Privacy statement
Thank you for your interest in our website and our company. Your privacy is very important to us. We strictly adhere to the requirements of the GDPR and process data according to its principles.
You will find detailed information about "Blue Tomato" and the handling of your data below. You can also download the entire privacy statement in your own language here.
Content
1. Who we are and who is responsible for data processing
2. Scope of the privacy statement
3. What data does Blue Tomato process and how is it collected?
4. For what purpose do we process data and what is our legal basis (justification) for doing so?
5. Who receives your data?
6. For how long do we process and store data?
7. Your rights as data subject
8. Must you provide us with data?
9. Automated decision-making and profiling
10. Cookie policy, website analysis, social media and email advertising
11. Our security measures
12. Links to other websites
1. Who we are and who is responsible for data processing
a) Corporate structure and group of companies
Blue Tomato GmbH, FN 80499g (hereinafter referred to as Blue Tomato Austria) is an Austrian company based in Hochstraße 628, 8970 Schladming and part of the Zumiez Group, with the parent company Zumiez International, LLC based in Lynnwood (USA) and its subsidiary Zumiez Europe Holding GmbH based in Lucerne (Switzerland). Zumiez International LLC and its subsidiaries in Europe form a group of undertakings (hereinafter referred to as Blue Tomato) within the meaning of the GDPR.
Blue Tomato Austria is the operator of the Blue Tomato website and all online presences and is operationally responsible for all subsidiaries of the Zumiez Group in Europe. The head office and main establishment within the meaning of the GDPR is located in Austria.
All companies in the Group are committed to the protection of personal data within the framework of "binding corporate rules". Further information on how to assert your rights can be found under point 6.
b) Data protection officer
Blue Tomato Austria determines the means and purposes of data processing for all subsidiaries of the Zumiez Group in Europe. Therefore, the company responsible for data processing is
Blue Tomato GmbH (FN 80499g)
Hochstraße 628, 8970 Schladming (Austria)
Email: [email protected]
Phone: +43 3687-2422-333
c) Data protection officer appointed by the Group
Christian Nitsche
Hochstraße 628, 8970 Schladming (Austria)
Email: [email protected]
Phone: +43 3687-2422-333
d) Myracloud
Our website uses the services of Myra Security GmbH (DE), Landsberger Str. 187, 80687 Munich. The purpose of the service is for secure encrypted data transmission on the Internet (SSL), to improve worldwide website performance through the Myra Content Delivery Network (CDN) and to improve security and protection against hacker attacks through the Myra Hyperscale Web Application Firewall (WAF). Since we care a lot about your privacy, we've chosen Myra as a German IT security provider, that meets the high GDPR standards reliably, when processing your data. The legal basis for data processing is therefore our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The service is mandatory for the technical security of our website. More detailed information about GDPR and Myra Security can be found on the GDPR pages of Myra Security: https://www.myrasecurity.com/de/datenschutz/
2. Scope of the privacy statement
This privacy statement applies to the Blue Tomato Group within Europe, to all Blue Tomato Austria websites and all our other online appearances, including social media sites and in particular the Facebook fan page.
3. What data does Blue Tomato process and how is it collected?
a) How does Blue Tomato collect personal data?
We either collect the data ourselves, e.g. through your entry on our website, announcements in the store etc., or we obtain it from a third party, e.g. through an order at trading platforms. Furthermore, we may also process data that we obtain from publicly available sources.
b) What data does Blue Tomato process?
In compliance with data minimisation, Blue Tomato only processes data that is required for the performance of the contract, the fulfilment of legal obligations or within the scope of our legitimate interests, or if you have expressly agreed to this. Wherever possible, Blue Tomato (pseudo)-anonymises your data. You can read more on the subject under point 12, Security measures. Blue Tomato does not process any special categories of customer data as laid out in Art. 9 GDPR.
