Privacy Policy



Last updated: 22 November 2023

We are pleased that you have visited the website of LLOYD Shoes GmbH ("LLOYD", "we", "us"). We want to help you feel secure when you visit our website by providing you with the following information on how we process your personal data.



I. Controller, contact details, data protection officer


Controller within the meaning of the General Data Protection Regulation (GDPR):

LLOYD Shoes GmbH

Hans-Hermann-Meyer-Str. 1

27232 Sulingen

www.lloyd.com

datenschutz@lloyd.com

 

Data protection officer:

Dr Uwe Schläger, datenschutz nord GmbH

office@datenschutz-nord.de

Tel. +49 (0)421 69 66 32 0 

II. Content of this Privacy Policy

This Privacy Policy informs you about the following in particular:

  • the processing of your personal data, the legal basis of such processing and the purposes for which it is processed;
  • the recipients of your data;
  • whether the provision of your data is mandatory and the consequences of non-provision;
  • your rights and how you can exercise them;
  • the duration of processing;
  • our general security measures, and
  • our use of cookies and similar technologies.

 

When we subsequently use the terms "personal data" or "data" in short, we mean all information that relates to an identified or identifiable living person. Data that has been anonymised in such a way that the data subject cannot or can no longer be identified (anonymous data) is no longer considered to be personal data

III. Processing of your data – legal basis and purposes

LLOYD processes your personal data in various ways, for instance when you (i) visit our website or purchase items via our website, (ii) willingly provide us with data (including via contact forms or when creating a user account) or (iii) use other services we provide.

We process your data according to the following legal bases:

  • Consent: You have given your consent to processing your data for one or more specific purposes (Art. 6 (1) (a) GDPR);
  • Contractual performance and taking steps prior to entering into a contract : Such processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract (Art. 6 (1) (b) GDPR);
  • Legal obligation: Such processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1) (c) GDPR);
  • Legitimate interest: Such processing is necessary for the purposes of the legitimate interests pursued by LLOYD or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 (1) (f) GDPR).

Set out below you can see which data we process for which purposes. We have also identified the legal basis for you.

a. Use of our website



Processing purposes

Data categories

Legal basis

Provision of our website (including for informational purposes)

Device and online identification data (including IP address, browser type, browser version, operating system, general location derived from the IP address, and similar information including information relating to your use of our website (such as time and duration of use, your interaction with website content, user preferences, usage trends))        

Legitimate interest (LLOYD's interest in providing its website to the general public)

Analysis of website usage and optimisation of the individual user experience

Browser type and version, aforementioned device and online identification data, page viewed, the previously visited page (referrer URL), date and times of the visits, personal size data

Legitimate interest (LLOYD's interest in providing its website in a user-optimised manner); and your consent insofar as this is required by law (see detailed information here: Cookie-settings

IT security and fraud prevention

IP address, number of hits from individual IP addresses or particular pages.

Legitimate interest (LLOYD's interest in fraud prevention and IT security)

Handling your contact requests

Contact form data (all data that you submit to us when using our contact forms or otherwise when you contact us with an enquiry)

Legitimate interest (our interest in answering your enquiry)

 

b. Online orders



Processing purposes

Data categories

Legal basis

Processing your online order

Contract data (such as gender, name, address, email address, means of payment, phone number, delivery address including federal state, country)

 

 

Contract initiation and performance

Accounting

Financial and transactional data (including purchase order information relevant to tax authorities)

Legal obligation 

Risk and credit checks

Billing and delivery address, IP address and email address, purchasing data (order value and line items)

Legitimate interest (our interest in the investigation of fraud risk in the context of an order or your solvency based on automated mathematical-statistical procedures) and your consent insofar as this is required by law

Payment providers: We offer various payment options via the payment provider Adyen N.V., including payment by Klarna or express payment methods from third parties (except: Amazon Pay). This involves us transmitting personal data to payment providers or receiving personal data from payment providers. Please refer to the payment provider's privacy policy to obtain more information on how these payment providers process your personal data.

Below is a list of these payment providers:

i. Klarna payment methods

Should you select the Klarna payment methods, we will transfer your customer data via Adyen N.V. to Klarna Bank AB (publ). Klarna independently conducts a risk and fraud check to verify whether Klarna can offer the selected payment method. Klarna may therefore process further personal data under its own responsibility. You can discover more about this and other data protection aspects relating to the Klarna payment methods in the Klarna Privacy Policy. Issues with respect to data processing in the context of Klarna payment methods should be addressed to Klarna.

ii. Express payment methods provided by Paypal (Europe) S.à r.l. et Cie, S.C.A., Amazon Payments Europe, S.C.A., Apple Inc.

Should you select "PayPal Express", "Google Pay" and/or "Apple Pay", we receive the data required for processing your order from the respective payment provider via Adyen N.V. We can then execute the order and pass it on to our service providers for payment processing. Should Amazon Pay be selected, the data transfer takes place directly between us and Amazon Payments Europe S.C.A.

iii. Credit card payment

Should you choose the "credit card" payment method, we exclusively transmit credit card information to our payment provider Adyen N.V., which is subject to strict information security measures. This entity performs fraud checks to prevent credit card misuse. Various parameters are used to verify the extent to which there is a risk of fraud/credit card misuse – including the use of address data. Should such a risk be detected, a customer must additionally verify with their card issuer via the "3-D Secure" protocol.

