Published: 02.08.2024
DATA PROCESSING INFORMATION "PUMA | Clothes & Shoes App" (Android) and "PUMA | Shop Clothes & Trainers" (iOS)
This Data Processing Information provides information on the processing of your personal data whenever you use the mobile application "PUMA | Clothes & Shoes App" (Android) and "PUMA | Shop Clothes & Trainers" (iOS) (hereinafter “App”) and when purchasing goods from said application.
1. Scope, data controller, data protection officer and definitions
Scope of this Data Protection Information
This Data Protection Information applies to the use of the mobile application "PUMA | Clothes & Shoes App" (Android) and "PUMA | Shop Clothes & Trainers" (iOS) of PUMA Europe GmbH, including the online shop and any measures connected for the execution and rescission of an online purchase, the creation of a customer account, the newsletter dispatch, further informative emails and customer services, and for our marketing activities on third-party websites via the App. This Data Protection Information also applies for our service providers, partners and contractors as well as suppliers. Data processing mobile applications of other companies within the PUMA Group as well as the website of the PUMA Europe GmbH are not covered by this Data Protection Information.
The Controller for the processing of your personal data
Unless otherwise specified in this Data Protection Information, the Controller for the processing of your personal data is:
PUMA Europe GmbH
PUMA Way 1
91074 Herzogenaurach
Germany
[email protected]
Contact details of the Data Protection Officer
Data Protection Officer
PUMA Europe GmbH
PUMA Way 1
91074 Herzogenaurach
Email: [email protected] (Please note: For exercising your data protection rights please use the email addresses referred to in Section 9 to 11!)
This Data Protection Information is based on the following terms under data protection law, which we have defined to facilitate understanding.
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Recipient means a natural person or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Examples of possible recipients: Banks / payment providers, logistic firms and shipping service providers and IT services providers; for more information please refer to Sec. 8)
- PUMA Group means all enterprises that are affiliated with PUMA Europe GmbH pursuant to Sec. 15 Aktiengesetz [German Stock Corporation Act].
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of personal data: Name, contact details, bank or credit card details.
- Controller means the natural person or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
For the data processing activities described in this Data Protection Information, the Controller is PUMA Europe GmbH, unless otherwise specified.
- Processing means any operation or set of operations which is on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Purposes and legal bases of our processing of your personal data
Processing of your data when you use the App "PUMA | Clothes & Shoes App" (Android) and "PUMA | Shop Clothes & Trainers" (iOS)
If you use the App in order to find out about products and services without registering for a customer account, purchasing products in our online shop or otherwise actively transferring information to us (purely for informational purposes), we process your personal data for the following purposes and by virtue of the following legal bases:
Provision and Use of the App & Feedback
When you use the App or provide feedback on the App, PUMA Europe GmbH will process personal data from you and your device to run the App and to guarantee its usability, stability and security. This includes the following personal data:
- App version and app language
- Operation system and version
- Device type, device name, device manufacturer and device language
- Type, version and language of operating system and platform
- Network provider/ network/ country code
- Date and time of use
- Session ID and user status to identify your connection session
- Cookie ID
- IP address (immediately anonymized by shortening the IP address to not establish a connection to the user)
- Time of occurrence of app malfunctions for troubleshooting purposes
- Requested files, transferred data volumes, downloads/ file exports
- Geographical location
- The complete Uniform Resource Locator (URL)
These log files are stored anonymized and help us to find errors and to correct such as quickly as possible. Log files also help us to optimize the functionality of the App, control server and storage capacity and improve our services towards you.
Processing log file data for these purposes is based on our legitimate interest to run the App and to guarantee its usability, stability and security.
These personal data / log file data will be stored for security purposes in server log files, which will automatically be deleted after 30 days.
This data processing is necessary for the purpose of enabling you to use our App (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purposes of our legitimate interest to guarantee IT security and functionality of the App (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
App Permissions
When you use certain features in the App, PUMA Europe GmbH will ask you for permission to access specific system- and device level functions.
This includes the following permissions:
- When you first launch the App, you will be asked to allow the App to send push notifications to keep you up-to-date with the latest news and product drops.
- You will be asked to allow us to use the camera of your mobile device for certain features (e.g. barcode scanner). The camera will only be activated when you use these features within the App.
- When you use the store locator, you will be asked to give access to your geolocation to display stores that are close to your current location.
You can change your permissions in your App account settings or in your device’s system settings at any time.
3. Analysis and marketing tracking
Use of cookies and other analysis and tracking technologies
When you use this App, PUMA Europe GmbH will process personal data from you to understand how you interact with the App (e.g. if you add or remove certain products to/from the shopping cart). They serve to make our offering more user-friendly, more effective and secure. Cookies are small text files that are stored in the browsers or App storage of your end devices whenever you visit our websites. Through these cookies and further analysis and tracking technologies, your actions and settings on our App can be tracked, stored and recognized for the duration of the session or even after this. In addition to this, these tracking technologies and their respective identifiers allow your device to be recognized. This allows us to design our App content and gives us the option to measure the effectiveness of announcements or advertisement and to place it appropriately.
