K2 Sports Europe GmbH
Seeshaupter Str. 62, 82377 Penzberg
Fax: +49 8856-901-101
This privacy statement covers all Personal Data received by K2 Sports at the website www.fulltiltboots.com (the “Site”). It also applies to Personal Data we collect when you otherwise interact with us, such as when you make a payment, place an order, sign up for emails, or contact customer service. This Policy also applies to Personal Data that we may receive from our partners and third-party sources. We shall protect your personal data and ensure it is not accessible by unauthorized third parties through proper technical and organizational measures. Also, since we cannot guarantee complete data security on communication via email, we advise you to use encryption while sending confidential information, or use postal mail to send confidential information.
For the use of the website, the delivery of goods or the provision of services, we collect various types of data, some of which are provided by you as a user and some of which are necessary for the use of the website or arise from the use of the website. Personal data are individual details about personal or professional circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if the transfer is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. The information is not used for any other purpose and no automatic decision processing will take place.
If we use contracted service providers for individual functions of our offers via this website or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
The following data protection principles apply to the use of our website and other services offered through it (e.g. contact form, registration, shop):
- We protect your personal data by taking all reasonable and necessary technical and organizational possibilities so that they are not accessible to unauthorized third parties. Our website and other services offered through it therefore use appropriate encryption mechanisms for the provision of content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information
- Person responsible in the meaning of Art. 4 para. 7 General Data Protection Regulation (GDPR) is K2 Sports Europe GmbH, Seeshaupter Str. 62, 82377 Penzberg, Germany (see also via “Imprint” at our Website). You can contact the person responsible for data protection at firstname.lastname@example.org or via our postal address with the addition “Data Protection”.
- Your personal data will only be passed on to third parties,
- if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR;
- if the transfer is necessary for the fulfilment of contractual obligations pursuant to Art. 6 para. 1 sentence 1 b) GDPR;
- if we are legally obliged to pass on the data within the meaning of Art. 6 Par. 1 S. 1 c) GDPR;
- if the disclosure of the data is in the public interest within the meaning of Art. 6 para. 1 e) GDPR or;
- if the disclosure of data pursuant to Art. 6 para. 1 sentence 1 f) GDPR is necessary to protect our legitimate interests or the legitimate interests of a third party, provided that your interests in the protection of your data do not prevail.
- Right to access information,
- Right to correction or erasure,
- Right to limitation of processing,
- Right of withdrawal of the consent to processing,
- Right to data transferability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. You have the following individual rights:
- Right to information pursuant to Art. 15 GDPR on the processing of your personal data by us for processing purposes, categories of processed data, recipients or categories of recipients, duration of storage or criteria for determining the duration, right to correction, deletion, restriction of processing or objection to processing, right of appeal to the supervisory authority, information on the origin of the data where applicable and the existence of automated decision-making and, where applicable, information on guarantees pursuant to Art. 46 GDPR in the event of transfer to a third country or international organisations;
- Right to immediate correction of incorrect or incomplete personal data in accordance with Art. 16 GDPR;
- Right to erasure of the personal data stored pursuant to Art. 17 GDPR if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if a consent granted has been revoked and there is no other legal basis, missing if an opposition to the processing has been lodged and the data may no longer be processed in accordance with Art. 21 para 1 or 2 GDPR, if the data were processed unlawfully, if deletion is necessary to fulfil a legal obligation or if the data were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- The right to restrict processing in accordance with Article 18 GDPR, if you dispute the accuracy of the data (for the period necessary to verify their accuracy), if the processing is unlawful but you refuse to delete the data and instead request the restriction of use, if we no longer need the data for the purposes of processing but you need the data to assert, exercise or defend legal claims, or if you object to the processing in accordance with Article 18 GDPR. 21 para. 1 GDPR, as long as it is not yet clear whether our justified reasons outweigh your justified reasons;
- Right to object to the processing of your personal data pursuant to Art. 21 para. 2 GDPR (if the data are processed for the purpose of direct marketing) or pursuant to Art. 21 para. 1 GDPR (if the processing is carried out pursuant to Art. 6 para. 1 sentence 1 e) or f) GDPR, for reasons arising from your particular situation, unless we have compelling grounds for processing that outweigh your interests or the processing serves to assert, exercise or defend legal claims).
- Right to data transferability in accordance with Art. 20 GDPR, i.e. to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format or to transfer it to another person responsible;
- Right to revoke consent granted at any time in accordance with Art. 7 para. 3 GDPR. The consequence of the revocation is that from the time of the revocation we may no longer carry out the data processing for the future.
