K2 Sports Europe GmbH
Seeshaupter Str. 62, 82377 Penzberg
Fax: +49 8856-901-101
This privacy statement covers all Personal Data received by K2 Sports at the website www.fulltiltboots.com (the “Site”). It also applies to Personal Data we collect when you otherwise interact with us, such as when you make a payment, place an order, sign up for emails, or contact customer service. This Policy also applies to Personal Data that we may receive from our partners and third-party sources. We shall protect your personal data and ensure it is not accessible by unauthorized third parties through proper technical and organizational measures. Also, since we cannot guarantee complete data security on communication via email, we advise you to use encryption while sending confidential information, or use postal mail to send confidential information.
For the use of the website, the delivery of goods or the provision of services, we collect various types of data, some of which are provided by you as a user and some of which are necessary for the use of the website or arise from the use of the website. Personal data are individual details about personal or professional circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if the transfer is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. The information is not used for any other purpose and no automatic decision processing will take place.
If we use contracted service providers for individual functions of our offers via this website or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
The following data protection principles apply to the use of our website and other services offered through it (e.g. contact form, registration, shop):
- We protect your personal data by taking all reasonable and necessary technical and organizational possibilities so that they are not accessible to unauthorized third parties. Our website and other services offered through it therefore use appropriate encryption mechanisms for the provision of content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information
- The person responsible in accordance of Art. 4 para. 7 General Data Protection Regulation („GDPR“) is K2 Sports Europe GmbH, Seeshaupter Str. 62, 82377 Penzberg, Germany (see also via “Imprint” at our Website). The data protection officer is DataCo GmbH, Dachauer Str. 63, 80335 Munich, Germany (firstname.lastname@example.org, www.dataguard.de). You can reach our internal data protection coordinator at email@example.com or via our postal address with the addition “Data Protection”.
- Your personal data will only be passed on to third parties -
- If you send us e-mail messages or other messages, in particular comments, or enter them directly on the Website, we will retain such messages in order to process the request, respond to questions and improve the Website, products and services. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.
- If you provide feedback (for example on the Website), we may use and disclose this feedback for any purpose, as long as we do not provide it with your personal data, i.e. anonymously or pseudonymously. The collection of data contained in such feedback and the handling of all personal data contained therein is in accordance with the data protection principles set out herein.
- You have the right to ask about your personal data free of charge at any time. Furthermore, you have the right at any time to revoke your consent to the use of your personal data with effect for the future and to request correction or deletion of the data stored by us. In particular, you have the following rights towards us with regard to the personal data related to you:
- Right to access information
- Right to correction or erasure
- Right to limitation of processing
- Right of withdrawal of the consent to processing
- Right to data transferability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. You have the following individual rights:
- Right to information pursuant to Art. 15 GDPR on the processing of your personal data by us for processing purposes, categories of processed data, recipients or categories of recipients, duration of storage or criteria for determining the duration, right to correction, deletion, restriction of processing or objection to processing, right of appeal to the supervisory authority, information on the origin of the data where applicable and the existence of automated decision-making and, where applicable, information on guarantees pursuant to Art. 46 GDPR in the event of transfer to a third country or international organisations;
- Right to immediate correction of incorrect or incomplete personal data in accordance with Art. 16 GDPR;
- Right to erasure of the personal data stored pursuant to Art. 17 GDPR if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if a consent granted has been revoked and there is no other legal basis, missing if an opposition to the processing has been lodged and the data may no longer be processed in accordance with Art. 21 para. 1 or 2 GDPR, if the data were processed unlawfully, if deletion is necessary to fulfil a legal obligation or if the data were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- The right to restrict processing in accordance with Art. 18 GDPR, if you dispute the accuracy of the data (for the period necessary to verify their accuracy), if the processing is unlawful but you refuse to delete the data and instead request the restriction of use, if we no longer need the data for the purposes of processing but you need the data to assert, exercise or defend legal claims, or if you object to the processing in accordance with Art. 21 para. 1 GDPR, as long as it is not yet clear whether our justified reasons outweigh your justified reasons;
- Right to object to the processing of your personal data pursuant to Art. 21 para. 2 GDPR (if the data are processed for the purpose of direct marketing) or pursuant to Art. 21 para. 1 GDPR (if the processing is carried out pursuant to Art. 6 para. 1 S. 1 lit. e) or f) GDPR, for reasons arising from your particular situation, unless we have compelling grounds for processing that outweigh your interests or the processing serves to assert, exercise or defend legal claims).
- Right to data transferability in accordance with Art. 20 GDPR, i.e. to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format or to transfer it to another person responsible;
- Right to revoke consent granted at any time in accordance with Art. 7 para. 3 GDPR. The consequence of the revocation is that from the time of the revocation we may no longer carry out the data processing for the future.
- Right of appeal to a supervisory authority pursuant to Art. 77 GDPR. The right of appeal is without prejudice to other administrative or judicial remedies.