The personal data processed by Blue Tomato includes:
- personal data such as name, address, birthday, place of birth and delivery address,
- physical data such as weight, height, shoe size, clothing size, but only to the extent that it will not be possible to identify you personally,
- contact details such as telephone number, email address,
- data and information from electronic data interchange, such as IP addresses, cookies, pixels, apps, etc;
- order data from purchase orders,
- advertising and sales data,
- general communication data, such as inquiries and consultations via Customer Service,
- data which Blue Tomato collects itself or through its partners, such as purchasing behaviour, payment behaviour and interests,
- data for the fulfilment of legal and official obligations,
- data for the fulfilment of contractual obligations such as warranties or guarantees,
- credit card data, which is masked before processing and used only within the context of abuse control,
- other account data, only for bank deposits and (return) transfers.
4. For what purpose do we process data and what is our legal basis (justification) for doing so?
Blue Tomato wants to offer you an optimum product range and the best possible selection of products and services, specifically tailored to your preferences and interests. We must also take into account country-specific circumstances such as language, currency and, if necessary, different regulations. We process data on the basis of the above-cited legal grounds and the purposes associated with them.
a) For the fulfilment of (pre)contractual obligations (Art. 6 (1) lit b GDPR)
- Fulfillment of your purchase according to our GTCs,
- Advice and information in the buying process,
- Provision of services, such as travel and courses,
Legitimate interests of Blue Tomato or a third party are:
c) Within the scope of your consent (Art. 6 (1) lit a) Apart from points a) and b), Blue Tomato only processes your personal data after you have given us your consent, e.g. for sending newsletters or using cookies (more on this under point 10, Cookies policy). Your consent can be revoked at any time. Please also refer to point 6 in this respect.
5. Who receives your data?
a) General provisions
Blue Tomato has clear rules on who may receive personal data. Within the Blue Tomato Group, your data is made available only to those departments and employees who require it to fulfil contractual, legal and supervisory tasks and obligations and to safeguard the legitimate interests listed under point 3 b).
Furthermore, your data is also made available to processors commissioned by Blue Tomato, i.e. companies that support us in fulfilling our corporate goals and tasks, such as IT companies, payment providers, suppliers, deliverers, printers, address validation partners (we work with Loqate) to the extent necessary to perform the tasks assigned to them. Blue Tomato concludes written agreements with these processors which oblige them to comply with the same requirements that apply to Blue Tomato.
In addition, Blue Tomato also makes personal data available to third parties with whom Blue Tomato cooperates within the scope of the aforementioned processing purposes or who may have a legitimate interest within the scope of the cooperation, e.g. debt collection agencies, payment providers or trading platforms, if you purchase from Blue Tomato via these platforms.
If there is a legal or official obligation, public authorities may also receive data from us.
b) Data transfer to third countries
Data will only be transferred to countries outside the EU if the country has an adequate level of protection according to Art. 45 GDPR or if other safeguards according to Art. 46 GDPR appropriately protect your data.
Blue Tomato has drawn up binding corporate rules within the Group, which must be approved by the data protection authorities in accordance with Art. 46 (2) lit b, in addition to the standard data protection clauses pursuant to Art. 46 (2) lit c. Blue Tomato transmits data on the basis of these safeguards.
c) Other data transmission to the USA
For the sake of completeness, we would like to point out that in the USA the surveillance measures of US authorities allow the general storage of all personal data of all persons whose data has been transmitted from the EU or Switzerland to the USA. This is done without differentiation, restriction or exception with respect to the aim pursued and without an objective criterion that would make it possible to restrict the US authorities' access to data and its subsequent use to very specific, strictly limited purposes which justify the interference associated with both access to, and use, of such data. Furthermore, we would like to point out that, in the USA, there are no legal remedies available to data subjects which would allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights by US authorities. We explicitly draw your attention to this legal and factual situation so that you can make an informed decision when you agree to the use of your data.
We would also like to expressly point out that the USA and in particular companies outside the "EU-U.S. and Swiss-U.S. Privacy Shield Framework" do not provide an adequate level of data protection.
6. For how long do we process and store data?
We retain your data for the duration of the business relationship and in order to carry out advertising activities within the framework of legitimate interests, for as long as you do not exercise your right to object to this processing according to Art 21 GDPR or, where you have given us your consent, if you do not revoke it. For more information, refer to point 6. Longer retention periods may be required due to legal storage and documentation obligations. In particular, this refers to the Austrian Federal Fiscal Code (BAO) and the Business Code (UGB) as well as other national and European legal requirements. Due to our warranty obligations and the guarantees of our suppliers, or on the basis of statutory regulations, retention periods of 3 years (short period of limitation) or, in individual cases, also considerably longer retention periods (long period of limitation) may be necessary.
