Effective: November 2, 2023

This general privacy policy describes how mytheresa.com GmbH and its corporate affiliates (“Mytheresa”) collect and use personal data about US residents (“you”) when you visit or use our website at www.mytheresa.com. Please carefully read the entirety of this privacy policy, as it contains information regarding your rights under applicable privacy laws and how you may exercise them. If you are a California resident, please also see our supplementary CCPA Disclosures here.

Note that data subject rights may apply to you depending on which US state you reside in. Rights you may have with respect to Mytheresa are described in Section 16 (Instructions on the Rights of Affected Persons). We have included certain information on how to opt out of particular data processing activities by third parties throughout this document for informational purposes only. The particular opt-out choices and channels available from third parties may change.

Data processing controller

Controller responsible:

mytheresa.com GmbH
privacy@mytheresa.com
Einsteinring 9
85609 Aschheim/Munich.

If you have any queries about the handling of your personal data, please contact us using the information above.

1 BASIC INFORMATION ON DATA HANDLING

We fundamentally collect and use the personal data of our users insofar as this is required for the provision of a functional website and of our contents and services as well as for the implementation of our business purpose.

Sections 2 to 11 provide detailed disclosures regarding the categories of personal data we process, purposes for each processing, categories of personal data that we share with third parties, and categories of third parties with whom we share personal data. Sections 12 to 15 provide detailed cookies disclosures. Section 16 provides information on how consumers may exercise rights that may apply.

We transfer your data when we are legally obliged to do so, or the data transmission is required to perform the contractual relationship or you have previously given your explicit consent to the forwarding of your data. External service providers and partner companies such as online payment providers or the shipping company tasked with the delivery, receive your data insofar as it is necessary for the execution of your order. However, in these cases the extent of the transmitted data is restricted to the minimum required. Please also observe the data protection notices of the individual providers identified further below. The individual service provider is responsible for the contents of third party services.

2 GENERAL DATA COLLECTION WHEN VISITING OUR WEBSITE

When visiting the website for purely informational purposes, i.e. when you do not register or transfer other information to us, we collect personal data that your browser transmits to our server.

 Description and extent of data collection  

Whenever our internet site is visited, our system automatically records data and information from the computer system of the visiting computer.

The following data is collected:

1.      Information about the browser type and version used

2.      The operating system and the interface of the user

3.      The internet server provider of the user

4.      The IP address of the user

5.      Access status/http status code

6.      Date and time of the visit

7.      Time zone difference to Greenwich Mean Time

8.      Content of the request (concrete internet page)

9.      The quantity of data transmitted

10.   Websites, from which the user accessed our internet site

11.   Websites that are visited by the user via our website

12.   Regarding mobile end devices: Manufacturer and type designation of the Smartphone, tablet or other mobile end devices

13.   Low-level tracer

The data is likewise stored in the logfiles of our system.

Purpose of data processing

The temporary storage of the IP address by the system is necessary so as to enable delivery of the website to the computer of the user. To do this the IP address of the user remains stored for the duration of the session.

Storage in logfiles is required in order to assure the functionality of the website. In addition, the data serves to optimise the website and to assure the security of our IT systems. In particular our website and our other IT system help us to adapt to the browser, operating system and end devices used.

3 REGISTRATION

On our internet site we offer users the possibility to register by entering their personal data. The data is entered in the input fields and is transferred to us and stored. The following data is collected as part of the registration process:

  • Salutation

  • Academic title (optional)

  • First name

  • Last name

  • Email

  • Password

  • Address

  • Telephone number

  • Company (optional)

  • Country

  • Packing station (if available)

At the time of registration the following data is also stored:

1.      The IP address of the user

2.      Date and time of the registration

3.      Customer number

4.      Entity-ID

5.      Email hash

The user is asked as part of the registration process to consent to the processing of this data. After registration has been completed you will receive a personal access protected by password and can view and manage the registration data. Registration is effected on a voluntary basis, but may be a precondition for using our services.

Your data is forwarded to our email service provider Emarsys so that we can send you an email confirming your registration.

 Purpose of data processing

User registration is necessary for the provision of certain contents and services, in particular the extended use of our web shop on our website. User registration also serves for the performance of a contract with the user or to take steps prior to entering into a contract. Registration refers in particular to the use of our web shop.

Sales contracts are typically concluded via the web shop for the following product groups:

  • Clothing

  • Shoes

  • Bags

  • Accessories (including jewellery)

  • Children’s clothing

  • Furnishings

  • Gift vouchers

4 CONTACT

Our internet site has a contact form which can be used to contact us by electronic means. If the user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. This data is:

1.      First and last name

2.      Email address

3.      Subject

4.      Message

The data is solely used for the processing of the conversation and not transferred to third parties.

 Purpose of data processing

The processing of personal data from the input field is used for the purpose of establishing the contact.

The personal data otherwise processed during the sending process is used to prevent misuse of the contact form and to assure the security of our IT systems.

5 NEWSLETTER

We use the so-called double opt-in procedure and the confirmed opt-in procedure for registration to our newsletter. The double opt-in procedure means that we send you a confirmation email to the email address you provide, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm within a period of 72 hours, the data will be deleted automatically. If you confirm your wish to receive the newsletter, your email address will be saved. The storage serves the sole purpose of being able to send you the newsletter. In addition, we also store your IP addresses when you register and confirm as well as the times, in order to prevent misuse of your personal information.

