Your data is
safe with us

Data
Protection
Statement

As at: 11/2019

This Data Protection Declaration gives you an overview of how Zalando processes your data. It applies to all websites, apps and other benefits and services offered by Zalando.
How you can read these Data Protection Declarations: We offer you various options for reading this Data Protection Declaration. Firstly, you can find very basic information in this section. Then we have sorted this Data Protection Declaration into topics relevant for you and divided it accordingly into individual chapters.If you are already a “pro”, you can jump directly to individual chapters using the dropdown menu below.

More

We have prefixed each chapter with a short overview. This overview briefly summarises the content of the chapter. If you just want a quick high-level overview of all data processing, it is advisable to read the overviews. If you want to familiarise yourself with the details, you can click on “more” under the relevant overview. The full content of the chapter will then be displayed. 

We have avoided cross-references wherever possible. That way you get all of the information coherently explained, regardless of which chapter you are currently reading. If you read this Data Protection Declaration from start to finish, you may find that parts of the text are repeated. We were unable to avoid a few cross-references. For example, we summarised all country-specific data processing in a single chapter and always refer to this chapter when discussing country-specific data processing.

Finally, you should also bear in mind that Zalando is not just a single company. Zalando is a group and thus consists of multiple companies. Not all of these companies offer you services or process your data. For simplicity, only the Zalando Group companies which are actually involved in processing your data are named below. Where we refer below to “Zalando”, “we” or “us”, we mean the responsible companies within the Zalando Group. List of Zalando companies:

  • Zalando SE, Valeska-Gert-Straße 5, D-10243 Berlin, Germany
  • Zalando Beauty Store GmbH, Valeska-Gert-Straße 5, D-10243 Berlin, Germany
  • Zalando Content Creation SE & Co. KG, Straße der Pariser Kommune 8, D-10243 Berlin, Germany
  • Zalando Customer Care DACH SE & Co. KG, Leipziger Straße 127-128, D-10117 Berlin, Germany
  • Zalando Customer Care International SE & Co. KG, Leipziger Straße 127-128, D-10117 Berlin, Germany
  • Zalando Fashion Entrepreneurs GmbH, Valeska-Gert-Straße 5, D-10243 Berlin, Germany
  • Zalando Finland Oy, Runeberginkatu 5 B, 00100 Helsinki, Finland
  • Zalando Ireland Ltd., 3 Grand Canal Quay, Dublin 2, D02 WC65, Ireland
  • Zalando Logistics SE & Co. KG, Havellandstraße 6, 14656 Brieselang, Germany
  • Zalando Logistics Mönchengladbach SE & Co. KG, Regioparkring 25, 41199 Mönchengladbach, Germany
  • Zalando Logistics Operations Polska sp. z o.o., Innowacyjna 8, 74-100 Gardno, Poland
  • Zalando Logistics Polska sp. z o.o., ul. Jasna no. 26, 00-054 Warsaw, Poland
  • Zalando Logistics Süd SE & Co. KG, Valeska-Gert-Straße 5, D-10243 Berlin, Germany
  • Zalando Lounge Logistics SE & Co. KG, Valeska-Gert-Straße 5, D-10243 Berlin, Germany
  • Zalando Lounge Service GmbH, Zeughofstraße 1, 10997 Berlin, Germany
  • Zalando Marketing Services GmbH, Tamara-Danz-Straße 1, D-10243 Berlin, Germany
  • Zalando Outlet Stores GmbH & Co. KG, Tamara-Danz-Straße 1, D-10243 Berlin, Germany
  • Zalando Payments GmbH, Valeska-Gert-Straße 1, D-10243 Berlin, Germany
  • Zalando Digital Portugal, Unipessoal Lda, Avenida da Liberdade, 225, 225-A, 1250 142 Lisbon, Portugal
  • KICKZ Never Not Ballin’ GmbH, Landwehrstraße 60, 80336 Munich, Germany
  • nugg.ad GmbH, Tamara-Danz-Straße 1, D-10243 Berlin, Germany

What you will learn in this Data Protection Declaration:

  • Which data Zalando stores.
  • What we do with this data and what it is needed for.
  • Which data protection rights and options you have.
  • Which technologies and data we use to personalise and coordinate our services in order to offer you a secure, simple, seamless and individual shopping experience.
  • Which technologies and data we use for advertising, including the tracking technologies we use.

If you have a question regarding this Data Protection Declaration or the topic of data protection at Zalando in general, you can contact our data protection officer or Zalando customer service at any time.

Which data
does Zalando
process?

  1. Which data does Zalando process?

Zalando offers you a wide range of services, which you can also use in a wide range of ways. Depending on whether you contact us online, by phone or otherwise and on which services you use, various data from different sources may come into play. Much of the data we process is provided by you when you use our services or contact us, for example when you register and give your name, email address, or address. We do, however, also receive technical device and access data which is automatically collected when you interact with our services. This may, for example, be information on which device you are using. We collect further data using our own data analyses (e.g., within the framework of market research studies and customer evaluations). We may also receive data about you from third parties. 