7. Your rights as data subject.
The GDPR grants you comprehensive protection and information rights and particularly the right to object and withdraw. You can contact our data protection officer with your request or complaint at any time.
The supervisory authority responsible for the Group is the Austrian data protection authority. They can also be contacted in the event of a complaint. www.dsb.gv.at
Your rights, which you can normally exercise free of charge, in detail:
a) Right to be informed according to Art. 15 GDPR
You have the right to obtain information free of charge concerning the personal data stored about you and, if necessary, the right to correct, block or delete it, and to withdraw given consents. Please contact our data protection officer if you would like to know how your data is used.
b) Right to rectification according to Art. 16 GDPR
Is your data no longer correct, do you want to exercise your rights or do you have anything else on your mind? Just let our Customer Service staff know.
Email: [email protected]
Phone: +43 3687-2422-333
c) Right to erasure or restriction according to Articles 17 and 18 GDPR
Upon request and under the conditions of Art. 17 GDPR, we will delete your data unless we are entitled to its further use.
Under the conditions of Art. 18 GDPR, where we cannot delete the data, you can request a restriction of our data processing.
We will also always inform data recipients of your request and ask them to comply with it.
d) Right to data portability: regulated in Art 20 GDPR
You can request us to make your personal data available to you.
e) Right to object in accordance with Art. 21 GDPR and to withdraw consent in accordance with Art. 13 GDPR
If the processing of your data is based on your consent according to Art. 6 (1) lit a, you can withdraw this consent at any time.
If we process your data on the basis of our legitimate interests, you can object to such processing in accordance with Art. 21 GDPR. We will then immediately check whether your request is justified.
To exercise your right to withdraw and object, simply contact our Customer Service or the Data Protection Officer.
f) Automated individual decision-making, including profiling, in accordance with Art. 22 GDPR
You have the right not to be subject to a decision based on automated processing and profiling if this has legal effect or significantly affects you in a similar manner.
Blue Tomato uses automated decision making and profiling according to point 9.
8. Must you provide us with data?
We need your data to process your order. When you make data available to us, you are obliged to provide truthful information. In the case of wrong information, i.e. if the age you indicate is incorrect, we are entitled to assert any resulting damages and to also file a complaint, if this is of criminal relevance. You are not obliged to provide data or to give your consent for processing if the data is not relevant for the fulfilment of the contract. However, due to the different age limits for approval and legal capacity, we may need to know your age in some cases.
9. Automated decision-making and profiling.
a) Automated decision-making.
Automated decision-making only takes place if you decide to purchase on account.
Identity and credit check for the payment method 'Purchase on account'
If you choose the payment method "Purchase on account" during the order process, you will be asked for your consent to make the necessary data available to the respective payment provider for processing the payment and for an identity and credit check. If you give your consent, your data (first and last name, street name, house number, postcode, city, date of birth, telephone number) as well as data in connection with your order will be transmitted to the respective payment provider. In order to check your identity and creditworthiness, the respective payment provider or partner companies commissioned by the payment provider transmit data to (business) credit agencies and receive information from these agencies and, where applicable, information about your creditworthiness on the basis of mathematical-statistical procedures, the calculation of which includes address data, among other things. Furthermore, where necessary, the respective payment provider employs third party assistance for the detection and prevention of fraud. Data obtained with this assistance may be stored in an encrypted form which only the respective payment provider can read at a third party location. This data is used only if you select the payment method "Purchase on account" of our cooperation partner; otherwise, this data expires automatically after 30 minutes.
b) Profiling
Blue Tomato tries to take your personal interests, preferences and buying behaviour into consideration in order to provide you with an optimal shopping experience in our web shop and in the stores. To this end, we also analyse the data you have made available to us, as well as your purchasing and surfing behaviour, within the framework of legal regulations. Whenever we use cookies and pixels to do this, we ask for your consent as per our cookie policy, provided that the use of these cookies is not necessary for communication or that on the grounds of the legitimate interests of Blue Tomato, we are entitled to use them without your consent. You will find more on this under point 10 Cookie policy.