Google Firebase
We use the services of “Google Firebase” from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to develop and expand our App. Google Firebase is a development platform that provides a collection of cloud-based services (e.g., Firebase A/B Testing, Google Analytics for Firebase) for mobile applications.
In order to be able to offer you the services associated with Google Firebase, Google Firebase as “basic tool” must be technically activated. Non-activation or deactivation of this service also leads to non-activation or deactivation of the associated services.
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
You can give your consent to the use of Google Firebase in your Privacy Settings. You can revoke this consent at any time with effect for the future by deactivating Google Firebase in your Privacy Settings.
In the event that your personal data is transferred to Google LLC in the U.S., Google LLC has taken appropriate measures to ensure compliance with the level of data protection requirements applicable in the European Union or the European Economic Area (e.g. certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission; conclusion of standard data protection clauses).
You can find more information about Firebase A/B Testing at:
https://firebase.google.com/support/privacy?hl=en
Firebase A/B Testing
We use the web analysis service Firebase A/B Testing of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in our App to carry out so-called “A/B Tests” in order to improve our presence of the App. For these tests, users and customers are shown different variants of the content and design of the App in order to find out which variant is more successful and perceived more positively by the users and customers.
This service collects statistical information about the usage of the App. This usage data includes information about quantity of pages visited, quantity of App launches, duration of App use, actions taken in the App. This data is collected anonymously and evaluated statistically. It is not possible for us at any time to draw conclusions about a specific person or an individual purchase due to the collection of the data in an anonymized way.
To display content based on your interests while performing these tests, a personalized pattern with regard to your App-usage will be created. This pattern is created in an encrypted way and will not allow us to draw any conclusions about your identity.
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
You can give your consent to Firebase A/B Testing in your Privacy Settings. You can revoke this consent at any time with effect for the future by deactivating Firebase A/B Testing in your Privacy Settings.
You can find more information about Firebase A/B Testing at:
https://firebase.google.com/support/privacy?hl=en
Google Analytics for Firebase
We use Google Analytics for Firebase in our App, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).
Google Analytics for Firebase uses cookies that allow an analysis to be made on the usage of our websites.
The information generated by the cookie on the use of our App is transferred to a server of Google in the USA, where it is stored. However, as we use Google Analytics for Firebase with the extension “anonymizeIP()”, Google will reduce the IP address of the App user within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand, which excludes any direct association to you. Only in exceptional cases, is the full IP address transferred to a server of Google in the USA and shortened there.
In the event that your personal data is transferred to Google LLC in the U.S., Google LLC has taken appropriate measures to ensure compliance with the level of data protection requirements applicable in the European Union or the European Economic Area (e.g. certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission; conclusion of standard data protection clauses).
On behalf of PUMA, Google will use this information in order to evaluate the use of the websites, to prepare reports on the website activities and to provide further services to PUMA connected with the use of the websites and of the Internet. The IP address transferred from the user’s browser with regard to Google Analytics for Firebase is not merged with other data by Google. Further information on terms of use and data protection can be found under:
- https://policies.google.com/terms
- https://policies.google.com/privacy
- https://policies.google.com/technologies/cookies?hl=en
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
You can give your consent to Google Analytics for Firebase in Privacy Settings. You can revoke this consent at any time with effect for the future by deactivating Google Analytics in our Privacy Settings.
Google Maps
Our App uses the online map service “Google Maps” from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Maps is a web service for displaying interactive maps and routes to specific locations. We use this service to show you the locations and other content of our stores. If you consent into the use of Google Maps, these services are available to you even if you deactivated the use of location data in the operating system.
The following data may be processed by Google in order to provide the service: Search entries (e.g., start and destination address), location (if activated in the operation system of your device) and IP address.
However, as we use Google Maps with the extension “anonymizeIP()”, Google will reduce the IP address of the App user within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand, which excludes any direct association to you. Only in exceptional cases, is the full IP address transferred to a server of Google in the USA and shortened there.
The data transfer described above takes place regardless of whether you are logged in a user account with Google or whether a user account exists. If you are logged into an account, your data will be assigned directly to your user account. If you do not wish to be associated with your Google profile, you must log out of your (Google) user account within the App.
Google stores your data (regardless of the login status) as usage profiles and analyzes them.
If you have a user account with Google, you can change your Privacy Settings at: https://safety.google/privacy/privacy-controls/.
The processing of your personal data is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR.