More

When we talk about “your data”, we are referring to personal data. This includes all information which allows us to identify you straight away or by combining it with other information. Examples: Your name, your telephone number, your customer number or your email address. All information which cannot be used to identify you (even by combining it with other data) is classified as non-personal data. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all the data in this record counts as personal data. If we delete the personal data from a piece of information or a record on your person, the remaining data in this record no longer counts as personal data. This procedure is referred to as anonymisation. The following generally applies: If we request that you share particular personal information with us, you may of course refuse to do this. You can decide which information you share with us. We may, however, be unable to provide you with the desired services (at least not optimally). If particular information is required in connection with a service (mandatory information), we will inform you by marking it accordingly.

1.1. Profile information

Profile information is personal and demographic information on your person (so-called master data), along with your individual interests, which you share with us when registering for a customer account. You profile data includes, for example:

  • Your first and last names
  • Your contact details
  • Your preferences, e.g., in relation to brands, product types or styles
  • Demographic information such as your gender, age and place of residence

Mandatory information is usually your name and your email address.

Other mandatory information may also be required for the use of access-restricted, fee-based or personalised services, such as your date of birth or your title (e.g., in order to transfer you to the Zalando shop page for your gender) or your favourite brands and clothing styles.

Profile data may also include further information on your person and your interests. These may be collected in the process of registering for the service, or only subsequently. This is the case, for example, if you later add voluntary information to your profile.

1.2. Contact details

If you contact us, we collect your data. Depending on how you contact us (e.g., by phone or by email), your contact details may include your name, postal addresses, telephone numbers, fax numbers, email addresses, detail on your social network profiles (for example we receive your Facebook ID if you contact us via Facebook), user names and similar contact details.

1.3. Shopping data

If you purchase something from Zalando on site at a Zalando Outlet Store, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information:

  • Details on the purchased items (name, size, colour, price etc.)
  • Delivery and billing addresses
  • Messages and communication relating to purchases (e.g., notice of revocation, complaints and messages to customer service)
  • Information from service providers involved in the performance of the contract

1.4. Messages, conversation content

If you communicate with us or other users regarding products (e.g., product evaluations) and other topics by phone, post, social media, contact forms or any other medium, we collect the content of your messages.

We may forward your messages to the office responsible for your concerns, perhaps to partner companies or manufacturers. If your messages are forwarded to another company (e.g., if you provide us with feedback on the manufacturer of a product), you of course have the option to tell us that the data should only be used by Zalando. If so, we will not forward your information to the responsible office, or will only do so without your personal information, provided that your concerns can be processed in this way.

If you transmit messages to us for other users via functions provided for this purpose (e.g., product evaluations), we may publish these within the scope of our services.

Recording of telephone conversations

Telephone conversations, for example with our hotline, will only be recorded with your consent for the purposes covered by your consent (e.g., quality assurance, training purposes). Consent to recording of conversations is of course voluntary. You may withdraw consent at any time with effect for the future, for example by asking the employee on the phone to stop the recording. You can find more information under „10. Which data protection rights do I have?.

Zalando also uses social network services such as Facebook, Instagram and Twitter to communicate with customers and users. We use these popular platforms to offer you further contact and information options beyond our in-house communication channels. Please bear in mind, however, that we do not have any influence on the terms of use for social networks and the services they offer, and only limited influence on their data processing. We therefore ask you to carefully check which personal data you share with us via social networks. We cannot influence the behaviour of social media operators, other users or third parties who may work with the operators of the social networks or also use these services.

1.5. Social network data

Zalando maintains profile pages (also known as „fan pages“) on various social networks. In addition, social media functions may be integrated into Zalando’s services. These may include messenger services and so-called social plug-ins or social logins, such as “login with Facebook”. If you contact us directly via our social media profiles or use the social network functions integrated into our services and are a member of the respective social network, we may receive data from the operator of the social network that can be used to identify you. We can generally see the following data:

  • your public profile information (e.g., name, profile picture)
  • Information on the type of device you are using
  • the account ID of your profile with the relevant network (e.g., Facebook ID)

Please also take into account the notice on the processing of social network data in connection with social network functions under „3. Info on websites and „4. Info on social media fan pages.

Zalando currently uses the Messenger service from Facebook and Instagram:

  • Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“). You can find the link to Facebook’s Data Protection Declaration here: Facebook’s privacy policy.
  • Instagram, provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can find the link to Instagram’s privacy policy here: Instagram privacy policy.

1.6. Location data

For particular purposes, we also collect data on your device’s current location when you use our services. Two different technologies are used for this.

If you approve your device’s location services for an app, a website or another online service by Zalando, Zalando processes the location data collected by your device and provided to us in order to provide you with location-specific services.

Example

Some of our apps show you shops in your area or suggest products which correspond to your current location.

If you allow a Zalando app to access your device’s location services, your location may be regularly transmitted to us (e.g., even if you are not currently using the app). This serves to improve the user experience, for example by loading location-dependent content faster when you use the app at your location, or displaying location-based push notifications. We do not use this data to produce any motion profiles. You can obtain further information on location-based services if required. 

We also collect location data derived from your device’s IP address (down to the city level). An anonymised IP address shortened to three characters is used for this purpose. This anonymised IP cannot be used to identify your internet connection or device.

What are IP addresses?

Each device connected to the internet must be assigned a multiple-character, unambiguous number (example: 193.99.144.85). This is referred to as an IP address.

The first three characters of an IP address are usually assigned to a particular region or a particular internet provider. The approximate location of the internet connection can therefore be derived from the IP address.