Email Service Provider: Newsletters are sent by Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany, hereinafter referred to as the “Email Service Provider Emarsys”. You can view the privacy policy of the email service provider here: https://www.emarsys.com/de/datenschutzrichtlinie/.

The email address is required information for sending the newsletter. The provision of additional, specially marked information is voluntary, and it will be used solely for the purpose of personalising the newsletter. In addition, we store the IP addresses you use for registration and confirmation, as well as the times these events take place. The purpose of this procedure is to have evidence of your registration and, if necessary, to clarify any possible misuse of your personal data. After your confirmation, we save your registration data for the purpose of sending you the newsletter.

If we have received your email address in connection with your order and you have not objected to this, we reserve the right to send you regular offers by email for products similar to those you have already purchased from our product range.

You can object at any time to the use of your email address for direct marketing without stating reasons by sending a message to privacy@mytheresa.com or by using the unsubscribe link in the email newsletter, without incurring any costs other than the transmission costs according to the basic rates, i.e. your existing Internet contract.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails we send contain, among other things, so-called web beacons also known as tracking pixels. These are one-pixel image files enabling us to evaluate your user behaviour. This is done by collecting web beacons, which are assigned to your email address and linked to your own ID.

We use the email service provider Emarsys as well as Certona to store cookies on your computer through your web browser. The cookies and the identification numbers stored in them will not be associated with your name, address, email address or other personally identifiable information unless you have expressly permitted us to send you information specifically tailored to your interests. The email service provider Emarsys and Certona use these cookies to recognize your browser, so that we can track your movements on our website as well as recording and measuring the success of certain marketing actions. We use this information to improve our website and email newsletters, in particular by adapting our information and offers to the individual interests and needs of users.

With the data obtained in this way, we create a pseudonymous user profile in order to be able to provide you with a newsletter tailored to your interests. The following data will be collected:

• Have you opened the newsletter? And what did you click on in it?

• When and how long did you visit our website? What products and categories did you look at?

• When and what did you purchase? What category, and in what amount? And: Did you cancel the order?

We associate this data with your user account, if you have logged in.

You can opt out of the cookie-based collection and analysis of online data described above at any time by clicking the Opt-out button below. If you exercise this option, an anonymous “opt-out” cookie will be stored in your web browser, informing the Emarsys web servers and the Certona web servers of your opting out and preventing the collection of data. The opt-out cookie will remain in effect in the browser you are using until you delete it using that browser. However, if you delete the cookie or use a different browser or computer, the email service provider Emarsys and Certona will no longer be able to recognise that you have declared your objection. Alternatively, you can configure your browser so that it does not accept cookies.

If you have registered in our web shop and placed products on your wish list, you will receive emails informing you about the products on the wish list. You can unsubscribe from these notifications by unchecking the box at the end of the wish list or by using the unsubscribe link in the emails.

EMARSYS & CERTONA

6 YOUR ORDER IN OUR ONLINE SHOP

If you would like to place an order in our web shop, it is necessary for the purposes of concluding the contract that you provide personal data. Mandatory details required for the processing of contracts are specifically marked as such, and details other than that are voluntary. We use the data given by you to process your order. In addition, we can forward your payment details to the payment service provider selected by you. Additionally, we forward your address details to the shipping logistics service provider selected to carry out shipping.

You can also create a user account on a voluntary basis, which we can then use to store your data for additional purchases at a later date. Please see Section 3 for more information about registration.

We can also process the data given by you in order to notify you about additional products in our range that you may find of interest or have emails about technical information sent to you.

To prevent unauthorised access to your personal data, in particular financial data, the order process is encrypted by hybrid encryption protocol for the secure data transmission “Secure Socket Layer” (SSL).

7 SURVEYS

7.1 Customer Satisfaction Surveys

We conduct customer satisfaction surveys to continuously optimise our products and services. You can voluntarily participate in the customer satisfaction survey, either by clicking on an appropriate link we send you by email as a selected customer, or by participating as a selected customer in a customer satisfaction survey displayed to you on our website. We use SurveyGizmo LLC, a service provider based in the USA, to conduct the customer satisfaction survey. The following data will be provided to SurveyGizmo LLC when you participate in the customer satisfaction survey:

  • Email address

  • Email hash

  • Language, such as German de-de

SurveyGizmo LLC themselves store the following data:

  • Email address

  • IP address

  • Email hash

  • Survey results

  • A response ID

  • Language, such as German de-de

  • Participant’s country

7.2 Trustpilot

You have the opportunity to rate our company on Trustpilot, Inc., 245 5th Avenue, 4th floor, New York, NY 10016, USA (“Trustpilot”) as well as your purchase from us. These ratings are voluntary, and the results will be published on https://www.trustpilot.com/ under a freely selectable pseudonym. If you rate us, we would like to thank you for your feedback – every feedback helps us improve our service even further. By submitting a rating of our company, you agree that we may publish your rating on Trustpilot and on our websites. The terms and conditions and privacy policy of Trustpilot apply, as published at http://legal.trustpilot.de/end-user-privacy-terms and http://legal.trustpilot.de/end-user-privacy-terms. As part of your voluntary participation in the rating via Trustpilot, we will pass on your email address, your first and last name and your customer ID to Trustpilot.