You can give your consent to Google Maps in your Privacy Settings. You can revoke this consent at any time with effect for the future by deactivating Google Maps in your Privacy Settings.
You can find more information on terms of use and data protection at
- https://policies.google.com/privacy
- https://policies.google.com/terms
- https://policies.google.com/technologies/cookies?hl=en
- https://www.google.com/intl/de_US/help/terms_maps/
(additional terms of use for “Google Maps”)
4. Email- and App/website marketing
Email newsletter dispatch to subscribers
If you have subscribed to our email newsletter via “double opt-in” procedure we will send you from time to time newsletters to inform you about our products, services and promotions.
This data processing is based on your consent (Legal basis: Art. 6 para. 1 s. 1, lit. a GDPR).
Withdrawal of consent:
You can withdraw your consent and unsubscribe from our newsletter at any time by sending an email with your unsubscribe request to our customer service ([email protected]) and/or by clicking on the unsubscribe link which is contained in every newsletter.
Direct marketing emails to existing customers
After the purchase of goods we may – regardless of whether you have subscribed to our newsletter– send you marketing emails for similar products and services.
This data processing is based on our legitimate interest to advertise our products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Objection to direct marketing emails:
You can object to this processing of personal data and unsubscribe from our direct marketing emails at any time by sending an email with your unsubscribe request to [email protected] and/or by clicking on the unsubscribe link which is contained in every direct marketing email.
Personalization of direct marketing emails to existing customers
If you are a customer, we may personalize our direct marketing emails sent to you based on your preference/interest profile derived from data of your previous purchase(s) from the last two years.
This data processing is necessary for the purpose of our legitimate interest to tailor our direct marketing emails to your preferences and interests and thus make our email marketing efforts more efficient (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Objection to our newsletter/direct marketing targeting
You can object to this processing of your purchase data for targeting of our newsletter/direct marketing emails to custom audiences at any time by sending an email with your unsubscribe request to [email protected] and/or by clicking on the unsubscribe link which is contained in every direct marketing email. In this case, you would then not receive any more newsletters from us.
Invitation emails for product rating and review
We would like to know if you are satisfied with your purchased PUMA goods. For this purpose, we process your email and purchasing data (e.g. goods purchased and date of purchase), in order to send you an email within one month after the purchase, inviting you to rate and review your purchased product (further information on data processing in connection with the submission of product reviews can be found in above section.
The processing of your personal data for sending invitation emails for product ratings and reviews is based on consent pursuant Art. 6 para. 1 s. 1, lit. a GDPR or, in specific cases, based on our legitimate interest in good customer service and marketing (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Meta Custom Audiences
When registering for the newsletter, we offer you the opportunity to give us your consent to the use of your e-mail address so that we can use it for the so-called Meta Custom Audiences by Meta Platforms Ireland Limited., Block J, Serpentine Avenue, Dublin 4 Ireland (“Meta”).
Your e-mail addresses are hashed before being sent to Meta and transmitted in this form.
Meta matches your email address with the accounts you have on Meta's social networks and creates an interest profile based on your user data.
Meta Custom Audiences helps us to show you personalized advertising for special offers and product releases.
https://www.facebook.com/business/help/744354708981227?id=2469097953376494
https://www.facebook.com/legal/terms/customaudience/
You can revoke your consent with effect for the future at any time by e-mail. Detailed information on exercising your right of withdrawal can be found in section 10.
Google Ads Customer Match
When registering for the newsletter, we offer you the opportunity to give us your consent to the use of your e-mail address so that we can use it for the so-called Google Ads Customer Match by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Your e-mail addresses are hashed before being sent to Google and transmitted in this form. Google matches your email address with the accounts you have for the services provided by Google (e.g., YouTube, Gmail) and creates an interest profile based on your user data.
Google Ads Customer Match helps us to show you personalized advertising for special offers and product releases.
https://support.google.com/google-ads/answer/6379332
https://support.google.com/google-ads/answer/6334160
You can revoke your consent with effect for the future at any time by e-mail. Detailed information on exercising your right of withdrawal can be found in section 10.
We use Emarsys for personalization, analytics, automation and email campaigns (sending newsletters). Emarsys works through cookies and tracking pixels which help us create newsletters and tailored advertisements.
If you give your consent to receive our newsletter and have fully completed the double opt-in process to verify your email address accordingly (or have entered your email address in our App in connection with a purchase in our web shop) your personal data will be collected by Emarsys and combined into a (pseudonymized) user profile which can be assigned to your email address.
When you use our App, the data collected by Emarsys can also be merged into a (pseudonymized) user profile if you had given your consent to receive our newsletters at one of our retail stores. Your email address will be pseudonymized by us.
