Highsnobiety
privacy

Privacy Policy

This Privacy Policy was last updated on January 31, 2024.

Table of Contents

A. Summary

We take your privacy very seriously and are committed to being transparent with how we use your information. Our website www.highsnobiety.com (the “Website”), mobile application (the “App”) and any of our services and sites directing you to this Privacy Policy are controlled by Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany (collectively “we” or “us”).

For the website visitors from the US: please note that we only provide the EU website visitors with the necessary information and we do not aim to extend your contractual rights. To know about your data rights as a website visitor from California, please see section XII “Notice to California Users” of this Privacy Notice.

Data controller & responsible body

Titel Media GmbH, Genthiner Strasse 32–34, 10785 Berlin, Germany

Duly represented by David Fischer, Jürgen Hopfgartner

Data Protection Officer, dpo@highsnobiety.com

Our Privacy Policy Explains

  • What information we collect and why we collect it (section I – XI)
  • How we use that information (section I – XI)
  • A notice to users from California (section XII)
  • Your rights with regard to the processing of personal data by Titel Media (section XIII)

If you have any questions about this Privacy Policy or would like to know more about what information we collect and store, please contact us at dpo@highsnobiety.com.

Purposes of data collection, data processing and data use

Titel Media is engaged in operating online publications covering forthcoming trends and news in fashion, art, music, and culture. Titel Media collects and processes personal data for the following purposes:

  • Operation of the Website and App, including statistical analysis of the use
  • Provision of website content
  • Advertising and market research
  • Execution of purchase contracts
  • Fraud prevention, selection of payment methods and credit check
  • Processing of job applications
  • On the basis of your consent

Groups of people concerned and the associated data and category of data

We process customers’ and website visitors’ personal data, the data of job applicants as well as the data of business partners from our service providers and partner companies insofar it is needed to fulfil the processing purposes.

The following data categories are processed:.

  • Profile information
  • Contact details
  • Shopping information
  • Payment details
  • Messages, conversation content
  • Social network data
  • Site data/Access data
  • Tracking data
  • Job applications
  • Survey data

Children under 16

Our services are not directed toward children under 16 and we will not knowingly collect information for any child under the age of 16.

If you are the parent of a child under the age of 16 and have a concern regarding your child’s information in connection with our services, please contact us at dpo@highsnobiety.com.

Recipients or groups of recipients to whom data may be disclosed

Public authorities in connection with an overriding legal regulation, contractors in connection with a partnership in accordance with Article 28 of the General Data Protection Regulation (GDPR), for example, technical service providers, external partners (for example, consultancies, marketing agencies, law companies) and internal departments of Titel Media GmbH, Zalando Group companies to fulfill the purposes of data processing (for more information please see “Purposes of data collection, data processing and data use”).

Time limits for the deletion of data

Under statutory provisions, a variety of obligations and periods apply with regard to the data retention. We only store personal data for as long as necessary to fulfil the purposes for which we collected the data. Once these retention periods have expired, the corresponding data must be erased as a matter of routine, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contractual data for three years from the end of the calendar year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period. Even after this period, we still have to store some of your data for accounting reasons. We are obliged to do so due to the obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified therein for the retention of documents are two to ten years.

Transfer of data to third countries

As further detailed in this Privacy Notice, data may be transferred to a third country, i.e., countries whose level of data protection does not correspond to that of the European Union (outside the European Union or the European Economic Area, including to the United States) in connection with certain services.

Insofar as this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate safeguards to ensure an adequate level of data protection for any data transfers. These include, among others, the Standard Contractual Clauses of the European Union or binding corporate rules. Where this is not possible, we rely on the derogations of Art. 49 GDPR, in particular your explicit consent or necessity of data transfer for performance of the contract or for implementation of the pre-contractual measures. If third country data transfer is foreseen and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., secret services) may obtain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie consent banner, you will also be informed about it.

Legal basis for the collection and processing of personal data

We may process your personal data on the basis of your consent pursuant to Article 6(1)(a) GDPR, for example, for Newsletter subscription (see Chapter VIII “Newsletter”).

Furthermore, we may process your personal data which is necessary for the conclusion or performance of a contract entered in your interest pursuant Article 6(1)(b) GDPR, for example, when you conduct a purchase in our online store. This legal basis also applies to the implementation of pre-contractual measures.

