Please use one of these browsers for the best experience:

Release date: 26.01.2024

 

Privacy Policy

 

This Data Protection Information provides information on the processing of your personal data whenever you visit websites of PUMA Europe GmbH (hereinafter “PUMA”, “we” or “us”) and when purchasing goods from said websites.


1. Scope, data controller, data protection officer and definitions 

Scope of this Data Protection Information

This Data Protection Information applies to the use of the websites of PUMA Europe GmbH, including the online shop and any measures connected for the execution and rescission of an online purchase, the creation of a customer account, the newsletter dispatch, further informative emails and customer services, and for our marketing activities on third-party websites. This Data Protection Information also applies for our service providers, partners and contractors as well as suppliers. Data processing on websites of other companies within the PUMA Group are not covered by this Data Protection Information. 


The Controller for the processing of your personal data

Unless otherwise specified in this Data Protection Information, the Controller for the processing of your personal data is: 

PUMA Europe GmbH
PUMA Way 1
91074 Herzogenaurach
Germany
[email protected]

Contact details of the Data Protection Officer 


Data Protection Officer 
PUMA Europe GmbH
PUMA Way 1
91074 Herzogenaurach
Email: Dataprotection[at]puma.com (Please note: For exercising your data protection rights please use the email addresses referred to in Section 9 to 11!)


Definitions

 

This Data Protection Information is based on the following terms under data protection law, which we have defined to facilitate understanding. 

Examples of possible recipients: Banks / payment providers, logistic firms and shipping service providers and IT services providers; for more information please refer to Sec. 8)

Examples of personal data: Name, contact details, bank or credit card details.

For the data processing activities described in this Data Protection Information, the Controller is PUMA Europe GmbH, unless otherwise specified.

 
2. Purposes and legal bases of our processing of your personal data 


Processing of your data when you visit our websites


If you visit our websites in order to find out about products and services without registering for a customer account, purchasing products in our online shop or otherwise actively transferring information to us (purely for informational purposes), we process your personal data for the following purposes and by virtue of the following legal bases: 

 

Provision of websites and IT security

 

We process your personal data that are technically necessary to allow us to provide our websites to you and to guarantee stability and security when you visit our websites. This includes the following personal data: 

These personal data will be stored for security purposes in server log files, which will automatically be deleted after 7 days.

This data processing is necessary for the purpose of enabling you to use our websites (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purposes of our legitimate interest to guarantee IT security (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR). 


Provision of localised websites


We also process your personal data that are technically necessary to allow us to provide you with a localised version of the websites, in particular with regard to the language. 

This data processing is necessary for the purpose of our legitimate interest to adapt our website to your needs (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


3. Analytics and marketing tracking

Use of cookies 

On our website we use cookies. Cookies are small text files that are stored in the browsers of your end devices whenever you visit our websites. Through cookies, your actions and settings on our websites can be tracked, stored and recognized for the duration of the browser session or even after this. In addition to this, cookies and their respective cookie IDs allow your browser to be recognized. For example, after leaving the website, you can reconstruct the content of your shopping cart or be shown the last seen products.

For more information about the use of cookies on our websites, the cookie categories and for individual settings please refer to our Cookies Settings.

Google Tag Manager

On our websites, we use the Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The Google Tag Manager enables PUMA to use so-called website tags via a web-based user interface provided to us by Google.

Website tags are "measurement codes and associated code fragments" that can communicate with Tag Manager servers and be configured through a web-based user interface, Google Tag Manager.

Google Tag Manager also allows us to resolve other website tags that may also collect data.

In order to provide the service, we set a cookie if you have given consent to the activation of the cookie (Art. 6 para. 1, lit. a GDPR).

When using the Google Tag Manager, we use the so called "server-side tagging" variant by Google. Further information can be found in the section on server-side tagging in our Privacy Policy. Your IP address is not transmitted to Google LLC, which is based in the USA.

In the event that your personal data is transferred to Google LLC in the U.S., Google LLC has taken appropriate measures to ensure compliance with the level of data protection requirements applicable in the European Union or the European Economic Area (e.g. certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission; conclusion of standard data protection clauses).

You can find more information about Google Tag Manager on the following Google web pages:

Google Analytics

We use Google Analytics on our websites, a web analysis service der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

Google Analytics uses cookies that allow an analysis to be made on the usage of our websites.

When using the Google Analytics, we use the so called "server-side tagging" variant by Google. Further information can be found in the section on server-side tagging in our Privacy Policy. Your IP address is not transmitted to Google LLC, based in the USA.

When using Google Analytics, we may also use so-called UTM tags. UTM tags are specially created links that we include, for example in email newsletters, for example, which send us information about the call with an activated Google Analytics cookie. This allows us to collect information about our advertising campaigns.

On behalf of PUMA, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, analyzing the effectiveness of our digital advertising and improving its customization, and providing other services relating to website activity and internet usage to PUMA. You can find more information on terms of use and data protection at

https://policies.google.com/terms

https://policies.google.com/privacy

The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.

You can give your consent to Google Analytics in our cookie banner. You can revoke this consent at any time with effect for the future by deactivating Google Analytics in our Cookies Settings.

If you do not give us your consent to analyze your data using Google Analytics, we will analyze the usage of our website without tracking your personal data with Google Consent Mode. You can find more information about Google Consent Mode in the corresponding passage of this Privacy Policy.

The analysis of the UTM tags described above is also prevented by deactivating the Google Analytics cookie.

