This Privacy Policy was last updated on September 18, 2024.
We take your privacy very seriously and are committed to being transparent with how we use your information. Our website www.highsnobiety.com (the “Website”), mobile application (the “App”), physical stores (the ‘Store’) and any of our services provided online and in-store as well as sites directing you to this Privacy Policy are controlled by Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany (collectively “we” or “us”).
For the website visitors from the US: please note that we only provide the EU website visitors with the necessary information and we do not aim to extend your contractual rights. To know about your data rights as a website visitor from California, please see section XII “Notice to California Users” of this Privacy Notice.
Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany
Duly represented by David Fischer, Jürgen Hopfgartner
Data Protection Officer, dpo@highsnobiety.com
For all questions on the subject of data protection in connection with our products/services or the use of our website, you can also contact our Data Protection Officer at any time. This person can be reached at the above postal address and at the e-mail address given above (keyword: "to the attention of the Data Protection Officer"). We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, please therefore first contact us directly via this e-mail address.
If you have any questions about this Privacy Policy or would like to know more about what information we collect and store, please contact us at dpo@highsnobiety.com.
Titel Media is engaged in operating online publications covering forthcoming trends and news in fashion, art, music, and culture. Titel Media collects and processes personal data for the following purposes:
We process customers’ and website visitors’ personal data, the data of job applicants as well as the data of business partners from our service providers and partner companies insofar it is needed to fulfil the processing purposes.
The following data categories are processed:.
Our services are not directed toward children under 16 and we will not knowingly collect information for any child under the age of 16.
If you are the parent of a child under the age of 16 and have a concern regarding your child’s information in connection with our services, please contact us at dpo@highsnobiety.com.
Public authorities in connection with an overriding legal regulation, contractors in connection with a partnership in accordance with Art. 28 of the General Data Protection Regulation (GDPR), for example, technical service providers, external partners (for example, consultancies, marketing agencies, law companies) and internal departments of Titel Media GmbH, Zalando Group companies to fulfil the purposes of data processing (for more information please see “Purposes of data collection, data processing and data use”).
Under statutory provisions, a variety of obligations and periods apply with regard to the data retention. We only store personal data for as long as necessary to fulfil the purposes for which we collected the data. Once these retention periods have expired, the corresponding data must be erased as a matter of routine, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.
For evidence purposes, we must retain contractual data for three years from the end of the calendar year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period. Even after this period, we still have to store some of your data for accounting reasons. We are obliged to do so due to the requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified therein for the retention of documents are two to ten years.
As further detailed in this Privacy Notice, data may be transferred to third countries, i.e., countries whose level of data protection does not correspond to that of the European Union (outside the European Union or the European Economic Area) in connection with certain services.
Insofar as this is the case and the European Commission has not issued an adequacy decision or a provider has not been certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR) for these countries, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include, among others, the Standard Contractual Clauses of the European Union or binding corporate rules. Where this is not possible, we rely on the derogations of Art. 49 GDPR, in particular your explicit consent or necessity of data transfer for performance of the contract or for implementation of the pre-contractual measures. If third country data transfer is foreseen and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., secret services) may obtain access to the transferred data in order to collect and analyse it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie consent banner, you will also be informed about it.
We may also process your personal data which is required to fulfil our legal obligations pursuant to Art. 6(1)(c) GDPR.
Furthermore, we may process your personal data which is necessary for the conclusion or performance of a contract entered in your interest pursuant Art. 6(1)(b) GDPR, for example, when you conduct a purchase in our store or online store. This legal basis also applies to the implementation of pre-contractual measures.
We may also process your personal data which is required to fulfill our legal obligations pursuant to Article 6(1)(c) GDPR.
Legal basis for the processing of personal data which is necessary in order to realise our or third party’s legitimate interest, except where such considerations are overridden by the need to protect your interests or fundamental rights, is Art. 6(1)(f) GDPR.
We collect information for example to fulfil orders in our store, to answer customers’ requests and to provide better services to our users and customers as well as to improve our business. The list of purposes of data collection and data processing are provided in “Purpose of data collection, data processing and data use”. We collect information in following ways:
For example, some of our services require you to sign up for a customer account, provide information for a contest or award, or login to an account through a social network. The information we collect includes email, name, phone number, address, and credit card information. Such information is necessary to render the services requested and/or to provide contractual services. Legal basis for such data processing is Art. 6(1)(b) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if the services are performed in full or if you unsubscribe from our services.