The data protection guidelines of Emarsys can be found here:
This data processing (evaluation of the newsletter and the measurement of success) is based on our legitimate interests – subject to your given consent – to ensure the secure and user-friendly operation of our newsletter system and thus serves both our business interests and your expectations to improve our App, products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
5. Registration and setting up a customer account
You can create a customer account in our App. The registration for a customer account requires you to provide personal data. Mandatory fields are marked accordingly in the input form.
If you create a customer account in the App, it is also valid for the PUMA Europe GmbH online shop (puma.com).
This data processing is necessary for the performance of a contract (provision of a customer account) with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR).
Data processing in the case of orders in the online shop
In addition, we process your personal data in connection with the purchase of goods in our online shop.
Purchase and payment of goods in the online shop
We process your personal data (i.e. contact details, shipping and payment information) if you purchase goods in the online shop. If you purchase goods for another person (third party), we process the personal data of the third party provided by you (name and any contact details) for the dispatch of the goods to the third party. Please ensure that the third party has been sufficiently informed by you about the processing of their data at PUMA, and that you are authorized to provide such data.
This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR).
Payment method Klarna
In order to offer you the widest possible choice of payment methods, we use the services of Klarna Bank AB (publ), at Sveavägen 46, 111 34 Stockholm.
Klarna is a payment service provider that allows you to choose different payment methods and additional services when using Klarna. This includes, for example, purchase by invoice, installment payments and other services, such as separate buyer protection.
To select the payment methods of Klarna, a user account with Klarna is required. The payment for your orders is made to Klarna. You can find further information about the terms of use of Klarna for your respective country at:
https://www.klarna.com/international/terms-and-conditions
Depending on which payment methods you choose (e.g. "Pay now", "Pay in 30 days", installment payment options), it may be necessary that your personal data is transmitted by Klarna to credit rating agencies cooperating with Klarna in order to perform an identity and credit check. For this purpose, Klarna processes personal data on its own responsibility.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen at Klarna as well as for the confirmation of your identity and the administration of your payment.
According to our information, this usually involves your contact information (e.g. first and last name, telephone number, email and postal address), data for processing the purchase contract (e.g. bank details, account and card number, billing and delivery address, items purchased, price paid, order status and chargeback information).
Please note that Klarna may also share your personal data with other subcontractors and other affiliated companies, for example if this is necessary to fulfill the contractual obligations of your purchase.
You can find more detailed information on the personal data processed by Klarna and the legal basis for this for your respective country at:
https://www.klarna.com/international/privacy-policy/
Payment method PayPal
We also offer you the option to pay for your order with the online payment service provider PayPal. The payment method PayPal is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you choose PayPal as payment method, your contact details will be transmitted to PayPal. To use PayPal as a payment method, a user account with PayPal is required.
PayPal's services also include separate buyer protection in addition to the online payment service.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen at PayPal as well as for the confirmation of your identity and the administration of your payment.
According to our information, the personal data transmitted to PayPal is usually your contact information (e.g. first and last name, telephone number, email and postal address, customer account), data for processing the purchase contract (e.g. bank details, account and card number, billing and shipping address, purchased items, price paid, order status and chargeback information).
Please note that PayPal may also share your personal data with other subcontractors and other affiliated companies, for example, if this is necessary to fulfill the contractual obligations of your purchase.
Depending on which payment methods PayPal makes available to you, it may be necessary for your personal data to be transmitted by PayPal to credit rating agencies in order to carry out an identity and credit check. This serves to check your identity and creditworthiness with regard to the order you have placed. For this purpose, PayPal processes personal data on its own responsibility.
You can find more detailed information on the processing of your personal data by PayPal at:
https://www.paypal.com/webapps/mpp/ua/privacy-full.
Payment method Apple Pay
You have the option to select the payment method "Apple Pay" in our store.
This payment method is a service of Apple Distribution International Limited, located at Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland.
The payment with "Apple Pay" is processed via the corresponding function of your Apple mobile device using the payment card stored there.
In addition to the online payment service, the services of "Apple Pay" also include protection of your payments, which are integrated by additional security features in both hardware and software (iOS, watchOS, macOS).
This additional security feature includes, among other things, the fact that to release a transaction, you need to enter your specified code as well as a verification by means of the so-called "Face ID" or "Touch ID".
Your data is transmitted to the corresponding payment service provider in encrypted form. According to Apple, this is done using a developer-specific key that ensures that only our website, on which the order was placed, can access the payment data. Upon successful payment, your device account number and a transaction-specific security code are transmitted to our website as confirmation.
The transmission of your data is necessary for the processing of your order with the payment method you have chosen with Apple Pay as well as for the confirmation of your identity and the administration of your payment.
We would like to inform you that Apple may process your transaction data in an anonymous form and as a vague value regarding the amount, date and time of the order, as well as information about the success of the payment. Apple processes this data to improve its products and services.