If you consent to the processing of your personal data for analysis purposes by Google Analytics and if you have consented to the use of Google Ads, it is possible that we may also use the data generated by Google Analytics in connection with Google Ads. Further information and the purposes of data processing by Google Ads can be found in the corresponding section on Google Ads.

Google Consent Mode

If you do not give us your consent to analyze your data using Google Analytics, we will not track your personal data.

In these cases, we use the Google Consent Mode of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Consent Mode allows us to carry out an analysis using so-called modeling, which takes place without the use of cookies and without processing your personal data.

To carry out the so-called modeling, we process the following data without personal reference to your visit to our website: Function-related data (timestamp, user agent, referrer URL), aggregated data (Boolean information on the status of consent, random number when building each separate page, references to information on the ad click in the URL in the user's navigation history of the previous or current page and information on the consent platform used).

Further information on Google Consent Mode can be found at:

https://support.google.com/google-ads/answer/10000067?hl=en

Adobe Analytics

We also use Adobe Analytics to collect statistical data on the use of our websites. We use this data in order to constantly improve and optimize the PUMA online shop and the products and services we offer, and thus make it more interesting for you to visit our websites.
When you use our websites, information that is transferred by your browser is collected and evaluated. This is achieved by using cookies and similar tracking technologies (e.g. “pixels”), that are embedded on each website. The following data may be collected: Request (name of the requested file), browser type/version, browser language, operating system, internal resolution of the browser window, screen resolution, java script enabling, Java on/off, cookies on/off, colour depth, referrer URL, IP address (is collected exclusively in an anonymized form and deleted again immediately after use), time of access, clicks, order values, shopping carts and anonymized form contents (for example, whether or not a phone number has been provided).
None of this data may be directly allocated to you. The thus collected data serves to create anonymous or pseudonymized usage profiles that form the basis for web statistics. The data collected by means of cookies from Adobe Analytics are never used to personally identify the visitors to our websites, nor are they merged with personal data of the profile owner, unless the user has given his/her express consent thereto in advance.

The data protection guidelines of Adobe Analytics can be found here:

•    Adobe Analytics:  http://www.adobe.com/privacy/analytics.html

This data processing is necessary for the purpose of our legitimate interest to carry out analyses and, based on these analyses, to improve our website, products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Adobe Analytics Opt-Out:

The collection and storage of data by Adobe Analytics can be objected to at any time with future effect. For this purpose, please use the following links:

•    Adobe Analytics: https://www.adobe.com/privacy/opt-out.html

In this case a persistent opt-out cookie for Adobe Analytics (name: “omniture_optout”) is set in your current used browser, that prevents your data from being recorded by this/these service(s) in the future when you visit our websites with this specific browser. If you use another browser, these services will be in principle enabled, unless the opt-out cookie(s) is/are also set in this browser. Please note, that these services will be enabled again, if you delete the respective opt-out cookie in your browser.


Clicktale Analytics


We also use Clicktale Analytics to process data on your interactions with our websites during the course of your visit (e.g. site visits, clicks, time spent on websites etc.) so that we can create anonymous heat maps and statistics of the usage of our websites. 

This data processing is necessary for the purpose of our legitimate interest to carry out analyses to improve our website, products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Clicktale Analytics Opt-Out:

You can prevent the abovementioned data processing by Clicktale by clicking on the “Disable Clicktale”-Button under the following link:

http://www.clicktale.net/disable.html

In this case a persistent opt-out cookie (name: “WRBlock”) is set in your currently used browser, that prevents your data from being recorded in the future when you visit our websites with this specific browser. If you use another browser, Clicktale Analytics will be in principle enabled, unless the opt-out cookie is also set in this browser. Please note, that Clicktale Analytics will be enabled again, if you delete the abovementioned opt-out cookie in your browser.

Recommendation of the most suitable product size
In order to be able to recommend the ideal product size according to your individual preferences, we offer the opportunity to use the optional service of FitAnalytics GmbH. For this service, FitAnalytics GmbH collects data which you voluntarily provide, such as height, weight, body shape, age and your personal wearing comfort. On this basis, FitAnalytics GmbH will provide you with a size recommendation. The data you provide is stored in a cookie of FitAnalytics GmbH, which is automatically deleted after 90 days. Further details on data processing by FitAnalytics GmbH are stated in the data protection information provided by FitAnalytics GmbH:

https://widget.fitanalytics.com/documents/privacy_en.html

During the purchasing process we receive information from FitAnalytics GmbH as to whether you have added a product to your shopping cart on the basis of a recommendation. However, FitAnalytics GmbH does not provide us with any personal data that you have provided to FitAnalytics GmbH. This data processing is necessary in order to provide you the service of FitAnalytics GmbH (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR).

After the purchase has been completed, we provide anonymized data to FitAnalytics GmbH. This data contains information on whether you have actually purchased a product on the basis of a size recommendation and, if applicable, whether the sales contract was reversed due to an improper fitting.
 

Display advertising/retargeting on third-party websites

When you visit our websites, tags and cookies are set by our retargeting providers to track which products you have viewed or purchased through our websites.

With the help of this information, we can then show you individual offers of PUMA products on third-party websites via our retargeting providers and analyze the results to further improve our advertising.

Google Ads

To make you aware of our attractive offers by advertisements through our retargeting providers, we use the "Google Ads" service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

These advertisements are published by so-called "AdServers". For this purpose, we use "AdServer cookies", which help us to measure certain parameters for success, such as the display of ads or actuation of the links. Furthermore, this helps us to show you individual recommendations on our website by analyzing your behavior on our website, like viewed products and the content of your shopping cart. PUMA is a "Google Ads customer" in this respect.