When you contact us, either by email, live chat or by using our contact forms, we collect the data you have submitted with your request (including name, email, message content, IP address) and may keep a record of your communication to help solve any issues you might be facing. Legal basis for such data processing is Art. 6(1)(b), if the request is related to the conclusion or execution of a contract, and otherwise Art. 6(1)(f) GDPR. Unless statutory provisions govern otherwise, the data will be deleted if the purpose of processing ceases to apply, e.g. if we have fulfilled your request.
When you make a purchase in our online store, we collect personal data required to process your order. Legal basis for such data processing is Art. 6(1)(b) GDPR. Please see section IV. below for further details.
We work with social networks including Facebook, Twitter, Snapchat, Instagram, and YouTube to communicate with our customers. We have access to information you directly provide and information through those social networking services based on your privacy settings on those networks when you visit or contact us on our social pages. Please see section V. below for further details. Such information serves to enhance the usability of our services. Legal basis for such data processing is Art. 6(1)(f) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.
If you take part in one of our surveys, we store your contact data and the information you provide as part of the survey. We use this data in anonymous form only. It is not possible to draw any conclusions about your person. We publish the results of the survey on our Website or share them with partner companies, e.g. advertising partners or connected websites. For example, we may share information to show trends about the general use of our services.
To receive surveys and to process your personal data for survey purposes, we will ask you for your prior consent. In this case the legal basis for data processing is Art. 6(1)(a) GDPR. You may revoke your consent for receiving surveys and for processing survey data at any time.
We may collect usage information when you visit different parts of our Website, use our App or use in-store tablets. We may also automatically collect certain technical information such as device-specific information (such as your hardware model, operating system version, device type, unique device identifiers, and mobile information if you use a mobile device to access the Website). If this information is necessary to provide our services, the legal basis is Art. 6(1)(b) and (f) GDPR. In other cases, we ask you for your consent and process your information on the basis of Art. 6(1)(a) GDPR. Please see section I. below for details.
You can apply for open positions with us via our application management system Greenhouse provided by Greenhouse Software, Inc. (registered address: 228 Park Avenue S PMP 14744, New York, 10003-1502, USA) or via email to hr@highsnobiety.com. We have concluded a data processing agreement with Greenhouse. Greenhouse may store and process the above-mentioned data outside the European Economic Area (to the USA). Greenhouse Software Inc. has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
The purpose of the data collection is the selection of applicants for the possible employment relationship establishment. To receive and process your application, we process the following personal data in particular (hereinafter "Application data"):
The legal basis for the processing of your application data is Art. 6(1)(b) GDPR.
We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we retain your application data for as long as it is necessary for the employment relationship and to the extent that legal regulations require us to retain it. If your application is rejected, we will store your application data for a maximum of three months after the rejection of your application, unless you give us your consent to store it for a longer period. If you have separately provided us with your consent in accordance with Art. 6 (1)(a) GDPR, we will store your data submitted as part of the application in our talent pool for a further twelve months after the end of the application process in order to identify any further positions that may be of interest to you and, if necessary, to approach you again. After this period, the data will be deleted. You can revoke this consent at any time with effect for the future.
Sometimes we proactively search online for candidates for our open positions and may then receive your personal data from sources such as LinkedIn or XING or other professional networks where you have published your profile. We may then store some of your data (such as name, link to your profile, please adjust accordingly) in our database and contact you to inform you about our open positions. If there are currently no vacancies, we will ask for your consent to store the data in the Talent Pool.
The legal basis is Art. 6(1)(f) of the GDPR if the data processing is based on our legitimate interest and Art. 6(1)(a) if the data processing is based on your consent.
We do not share personal information with companies, outside organisations and individuals unless one of the following circumstances apply:
We will share personal information with companies, outside organisations or individuals if we have your consent to do so. We will also seek your additional consent in case purposes of processing change and we will notify you about it.