If you have made the purchase via the Safari web browser on your Mac and use the Apple Pay function of your Apple mobile device to authorize the payment process, communication takes place via encrypted Apple servers between your Mac and the Apple mobile device. According to Apple, at no time is your information processed in a format that identifies you as an individual.
You can deactivate the option to pay via Apple Pay at any time in the settings of your end devices.
For more information on the processing of your personal data when using Apple Pay, please see:
Fraud and credit check
In order to reduce the risk of default of payment at the best possible rate, we carry out a predominantly automated fraud and credit check during and after completion of the ordering process in our online store.
This enables us offering you a choice of different payment methods and at the same time protects ourselves against the default of payment of the invoice.
As part of the credit check, we i.e. check all previously made orders in your customer account. It is also checked whether the delivery address differs from the billing address, whether the delivery address is new or if the order should be delivered to a pack station.
For orders made in Germany, Austria, Switzerland and the Netherlands, we also obtain a credit report during our credit check. The credit report can contain, firstly, information about any current payment delinquencies, e.g. from public debtor registers, or data from court collection proceedings. Secondly, the credit check can also list so-called score values, which are calculated based on a scientifically recognized mathematical and statistical procedure and are used to assess the credit risk. The credit rating agency also uses the above data for other enterprises (e.g. other online traders) for the purposes of checking addresses and/or identity checks, and for any scoring applications based on these. Your address data is also included in the probability values.
You may find detailed information on our credit rating agency, infoscore Consumer Data GmbH, pursuant to Art. 14 GDPR, i.e. information on the company purpose, on purposes of data storage, the data recipients, the right to access information directly, the right to erasure or rectification, etc. at the following link:
The transfer of data to our credit rating agency infoscore Consumer Data GmbH is based on consent pursuant to Art. 6 para. 1 s. 1, lit. a GDPR. Your consent is only valid for the individual order process and is granted for each individual order process. If you do not wish your personal data to be transferred to our credit rating agency, please choose our alternative payment method "Paypal Checkout".
In addition to the above-mentioned credit check, we carry out a general fraud prevention check for the payment methods “credit card” and “Apple Pay” for each order.
To carry out the fraud prevention check, we transfer the following personal data to our vendor: Contact information (e.g., customer name, phone number, email and mailing address), transaction data (e.g., billing and shipping address, items purchased, price paid, order status and chargeback information) and account information (e.g., information about the customers user account and preferences on our PUMA Online Shop).
The fraud prevention check includes an automated comparison of the above information with the database of our vendor. If our vendor detects any suspicion of fraud through the automatic comparison with their database, the result of the check is displayed to the user. This constitutes an automated individual decision-making within the meaning of Art. 22 para. 1 GDPR without this decision having any legal effect or similarly significant impact on our customers.
You may find detailed information about the fraud prevention check by our vendor Forter Solutions UK Ltd pursuant to Art. 14 GDPR, i.e. information on the company purpose, on purposes of data storage, the data recipients, the right to access information directly, the right to erasure or rectification, etc. at the following link:
https://www.forter.com/services-privacy-policy/
If you do not agree with the payment method(s) you have been offered or if you are subject to a negative decision by our fraud and credit check, you can contest the decision stating your point of view either by letter or by sending an email to [email protected]. We will then check the decision made once again, in consideration of your point of view.
In addition to that, we will check, based on your device on pre-defined rules, if the order should be categorized as being suspected of fraud. If there is any suspicion of fraud, we will additionally carry out an individual check on the order. In case the result of this manual fraud check is positive, the order will be approved. If, however, the suspicion of fraud remains, we may decide to cancel the order, depending on the particular case.
This data processing is necessary for the purpose of our legitimate interest to avoid default of payment and fraud (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
In any case of cancellation of the purchase (e.g. withdrawal of contract) we will process your personal data for returning the goods and refunding the purchase price.
This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) and/or for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. b, lit. c GDPR).
Dunning process, collection and enforcement and/or defence of legal claims
In the case of outstanding amounts owed to us, we will advise you accordingly by email, SMS, letter or by phone, and under certain circumstances, will send you a dunning letter. If and to the extent that you still fail to make the payment, we will initiate a credit collection procedure.
The credit collection procedure will be carried out by a credit collection agency engaged by us. If necessary to carry out the credit collection procedure, the credit collection agency will carry out address enquiries, thereby availing itself of public registers in order to locate you as a debtor.
In the case of a legal dispute with you, we will process your personal data to enforce and/or defend our rights. If and to the extent necessary for the legal dispute, we will thereby rely also on data from other sources (e.g. public registers).
