Data privacy statement

We are pleased that you visit our E-Shop and about your interest in our products. Esprit would like you to feel at ease on our websites and that you do not have to have any worries about the confidentiality of your data. Data protection is part of the corporate philosophy of Esprit. Therefore, we consider transparency in the handling of the data of our customers to be extremely important. We would like to inform you below which personal data we collect, for which purposes we process your personal data and which rights you are entitled to.

Pursuant to Art. 4 lit. 1 GDPR personal data is all information, which refers to an identified or identifiable natural person; a natural person will be seen as identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, to a code number, to location data, to an online code or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.

A. General Information

I. Name and address of the responsible party

The responsible party for the Esprit Online Shop within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions under data protection law is:

Esprit Global Image GmbH
Esprit Allee 1
40882 Ratingen
Phone: 030 22 380 663 (Festnetz)
service@esprit.de

II. Contact data privacy officer

You can contact our data privacy officer under

Esprit Global Image GmbH
Data privacy officer
Esprit Allee 1
40882Ratingen
dp@esprit.com

B. Data processing activities

I. Provision of the website

1. Description and extent of the data processing
With the mere informational use of our website, thus if you do not register or transmit information to us in any other manner, we will only collect the personal data, which your browser transmits to our server when calling our website:

• IP address (if applicable in anonymised, abbreviated form)
• Date and time of the enquiry,
• Time zone difference to Greenwich Mean Time (GMT),
• Content of the requirement (concrete site),
• Access status/HTTP status code,
• Respectively transmitted data volume,
• Website, from which the requirement comes,
• Browser type,
• Operating system and its interface,
• Language and version of the browser software.

The data are also stored in the logfiles of our system. A storage of these data together with other personal data of the user will not take place. The anonymous data of the server logfiles are stored separately from all personal data entered by a relevant person.

2. Legal basis for the data processing
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR.

3. Purpose of the data processing
If you would like to view our website, we will collect the data stated under 1. as they are necessary from a technical point of view in order to display our website to you and to guarantee the stability and security of the system. The storage in logfiles is carried out in order to ensure the functionality of the website. Moreover, the data serve us to optimise the website and to ensure the security of our IT systems. Our legitimate interest in the data processing is also based in these purposes according to Art. 6 Para. 1 lit. f GDPR.

4. Duration of the storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. In the event of the entry of the data for the provision of the website, this is the case if the respective session is ended, i.e. if you leave our website.

This is the case at the latest after seven days in case of the storage in log files. A storage that exceeds the above is not possible. The IP addresses of the users will be deleted or changed in this case, which means that an allocation of the connected client is no longer possible.

5. Possibility to file an objection and remedy
The entry of the data for the provision of the website and the storage of the data in logfiles is absolutely essential for the operation of the website. Consequently, there is no possibility to file an objection on the part of the user.

II. Use of cookies

1. Description and scope of the data processing
We would also like to design our services as individually as possible in the future and consistently improve these in order to be able to offer interesting information an attractive shopping experience for you. Therefore, we partly use cookies. Cookies are small text files, which are stored on your hard disk drive allocated to the browser used by you and by which the body, which sets the cookie (here by us), receives certain information. Such a cookie contains a characteristic string, which enables a clear identification of the browser when the website is accessed once again. Cookies cannot carry out any programmes or transmit viruses to your computer. We use cookies in order to design our website more user-friendly. If you would not like to receive any cookies, you can configure this accordingly via the settings of your internet browser. However, please pay attention that certain cookies are necessary in order to use all functions of our website.