This procedure (so-called geolocalisation) is used by us and many other online shops, for example to identify fraud and suspicious orders (e.g., it may be suspicious in particular situations if an order from your customer account uses an IP address from a country where you have never previously made any orders).

1.7. Information for campaigns and surveys

If you take part in a campaign (e.g., competition) or survey (e.g., customer satisfaction survey for market research purposes) offered by Zalando, we ask you for personal information.

For example, if you take part in a competition, we generally ask you for your name and email address, so that we can inform you if you win and to ensure that each participant only takes part in the competition once.

We may ask you for further information for some campaigns and surveys. This may be the case, for example, if we carry out a campaign with a partner and the partner needs information on you in order to make the prize available with you. In such cases we will, however, always inform you separately about the information required and how we use it.

1.8. Job applications

Zalando Group companies use the central Zalando SE’s central applicant management system to accept and process job applications.

You can find the web portal for Zalando’s applicant management system at: https://jobs.zalando.com/. The Zalando applicant management system has a service-specific privacy policy, which you can access here: [https://jobs.zalando.com/de/datenschutz].

1.9. Device and access data

When using online and mobile services, it is inevitable that technical data will arise and be processed, in order to provide the functions and content offered and to display them on your device. We refer to this data collectively as “device and access data”. Device and access data arises each time you use an online and mobile service. It doesn’t matter who the provider is. Device and access data arise, for example, when you use:

  • Websites
  • Apps
  • Social media fan pages
  • Email newsletters (i.e., when your newsletter interaction is captured)
  • Location-based services

On the one hand, Zalando collects device and access data from online and mobile services offered by Zalando itself (e.g., Zalando shop). On the other, Zalando may receive device and access data from online and mobile services provided by other companies, insofar as these are Zalando social media or advertising partners or participate in the same online advertising networks (e.g., the “Google advertising network”). For more information, see „How does Zalando use my data for advertising? and Info on social media fan pages.

Device and access data includes the following categories:

  • General device information, such as information on the device type, operating system version, configuration settings (e.g., language settings, system authorisations), information on internet connection (e.g., name of the mobile data network, connection speed) and on the app used (e.g., name and version of the app).
  • Identification data (IDs), such as session IDs, cookie IDs, unambiguous device ID numbers (e.g., Google advertising ID, Apple Ad ID), third party account Ids (if you use social plug-ins or social logins or pay by PayPal) and other common internet technologies, to facilitate recognition of your web browser, your device or a particular app installation.
  • Access data automatically transmitted by apps and web browsers whenever you access web servers and databases (within the framework of so-called HTTP requests). This is standardised information on the required content (such as the name and file type of a retrieved file) as well as further information on server access (such as amount of data transferred and error codes), on your device (e.g., device type, operating system, software versions, device identifications, IP address, the site previously visited and the time of access).

What does
Zalando use
my data for?

2. What does Zalando use my data for?

Zalando processes your data in accordance with all applicable data protection laws. Of course, we observe the principles of data protection law for the processing of personal data. We therefore generally only process your data for the purposes explained to you in this Data Protection Declaration or shared when we collect the data. These are mainly purchase processing and the provision, personalisation and development as well as security of our services. We also use your data within the framework of the strict German and European data protection law, but also for other purposes such as product development, market research, for the optimisation of business processes, the needs-based design of our services and personalised advertising. 

More

In this chapter, we also inform you of the legal basis on which we process data for individual purposes. Depending on the legal basis for our processing of your data, you may have additional data protection rights alongside your permanent rights, such as the right to information. For example, in individual cases you have the right to object to the processing of your data. You can find further information under “10. Which data protection rights do I have?

2.1. Purchase processing and provision of online, local and personalised services

We process your data in the necessary scope to fulfil contracts and to provide and execute further services requested by you, as described in this Data Protection Declaration. The purposes of the necessary data processing therefore depend on the purpose of the contract agreed with you (including our General Terms and Conditions and any service-specific terms and conditions or terms of use) or services requested by you. The most important purposes are:

  • The provision, personalisation and tailoring of our services.
  • The provision of local services, e.g., in Zalando Outlet Stores and at events and trade fairs.
  • Running customer programs such as zPoints and the Zalando Outlet Card.
  • The execution of purchase agreements and customer service as well as the processing of returns, complaints and warranty claims.
  • The provision of messages, reports, newsletters and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.
  • The guarantee of the general security, operability and stability of our service including defence from attacks.
  • Non-promotional communication with you on technical, security-related and contractually relevant subjects (e.g., fraud warnings, account blocking or contractual changes).
  • The issuing, redemption, and delivery of Zalando vouchers.
  • The execution of campaigns and competitions.

Legal bases:

Insofar as the purpose relates to the execution of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6 (1) b GDPR. Otherwise, the legal basis is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

2.2. Advertising and market research, data analysis

We use your data, also within the framework of data analysis, for advertising and market research purposes. We therefore pursue in particular the following purposes:

  • Classification into various target and user groups within the framework of market research (user segmentation).
  • Findings on various target groups and their respective usage habits and shopping interests.
  • The production of findings on demography, interests, our users’ shopping and usage habits as well as the marketing on these findings within the framework of advertising services provided to third parties.
  • The early identification of trends in the areas of fashion and online shopping.
  • The execution of advertising to existing customers.
  • The execution of direct marketing, e.g., in the form of newsletters.
  • The planning, execution and success monitoring of advertising corresponding to the interests of the target groups being addressed (personalised advertising).
  • Findings as to how our services are used (usage analysis).

