privacy

Privacy Policy

This Privacy Policy was last updated on November 9, 2022.

Table of Contents

A. Summary

We take your privacy very seriously and are committed to being transparent with how we use your information. Our website www.highsnobiety.com (the “Website”), mobile application (the “App”) and any of our services and sites directing you to this Privacy Policy are controlled by Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany (collectively “we” or “us”).

Data controller & responsible body

Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany

Duly represented by David Fischer, Jürgen Hopfgartner

Data Protection Officerr, dpo@highsnobiety.com

Our Privacy Policy Explains

  • What information we collect and why we collect it (section I – XI)
  • How we use that information (section I – XI)
  • A notice to users from California (section XII)
  • Your rights with regard to the processing of personal data by Titel Media (section XIII)

If you have any questions about this Privacy Policy or would like to know more about what information we collect and store, please contact us at dpo@highsnobiety.com.

Purpose of data collection, data processing and data use

Titel Media is engaged in operating online publications covering forthcoming trends and news in fashion, art, music, and culture. Titel Media collects and processes personal data for the following purposes:

  • Operation of the Website and App, including statistical analysis of the use
  • Provision of content
  • Advertising
  • Execution of contracts

Groups of people concerned and the associated data and category of data

Customer and user data, data from partner companies that are needed to fulfill the purpose.

Children under 16

Our services are not directed toward children under 16 and we will not knowingly collect information for any child under the age of 16.

If you are the parent of a child under the age of 16 and have a concern regarding your child’s information in connection with our services, please contact us at dpo@highsnobiety.com.

Recipients or groups of recipients to whom data may be disclosed

Public authorities in connection with an overriding legal regulation, contractors in connection with a partnership in accordance with Article 28 of the General Data Protection Regulation (GDPR), external partners and internal departments of Titel Media GmbH to fulfill the purpose.

Time limits for the deletion of data

Under statutory provisions, a variety of obligations and periods apply with regard to the keeping of data. Once these retention periods have expired, the corresponding data must be erased as a matter of routine. Any data not affected by this is deleted if the purposes mentioned above ceases to apply.

Transfer of data to third countries

As further detailed in this Privacy Policy, data may be transferred to a third country in connection with certain services, including to the United States.

Please note that the European Court of Justice has found that the United States do not provide a level of data protection comparable to that in the EU, in particular because US legislation gives national security authorities extensive powers of surveillance, including the mass collection and analysis of data (ECJ, judgment of 16 July 2020 - C-311/18). US providers may be obliged under national law to grant such authorities access to personal data processed by them. There are no effective legal remedies against such surveillance. We only transfer data to recipients in the United States with your prior consent.

Legal basis for the collection and processing of personal data

Legal basis for the processing of personal data on the basis of the user’s consent is Article 6 (1) lit. a GDPR.

Legal basis for the processing of personal data which is necessary for the conclusion or performance of a contract entered in the interest of the user is Article 6 (1) lit. b GDPR. This also applies to pre-contractual processes.

Legal basis for the processing of personal data which is required to fulfil a legal obligation concerning Titel Media is Article 6 (1) lit. c GDPR.

Legal basis for the processing of personal data which is necessary in order to realize a legitimate interest held by either Titel Media or a third party, except where such considerations are overridden by the need to protect the user’s interests or fundamental rights, is Article 6 (1) lit. f GDPR.

B. Information We Collect

We collect information to fulfill orders in our store, to answer any requests and to provide better services to our users and improve our business. We collect information in two ways:

Information you give us or information provided through a social network

For example, some of our services require you to sign up for an account, provide information for a contest or award, or link an account through a social network. The information we collect may include email, name, phone number, address, or credit card information. Such information is necessary to render the services requested and/or to provide contractual services. Legal basis for such data processing is Article 6 (1) lit. a, b or f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if the services are performed in full or if you unsubscribe from our services.

When you contact us, either by email, live chat or by using our contact forms, we collect the data you have submitted with your request (e.g. name. email) and may keep a record of your communication to help solve any issues you might be facing. Legal basis for such data processing is Article 6 (1) lit. b, if the request is related to the conclusion or execution of a contract, and otherwise Article 6 (1) lit. f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if we have processed your request.

When you make a purchase in our store, we collect personal data required to process your order. Legal basis for such data processing is Article 6 (1) lit. b GDPR. Please see section IV. below for further details.