We may also process your personal data which is required to fulfill our legal obligations pursuant to Article 6(1)(c) GDPR.

Legal basis for the processing of personal data which is necessary in order to realize our or third party’s legitimate interest, except where such considerations are overridden by the need to protect your interests or fundamental rights, is Article 6(1)(f) GDPR.

B. Personal data we collect

We collect information for example to fulfil orders in our store, to answer customers’ requests and to provide better services to our users and customers as well as to improve our business. The list of purposes of data collection and data processing are provided in “Purpose of data collection, data processing and data use”. We collect information in following ways:

Information you give us or information provided through a social network

For example, some of our services require you to sign up for a customer account, provide information for a contest or award, or login to an account through a social network. The information we collect includes email, name, phone number, address, and credit card information. Such information is necessary to render the services requested and/or to provide contractual services. Legal basis for such data processing is Article 6 (1)(b) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if the services are performed in full or if you unsubscribe from our services.

When you contact us, either by email, live chat or by using our contact forms, we collect the data you have submitted with your request (including name, email, message content, IP address) and may keep a record of your communication to help solve any issues you might be facing. Legal basis for such data processing is Article 6(1)(b), if the request is related to the conclusion or execution of a contract, and otherwise Article 6(1)(f) GDPR. Unless statutory provisions govern otherwise, the data will be deleted if the purpose of processing ceases to apply, e.g. if we have fulfilled your request.

When you make a purchase in our online store, we collect personal data required to process your order. Legal basis for such data processing is Article 6(1)(b) GDPR. Please see section IV. below for further details.

We work with social networks including Facebook, Twitter, Snapchat, Instagram, and YouTube to communicate with our customers. We have access to information you directly provide and information through those social networking services based on your privacy settings on those networks when you visit or contact us on our social pages. Please see section V. below for further details. Such information serves to enhance the usability of our services. Legal basis for such data processing is Article 6(1)(f) GDPR. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

Information we gather from surveys

If you take part in one of our surveys, we store your contact data and the information you provide as part of the survey. We use this data in anonymous form only. It is not possible to draw any conclusions about your person. We publish the results of the survey on our Website or share them with partner companies, e.g. advertising partners or connected websites. For example, we may share information to show trends about the general use of our services.

To receive surveys and to process your personal data for survey purposes, we will ask you for your prior consent. In this case the legal basis for data processing is Article 6 (1)(a) GDPR. You may revoke your consent for receiving surveys and for processing survey data at any time.

Information we get from your use of our services

We may collect usage information when you visit different parts of our Websiteor use our App. We may also automatically collect certain technical information such as device-specific information (such as your hardware model, operating system version, device type, unique device identifiers, and mobile information if you use a mobile device to access the Website). If this information is necessary to provide our services, the legal basis is Article 6 (1) lit. f GDPR. In other cases, we ask you for your consent and process your information on the basis of Article 6 (1) lit. a GDPR. Please see section I. below for details.

Information we collect from your job application

You can apply for open positions with us via our application management system or via email to hr@highsnobiety.com. The purpose of the data collection is the selection of applicants for the possible employment relationship establishment. To receive and process your application, we process the following personal data in particular (hereinafter "Application data"):

  • First and last name;
  • Email address, telephone number;
  • Application documents (e.g., references, curriculum vitae);
  • Date of earliest possible start of job;
  • Salary expectations.

The legal basis for the processing of your application data is Art. 6 (1)(b) and Art. 88 (1) GDPR in conjunction with Section 26 (1)(1) BDSG.

We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we retain your application data for as long as it is necessary for the employment relationship and to the extent that legal regulations require us to retain it. If your application is rejected, we will store your application data for a maximum of three months after the rejection of your application, unless you give us your consent to store it for a longer period. If you have separately provided us with your consent in accordance with Art. 6 (1)(a) GDPR, we will store your data submitted as part of the application in our talent pool for a further twelve months after the end of the application process in order to identify any further positions that may be of interest to you and, if necessary, to approach you again. After this period, the data will be deleted. You can revoke this consent at any time with effect for the future.