8 AFFILIATE NETWORKS

In addition, we collaborate with affiliate networks, such as Commission Junction/Zanox/etc.

An affiliate network is a provider from the online advertising sector and an agent between advertisers (mytheresa.com) and publishers (website operators). Publishers can enter into a partnership via the affiliate network with mytheresa.com and thus take part in special promotions. Therefore, the publisher integrates a mytheresa advertisement/promotion code/hyperlink in the content on its website and thus leads the customer to our online shop through, for example, an editorial text.
As soon as the user buys on mytheresa.com, the publisher receives an appropriate commission. Only the information on the sale, such as order ID, product ID and the prices of the products sold, is transferred to the network.

9 USE OF SIGNIFYD

For the administration of payments or to fight fraud in credit card payments, we share data with Signifyd Inc. (2540 North First Street, Ste 300, San Jose, CA 95131, USA), which are processed only for this purpose.

Signifyd uses the transferred data only in suspicious cases to compare these with their databank and to then provide an estimate of the risk of fraud.

The following data are transferred:

  • Transaction data (delivery and invoicing address, name, telephone number)

  • Email address

  • Shipping country

  • IP address

10 USE OF EKATA

To combat credit card fraud, we occasionally share information with Ekata (Ekata, Inc., 1301 Fifth Avenue, Suite 1600, Seattle, WA 98101, USA) that is processed solely for this purpose.

Ekata uses the provided data only in suspicious cases, to check it against their database and then to make an assessment of the risk of fraud.

The following data will be transmitted:

First and last name
Complete address (shipping and billing addresses, if different)
Telephone number
IP address
Email address

You can find the Ekata privacy policy here.

11 USE OF VERIFF

To combat credit card fraud, we occasionally share information with Veriff (Veriff OÜ, registry code 12932944, registered address at Niine 11, 10414 Tallinn, Estonia). For that purpose, the customer can choose to use Veriff for identification.

The following personal data will be collected and processed:

  • personal information of User (such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship, but also historic data of that User that may have been stored with us during previous counteractions within the retention periods)

  • document details (such as the name of the document, issuing country, number, expiry date, security features)

  • facial recognition data (such as photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process)

  • contact details (such as address, e-mail address, telephone numbers, IP address)

  • technical data (Device Signature), including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);

You can find more information in the privacy policy of Veriff:  https://www.veriff.com/privacy-policy 

12 COOKIES AND SIMILAR TECHNOLOGIES

We use cookies in order to improve our web presence and to optimise use for you, but also for advertising purposes. Cookies are small text files that are stored on your computer when you call up our website and enable a renewed identification of your browser. Cookies store information, such as, for example, your language setting, the length of visit to our website or the entries you made there. This avoids the need to re-input all the required data afresh at every session. Moreover, cookies enable us to detect your preferences and to tailor our website to your areas of interest.

Most browsers accept cookies automatically. If you would like to prevent the acceptance of cookies, you can select the setting “accept no cookies” in the browser settings. How this works in detail can be found in the instructions of your browser manufacturer. Cookies already stored on your computer can be deleted at any time. However, we would like to point out this may restrict the functionality of our web presence.

We use cookies and similar technologies (collectively, “Required Cookies”) to provide you with an optimal website experience. Required cookies are required to enable the use of our website; because they are required, the “Required Cookies” button does not allow selection and deactivation.
In addition to the aforementioned required cookies, we would like to use other optional cookies and similar technologies (“Marketing Cookies” and “Analytics Cookies”) in order to optimise our own marketing and analyse web traffic.

Similar technologies include tracking pixels (also: 1×1 pixel, counter pixels, or pixel tags) or web beacons. These are graphics with the dimensions 1×1 loaded when our web page is retrieved. This enables our partners and us to collect statistical data for our marketing and web analysis. With the help of appropriate analytical tools, we can use this data for various purposes. The various marketing instruments are explained in more detail below.

13 PRIMARY PROVIDER COOKIES – ESSENTIAL COOKIES

This type of cookie is set by the website that the user visits.

8.1 Cookies used

We use cookies in order to design our website in a user-friendly fashion. Some elements of our internet site require the calling browser to be identified also after a page change.

The following data is stored and transmitted in the cookies:

1.      Language settings

2.      Articles in a shopping cart

3.      Log-In information

4.      Search terms entered

5.      Frequency of page views

6.      Utilisation of website functions

7.      Device or browser information

8.      Products and categories viewed

9.      Call up of wish list and the shopping cart as well as the adding of new products

10.   Number of products in the shopping cart

11.   Point of origin of the page visitor

12.   Abbreviated IP address

13.   Email hash

Purpose of data processing 

The reason why technically necessary cookies are employed is to simplify use of websites for the users. Some functions of our internet site cannot be offered without the use of cookies. It is essential for these functions that the browser is also recognised again after a page change.