Depending on the purpose, we use the data we have stored for data analysis. For example, we use summarised (aggregated), statistical, depersonalised (anonymised) profile information or data which can only be assigned to persons via further intermediate steps (pseudonymised profile information) as well as shopping and device and access data in order to understand and analyse purchasing processes using data analysis. This gives us anonymous or pseudonymised findings on our users’ general usage behaviour.

We process your data on the basis of balancing of interests to protect our legitimate interests or those of third parties (such as advertising partners or dealers which participate in Zalando’s partner programme). Zalando’s legitimate interest or that of third parties in data processing derives from the relevant purposes and is, unless otherwise indicated, of a competitive and economic nature.

Legal bases:

If data processing for the above purposes occurs with your consent, the legal basis is Article 6 (1) a GDPR (consent). This data processing data otherwise occurs on the basis of Article 6 (1) f GDPR, whereby the legitimate interests are in the above purposes.

2.3. Product and technology development

We use your data for product and technology development including the development and improvement of personalised services. In doing this we use aggregated, pseudonymised or anonymised data and machine learning algorithms, perhaps from our research, which facilitate estimates, prognoses and analysis in the interests of our users. In this way, for example, we can develop apps which can suggest products targeted to your interests and needs and recognise styles and assign products which correspond to your actual interests. Data is processed in relation to product and technology development particularly for the following purposes:

  • The development and improvement of personalised services and technologies for data analysis and advertising.
  • The development of technologies and concepts to improve IT security, prevent fraud and improve data protection e.g., by pseudonymisation, encryption and anonymisation technologies.
  • The development and testing of software solutions for the optimisation of necessary business and logistics processes.

Legal bases:

The legal basis for the processing of your data for product and technology development purposes is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

2.4. Business management and business optimisation

We transmit and process your data where necessary for administrative and logistical processes and to optimise business processes within the Zalando Group in order to design these in a more efficient and legally secure way and to fulfil our contractual and legal obligations (e.g., retention obligations under commercial and tax law). Many systems and technologies are shared within Zalando Group. This allows us to offer a more economical, secure, unified and personalised service. Therefore, various companies within Zalando Group have access to your data in so far as this is necessary for the fulfilment of the purposes named in this Data Protection Declaration.

Example

If you contact Zalando customer service, your request is forwarded to Zalando Customer Care DACH SE & Co. KG and processed there. Zalando Customer Care DACH SE & Co. KG is responsible for customer service in the German-speaking area within the Zalando Group. If this is necessary for the processing of your concern, a customer service employee from Zalando Customer Care DACH SE & Co. KG may access the data stored about you by other Zalando companies, for example your order data (e.g., in order to clarify your questions regarding a return).

Data processing for business management and business optimisation also includes, for example, the following purposes:

  • The execution and improvement of customer service.
  • The prevention and clarification of criminal offences.
  • Guaranteeing the security and operability of our IT systems.

Legal bases:

The legal basis for the processing of your data for business management and optimisation is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes. Where we process your data on the basis of legal specifications, e.g., retention obligations and money laundering tests under tax law, the legal basis is Article 6 (1) c GDPR.

2.5. On the basis of your consent

If you have given us your consent for the processing of personal data, your consent is the primary basis of our data processing. Which of your data we process based on your consent, depends on the purpose of your consent. Typical purposes include:

  • Subscription to a newsletter.
  • Participation in surveys and market research studies.
  • The processing of particularly sensitive data, containing e.g., your political opinions, religious or ideological convictions or state of health.
  • The recording of telephone conversations which you have e.g., with our hotline.
  • The transmission of your data to third parties or to a country outside the European Union.
  • The execution of a credit check (if it is not necessary for contractual fulfilment or precontractual measures).
Notices of withdrawal

You can withdraw consent at any time with effect for the future, e.g., by e-mail, letter or fax.

If the relevant service supports this function, you can adjust and withdraw consent to receive newsletters and other notifications in the preference centre. You can find the link to the preference centre in each newsletter.  Each newsletter also contains a corresponding unsubscribe link.

You can find further instructions under “10. Which data protection rights do I have?

2.6. Other purposes

If data protection law allows it, we can use your data for new purposes such as carrying out data analyses and developing our services and content without your consent. It is a prerequisite for this that these new purposes, which the data is to be used for, were not fixed or foreseeable when the relevant data was collected and the new purposes are compatible with the purposes for which the relevant data was originally collected. For example, new developments in the legal or technical sphere and new business models and services may lead to new processing purposes.

Information
on websites

3. Information on websites

We use your data to provide the Zalando websites and apps. Along with the device and access data collected whenever you use these services, the type of data processed as well as the processing purposes depend especially on how you use the functions and services provided via our services. We also use the data collected when you use our services to find out how our online offering is used. We use this information and other information to improve our services and for personalised advertising. 

More

3.1. Provider

You can find the responsible service provider in the imprint of the relevant website or app.

3.2. Which data is collected?

We generally collect all the data that you share with us directly via our services.

Device and access data

Whenever you access our services and databases, we collect device and access data and record it in so-called server log files. The IP address it contains is anonymised shortly after the end of the relevant session, as soon as storage is no longer required to maintain the functionality of the relevant website. 