We work with social networks including, but not limited to Facebook, Twitter, Snapchat, Instagram, and YouTube. We have access to information you directly provide and information through those social networking services based on your privacy settings on those networks. Please see section V. below for further details. Such information serves to enhance the usability of our services. Legal basis for such data processing is Article 6 (1) lit. f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

Information we gather from surveys

If you take part in one of our surveys, we store your contact data and the information you provide as part of the survey. We use this data in anonymous form only. It is not possible to draw any conclusions about your person. We publish the results of the survey on our Website or share them with partner companies, e.g. advertising partners or connected websites. For example, we may share information to show trends about the general use of our services.

For conducting the surveys we use Alida, a service of Alida Communications Inc., 365 Bloor St E, 5th Floor, Toronto, ON, M4W 3L4, Canada. The data collected in the survey will be stored on a Alida server in Canada. Further information can be found in Alida's privacy policy.

The legal basis for such data processing is Article 6 (1) lit. f GDPR. The data will be deleted as soon as the purpose of the storage has ceased to exist, e.g. when the survey has been completely evaluated.

Should we require to process further personal data in connection with a survey, we will ask you for your prior consent. In this case the legal basis for data processing is Article 6 (1) lit. a GDPR. You may revoke your consent at any time.

Information we get from your use of our services

We may collect usage information when you visit different parts of our Websiteor use our App. We may also automatically collect certain technical information such as device-specific information (such as your hardware model, operating system version, device type, unique device identifiers, and mobile information if you use a mobile device to access the Website). If this information is necessary to provide our services, the legal basis is Article 6 (1) lit. f GDPR. In other cases, we ask you for your consent and process your information on the basis of Article 6 (1) lit. a GDPR. Please see section I. below for details.

C. Information We Share

We do not share personal information with companies, outside organizations and individuals unless one of the following circumstances apply:

With your consent

We will share personal information with companies, outside organizations or individuals if we have your consent to do so. We may also seek your additional consent for purposes subsequently notified to you.

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. These companies are authorized to use your personal information only as necessary to provide these services to us. If personal data is transferred to or processed in countries outside the European Union, we make sure that our contractors guarantee an adequate level of data protection.

For legal reasons

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will share personal information with companies, outside organizations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.

In case of a sale or asset transfer

If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information, including personal information collected from you through your use of our services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you and ask for your consent where applicable.

In anonymous form for business purposes

We may share anonymous, non-personally identifiable information publicly and with our partners such as businesses which we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.

D. Information Security

We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold however no website is entirely secure. You should protect the account information in your possession as well. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at dpo@highsnobiety.com.

I. Your Privacy Consent Management

When visiting our Website, we will ask you for your consent to use certain cookies. You can at any time revoke your consent for either all services or for individual services by clicking the button below. If you have any questions or concerns on this process send an email to dpo@highsnobiety.com.

Edit Consent

We use Usercentrics, a Consent Management Platform provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (“Usercentrics”). The Consent Management Platform allows us to comply with the statutory provision pursuant to Art 7 (1) lit. a GDPR. This allows Usercentrics to inform the users about specific tags and web technologies on our Website and to obtain, manage and document the users’ consent.

Cookies

Technologies such as: cookies, beacons, tags and scripts are used by us and our advertising and marketing partners, affiliates, or service providers. These technologies are used to collect various types of information. Some cookies are automatically deleted when you end your browser session ("session cookies"). Some cookies will remain stored on your device (“persistent cookies”), for example, to recognize you as a returning user, to gather information about the use of our services and our audience or to display information or advertising tailored to your interests on our Website or on other websites. These cookies will be deleted automatically after a certain period of time.

II. Cookies we use

Detailed information about the cookies used on our Website, including information on the data processed, recipients, retention period and location of processing, can be found in the privacy settings, where you can also manage your consent.

In addition, users can control the use of cookies at the individual browser level by changing your browser settings (mostly found under “Options” or “Settings” in the browser menu). You have the choice of accepting all cookies, being informed about each cookie or refusing all. To manage Flash cookies, please click here. If you choose not to accept cookies on our Website, it is possible that the functionality of our Website may be limited and some services may not be usable.

We use the following types of cookies:

Essential Cookies

These cookies are absolutely necessary for the functionality of our Website and the provision of our services. Legal basis for their use is Article 6 (1) lit. b GDPR, if cookies are used to enable the ordering process, or Article 6 (1) lit. f GDPR.

