Data Processing Information
PUMA Shopping App
This Data Processing Information provides information on the processing of your personal data whenever you use this application "PUMA Shopping App" (hereinafter “App”) in accordance with the Applicable Data Protection Laws, including the GDPR.
- Scope, data controller, data protection officer and definitions
- Scope of this Data Protection Information
This Data Protection Information applies to the use of this App, including any measures connected with your orders. Data processing on websites of other PUMA entities within the PUMA Group are not covered by this Data Processing Information.
Definitions
This Data Processing Information is based on the following terms under data protection law, which we have defined to facilitate understanding.
- Applicable Data Protection Law means any applicable laws and regulations in any relevant jurisdictions relating to privacy or the use or processing of personal data, including the GDPR, and any consequential national data protection legislation, in each case, to the extent in force, and as such are updated, amended or replaced from time to time.
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- SPDI Rules means Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 framed under the IT Act 2000.
Recipient means a natural person or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Examples of possible recipients: IT services providers or adverting partners; for more information, please refer to Section 4)
- PUMA Group means all enterprises that are affiliated with PUMA SE pursuant to Section 15 Aktiengesetz [German Stock Corporation Act].
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of personal data: name, contact details, IP addresses.
Controller means the natural person or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processing means any operation or set of operations which is on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller and data protection officer
Unless otherwise specified in this Data Processing Information, responsible for the processing of your personal data is:
PUMA SE
PUMA Way 1
91074 Herzogenaurach
Germany
Email: shopping-app@puma.com (mailto:shopping-app@puma.com)
Privacy contact/Data Protection Officer:privacy@puma.com (mailto:privacy@puma.com)
Where specified in this Data Processing Information, responsible for the processing of your personal data is the PUMA Affiliate in the region from which you are using the App (“PUMA Affiliate”, and together with PUMA SE “we” or “us”):
For App users and customers within in India, the PUMA Affiliate responsible for the processing of your personal data is:
PUMA Sports India Pvt Ltd.
Madhuresh Singh
Email: madhuresh.singh@puma.com
Privacy contact/Grievance Officer: madhuresh.singh@puma.com
For App users and customers within the United States, the PUMA Affiliate responsible for the processing of your personal data is:
PUMA North America, Inc
455 Grand Union Blvd.Somerville, MA 02145
Email: usprivacy@puma.com
Privacy contact: usprivacy@puma.com
For App users and customers within the United Kingdom, the PUMA Affiliate responsible for the processing of your personal data is:
PUMA UNITED KINGDOM LTD
Canada House (6th Floor) 3 Chepstow Street, M1 5FW Manchester
Email: puma-uk-app-privacy@puma.com
Privacy contact: simon.venediger@puma.com
Purposes and legal bases of our processing of your personal data
The legal basis for all data processing is stipulated in the relevant Applicable Data Protection Law. We process your personal data accordingly for business processes, for the initiation, performance, and recession of contractual relationships, upon legal obligations but also for upholding contractual relationships, for offering and delivering products and services, as well as for strengthening our customer relationship, which includes analysis for performance and marketing purposes.
Your consent can also constitute a permission for the processing of your personal data. In case your consent is asked for accordingly, we will inform you about the purpose of the data processing and your right of withdrawal. If your consent for processing personal data relates to special categories of personal data, we will specifically point this out to you in advance.
With the App, we would like to provide you with a comprehensive experience known from our shopping websites in an App as well.
When you have logged into the App, the PUMA shopping experience is directly available, like the functions you are already familiar with. This includes you customer account, receiving tailored product recommendations, personalised discounts, etc.
Which data we process is determined by the respective context:
Provision of the App and feedback
When you use the App or provide feedback on the App, PUMA SE will process personal data from you to run the App and to guarantee its usability, stability and security. This includes the following personal data:
- Requested files, transferred data volumes, downloads/ file exports
- Geographical location
- IP address (immediately anonymised by shortening the IP address to not establish a connection to the user)
- type and version of browser
- Type, version and language of operating system and platform
- the complete Uniform Resource Locator (URL)
This data processing is necessary for the purpose of our legitimate interest to run the App and to guarantee its usability, stability and security.