Sometimes we proactively search online for candidates for our open positions and may then receive your personal data from sources such as LinkedIn or XING or other professional networks where you have published your profile. We may then store some of your data (such as name, link to your profile, please adjust accordingly) in our database and contact you to inform you about our open positions. If there are currently no vacancies, we will ask for your consent to store the data in the Talent Pool.

The legal basis is Art. 6 (1)(f) of the GDPR if the data processing is based on our legitimate interest and Art. 6 (1)(a) if the data processing is based on your consent.

C. Information We Share

We do not share personal information with companies, outside organisations and individuals unless one of the following circumstances apply:

With your consent

We will share personal information with companies, outside organisations or individuals if we have your consent to do so. We will also seek your additional consent in case purposes of processing change and we will notify you about it.

For external processing

We provide personal information to our affiliates, service providers or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Notice and any other appropriate confidentiality and security measures. These companies are authorised to use your personal information only as necessary to provide these services to us. If personal data is transferred to or processed in countries outside the European Union or European Economic Area, we make sure that our contractors guarantee an adequate level of data protection.

For legal reasons

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will share personal information with companies, outside organisations or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.

In case of a sale or asset transfer

If we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, user information, including personal information collected from you through your use of our services, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you and ask for your consent where applicable.

In anonymous form for business purposes

We may share anonymous, non-personally identifiable information publicly and with our partners such as businesses which we have a relationship with, advertisers or connected sites. For example, we may share information to show trends about the general use of our services.

D. Information Security

We work hard to protect our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold however no website is entirely secure. You should protect the account information in your possession as well. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at dpo@highsnobiety.com.

I. Your Tracking Consent Management

When visiting our Website, we will ask you for your consent to use certain cookies and similar tracking technologies. You can at any time revoke your consent for either all cookies and similar tracking technologies or for individual ones by clicking the button below. If you have any questions or concerns on this process, please send an email to dpo@highsnobiety.com.

We use Usercentrics, a Consent Management Platform provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (“Usercentrics”). The Consent Management Platform allows us to comply with the statutory provision pursuant to Art 7(1)(a) GDPR. Usercentrics allows us to inform the users about specific tags, cookies and other web technologies on our Website and to obtain, manage and document the users’ consent.

Cookies and similar tracking technologies (“Tools”)

A cookie is a small text file that is stored on your device by the browser. Cookies are not used to run programs or download viruses onto your computer. Similar tracking technologies are in particular web storage (local / session storage), fingerprints, tags or pixels. Most browsers are set by default to accept cookies and similar technologies. However, you can usually adjust your browser settings so that cookies or comparable technologies are rejected or only stored with your prior consent. If you reject cookies or comparable technologies, it is possible that not all of our offers will function properly for you.

Some cookies are automatically deleted when you end your browser session ("session cookies"). Some cookies will remain stored on your device (“persistent cookies”), for example, to recognize you as a returning user, to gather information about the use of our services and our audience or to display information or advertising tailored to your interests on our Website or on other websites. These cookies will be deleted automatically after a certain period of time.

II. Tools we use on our Website

Detailed information about the cookies and other similar tracking technologies used on our Website, including information on the data processed, recipients, retention period and location of processing, can be found under Edit Consent, where you can also manage your consent.

In addition, users can control the use of cookies and other similar technologies at the individual browser level by changing your browser settings (mostly found under “Options” or “Settings” in the browser menu). You have the choice of accepting all cookies, being informed about each cookie or refusing all. To manage Flash cookies, please click here. If you choose not to accept cookies and similar technologies on our Website, it is possible that the functionality of our Website may be limited and some services may not be usable.

We use the following types of Tools:

Essential Tools

These Tools are absolutely necessary for the functionality of our Website and the provision of our services. Legal basis for their use is Article 6(1)(b) GDPR, if Tools are used to enable the ordering process, or Article 6(1)(f) GDPR, for example, if Tools are used for fraud prevention. Access to and storage of information in the device is in these cases strictly necessary and takes place on the basis of the implementation laws of the EU member states of the Art. 5 (3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG.

Functional Tools

We use these Tools with your prior consent to analyse and improve the use of our Website and services. Legal basis for such data processing is Article 6(1)(a) DSGVO. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.