We use both so-called session cookies, which are only in use for the duration of an online visit, as well as those, which are used in the long term. Long-term cookies are in particular used in order to be able to make permanent recurring settings available to you as customers in the Esprit Online-Shop, such as for example individual information coordinated to you in order to improve the comfort and to be able to present offers to you that are coordinated to your previous purchasing behaviour.
We use the following types of cookies, the scope and functionality of which are explained below:

• Transient cookies (e.g. session cookies) (see in this respect a)
• Persistent cookies (see in this respect b).

a) Transient cookies
Transient cookies—which in particular include so-called session cookies—are as a rule deleted automatically if you close the browser or a session has expired. These cookies store a so-called session ID, with which various enquiries of your browser can be allocated to the joint session. In this way, your computer can be recognised again if you return to our website. The session cookies are as a rule deleted when you log out or close the browser. The following data are stored and transmitted in Session cookies:

• Language and country settings
• Screen resolution

b) Persistent cookies
Persistent cookies are deleted automatically after a stipulated duration, which can make a distinction depending on the cookie. You can delete or deactivate the cookies in the security settings of your browser at all times as determined by you. For the design suitable for the needs as well as for the optimisation of our websites, data are entered and stored as well as usage profiles are created from these data by using pseudonyms. Usage profiles are, however, not aggregated with the data about the holder of the pseudonym without the explicit consent of the visitor. When accessing our website, the users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy statement.

Persistent cookies used by Esprit:

b1) Webtrekk
We use a cookie of the company Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany in order to analyse and evaluate customer usage behaviour on our website.

You can object to this data entry and storage at all times with effect for the future. Please call the following link.
for this purpose. By confirming the link, a so-called opt-out cookie will be set on your computer. This cookie has a validity of 5 years. Please note that if all cookies on your computer are deleted, this opt-out cookie will also be deleted, i.e. if you continue to intend to object to the data collection using a pseudonym by Webtrekk, you must set the opt-out cookie once again. The opt-out cookie is set per browser and computer. If you visit our websites from your home and from your workplace or by using various browsers, you must activate the opt-out cookie on the various browsers or on the various computers.

Legal basis for the data processing
The legal basis for the processing of personal data by using cookies is Art. 6 Para. 1 lit. f GDPR.

Purpose of the data processing
Transient cookies are used for the purpose of simplifying the use of our website for the individual user. Several functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is also recognised again after a change in site. Transient cookies are therefore used for example for the language and country settings.

The use of persistent analysis-cookies is carried out for the purpose to improve the quality of our website and its contents. By the analysis-cookies we find out how the website is used and can so therefore consistently optimise our offer.

Without your consent a collection of analysis data is merely carried out in an anonymised or pseudonymised form. We cannot recognise your identity hereby. Therefore, our legitimate interest in the processing of the personal data is also constituted in these purposes according to Art. 6 Para. 1 lit. f GDPR.

Duration of the storage, possibilities for objection and remedy
Cookies are stored on your computer and transmitted by this computer to our website. Therefore, you have as user also the full control over the use of cookies. By a change in the settings in your internet browser you can deactivate or limit the transmission of cookies. Already stored cookies can always be deleted. This can also be carried out automatically.

Please note that you can set your browser so that you are informed about the setting of cookies and can make individual decisions about their acceptance or you can exclude the acceptance of cookies generally or for certain cases. Each browser differs in the type, how it manages the cookie-settings. This is described in the help menu of each browser, it is explained to you how you can change your cookie-settings. You will find these for the respective browser under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Chrome: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Please note that with the non-acceptance of cookies the functionality of our website may be limited.

III. Contact form, chat and e-mail contact

1. Description and extent of the data processing
On our website, we provide, among other things, a contact form, e-mail address, fax number as well as the phone number. You can also contact us via a number of social media platforms (Facebook, Instagram). In this way, you are able to contact our Customer Service department directly. If and to the extent to which you contact us via the contact form provided on our web pages, by chat, e-mail, telephone, fax, via the fault report form or social media platforms and inquire about your orders or your customer status, you may be required to transmit certain personal data such as name, address, e-mail address, date of birth, order or invoice number so that your inquiry can be processed properly. This data will only be used earmarked for the verification and processing of your inquiry. This data is only used on an earmarked basis for the purpose of verifying and processing your inquiry. In the event that you contact us through a social media platform, please be advised that such platforms are not owned or controlled by Esprit, which means that the protection and confidentiality of data that is provided via such platforms cannot be guaranteed. For data privacy inquiries, please contact the operator and owner of the respective social media platform.