We provide personal information to our affiliates, service providers or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures. These companies are authorised to use your personal information only as necessary to provide these services to us. If personal data is transferred to or processed in countries outside the European Union or European Economic Area, we make sure that our contractors guarantee an adequate level of data protection.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will share personal information with companies, outside organisations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.
If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information (including personal information collected from you through your use of our services) could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you and ask for your consent where applicable.
We may share anonymous, non-personally identifiable information publicly and with our partners such as businesses which we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.
We work hard to protect our users and customers from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at dpo@highsnobiety.com.
When visiting our Website, we will ask you for your consent to use certain cookies and similar tracking technologies. You can at any time revoke your consent for either all cookies and similar tracking technologies or for individual ones by clicking the button below. If you have any questions or concerns on this process, please send an email to dpo@highsnobiety.com.
We use Usercentrics, a Consent Management Platform provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (“Usercentrics”). The Consent Management Platform allows us to comply with the statutory provision pursuant to Art 7(1)(a) GDPR. Usercentrics allows us to inform the users about specific tags, cookies and other web technologies on our Website and to obtain, manage and document the users’ consent.
A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. Similar tracking technologies are in particular web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or comparable technologies are rejected or only stored with your prior consent. If you reject cookies or comparable technologies, it is possible that not all of our offers will function properly for you.
Some cookies are automatically deleted when you end your browser session (“session cookies”). Some cookies will remain stored on your device (“persistent cookies”), for example, to recognize you as a returning user, to gather information about the use of our services and our audience or to display information or advertising tailored to your interests on our Website or on other websites. These cookies will be deleted automatically after a certain period of time.
This website uses various services and applications (collectively, "Tools") that are deployed either by Highsnobiety itself or by third parties through the Consent Management Platform ("CMP"). Below, users will be informed about the use of Usercentrics with IAB TCF, the technologies used, the purposes and legal basis, and the tools specifically used by Highsnobiety.
The Usercentrics tool by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich ("Usercentrics") is used as the CMP for obtaining and managing user consents, revocations and objections. The current version of the IAB Transparency and Consent Framework ("TCF") standard is observed, which specifies conclusive categories of processing purposes and the associated legal bases. In addition, TCF makes it possible to directly forward the decisions made by users in the CMP, such as consents, revocations and objections, to the providers of the technologies in the CMP. The so-called TC string is used for this purpose. This ensures that the current wishes of the users are always observed and followed by the providers. The content of the TC string is described below.
Usercentrics generates a banner that informs users about the data processing on this website and gives them the option to consent to all, some or no data processing through optional tools. This banner appears on the first visit to this website and when users revisit their choice of settings to change them or withdraw or object to consents. The banner will also appear on subsequent visits to this website if the information in the local storage has been deleted or has expired.
The following User Data is transferred to Usercentrics as part of the website visit: consents, revocations and objections, IP address, information about the browser, terminal device and the time of the visit. In addition, Usercentrics stores the following necessary information in local storage and session storage on the terminal device used for documentation purposes:
Data processing by Usercentrics is necessary to provide users with the legally required consent management and to comply with documentation obligations. The legal basis for the use of Usercentrics is Art. 6 para. 1 lit. c and f GDPR, justified by Highsnobiety’s interest in fulfilling the legal requirements for consent management. Access to and storage of information in the terminal device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 2 TTDSG.
In general, the following processing purposes as defined by IAB may be pursued by providers in this CMP only with consent:
In addition to the designated processing purposes, the following special functions may only be used within the scope of this CMP with consent:
The following processing purposes may also be pursued by providers in this CMP with consent or with legitimate interest:
The following specific processing purposes may always be pursued in this CMP without consent:
If there is an effective legal basis, the following functions may be used in this CMP:
You can find a detailed information about the deployed tools which are currently part of the IAB TCF under Edit Consent, where you can also manage your consent.
We also use Tools which are not part of IAB TCF.
Detailed information about these cookies and other similar tracking technologies used on our Website, including information on the data processed, recipients, retention period and location of processing, can be found under Edit Consent, where you can also manage your consent.
In addition, users can control the use of cookies and other similar technologies at the individual browser level by changing your browser settings (mostly found under “Options” or “Settings” in the browser menu). You have the choice of accepting all cookies, being informed about each cookie or refusing all. To manage Flash cookies, please click here. If you choose not to accept cookies and similar technologies on our Website, it is possible that the functionality of our Website may be limited and some services may not be usable.