Functional Cookies

We use these cookies with your prior consent to analyze and improve the use of our Website and services. Legal basis for such data processing is  Article 6 (1) lit. a) DSGVO

Marketing Cookies

Marketing cookies are used by our advertising partners to serve advertisements based on your interests and usage behavior. We will only use such cookies with your prior consent. Legal basis for such data processing is Article 6 (1) lit. a GDPR.

3rd Party Media

We embed content from our profiles in social media and other media content provided by third parties. These third party providers may use cookies to enable content sharing and measure user preferences. Legal basis for such data processing is Article 6 (1) lit. a GDPR.

III. App

Download and installation of the App

Our App is available on app platforms run by third parties (e.g. Google Play and Apple App Store). Download may therefore require prior registration with the relevant app store. We have no control over the processing of your data in connection with your registration with and use of third-party app stores. Please see the terms of use and privacy notices of the respective app store operator for more details.

Sharing App content

If your operating system has an integrated function for sharing app content, you may share content or recommend products, including via social networks. The share functions used by our App are operating system-side functions. We do not receive any information on the recipients and content of your communication. Please see the terms of use and privacy notices of the manufacturer of your device and/or the social networks you use for more details.

System authorizations

In order to enable certain functions, our App must be able to access certain interfaces and data on your device. Depending on your operating system, this may require your express consent. Our App may request the following authorizations.

Requesting mobile data (iOS) or access to all networks and network connections (Android): When using or installing certain apps, these authorizations will be requested in order to allow an app to transfer data via your device’s internet connection (by WLAN or data connection). This authorization may be necessary in order to transfer inputs in the app, e.g. in the course of a search, to our servers.

Changing, deleting or reading the content of USB memory devices/SD cards: These authorizations are required to allow an app to store or read data on your device’s memory or any auxiliary storage. The app will only read the data which was stored in connection with the use of this app.

You can change your authorization settings in your devices’ system settings at any time.

Push Notifications

Our App allows you to receive push notifications that will inform you about new content in our App, product availability updates, special offers or new products in the Store. We only send push notifications with your consent. If you activate push notifications, your device will be assigned a device-specific push ID that is technically required for sending such notifications.

Legal basis for such data processing is Art. 6 (1) lit. a GDPR. You may revoke your consent at any time by deactivating push notifications in your device settings.

IV. Third-country data transfer

For some of the third-party cookies we use, data may be transferred to and processed in the United States (e.g. Google, Facebook). As described in Section A. above, data transferred to the United States may be subject to mass surveillance by US authorities with no effective legal remedies available. If you consent to the use of such cookies, it is possible that your data may be accessed by US authorities.

V. User Account

When you create an account in our App or on our Website, we store your email address and a personal password.

If you have an account, you can order from our store and save articles and products.

Legal basis for such data processing is Art. 6 (1) lit. b GDPR, if the data is collected in connection with an order (see Sec. VI. below for details), and otherwise our legitimate interest in offering the account functions according to Art. 6 (1) lit. f GDPR.

Unless we are required by law to retain your data for a longer period of time (as in the case of data for orders in our store), your data will be deleted at the latest when you delete your account.

In the interest of data minimization, we delete your account if you have been inactive for more than 24 months, i.e. you have not logged in during this period.

VI. Store

To place an order on our Website or in our App, you must create an account using your email address and a personal password.

When placing an order via our store, we collect personal data required to process your order (name, billing address, shipping address, phone number, payment method, email address). These data may be transferred to payment and shipping service providers.

Legal basis for such data processing is Article 6 (1) lit. b GDPR. Due to legal regulations, we are obliged to store data for orders, including addresses and payment details, for 10 years.

Payments via PayPal are handled by Braintree, S. à r. l. et Cie, S. C. A. , 22-24 Boulevard Royal, L-2449 Luxembourg („Braintree“). If you choose to pay by using Braintree, the information required to process the order (such as customer name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, fax, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location, and any other data received by PayPal) will be transferred to Braintree. Braintree may forward this data outside the EEA. In this case, Braintree ensures an adequate level of data protection in accordance with the applicable Data Protection Laws. In particular, for transfers of personal data within PayPal related companies, Braintree relies on Binding Corporate Rules approved by competent Supervisory Authorities. Other transfers may be based on contractual protections. For payments via Braintree, a fraud check is also carried out. For this purpose, your IP address, phone number and/or email address may be forwarded to Braintree so that Braintree can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the chosen payment method. Legal basis for such data processing is Article 6 (1) lit. f GDPR. For further information, please see Braintree’s privacy policy.