Marketing Tools

Marketing Tools are used by our advertising partners to serve advertisements based on your interests and usage behaviour. We will only use such Tools with your prior consent. Legal basis for such data processing is Article 6(1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5 (3) of the ePrivacy Directive, as example in Germany the § 25 (1) TTDSG.

3rd Party Media Tools (Emded Content)

We embed content from our profiles in social media and other media content provided by third parties (for example, YouTube, Instagram). These third party providers may use Tools to enable content sharing and measure user preferences. Legal basis for such data processing is Article 6 (1)(a) GDPR. Access to and storage of information in the device is then done on the basis of the implementation laws of the EU member states of Art. 5(3) of the ePrivacy Directive, as for example in Germany the § 25 (1) TTDSG.

You can revoke your consent for Functional, Marketing, 3rd Party Media Tools and Embed at any time. To do so, open the settings directly via the link Edit Consent in the cookie banner of this website. There you can also change the selection of the tools you wish to consent to using, as well as obtain additional information about the cookies and the respective storage periods. Alternatively, you can assert your revocation for certain tools directly with the provider.

III. App

Download and installation of the App

Our App is available on app platforms run by third parties (e.g. Google Play and Apple App Store). Download may therefore require prior registration with the relevant app store. We have no control over the processing of your data in connection with your registration with and use of third-party app stores. Please see the terms of use and privacy notices of the respective app store operator for more details.

When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your name, email address and account number, the time of download, payment information and the individual device identifier.

We have no influence on this data collection and are not responsible for it. We process this provided data only to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). Beyond that, this data is not stored further.

The legal basis for data processing in our area of responsibility is Art. 6 (1)(b) GDPR for fulfilling purchase contracts and Art. 6 (1)(f) GDPR in cases where Highsnobiety has a legitimate interest. Our legitimate interest is to enable the provision of the app. For data processing, which is the sole responsibility of the app store operator, we refer to their privacy statements:

Logfiles

Besides the processing of automatically collected usage data according to sections B and D.IX, your mobile device may also automatically create log files on your device, which may contain various information of a technical nature (such as the type of message, date and time of the message, trigger of the message (e.g., an error, an app call), app used, indication of the content of the message). This is necessary for technical reasons so that the app functions properly and you can use the desired services. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is to enable the provision and functions of the app and to ensure the permanent functionality and security of our systems. The storage of and the access to the logfiles is strictly necessary and thus allowed according to the implementation laws of the EU member states of the Art.5(3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG.

Sharing App content

If your operating system has an integrated function for sharing app content, you may share content or recommend products, including via social networks. The share functions used by our App are operating system-side functions. We do not receive any information on the recipients and content of your communication. Please see the terms of use and privacy notices of the manufacturer of your device and/or the social networks you use for more details.

System authorizations

In order to enable certain functions, our App must be able to access certain interfaces and data on your device. Depending on your operating system, this may require your express consent. Our App may request the following authorizations.

Requesting mobile data (iOS) or access to all networks and network connections (Android): When using or installing certain apps, these authorizations will be requested in order to allow an app to transfer data via your device’s internet connection (by WLAN or data connection). This authorization may be necessary in order to transfer inputs in the app, e.g. in the course of a search, to our servers.

Changing, deleting or reading the content of USB memory devices/SD cards: These authorizations are required to allow an app to store or read data on your device’s memory or any auxiliary storage. The app will only read the data which was stored in connection with the use of this app.

You can change your authorization settings in your devices’ system settings at any time.

Generally, these app authorizations are necessary to provide our app. Access to and storage of information in the mobile device is strictly necessary in these cases and takes place on the basis of the implementation laws of the EU member states of the Art. 5 (3) of the ePrivacy Directive, as example in Germany according to § 25 (2) No. 2 TTDSG. The legal basis for the processing of personal data is then Art. 6(1)(f) GDPR. Our legitimate interests are to enable the provision and basic functions of the app.

These authorizations are not consent in the meaning of data protection law. Insofar as information is stored or read in the device on the basis of the authorizations granted that is not strictly necessary for the provision of the app, or personal data is processed that cannot be based on our legitimate interests, we will obtain your consent separately. This is then done on the basis of the implementation laws of the EU member states of Art.5 (3) of the ePrivacy Directive, as example in Germany in accordance with § 25 (1) TTDSG, or for the processing of personal data in accordance with Art. 6(1)(a) GDPR.

