Privacy policy.

DATA PROTECTION NOTICE

DATA PROTECTION NOTICE

This data protection information applies to data processing on the www.stetson-london.com website and all associated sub-domains, and is carried out by the following responsible entity:

Hat Retail Ltd

Registered Office: 1 Blatchington Road, Hove, East Sussex, BN3 3YP

Definitions

We use the following terms, among others, in this Privacy Policy:

Personal Data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller or person responsible for processing

The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Third Party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent

Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Collection and Storage of Personal Data as well as the Type and Purpose of their Use

When visiting the website
When you visit our website www.stetson-london.com, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted, usually after one week:

  • IP address of the requesting computer,

  • Date and time of access,

  • Name and URL of the data being called up,

  • Website from which access is being made (referrer URL),

  • Browser used and, if applicable, the operating system of your computer and the name of your access provider.

The data mentioned is processed by us for the following purposes:

  • Ensuring a smooth connection to the website,

  • Ensuring comfortable use of our website,

  • Evaluation of system security and stability,

  • Clarification of any abusive page accesses (DoS/DDoS attacks or the like) and
    for further administrative purposes.

The legal basis for data processing is Art. 6 (1) (1) (f) General Data Protection Regulation [GDPR]. Our legitimate interest results from the data collection purposes listed above. As a rule, we do not use the collected data to draw conclusions about you personally. We reserve the right to do this should it become necessary in order to clear up abusive page access.

In addition, we use cookies and analysis services when you visit our website (see Cookies and Analysis Tools)

When registering for our newsletter
If, according to Art. 6 (1) (1) (a) GDPR, you have expressly consented, we will use your email address to regularly send you our newsletter. To receive the newsletter, it is sufficient to provide an email address.

You can also voluntarily provide us with your title, last name and first name (Art. 6 (1) (a) GDPR). If necessary, we will process this additional data based on the consent you gave to personalize our newsletter for you, i.e., to address you personally as the recipient.

The registration for our newsletter takes place in a so-called double opt-in procedure, i.e., after registration you will receive an email in which you will be asked to confirm your registration. The subsequent confirmation is recorded by us for verification purposes; the time of registration and confirmation will be saved along with your email address.

You can unsubscribe from the newsletter at any time, for example via a link at the end of each newsletter.

You can also send the revocation of your consent to the use of your salutation as well as your last name and first name, or also as a request to unsubscribe from the newsletter, to info@stetson-london.com by email at any time.

If you unsubscribe from the newsletter, the data you shared with us beyond your email address will also be deleted from the distribution list.

When using our contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on the website. You will need to provide a valid email address so that we know who sent the request and can then respond to it. Further information can be provided voluntarily.

The data processing for the purpose of contacting us takes place in accordance with Art. 6 (1) (1) (a) GDPR on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been handled.

Data protection notice for business partners

We are pleased that you are interested in Hat Retail Ltd and that you are contacting us.

The protection of your data is very important to us. With the data protection notice, we provide you with the following information in accordance with Art. 13 DSGVO on the processing of your personal data in connection with our business relationship.

What data do we process and for what purposes?

We only process personal data that we have received from you or, if applicable, from publicly accessible sources in the course of our business relationship.

Personal data in the sense of Art. 4 No. 1 DSGVO can be: Names, telecommunication data and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product data, documentation data, as well as other data comparable with the aforementioned categories.

The provision of your personal data is necessary for the initiation, implementation and processing of the contractual relationship. If it is not provided, it is unfortunately not possible for us to contact you to clarify the pre-contractual or contractual issues.

On what legal basis is the processing of your personal data based?

Your personal data is processed in accordance with the legal provisions of the DSGVO and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate a contract (Art. 6 para. 1 p. 1 lit. b DSGVO),

Furthermore, we may use this data for additional purposes within the scope of our business relationship.

How long is the data stored?

We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods such as the German Commercial Code or the German Fiscal Code.

To whom is the data passed on and where is it processed?

We use the personal data only for our own purposes in the course of the business relationship.

We would like to point out that we generally assume that our e-mail correspondence is business-related and therefore forward e-mails to your representatives in the absence of employees for better service.

Data Transfer

No transfer of your personal data to third parties for purposes other than those listed below shall take place. We will only pass on your personal data to third parties if:

  • according to Art. 6 (1) (1) (a) GDPR, you have given express consent to this,

  • the transfer according to Art. 6 (1) (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

  • in the event that there is a legal obligation for the transfer under to Art. 6 (1) (1) (c) GDPR, and
    this is legally permissible and according to Art. 6 (1) (1) (b) GDPR is required for the processing of contractual relationships with you.

Cookies

We do not use cookies on Stetson-London.com website.

Social Media Plug-ins

On the basis of Art. 6 (1) (1) (f) GDPR, on this website we use social plug-ins from the Facebook, Google+, Twitter, Pinterest, YouTube, Vimeo and Instagram social networks in order to make us better known via these social networks. The underlying advertising purpose corresponds to our legitimate interest, Art. 6 (1) (f) GDPR. Responsibility for the data-protection-compliant operation of the social networks must be guaranteed by their respective providers.