When you access our websites via an advertisement distributed by Google, Google Ads stores a cookie in your browser and on your end device, if you have activated the cookie. These cookies enable the recognition of your web browser. Google Ads cookies do not serve the purpose of identifying you personally and usually lose their validity after 30 days.

Usually, the Google Ads cookie stores the following information on your end device and transfers it to Google: Unique cookie ID, number of ad impressions per placement (frequency analysis), opt-out information (if the user has chosen the opt-out option), and last impression for post-view conversions. Each Google Ads customer is assigned an individual cookie based on the information already contained in the cookie. Cookies are not tracked via our websites.

When using the Google Ads, we use the so called "server-side tagging" variant by Google. Further information can be found in the section on server-side tagging in our Privacy Policy. Your IP address is not transmitted to Google LLC, which is based in the USA.

In the event that your personal data is transferred to Google LLC in the U.S., Google LLC has taken appropriate measures to ensure compliance with the level of data protection requirements applicable in the European Union or the European Economic Area (e.g. certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission; conclusion of standard data protection clauses).

If the Google Ads cookie is activated and you visit our website by clicking on an advertisement, Google and PUMA can determine that you have reached our website via the advertisement.

After transferring the data stored in the cookie through Google Server-Side-Tagging we only receive statistically processed evaluations of the respective advertising measures from Google. We do not receive detailed information about the user through this data. We cannot identify you as a user through this data. This data allows us to determine whether and which of our advertising measures are effective. We have no influence on the further use of the data and the scope of the data that Google collects through Google Ads.

According to our knowledge, Google can assign the visit to our websites by clicking on a corresponding advertising measure to your user account with Google, provided that you have such a user account.

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 s. 1, lit. a GDPR, which you grant by setting or saving the cookies. You can revoke this consent at any time with effect for the future by deactivating the corresponding cookie in our Cookies Settings. This activates a so-called opt-out cookie, which prevents the processing of your personal data during future visits to our websites. If you deactivate the cookie, it is possible that you will only be able to use the functions of our website to a limited extent.

For more information on the processing of your personal data, please refer to the following link: https://policies.google.com/privacy

Information on Google's use of data can be found at the following link: https://services.google.com/sitestats/en .html

You can object to this data processing for individual recommendations by clicking on the following opt-out link: https://adssettings.google.com

If you consent to the processing of your personal data for the purpose of evaluating certain parameters to measure the success of our advertising measures through Google Ads and if you have consented to the use of Google Analytics, it is possible that we may also use the data generated by Google Analytics in connection with Google Ads. Further information and the purposes of data processing by Google Analytics can be found in the corresponding section on Google Analytics.

Other retargeting providers

For details on data processing by our other retargeting providers, please refer to the corresponding privacy policies:

Data processing is partly based on consent in accordance with Art. 6 para. 1 s. 1, lit. a GDPR by activating a cookie. You can revoke this consent at any time for the future by deactivating the corresponding cookie in our cookie settings. If you deactivate the cookie, you may only be able to use the functions of our website to a limited extent.

Furthermore, we may have a legitimate interest in advertising our products individually and efficiently on the Internet (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Objection to retargeting/display advertising

You can object to data processing on our websites for the purpose of display advertising/retargeting on third-party websites at any time by clicking on the link(s) of our provider(s) listed below:

Google Enhanced Conversions for the Web

In order to better align our Google Ads ad impressions of potential customers and actual conversions of prospects to customers on our websites, we use Google Enhanced Conversions for the Web from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This is done with the help of so-called conversion tracking tags via Google Tag Manager. Tags are "measurement codes and associated code fragments" that can communicate with the Tag Manager servers and can be configured via a web-based user interface, the Google Tag Manager. A cookie is not set for this purpose.

If you, as a customer, go from one of our advertisements to our websites and order a product there, we receive your data directly, including your email address.

Your email address is used by us as a so-called identifier and is recorded in the conversion tracking tags, hashed and transmitted to Google in this hashed form. Google uses this data to associate your actions and purchases on our website with your Google account, provided that you have registered an account with Google and logged into it when you clicked on an ad. We have no influence on the further use of the data and the scope of the data that Google collects.

We use this information to improve our measurement of the conversion of prospects to customers on our websites. This is done by tracking sales and actions that take place on our websites, as well as Google's attribution of the submitted data.

The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.

You can give your consent to Google Enhanced Conversions in our Cookies Settings . You can revoke this consent at any time with effect for the future by deactivating Google Enhanced Conversions in our cookie banner.

More information about Google Enhanced Conversions for the Web can be found at the following link  : https://support.google.com/google-ads/answer/9888656?hl=en

General information on data protection at Google can be found at the following link: https://policies.google.com/privacy

Affiliate Marketing/Conversion Tracking


We have also embedded cookies and similar tracking technologies from our affiliate (network) partners into our websites. With these tools our affiliate (network) partners can recognize whether you came from one of our affiliate publishers (i.e. third party websites that advertise PUMA products) and then track if you perform a certain predefined “conversion” action (e.g. newsletter subscription or purchase of a product) on our websites in consequence.

