Status: November 2021
1. Data processor
This privacy notice applies to data processing by:
The registered trademark „BEWEAR“ is a trademark of OpenDress GmbH.
2. Data protection officer
You can contact our external data protection officer at: firstname.lastname@example.org or in writing to OpenDress GmbH, Attn: Data Protection Officer, Bücklestr. 3, 78467 Konstanz.
3. Collection and storage of personal data and the nature and purpose of their use
a. When visiting the website
When accessing our website beawear.ai information is automatically sent by the browser used on your end device to the servers of our websites, which are hosted by the provider Squarespace Inc. The data centres of our host are located within the EU and the USA. Squarespace Inc. has committed itself to storing and processing the data in accordance with the German Data Protection Act (DSGVO). (to the Privacy Shield). This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
– IP address of the requesting computer/mobile device,
– Date and time of access,
– Name and URL of the file accessed,
– website from which the access was made (referrer URL),
– the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes:
– Ensuring a smooth connection set-up of the website,
– Ensuring a comfortable use of our website and app,
– evaluating system security and stability, and
– for other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
b. When using our contact form
If you have any questions, we offer you the possibility of contacting us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know who the enquiry is from and so that we can answer it. This data is sent to us. Further information can be provided voluntarily. These will then also be sent to us.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified. If it is not clear whether the conversation has been concluded, the emails including the personal data will be deleted no later than two years after the last contact with us.
c. User login on our website, partner sites and apps
To use our service, you can choose to proceed with or without a profile. Below we set out what data is collected by us when you use OpenDress in different ways.
(a) Using BEAWEAR via partner sites without a profile
(b) Registering a profile via the website or app.
(c) Use of BEAWEAR via partner sites with a registered profile
(a) Using BEAWEAR via partner sites without a profile
BEAWEAR works as a service provider (Software as a Service) with various online shops from the clothing sector. Among other things, BeaWear offers the function of recommending a size. If you visit a website with which we cooperate, you will find the BEAWEAR icon next to the respective product in their online shop. As soon as you click on this icon, our plugin opens. This represents a separate page of BeaWear. On this page you have the option to register with BEAWEAR or to continue without registration. If you would like to register, please read further under point b. If you wish to proceed without registering, you must first enter your height and gender. Then you have to release the camera of your end device (computer, mobile phone, tablet etc.) for BEAWEAR. This will be used to create a video or several photos of you via the sensor technology built into your end device. These pictures or the video are played via our plugin directly onto the BEAWEAR server, which is located in Germany. From the data obtained in this way, our algorithm calculates which size of the requested garment fits you best. The photos or video taken of you during this process are stored on our servers for 2 years. Your scan is combined with a number randomly assigned by the algorithm. This number is stored together with the result of your scan and is used and required for the billing and evaluation of the partner shop’s scans. The scan is not linked to your name, identity or other personal data! unless you wish to have a profile created on our site after the scan. You can find out more about this in the next section.
(b) Use of BEAWEAR via partner sithes with a registered profile
After you have completed the scanning process from (a), you can create a profile with your data with us via our website or the app and use your scan for further size recommendations or the other scope of services of our offer. When registering, you will be asked to provide the following additional data:
– Email address
Furthermore, you can voluntarily enter the following information:
– First and last name
– home address
In addition, you must create a password of your own choice, which you will use to log in to our system in the future. We store this password in connection with your account, but cannot see or make visible the password itself.
Your data will be recorded directly in our system. Our system incl. the customer directory is cloud-based. Your data is therefore stored in a cloud. The servers of our cloud are located exclusively in Germany. Only employees of our company have access to the cloud.
The data stored in our customer file will be deleted at the latest 4 years after your last customer activity with us, unless there are still claims against you or other legal regulations force us to store it longer.
(c) Registration of a profile via our website or app
You are also welcome to register directly with your profile or create a profile via the BEAWEAR website or app. For the creation of a profile, the data as described in (a) and (b) will be collected, stored and deleted again according to the information provided there.