10. Cookie policy, website analysis, social media and email advertising
a) General information on the use of cookies
We use cookies on several website pages to make our website attractive and to enable the use of specific functions. Cookies are small text or image files that are stored on your computer or integrated into our website. They help identify the surfing behaviour of a user and therefore enable us to adapt parts of a website or specific information to your needs. To do so, Blue Tomato uses "first party cookies" and "third party cookies". First party cookies are those placed by the website operator itself, i.e. Blue Tomato. Third party cookies are the result of another, "third" party (online marketing service provider etc.) who place their cookies on our site on the basis of a contractual agreement with us. First party cookies permit you to be recognized as a user only on the site from which the cookie originates, but not across multiple domains. Therefore, your data will not be disclosed to third parties.
Third party cookies are set by contractual partners who collect user information on the basis of a contractual relationship with Blue Tomato in order to optimise and/or personalise marketing activities.
In the use of cookies/pixels Blue Tomato distinguishes
- necessary cookies (first party cookies only)
These cookies are required to maintain communication and necessary functions, and/or to provide information. They are automatically set and deleted at the end of the browser session or after the scheduled time has elapsed.
- essential cookies (first party and third party cookies)
These cookies remain on your computer for a scheduled time and enable Blue Tomato to recognise your computer as well as the settings and information you already entered on your next visit to the site, thus sparing you the trouble of having to enter this data again. These cookies are set when when you use an offered functionality and only contain general anonymous information about your access to the website (not about the content of the same) in order to provide Blue Tomato with additional information about these visits for statistical purposes or to enable Blue Tomato to analyse navigation behaviour (anonymised) on the websites and thus improve our Internet presence.
- Advertising cookies/pixels (third party cookies)
These serve to tailor our offer and services to your needs, interests and preferences and to provide you with tailor-made promotional offers. They will only be used after you have agreed to them, unless we are entitled to use them also without your consent.
b) Cookies/pixels used by Blue Tomato
In the following list we give you an extensive description of all the cookies/pixels used by Blue Tomato, in which personal data are used.
List of Cookies/Pixels used by Blue Tomato
c) Revocation and objection options
You can revoke your consent at any time and also object to the use of cookies/pixels that do not require consent, provided that these are not necessary or if deactivation is technically possible. However, we would like to point out that in the event of an objection, you may not be able to use the website's functionality in full.
You have several options to object to the use of cookies/pixels or to revoke a consent you have already given.
The most common browsers offer the possibility to block the use of cookies. Click on the links below to find out how:
- Microsofts Windows Internet Explorer
- Microsoft's Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile
By using browser extensions such as Ghostery you can deactivate individual cookies and determine which cookies are set. Installing the extension is quick and easy and it is available for all major browsers.
In the case of "third party cookies", the service providers themselves often offer deactivation options. The most important ones are listed under point d).
In addition, Blue Tomato gives you the option of accepting or rejecting the use of a cookie via a cookie banner in each new session.
d) Website analysis and social media
GOOGLE ANALYTICS
Google Analytics is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies," which are text files that are stored on your computer, to help the Blue Tomato website analyse how users use the site. The information collected by the cookie regarding the use of our websites (including your IP address) is usually transferred to a Google server in the USA and stored there. Blue Tomato points out that the code "gat._anonymizeIp();;" has been added to Google Analytics on the websites of Blue Tomato to ensure an anonymous collection of IP addresses (so-called IP masking). Your IP address is only recorded by Google in a shortened form, which guarantees anonymisation and does not allow any conclusions to be drawn about your identity. If IP anonymisation is activated on our websites, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use the mentioned information to evaluate your use of the Blue Tomato websites, to compile reports on the website activities for Blue Tomato and to provide other services associated with the use of websites and the Internet to Blue Tomato. The IP address that your browser transmits within the scope of Google Analytics is not merged with any other data held by Google. A transfer of this data by Google to third parties only takes place dur to legal regulations or within the scope of order data processing. Under no circumstances will Google match your data with other data collected by Google. With your consent you agree to the processing of the data collected about you by Google in the aforementioned manner of data processing and for the named purpose. You can prevent the storage of cookies by selecting the appropriate settings on your browser and other options as set out under point 10 c); however, Blue Tomato points out that in this case you may not be able to use all the functions on our websites to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of this website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link. For more information about Google Analytics and data protection, see http://tools.google.com/dlpage/gaoptout?hl=de.