This data processing is necessary for the purpose of our legitimate interest in analyzing reach and success of our advertising campaigns on third party website (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR) as well as for the legitimate interests pursued by us (as an advertiser), the affiliate (network) partners and the affiliated third party website operators (publisher) in success-based billing of PUMA advertising measures published on third party websites (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


Affiliate Marketing/Conversion Tracking Opt-out:

 

Google server-side tagging

In order to better protect your personal data when using Google products, we use Google's so-called server-side tagging. This means that PUMA interposes its own server between the collection of your personal data and the transmission to Google's servers. This intermediate step ensures that Google only receives the personal data that is actually absolutely necessary for the proper execution of the specific purpose of the corresponding Google products. Your personal data will only be transmitted to Google in at least a pseudonymized, if possible in an anonymized state, e.g. in hashed form.

We use Google server-side tagging as part of the use of the following Google services: Google Analytics, Google Ads, Google Tag Manager.


4.
Email- and website marketing

Email newsletter dispatch to subscribers

If you have subscribed to our email newsletter via “double opt-in” procedure we will send you from time to time newsletters to inform you about our products, services and promotions. 

This data processing is based on your consent (Legal basis: Art. 6 para. 1 s. 1, lit. a GDPR).

Withdrawal of consent:

You can withdraw your consent and unsubscribe from our newsletter at any time by sending an email with your unsubscribe request to our customer ([email protected]) and/or by clicking on the unsubscribe link which is contained in every newsletter.


Direct marketing emails to existing customers


After the purchase of goods we may – regardless of whether you have subscribed to our newsletter– send you marketing emails for similar products and services. 

This data processing is based on our legitimate interest to advertise our products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Objection to direct marketing emails:

You can object to this processing of personal data and unsubscribe from our direct marketing emails at any time by sending an email with your unsubscribe request to [email protected] and/or by clicking on the unsubscribe link which is contained in every direct marketing email.


Personalization of direct marketing emails to existing customers


If you are a customer, we may personalize our direct marketing emails sent to you based on your preference/interest profile derived from data of your previous purchase(s) from the last two years.
This data processing is necessary for the purpose of our legitimate interest to tailor our direct marketing emails to your preferences and interests and thus make our email marketing efforts more efficient (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Objection to our newsletter/direct marketing targeting

You can object to this processing of your purchase data for targeting of our newsletter/direct marketing emails to custom audiences at any time by sending an email with your unsubscribe request to [email protected] and/or by clicking on the unsubscribe link which is contained in every direct marketing email. In this case, you would then not receive any more newsletters from us. 

Shopping cart abandonment emails 


If you have started an ordering process using your customer account, but have not concluded it, we will send you a reminder email to the email address stored in the customer account, regarding the purchasing process initiated by you. 

This data processing is necessary for the purpose of our legitimate interest to remind you of any purchasing processes that you have not yet completed (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


Objection to shopping cart abandonment emails:

You can object to this processing of personal data and unsubscribe from our shopping cart abandonment emails at any time by sending an email with your unsubscribe request to [email protected] and/or by clicking on the unsubscribe link which is contained in every shopping cart abandonment email.


Product ratings and reviews


We offer you the chance to review any (purchased) products on our websites. Your feedback helps other customers make the right purchasing decision and enables us to continuously improve our products. If you would like to submit a review for one of our products, we will process your email address, your nickname and also the content of your review (e.g. reviewed product, star rating, title and text of review, recommendation). Your email address will be processed in order to verify and establish your identity. It may also be used by our customer service in order to reply to your feedback by email. If, before submitting your review, you have given your consent, we will send you an email notification when your review is published. Since your (star) rating and the content of your review will be published alongside your nickname on our websites, please ensure that you do not give any personal information in this.

This data processing is necessary for the purpose of our legitimate interest, namely customer service and recommendation marketing (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR). Email notifications about the publication of the review are based on your prior consent (Legal basis: Art. 6 para. 1 s. 1, lit. a GDPR).

Invitation emails for product rating and review

We would like to know if you are satisfied with your purchased PUMA goods. For this purpose, we process your email and purchasing data (e.g. goods purchased and date of purchase), in order to send you an email within one month after the purchase, inviting you to rate and review your purchased product (further information on data processing in connection with the submission of product reviews can be found in Sec. 2.3). 

This data processing is necessary for the purpose of our legitimate interest in good customer service and marketing (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

Objection to product rating and review invitation emails:

You can object to the receipt of such invitation emails from the start respectively the processing of your data by Bazaarvoice, by clicking on the opt-out button under the following link: 

https://www.bazaarvoice.com/legal/privacy-policy/#opting-out

In this case a persistent opt-out cookie (name: “NoCookie[EU]”) is set in your current used browser, that prevents your data from being processed for invitation emails when using this specific browser. If you use another browser, data transfer to Bazaarvoice will be in principle enabled, unless the opt-out cookie is also set in this browser. Please note, that data transfer to Bazaarvoice will be enabled again if you delete the abovementioned opt-out cookie in your browser.

If you have already received an email inviting you to evaluate the product, you can decline the future receipt of such emails by clicking on the opt-out button/link contained in each invitation email.

Emarsys

We use Emarsys for personalization, analytics, automation and email campaigns (sending newsletters). Emarsys works through cookies and tracking pixels which help us create newsletters and tailored advertisements. If you give your consent to receive our newsletter and have fully completed the double opt-in process to verify your email address accordingly (or have entered your email address on our website in connection with a purchase in our web shop) your personal data will be collected by Emarsys and combined into a (pseudonymized) user profile which can be assigned to your email address. When you visit our website, the data collected by Emarsys can also be merged into a (pseudonymized) user profile if you had given your consent to receive our newsletters at one of our retail stores. Your email address will be pseudonymized by us. If you have given your consent for receiving our newsletter we will process your following data: if you have opened our newsletter, what you have clicked on, when and how much time have you been surfing on our website, what products and categories have you been looking at, what have you purchased on our web shop and when, from what category at what cost and have you completed the check-out process.