- The address of the supervisory authority responsible for us is:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Promenade 27, 91522 Ansbachhttps://www.lda.bayern.de/de/kontakt.html
- Please contact the data protection officer via the contact data stated in Section 2 above to request information and for withdrawal as well as for notification of a request for deletion; the data protection officer will then provide the information immediately or confirm the execution of your request for deletion. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing of the data concerned and inform you accordingly.
7. Data that is provided actively by you as user of the website or services:
- As far as the website or an action via our website requires a registration, the basic data for the registration, determined by the respective registration form are transmitted, processed and stored and only collected, stored and used for the use of the website and its services. In the context of such registration we are also entitled to inform you about changes, additions or new versions of the website, changes of our terms and conditions as well as these privacy statement and additional information provided via the website as well as e.g. about new products.
- If you register for the subscription of a newsletter, this registration can take place under indication of the e-mail address without further data. Additional information will not be requested. For residents of the EU, we use the so-called double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation we will save your e-mail address only for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 S. 1 lit. a) GDPR. We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us by another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously. If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data specified in the imprint is sufficient for this. Of course you will also find an unsubscribe link in every newsletter.
- The data created by users within the scope of using the website via a login or a newsletter registration are stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union and the US.
- When you register for our dealer platform, we will provide you with the access data and save the information necessary to provide you with the information stored on this platform. You can also register as a reseller directly via the link on our website. In this case, the data that are required for the provision of information and services on this re-seller platform are determined by the registration form. We only store this data for the purpose of providing you as a reseller with information and services. The legal basis is Art. 6 para. 1 S. 1 lit b) GDPR.
8. Data that is provided actively by you via Contact forms:
- On our website you have the option of sending us requests using “Contact” forms or other variations of communication channels. Here you can ask questions about our company, our products or our services. In order to enable you to make targeted contact with us, we have provided various ways of making contact.
- In order to be able to process your request, we ask you to provide personal data in our input mask. This includes your name, e-mail address and other information such as the subject of your inquiry and your message text. In addition to the mandatory fields, you can also enter additional information. Optionally, address and/or telephone number can be specified. This information enables us to respond comprehensively to your request. The communication of the data you provide in this context is expressly on a voluntary basis.
- The personal data transmitted to us from your above-mentioned details as well as the time of contacting us will only be used for the purpose for which you made them available to us when contacting us – in particular the processing of your inquiry. The information you provide will only be used to process your request. The data will not be used for other purposes or passed on to third parties without your express consent. Excluded from this – insofar as it is necessary to fulfil your request – are partner companies. These could be, for example: Our suppliers, payment and logistics partners and our trading partners. If there are no legal storage obligations, your personal data will be deleted after the request has been processed.
- The legal basis for data processing is Art. 6 para. 1 S. 1 f) GDPR. Our legitimate interest is that we need your data in order to process or respond to your communication.
- To prevent unauthorized access by third parties to your personal data, our website is encrypted using HTTPS technology.
9. Data collected directly in the context of your use of the website:
While purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee its stability and security (legal basis is Art. 6 para. 1 S. 1 lit. f) GDPR):
- IP address (stored shortened in accordance with data protection regulations)
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request originates
- Browser name and version, language setting
We set cookies, among other things. to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
Language settings, log-in information, cookie settings, search terms and other information required to provide the website.
The user data collected in this way is pseudonymized by technical precautions. The data is not stored together with other personal data of the user.
User behavior on our website and other information used for marketing purposes.
The legal basis for the use of technically necessary cookies and related data processing is § 25 (2) TTDSG in conjunction with Art. 6 para. 1 S. 1 lit f) GDPR. The processing serves to make it easier for you to use our website and to be able to offer you our services as desired. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. Our legitimate interest in processing the cookies results from the aforementioned purposes.
The legal basis for the use of technically unnecessary cookies is your consent, which you have given us via the cookie banner in accordance with § 25 (1) TTDSG in conjunction with Art. 6 para. 1 lit a) GDPR. For these services, you can revoke your consent at any time with effect for the future or give it again later. Alternatively, you can prevent the storage of cookies by setting your browser software accordingly. Please note that the browser settings you make only apply to the browser you are using.
Insofar as we use Flash cookies, these are not recorded by your browser but by your Flash plug-in. We also use HTML5 storage objects that are stored on your end device. These objects store the required data regardless of the browser you use and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. B. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend manually deleting your cookies and browser history on a regular basis.
10. Data collected in the context of the use of the website by analysis tools (WebAnalytics) or third party services used by us with our website:
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/de .html - Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: https://policies.google.com/privacy?hl=de&gl=de.
The legal basis for the processing of the user's personal data is the user's consent in accordance with Art. 6 para. 1 S. 1 lit a) GDPR. The legal basis for the transfer of the user's personal data to a third country is the user's consent in accordance with Art. 49 para. 1 lit a) GDPR.