Note:

LLOYD conducts an address-level risk assessment in relation to each order. We check whether the order addresses are stored in the blocked address file. We offer different payment methods depending on the result.

 

Further credit checks are performed by our service providers subject to the chosen payment method.

 

We use the service provider Adyen N.V. as a so-called payment service provider. Adyen also conducts a risk assessment based on the information provided (billing and delivery address, email, IP address). Adyen N.V. processes the data it receives and uses them to create a profile (score) that provides your contractual partners in the European Economic Area with information, including information for assessing the creditworthiness of natural entities.

 

Other payment providers (credit card providers, Klarna, Paypal) also conduct their own credit check. Please refer to the respective payment provider's privacy policy for more detailed information.


 

c. Your user account



Processing purposes

Data categories

Legal basis

Provision and administration of customer accounts

Credentials (including your account name and password, information required to link to third-party services you select)

Contract initiation

 

d. Your Club Red membership



Processing purposes

Data categories

Rechtsgrundlage

Providing and managing your Club Red membership; sending out customised information, offers, personalised marketing and birthday gifts.

Data that you provide, in particular your name, address, email address and password; purchase data (in particular the place and date of your purchase, type, number and price of the purchased goods and any returns, voucher numbers and products you have bookmarked)

Contract initiation; legitimate interest (LLOYD's interest in direct marketing to existing customers) and your consent insofar as this is required by law

 

e. (Personalised) marketing communications



Processing purposes

Data categories

Legal basis

Personalised marketing communications, in particular newsletter dispatch

Data relating to marketing communication and newsletter data such as your contact information, preferences for receiving marketing materials, preferred communication channels, your interactions with marketing communication (when and how often you open such emails, where you click, and so on)

 

Note: We individualise the marketing content that we provide to you. Evaluation for this purpose involves the emails we send containing so-called web beacons or tracking pixels that represent one-pixel image files. We link the above-mentioned data and these web beacons with your email address and an individual ID to conduct our evaluations. Links included in the newsletter also contain this ID.

Your consent or in the case of marketing to existing customers our legitimate interest (LLOYD's interest in direct marketing to existing customers). 

 

f. Implementation of corporate transactions



Processing purposes

Data categories

Legal basis

Implementation of corporate transactions that involve the sale, transfer, disposal or disclosure of all or a portion of our business or assets to another entity. Such a corporate transaction may involve us disclosing your information to the acquiring company to the extent necessary (and permitted by law)

Contact details including email address, contract data, billing and shipping addresses, login details, information regarding your purchases, returns, return quotas, other personal data which you submitted 

Legitimate interest (LLOYD's interest in selling its business to a third party) or – where required by law – your consent to such disclosure to the acquiring company

 

g. Miscellaneous processing purposes


   

Processing purposes

Data categories

Legal basis

Processing of your data subject rights under Articles 15 to 22 GDPR to enable us to deal with your request and be in a position to provide evidence thereof

The (particular) personal data you submitted.

Fulfilment of a legal obligation and/or for the purpose of pursuing our legitimate interests (evidence-based defence against legal claims)

Enforcement of legal claims and defence in the event of legal disputes

To the extent that is required – all categories of data herein.

Fulfilment of a legal obligation and/or for the purpose of pursuing our legitimate interests (evidence-based defence against legal claims)

Sharing of content with your contacts via smartphone app, such as Facebook, Instagram, Twitter or WhatsApp, or via email. 

So-called referrer data (information about the website you are currently visiting or previously visited)

 

 

Legitimate interest (LLOYD's interest in enabling you to share content via your smartphone on request)

 

 

 

IV. Recipients

We may disclose your information to the following categories of recipients:

 

  • our affiliates (but only to the extent necessary, for example, to provide our service to you);
  • payment providers and providers of credit checks (see further information under Section III. b.);
  • IT service providers or other service providers (including hosting or data centre service providers or our IT security service providers; shipping service providers who receive your name, email address, address and billing address);
  • Other recipients in correlation with our use of cookies and other technologies (please see the relevant information in our Cookies and other technologies section and the cookie banner on our website/other services).

 

Insofar as the aforementioned recipients are our processors (i.e. they only process your data on our behalf for the purposes that we specify), they are subject to contractual obligations to only process your data according to our instructions and they must take action to protect the confidentiality and security of your data.



    V. Transfers of data outside the EU/EEA

    We may transfer your information to countries outside the European Union (EU) and/or the European Economic Area (EEA) ("third countries"). Third countries, especially the USA, may have different laws and may not provide the level of data protection you enjoy under GDPR. This can result in disadvantages, such as impeding the enforcement of data subject rights, a lack of control over further processing and access by government agencies. You may have very limited legal remedies against these.

    Insofar as we transfer your data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an appropriate level of data protection by concluding standard contractual clauses or by means of our corporate partners’ binding internal business rules and we supplement these transfer mechanisms with further contractual, technical and organisational measures as necessary.