No data will be forwarded to third parties in this context. The data is only used to process the conversation.

2. Legal basis for the data processing
Art. 6 para. 1 f GDPR forms the legal basis for processing the data that you provide to us in the course of your inquiry.

3. Purpose of the data processing
The processing of personal data via the respective contact channel is only used to process your inquiry and handle your request. This also gives rise to the required justified interest to process the data.
The other personal data that is processed during the send process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of the storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. With regard to the personal data from the input screen of the contact form and the data transmitted by e-mail, that will be the case if the respective conversation with the user has ended. A conversation has ended if it is evident, based on the circumstances, that the relevant matter has been conclusively settled.

The personal data that is additionally collected during the send process will be deleted after a maximum period of seven days.

IV. Storefinder

1. Description and extent of the data processing
We offer a Store Finder service that displays all Esprit Stores and sale points on the basis of post codes or based on your geo-location. The Storefinder uses the Goggle Maps API (see item IIV) for the presentation of the stores on the maps.

2. Legal basis for the data processing
If you do not use the Store Finder on the basis of a post code but instead would like the system to localize your geo-location, you can activate this option via the technical query in your browser. Your location will then be localised in line with the technical consent provided pursuant to Art. 6 para. 1 a GDPR.

3. Purpose of the data processing
The data is processed for the purpose of providing the Store Finder service on our website. If you have agreed to provide your geo-location data, the data will only be processed for the purpose of finding your particular location.

4. Duration of the storage
Your location date will only be used for the specific localisation process and is not stored for an extended period.

5. Possibility to file an objection and remedy
You can withdraw your consent at any time bys changing the respective settings in your browser and by not permitting the access to the geo-locating.

V. Press login for journalists

1. Description and extent of the data processing
We offer a press information service for which you can register to be able to review and download current press information and materials. This service is available to you after it has been unlocked by us.

2. Legal basis for the data processing
The legal basis for the processing of person-related data after a registration as a journalist by users is Art. 6 Para. 1 lit f GDPR)

3. Purpose of the data processing
The purpose of the data processing is the provision of press information and material on our web page for journalists and agencies through a login (user name/password).

4. Duration of the storage
Your registration data will be deleted after two years after the last contact with you.

5. Possibility to file an objection and remedy
You can cancel your registration at any time by sending an email to press@esprit.com.

VI. Investor relations email alert

1. Description and extent of the data processing
We offer an email alert service, which provides you by email with current information with respect to Investor Relations. The email address will be stored as a contact for sending email alerts. If listed in the registration, then first and last name can also be stored. The registration uses the double opt-in process.

2. Legal basis for the data processing
The legal basis for the processing of the data after the registration for the Investor Relations email alert in case of an agreement is Art. 6 Abs. 1 lit. a GDPR).

3. Purpose of the data processing
The acquisition of the email address, first name, last name of the user is used to send the Investor Relations email alert. The acquisition of other person-related data as part of the login process is used to prevent a misuse of the services or the email address.

4. Duration of the storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. The email address, first name, last name of the user will therefore stored as long as the subscription for the email alert is active. The other person-related data acquired as part of the login process will normally be deleted after seven days.

5. Possibility to file an objection and remedy
You can withdraw your agreement at any time by clicking on the appropriate link for the withdrawal in the email alert.

VII. Google Maps

Using an API, this pages uses the map service of Goggle Maps. Goggle Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is the provider. The storage of your IP address is required if you want to use the functions of Goggle Maps. This information is normally transmitted to a server of Goggle in the USA and it will be stored there. The provider of this page has no influence over the data transmission. Goggle Maps is used for an appropriate presentation of our online offerings and for the easy locating of the locations listed on our web page. This represents a justified interest in accordance with Art. 6 Para. 1 lit. f GDPR.

Additional information about the handling of user data can be found in the data privacy statement of Goggle: https://www.google.de/intl/de/policies/privacy

C. Rights of affected persons

Under certain prerequisites you can assert your data protection rights against us:

Right to withdraw consent: If you have consented to certain types of processing activities, you can withdraw your consent at any time with future effect. However, please note that this withdrawal does not affect the legitimacy of the processing activities that took place before you withdrew your consent, or if the processing can be justified on the grounds of another legal basis.