If it is available and activated on your device, we also collect a device-specific ID number (e.g., a so-called “promo ID” if you are using an Android device or an “ad ID” if you are using an Apple device). This device ID is issued by the manufacturer of your operating system and can be read by websites and apps and used to present content on the basis of your usage habits. If you do not want this, you can deactivate it at any time in your device’s browser settings or system settings.

Google Maps

Our web pages use the map service Google Maps by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as “Google”). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you access the contact page. In the event that personal data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield. Google thereby receives the information that our website’s contact page was accessed from your device’s IP address. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in integrating a map service for the purposes of making contact.

If you access the Google map service on our website while you are logged into your Google profile, Google may also link this event to your Google profile. If you do not want your history to be linked to your Google profile, you need to log out of Google before visiting our contact page. Google stores your data and uses them for the purposes of advertising, market research and personalising your Google Maps display. You can object to this data being recorded by contacting Google.

For more information, please see Google’s privacy policy and the Additional terms of use for Google Maps.

Information on website cookies

Our websites use cookies. Accepting cookies is not a prerequisite for using our websites. We would, however, like to point out that our websites can only function on a limited basis if you do not accept cookies. You can set your browser up in such a way that cookies are only saved if you agree to this.

What are cookies?

Cookies are small text files which are saved by your web browser and save particular settings and data for exchange with our web server. 

A distinction is generally made between two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies which are stored for a longer period. Storing this data helps us to design our websites and services for you accordingly and makes them easier for you to use, for example by saving particular entries so that you do not have to repeat them constantly.

The cookies used by our website may come from Zalando or advertising partners. If you only wish to accept the Zalando cookies, but not our advertising partners’ cookies, you can choose the corresponding setting in your browser (e.g., “block third-party cookies). The help function in your web browser’s menu bar generally shows you have to reject new cookies, and to turn off cookies which have already been received. We recommend that you completely log out after you finish using our website on shared computers which are set to accept cookies and Flash cookies.

Our services use three categories of cookies:

  • Necessary cookies: These cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the basket function, such that the goods in your basket stay saved while you continue with the purchase. The necessary cookies also serve to save particular inputs and settings which you have made so that you don’t have to constantly repeat them, and to adapt Zalando content to your individual interests. Only limited use of the website is possible without necessary cookies.
  • Statistical cookies: These cookies collect device and access data to analyse the use of our website, such as which areas of the website are used how (so-called surfing behaviour), how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our website and to find out what our users are interested in, and to measure how effective our advertising is. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
  • Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data, in order to adapt personalised advertising on Zalando websites to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our websites. This allows us to display personalised advertising on other websites and in other providers’ apps which fits your interests (so-called retargeting). Marketing cookies can be blocked without adversely affecting the navigation and operation of the website. Shopping personalisation may, however, not be possible.

We have collected country-specific overviews of all cookies used in the Zalando shop. You can find these under “Information on individual websites”.

3.3. Online advertising

Our websites and apps contain cookies and similar tracking technologies from advertising partners which operate an online advertising network. This also allows our advertising partners to collect your device and access data and to present you with personalised advertising on other websites and in other providers’ apps targeted to your interests (e.g., advertising based on which products you have previously viewed in the Zalando shop).

You can find further information under “How does Zalando use my data for advertising?”

3.4. Usage analysis

We use common tracking technologies to evaluate device and access data. This allows us to find out how our offering is being used by our users in general. We do this using identification cookies and similar identifiers. This allows us to find out, for example, which content and topics are particularly popular, when our services are used the most, from which regions (down to the city level) our services are used and which browsers and devices our users generally use.

We may also carry out so-called A/B tests in the course of usage analysis. A/B tests are a special kind of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website or app in order to find out which version performs better, is more popular or lets users find their desired content quicker. Producing a version A and version B and testing both versions provides data which makes it easier and faster to make changes to services and content.

You can find out which tracking tools our websites use under „Information on individual websites„.

You can also find information there on deactivating usage analysis.

You can deactivate the processing of your data for usage analysis at any time.

Information on
social media
fan pages

4. Information on social media fan pages

Zalando maintains social media profiles on the social networks of Facebook and Instagram (so-called „fan pages“). We regularly publish and share content, offers and product recommendations on our fan pages. Every time you interact on our fan pages or other Facebook or Instagram websites, the operators of the social networks use cookies and similar technologies to record your usage behaviour. Fan page operators can view general statistics on the interests and demographic characteristics (such as age, gender, region) of the fan page audience. If you use social networks, the type, scope and purposes of the processing of data on social networks are primarily determined by the operators of the social networks. 

More

4.1. Provider / Responsible Party

  • The responsible Zalando company, which acts as the content provider responsible for a fan page, is visible in the Legal Info of the respective fan page.The Facebook and Instagram social networks are both provided by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland („Facebook“).Insofar as you communicate directly with us via our fan pages or share personal content with us, Zalando shall be responsible for processing your data. An exception applies to the data processing for usage analysis (Page Insights) which is described in the following; in this case, we are jointly responsible with Facebook.
    Processing of your data by Facebook

    Please note that Facebook also uses your data when you use our fan pages for their own purposes, which are not covered in this Privacy Policy. We have no influence over the data processing operations of Facebook. In this regard, we refer you to the privacy policy of the respective social networks:

4.2. Which data are collected?

When you visit our fan pages, Zalando collects all communications, content and other information that you provide us directly, e.g., when you post something on a fan page or send us a private message. Of course, if you have an account on the social network, we can also see your public information, such as your username, information in your public profile, and content that you share with a public audience. For more information, see What data does Zalando process?.