The data protection guidelines of Emarsys can be found here:

This data processing (evaluation of the newsletter and the measurement of success) is based on our legitimate interests – subject to your given consent – to ensure the secure and user-friendly operation of our newsletter system and thus serves both our business interests and your expectations to improve our website, products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


5. Registration and setting up a customer account     


When you visit our websites, you can create a customer account. The registration for a customer account requires you to provide personal data. Mandatory fields are marked accordingly in the in-put form. 

This data processing is necessary for the performance of a contract (provision of a customer account) with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR). 


Data processing in the case of orders in the online shop


In addition, we process your personal data in connection with the purchase of goods in our online shop.

Purchase and payment of goods in the online shop 

We process your personal data (i.e. contact details, shipping and payment information) if you purchase goods in the online shop. If you purchase goods for another person (third party), we process the personal data of the third party provided by you (name and any contact details) for the dispatch of the goods to the third party. Please ensure that the third party has been sufficiently informed by you about the processing of their data at PUMA, and that you are authorized to provide such data. 

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR).

Payment method Klarna

In order to offer you the widest possible choice of payment methods, we use the services of Klarna Bank AB (publ), at Sveavägen 46, 111 34 Stockholm.
Klarna is a payment service provider that allows you to choose different payment methods and additional services when using Klarna. This includes, for example, purchase by invoice, installment payments and other services, such as separate buyer protection.

To select the payment methods of Klarna, a user account with Klarna is required. The payment for your orders is made to Klarna. You can find further information about the terms of use of Klarna for your respective country at: https://www.klarna.com/international/terms-and-conditions

Depending on which payment methods you choose (e.g. "Pay now", "Pay in 30 days", installment payment options), it may be necessary that your personal data is transmitted by Klarna to credit rating agencies cooperating with Klarna in order to perform an identity and credit check. For this purpose, Klarna processes personal data on its own responsibility.

The transmission of your data is necessary for the processing of your order with the payment method you have chosen at Klarna as well as for the confirmation of your identity and the administration of your payment.

According to our information, this usually involves your contact information (e.g. first and last name, telephone number, email and postal address), data for processing the purchase contract (e.g. bank details, account and card number, billing and delivery address, items purchased, price paid, order status and chargeback information).

Please note that Klarna may also share your personal data with other subcontractors and other affiliated companies, for example if this is necessary to fulfill the contractual obligations of your purchase.
You can find more detailed information on the personal data processed by Klarna and the legal basis for this for your respective country at: https://www.klarna.com/international/privacy-policy/

Payment method PayPal

We also offer you the option to pay for your order with the online payment service provider PayPal. The payment method PayPal is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose PayPal as payment method, your contact details will be transmitted to PayPal. To use PayPal as a payment method, a user account with PayPal is required.

PayPal's services also include separate buyer protection in addition to the online payment service.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen at PayPal as well as for the confirmation of your identity and the administration of your payment.

According to our information, the personal data transmitted to PayPal is usually your contact information (e.g. first and last name, telephone number, email and postal address, customer account), data for processing the purchase contract (e.g. bank details, account and card number, billing and shipping address, purchased items, price paid, order status and chargeback information).
Please note that PayPal may also share your personal data with other subcontractors and other affiliated companies, for example, if this is necessary to fulfill the contractual obligations of your purchase.

Depending on which payment methods PayPal makes available to you, it may be necessary for your personal data to be transmitted by PayPal to credit rating agencies in order to carry out an identity and credit check. This serves to check your identity and creditworthiness with regard to the order you have placed. For this purpose, PayPal processes personal data on its own responsibility.

You can find more detailed information on the processing of your personal data by PayPal at: https://www.paypal.com/webapps/mpp/ua/privacy-full.

Payment method Apple Pay 

You have the option to select the payment method "Apple Pay" in our store. 
This payment method is a service of Apple Distribution International Limited, located at Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. 

The payment with "Apple Pay" is processed via the corresponding function of your Apple mobile device using the payment card stored there.

In addition to the online payment service, the services of "Apple Pay" also include protection of your payments, which are integrated by additional security features in both hardware and software (iOS, watchOS, macOS).
This additional security feature includes, among other things, the fact that to release a transaction, you need to enter your specified code as well as a verification by means of the so-called "Face ID" or "Touch ID".

Your data is transmitted to the corresponding payment service provider in encrypted form. According to Apple, this is done using a developer-specific key that ensures that only our website, on which the order was placed, can access the payment data. Upon successful payment, your device account number and a transaction-specific security code are transmitted to our website as confirmation.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen with Apple Pay as well as for the confirmation of your identity and the administration of your payment.

We would like to inform you that Apple may process your transaction data in an anonymous form and as a vague value regarding the amount, date and time of the order, as well as information about the success of the payment. Apple processes this data to improve its products and services.

If you have made the purchase via the Safari web browser on your Mac and use the Apple Pay function of your Apple mobile device to authorize the payment process, communication takes place via encrypted Apple servers between your Mac and the Apple mobile device. According to Apple, at no time is your information processed in a format that identifies you as an individual.