- We currently use the following social media links: Facebook, Instagram, Twitter, Pinterest. We only use links to the respective social media services or the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the social media services. You can identify the provider of the social media service by the marking on the box above its initials or the logo. We give you the option of communicating directly with the provider of the social media service using the button. Only if you click on the marked field and thereby activate it will the social media service receive the information that you have accessed the corresponding website of our online offer. In the case of Facebook, according to Facebook, the IP address in Germany is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data using cookies in particular, we recommend that you delete all cookies via the security settings of your browser before you click on the button that has not yet been activated. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider. The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. With the plug-ins we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.
The legal basis for the processing of your data in connection with the use of our company website is Art. 6 para. 1 S.1 lit f) GDPR if necessary, for communication and an exchange of information.
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:
Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA; https://www.facebook.com/about/privacy/ ; further information in regard to personal data processed and/or stored: www.facebook.com/about/privacy/your-info-on-other aswell www.facebook.com/about/privacy/your-info
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA; https://help.instagram.com/155833707900388; further information in regard to personal data processed and/or stored: https://help.instagram.com/1896641480634370?ref=ig as well as https://www.facebook.com/help/111814505650678
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA; https://twitter.com/privacy
Pinterest Inc., 651 Brannan Str., San Francisco, CA 94103, USA; for residents outside USA: Palmerston House, 2nd Floor, Fenian Str., Dublin 2, Irland; https://policy.pinterest.com/de/privacy-policy
The legal basis for the processing of your data in connection with the use of our company website is Art. 6 para. 1 S. 1 lit. f) GDPR. It serves the company's appearance for the provision of information about products and services and for communication.
- We use Vimeo to host videos on our website that are stored by Vimeo and can be played directly from our website. If you play such videos, Vimeo may receive the following data: IP address, browser type and language, access times, content of the non-deleted cookies that your browser previously accepted from Vimeo and the address of the referring website. We have no influence on this data transfer. Further information on the purpose and scope of data collection and processing by Vimeo can be found in the data protection declaration https://vimeo.com/privacy. There you will also find further information about your rights and setting options to protect your privacy.
- We use Google Maps on this website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy
A retailer search can be carried out via the website. This uses as a basis the input you have made, e.g. a postal code, in order to display retailers that match your search query in an interactive map that uses map material from Google Maps. The input is only used to display the appropriate search result and is not saved. The legal basis for the processing of your data in connection with the use of our company website is Art. 6 para.1 S. 1 lit. f) GDPR to show you possible stores that carry our products in your area.
- This site uses Webfonts from Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To do this, your browser must establish a direct connection to the Google servers. This makes Google aware that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information on handling user data in Google's data protection provisions at www.google.com/policies/privacy/.
11. Data collected for ecommerce:
- When processing online orders in our online shop, you have the option of choosing from various payment methods. To process the payment process ("checkout"), personal data, name, address, phone, email address, payment information and the invoice amount can be transmitted to the provider of the payment method. The provider can further process and pass on your data to third parties for the following purposes: verification of your identity before a payment can be approved, depending on the selected payment method, a credit check can also be carried out by the payment provider. In addition, the address data and online identifiers you provide, such as the IP address used for the checkout, can be processed in order to prevent illegal activities such as fraud and money laundering. The legal basis for data processing is Art. 6 para. 1 S.1 lit. a), b) GDPR.
With the credit card payment method, the procedure is processed via Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Further information on handling user data can be found in Stripe's data protection provisions at https://stripe.com/de/privacy .
- We work with the parcel service UPS to send online orders. United Parcel Service of America, Inc ("UPS"), 55 Glenlake Parkway, NE Atlanta, GA 30328, USA. For the delivery of goods, among other things, the personal data required for parcel delivery such as name, address and, if applicable, communication data are processed. The legal basis is Art. 6 para. 1 S.1 lit. b) GDPR. Further information on handling user data can be found in the UPS data protection provisions at https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page . In exceptional cases, we also work with the DPD parcel service for shipping items. DPD Deutschland GmbH, Wailandstrasse 1, 63741 Aschaffenburg, GER. Further information on handling user data can be found in DPD data protection provisions at https://www.dpd.com/de/de/datenschutz/
- The email communication of online orders such as order confirmation, shipping or cancellation takes place via Klaviyo.Klaviyo, Global HQ 125 Summer St, Floor 6, Boston, MA 02111, USA and UK Office, 49 Southward Bridge Rd, London, SE1 9HH, UK.The legal basis is Art. 6 para. 1 S.1 lit b) GDPR.Further information on handling user data can be found in Klaviyo's data protection regulations at https://www.klaviyo.com/legal/dpa and https://www.klaviyo.com/legal/privacy-notice
- If you register for competitions organized by us, we will use the data you provided when registering for the purpose of executing the participation contract, in particular to notify you of the winnings.If necessary, advertising for our offers and / or offers from our competition partners.You can find detailed information in the respective conditions of participation for the respective competition.The legal basis is Art. 6 para. 1 S.1 lit b), f) GDPR.
(June 2022 – the policy is drawn up in German; if a translation into another language has been made available, this is for the convenience of the viewer only. In the event of contradictions between the German text and the translated text, the German text shall prevail.)