Usage Analysis (Page Insights)

Every time we interact with fan pages, Facebook uses cookies and similar technologies to track user behaviour during fan page visits. On this basis, fan page operators receive so-called „Page Insights“. Page insights contain only statistical, depersonalised (anonymised) information about visitors to the fan page, which can therefore not be assigned to a specific person. We do not have access to the personal information Facebook uses to create Page Insights („Page Insights data“). Selection and processing of Page Insights data is performed exclusively by Facebook.

Page insights offer us information about how our fan pages are used, what interests visitors to our fan pages have, and what topics and content are particularly popular. This allows us to optimise our fan page activities, e.g., by better tailoring to the interests and usage habits of our audience when planning and selecting content.

Zalando and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfils the data protection obligations under the GDPR with regard to Page Insights data processing.

More about Page Insights

You can view the agreement with Facebook here:

https://www.facebook.com/legal/terms/page_controller_addendum

Facebook has summarised the important parts of this agreement (including a list of Page Insights data) for you here:

https://www.facebook.com/legal/terms/information_about_page_insights_data 

Legal bases:

If you have given consent to the creation of Page Insights data to Facebook, the legal basis is Article 6 (1)a GDPR (Consent). Otherwise, the legal basis is Article 6 (1)f GDPR, whereby our legitimate interests are in the above purposes.

4.3. What are my Data Protection Rights?

Of course, your privacy rights as described in What are my Data Protection Rights?“ also apply to the processing of your data in connection with our fan pages.

For the purposes of processing your Page Insights data with Facebook, we have agreed with Facebook that Facebook is primarily responsible for providing you with information about the processing of your Page Insights data and for enabling you to exercise your privacy rights under the GDPR (e.g., right of objection). You can find more information about your data protection rights in connection with Page Insights and how you can exercise them directly with regard to Facebook:

https://www.facebook.com/legal/terms/information_about_page_insights_data 

Tip: You can also address your enquiry to Zalando; we will then forward your enquiry to Facebook.

Newsletter

5. Newsletter

We offer a newsletter service to keep you up to date with news, special discounts, vouchers and exclusive events. When you use our newsletters, we also connect device- and access data. 

More

5.1. How do I register?

When sending out our notifiable newsletter, we use the so-called double opt-in procedure, i.e., we will only send you the newsletter if you have given explicit prior consent for us to activate the newsletter service. If a double opt-in is required in your country, you must also have confirmed that the email address you have shared with us belongs to you. For this purpose, we will send you a notification email and ask you to confirm by clicking on one of the links in this email that you are the owner of the email address you have shared with us. We may waive this measure if you have already confirmed to us in this way for another purpose that you are the owner of this email address.

5.2. Unsubscribing

If you no longer wish to receive emails from us, you can withdraw your consent at any time without incurring any costs other than the transmission costs according to basic tariffs. A notification in text form (e.g., email, fax, letter) to the Zalando company responsible for the relevant newsletter is sufficient for this. You will, of course, also find an unsubscribe link in every newsletter.

5.3. Which data are collected?

When you sign up for a newsletter, we automatically store your IP address, the time you signed up and confirmed, as well as information about your browser, device and operating system. This way we can prove that you actually subscribed and identify any unauthorised use of your email address. This data is also used for customer segmentation when you sign up.

We collect device and access data which arise when you interact with a newsletter. For this evaluation, the newsletters contain links to image files stored on our web servers. When you open a newsletter, your email programme loads these image files from our web server. We collect the device and access data which then arises in pseudonymised form under a randomly generated ID number (newsletter ID), which we will not use to identify you without your consent. This way we can understand whether and when you have opened which issues of a newsletter. The links contained in the newsletters also contain their newsletter ID so that we can determine which content you are interested in. We use the data collected here to create a user profile for your newsletter ID in order to personalise newsletter content according to your interests and usage habits and to statistically analyse how our users use the newsletter service. We connect this data to data which we collect within the framework of usage analysis.

This is an integral component of the Zalando newsletter.

You can object to newsletter analysis at any time by deactivating the corresponding newsletter service. You will, of course, also find an unsubscribe link in every issue of our newsletter. You can also find further information under “Which data protection rights do I have?

Alternatively, you can deactivate the display of images in your email programme. In this case, however, the newsletter will not be displayed to you in full.

Vouchers

6. Vouchers

We use the data provided as part of the purchase or receipt of Zalando vouchers or credit to check and process the purchase and to redeem the voucher or credit. This also includes the recording and processing of the data connected to use of the voucher or credit, especially for fraud prevention.

More

For this purpose, we also store the following data:

  • Date of issue
  • Voucher or credit value
  • Voucher or credit code
  • Personalisation data (if you provide this)
  • Name of voucher holder (for personal vouchers)
  • Time of voucher or credit redemption
  • Name of the redeeming party and the customer account ID of the account used for redemption.

Events

7. Events

When you register for events at the Zalando Outlet through our third-party platform Eventbrite, 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147 („Eventbrite“), we receive personal information from you, such as your name and email address, payment information, ticket type and event ID. We need this data to complete your registration and for admission control. In addition, registered participants will receive information about the booked event and our contact options by e-mail before and after the booked event. The basis for the processing is Art. 6 para. 1 lit. a and b GDPR.