You can deactivate the option to pay via Apple Pay at any time in the settings of your end devices.
For more information on the processing of your personal data when using Apple Pay, please see: 
•    https://www.apple.com/legal/privacy/data/en/apple-pay/
•    https://support.apple.com/en-euro/HT203027
 




Fraud and credit check

In order to reduce the risk of default of payment at the best possible rate, we carry out a predominantly automated fraud and credit check during and after completion of the ordering process in our online store.

This enables us offering you a choice of different payment methods and at the same time protects ourselves against the default of payment of the invoice.

As part of the credit check, we i.e. check all previously made orders in your customer account. It is also checked whether the delivery address differs from the billing address, whether the delivery address is new or if the order should be delivered to a pack station.

For orders made in Germany, Austria, Switzerland and the Netherlands, we also obtain a credit report during our credit check. The credit report can contain, firstly, information about any current payment delinquencies, e.g. from public debtor registers, or data from court collection proceedings. Secondly, the credit check can also list so-called score values, which are calculated based on a scientifically recognized mathematical and statistical procedure and are used to assess the credit risk. The credit rating agency also uses the above data for other enterprises (e.g. other online traders) for the purposes of checking addresses and/or identity checks, and for any scoring applications based on these. Your address data is also included in the probability values.

You may find detailed information on our credit rating agency, infoscore Consumer Data GmbH, pursuant to Art. 14 GDPR, i.e. information on the company purpose, on purposes of data storage, the data recipients, the right to access information directly, the right to erasure or rectification, etc. at the following link:

https://finance.arvato.com/49cf40/globalassets/02-documents/04-ger/07-icd/informationsblatt_artikel_14_eudsgvo.pdf

The transfer of data to our credit rating agency infoscore Consumer Data GmbH is based on consent pursuant to Art. 6 para. 1 s. 1, lit. a GDPR. Your consent is only valid for the individual order process and is granted for each individual order process. If you do not wish your personal data to be transferred to our credit rating agency, please choose our alternative payment method "Paypal Checkout".

In addition to the above-mentioned credit check, we carry out a general fraud prevention check for the payment methods “credit card” and “Apple Pay” for each order.

To carry out the fraud prevention check, we transfer the following personal data to our vendor: Contact information (e.g., customer name, phone number, email and mailing address), transaction data (e.g., billing and shipping address, items purchased, price paid, order status and chargeback information) and account information (e.g., information about the customers user account and preferences on our PUMA Online Shop).

The fraud prevention check includes an automated comparison of the above information with the database of our vendor. If our vendor detects any suspicion of fraud through the automatic comparison with their database, the result of the check is displayed to the user. This constitutes an automated individual decision-making within the meaning of Art. 22 para. 1 GDPR without this decision having any legal effect or similarly significant impact on our customers.

You may find detailed information about the fraud prevention check by our vendor Forter Solutions UK Ltd pursuant to Art. 14 GDPR, i.e. information on the company purpose, on purposes of data storage, the data recipients, the right to access information directly, the right to erasure or rectification, etc. at the following link:

https://www.forter.com/services-privacy-policy/ 

If you do not agree with the payment method(s) you have been offered or if you are subject to a negative decision by our fraud and credit check, you can contest the decision stating your point of view either by letter or by sending an email to [email protected]. We will then check the decision made once again, in consideration of your point of view.

In addition to that, we will check, based on your device on pre-defined rules, if the order should be categorized as being suspected of fraud. If there is any suspicion of fraud, we will additionally carry out an individual check on the order. In case the result of this manual fraud check is positive, the order will be approved. If, however, the suspicion of fraud remains, we may decide to cancel the order, depending on the particular case.

This data processing is necessary for the purpose of our legitimate interest to avoid default of payment and fraud (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


Cancellation of purchase


In any case of cancellation of the purchase (e.g. withdrawal of contract) we will process your personal data for returning the goods and refunding the purchase price.

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) and/or for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. b, lit. c GDPR).


Dunning process, collection and enforcement and/or defence of legal claims


In the case of outstanding amounts owed to us, we will advise you accordingly by email, SMS, letter or by phone, and under certain circumstances, will send you a dunning letter. If and to the extent that you still fail to make the payment, we will initiate a credit collection procedure. 

The credit collection procedure will be carried out by a credit collection agency engaged by us. If necessary to carry out the credit collection procedure, the credit collection agency will carry out address enquiries, thereby availing itself of public registers in order to locate you as a debtor.

In the case of a legal dispute with you, we will process your personal data to enforce and/or defend our rights. If and to the extent necessary for the legal dispute, we will thereby rely also on data from other sources (e.g. public registers).

This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purpose of our legitimate interest in preventing the abuse of our services and in establishment and exercise of legal claims (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR). 


6. Other processing 

Customer care 


Depending on the subject matter of your request, we will rely on your personal data that has been stored within the scope of other data processing activities in our systems (e.g. data that you have provided during a purchase, or your score value that we have received from the credit agency as part of the credit assessment process). If and to the extent that this is necessary to answer your query, we will also collect data from external sources (e.g. query with a shipping service provider as part of shipment tracking or an investigation request). 

In context of requests concerning a (pre)contractual relationship with you, this data processing is necessary for the performance of a contract (provision of a customer service) with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR). If you wish to exercise your rights with respect to us, the correspondent data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR). If you would like to receive information or complain about our products and services, the respective data processing is necessary for the purpose of our legitimate interest to respond to your information request / complaint (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).