4. BEAWEAR Marketplace
In addition to the bodyscans, the BEAWEAR website and app offer you a marketplace where you can find various online shops from our partners. Here you can purchase products from our partners directly via our website or the app. If you place an order via our marketplace, you will be asked to add further data to your personal profile if this has not already been stored. This includes:
– Name, first name
– Billing and / or delivery address
This data will be linked to your profile with us. You can view this data in the internal area after logging into the app or on our website and change it at any time. This data will be deleted no later than 4 years after your last activity in your profile.
In order to ensure the smooth processing of your shopping experience and to enable the delivery of the goods, we pass on to our partners the personal data you have entered in your profile, insofar as this is relevant for the processing of the order. As a rule, we pass on the following information
– Name, first name
– Your address
– e-mail address
Please note that the data required for delivery may also be passed on by our partners to third party service providers, in particular parcel service providers for shipping. We strictly ensure that our partners have signed an order processing agreement with us in accordance with Art. 28 DSGVO or have committed themselves per se to compliance with the DSGVO in accordance with Art. 28 DSGVO.
Your orders will be permanently stored in our system, however, for a maximum of 4 years after your last activity with us, unless a longer retention period is required by law.
5. Transfer of data
Your personal data will not be passed on to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
– you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
– the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 Sentence 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
– in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as
– this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. B DSGVO for the processing of contractual relationships and general organisational matters (e.g. course implementation, sending of ordered products) with you.
7. Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) sentence 1 lit. f DSGVO. With the tracking measures used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
a. Google Analytics
For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“). In this context, pseudonymised usage profiles are created and cookies are used (see under point 6). The information generated by the cookie about your use of this website, such as
– Browser type/version,
– operating system used,
– Referrer URL (the previously visited page),
– host name of the accessing computer (IP address),
– time of the server request,
8. Social media plug-ins
We use social plug-ins of the social network Facebook and Instagram on our website on the basis of Art. 6 (1) sentence 1 lit. f DSGVO in order to make our company better known. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website as best as possible.
Our website uses so-called social plugins („plugins“) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“). The plugins are marked with an Instagram logo, for example in the form of an „Instagram camera“. You can find an overview of the Instagram plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example confirm the „Instagram“ button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed there to your contacts.
If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. with the script blocker „NoScript“ (http://noscript.net/).
We have included a social media link to Pinterest on our site. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection with the Pinterest servers. The content of the plugin is transmitted by Pinterest directly to your browser, which then integrates it into the website. By integrating the plugins, Pinterest receives the information that your browser has called up the corresponding page of our website, even if you do not have a Pinterest account or are not currently logged into Pinterest. This information (including your IP address) is transmitted by your browser directly to a Pinterest server and stored there. If you are logged in to Pinterest, Pinterest can assign your visit to our website directly to your Pinterest account. Pinterest can use the collected information for the purpose of advertising, market research and the design of the Pinterest pages according to requirements. For this purpose, Pinterest creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Pinterest, to inform other Pinterest users about your activities on our website and to provide other services associated with the use of Pinterest. If you do not want Pinterest to assign the data collected via our website to your Pinterest account, you must log out of Pinterest before visiting our website. For the purpose and scope of the data collection and the further processing and use of the data by Pinterest, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information on the following page: https://policy.pinterest.com/de/privacy-policy
9. Mangopay management service
a. General payment processing
When you use our marketplace to purchase goods from our partners, all payments are processed through the payment service provider Mangopay. Mangopay is operated by Mangopay S.A. 2 Avenue Amélie, L-1125 Luxembourg.
In order to use MANGOPAY, it is necessary to set up an e-wallet on the platform (referred to as a „wallet“ on the platform). In order to create it, we need the following information from you, which we forward to MANGOPAY:
2. first name;
3. last name;
4. date of birth
5. billing address;
6. telephone number;
7. email address.