- Right of appeal to a supervisory authority pursuant to Art. 77 GDPR. The right of appeal is without prejudice to other administrative or judicial remedies.
- The address of the supervisory authority responsible for us is:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Promenade 27, 91522 Ansbachhttps://www.lda.bayern.de/de/kontakt.html
- Please contact the data protection officer via the contact data stated in Section 2 above to request information and for withdrawal as well as for notification of a request for deletion; the data protection officer will then provide the information immediately or confirm the execution of your request for deletion. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion cannot take place completely due to legal storage obligations, we limit the processing of the data concerned and inform you accordingly.
- As far as the website or an action via our website requires a registration, the basic data for the registration, determined by the respective registration form are transmitted, processed and stored and only collected, stored and used for the use of the website and its services. In the context of such registration we are also entitled to inform you about changes, additions or new versions of the website, changes of our terms and conditions as well as these privacy statement and additional information provided via the website as well as e.g. about new products.
- If you register for the subscription of a newsletter, this registration can take place under indication of the e-mail address without further data. Additional information will not be requested.
- For residents of the EU, we use the so-called double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation we will save your e-mail address only for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR. We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us by another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously. If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data specified in the imprint is sufficient for this. Of course you will also find an unsubscribe link in every newsletter.
- The data created by users within the scope of using the website via a login or a newsletter registration are stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union and the US.
- When you register for our dealer platform, we will provide you with the access data and save the information necessary to provide you with the information stored on this platform. You can also register as a reseller directly via the link on our website. In this case, the data that are required for the provision of information and services on this re-seller platform are determined by the registration form. We only store this data for the purpose of providing you as a reseller with information and services. The legal basis is Art. 6 para 1 S. 1 lit b GDPR.
- On our website you have the option of sending us requests using “Contact” forms or other variations of communication channels. Here you can ask questions about our company, our products or our services. In order to enable you to make targeted contact with us, we have provided various ways of making contact.
- In order to be able to process your request, we ask you to provide personal data in our input mask. This includes your name, e-mail address and other information such as the subject of your inquiry and your message text. In addition to the mandatory fields, you can also enter additional information. Optionally, address and/or telephone number can be specified.
- This information enables us to respond comprehensively to your request. The communication of the data you provide in this context is expressly on a voluntary basis.
- The personal data transmitted to us from your above-mentioned details as well as the time of contacting us will only be used for the purpose for which you made them available to us when contacting us – in particular the processing of your inquiry. The information you provide will only be used to process your request. The data will not be used for other purposes or passed on to third parties without your express consent. Excluded from this – insofar as it is necessary to fulfil your request – are partner companies. These could be, for example: Our suppliers, payment and logistics partners and our trading partners. If there are no legal storage obligations, your personal data will be deleted after the request has been processed.
- The legal basis for data processing is Art. 6 para. 1 p. 1 f) GDPR. Our legitimate interest is that we need your data in order to process or respond to your communication.
- To prevent unauthorized access by third parties to your personal data, our website is encrypted using HTTPS technology.
- While purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address (stored shortened in accordance with data protection regulations)
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request originates
- Browser name and version, language setting
- Cookies can be set in one of the following types:
- Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
- Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- Third-party cookies are cookies that are set by third parties and can be either transient or persistent cookies.
- You can set your browser to notify you when a cookie is sent. This opens up the possibility of either accepting or rejecting a cookie. The information collected and analyzed is used to improve the services and the website, to personalize the web experience, and to allow easy login to permanently set login cookies.
- We may use the services of third parties to evaluate the efficiency of the website and services and to determine how visitors use the website and or the services and, where appropriate, to provide a personalized user experience when evaluating cookies. The website may use web beacons (tracking pixels) and cookies provided by third parties for this purpose. The information collected by the provider includes the pages visited, navigation patterns and similar data. This data enables us to find out which product information is most interesting for users and which offers users prefer to view. Furthermore, we do not exclude the possibility that we transmit anonymous usage data for market research purposes. Although we may have commissioned third parties to log the data originating from our website, we have control over how this data may or may not be used. The cookie itself does not contain any personal data, but if you provide personal data when visiting the website and do not delete the cookie from your browser after providing this data, the provider collects the non-personal data stored in the cookie (such as the number of visits to the provider) and stores and processes this anonymously.
- If we use Flash cookies, these are not collected by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.