Push Notifications

Our App allows you to receive push notifications that will inform you about new content in our App, product availability updates, special offers or new products in the Store. We only send push notifications with your consent. If you activate push notifications, your device will be assigned a device-specific push ID that is technically required for sending such notifications.

Legal basis for such data processing is Art.6 (1)(a) GDPR. You may revoke your consent at any time by deactivating push notifications in your device settings.

You can deactivate push notifications at any time via the settings on your mobile device. You can find instructions on how to do this at the following addresses, for example:

IV. User Account

When you create an account in our App or on our Website, we store your email address and a personal password.

If you have an account, you can order from our online store and save articles and products.

Legal basis for such data processing is Art.6 (1)(b) GDPR, if the data is collected in connection with an order (see Sec. VI. below for details), and otherwise our legitimate interest in offering the account functions according to Art.6 (1)(f) GDPR (for example, fraud prevention).

Unless we are required by law to retain your data for a longer period of time (as in the case of data for orders in our online store), your data will be deleted at the latest when you delete your account.

In the interest of data minimization, we delete your account if you have been inactive for more than 24 months, i.e. you have not logged in during this period.

V. Online Store

To place an order on our Website or in our App, you must create an account using your email address and a personal password.

When placing an order via our store, we collect personal data required to process your order (name, billing address, shipping address, phone number, payment method, email address). These data may be transferred to payment and shipping service providers.

Legal basis for such data processing is Article 6 (1)(b) GDPR. Due to legal regulations, we are obliged to store data for orders, including addresses and payment details, for 10 years.

Payments via PayPal are handled by Braintree, S. à r. l. et Cie, S. C. A., 22-24 Boulevard Royal, L-2449 Luxembourg („Braintree“). If you choose to pay by using Braintree, the information required to process the order (such as customer name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, fax, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location, and any other data received by PayPal) will be transferred to Braintree. Braintree may forward this data outside the EEA. In this case, Braintree ensures an adequate level of data protection in accordance with the applicable Data Protection Laws. In particular, for transfers of personal data within PayPal related companies, Braintree relies on Binding Corporate Rules approved by competent Supervisory Authorities. Other transfers may be based on contractual protections. For payments via Braintree, a fraud check is also carried out. For this purpose, your IP address, phone number and/or email address may be forwarded to Braintree so that Braintree can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the chosen payment method. Legal basis for such data processing is Article 6(1)(f) GDPR. For further information, please see Braintree’s privacy policy.

If you choose to pay by credit card, the information required to process the order (such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address) will be transferred to Stripe (Stripe Payments Europe Ltd.).Stripe can forward this data to Stripe Inc. based in the USA. In this case, the data is transferred to a server in the USA. For this purpose, the Standard Contractual Clauses between Highsnobiety and Stripe, Inc. have been concluded.

For payments by credit card, a fraud check is also carried out. For this purpose, data such as credit card number, purchase price and quantity, time of purchase, shipping address, phone number and email address are forwarded to Stripe so that Stripe can verify the identity and carry out the fraud check. As part of the fraud check, an automated decision is made which may lead to the exclusion of the credit card payment method. Legal basis for such data processing is Article 6(1)(f) GDPR. For further information, please see Stripe’s Privacy Policy.

Our online store is hosted by commercetools, a service provided by commercetools GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany. commercetools provides us with an e-commerce platform that allows us to sell products to you. Personal data submitted during the order process will be stored on commercetools’ servers. For further information, please see commercetools’ Privacy Policy.

VI. Social media profiles

Our Website includes links to social networks. Apart from this, we maintain profiles in social media. Please note that Titel Media is not liable for the privacy policies of these companies. We recommend you to read the privacy policies of social media networks for further information.

Facebook and Instagram Social Media Profile (“Fanpages”)

When you visit our Facebook or Instagram Fanpage, Facebook collects personal data, even if you are not a member of Facebook. Please note that we have no control over the type and scope of such data processing. The users' data is usually processed by Facebook for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.

Facebook provides us with aggregated, anonymous demographic data only that helps us to better understand our audience (so-called “Page Insights”).