If you choose to pay by credit card, the information required to process the order (such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address) will be transferred to Stripe (Stripe Payments Europe Ltd. ). Stripe can forward this data to Stripe Inc. based in the USA. In this case, the data is transferred to a server in the USA. Stripe Inc. has a Privacy Shield certification, which ensures an adequate level of data protection.

For payments by credit card, a fraud check is also carried out. For this purpose, data such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address are forwarded to Stripe so that Stripe can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the credit card payment method. Legal basis for such data processing is Article 6 (1) lit. f GDPR. For further information, please see Stripe’s Privacy Policy.

Our store is hosted by commercetools, a service provided by commercetools GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany).commercetools provides us with an e-commerce platform that allows us to sell products to you. Personal data submitted during the order process will be stored on commercetools’ servers. For further information, please see commercetools’ Privacy Policy.

VII. Links to external social networks and social media widgets

Our Website includes links to social networks and social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policies of the companies providing them. Please note that Titel Media is not liable for the privacy policies of these companies. We recommend you to read the privacy policies of those companies after you get to one of their websites.

Facebook Plugins

Our Website uses social plugins provided by the social network facebook.com. The responsibility for the processing of data via such plugins lies with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, as well as the USA based Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025 (“Facebook”)

The plugins are identifiable by a Facebook logo (white letter f on blue background or a thumb up icon) or the notice “Facebook Social Plugin”. For a full list of all social Plugins please see https://developers.facebook.com/docs/plugins?locale=en_US.

When you visit a page of our Website that contains a social plugin of Facebook, your browser establishes a direct connection to Facebook servers, including in the United States. Facebook directly transfers the plugin content to your browser which embeds the latter into the Website, enabling Facebook to receive information about your having accessed the respective page of our Website. Thus we have no influence on the data gathered by the plugin and inform you according to our state of knowledge:

The embedded plugins provide Facebook with the information that you have accessed the corresponding page of our Website. If you are logged into Facebook, your visit can be assigned to your Facebook account. If you interact with the plugins, for example by clicking “Like”, or entering a comment, the corresponding information is transmitted from your browser directly to Facebook and stored by it. Even if you are not logged into Facebook, there is possibility that the plugins transmits your IP-address to Facebook.

For the information on the purpose and scope of data collection and procession by Facebook, as well as your rights in this respect and settings options for protecting your privacy please visit Facebook’s privacy policy.

If you are a Facebook member and do not want Facebook to connect the data concerning your visit to our Website with your member data already stored by Facebook, please log off Facebook before entering our Website. Further you can block Facebook social Plugins by using add-ons for your browser.

Facebook Page

When you visit our Facebook page, Facebook collects personal data, even if you are not a member of Facebook. Please note that we have no control over the type and scope of such data processing. Facebook provides us with aggregated, anonymous demographic data only that helps us to better understand our audience.

For the information on the purpose and scope of data collection and procession by Facebook, as well as your rights against Facebook in this respect and settings options for protecting your privacy please visit : Facebook’s privacy policy.

Login with Facebook

Our Website also allows you to register or sign-up to our services using your Facebook account. If you connect to highsnobiety.com through Facebook, we collect and use in accordance with this Privacy Policy any information you agreed that Facebook could provide to us through its API. Such information may include your name, profile picture, email address, gender, birthday, location and other information you make publicly available via Facebook.

Such information serves to enhance the usability of our services. Legal basis for such data processing is Article 6 (1) lit. f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Facebook, see Facebook’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Facebook.

Twitter

Our Website also has links to our Twitter pages and uses social plugins provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 , USA (“Twitter”). When you use Twitter and the “Re-Tweet” feature the pages you visited will be linked to your Twitter-account and published to other users. This also involves transferring data to Twitter’s servers in the United States. Please note that we as providers of the pages have no knowledge as to the contents of the submitted data or its use by Twitter.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Twitter, see the privacy rules of Twitter. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Twitter.

Instagram

Our Website has links to our Instagram page and uses social plugins provided by the social network of instagram.com. The sole responsibility for Instagram and its website lies with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, as well as the US based Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025 (“Instagram”).