- The following cookies are used while on our site: vimeo.com
- We currently use the following links to social media providers: Facebook, Instagram, Twitter, Pinterest. We only use links to the social media provider or the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the social media. You can recognize the provider of the social media used by the logo shown and/or the additional text information. We offer you the possibility to communicate directly with the provider of the social media via such a button. But only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website. In the case of Facebook, the IP address is anonymized immediately after collection, according to the respective provider in Germany. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on not yet activated button by using your browser’s security settings. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider. The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f GDPR.
The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
- Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/about/privacy/ ; further information in regard to personal data processed and/or stored: www.facebook.com/about/privacy/your-info-on-other aswell www.facebook.com/about/privacy/your-info
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA; https://help.instagram.com/155833707900388; further information in regard to personal data processed and/or stored: https://help.instagram.com/1896641480634370?ref=ig as well as https://www.facebook.com/help/111814505650678
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
- We use Vimeo to host videos on our website that are stored by Vimeo and can be played directly from our website. If you play such videos, Vimeo may receive the following data: IP address, browser type and language, access times, content of the non-deleted cookies that your browser previously accepted from Vimeo and the address of the referring website. We have no influence on this data transfer. Further information on the purpose and scope of data collection and processing by Vimeo can be found in the data protection declaration https://vimeo.com/privacy. There you will also find further information about your rights and setting options to protect your privacy.
- On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website und using Google Maps, Google receives the information that you have called up the corresponding subpage of our website. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
A dealer search can be carried out via the website. This uses the input you have made as a basis, e.g. a postcode, in order to show you dealers based on your search query in an interactive map that uses maps from Google Maps. The entry is only used to display the appropriate search result and is not saved.
- This site uses Webfonts from Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To do this, your browser must establish a direct connection to the Google servers. This makes Google aware that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information on handling user data in Google's data protection provisions at www.google.com/policies/privacy/.
- For orders in our online shop, we use the Commerce Platform Quivers, 50 W Broadway, Ste 333, PMB 89865, Salt Lake City, Utah 84101-2027 USA. Personal data, names, addresses (delivery and billing address), telephone number (optional) and email addresses can be recorded and transmitted to process the ordering process. The legal basis is Art. 6 para 1 S.1 lit. a, b GDPR. You can find further information on handling user data in the Quivers data protection provisions at https://www.quivers.com/privacy-policy/ . We are also obliged by law to process your e-mail address in the event of a purchase via our website (Art. 6 para 1 Clause 1 lit. c GDPR). We store the collected data for the duration of the contract and until the expiry of the statutory or possible contractual warranty and guarantee rights. After this period has expired, we keep the information of the contractual relationship required by commercial and tax law for the periods specified by law.\
- When processing online orders in our online shop, you have the option of choosing from various payment methods. To process the payment process ("checkout"), personal data, name, address, phone, email address, payment information and the invoice amount can be transmitted to the provider of the payment method. The provider can further process and pass on your data to third parties for the following purposes: Verification of your identity before a payment can be approved, depending on the selected payment method, a credit check can also be carried out by the payment provider. In addition, the address data and online identifiers you provide, such as the IP address used for the checkout, can be processed in order to prevent illegal activities such as fraud and money laundering. With the credit card payment method, the procedure is processed via Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA. Further information on handling user data can be found in Stripe's data protection provisions at https://stripe.com/de/privacy . The legal basis for data processing is Art. 6 para 1 S.1 lit. a, b GDPR.
- We work with the parcel service UPS to send online orders. United Parcel Service of America, Inc ("UPS"), 55 Glenlake Parkway, NE Atlanta, GA 30328, USA. For the delivery of goods, among other things, the personal data required for parcel delivery such as name, address and, if applicable, communication data are processed. The legal basis is Art. 6 para 1 S.1 lit. b GDPR. Further information on handling user data can be found in the UPS data protection provisions at https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page . In exceptional cases, we also work with the DPD parcel service for shipping items. DPD Deutschland GmbH, Wailandstrasse 1, 63741 Aschaffenburg, GER. Further information on handling user data can be found in DPD data protection provisions at https://www.dpd.com/de/de/datenschutz/ .
- If you register for competitions organized by us, we will use the data you provided when registering for the purpose of executing the participation contract, in particular to notify you of the winnings. If necessary, advertising for our offers and / or offers from our competition partners. You can find detailed information in the respective conditions of participation for the respective competition. The legal basis is Art. 6 para 1 S.1 lit b, f GDPR.
(October 2021 – the policy is drawn up in German; if a translation into another language has been made available, this is for the convenience of the viewer only. In the event of contradictions between the German text and the translated text, the German text shall prevail.)