We require cookies for the following functions:

  • Shopping cart

  • To protect the website from attacks

  • Marking of sessions – settings

We use analysis cookies to improve the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and therefore allow us to ensure an ongoing improvement of our web presence. In addition, they enable us to maintain quality assurance and constantly improve the user experience.

 Duration of storage, right to object and removal 

Cookies are stored on the computer of the user and are transferred from it to our site. Therefore, you as the user also have full control over the use of cookies. By altering the settings in your internet browser you can disable or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be effected automatically. Disabling cookies for our website may mean that not all functions of the website can be used to their full extent.

Our website uses transient cookies. These are automatically deleted when you close your browser. These are typically so-called session cookies. These store a so-called session ID with which various queries form your browser can be assigned to a common session. It means that your computer can be recognised again when you return to our website. These cookies are deleted when you log out or close the browser.

Our website also uses persistent cookies. These are automatically deleted after a predetermined period that can vary depending on the cookie. These cookies, too, can be deleted at any time.

14 THIRD-PARTY COOKIES – MARKETING COOKIES

These cookies are used by marketing companies, for example.

14.1 Criteo  GmbH

We employ technology of Criteo GmbH (Criteo GmbH, Gewürzmühlenstr. 11, 80538 Munich) on our site to create and deliver personalised advertising. Our website mytheresa.com uses cookies/advertising IDs for the purpose of advertising. This enables us to show our advertisements to visitors who are interested in our products on partner websites, apps and emails. Re-targeting technologies use your cookies or advertising IDs and display advertisements based on your past browsing behavior. You can opt-out of interest based advertising by visiting the following websites:
http://www.networkadvertising.org/choices/
http://www.youronlinechoices.com/

We may share data, such as technical identifiers derived from your registration information on our mytheresa.com website or our CRM system with our trusted advertising partners. This allows them to link your devices and/or environments and provide you a seamless experience across the different devices and environments that you use. To read more about their linking capabilities, please refer to their privacy policy listed in the above-mentioned platforms or listed below.

You can find more information concerning Criteo data protection here: https://www.criteo.com/privacy/

Should you no longer wish to be shown Criteo-enabled personalised advertising material, you can unsubscribe from Criteo advertising here.

14.2 Google Tracker

We use the following technology of Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, which is a part of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google“.

14.2.1 Google AdWords and Conversion Tracking

In order to attract attention to our services, we place Google Adwords adverts and use as part of this the Google conversion tracking for the purpose of providing personalised online advertising that takes into consideration interest and location. The option to anonymise the IP addresses is regulated at Google Tag Manager via an internal setting that is not visible in the source of this page.

The adverts are displayed after search queries on websites of the Google Advertising Network. We have the ability to combine our adverts with certain search terms. We can use cookies to place adverts based on the previous visits of the user to our website.

A cookie is set by Google when an advert is clicked on the computer of the user. For more information on the cookie technology used, please consult the information provided by Google on Website Statistics and in the Data Protection Provisions.
With the aid of this technology Google and we as a customer receive information on when a user has clicked on an advert and which websites he or she was forwarded to. The information obtained by this is used for a statistical evaluation for advertising optimisation purposes. The statistics made available to us by Google contain the total number of users that have clicked on our adverts, and, if applicable, whether they were forwarded to a webpage of our web content furnished with a conversion tag. We can use these statistics to track which search terms occur particularly frequently when our advert is clicked and which adverts lead the user to establishing contact via the contact form.

If you would not like this, you can prevent the storage of the cookies required for this technology, for example, via your browser settings. In this case your visit does not flow into the user statistics.

You can prevent your participation in this tracking process in a variety of ways:
a) by a corresponding setting in your browser software, in particular the suppression of third-party cookies means that you receive no adverts from third-party providers;
b) by disabling the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, this setting being deleted when you delete your cookies;
c) by disabling the interest-related adverts of providers that are part of the self-regulating campaign “About Ads” via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
d) by permanent disabling in your browsers  Firefox, Internet explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. We point out that in this case you may not be able to use all the functions of this content to its full extent.

You can find more information concerning Google data protection here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) on http://www.networkadvertising.org.

Nevertheless, we and Google continue to receive the statistical information regarding how many users visited the site and when they did this. If you would not like to be included in these statistics, you can prevent this with the aid of additional programs for your browser (for example with the Add-on Ghostery).

14.2.2 Google AdWords and Google Analytics Remarketing Lists for Search Ads (RLSA)

mytheresa.com uses Google AdWords and Google Analytics Remarketing Lists for Search Ads (RLSA). Users that visit mytheresa.com are collected via a Google tag and the behaviour is recorded.

The information generated by the cookie about your use of the website like:

  • Browser type / version,

  • Operating system used,

  • Referrer-URL (the site visited previously),

  • Hostname of the calling computer (IP address),

  • Time of the server query

is as a rule transmitted to a Google server in the USA and stored there.

The recorded behaviour pattern such as, for example, the dwell time on the site, concluded or aborted shopping cart operations, direct abort of the visit (bounce) can be used to adapt the advertising to the Google search results page.

If you want to object to the use of the data, please click here.