We use the following types of Tools:
These Tools are absolutely necessary for the functionality of our Website and the provision of our services. Legal basis for their use is Art. 6(1)(b) GDPR, if Tools are used to enable the ordering process, or Art. 6(1)(f) GDPR, for example, if Tools are used for fraud prevention. Access to and storage of information in the device is in these cases strictly necessary and takes place on the basis of the implementation laws of the EU member states of the Art. 5 (3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG.
We use these Tools with your prior consent to analyse and improve the use of our Website and services. Legal basis for such data processing is Art. 6(1)(a) DSGVO. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.
Marketing Tools are used by our advertising partners to serve advertisements based on your interests and usage behaviour. We will only use such Tools with your prior consent. Legal basis for such data processing is Art. 6(1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.
We embed content from our profiles in social media and other media content provided by third parties (for example, YouTube, Instagram). These third party providers may use Tools to enable content sharing and measure user preferences. Legal basis for such data processing is Art. 6 (1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5(3) of the ePrivacy Directive, as for example in Germany the § 25 (1) TTDSG.
You can revoke your consent for Functional, Marketing, Third Party Media Tools and Embed at any time. To do so, open the settings directly via the link Edit Consent in the cookie banner of this website. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information about the cookies and the respective storage periods. Alternatively, you can assert your revocation for certain tools directly with the provider.
Our App is available on app platforms run by third parties (e.g. Google Play and Apple App Store). Download may therefore require prior registration with the relevant app store. We have no control over the processing of your data in connection with your registration with and use of third-party app stores. Please see the terms of use and privacy notices of the respective app store operator for more details.
When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your name, email address and account number, the time of download, payment information and the individual device identifier.
We have no influence on this data collection and are not responsible for it. We process this provided data only to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). Beyond that, this data is not stored further.
The legal basis for data processing in our area of responsibility is Art. 6 (1)(b) GDPR for fulfilling purchase contracts and Art. 6 (1)(f) GDPR in cases where Highsnobiety has a legitimate interest. Our legitimate interest is to enable the provision of the app. For data processing, which is the sole responsibility of the app store operator, we refer to their privacy statements:
Our apps can be found at the following addresses in the app stores:
Besides the processing of automatically collected usage data according to sections B and D.IX, your mobile device may also automatically create log files on your device, which may contain various information of a technical nature (such as the type of message, date and time of the message, trigger of the message (e.g., an error, an app call), app used, indication of the content of the message). This is necessary for technical reasons so that the app functions properly and you can use the desired services. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is to enable the provision and functions of the app and to ensure the permanent functionality and security of our systems. The storage of and the access to the logfiles is strictly necessary and thus allowed according to the implementation laws of the EU member states of the Art.5(3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG.
If your operating system has an integrated function for sharing app content, you may share content or recommend products, including via social networks. The share functions used by our App are operating system-side functions. We do not receive any information on the recipients and content of your communication. Please see the terms of use and privacy notices of the manufacturer of your device and/or the social networks you use for more details.
In order to enable certain functions, our App must be able to access certain interfaces and data on your device. Depending on your operating system, this may require your express consent. Our App may request the following authorizations.
Requesting mobile data (iOS) or access to all networks and network connections (Android): When using or installing certain apps, these authorizations will be requested in order to allow an app to transfer data via your device’s internet connection (by WLAN or data connection). This authorization may be necessary in order to transfer inputs in the app, e.g. in the course of a search, to our servers.
Changing, deleting or reading the content of USB memory devices/SD cards: These authorizations are required to allow an app to store or read data on your device’s memory or any auxiliary storage. The app will only read the data which was stored in connection with the use of this app.
You can change your authorization settings in your devices’ system settings at any time.
Generally, these app authorizations are necessary to provide our app. Access to and storage of information in the mobile device is strictly necessary in these cases and takes place on the basis of the implementation laws of the EU member states of the Art. 5 (3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG. The legal basis for the processing of personal data is then Art. 6(1)(f) GDPR. Our legitimate interests are to enable the provision and basic functions of the app.