    Note: please use the Data Protection Officer's contact details provided in this Privacy Policy to obtain a copy of the relevant transfer mechanisms.

     

    VI. Publicly accessible sources, data origin

    In certain circumstances, we also collect data about you from sources other than yourself (such as our payment processing service providers). Insofar as required, we obtain your consent before we collect your data from other sources.

    VII. Are you obliged to provide your data?

    You are not in principle obliged to provide us with your data. If you do not provide them, however, you may not be able to place an order on our website or benefit from our other services. We may only be able to make our website available to you to a limited extent, or we may not be able to respond to your requests. We may not be able to fulfil our contractual obligations toward you if the processing of your data is required for the performance of a contract between you and us and you do not provide the necessary information.



    VIII. Your data subject rights

    You have the following rights with respect to your data to the extent that the relevant legal requirements are met:

    • Right to information and right to receive a copy of your data, Art. 15 GDPR
    • Right to rectification of your data, Art. 16 GDPR
    • Right to erasure of your data (right to be forgotten), Art. 17 GDPR
    • Right to restriction of processing of your data, Art. 18 GDPR
    • Right to data portability, Art. 20 GDPR

    Right to object, Art. 21 GDPR: You have a general right to object if we process your data based on our legitimate interest. This right to object only exists for reasons arising from your particular situation. This means that you need to fundamentally justify your objection and your reasons for such objection must not arise from the processing situation as such, but must be justified by your personal circumstances. Your objection results in a balancing of interests. We are no longer entitled to process your data for these purposes as a result of your objection unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or for our establishment, exercise or defence of legal claims.

    Objection to direct marketing: You have the right to object to our direct marketing at any time if we process your data based on our legitimate interest in direct marketing. If you object, we will no longer process your data for direct marketing purposes.


    Right to revoke your consent: You can revoke your consent at any time with effect for the future by contacting us using the contact information provided herein.

    Right to lodge a complaint: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes GDPR or other data protection provisions. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

    The relevant supervisory authority in our case is:

    Regulatory authority:            State Commissioner for Data Protection of Lower Saxony

    Address:                  Prinzenstraße 5, 30159 Hanover, Germany

    Telephone:              +49 (0) 511 45 599 00

    Email:                      poststelle@lfd.niedersachsen.de

     

    IX. Automated decision-making

    We do not use automated decision-making mechanisms, including profiling, that could have legal effect against you or significantly affect you in a similar way (Art. 22 GDPR). Information regarding any automated decision-making that payment providers use in the context of credit checks can be found in the respective payment provider’s privacy policy.



    X.
    Retention period

     

    We only store your personal data for as long as it is necessary to achieve the respective processing purpose. We store your data, (i) if you consented to such processing, at most until you revoke your consent; (ii) if we need the data for the execution of a contract, at most as long as the contractual relationship exists with you (including the defence and enforcement of claims within the limitation periods); (iii) if we use the data based on a legitimate interest, at most as long as your interest in erasure or anonymisation of the data does not prevail and we do not have any other legal basis for such processing.

    Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject (including tax law, commercial law and laws combating money laundering). We reserve the right to only delete the data after expiry of the final retention period that legitimises such data storage. This is to ensure that we do not violate legal regulations or lose the ability to assert a claim or defend ourselves against such a claim.

    XI. Security

    We protect your information against loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction, and we maintain the confidentiality of your data. This is achieved, among other things, through the use of appropriate technical and organisational measures. We select and continuously improve our security measures in consideration of the state of the art, the implementation costs and the nature, scope, context and purpose of the processing involved. Technical measures include aspects such as the use of encryption (including TLS encryption of data in transit), access and access control to our systems, monitoring of critical IT system resources and system messages, and ensuring the availability and resilience of systems and services.

    Organisational measures include aspects such as the definition of roles and responsibilities, ensuring the correct and secure operation of information processing facilities, regular training of and awareness raising among employees, as well as evaluation and assessment of the effectiveness of the aforementioned measures and the selection of certified service providers. Access to your data is only be granted to employees, service providers or companies within our group of companies who require this access to fulfil a business purpose or to perform their duties.

    XII. Cookies and other technologies

    Our website uses cookies and similar technologies, including those from third parties.

    More detailed information about the cookies used on our website is available in our Cookie Policy and in the cookie banner on our website. Our Cookie Policy can be viewed via the following link: https://www.lloyd.com/cookie-policy/

     

    XIII. Questions, exercise of your rights, complaints

    If you have any questions or complaints regarding our collection, use or storage of your data, or wish to exercise your rights in relation to your data, please contact datenschutz@lloyd.com.

    Please note: We will comply with your request to assert your rights as a data subject without delay, at the latest within one month. This period may be extended by a further two months if required considering the complexity and number of such requests. We will notify you of an extension of the deadline within one month of receipt of such request, together with the reasons for any delay.

    XIV. Modification of this Privacy Policy

    We may modify this Privacy Policy at any time in line with applicable laws and regulations. Your use of our website is subject to the online version available at the time of your visit.