This data processing is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) as well as for the purpose of our legitimate interest in preventing the abuse of our services and in establishment and exercise of legal claims (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
Customer care
Depending on the subject matter of your request, we will rely on your personal data that has been stored within the scope of other data processing activities in our systems (e.g. data that you have provided during a purchase, or your score value that we have received from the credit agency as part of the credit assessment process). If and to the extent that this is necessary to answer your query, we will also collect data from external sources (e.g. query with a shipping service provider as part of shipment tracking or an investigation request).
In context of requests concerning a (pre)contractual relationship with you, this data processing is necessary for the performance of a contract (provision of a customer service) with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR). If you wish to exercise your rights with respect to us, the correspondent data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR). If you would like to receive information or complain about our products and services, the respective data processing is necessary for the purpose of our legitimate interest to respond to your information request / complaint (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
To speed up the processing of your inquiries, we offer you the option of contacting us via our chat bot. For this purpose, we use the services of Cognigy GmbH, Speditionstr. 1, 40221 Düsseldorf, Germany.
Cognigy's service uses artificial intelligence (so-called AI) to analyze and respond to your inquiries, complaints and feedback. This artificial intelligence is based on algorithms that learn from existing data and other data that you and other users provide to us and improve the service. The service can provide you with appropriate answers and suggested solutions to your queries that meet your individual needs. It also provides us with feedback on your satisfaction with our products and services. The answers and proposed solutions provided to you by these services may constitute automated individual decision-making within the meaning of Art. 22 para. 1 GDPR, without this decision having any legal effect on you and our customers or significantly affecting them in a similar way.
To provide the chat bot, we process technical data relating to your end device (e.g. IP address) as well as any contact data provided by you and other content relating to your customer service inquiries. We collect this data as part of the use of the chat bot on the legal basis of consent in accordance with Art. 6 para. 1 s. 1, lit. a GDPR. You can give this consent when opening the chat window and pressing the button to start the chat and revoke it in our Cookies Settings with effect for the future with regard to the use of the chat bot. The processing of the data after you have entered your data is carried out in accordance with the above legal bases for processing your customer service inquiries.
t is not necessary for you to entrust us with sensitive data. Of course, we always treat your personal data with the utmost care and in accordance with data protection regulations. We only collect and process this data on the basis of your express consent when you click the button to start the chat. We do our best to filter out any sensitive data from the entries you make via our chat bot and have them checked by a human customer support employee. We delete this sensitive data as soon as it is no longer required for the purpose for which it was collected or we determine that the provision of this sensitive data is not necessary to process your inquiries, provided that there are no legal retention periods to the contrary. If necessary, we will anonymize your data so that no personal reference can be made to you.
Performance of internal audits
Within the scope of audits within the PUMA Group, your personal data may be processed. During this process, we rely also on data from other sources, depending on the case (e.g. credit agencies).
Your data may, under certain circumstances, also be appropriately processed in order to identify and rectify misconduct within the enterprise, and to implement compliance programs and compliance measures.
This data processing is necessary for compliance with our legal obligations (e.g. under the Stock Company Act) (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR) and/or for the purpose of our legitimate interest to check the processes and efficiency in the PUMA Group, to rectify misconduct and cases of fraud, to enforce and/or defend our rights, as the case may be, and to uncover any criminal offences, (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
On the basis of your data, which we process the meaning of Sec. 3 of this Data Protection Information, we may issue analyses. These serve as a basis for our business decisions, to improve our products and services, to adapt to the needs of our customers and to carry out marketing activities. The analyses issued on this basis no longer have any personal reference, which means it is no longer possible to trace them back to you.
This data processing is necessary for the purpose of our legitimate interest to improve the products and services we offer and carry out marketing activities (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
PUMA offers you the chance to participate in prize competitions and raffles on our App, as well as on our website, in our stores, on Social Media like Instagram, Facebook, TikTok, with our Affiliate Partners, in Newsletters, or similar.
Your personal data will be processed with your participation. In all our prize competitions and raffles, you only need to provide us with the data that we require to perform the raffle and to notify you of your win. Typically, this is your email address, but additional data might be required based on the applicable terms and conditions of certain raffles.
If the raffle is about winning PUMA Sportswear (clothes and shoes), we ask for your name, your clothing or shoe size and your gender in addition to your email address. In order to be able to collect the prize from us, we may also ask you to inform us of the store of your choice, where you can pick up your prize by giving your name. If the prize is sent by post, which can be in case you can win tickets, vouchers or other non-cash prizes, we need your home address in addition to your name. In some cases, we might additionally ask for your age to ensure that you can legally participate in the raffle based on the applicable terms and conditions. You will find further information on all this in the terms and conditions that apply.
The data required by us to perform the raffle under the applicable terms and conditions are highlighted as mandatory fields. Unfortunately, participation in the raffle is not possible without entering your data in the marked mandatory fields. Other, unmarked fields, however, are optional and you decide yourself whether you want to share further data with us. Participation in the raffle does not depend on your optional data and sharing optional data or not has no effect on the performance of the raffle.
