosing to open a customer account, we use your data to open the customer account and store your data for future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or through a designated function in the customer account. After deletion of your customer account, your data will be deleted, unless you have expressly consented to further use of your data according to Art. 6 Para. 1 Sentence 1 lit. a GDPR or we reserve further data use that is legally permissible and about which we inform you in this declaration.
2.3 Contact
In the context of customer communication, we collect personal data to process your inquiries according to Art. 6 Para. 1 Sentence 1 lit. b GDPR when you voluntarily provide it during a contact with us (e.g., via contact form or email). Mandatory fields are marked as such because we need this data to process your contact request. The data collected can be seen from the respective input forms. After the complete processing of your request, your data will be deleted unless you have expressly consented to further use of your data according to Art. 6 Para. 1 Sentence 1 lit. a GDPR or we reserve further data use that is legally permissible and about which we inform you in this declaration.
3. Data Processing for Shipping Fulfillment
For the fulfillment of the contract according to Art. 6 Para. 1 Sentence 1 lit. b GDPR, we pass your data to the shipping service provider entrusted with the delivery, as far as necessary for the delivery of ordered goods.
Data Transfer to Shipping Service Providers for Shipping Notification
If you have given us your express consent during or after your order, we will pass your email address and phone number to the selected shipping service provider based on this consent according to Art. 6 Para. 1 Sentence 1 lit. a GDPR, so that they can contact you before delivery for the purpose of delivery notification or coordination. Consent can be withdrawn at any time by sending a message to the contact option described in this privacy policy or directly to the shipping service provider at the contact address provided below. After withdrawal, we will delete the data provided for this purpose, unless you have expressly consented to further use of your data or we reserve further data use that is legally permissible and about which we inform you in this declaration.
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
4. Data Processing for Payment Handling
For payment processing in our online shop, we work with these partners: technical service providers, credit institutions, payment service providers.
4.1 Data Processing for Transaction Handling
Depending on the selected payment method, we pass the necessary data for processing the payment transaction to our technical service providers, who act on our behalf, or to the credit institutions or selected payment service provider, as far as necessary for processing the payment. This serves the fulfillment of the contract according to Art. 6 Para. 1 Sentence 1 lit. b GDPR. Some payment service providers collect the data required for processing the payment themselves, e.g., on their own website or through technical integration in the ordering process. The privacy policy of the respective payment service provider applies in this regard. For questions about our payment processing partners and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
4.2 Data Processing for Fraud Prevention and Optimization of Our Payment Processes
We may also provide our service providers with additional data, which they use together with the necessary payment data as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, handling disputed payments, supporting accounting). This serves, according to Art. 6 Para. 1 Sentence 1 lit. f GDPR, to protect our overriding legitimate interests in securing against fraud and efficient payment management.
5. Advertising via Email
Email Newsletter with Registration
When you sign up for our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time either by sending a message to the contact option described below or through a dedicated link in the newsletter. After unsubscribing, we will remove your email address from the recipient list unless you have explicitly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve a further use of data that is legally permitted and about which we inform you in this statement.
6. Cookies and Other Technologies
6.1 General Information
To make our website attractive and to enable the use of certain functions, we use technologies, including so-called cookies, on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).
Privacy Protection for Devices When using our online services, we use strictly necessary technologies to provide the expressly requested telemedia service. The storage of information on your device or access to information already stored on your device does not require consent in this case.
For functions that are not strictly necessary, the storage of information on your device or access to information already stored on your device requires your consent. Please note that if consent is not given, some parts of the website may not be fully usable. Any consent you have given remains valid until you adjust or reset the settings on your device.
Subsequent Data Processing by Cookies and Other Technologies We use technologies that are essential for using certain functions of our website (e.g., shopping cart function). These technologies collect and process IP address, visit time, device and browser information, as well as information about your use of our website (e.g., information about the contents of the shopping cart). This serves, within the scope of a balancing of interests, predominant legitimate interests in the optimized presentation of our offer according to Art. 6 Para. 1 S. 1 lit. f GDPR.
We also use technologies to fulfill legal obligations to which we are subject (e.g., to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
The cookie settings for your browser can be found at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
If you have consented to the use of technologies according to Art. 6 Para. 1 S. 1 lit. a GDPR, you can withdraw your consent at any time with effect for the future by sending a message to the contact option described in the privacy policy. Alternatively, you can also visit the following link: https://fortyfour-sneaker.com/?id=GDPR_769769dd5c4da8efb4d18bf16ca2c677. If cookies are not accepted, the functionality of our website may be limited.