14.2.3 Google Shopping Reviews

Mytheresa.com uses Google Shopping Reviews, which allows shoppers to write a review of mytheresa.com after they have placed an order. These reviews are visible to potential future customers.

The following data will be collected:

Order ID
Email address (for sending the survey)
Shipping country
Estimated delivery time (time the survey was submitted)

14.2.4 Google Customer Match

Mytheresa uses Google Customer Match technology to create and deliver personalised advertising.
Our mytheresa.com website uses cookies/advertising IDs for advertising purposes. This allows us to show our advertising to visitors interested in our products on partner websites, apps and emails. Re-targeting technologies use cookies or advertising IDs and display ads based on your previous browsing behaviour. To opt out of certain interest-based advertising, please visit the following websites:
http://www.networkadvertising.org/choices/
http://www.youronlinechoices.com/

We may share information such as technical identifiers from your registration information on our mytheresa.com website or CRM system with trusted advertising partners. This allows you to link your devices and/or environments and provide a seamless user experience with the devices and environments you use. For more details on these linking capabilities, please refer to the privacy policy found on the aforementioned platforms, or to the explanations below.

If you no longer wish to receive certain personalised advertising material, you can unsubscribe from Google’s advertising here.

14.2.5 Google reCAPTCHA

On this website we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

Further information about Google reCAPTCHA as well as Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy

14.3 Microsoft Bing Tracker

We use the following technology of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA):

14.3.1 Bing Conversion Tracking

We use Bing Ads Conversion Tracking. A Bing Ads cookie is set on your computer as soon as you visit our website via a Bing search ad. Using Bing Conversion Tracking, campaigns for search machine advertising are directed to Bing on a frequency basis, i.e. ads are placed more frequently for search queries that often lead to a purchase, whereas search queries that are less relevant see fewer ads.

The following data is collected:

  • Browser type / version,

  • Operating system used,

  • Hostname of the calling computer (IP address),

  • Time of the server query

If you would not like this, you can unsubscribe on https://account.microsoft.com/privacy/ad-settings . For more information on Bing Ads Conversion Data Protection, please consult https://privacy.microsoft.com/de-de/privacystatement.

14.3.2 Bing Ads Remarketing Lists for Search Ads (RLSA)

We also use Microsoft Bing Ads Remarketing Lists for Search Ads. Here, the users that visit our website are detected by means of a general website tag and optional event snippets and their behaviour recorded. The recorded behaviour pattern such as, for example, the dwell time on the site, concluded or aborted shopping cart operations, direct abort of the visit (bounce) can be used to adapt the advertising to the Bing search results page. This means that users that have a great interest in our website see more ads in a higher position, while visitors that have less interest in our website see fewer ads in the search engine or even none at all. For more information on Bing Ads Remarkting Lists for Search Ads data protection, please consult https://advertise.bingads.microsoft.com/de-de/ressourcen/richtlinien/richtlinien-zur-datensicherheit-und-datnschutzerklaerung.

The following data is collected by means of cookies:

  • Browser type / version,

  • Operating system used,

  • Hostname of the calling computer (IP address),

  • Time of the server query

If you would not like this, you can unsubscribe at any time on  https://account.microsoft.com/privacy/ad-settings. For more information on Bing Ads Conversion Data Protection, please consult https://privacy.microsoft.com/de-de/privacystatement.

14.4 Facebook Custom Audiences

(1) This website uses Facebook Custom Audiences with the pixel function (“Facebook Pixel”) and the server-side conversion API (“API”) of Facebook Ireland Ltd. (“Facebook”). This allows users of the website to see interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other Facebook-related apps and websites. This allows us to show you advertisements that are of interest to you in order to make our website more interesting for you.

(2) Your browser automatically establishes a direct connection to the Facebook server through the Facebook Pixel included. Using the API, web events from your browser are transmitted directly to Facebook via a server connection. These events are used for the extended comparison of the integrated Facebook Pixel. The data transmitted through the Facebook Pixel and the API are used for results measurement, reporting and the optimization of ads. If you are registered with a Facebook service, Facebook can allocate the website visit to your account.

Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will discover and save your IP address and other identification features.

 (3) Using the Facebook pixel and the API, Facebook is able to identify the visitors of our online offer as a target group (called “Custom Audiences”) for the presentation of advertisements (called “Facebook Ads”). Accordingly, we use the Facebook Pixel and the API to display only the Facebook ads placed by us to Facebook users who have also shown an interest in our online offer or who have certain characteristics (such as interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (the “Custom Audiences”). Using the Facebook Pixel and the API, we would also like to ensure that our Facebook Ads correspond to the potential interest of the users and are not annoying. Using the Facebook Pixel and the API, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement and have interacted with our products (called “Conversion”).

 (4) Third party information: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Board of directors: Gareth Lambe, Shane Crehan; Registered with the Companies Registration Office of the Republic of Ireland; Company number 462932.

Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy. You can find more information about Facebook Ads here: https://www.facebook.com/about/ads/

(5) You can object to the collection using the Facebook Pixel and the API and the use of your data to display Facebook Ads by using the opt-out mentioned below. To set which types of advertisements are shown to you within Facebook, you can call up the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu. The settings are platform-independent, that is, they are adopted for all devices such as desktop computers or mobile devices.