When you visit a page of our Website that contains a social plugin of Instagram, your browser establishes a direct connection to the Instagram servers. Instagram directly transfers the plugin content to your browser which embeds the latter into the Website, enabling Instagram to receive information about your having accessed the respective page of our Website. Thus we have no influence on the data gathered by the plugin and inform you according to our state of knowledge:

The embedded plugins provide Instagram with the information that you have accessed the corresponding page of our Website. If you are logged into Instagram, your visit can be assigned to your Instagram account. If you interact with the plugins, the corresponding information is transmitted from your browser directly to Instagram and stored by it. Even if you are not logged into Instagram, there is the possibility that the plugins transmits your IP-address to Instagram.

If you are an Instagram member and do not want Instagram to connect the data concerning your visit to our Website with your member data already stored by Instagram, please log off Instagram before entering our Website.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Instagram, see Instagram’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Instagram.

Snapchat

Our Website has links to our Snapchat page and uses social plugins provided by the social network of Snapchat. The sole responsibility for Snapchat and its website lies with Snapchat, Inc. , Attn: copyright Agent, 63 Market Street, Venice, CA 90291, USA (“Snapchat”).

When you visit a page of our Website that contains a social plugin of Snapchat, your browser establishes a direct connection to the Snapchat servers. Snapchat directly transfers the plugin content to your browser which embeds the latter into the Website, enabling Snapchat to receive information about your having accessed the respective page of our Website. Thus we have no influence on the data gathered by the plugin and inform you according to our state of knowledge:

The embedded plugins provide Snapchat with the information that you have accessed the corresponding page of our Website. If you are logged into Snapchat, your visit can be assigned to your Snapchat account. If you interact with the plugins, the corresponding information is transmitted from your browser directly to Snapchat and stored by it. Even if you are not logged into Snapchat, there is possibility that the plugins transmits your IP-address to Snapchat.

If you are a Snapchat member and do not want Snapchat to connect the data concerning your visit to our Website with your member data already stored by Snapchat, please log off Snapchat before entering our Website.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Snapchat, see Snapchat’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Snapchat.

YouTube

Our Website has links to our YouTube page and uses social plugins provided by the social network of YouTube. The sole responsibility for YouTube and its website lies with Google Ireland Limited, Gordon House, Barrow Street Dublin 4., Ireland (for EU, EEA and Switzerland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“YouTube”).

When you visit a page of our Website that contains a social plugin of YouTube, your browser establishes a direct connection to the YouTube servers. YouTube directly transfers the plugin content to your browser which embeds the latter into the Website, enabling YouTube to receive information about your having accessed the respective page of our Website. Thus we have no influence on the data gathered by the plugin and inform you according to our state of knowledge:

The embedded plugins provide YouTube with the information that you have accessed the corresponding page of our Website. If you are logged into YouTube, your visit can be assigned to your YouTube account. If you interact with the plugins, the corresponding information is transmitted from your browser directly to YouTube and stored by it. Even if you are not logged into YouTube, there is possibility that the plugins transmits your IP-address to YouTube.

If you are a YouTube member and do not want YouTube to connect the data concerning your visit to our Website with your member data already stored by YouTube, please log off YouTube before entering our Website.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by YouTube, see YouTube’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by YouTube.

Spotify

Our Website includes functions of the Spotify music service, provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden (“Spotify”). When you visit a page of our Website that contains a Spotify plugin, your browser establishes a direct connection to the Spotify servers, enabling Spotify to receive information that you have visited our Website. If you click the Spotify button while being logged in to your Spotify account, you can link the content of our pages to your Spotify profile. Thus, Spotify can associate visits to our pages with your user account.

More information on the purpose and scope of data collection, and regarding the further processing and use of your data by Spotify can be found in the Spotify privacy policy.

If you do not want Spotify to connect the data concerning your visit to our Website with your member data already stored by Spotify, please log off Spotify before entering our Website.

VIII. Newsletter

You have the opportunity to receive a newsletter containing targeted information via our web service or new products. In this case we must collect and save your email address, which we will only use to send the newsletter. You can unsubscribe from the newsletter at any time. At the end of the newsletter you will find a link intended for this purpose and provides a simple way to cancel the newsletter. In this case your data will be deleted.