- Use of the App
When you use the App, the following data and information from the calling device may be recorded by our system:
App version and app language
Operation system and version
Device type, device name, device manufacturer and device language
Network provider/ network/ country code
Date and time of use
Session ID and user status to identify your connection session
Cookie ID
IP address – anonymized as soon as possible
Time of occurrence of app malfunctions for troubleshooting purposes
These log files are stored anonymized and help us to find errors and to correct such as quickly as possible. Log files also help us to optimise the functionality of the App, control server and storage capacity and improve our services towards you.
Processing log file data for these purposes is based on our legitimate interest. Your log file data is not used for marketing purposes in this context. The data stored in log files is deleted after 90 days at the latest.
- App permissions
When you use certain features in the App, PUMA SE will ask you for permission to access specific system- and device level functions. This includes the following permissions:
- When you first launch the App, PUMA SE will ask you to send push notifications to keep you up-to-date with the latest news and product drops.
- When you use the Virtual Try-On feature, PUMA SE will ask you to access your camera to detect your foot and overlay the 3D model of the shoe. PUMA Affiliate will also ask you to access your camera, when you scan barcodes via the search.
- When you use the store locator, PUMA SE will ask you to access your geolocation to display stores that are close to your current location.
You can change your permissions in your App account settings or in your device’s system settings.
- Analytics
When you use this App, PUMA SE will process personal data from you to understand how you interact with the App (e.g. if you add or remove certain products to/from the shopping cart). This includes the following personal data:
Cookie or similar identifier (see further information under “Use of cookies and similar technologies”)
Usage events (e.g. when you click on certain a product)
Cart and Purchase events (e.g. what products did you purchase)
Referral data and traffic events (e.g. did you load the app from a weblink)
Geographical location and device language
Gender and age range
Your unique app store account ID
Cart and Purchase events (e.g. what products did you purchase)
Referral data and traffic events (e.g. did you load the app from a weblink)
Geographical location and device language
Gender and age range
Your unique app store account ID
This data processing is based on your consent. You can withdraw your consent in your App account settings. If you do not consent or withdraw your consent, PUMA SE will only analyze your use of the App on an aggregated basis without identifying you.
Use of cookies and similar technologies
In our App, PUMA SE uses cookies and other similar technologies (e.g. scripts, pixels or fingerprinting; altogether “Cookies”). They serve to make our offering more user-friendly, more effective and secure. Through Cookies, your actions and settings on our App can be tracked, stored and recognized for the duration of the browser session or even after this. In addition to this, Cookies and their respective identifiers allow your device to be recognised. This allows us to design our App content and gives us the option to measure the effectiveness of announcements or advertisement and to place it appropriately.
Further information about the use of Cookies is available under cookie notice of App.
Our use of cookies is primarily based on our legitimate interest in data processing; in most cases, however, we obtain your consent in advance, which you can of course withdraw at any time via the privacy settings.
Region specific content from PUMA Affiliates
Where PUMA Affiliates provide region specific content within the App, responsible for the processing of your personal data is the PUMA Affiliate in the region from which you are using the App. Which data is processed is determined by the respective context, but can include the following purposes:
- Registration and management of a customer account
- User authentication
- Purchase and payment of products
- Purchase and payment of digital gift cards
- Product reviews
- Instagram social tagging
- Customer care
- Marketing communication (subscribers)
- Marketing communication (non-subscribers)
- Order management and order fulfilment
For App users and customers within in India, further information about the processing of your personal data is available under India Privacy Notice (https://in.puma.com/in/en/privacy-policy/PRIVACY_POLICY.html).
For App users and customers within in the USA, further information about the processing of your personal data is available under: US Privacy Notice (https://us.puma.com/us/en/help/privacy-policy).
For App users and customers within in the UK, further information about the processing of your personal data is available under: UK Privacy Policy (https://uk.puma.com/uk/en/help/privacy-policy).
Other Processing (Customization of shopping experience)
When we process personal data from you as described in Section 2 of this Data Protection Information, PUMA SE will also use this personal data to individualize our services and to provide you with a more customized shopping experience. Your personal data help us to build and understand your individual profile, including your individual shopping interests and preferences (e.g. what products you like). This allows us to provide you with more relevant content, offers, recommendations and communication tailored to you (e.g. we may display selected products we think you will be most interested in).