These plug-ins are integrated using the so-called two-click method in order to protect users in the best way possible [A6]. This means that when a user visits our site, no personal data is initially transmitted to the plug-in provider. Users can identify the provider of the plug-in by the box logo. We give users the option of using the button to communicate directly with the provider of the plug-in. The plug-in provider will receive the information that a user has accessed the corresponding website of our online offer only when a user clicks on the highlighted field which activates it. In addition, personal data (in particular the IP address) is then transmitted to the provider of the respective plug-in. Some providers make the IP address anonymous as soon as it is collected. By activating the plug-in, the user’s personal data may be transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data in particular via cookies, we recommend that users delete all cookies via the security settings of their browser before clicking on the grayed-out box.

We have no influence on the data collected and the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods at the plug-in providers. We also have no information on the deletion of the data collected by the plug-in provider.

The respective plug-in provider stores the data collected about users of our online offer as usage profiles and uses them for the purposes of advertising, market research and/or the demand-based design of their own website. Such an evaluation is carried out in particular (even for users who are not logged in) to display demand-based advertising and to inform other users of the social network about the activities of users on our website. Users have the right to object to the creation of these user profiles, wherein a user has to contact the respective plug-in provider directly to exercise this right. Regardless of this, we offer users the opportunity to interact with social networks and other users via the plug-ins, so that we can improve our offer and make it more interesting for our users.

The data is passed on regardless of whether users have an account with the plug-in provider and are logged in there. If users are logged in with the plug-in provider, the data we collect will be associated directly with their existing accounts with the plug-in provider. If a user presses the activated button and, for example, links the page, the plug-in provider also saves this information in the relevant user account and shares it publicly with the user’s contacts. We therefore recommend logging out regularly after using a social network, but especially before activating the button, as this can avoid an assignment to the profile of the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in providers can be found in the privacy policies of these providers, which are provided below. There you will also find further information on the rights of users and the options for privacy protect settings within these networks.

Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA;
https://help.instagram.com/155833707900388.

Google Maps

On our website, we use Google Maps to display our location and to create directions. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you access our website.

If you call up the Google Maps component integrated into our website, Google stores a cookie on your terminal device via your Internet browser. In order to display our location and create directions, your user settings and data are processed. Here, we cannot exclude that Google uses servers in the USA.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.

Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be transmitted.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item “Cookies”.

In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for GoogleMaps https://www.google.com/intl/de_de/help/terms_maps.html.

In addition, Google offers further information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy.

Data transfer to the USA

In its ruling in 2020, the European Court of Justice (ECJ) declared the so-called EU-US Privacy Shield agreement invalid. This was previously considered the legal basis for data transfer to the USA. The General Data Protection Regulation (GDPR) requires that a sufficient level of data protection is guaranteed in a third country for the transfer of personal data to that country. According to the ECJ ruling, this is not the case in the USA, as the US authorities have access to electronic data. In addition, there are hardly any legal protection options for data subjects, so it is not possible to enforce rights against surveillance measures in court. Only an ombudsman procedure is available, but this does not meet the legal standards in the EU.

To ensure a level of security that corresponds to that of the GDPR, we conclude so-called standard contractual clauses with service providers. In addition, a transfer of personal data is possible insofar as the data subject has given his or her express consent to the processing pursuant to Art. 49 (1) p. 1 lit. a DSGVO and has been informed in advance about the associated risks. Therefore, explicit reference is hereby made once again to the legal risks mentioned above.

Affected Rights

You have the right:

* to access information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can access information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of these;

We may only refuse to provide you with access if and to the extent that the access reveals information that, according to a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party, must be kept confidential (Section 29 (1) (2) of the Federal Data Protection Act [BDSG]), the responsible public authority has determined for us that the disclosure of the data would endanger public safety or order, or otherwise be detrimental to the well-being of the federal government or a state (Section 34 (1) (1) BDSG in conjunction with Section 33 (1) (2) (b) BDSG), or the data are only stored because they may not be deleted due to legal or statutory retention requirements, or are used exclusively for data backup or data protection purposes and the provision of access to the information would require a disproportionate effort, and processing for other purposes is excluded through suitable technical and organizational measures (Section 34 (1) (2) BDSG).

* in accordance with Art. 16 GDPR, to immediately request the rectification of incorrect or incomplete personal data stored by us;

* to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;

* to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you do need them for the assertion, exercise or defense of legal claims, or you have objected to processing in accordance with Art. 21 GDPR;

* in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible entity;

* to revoke your consent given to us at any time in accordance with Art. 7 (3) GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future,

* if your personal data is being processed based on legitimate interests in accordance with Art. 6 (1) (1) (f) GDPR, to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection which we will implement without specifying a particular situation.

In addition, you have a general right to complain to the data protection supervisory authority with jurisdiction over you. The authority with jurisdiction over us is the “State Commissioner for Data Protection of North Rhine-Westphalia”.

If you would like to exercise your right of revocation or objection, an email to info@stetson-london.com is sufficient.

Updates and changes to this Privacy Policy

This Privacy Policy is currently valid and is dated July 2022. Due to the ongoing development of our website and the offers conveyed therein, or changes in legal or regulatory requirements, it may be necessary to modify this Privacy Policy.

Company Registration No: 13950501

STETSON-LONDON NEWSLETTER

Our privacy policy applies to our newsletter.

© 2023 – Hat Retail Ltd - All rights reserved

Imprint & Privacy Policy