In the event of your participation, we process the data you provide to us in the raffle solely for the purpose of performing the raffle and notifying the winner. The same applies if you provide us with data based on terms and conditions for raffles on social media (Instagram, Facebook, Twitter, ...), e.g. by uploading a photo or posting articles, linking hashtags, using handles or commenting on our campaigns. The applicable terms and conditions may stipulate that we publish your name and address on our social media platforms (Instagram, Facebook, Twitter, ...) to announce you as a winner and your prize.
Please note, that your data will be deleted after the raffle.
Within the scope of our raffles you also have the opportunity to give us your consent to the use of your data for advertising. Your consent to advertising has no effect on your participation in the raffle. If you give us your consent to receive advertising, such as newsletters per email, usually by ticking a checkbox, we will process your data, especially your email address, also to send you offers and information about our products by email. You can withdraw your consent at any time. Further information on data processing when receiving our newsletter can be found under the section “Newsletter”.
We process your personal data based on your consent in accordance with Art. 6 para. 1 s. 1, lit. a GDPR and, where applicable, to fulfil a legal obligation in accordance with Art. 6 para. 1 s. 1, lit c GDPR. Your data will not be passed on to third parties. In individual cases we are supported by external service providers with whom we have concluded a corresponding agreement to ensure the security of the processed data.
Of course, you can exercise the rights to which you are entitled under data protection law against us at any time. You will find more detailed information on this under the section “Your Rights”.
PUMA uses a referral marketing programme from Mention Me Ltd, Kennington Park, 1-3 Brixton Rd, London, SW9 6DE. Through the Mention Me programme we enable you to recommend PUMA to your friends. PUMA then rewards both you as the referrer and your referred friend, when your referred friend also becomes a customer of PUMA.
For this purpose, your name and email address as the referrer will be shared with Mention Me in compliance with the GDPR so that Mention Me can operate the service on PUMA’s behalf.
Once you make a purchase on this App, an overlay from Mention Me will be shown. It is also possible to start the referral process through a landing page onsite. You can then freely decide whether you want to refer someone or not. If you decide to do so, you will have the option of sending a personally created link to a friend by email, via Facebook, SMS or WhatsApp. Afterwards, both you and your referred friend receive a reward for the recommendation, provided that the referred friend has placed an order in our store.
For this purpose, PUMA will share personal data of you (email address, name and order details) in encrypted, pseudonymized form with Mention Me, so that you can participate in our "Refer a Friend programme". This makes it possible to determine which customer is the referee of a new customer and who should receive a reward for their referral. For this purpose, the email address, name and IP address of you as the recommender are processed. Also, the email address and IP address of the referred friend are processed for this purpose, only once they freely enter their details in the ‘Been referred by a friend’ link at the checkout. In both cases, data is shared exclusively in pseudonymized form.
The data is processed voluntarily and with your explicit consent only or based on consent of the recommended friend, Art. 6 para. 1 s. 1, lit. a GDPR. You can withdraw your consent at any time with effect for the future. Please see Sec. 10 for further details.
Further details on how Mention Me processes your personal data can be found in the Mention Me privacy policy: https://mention-me.com/help/privacy_policy_s#referrers.
7. Retention and erasure of your personal data
We keep your personal data for as long and to the extent required for the purposes named in the respective section of this Data Protection Information.
As soon as the data for the purposes named in the respective section is no longer required, we keep your personal data for the length of time, during which you can assert claims against us or we can assert claims against you (the statutory period of limitations is generally three years, starting with the end of the year in which the claim arises, e.g. the end of the year of purchase).
In addition to this, we store your personal data for as long and to the extent we are obliged to do so by law. Corresponding obligations of proof and retention can be found, inter alia, in the German Commercial Code, the Tax Code and the Money Laundering Act. The retention periods may accordingly last up to ten years.
8. Transfer of personal data and the categories of recipients
Your personal data may be transferred / disclosed to the following categories of recipients:
- Other companies within the PUMA Group within the scope of a group-internal, collaborative process. Such data processing, where applicable, is necessary for the purpose of our legitimate interest to run our administration activities efficiently and collaboratively, and to improve our products and services (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
- IT Service providers who prepare the platforms, databases and tools for our products and services (e.g. our App, the sale of goods, the dispatch of newsletters and informative emails), issue analyses on user habits in our App, carry out marketing campaigns, and process your personal data during the purchasing process on our behalf.
- In connection with the use of Google Analytics for Firebase, including cookies, your personal data may be transferred to the USA.
- For the analysis of your behavior in our App, we might transfer your personal data to specialized service providers in third-party countries, if necessary.
- In order to carry out the credit and fraud check, we transfer your personal data to specialized service providers, generally to Experian GmbH. In certain circumstances, data may be transferred to outside the EU / EEA.