The legal basis for data processing is Article 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art.6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

Highsnobiety and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfils the data protection obligations under the GDPR with regard to Page Insights data processing. You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

For the information on the legal basis of the data processing carried out by Facebook under its own responsibility the purpose and scope of data collection and procession by Facebook, as well as your rights against Facebook including the right to object to data processing in this respect and settings options for protecting your privacy please visit: Facebook Insights

You may find more detailed information about your right to object data processing (Opt-Out) under the following pages: https://www.facebook.com/settings?tab=ad and https://www.youronlinechoices.com/

We would like to point out that data protection requests can be made most efficiently with Facebook, as Facebook have access to the data and can take appropriate measures directly.

For more information about the data processing by Facebook please refer to Facebook Privacy Policy.

Login with Facebook

Our Website also allows you to register or sign-up to our services using your Facebook account. If you want to connect to highsnobiety.com through Facebook, as soon as you have logged in with your existing Facebook account, additional registration is no longer necessary. If you wish to use the Facebook sign-up option, you will first be redirected to the Facebook page. There you will be asked to log in with your username and password. Of course, we do not take any notice of these login data. The server to which a connection is established may be located in the USA. The following data can be transmitted to us through Facebook API: your name, profile picture, email address, gender, birthday, location, likes, friends and other information you make publicly available via Facebook; cookies used in particular: "_fbsr".

By confirming the corresponding registration button on our website, Facebook learns that you have registered on our site with your user account and links your user account with your customer account on our website.

Legal basis for such data processing is Article 6 (1)( a) GDPR (your consent). The transfer of data to the USA and other third countries is based on explicit consent in accordance with Art. 49(1)(a) GDPR.Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Facebook, see Facebook’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Facebook.

Twitter social media profile

We maintain a social media profile in Twitter (by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”)) in order to communicate with our customers and interested parties and to inform them about our products and services. The users' data is usually processed by Twitter for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.

As part of the operation of our Twitter social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.

The legal basis for data processing by Twitter social media profile is Article 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6 (1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Twitter, see the privacy rules of Twitter. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Twitter.

Snapchat social media profile

We also maintain a social media profile in Snapchat (Snapchat, Inc., Attn: copyright Agent, 63 Market Street, Venice, CA 90291, USA (“Snapchat”)) in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Snapchat for market research and advertising purposes. In this way, behavior profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.

As part of the operation of our Snapchat social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.

The legal basis for data processing by Snapchat social media profile is Article 6 (1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6(1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Snapchat, see Snapchat’s own privacy rules. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by Snapchat.

YouTube social media profile

Our Website has links to our YouTube social media profile. The sole responsibility for YouTube and its website lies with Google Ireland Limited, Gordon House, Barrow Street Dublin 4., Ireland (for EU, EEA and Switzerland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We maintain a social media profile in YouTube in order to communicate with our customers and interested parties and to inform them about our products and services by using our video channel. The users' data is usually processed by Google for market research and advertising purposes. In this way, behaviour profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the users' computers.

As part of the operation of our YouTube social media page, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed via them.

The legal basis for data processing by YouTube social media profile is Article 6(1)(f) GDPR, based on our legitimate interest in providing effective information to users and communicating with users, or Art. 6(1)(b) GDPR, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with future customers and interested parties.

For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by Google, see Google Privacy Policy. There you will find, amongst other things, information regarding settings for the protection of your privacy and regarding your further rights regarding the collecting, processing and use of your data by YouTube.

VII. Newsletter

You have the opportunity to receive a newsletter containing targeted information via our web service or new products. In this case we must collect and save your email address, which we will only use to send the newsletter.

The service provider Iterable Inc., 71 Stevenson Street, 3rd Floor, San Francisco, CA 94105, USA (hereinafter referred to as “Iterable”) is used as our processor for advertising campaigns and the sending of offers for our products in the newsletter. We have entered into the data processing agreement with this service provider. The following data are processed:

- Date of the last purchase, number of purchases,

- Array of brands and product categories that have been purchased at Highsnobiety.

Iterable may store and process the above-mentioned data outside the European Economic Area (USA). Iterable, Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Article 45 GDPR.

If you have expressly consented to receiving our newsletter, the legal basis for such processing of personal data is Article 6 (1)(a) GDPR. In case we are entitled to send a newsletter based on your previous purchase of goods or services, legal basis for such processing of personal data is Section 7 (3) of the German Act Against Unfair Competition (UWG). In this case, the legal basis for the processing of personal data for the advertising purposes is our legitimate interest (Article 6 (1)(f) GDPR) in advertising similar products or services.