6.2 Consent Manager Platform (CMP)
On our website, we use a consent management service ("Consent Manager Platform (CMP)") to inform you about the cookies and other technologies we use on our website, and to obtain, manage, and document any necessary consent for the processing of your personal data by these technologies. This is required by Art. 6 Para. 1 S. 1 lit. c GDPR to fulfill our legal obligation under Art. 7 Para. 1 GDPR to be able to prove your consent to the processing of your personal data. The CMP used is provided by iubenda s.r.l, Via San Raffaele, 1, 20121 Milan, Italy, which processes your data on our behalf.
After you submit your cookie statement on our website, the web server stores the following data: IP address, device information, browser information, selected language, visited webpage or its URL, date and time of your consent statement, and information about your consent behavior.
Additionally, the following technologies are used, which contain information about your consent behavior: Cookies, Logfiles
The data is stored solely on the device, and there is no transmission of personal data to the provider of the Consent Manager Platform (CMP). Your data will be deleted after one year, unless you have explicitly consented to further use of your data in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR or we reserve a further use of data that is legally permitted and about which we inform you in this statement.
6.3 Information on Third-Country Transfers (Data Transfer to Third Countries)
We use technologies from service providers on our website whose headquarters and/or server locations may be in third countries outside the EU or EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by other appropriate safeguards.
Appropriate safeguards in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection rules (Binding Corporate Rules) are generally possible but require a prior review by the parties to the contract to ensure that an adequate level of protection can be guaranteed. According to the case law of the CJEU, it may be necessary to take additional protective measures.
We have generally agreed on the standard data protection clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree on additional safeguards to ensure adequate data protection in third countries without an adequacy decision.
However, it may happen that despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In these cases, if necessary, we request your consent under Art. 49 Para. 1 lit. a GDPR for the transfer of your personal data to a third country.
In particular, there is a risk that local authorities in the third country may have access rights to your personal data that are not sufficiently restricted from a European data protection perspective, which we as the data exporter or you as the data subject may not be aware of, and/or that you may not have adequate legal remedies to prevent or challenge such access.
Currently, the following countries are considered third countries without an adequacy decision by the EU Commission (examples):
- China
- Russia
- Taiwan
You can find out which third countries data is transferred to in the privacy notices of the respective tools used or our consent management/service providers.
7. Use of Cookies and Other Technologies
If you have given your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR, we use the following cookies and other technologies from third parties on our website. After the purpose has been achieved and the use of the respective technology has ended, the data collected in this context will be deleted. You can withdraw your consent at any time with effect for the future. Further information on how to withdraw your consent can be found in the section "Cookies and Other Technologies". Further information, including the basis of our collaboration with the individual providers, can be found with the respective technologies. For questions about the providers and the basis of our collaboration with them, please contact the contact option described in this privacy policy.
7.1 Use of Google Services
We use the following technologies from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by the Google technologies about your use of our website is usually transmitted to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Unless otherwise specified for the individual technologies, data processing is based on an agreement between joint controllers according to Art. 26 GDPR. Further information about data processing by Google can be found in Google’s privacy policy.
Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has made an adequacy decision.
Our service providers are located and/or use servers in countries outside the EU and EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on standard contractual clauses of the European Commission.
Google Analytics For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, visit time, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address is stored on a server within the EU to derive location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is based on a data processing agreement with Google.
To optimize the marketing of our website, we have activated the data sharing settings for "Google Products and Services". This allows Google to access and subsequently use the data collected and processed by Google Analytics to improve Google’s services. Data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no influence over the subsequent data processing by Google.
For testing and implementation purposes, we also use the extension function of Google Analytics, Google Optimize.
To optimize the marketing of our website, we use the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data from one or more sessions on our online sites and thus analyze your user behavior across devices and sessions.
Google Analytics
For the purpose of website analysis, data (IP address, time of visit, device and browser information, and information about your use of our website) is automatically collected and stored using Google Analytics. This data is used to create usage profiles under pseudonyms, and cookies may be employed for this purpose. If you visit our website from the EU, your IP address is stored on a server located in the EU to derive location data and is then immediately deleted before the traffic is forwarded to other Google servers for processing. Data processing is based on a data processing agreement with Google.