If already available, we will pull the information from your profile so that you only need to complete the missing information.
The data collection is based on your express consent pursuant to Art. 6 Para. 1 lit. a DSGVO as well as for the fulfilment of the concluded contract between you and the shopping partner that was mediated via our marketplace pursuant to Art. 6 Para. 1 lit. b DSGVO.
The transmission of your data is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
If you do not agree with our GTC, the GTC of Mangopay and or the transfer of data to Mangopay, we cannot fulfil the conclusion of the contract requested by you and must reject your order.
The data required for the transaction and the transaction itself will be stored for 13 months from the date of the transaction.
Mangopay uses the personal data provided and collected for opening and managing your digital wallet, receiving and executing payments, processing customer relations and claims, combating money laundering and financing terrorism. What data is collected and all communication and processing with payment service providers is determined by Mangopay.
b. Contact point for exercising your rights
All requests to exercise your rights and all claims regarding the above collection and use of data should first be addressed to BeaWear as the main contact for you (Article 26(1), third sentence of the GDPR). Should you nevertheless need to contact Mangopay directly, you can reach their data protection officer at the following email address: email@example.com. Your rights in this context mean the right to information (Art. 15 of the GDPR), the right to rectification (Art. 16 of the GDPR), the right to erasure (Art. 17 of the GDPR) and the right to restrict the processing of your personal data (Art. 18 of the GDPR) as well as the right to object (Art. 21 of the GDPR) and the right to data portability (Art. 20 of the GDPR). If you contact BEAWEAR or Mangopay, we will forward your request in order to coordinate it and, if necessary, process it jointly, provided this makes sense from a data protection perspective.
c. KYC-Check (Know you costumer)
As soon as you reach a threshold for deposits or withdrawals, Mangopay requests a copy of your identity card, passport or driving licence. In this case, Mangopay collects the following data via BeaWear and uses it to perform a security check (so-called KYC check):
8. full name;
9. date of birth;
12. data on the document provided (the exact list of data depends on the document provided): document number, photograph, gender, nationality, date of issue, expiry date, place of birth, personal identification number, signature and other data in any of the documents.
The KYC check is necessary for Mangopay to comply with its legal obligations to verify customers (Art. 6(1)(c) of the GDPR) and for the legitimate interests pursued by BeaWear to enable payments between users (Art. 6(1)(f) of the GDPR).
Data processing for the purpose of carrying out know-your-customer checks is carried out by Mangopay S.A.. Data processing for the purpose of collecting Know-Your-Customer information is carried out via the BeaWear platform, under the joint responsibility of Mangopay and BEAWEAR.
d. PEP Verification
In rare cases, additional information may be required to continue to use payments through Mangopay. If you make a high number of transactions on our platform, we may be required to conduct further verification on behalf of our payment service provider Mangopay as part of anti-money laundering and anti-terrorist financing measures. In this case, we will collect and use the following personal data provided in a Politically Exposed Persons (PEP) declaration.
13. full name;
14. date and place of birth;
15. country of residence;
16. address; ;;
17. telephone number; ;
18. e-mail address; ;
19. position and country in which the position is held;
20. origin or destination of funds used on the platform;
21. information on relatives who are PEP – connections to PEP, full names, dates of birth and places of birth;
22. current activity;
This is necessary for Mangopay to comply with its legal obligations (Art. 6(1)(c) and 9(2)(g) of the GDPR.
The data collected and used for the above-mentioned purpose are stored until they are transferred to our payment service provider Mangopay.
10. Rights of data subjects
You have the right:
– to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
– in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
– in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
– in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
– pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
– revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
– complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
11. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to firstname.lastname@example.org. Alternatively, you can write to us by post at OpenDress GmbH, Bücklestr. 3, 78467 Konstanz.
12. Data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
13. Up-to-dateness and amendment of this data protection declaration
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website at opendress.com, beawear.ai.