For more information on how Eventbrite Inc. uses personal data, please see Eventbrite’s privacy policy.

How does
Zalando
use my data
for advertising?

8. How does Zalando use my data for advertising?

We, and our advertising partners, use your data for personalised advertising presented to you in Zalando’s services and on other providers’ websites and apps. We, and our advertising partners, use the prevailing market technologies for this purpose. This allows us to advertise in a more targeted way in order to display as many adverts and offers to you which are actually relevant to you. This allows us to better meet our users’ needs regarding personalisation and discovering new products and to interest you in our service in the long run by providing a more personalised shopping experience.

More

8.1. Advertising formats and channels

The advertising formats used by Zalando and Zalando’s advertising partners include adverts on social networks (e.g., Facebook ads, Instagram ads, YouTube ads) and advertising spaces mediated via the online advertising networks used by Zalando, such as DoubleClick by Google or via the advertising platforms such as Google Display Network from Google Adwords.

Zalando does not sell any personal data.

8.2. Information which data we use to create target groups

In creating target groups, we use our own findings from data analysis on our users’ usage and purchasing behaviour and customers as well as our market research on user segmentation which we apply to the user data collected by Zalando. In doing this we especially consider aggregated, pseudonymised or anonymised shopping data, interests data, demographic profile data and geo data as well as device and access data.

Example

A target group may be: “Women between 25 and 35 years old who are fashion-conscious and interested in sport, and who have ordered an Adidas product in the last year”.

Our advertising partners also have the option to provide us with their own data for user segmentation, which was collected by the advertising partners themselves. The advertising partners must undertake only to provide Zalando with aggregated, encrypted or anonymous data, so that we cannot assign the data to any particular person, especially any particular user of the Zalando shop. Some target groups are created on the basis of the users’ surfing behaviour. This is the case if advertising is only intended to be presented to users who have recently visited a particular website or searched for particular content.

8.3. How we use this information in online advertising and in other Zalando services

We use the above information within the framework of on-site optimisation in order to present you with more relevant information and content when you search for products, call up your feed, or visit a product area. On-site and in-app optimisation is based on cookies and similar identification technologies for the pseudonymous collection of device and access data. This data is not used to identify your personally, but rather to evaluate your usage pseudonymously. Your data is never permanently combined with other personal data we have stored about you. This technology allows us to present you with products and/or particular offerings and services with content based on your device and access data (for example advertising geared to the fact that you have only viewed sports clothing in the last few days).

If you do not want on-site optimisation, you can deactivate this function at any time:

In other services, please do this by deactivating web analysis or app analysis. Please bear in mind that data used for on-site and in-app optimisation is also used for other purposes (including the provision of our services). The collection of the data used for this is therefore not prevented by deactivation. The advertising presented to you will, however, no longer be personalised.

8.4. On social networks

  • If we advertise via advertising formats offered by social networks (e.g., YouTube, Facebook, Instagram), we have the option of forwarding encrypted information on Zalando users (e.g., device and access data such as advertising and cookie IDs, email addresses) which we believe belong to an advertising customer’s target group or show particular features (e.g., age group, region, interests).The relevant social network will then – either on our behalf as an order processor or with the consent of the relevant user – decrypt the transmitted data and display the advertising booked by us to the user as part of their existing usage relationship with the relevant social network (if he is a member of the relevant social network).If you do not want us to use your data to present you with personalised advertising on social networks, you can prohibit the forwarding of your data. Please deactivate the web analysis or the app analysis.

    You may also have the option of deactivating the use of your data for personalised advertising by the social networks you use by directly contacting the relevant providers. For further information, directly contact:

    Facebook (Facebook, Instagram):

    Google (Google advertising network, YouTube, Google search):

Whom is
my data
forwarded to?

9. Whom is my data forwarded to?

Zalando only forwards your data if this is allowed by German or European law. We work particularly closely with certain service providers, for example in the area of customer service (e.g., hotline service providers) or with technical service providers (e.g., running computer centres). These service providers may generally only process your data on our behalf under special conditions. Where we use them to process orders, the service providers only receive access to your data in the scope and for the time period required for provision of the relevant service.

More

9.1. Zalando group companies

Many systems and technologies are shared within the Zalando Group. This allows us to offer you a more economical, secure, unified and personalised service. Therefore, companies within the Zalando group which require access to your data to fulfil our contractual and legal obligations, or to fulfil their respective functions within the Zalando group, receive this access.

Examples
  • If you register with your customer account (provider: Zalando SE) for Zalon (provider: Zalando Fashion Entrepreneurs GmbH), Zalando SE grants Zalando Fashion Entrepreneurs GmbH access to the information stored in your customer account in the necessary scope.
  • When you contact Zalando customer service, your request is forwarded to Zalando Customer Care DACH SE & Co. KG or Zalando Customer Care International Se & Co. KG and processed there. Both of these Zalando companies are responsible for customer service within the Zalando group. Where this is necessary to process your concerns, these two Zalando companies may access your data stored by other Zalando companies, for example your order data.
  • When you submit an order, your order and payment details are forwarded to Zalando Payments GmbH. Zalando Payments GmbH is responsible for payment processing within Zalando Group.