Note: If you use the opt-out, an “Opt-Out” cookie will be saved on your device. If you delete the cookies in this browser, you will have to make the selection again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain on which the checkbox was cleared.

You can find a corresponding opt-out for the Facebook Pixel and the API here:

FACEBOOK CUSTOM AUDIENCE

14.5 Snap Pixel and Website Custom Audiences

We use the so-called “Snap Pixel” of the social network Snapchat, which is operated by Snap Inc, Market Street, Venice, CA 90291, USA (“Snapchat”), for the purpose of analysing and optimising our website and services.

With the help of the Snap Pixel, Snapchat is on the one hand able to determine the visitors of our website as a target group for the display of ads (so-called “snapchat ads”). Accordingly, we use the Snapchat pixel to display the Snapchat Ads placed by us only to those Snapchat users who have also shown an interest in our website or who have certain characteristics (for example an interest in certain topics or products as determined by the web pages visited) that we submit to Snapchat (so-called “custom audiences”).

With the help of the Snap Pixel, we also want to make sure that our Snapchat ads match the potential interest of the users and are not annoying. The Snap Pixel also allows us to track the effectiveness of Snapchat ads for statistical and market research purposes by seeing if users are redirected to our website after clicking on a Snapchat ad (so-called “conversion”).

The processing of data by Snapchat is done subject to Snapchat’s data use policy. Accordingly, for general guidance on how to view Snapchat ads, please see the Snapchat Privacy Policy: https://www.snap.com/en-US/privacy/privacy-center/.

You can object to Snapchat Tracking at any time and adjust, disable or re-enable it by clicking on the following link https://support.snapchat.com/en-US/article/advertising-preferences.

14.6 Certona

We use the Certona Product Recommendations analysis and advertising service provided by Certona Corporation, 10431 Wateridge Circle, Suite 200, San Diego, CA 92121, USA (“Certona”). Certona Product Recommendations uses cookies stored on your computer to help us analyse and optimise the use of our website, as well as to personalise your visit to our website and improve our advertising. The information generated by the cookie about your use of this website is generally transmitted to a Certona server in the United States and stored and processed there on our behalf.

The following data will be transmitted:

  • IP address without assignment to a specific user profile

  • Device-related data such as device type and model, operating system and browser type and version.

  • Usage-related information such as time of use, length of stay, place of origin

  • Information about purchasing behaviour such as purchases, placement of items into the shopping cart, deletion from the shopping cart, inclusion on the wish list, deletion from the wish list, product search, product reviews

  • Certona tracking ID

  • Order list, order ID, product ID, prices

  • Email hash

CERTONA

15 SPECIAL TOOLS – ANALYTICAL COOKIES

In addition to the above-mentioned cookies we also employ additional tools for the purposes of usage analysis, content optimisation, marketing analysis and advertising optimisation, subject to your consent. The explanations in section 10 do not apply to these tools. We will now inform you about each of these special functions, including the extent of data collection, the purposes pursued with the data collection as well as the possible ways you have at your disposal to prevent the use of these tools.

15.1 Tools for marketing purposes

We use cookies for marketing purposes in order to offer our users appealing advertising. In addition, we use the cookies to cap the display frequency of an advertisement and to measure the efficacy of our advertising measures. This information can also be shared with third parties, such as, for example Ad-networks.

 15.1.1 Google Analytics and Conversion Tracking

This website uses Google Analytics, an advertising analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of the use of the website by you.

The information generated by the cookie about your use of the website like:

  • Browser type / version,

  • Operating system used,

  • Referrer-URL (the site visited previously),

  • Hostname of the calling computer (IP address),

  • Time of the server query

is as a rule transmitted to a Google server in the USA and stored there. The IP address transmitted as part of Google Analytics from your browser is not amalgamated with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website.

On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to collate reports on website activities and to render further services to the website operator connected with the website use and internet use.

You can prevent the storage of the cookies by means of an appropriate setting in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the recording of the data related to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing a browser plug-in available on the following link: http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie is set that prevents the future collection of your data when you visit this website. The opt-out cookie only applies for this browser and only for our website and is saved on your device. If you delete the cookies in this browser, you must set the opt-out cookie afresh.

This website additionally uses Google Analytics for a cross-device analysis of visitor flows carried out via a User-ID. You can deactivate in your customer account under “My Data”, “Personal Data” the cross-device analysis of you use.

User terms: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: https://www.google.com/policies/privacy/.

 15.1.2 Monetate

We likewise use the analysis and personalising service Monetate of the firm Monetate Inc (951 Hecotr St, Conshohocken, PA 19428, United States). Monetate uses cookies that are stored on your computer and enable us to analyse the usage of our internet site and its optimisation.

The following data is transmitted:

·         IP address

·         Device-related data such as device type, model, operating system, browser type and version

·         Usage-related information such as time of use, dwell time, point of origin

For more information regarding Monetate data protection, please consult the Data Protection Notice of Monetate.

 15.1.3  Braze

In the mytheresa.com app we use the services of Braze, Braze, Inc. 330 W 34th Street, 18th Floor, New York, NY 10001, USA. Braze is a  Marketing und Analyse Service app. The service enables us to understand the function and use of our mobile content on your device. Furthermore, we use Braze in order to send you tailored promotions and information on our products per push notification or in-app message. We also inform you via Braze about items you have forgotten in your shopping bag.