- If you purchase or evaluate products in our App, we will forward your personal data to our third-party service provider of customer feedback platforms, located in the USA.
- If you purchase products in our App, we offer you various payment methods. In order to process a payment and, if necessary, a refund of the purchase price, we transfer your personal data, depending on the chosen payment method, to banks, payment service providers, financial service providers and credit card companies. The respective data transfers to such recipients are based on the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR). In certain circumstances, data may be transferred to the USA.
- If you choose “PayPal” as the payment method for a purchase, we transfer your personal data to the USA. This transfer of personal data is necessary for the performance of a contract (provision of payment method “PayPal”) with you (Legal basis: Art. 6 para. 1 s. 1, lit. b in conjunction with Art. 49 para. 1 s. 1, lit. b and c GDPR).
- Should you be unable to meet your payment obligations, we transfer your personal data to collection agencies that carry out the collection procedure on our behalf. This transfer of personal data is necessary for the performance of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR) and for the purpose of our legitimate interest in an efficient accounts receivable management.
- For the delivery of your purchased products in our App (including notifications about the delivery status of the orders) we transfer your personal data to the fulfilment and shipping service providers (e.g. DHL, UPS, Hermes etc.) engaged by us. The transfer of your personal data is based on the performances of a contract with you (Legal basis: Art. 6 para. 1 s. 1, lit. b GDPR).
- In case of legal disputes, we transfer your data to the competent court and, if you have engaged a lawyer, to the latter, in order to conduct the legal dispute. This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR) and/or for the purpose of our legitimate interest in the establishment and exercise of legal claims (Legal basis: Art. 6 para. 1 s. 1, lit. f GDPR).
- In addition to this, we only transfer your personal data if we are legally obliged to forward such data (e.g. to the police authorities within the scope of criminal investigations or to the data protection supervisory authorities). This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).
We ensure that suitable safeguards (e.g., certification in the EU-U.S. Data Privacy Framework adopted by the EU Commission, conclusion of applicable EU Standard Contractual Clauses and, if necessary, additional measures) for adequate data protection are in place, if your personal data is disclosed to any recipients mentioned above, which are established outside the EU/EEA.
9. Right to object to data processing based on legitimate interests
We process your personal data within the meaning of the sections above, based on our legitimate interest, in particular to guarantee IT security in our App, to adapt our App to your needs, to carry out analyses and marketing activities, to inform you about our products and services, to increase the coverage of our products and marketing activities, to prevent fraud and abuse, to avoid payment defaults, to care for our customers, to safeguard, enforce and defend our legal interests (also before the courts, as necessary), and to carry out our internal management efficiently and collaboratively. For information about the balancing of interests carried out by PUMA, please contact dataprotection[at]puma.com.
Notwithstanding the specific possibilities to object to data processing described in above sections (e.g. provided opt-out or unsubscribe links), you have the right to object at any time to the processing of your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 s. 1, lit. f GDPR on grounds relating to your particular situation by sending an email to [email protected]. We will then no longer process your data for this/these purpose(s) unless our legitimate interests in processing overweighs or the processing serves to establish, exercise or defend legal claims.
If you object to the processing of your data, we will process any collected personal data in this context in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).
If you have given us your consent for the processing of your personal data, you can withdraw this consent at any time. The withdrawal of your consent is effective for the future and shall not affect the lawfulness of processing based on consent before its withdrawal.
Unless specifically regulated in above sections, please send your withdrawal of consent to [email protected].
If you withdraw your consent, we process your personal data collected in this connection to answer your inquiry. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).
11. Your other data protection rights
In accordance with the GDPR, you may demand at any time that we:
- provide you with information on your personal data that we process (Art. 15 GDPR),
- rectify (Art. 16 GDPR),
- erase (Art. 17 GDPR),
- restrict (Art. 18 GDPR) and/or
- export (Art. 20 GDPR) your personal data stored on our systems.
Please send your request, stating at least your first and last name, either by email to [email protected] or in writing to PUMA Online Shop, Post box 201101, 48092 Münster, Germany.
If you exercise these rights against us, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 para. 1 s. 1, lit. c GDPR).
Irrespective of your abovementioned rights, you can lodge a complaint with a data protection supervisory authority, if you are of the opinion that the processing of your personal data by PUMA violates the GDPR (Art. 77 GDPR).
12. Changes to this Data Protection Information
The provisions of this Data Protection Information, including the referenced Cookie Information, shall apply in the version in force at the time the online shop is used.
We reserve the right to supplement and modify the content of this Data Protection Information. The updated Data Protection Information applies from the time at which it was published on our websites / in our App. In case of substantive or material changes to the Data Protection Information, especially changes that affect the processing of your personal data already collected by us, we will inform you in advance (e.g. by email).