For sending the newsletter we use MailChimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. The email addresses are processed on our behalf on a MailChimp server in the USA. The newsletters contain a so-called “web-beacon”, i. e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. These beacons are used to collect the IP address and the time the newsletter was opened as well as the information as to whether the subscriber has clicked on a link contained in the newsletter. MailChimp uses this data to create reports for us about how an email campaign performed and what actions subscribers took. For the storage of your email address and your newsletter preferences we use Iterable, a service provided by Iterable, Inc., 71 Stevenson St, #300, San Francisco, CA 94105, USA. Your email addresses and newsletter preferences are stored on our behalf on an Iterable server in the USA.

If you have expressly consented to receiving our newsletter, the legal basis for such processing of personal data is Article 6 (1) lit. a GDPR.

Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if you unsubscribe from the newsletter.

IX. Affiliate Marketing

We use affiliate links on our Website. In order to evaluate the use and success of these affiliate offers, we store and analyze information about the use of these links. This includes the IP address and interactions with the affiliate links (like clicks). This information is combined by one of our partners with information from the connected shops. On the basis of this information, anonymous statistics about the success of affiliate offers are compiled (e.g. the number of users who clicked on an affiliate link and the type and number of products purchased in our partner’s shop).

The legal basis for this data processing is Article 6 (1) lit. f) GDPR. The data will be deleted as soon as the purpose of the processing has ceased to exist, at the latest after 24 months.

X. Local Storage – HTML5

We may use Local Storage, such as HTML5 to store user preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your web browsing activity may also use HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5. Legal basis for such data processing is Article 6 (1) lit. f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

XI. Log information

When you use our services or view content provided by us, we may automatically collect and store certain information in server logs. This information may include:

  • Details of how you used our service, such as your navigation paths and search queries.
  • Mobile related information if you access our Website using your mobile device.
  • Internet protocol address.
  • Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • Cookies that may uniquely identify your browser, mobile device, or your account.
  • Browser type, operating system, and other technical information.

We may combine this automatically collected log information with other information we collect about you. We do this to improve marketing, analytics, and the products and services we offer you. Such information is used in anonymized or pseudonymized form only. Legal basis for such data processing is Article 6 (1) lit. f GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

You may at all times object to the use of personal data for the above mentioned purposes by informal notification by written letter to Titelmedia GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany, or by email to dpo@highsnobiety.com.

XII. Notice to California Users

The California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (“CCPA”), grants residents of California certain rights with respect to their Personal Information, described below. This Notice to California Customers supplements the information contained in Highsnobiety’s Privacy Policy. Any terms defined in the CCPA have the same meaning when used in this Notice to California Customers.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). During the past twelve (12) months, below are categories of personal information we have either collected or not:

  • A. IDENTIFIERS
  • B. PERSONAL INFORMATION CATEGORIES LISTED IN THE CALIFORNIA CUSTOMER RECORDS STATUTE (CAL. CIV. CODE § 1798. 80(E))
  • C. PROTECTED CLASSIFICATION CHARACTERISTICS UNDER CALIFORNIA OR FEDERAL LAW
  • D. COMMERCIAL INFORMATION
  • E. BIOMETRIC INFORMATION
  • F. INTERNET OR OTHER SIMILAR NETWORK ACTIVITY
  • G. GEOLOCATION DATA
  • H. SENSORY DATA
  • I. PROFESSIONAL OR EMPLOYMENT-RELATED INFORMATION
  • J. NON-PUBLIC EDUCATION INFORMATION (PER THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (20 U. S. C. SECTION 1232G, 34 C. F. R. PART 99))
  • K. INFERENCES DRAWN FROM OTHER PERSONAL INFORMATION

Under the CCPA, personal information does not include information that is publicly available, aggregated consumer information or those not covered by under the CCPA.

We only collect personal information in accordance with the Highsnobiety Privacy Policy (See Section B., Information we Collect)

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our or our affiliates’ assets in which personal information held by us or our affiliates about our Website users is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We discuss in detail how we share information in the Highsnobiety Privacy Policy (See Section C. , Information we Share).

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we’ve collected about you.
    The categories of sources for the personal information we’ve collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we’ve collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq. ).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at dpo@highsnobiety.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we’ve collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales

The CCPA broadly defines “sale” in a way that may include the delivery of targeted advertising on the Services or other sites, including allowing third parties to receive certain information, such as cookies, IP address and/or browsing behavior. We may share the following categories of information for such advertising which may be considered a sale (as defined by California law):

  • device information and identifiers, such as IP address, and unique advertising identifiers and cookies; usage information, such as browsing history or app usage; location information, such as city; and inference data.