To speed up the processing of your inquiries, we offer you the option of contacting us via our chat bot. For this purpose, we use the services of Cognigy GmbH, Speditionstr. 1, 40221 Düsseldorf, Germany.

Cognigy's service uses artificial intelligence (so-called AI) to analyze and respond to your inquiries, complaints and feedback. This artificial intelligence is based on algorithms that learn from existing data and other data that you and other users provide to us and improve the service. The service can provide you with appropriate answers and suggested solutions to your queries that meet your individual needs. It also provides us with feedback on your satisfaction with our products and services. The answers and proposed solutions provided to you by these services may constitute automated individual decision-making within the meaning of Art. 22 para. 1 GDPR, without this decision having any legal effect on you and our customers or significantly affecting them in a similar way.

To provide the chat bot, we process technical data relating to your end device (e.g. IP address) as well as any contact data provided by you and other content relating to your customer service inquiries. We collect this data as part of the use of the chat bot on the legal basis of consent in accordance with Art. 6 para. 1 s. 1, lit. a GDPR. You can give this consent when opening the chat window and pressing the button to start the chat and revoke it in our Cookies Settings with effect for the future with regard to the use of the chat bot. The processing of the data after you have entered your data is carried out in accordance with the above legal bases for processing your customer service inquiries.

It is not necessary for you to entrust us with sensitive data. Of course, we always treat your personal data with the utmost care and in accordance with data protection regulations. We only collect and process this data on the basis of your express consent when you click the button to start the chat. We do our best to filter out any sensitive data from the entries you make via our chat bot and have them checked by a human customer support employee. We delete this sensitive data as soon as it is no longer required for the purpose for which it was collected or we determine that the provision of this sensitive data is not necessary to process your inquiries, provided that there are no legal retention periods to the contrary. If necessary, we will anonymize your data so that no personal reference can be made to you.


Performance of internal audits 


Within the scope of audits within the PUMA Group, both at home and abroad, your personal data may be processed. During this process, we rely also on data from other sources, depending on the case (e.g. credit agencies). 

Your data may, under certain circumstances, also be appropriately processed in order to identify and rectify misconduct within the enterprise, and to implement compliance programs and compliance measures.

This data processing is necessary for compliance with our legal obligations (e.g. under the Stock Company Act) (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR) and/or for the purpose of our legitimate interest to check the processes and efficiency in the PUMA Group, to rectify misconduct and cases of fraud, to enforce and/or defend our rights, as the case may be, and to uncover any criminal offences, (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).


Issuing of analyses 


On the basis of your data, which we process the meaning of Sec. 3 of this Data Protection Information, we may issue analyses. These serve as a basis for our business decisions, to improve our products and services, to adapt to the needs of our customers and to carry out marketing activities. The analyses issued on this basis no longer have any personal reference, which means it is no longer possible to trace them back to you.

This data processing is necessary for the purpose of our legitimate interest to improve the products and services we offer and carry out marketing activities (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR). 

Prize Competitions & Raffles

PUMA offers you the chance to participate in prize competitions and raffles on this Website, as well as in our stores, on Social Media like Instagram, Facebook, TikTok, with our Affiliate Partners, in Newsletters, or similar.

Your personal data will be processed with your participation. In all our prize competitions and raffles, you only need to provide us with the data that we require to perform the raffle and to notify you of your win. Typically, this is your email address, but additional data might be required based on the applicable terms and conditions of certain raffles.

If the raffle is about winning PUMA Sportswear (clothes and shoes), we ask for your name, your clothing or shoe size and your gender in addition to your email address. In order to be able to collect the prize from us, we may also ask you to inform us of the store of your choice, where you can pick up your prize by giving your name. If the prize is sent by post, which can be in case you can win tickets, vouchers or other non-cash prizes, we need your home address in addition to your name. In some cases, we might additionally ask for your age to ensure that you can legally participate in the raffle based on the applicable terms and conditions. You will find further information on all this in the terms and conditions that apply.

The data required by us to perform the raffle under the applicable terms and conditions are highlighted as mandatory fields. Unfortunately, participation in the raffle is not possible without entering your data in the marked mandatory fields. Other, unmarked fields, however, are optional and you decide yourself whether you want to share further data with us. Participation in the raffle does not depend on your optional data and sharing optional data or not has no effect on the performance of the raffle.

In the event of your participation, we process the data you provide to us in the raffle solely for the purpose of performing the raffle and notifying the winner. The same applies if you provide us with data based on terms and conditions for raffles on social media (Instagram, Facebook, Twitter, ...), e.g. by uploading a photo or posting articles, linking hashtags, using handles or commenting on our campaigns. The applicable terms and conditions may stipulate that we publish your name and address on our social media platforms (Instagram, Facebook, Twitter, ...) to announce you as a winner and your prize.

Please note, that your data will be deleted after the raffle.

Within the scope of our raffles you also have the opportunity to give us your consent to the use of your data for advertising. Your consent to advertising has no effect on your participation in the raffle. If you give us your consent to receive advertising, such as newsletters per email, usually by ticking a checkbox, we will process your data, especially your email address, also to send you offers and information about our products by email. You can withdraw your consent at any time. Further information on data processing when receiving our newsletter can be found under the section “Newsletter”.

We process your personal data based on your consent in accordance with Art. 6 para.  1 s. 1, lit. a GDPR and, where applicable, to fulfil a legal obligation in accordance with Art. 6 para. 1 s. 1, lit c GDPR. Your data will not be passed on to third parties. In individual cases we are supported by external service providers with whom we have concluded a corresponding agreement to ensure the security of the processed data.