These authorizations are not consent in the meaning of data protection law. Insofar as information is stored or read in the device on the basis of the authorizations granted that is not strictly necessary for the provision of the app, or personal data is processed that cannot be based on our legitimate interests, we will obtain your consent separately. This is then done on the basis of the implementation laws of the EU member states of Art.5 (3) of the ePrivacy Directive, as example in Germany in accordance with § 25 (1) TTDSG, or for the processing of personal data in accordance with Art. 6(1)(a) GDPR.
Our App allows you to receive push notifications that will inform you about new content in our App, product availability updates, special offers or new products in the Store. We only send push notifications with your consent. If you activate push notifications, your device will be assigned a device-specific push ID that is technically required for sending such notifications.
Legal basis for such data processing is Art.6 (1)(a) GDPR. You may revoke your consent at any time by deactivating push notifications in your device settings.
You can deactivate push notifications at any time via the settings on your mobile device. You can find instructions on how to do this at the following addresses, for example:
iOS: https://support.apple.com/guide/iphone/change-notification-settings-iph7c3d96bab/ios
When you create an account in our App, on our Website or in-store using our iPad, we store your email address and a personal password.
If you have an account, you can order in-store or from our online store and save articles and products.
Legal basis for such data processing is Art. 6(1)(b) GDPR, if the data is collected in connection with an order (see Sec. VI. below for details), and otherwise our legitimate interest in offering the account functions according to Art. 6(1)(f) GDPR (for example, fraud prevention).
Unless we are required by law to retain your data for a longer period of time (as in the case of data for orders in our store and online store), your data will be deleted at the latest when you delete your account.
In the interest of data minimization, we delete your account if you have been inactive for more than 24 months, i.e. you have not logged in during this period.
To place an order items from our online or in-store selection, you must create an account using your email address and a personal password.
When placing an order, we collect personal data required to process your order (name, billing address, shipping address, phone number, payment method, email address). These data may be transferred to payment and shipping service providers.
Legal basis for such data processing is Art. 6 (1)(b) GDPR. Due to legal regulations, we are obliged to store data for orders, including addresses and payment details, for 10 years.
Payments via PayPal are handled by Braintree, S. à r. l. et Cie, S. C. A., 22-24 Boulevard Royal, L-2449 Luxembourg („Braintree“). If you choose to pay by using Braintree, the information required to process the order (such as customer name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, fax, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location, and any other data received by PayPal) will be transferred to Braintree. Braintree may forward this data outside the EEA. In this case, Braintree ensures an adequate level of data protection in accordance with the applicable Data Protection Laws. In particular, for transfers of personal data within PayPal related companies, Braintree relies on Binding Corporate Rules approved by competent Supervisory Authorities. Other transfers may be based on contractual protections. For payments via Braintree, a fraud check is also carried out. For this purpose, your IP address, phone number and/or email address may be forwarded to Braintree so that Braintree can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the chosen payment method. Legal basis for such data processing is Art. 6(1)(f) GDPR. For further information, please see Braintree’s privacy policy.
If you choose to pay by credit card, the information required to process the order (such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address) will be transferred to Stripe (Stripe Payments Europe Ltd.).Stripe can forward this data to Stripe Inc. based in the USA. In this case, the data is transferred to a server in the USA. Stripe, Inc. has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
For payments by credit card, a fraud check is also carried out. For this purpose, data such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address are forwarded to Stripe so that Stripe can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the credit card payment method. Legal basis for such data processing is Art. 6(1)(f) GDPR. For further information, please see Stripe’s Privacy Policy.
Our online store is hosted by commercetools, a service provided by commercetools GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany. commercetools provides us with an e-commerce platform that allows us to sell products to you. Personal data submitted during the order process will be stored on commercetools’ servers. For further information, please see commercetools’ Privacy Policy.
Our Website includes links to social networks. Apart from this, we maintain profiles in social media. Please note that Titel Media is not liable for the privacy policies of these companies. We recommend you read the privacy policies of social media networks for further information.
When you visit our Facebook or Instagram Fanpage, Facebook collects personal data, even if you are not a member of Facebook. Please note that we have no control over the type and scope of such data processing. The users' data is usually processed by Facebook for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
Facebook provides us with aggregated, anonymous demographic data only that helps us to better understand our audience (so-called “Page Insights”).