Braze uses the following personal data

  • IP address (is not stored)

  • Device-related data such as device type, model, operating system, browser type and version

  • Usage-related information such as time of use,

  • First name

  • Email hash

  • Braze SDK and message interaction data

  • Installations ID

  • Devices ID

15.1.4 CommandersAct

Our provider CommandersAct, Fjord Technologies headquarters | Commanders Act | 3/5 rue Saint-Georges | 75009 Paris | France, is a solution for the central management and control of our marketing tags as well as the interface for data transfer to our service providers. It also helps us to analyse and optimise our offerings using the Phoenix tool from CommandersAct.

The following personal data is collected:

  • Communication data

  • Contract master data (such as product interest)

The use of CommandersAct serves to simplify and continuously improve our marketing activities.

The data collected from you via this system will be used for the purposes mentioned above. You also have the right to object to this processing. If you object to this processing, processing via this system will be blocked for the future. To object to the processing, please use the option created by CommandersAct to set an opt-out cookie.

To do this, use the link: https://www.commandersact.com/de/datenschutz/. You can also visit the commandersact.com website for more information about the collection, use and security of data.

 15.1.5 New Relic

On this website we use a plug-in of the website analysis service of New Relic (188 Spear Street, Suite 1200 San Francisco, CA 94105, USA). It enables statistical evaluations of the speed of the website to be recorded and is used to optimise the website.

When a user calls up a website of this offer containing such a plug-in his or her browser establishes a direct connection with the New Relic server. The integration of the plug-in provides New Relic with the information that a user has called up on the corresponding page of the offer.

The following data is transmitted:

  • IP address

  • Device-related data such as device type, model, operating system, browser type and version

  • Usage-related information such as time of use, dwell time, point of origin

  • New Relic User ID

According to New Relic no additional personal data is collected.

For more information regarding New Relic data protection, please consult the Data Protection Notice of New Relic.

 15.1.6 Crashlytics

We use Crashlytics (a service of Google Ireland Ltd., Gordon House, Barrow St, Dublin 4, Ireland) in the mytheresa.com app for the purpose of measuring quality as well as evaluating the use behaviour of our app user. Crashlytics focuses on measuring technical crashes of the app with the intention of making the app more stable and to avoid errors in the app source code for improved user friendliness. Furthermore, we can use Crashlytics to track which app version the user has and whether a user regularly updates the app.

Crashlytics uses the following personal data

  • IP address

  • Device-related data such as device type, model, operating system, browser type and version

  • Usage-related information such as time of use, dwell time, point of origin

 15.1.7 Firebase Cloud Messaging Server

In the Android app we likewise use the services of Firebase Cloud Messaging Server (a service of Google Ireland Ltd., Gordon House, Barrow St, Dublin 4, Ireland). The Firebase Cloud Messaging Server allows us to ascertain whether you agree to the receipt of push notifications or not. This enables us to ascertain whether you want to receive push notifications via the app or not.

The Firebase Cloud Messaging Server uses the following personal data:

  • Instance IDs (devices ID)

 15.1.8 Return Path

We use Return Path, a service from Return Path, Inc. 3 Park Avenue, 41st Floor, New York, NY 10016, to optimise our email delivery and increase the profitability of email channels. Return Path used web beacons to track user behaviour.

The following data is processed:

  • IP address

  • Email address

  • Telephone number

  • Possibly first and last names

You can find more information about the privacy policy of Return Path in the Data Protection Information provided by Return Path.

 15.1.9 Adjust

We use the services Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin | Germany for mobile analytics and attribution services.

Adjust SDK and APIs (collectively the “Adjust technology”) may process some of the following data from you as the End User:

  • Hashed IP address

  • Mobile identifiers such as the ID for Advertising for iOS (IDFA), Google Advertising ID or similar mobile identifiers

  • Installation and first opening of an app on Your mobile device

  • Your interactions within an app (e.g. in-app purchases, registration)

  • Information regarding which advertisements You have seen or clicked on

  • For the Unbotify/Fraud product additionally: sensory data including touch events, counting text changes, accelerometer, gyroscope, battery, light sensor, device hardware specifications and operating system version

The aforementioned data is used for providing mobile analytics and attribution services, which allowes us to track the marketing performance, to match end user to our campaigns and to understand how the user engage with our app. Customer interactions in our app is tracked in real time in order to see the engagement over their full lifetime. The aforementioned data is therefore processed in order to analyze the performance of marketing campaigns and to provide performance reports.

Adjust do not combine the data with any other data that would enable us to personally identify you. Any information processed via the Adjust technology is owned and controlled by Mytheresa who has implemented the Adjust technology into their mobile app.

Adjust do not share or disclose the user data with anyone else except with our server providers and in response to lawful requests by public authorities, including national security or law enforcement requirements. The data is stored as long as we are using the Adjust technology.