Of course, you can exercise the rights to which you are entitled under data protection law against us at any time. You will find more detailed information on this under the section “Your Rights”.

Mention Me

PUMA uses a referral marketing programme from Mention Me Ltd, Kennington Park, 1-3 Brixton Rd, London, SW9 6DE. Through the Mention Me programme we enable you to recommend PUMA to your friends. PUMA then rewards both you as the referrer and your referred friend, when your referred friend also becomes a customer of PUMA.

For this purpose, your name and email address as the referrer will be shared with Mention Me in compliance with the GDPR so that Mention Me can operate the service on PUMA’s behalf.

Once you make a purchase on this website, an overlay from Mention Me will be shown. It is also possible to start the referral process through a landing page onsite. You can then freely decide whether you want to refer someone or not. If you decide to do so, you will have the option of sending a personally created link to a friend by email, via Facebook, SMS or WhatsApp. Afterwards, both you and your referred friend receive a reward for the recommendation, provided that the referred friend has placed an order on this website.

For this purpose, PUMA will share personal data of you (email address, name and order details) in encrypted, pseudonymized form with Mention Me, so that you can participate in our "Refer a Friend programme". This makes it possible to determine which customer is the referee of a new customer and who should receive a reward for their referral. For this purpose, the email address, name and IP address of you as the recommender are processed. Also, the email address and IP address of the referred friend are processed for this purpose, only once they freely enter their details in the ‘Been referred by a friend’ link at the checkout. In both cases, data is shared exclusively in pseudonymized form.

The data is processed voluntarily and with your explicit consent only or based on consent of the recommended friend, Art. 6 para. 1 s. 1, lit. a GDPR. You can withdraw your consent at any time with effect for the future. Please see Sec. 10 for further details.

Further details on how Mention Me processes your personal data can be found in the Mention Me privacy policy: https://mention-me.com/help/privacy_policy_s#referrers.


7. Retention and erasure of your personal data 

 

We keep your personal data for as long and to the extent required for the purposes named in the respective section of this Data Protection Information. 

As soon as the data for the purposes named in the respective section is no longer required, we keep your personal data for the length of time, during which you can assert claims against us or we can assert claims against you (the statutory period of limitations is generally three years, starting with the end of the year in which the claim arises, e.g. the end of the year of purchase). 

In addition to this, we store your personal data for as long and to the extent we are obliged to do so by law. Corresponding obligations of proof and retention can be found, inter alia, in the German Commercial Code, the Tax Code and the Money Laundering Act. The retention periods may accordingly last up to ten years. 

 


8. Transfer of personal data and the categories of recipients

 

Your personal data may be transferred / disclosed to the following categories of recipients:

We ensure that suitable safeguards (e.g., certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission, conclusion of applicable EU Standard Contractual Clauses and, if necessary, additional measures) for adequate data protection are in place, if your personal data is disclosed to any recipients mentioned above, which are established outside the EU/EEA.


9. Right to object to data processing based on legitimate interests


We process your personal data within the meaning of the sections above, based on our legitimate interest, in particular to guarantee IT security on our websites, to adapt our website to your needs, to carry out analyses and marketing activities, to inform you about our products and services, to remind you of any purchasing processes that have not yet been completed, to increase the coverage of our products and marketing activities, to prevent fraud and abuse, to avoid payment defaults, to care for our customers, to safeguard, enforce and defend our legal interests (also before the courts, as necessary), and to carry out our internal management efficiently and collaboratively. For information about the balancing of interests carried out by PUMA, please contact [email protected].

Notwithstanding the specific possibilities to object to data processing described in above sections (e.g. provided opt-out or unsubscribe links), you have the right to object at any time to the processing of your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 s. 1, lit. f GDPR on grounds relating to your particular situation by sending an email to [email protected]. We will then no longer process your data for this/these purpose(s) unless our legitimate interests in processing overweighs or the processing serves to establish, exercise or defend legal claims. 

If you object to the processing of your data, we will process any collected personal data in this context in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).

 

 
10. Right to withdraw consent 


If you have given us your consent for the processing of your personal data, you can withdraw this consent at any time. The withdrawal of your consent is effective for the future and shall not affect the lawfulness of processing based on consent before its withdrawal. 
Unless specifically regulated in above sections, please send your withdrawal of consent to [email protected].

If you withdraw your consent, we process your personal data collected in this connection to answer your inquiry. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR). 


11. Your other data protection rights 


In accordance with the GDPR, you may demand at any time that we:

Please send your request, stating at least your first and last name, either by email to [email protected] or in writing to PUMA Online Shop, Post box 201101, 48092 Münster, Germany.

If you exercise these rights against us, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).

Irrespective of your abovementioned rights, you can lodge a complaint with a data protection supervisory authority, if you are of the opinion that the processing of your personal data by PUMA violates the GDPR (Art. 77 GDPR).

 


12. Changes to this Data Protection Information


The provisions of this Data Protection Information, including the referenced Cookie Information, shall apply in the version in force at the time the online shop is used. 

We reserve the right to supplement and modify the content of this Data Protection Information. The updated Data Protection Information applies from the time at which it was published on our websites. In case of substantive or material changes to the Data Protection Information, especially changes that affect the processing of your personal data already collected by us, we will inform you in advance (e.g. by email).