The legal basis for data processing is Art. 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
Highsnobiety and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfils the data protection obligations under the GDPR with regard to Page Insights data processing. You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum
For the information on the legal basis of the data processing carried out by Facebook under its own responsibility the purpose and scope of data collection and procession by Facebook, as well as your rights against Facebook including the right to object to data processing in this respect and settings options for protecting your privacy please visit: Facebook Insights
You may find more detailed information about your right to object data processing (Opt-Out) under the following pages: https://www.facebook.com/settings?tab=ad and https://www.youronlinechoices.com/
We would like to point out that data protection requests can be made most efficiently with Facebook, as Facebook have access to the data and can take appropriate measures directly.
For more information about the data processing by Facebook please refer to Facebook Privacy Policy.
Our Website also allows you to register or sign-up to our services using your Facebook account. If you want to connect to highsnobiety.com through Facebook, as soon as you have logged in with your existing Facebook account, additional registration is no longer necessary. If you wish to use the Facebook sign-up option, you will first be redirected to the Facebook page. There you will be asked to log in with your username and password. Of course, we do not take any notice of these login data. The server to which a connection is established may be located in the USA. The following data can be transmitted to us through Facebook API: your name, profile picture, email address, gender, birthday, location, likes, friends and other information you make publicly available via Facebook; cookies used in particular: "-fbsr".
By confirming the corresponding registration button on our website, Facebook learns that you have registered on our site with your user account and links your user account with your customer account on our website.
Legal basis for such data processing is Art. 6 (1)(a) GDPR (your consent). Meta has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Facebook, see Facebook’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Facebook.
We maintain a social media profile in X (formerly Twitter (by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA or Twitter International Unlimited, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND (“X”)) in order to communicate with our customers and interested parties and to inform them about our products and services. The users' data is usually processed by X for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our X social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by X social media profile is Art. 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by X, see see the privacy rules of X .There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by X.
We also maintain a social media profile in Snapchat (Snapchat, Inc., 63 Market Street, Venice, CA 90291, USA (“Snapchat”)) in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Snapchat for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our Snapchat social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by Snapchat social media profile is Art. 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties. Snapchat has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Snapchat, see Snapchat’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Snapchat.
Our Website has links to our YouTube social media profile. The sole responsibility for YouTube and its website lies with Google Ireland Limited, Gordon House, Barrow Street Dublin 4., Ireland (for EU, EEA and Switzerland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
We maintain a social media profile in YouTube in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Google for market research and advertising purposes. In this way, behaviour profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.
As part of the operation of our YouTube social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.
The legal basis for data processing by YouTube social media profile is Art. 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6(1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Google, see Google Privacy Policy. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by YouTube. Google has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
You have the opportunity to receive emails containing targeted information via our web service or on new products available online as well as in-store offers and events. In this case we must collect and save your email address, which we will only use to send the emails.
The service provider Iterable Inc., 71 Stevenson Street, 3rd Floor, San Francisco, CA 94105, USA (hereinafter referred to as “Iterable”) is used as our processor for advertising campaigns and the sending of offers for our products in the newsletter. We have entered into a data processing agreement with this service provider. The following data may be processed,depending on the type of marketing information you have subscribed to:
- Your name,
- Your address,
- Your date of birth,
- Your gender and/or pronouns,
- Date of the last purchase, number of purchases,
- Your clothing and shoe size,
- Array of brands and product categories that have been purchased at Highsnobiety.
- Your location,
- Information on events or Highsnobiety Stores you have visited,
- Your Instagram handle.
Iterable may store and process the above-mentioned data outside the European Economic Area (to the USA). Iterable, Inc. has joined the EU-U.S. Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
If you have expressly consented to receiving marketing information via email, the legal basis for such processing of personal data is Art. 6 (1)(a) GDPR. In case we are entitled to send a newsletter based on your previous purchase of goods or services, legal basis for such processing of personal data is § 7 (3) of the German Act Against Unfair Competition (UWG). In this case, the legal basis for the processing of personal data for advertising purposes is our legitimate interest (Art. 6(1)(f) GDPR) in advertising similar products or services.