DOUBLECLICK BY GOOGLE
DoubleClick by Google is a service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). DoubleClick by Google uses cookies to serve ads that are relevant to you. To do so, your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called up. The cookies do not contain personal information. DoubleClick cookies only allow Google and its partner sites to display ads that are relevant to you based on your previous visits to our website or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and is stored there. Google only transfers this data to third parties on the basis of statutory provisions or in the context of processing order data. Under no circumstances will Google match your data with other data collected by Google. By using our website you agree to the processing of data relating to you and collected by Google, and to the processing of data as described above and for the purpose described above. You can prevent the storage of these cookies by selecting the appropriate settings in your browser software. However, we wish to point out that, in this case, you may not be able to use all of the functions on our websites. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from their processing this data by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension.
WEBSITENANALYSE BY ECONDA, OPTIMIZELY UND INTELLIAD
For the user-oriented design and optimisation of this website, we use the solutions and technologies of econda GmbH (http://www.econda.de), Optimizely, Inc. (https://www.optimizely.com/) and intelliAd Media GmbH (www.intelliad.de) as well as Google Tag Manager to collect and store anonymised data and create user profiles from this data using pseudonyms. For this purpose cookies may be used, which allow the Internet browser to be recognised. However, user profiles are not merged with data about the bearer of the pseudonym without express consent of the visitor. In particular, IP addresses are made unrecognisable directly after receipt, which makes it impossible to assign user profiles to IP addresses. For the future, visitors to this website can object to this data collection and storage at any time under the following link:
Object to Econda
Object to intelliAd
Object to Optimizely
USE OF SOCIAL MEDIA PLUGINS
We do not use social media plugins. The signs and logos of Facebook, Instagram, Pinterest, Twitter and YouTube visible on Blue Tomato websites are exclusively links to the pages of these services. If you click on one of these icons, the service provider will not receive any personal data from you.
You can share and view Blue Tomato content there. By using the services of the respective provider you submit to their data protection regulations. See also our indications under point 12, Links to external websites.
e) Email marketing
By subscribing to the newsletter, your email address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time by clicking on the "Unsubscribe" link at the end of a newsletter, without incurring any costs other than the transmission costs according to the basic rates of your access provider. As a newsletter subscriber, we will regularly send you carefully selected offers of similar products from our range by email. Blue Tomato has commissioned the service provider Emarsys to individualise and improve our newsletter design. By linking different communication channels, records are created using cookies, which enable Blue Tomato to inform you about current products and offers that meet your needs. By subscribing to the newsletter you also agree that we will forward your email address to Emarsys.
If you do not want Blue Tomato to store cookies for which we need your consent, or if you want to revoke the consent you have given to store cookies, you can do so here. Please note that in this case some functions on the website will be limited. See also the detailed explanations in the Cookie Policy.
11. Our security measures
Your personal data is encrypted during the order process using "Secure Socket Layer" (SSL) over the Internet (address transmission is excluded for newsletter subscriptions). Here we use the highly secure 128-bit encryption (SSL 3.0, RC4) from GeoTrust. Credit card data are not stored, but are collected and processed directly by respective payment provider.
We protect our website and other systems using technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.
In all processing activities, we observe the principles of the GDPR as laid out in Art. 5. and subject all processing activities to close scrutiny within the framework of our data protection management system. We also periodically carry out external data protection audits.
Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
12. Links to other websites
Blue Tomato's websites contain links to websites of other companies. Blue Tomato has no influence on the design and content of these third party websites, nor do we have any control over how the providers of these websites handle your information. Therefore, our privacy statement and our responsibility and liability do not extend to linked websites. If you have any questions, please contact these companies directly.