15.1.10 Clarity

We likewise use the analysis and personalising service Microsoft Clarity of the firm (One Microsoft Way, Redmond, WA 98052, United States) to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. Clarity uses cookies that are stored on your computer and enable us to analyse the usage of our internet site and its optimisation. The information generated by the cookies due to your use of this internet site is transferred to a Clarity server in the USA and stored and processed there on our behalf.

The following data is transmitted:

  • IP address

  • Device-related data such as device type, model, operating system, browser type and version

  • Usage-related information such as time of use, dwell time, point of origin

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement Datenschutzerklärung von Microsoft – Microsoft-Datenschutz

15.1.11 Wunderkind

We use the analysis and personalising service Wunderkind Corporation d/b/a Wunder, a Delaware corporation having a principal place of business at 285 Fulton Street – One World Trade Center, 74th Floor, New York, NY 10007 is a SaaS platform that helps customers to scale their personalised email marketing programmes. Wunderkind uses cookies stored on your device and other pseudonymous identifiers to improve the level of personalisation offered to our site visitors, and improve our email marketing. The information generated by the cookies due to your use of this internet site is transferred to a Wunderkind server in the USA or another country, other than your country of residence and you consent to such transfer.

The following data is transmitted:

  • IP address

  • Device-related data such as device type, model, operating system, browser type and version

  • Usage-related information such as time of use, dwell time, point of origin

  • Email hash

If you have given your consent, you will receive personalized advertising and marketing content via the following communication channels: Email, SMS, push notification, in-app notifications.

We use your email address, which we have received in the context of an order, for the electronic sending of advertising for our own goods or services that are similar to those that you have already purchased from us, unless you have objected to this use.

Data used for marketing purposes will be stored in pseudonymized form and passed on to Wunderkind.

For more information regarding Wunderkind data protection, please consult the Data Protection Notice of Wunderkind.

16 INSTRUCTION ON THE RIGHTS OF AFFECTED PERSONS

The rights and options described below are subject to limitations and exceptions under applicable law. To exercise any of the rights below send us an email at privacy@mytheresa.com. We will respond to your requests to exercise your privacy rights in accordance with applicable law. We may request additional information from you to verify your identity and complete your request. If we deny your request, we will explain why.

16.1 Right to Information

You have the right to obtain from us confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data.

16.2 Right of Correction

You have the right to correction and/or completion against the responsible person, if the personal data processed that affect you are incorrect or incomplete.

16.3 Right of Deletion

You can demand the responsible person that the personal data affecting you be deleted.

16.4 Right of Data Portability

You have the right to receive the personal data affecting you, which you made available to the responsible person, in a structured, accessible and machine-readable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.

16.5 Right to Opt-Out

You may have the right to opt-out of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As disclosed above, we may process your personal data for targeted advertising. To submit a request to opt out of such processing, please click the following link: “Do Not Sell or Share My Personal Information // Your Opt-Out Rights,” in which case we will respond to your request in accordance with applicable law.

16.6 Right to Appeal

Some US residents in certain states have the right to appeal our denial of your request, which you may exercise by responding to the message we send to you communicating our denial stating that you appeal our decision. In these cases, we will reconsider your request and then notify you of our decision.

17 OUR PAYMENT SERVICE PROVIDERS

We offer different payment options, such as payment by credit card or payment by PayPal.

You can find more details about the processing of your personal data by the payment service providers in their privacy policies:

Please find below the list of our Payment providers:

Payment provider

Payment methods

Adyen N.V.
Simon Carmiggeltstraat 6-50, 1011 DJ, Niederlande
Privacy Policy:
https://www.adyen.com/policies-and-disclaimer/privacy-policy.

Credit Card
iDeal
EPS
WeChat Pay
AliPay

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal 2449 Luxembourg
Privacy Policy:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full

PayPal

PAYONE GmbH
Lyoner Straße 9, 60528 Frankfurt am Main, Deutschland

Privacy Policy:

https://www.payone.com/DE-de/datenschutz

Credit Card

 

18 SOCIAL SHARING FUNCTIONS

Our website uses the following social sharing functions:

  • Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)

  • X, formerly Twitter (operator: X Corp., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

  • Google+ (operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

  • Pinterest (operator: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)

  • LinkedIn (operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Data collection takes place by the relevant social sharing provider, as soon as you click on the relevant icon on the product detail page. You can access the privacy policy of the different social media providers here:

Facebook
X
Google+
Pinterest
LinkedIn

19 SOCIAL BOOKMARKS

So-called social bookmarks (e.g. from Facebook, X and Xing) are integrated into our website. Social bookmarks are internet bookmarks, with which the user of such a service can collect links and news messages. These are integrated into our website  as a link to the relevant services. After clicking the integrated graphic, you will be forwarded to the site of the relevant provider, i.e. then will user information be transferred to the relevant provider. Information on dealing with your personal data in the use of these websites can be found in the relevant privacy policies of the provider.

20 LINKS TO OTHER WEBSITES

Our web pages may contain links to other providers. We point out that this data protection declaration applies exclusively to the web pages of mytheresa.com. We have no influence on and do not control whether the other providers adhere to the data protection provisions.

21 CHANGES TO THE DATA PROTECTION DECLARATION

We reserve the right to change or adjust this data protection declaration at any time, taking account of the applicable data protection provisions.