We use standard market technologies in our marketing emails, with which the interactions with the emails can be measured (e.g., opening of a newsletter, links clicked on). We use this data in pseudonymous form for general statistical analysis and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the email (so-called pixels). The data is only collected pseudonymously and is not linked to your other personal data. The legal basis for this is your consent in accordance with Art. 6 (1)(a) GDPR. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email programme by default.
You can unsubscribe from such marketing information at any time. At the end of the email you will find a link intended for this purpose and provides a simple way to cancel the marketing information or, alternatively, you can reach out to us via dpo@highsnobiety.com. In this case your data will be deleted. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if you unsubscribe from the newsletter.
We use affiliate links on our Website. In order to evaluate the use and success of these affiliate offers, we store and analyse information about the use of these links. This includes the IP address and interactions with the affiliate links (like clicks). This information is combined by one of our partners with information from the connected shops. On the basis of this information, anonymous statistics about the success of affiliate offers are compiled (e.g. the number of users who clicked on an affiliate link and the type and number of products purchased in our partner’s shop).
The legal basis for data processing by us is Art. 6(1)(b) GDPR, insofar as affiliate partners provide special offers for our customers. If you have consented to the use of Marketing Tools via our consent banner, this also applies to those affiliate partners who use cookies to make the referral of new users traceable. If you wish to withdraw your consent to this, you can adjust your settings under “Edit Consent”. The legal basis for this data processing is Art. 6 (1)(f) GDPR, insofar as we use the data to measure the success of the campaigns and to enable billing with the affiliate partners, based on our interest in effective advertising of our offers. The data will be deleted as soon as the purpose of the processing has ceased to exist, at the latest after 24 months.
When you access our Website or App or view content provided by us, we may automatically collect and store certain information in server logs. This information may include:
Data processing of Website or App access data is necessary in order to enable the visit of the Website or App, to guarantee the permanent operability and security of our systems as well as for the general administrative maintenance of our Website or App. The access data is also temporarily stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, for example in order to find the cause of repeated or criminal calls that endanger the stability and security of our Website or App and to take action against them. The legal basis is Art. 6 (1)(b) GDPR, insofar as the page call is made in the course of initiating or executing a contract, and otherwise Art. 6 (1)(f) GDPR on the basis of our legitimate interest in enabling the Website call and the permanent functionality and security of our systems.
Effective January 1, 2020, the California Consumer Privacy Act (“CCPA”), grants residents of California certain rights with respect to their Personal Information, described below. This Notice to California Customers supplements the information contained in Highsnobiety’s Privacy Notice. Any terms defined in the CCPA have the same meaning when used in this Notice to California Customers.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). During the past twelve (12) months, below are categories of personal information we have either collected or not:
Under the CCPA, personal information does not include information that is publicly available, aggregated consumer information or those not covered by under the CCPA.
We only collect personal information in accordance with the Highsnobiety Privacy Notice(See Section B., Information we Collect)
We may use or disclose the personal information we collect for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.
We discuss in detail how we share information in the Highsnobiety Privacy Policy (See Section C. , Information we Share).
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at dpo@highsnobiety.com.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
The CCPA broadly defines “sale” in a way that may include the delivery of targeted advertising on the Services or other sites, including allowing third parties to receive certain information, such as cookies, IP address and/or browsing behavior. We may share the following categories of information for such advertising which may be considered a sale (as defined by California law)
If you are a California resident and would like to opt out of our use of your information for such purposes (to the extent this is considered a sale), beginning January 1, 2020, you may do so using by sending an email to dpo@highsnobiety.com or using the following link
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
California’s “Shine the Light” law (Civil Code Section § 1798. 83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@highsnobiety.com.
To exercise following rights, please contact us as set forth in Section A “Summary” above.
You are entitled to the data subject rights stipulated in Art. 15 - 21, Art. 77 GDPR at any time:
To exercise your rights described here, you can contact us at any time using the contact details above (see Section A. Summary). This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection under Art. 46 GDPR in case of third country data transfer. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your enquiries regarding the exercise of data protection rights and our responses to them are stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims even longer. The legal basis is Art. 6(1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligation under Art. 5(2) GDPR.
You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details above.
Finally, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
We may update our Privacy Notice from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Notice on this page. These changes are effective immediately after they are posted on this page.