Privacy Policy

Privacy Policy for OpenDress GmbH

August 2023

Data Processor

This privacy information applies to data processing by:

OpenDress GmbH
Bücklestr. 3
78467 Konstanz

Data Protection Officer

Our external data protection officer is Robert Leidel. You can reach him at:

datenschutz@opendress.com

Collection and Storage of Personal Data and the Nature and Purpose of Their Use

When Visiting the Website

When you visit our websites opendress.com, opendress.de, and opendress.ch, the browser used on your device automatically sends information to the servers hosting our websites, which are managed by AWS. The data centers of our host are TÜV certified and located within the EU. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer/mobile device
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

This data is processed for the following purposes:

  • Ensuring a smooth connection setup of the website
  • Ensuring comfortable use of our website and app
  • Evaluation of system security and stability
  • For other administrative purposes

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. In no case do we use the collected data to draw conclusions about your person. Additionally, we use cookies and analysis services during your visit to our website. Detailed explanations can be found in sections 4 and 5 of this privacy policy.

When Using Our Contact Form

For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid email address so that we know from whom the inquiry comes and to be able to respond to it. This data is sent to us. Additional information can be provided voluntarily and will also be transmitted to us.

Data processing for the purpose of contacting us is based on Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be deleted after the request you have made is completed, as long as it is not required for the fulfillment of a contract and there is no legal retention obligation.

User Login on Our Website, Partner Sites, and Apps

To use our service, you can choose whether to proceed with or without a profile. Below we explain which data is collected by us in the different uses of OpenDress.

Use of OpenDress via Partner Sites without a Profile

When using OpenDress on partner sites without creating a profile, the data entered during the scan will not be stored by us but will be temporarily used to provide the size recommendation.

Registration of the Profile via the Website or App

If you register a profile via our website or app, the data collected during the scan will be stored in our system to provide continuous size recommendations and for further use on partner sites.

Use of OpenDress via Partner Sites with a Registered Profile

If you have already created a profile on OpenDress via the app, our website, or a partner site, you can use this profile at any time on partner sites. Use the OpenDress icon next to the selected product to get a size recommendation based on your last scan. The required data will not be disclosed to the partner site. Our algorithm only generates a random sequence of numbers per partner site, enabling billing of scans with the partners. No personal data will be transmitted to the partner.

Online Shop Orders via OpenDress

The OpenDress website and app offer a marketplace where you can find various online shops from our partners. Here you can purchase products directly through our site or the app. To ensure a smooth processing of your shopping experience and the delivery of goods, we pass on the personal data stored in your profile to our partners if it is essential for processing the order. We usually transmit:

  • Name, first name
  • Address
  • Payment data
  • Email address

Please note that the necessary data for delivery will also be passed on by our partners to third-party service providers, particularly parcel and payment service providers for shipment. We ensure that our partners have signed a data processing agreement with us according to Art. 28 GDPR or have committed themselves to comply with the GDPR, particularly Art. 28 GDPR. Your orders are permanently stored in our system, but no longer than 4 years unless a longer legal retention obligation applies.

Data Sharing

Your personal data will not be transferred to third parties for purposes other than those listed below. We only share your personal data with third parties if:

  • You have given your explicit consent according to Art. 6 para. 1 sentence 1 lit. a GDPR
  • The transfer is necessary to assert, exercise, or defend legal claims according to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest in not disclosing your data
  • A legal obligation exists for the transfer according to Art. 6 para. 1 sentence 1 lit. c GDPR
  • It is legally permissible and required for the execution of contractual relationships with you according to Art. 6 para. 1 sentence 1 lit. b GDPR

Cookies

We use cookies on our website. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device and do not contain viruses, Trojans, or other malware. The information stored in the cookie is related to the specific device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our offering more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies that are stored on your device for a specified period to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our website and evaluate it for the purpose of optimizing our offering for you. These cookies enable us to recognize automatically when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined period.

The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties according to Art. 6 para. 1 sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or always a hint appears before a new cookie is created. Disabling cookies completely may mean that you cannot use all functions of our website.

Analysis Tools

Google Analytics

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.com/about/; 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see Section 6) are used. The information generated by the cookie about your use of this website, such as

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address)
  • Time of server request

is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, not all functions of this website can be used to their full extent.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

Social Media Plug-ins

We use social plug-ins from the social networks Facebook, Twitter, and Instagram on our website based on Art. 6 para. 1 sentence 1 lit. f GDPR to increase the awareness of our company. The underlying promotional purpose is considered a legitimate interest within the meaning of the GDPR. Responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us is done by the so-called two-click method to protect visitors of our website as best as possible.

Facebook

Our website uses social media plug-ins from Facebook to personalize their use. We use the "LIKE" or "SHARE" button for this. This is an offer from Facebook.

When you access a page of our website that contains such a plug-in, your browser establishes a direct connection to Facebook's servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated into the page.

Through the integration of the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plug-ins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research, and demand-oriented design of Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide further services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights in this regard and setting options to protect your privacy, please refer to Facebook's privacy policy (https://www.facebook.com/about/privacy/).

Twitter

Our website contains integrated plug-ins from the short message network of Twitter Inc. (Twitter). You can recognize the Twitter plug-ins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).

When you access a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while you are logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data and its use by Twitter.

If you do not want Twitter to assign the visit to our pages, please log out of your Twitter user account.

Further information can be found in Twitter's privacy policy (https://twitter.com/privacy).

Instagram

Our website also uses social plug-ins ("plug-ins") from Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera".

When you access a page of our website that contains such a plug-in, your browser establishes a direct connection to Instagram's servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.

If you are logged into Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plug-ins, for example by pressing the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts.

If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website.

For more information, please refer to Instagram's privacy policy (https://help.instagram.com/155833707900388).

Rights of Data Subjects

You have the right:

  • according to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
  • according to Art. 16 GDPR, to demand the correction of incorrect or completion of your personal data stored by us without delay;
  • according to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
  • according to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you oppose its deletion, we no longer need the data but you require it for the assertion, exercise, or defense of legal claims, or you have objected to processing according to Art. 21 GDPR;
  • according to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transfer to another controller;
  • according to Art. 7 para. 3 GDPR, to withdraw your consent at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future; and
  • according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Right to Object

If your personal data is processed on the basis of legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation.

If you would like to exercise your right to withdraw consent or object, please send an email to info@opendress.com.

Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-Dateness and Changes to This Privacy Policy

This privacy policy is currently valid and is dated August 2023.

Due to the further development of our website and offerings thereof or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website at www.opendress.com.