Do Not Sell My Personal Information

If you are a California resident and would like to opt out of our use of your information for such purposes (to the extent this is considered a sale), beginning January 1, 2020, you may do so using by sending an email to dpo@highsnobiety.com or using the following link:

Edit Consent

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798. 83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@highsnobiety.com.

XIII. Your right to information and other rights of the persons affected

Right to information

You have the right to obtain confirmation as to whether or not your personal data is being processed by us. Where that is the case, you have the right to access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data is transferred to a third country, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

Right to rectification

You have the right to obtain the rectification of inaccurate or incomplete personal data.

Right to erasure

You have the right to obtain the erasure of personal data where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw the consent on which the processing is based according to Article 6 (1) lit a or Article 9 (2) lit. a GDPR, if there is no other legal ground for the processing;
  3. you object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Titel Media is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

If Titel Media has made personal data public and is obliged to erase the personal data, Titel Media, taking account of available technology and the cost of implementation, takes reasonable steps, including technical measures, to inform controllers which are processing the personal data you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which Titel Media is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to obtain restriction of processing where one of the following applies:

  1. you have contested the accuracy of the personal data, for a period enabling Titel Media to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. Titel Media no longer needs the personal data for the purposes of the processing, but is required by you for the establishment, exercise or defence of legal claims;
  4. you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of Titel Media override yours
  5. Where processing has been restricted under the above, such personal data shall, with the exception of storage, is only processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

I you have obtained restriction of processing you will be informed before the restriction of processing is lifted.

Notification regarding rectification or erasure of personal data or restriction of processing

Titel Media will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the above to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort. On your request, Titel Media informs you about those recipients.

Right to data portability

You have the right to receive the personal data you have provided to Titel Media in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where:

  1. the processing is based on consent pursuant to Article 6 (1) lit. a of Article 9 (2) or on a contract pursuant to Article 6 (1) lit. b GDPR; and
  2. the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one Titel Media to another controller, where technically feasible.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest.

Right to object

  1. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point Article 6 (1) lit. a or lit. f GDPR, including profiling based on those provisions. Titel Media no longer processes the personal data unless Titel Media demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. If you object to processing for direct marketing purposes, the personal data is no longer being processed for such purposes.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

This shall not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  3. is based on the data subject’s explicit consent.

In all such cases, please refer to us by written letter to Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany, or by email to dpo@highsnobiety.com.

Right to revocation

You may at all times revoke consent to the processing of personal data. You can use the function on this page at I. Cookies.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data by Titel Media relating to you infringes the provisions of the GDPR.

In all such cases, please refer to us by written letter to Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany, or by email to dpo@highsnobiety.com.

If you have any questions about data protection, please feel free to contact us at any time using the details given above.

XIV. Changes

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

*If you submitted your e-mail address and placed an order, we may use your e-mail address to inform you regularly about similar products without prior explicit consent. You can object to the use of your e-mail address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. Each newsletter contains an unsubscribe link. Alternatively, you can object to receiving the newsletter at any time by sending an e-mail to info@highsnobiety.com

Web Accessibility Statement

Titelmedia (Highsnobiety), is committed to facilitating and improving the accessibility and usability of its Website, www.highsnobiety.com. Titelmedia strives to ensure that its Website services and content are accessible to persons with disabilities including users of screen reader technology. To accomplish this, Titelmedia has engaged UsableNet Inc, a leading web accessibility consultant to help test, remediate and maintain our Website in-line with the Web Content Accessibility Guidelines (WCAG), which also bring the Website into conformance with the Americans with Disabilities Act of 1990.

Disclaimer

Please be aware that our efforts to maintain accessibility and usability are ongoing. While we strive to make the Website as accessible as possible some issues can be encountered by different assistive technology as the range of assistive technology is wide and varied.

Contact Us

If, at any time, you have specific questions or concerns about the accessibility of any particular webpage on this Website, please contact us at accessibility@highsnobiety.com, +49 (0)30 235 908 500. If you do encounter an accessibility issue, please be sure to specify the web page and nature of the issue in your email and/or phone call, and we will make all reasonable efforts to make that page or the information contained therein accessible for you.