Right for to obtain information: You thus have the right to obtain information from us about your data stored in our company according to the regulations of Art. 15 GDPR (if applicable with restrictions according to Section 34 BDSG)

Right to correction: Following an application from you we will rectify the data stored in relation to your person according to Art. 16 GDPR if these are incorrect or faulty.

Right to deletion: If you request it we will delete your data according to the principles of Art. 17 GDPR, if this is not opposed by other statutory regulations (e.g. Statutory storage obligations or the restrictions according to Section 35 BDSG) or a main interest on our part (e.g. for the defence of our rights and claims).

Right to restrict processing: By taking the prerequisites of Art. 18 GDPR into consideration you can request that we restrict the processing of your data.

Right to object: You can also object to the processing of your data in accordance with Art. 21 GDPR. This right to object exists if there are certain reasons that arise from your special situation, and only for data processing the legitimacy of which is based on a consideration of the various interests, which relates to profiling or that is carried out for the purpose of direct advertising. In this case, your data will no longer be processed unless we are legally entitled to decline your objection. We must however comply with an objection against direct marketing, including profiling, and we may no longer process your data for these purposes.
We must however comply with an objection against direct marketing, including profiling, and we may no longer process your data for these purposes.


Right to data transferability: In accordance with the regulatory requirements of Art. 20 GDPR, you also have the right to receive your data in a structured, popular and machine-readable format, or to have the same transmitted to a third party.

Complaint submitted to the data privacy authority: You also have the right to submit a complaint to a data privacy supervisory authority in charge (Art. 77 GDPR). However, we recommend that a complaint is always first submitted to our Data Protection Officer, so that we can address your concerns as quickly and customer-focused as possible.

To ensure that your request is processed promptly, please direct your submissions regarding the exercise of your rights to the address below or directly to our Data Protection Officer in writing.

Esprit Global Image GmbH
Esprit Allee 1
40882 Ratingen
dp@esprit.com

D. Other

I. Existence of an automated decision-making in an individual case (including profiling)

We do not use any purely automated decision-making processes pursuant to Article 22 GDPR. If we should intend to us such a process in future in individual cases after all we will inform you hereof separately if this is stipulated by law.

II. Scope of your obligations to make your data available to us

You only need to make those data available, which are necessary for the commencement and execution of the contractual relationship or for a pre-contractual relationship with us or which we are obliged to collect by law. Without these data we will as a rule not be in the position to conclude the contract or to continue to carry this out. This may also refer to data that are subsequently required within the scope of the contractual relationship. If we additionally receive data from you you will be informed about the voluntary nature of the details separately.

III. Forwarding to third parties

Esprit can only access your data as is required to achieve the purposes in accordance with the internal division of tasks. To this end, only those departments and employees who are required to access your data will be granted access to this data internally.

Service providers: We have involved service providers that have access to your data in their capacity as a contract processor, and who process this data for the purposes specifically defined by us. These contract processors may be marketing services providers, website hosting service providers, IT support services providers, technical service providers (stock exchange price) or website analysis service providers.

Other third parties: We may also be required to forward certain data to third parties in cases where this is required by law or under the legislation. Such parties may include government authorities, external advisors, business partners, courts, experts as well as internal company committees and control instances, if required.

International data transmission: Even though all recipients are currently based in the EU/EEA, it is possible that in the future recipients may be based in a country outside of the EU/EEA that does not offer a standard of data privacy that is comparable to the European data privacy standard. In particular, such service providers may be located in the US in the future. In this case, Esprit will either select service providers that have been certified under the US-EU Privacy Shield Program (Art. 45 para. 1 GDPR), or that arrange the EU standard contract clauses, such as those approved by the EU Commission, with Esprit (Art. 46 para. 2 (c) or (d) GDPR).

IV. Version

This data privacy information was most recently updated on 25 May 2018. Esprit reserves the right to update this data privacy information from time to time.