9.2. Technical service providers

We work with technical service providers in order to be able to provide our services. These service providers include, for example, Telekom Deutschland GmbH, Salesforce.com EMEA Ltd. and Amazon Web Services, Inc. If they process your data outside of the European Union, this may mean that your data is transmitted to a country with a lower data protection standard than the European Union. In such cases, Zalando will ensure that the relevant service providers contractually, or otherwise guarantee, an equivalent data protection level.

9.3. Social media networks

As part of advertising campaigns, we forward data to social network providers within the scope of data protection law. You can find further information under “How does Zalando use my data for advertising?”.

9.4. Authorities and other third parties

If we are obliged by an official or court decision or it is for prosecution purposes, we will, if necessary, forward your data to prosecution authorities or other third parties.

What are
my data
protection rights

10. What are my data protection rights?

You have the following legal data protection rights under the relevant legal conditions: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR). You can find the contact details for your applications under “Point of contact”.

More

Important information:

  • In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach a sufficient proof of identity to your request by email or post.
Tip

It is generally sufficient for this if you send your request to us using the email address saved to your account.

  • The responsibilities of the data protection authorities depend on the seat of the competent authorities. You may, however, contact the data protection authority, which will then forward your complaint to the responsible authority. The authority responsible for Zalando is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219 b, 10969 Berlin, Germany.
  • If you have given consent for the processing of your data, you may withdraw it at any time. Withdrawal has no effect on the admissibility of the processing of your data which took place before the withdrawal.
  • You may object to the processing of your data for advertising purposes, including direct marketing (including in the form of data analysis) at any time without giving reasons.
  • If we are processing your data on the basis of balancing of interests according to Article 6 (1) f GDPR (e.g., the reporting of creditworthiness to an external credit agency), you may object to the processing. When asserting your objection, we ask you to give the reasons why you do not wish us to continue processing your data. In the event of a justified objection, we will check the state of affairs and either stop or adjust the processing, or inform you of the urgent reasons worthy of protection why we are entitled to continue the processing.

When will
my data
be deleted

11. When will my data be deleted?

We will store your personal data as long as is necessary for the purposes named in this Data Protection Declaration, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if, or as long as, the law allows us store it for particular purposes, including for defence against legal claims. 

More

If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing.

What does blocking mean?

If data is blocked, restriction of access rights and other technical and organisational measures are used to ensure that only a few employees can access the relevant data. These employees may also only use the blocked data for the above purposes (e.g., for submission to the tax office in the event of a tax audit).

Blocking will occur, for example, in the following cases:

  • Your order and payment details and perhaps other details are generally subject to various legal retention obligations, such as those in the Handelsgesetzbuch (HGB – Commercial Code) and the Abgabenordnung (AO – Tax Code). The law obliges us to retain this data for tax audits and financial audits for up to ten years. Only then can we finally delete the relevant data. 
  • Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing, prosecution, or legal defence (e.g., in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation periods. After the relevant limitation periods expire, the relevant data will finally be deleted.

Deletion may be waived in the cases allowed by law if the data is anonymous or pseudonymous and deletion would rule out or seriously hinder processing for scientific research or statistical purposes.

How does
Zalando
protect my data

12. How does Zalando protect my data? 

We transmit your personal data securely using encryption. This applies to your order and your customer login. We do this using the coding system SSL (Secure Socket Layer). We also use technical and organisational measures to secure our website and other systems against loss, destruction, access, change or dissemination by unauthorised persons.

Changes to this
data protection
declaration
and points of
contact

13. Changes to this Data Protection Declaration and points of contact?

Further development of our websites and apps and the implementation of new technologies to improve our service for you may require changes to this privacy policy. We therefore recommend that you re-read this Data Protection Declaration from time to time.

You can contact our privacy team at any time at datenschutz@zalando.de if you have any general privacy questions and to enforce your rights.

More

To contact our data protection officer directly, please send your enquiry by post to the address below with the note „For the attention of the data protection officer“:

Data protection
Zalando SE
Valeska-Gert-Straße 5
D-10243 Berlin, Germany

Fax: +49 (0)30 2759 46 93
E-Mail: datenschutz@zalando.de

Point of
contact

14. Information on cookies

Google Analytics

Our web pages use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as “Google”). According to Google, the point of contact for all data protection questions is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse and improve our website using your user behaviour.

Google will use this information to evaluate your use of the website, compile reports on website activities for website operators and provide other services linked to website use and internet use. Google also calculates statistically aggregated demographic data and user interests in the process, which are determined by Google based on user behaviour, including on third-party websites. Statistical expectations about demographic characteristics or interests of an individual user are not processed by us in this process.

Google may transfer the data generated in this way to a server in the USA for evaluation, and store it there. If personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield. Your IP address will, however, be shortened before the usage statistics are evaluated, so that it cannot be used to identify you. To this end, Google Analytics is expanded on our website by the code “anonymizeIP”, in order to guarantee anonymous collection of IP addresses.

As described above, you can configure your browser in such a way that it rejects cookies, or you can prevent Google from collecting and processing the data generated by the cookies relating to your use of this website (including your IP address) by downloading and installing a browser add-on provided by Google. As an alternative to the browser add-on or if you access our website from a mobile device, please use this opt-out link. This will prevent Google Analytics from collecting data on this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in your browser, you will have to click this link again.

You can find further information on this in Google’s privacy policy.