We use standard market technologies in our newsletters, with which the interactions with the newsletters can be measured (e.g., opening of the newsletter, links clicked on). We use this data in pseudonymous form for general statistical analysis and to optimise and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is only collected pseudonymously and is not linked to your other personal data. The legal basis for this is your consent in accordance with Art. 6 (1)(a) GDPR. We want to share content that is as relevant as possible for our customers via our newsletter and better understand what readers are actually interested in. If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletters or deactivate graphics in your email program by default.

You can unsubscribe from the newsletter at any time. At the end of the newsletter you will find a link intended for this purpose and provides a simple way to cancel the newsletter or, alternatively, you can reach out to us via dpo@highsnobiety.com. In this case your data will be deleted. Unless statutory provisions provide otherwise, the data will be deleted if the purpose ceases to apply, e.g. if you unsubscribe from the newsletter.

VIII. Affiliate Marketing

We use affiliate links on our Website. In order to evaluate the use and success of these affiliate offers, we store and analyse information about the use of these links. This includes the IP address and interactions with the affiliate links (like clicks). This information is combined by one of our partners with information from the connected shops. On the basis of this information, anonymous statistics about the success of affiliate offers are compiled (e.g. the number of users who clicked on an affiliate link and the type and number of products purchased in our partner’s shop).

The legal basis for data processing by us is Art. 6(1)(b) GDPR, insofar as affiliate partners provide special offers for our customers. If you have consented to the use of Marketing Tools via our consent banner, this also applies to those affiliate partners who use cookies to make the referral of new users traceable. If you wish to withdraw your consent to this, you can adjust your settings under “Edit Consent”. The legal basis for this data processing is Article 6 (1)(f) GDPR, insofar as we use the data to measure the success of the campaigns and to enable billing with the affiliate partners, based on our interest in effective advertising of our offers. The data will be deleted as soon as the purpose of the processing has ceased to exist, at the latest after 24 months.

IX. Log information

When you access our Website or App or view content provided by us, we may automatically collect and store certain information in server logs. This information may include:

  • Details of how you used our service, such as your navigation paths and search queries.
  • Mobile related information if you access our Website using your mobile device.
  • Internet protocol address.
  • Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • Browser type, operating system, and other technical information.

Data processing of Website or App access data is necessary in order to enable the visit of the Website or App, to guarantee the permanent operability and security of our systems as well as for the general administrative maintenance of our Website or App. The access data is also temporarily stored in internal log files for the purposes described above, temporarily and limited to the most necessary content, for example in order to find the cause of repeated or criminal calls that endanger the stability and security of our Website or App and to take action against them. The legal basis is Art. 6 (1)(b) GDPR, insofar as the page call is made in the course of initiating or executing a contract, and otherwise Art. 6 (1)(f) GDPR on the basis of our legitimate interest in enabling the Website call and the permanent functionality and security of our systems.

X. Notice to California Users

The California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (“CCPA”), grants residents of California certain rights with respect to their Personal Information, described below. This Notice to California Customers supplements the information contained in Highsnobiety’s Privacy Notice. Any terms defined in the CCPA have the same meaning when used in this Notice to California Customers.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). During the past twelve (12) months, below are categories of personal information we have either collected or not:

  • A. IDENTIFIERS
  • B. PERSONAL INFORMATION CATEGORIES LISTED IN THE CALIFORNIA CUSTOMER RECORDS STATUTE (CAL. CIV. CODE § 1798. 80(E))
  • C. PROTECTED CLASSIFICATION CHARACTERISTICS UNDER CALIFORNIA OR FEDERAL LAW
  • D. COMMERCIAL INFORMATION
  • E. BIOMETRIC INFORMATION
  • F. INTERNET OR OTHER SIMILAR NETWORK ACTIVITY
  • G. GEOLOCATION DATA
  • H. SENSORY DATA
  • I. PROFESSIONAL OR EMPLOYMENT-RELATED INFORMATION
  • J. NON-PUBLIC EDUCATION INFORMATION (PER THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (20 U. S. C. SECTION 1232G, 34 C. F. R. PART 99))
  • K. INFERENCES DRAWN FROM OTHER PERSONAL INFORMATION

Under the CCPA, personal information does not include information that is publicly available, aggregated consumer information or those not covered by under the CCPA.