To optimize the marketing of our website, we have activated data sharing settings for "Google Products and Services." This allows Google to access and use the data collected and processed by Google Analytics to improve Google services. Data sharing with Google under these settings is based on an additional agreement between the data controllers. We have no influence on the subsequent data processing by Google.
We also use the Google Analytics extension feature Google Optimize for creating and conducting tests.
To optimize the marketing of our website, we use the so-called User-ID feature. This feature allows us to assign a unique, permanent ID to your interaction data from one or more sessions on our online presence, enabling cross-device and cross-session analysis of your user behavior.
7.2 Use of Facebook Services
Facebook Analytics
As part of Facebook Business Tools, statistics about visitor activities on our website are created from data collected by the Facebook Pixel. Data processing is based on a data processing agreement with Facebook (by Meta). This analysis serves the optimal representation and marketing of our website.
Facebook Ads (Ad Manager)
Through Facebook Ads, we advertise this website on Facebook (by Meta) and other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the precise implementation, especially the decision on the placement of ads to individual users. Unless otherwise specified for the individual technologies, data processing is based on an agreement between joint controllers according to Art. 26 GDPR. Joint responsibility is limited to data collection and transmission to Meta Platforms Ireland. The subsequent data processing by Meta Platforms Ireland is not covered by this.
8. Social Media
8.1 Social Plugins from Facebook (by Meta), Instagram (by Meta), Whatsapp
Our website uses social buttons from social networks. These are only integrated as HTML links into the page, so that no connection with the servers of the respective provider is established when you visit our website. When you click on one of the buttons, the website of the respective social network opens in a new browser window. There you can, for example, use the Like or Share button.
8.2 Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube, LinkedIn
If you have given your consent according to Art. 6 Para. 1 Sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the mentioned social media. This data is used to create pseudonymous usage profiles that can be used to display ads within and outside the platforms that are presumed to match your interests. Typically, cookies are used for this purpose. Detailed information on the processing and use of data by the respective social media operator, as well as contact options and your related rights and settings to protect your privacy, can be found in the privacy notices linked below. If you need help with this, you can contact us.
Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. Data processing within the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers have servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
There is an adequacy decision by the European Commission for the USA as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.
Our service providers have servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard Contractual Clauses of the European Commission.
Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and stored there. Data processing within the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers according to Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers have servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
There is an adequacy decision by the European Commission for the USA as a basis for third-country transfers, provided the respective service provider is certified. Certification is available.
Our service providers have servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on these guarantees: Standard Contractual Clauses of the European Commission.
YouTube is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our online presence on YouTube is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there.
Our service providers have servers in countries outside the EU and EEA, for which the European Commission has determined an adequate level of data protection.
Our service providers have servers in countries outside the EU and EEA. For these countries, there is no adequacy decision by the European Commission. Our cooperation with them is based on Standard Contractual Clauses of the European Commission.
LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transferred to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there.
Our service providers have servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA.
There is an adequacy decision by the European Commission for the USA as a basis for third-country transfers, provided the respective service provider is certified. Until certification by our service providers, data transfer continues to rely on these guarantees: Standard Contractual Clauses of the European Commission.
9. Contact Options and Your Rights
9.1 Your Rights
As an affected person, you have the following rights:
- According to Art. 15 GDPR, the right to request information about your personal data processed by us, to the extent specified therein.
- According to Art. 16 GDPR, the right to request the immediate correction of inaccurate or completion of your personal data stored with us.
- According to Art. 17 GDPR, the right to request the deletion of your personal data stored with us, provided that further processing is not necessary:
- for the exercise of the right to freedom of expression and information;
- to fulfill a legal obligation;
- for reasons of public interest or
- for the assertion, exercise, or defense of legal claims.
- According to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, provided that:
- the accuracy of the data is contested by you;
- the processing is unlawful, but you oppose its deletion;
- we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims, or
- you have objected to the processing according to Art. 21 GDPR.
- According to Art. 20 GDPR, the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller.
- According to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Right to Object
To the extent that we process personal data to protect our legitimate interests as explained above, you may object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. If the processing is for other purposes, you have a right to object only in the presence of reasons arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the assertion, exercise, or defense of legal claims.
This does not apply if the processing is for direct marketing purposes.
9.2 Contact Options
For questions regarding the collection, processing, or use of your personal data, or for inquiries, corrections, restrictions, or deletions of data, as well as withdrawal of consent or objections to specific data uses, please contact us directly using the contact details provided in our imprint.