This data processing is necessary for the purpose of our legitimate interest to improve the products and services we offer and to carry out marketing activities.
Retention and erasure of your personal data
We store your personal data only for as long as it is required for the applicable processing purposes. As soon as the data for the purposes is no longer required, we might keep your personal for the length of time, during which you can assert claims against us or we can assert claims against you (the statutory period of limitations is generally three years, starting with the end of the year in which the claim arises, e.g., the end of the year of purchase).
In addition to this, we store your personal data for as long and to the extent we are obliged to do so by law. Corresponding obligations of proof and retention can be found, inter alia, in the applicable commercial codes, tax law and money laundering act, and all related applicable laws or legislations. The retention periods may accordingly last up to ten years.
Transfer of personal data and the categories of recipients
Your personal data may be transferred / disclosed to the following categories of recipients:
Our service providers who are involved in the development and provision of the App and its functionalities, our CRM system provider as well as our service analytics and retargeting providers and linked social media platforms; we ensure that suitable safeguards (e.g. conclusion of EU Standard Contractual Clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) and, if necessary, additional measures with such providers) for adequate data protection are in place, if Personal Data are disclosed to service provides established outside the EU/EEA,
- Selected employees within the PUMA Group, insofar as this is absolutely necessary (on a need-to-know base) for the performance of their obligations (e.g., support staff),
In the case of legal disputes, we transfer your data to the competent court or law enforcement authority and, if you have engaged a lawyer, to the latter (if requested by the lawyer), in order to conduct the legal dispute. This transfer of personal data is necessary for compliance with a legal obligationand/or for the purpose of our legitimate interest in the establishment and exercise of legal claims.
In addition to this, we only transfer your personal data if we are legally obliged to forward such data (e.g., to the police authorities within the scope of criminal investigations or to the data protection supervisory authorities). This transfer of personal data is necessary for compliance with a legal obligation.
- Obligation to provide personal data
Certain personal data is necessary for the initiation, performance, and recession of a contractual relationship, as well as the fulfilment of related contractual and legal obligations. The same applies to the use of this application and the various functions within.
Please be aware, that the use of this App and the underlying contractual relationship cannot be guaranteed without the provision of the above-mentioned personal data.
Right to object to data processing based on legitimate interests
If we process your personal data according to Section 2 of this Data Processing Information on the basis of our legitimate interests, you can – without prejudice to, if applicable, specific unsubscribe / opt-out possibilities provided in Section 2 – object to the respective data processing at any time on grounds relating to your particular situation by sending your request either by email to shopping-app@puma.com or in writing, to a PUMA entity as named under section 1. We will then no longer process your data for this / these purpose(s) unless our legitimate interests in processing overweighs or the processing serves to establish, exercise, or defend legal claims.
If you object to the processing of your data, we will process any collected personal data in this context in order to respond to your request. This data processing is necessary for compliance with a legal obligation.
Your other data protection rights
In accordance with Applicable Data Protection Laws, you may demand at any time that we:
provide you with information on your personal data that we process,
rectify any of your personal data,
erase, restrict and/or export any of your personal data stored on our systems,
address any grievances you may have with respect to the personal data that we process through our grievance officer.
Please send your request either by email to shopping-app@puma.com (mailto:product.owner@puma.com) or in writing, to a PUMA entity as named under section 1.
If you exercise these rights, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation.
Irrespective of your abovementioned rights, you can lodge a complaint with a data protection supervisory authority, if you are of the opinion that the processing of your personal data by PUMA violates Applicable Data Protection Laws.
Links to third parties
Within this App links to websites of other parties are – visibly – included. As far as links to websites of other providers are available, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of these sites is always responsible for the contents of these sites. The linked pages were checked for possible violations of law and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements of the law, such links will be removed immediately.
Changes to this Data Processing Information
The provisions of this Data Processing Information shall apply in the version in force at the time this App is visited, and the service is used.
We reserve the right to supplement and modify the content of this Data Processing Information. The updated Data Processing Information applies from the time, in which it was published on this application.