We only collect personal information in accordance with the Highsnobiety Privacy Notice(See Section B., Information we Collect)

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our or our affiliates’ assets in which personal information held by us or our affiliates about our Website users is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We discuss in detail how we share information in the Highsnobiety Privacy Policy (See Section C. , Information we Share).

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

  • The categories of personal information we’ve collected about you.
    The categories of sources for the personal information we’ve collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we’ve collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq. ).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at dpo@highsnobiety.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we’ve collected personal information or an authorised representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales

The CCPA broadly defines “sale” in a way that may include the delivery of targeted advertising on the Services or other sites, including allowing third parties to receive certain information, such as cookies, IP address and/or browsing behavior. We may share the following categories of information for such advertising which may be considered a sale (as defined by California law)

  • device information and identifiers, such as IP address, and unique advertising identifiers and cookies; usage information, such as browsing history or app usage; location information, such as city; and inference data.

Do Not Sell My Personal Information

If you are a California resident and would like to opt out of our use of your information for such purposes (to the extent this is considered a sale), beginning January 1, 2020, you may do so using by sending an email to dpo@highsnobiety.com or using the following link

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798. 83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@highsnobiety.com.

XI. Your right of access and data subject rights

To exercise following rights, please contact us as set forth in Section A “Summary” above.

You are entitled to the data subject rights stipulated in Art. 15 - 21, Art. 77 GDPR at any time:

  • Right to withdraw your consent;
  • Right to object to the processing of your personal data (Art. 21 GDPR);
  • Right to information about your personal data processed by us (Art. 15 GDPR);
  • Right to rectification of your personal data stored by us which is incorrect (Art. 16 GDPR);
  • Right to erasure of your personal data ("right to be forgotten") (Art. 17 GDPR);
  • Right to restrict the processing of your personal data (Art. 18 GDPR);
  • Right to data portability of your personal data (Art. 20 GDPR);
  • Right to not be subject to automated decision-making (Art. 22 GDPR);
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To exercise your rights described here, you can contact us at any time using the contact details above (see Section A. Summary). This also applies if you would like to receive copies of guarantees to prove an adequate level of data protection under Art. 46 GDPR in case of third country data transfer. Provided that the respective legal requirements are met, we will comply with your data protection request.

Your enquiries regarding the exercise of data protection rights and our responses to them are stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims even longer. The legal basis is Art. 6(1)(f) GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligation under Art. 5(2) GDPR.

You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.

If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details above.

Finally, you have the right to complain to a data protection supervisory authority. You can exercise this right, for example, with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

XII. Changes

We may update our Privacy Notice from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Notice on this page. These changes are effective immediately after they are posted on this page.

*If you submitted your e-mail address and placed an order, we may use your e-mail address to inform you regularly about similar products without prior explicit consent. You can object to the use of your e-mail address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. Each newsletter contains an unsubscribe link. Alternatively, you can object to receiving the newsletter at any time by sending an e-mail to info@highsnobiety.com

Web Accessibility Statement

Titel Media GmbH (Highsnobiety), is committed to facilitating and improving the accessibility and usability of its Website, www.highsnobiety.com. Titel Media GmbH strives to ensure that its Website services and content are accessible to persons with disabilities including users of screen reader technology. To accomplish this, Titel Media GmbH tests, remediates and maintains the Website in-line with the Web Content Accessibility Guidelines (WCAG), which also bring the Website into conformance with the Americans with Disabilities Act of 1990.

Disclaimer

Please be aware that our efforts to maintain accessibility and usability are ongoing. While we strive to make the Website as accessible as possible some issues can be encountered by different assistive technology as the range of assistive technology is wide and varied.

Contact Us

If, at any time, you have specific questions or concerns about the accessibility of any particular webpage on this Website, please contact us at accessibility@highsnobiety.com, +49 (0)30 235 908 500. If you do encounter an accessibility issue, please be sure to specify the web page and nature of the issue in your email and/or phone call, and we will make all reasonable efforts to make that page or the information contained therein accessible for you.