Go to homepage Go to homepage

Data protection

Sign In
Telephone advice

Data protection

Data Protection

Held Fashion Retail GmbH (hereinafter referred to as FRANK WALDER) is a subsidiary of Frankenwälder E. Held GmbH & Co. KG. The protection of your personal data is a very important concern for us. FRANK WALDER issues this Privacy Statement to inform you about our data protection policies and measures.

This Privacy Statement applies to personal data, the collection of non-personal data, and compiled reports for statistical analysis.

Visiting our website is generally possible without providing personal data.

With the following information we would like to give you, as a “data subject,” an overview of the processing of your personal data by us and your rights under data protection laws. Using our websites is generally possible without entering personal data. However, if you wish to use special services of our company via our website, processing of personal data may be necessary. If processing of personal data is required and there is no legal basis, we generally obtain your consent.
The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the national data protection provisions applicable to Held Fashion Retail GmbH. Through this Privacy Statement, we wish to inform you about the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organizational measures to ensure the most secure protection of personal data processed via this website. Nevertheless, internet-based data transmission may have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to provide personal data through alternative means, such as by phone or by mail.
You can also take simple, easy-to-implement measures to protect your data against unauthorized third-party access. Therefore, we would like to give you some tips here on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
  • Only you should have access to the passwords.
  • Make sure that you use your passwords exclusively for one account (login, user or customer account).
  • Do not use a password for different websites, applications or online services.
  • Especially when using publicly accessible or shared IT systems: you should always log out after each session on a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not include common everyday words, your own name or names of relatives, but rather a mix of uppercase and lowercase letters, numbers, and special characters.

1. Responsible Entity:

Held Fashion Retail GmbH

Hans-Hofmann-Str. 11
95213 Münchberg

Local Court Hof: HRB 3473
Tax Number: 223/159/57005
VAT Identification Number: DE 224925645

Legally represented by the Managing Director:
Carolin Kittel

Operationally responsible:
Head of E-Commerce
Johannes Diehl

If you have any questions, we are available by phone Monday to Thursday from 8 a.m. to 4 p.m. and Friday from 8 a.m. to 12 p.m. at +49 (0) 9251 447 245 or by email at onlineshop@frankwalder.com.

2. Personal Data:

These are individual details about your personal or factual circumstances. FRANK WALDER uses personal data to better address your needs and interests and to provide you with optimal service. FRANK WALDER will not sell your personal data to third parties for marketing purposes.

The following data is collected in the course of a purchase in our online shop:

  • First name, last name, street and house number, postal code and city, date of birth, email address

Depending on the selected payment method, the following data may also be collected for processing your purchase:

  • Billing and transaction data, credit card data

FRANK WALDER will generally only pass on your personal data to third parties if this is necessary to fulfill the contract. Service providers within the EU are involved in order processing and shipping who process customer personal data on behalf of us.

In order to provide you with more personal support and to continuously improve our offers, we may also ask you for information about your personal or professional interests, demographic data, as well as your experiences with our products or services. Providing this additional information is voluntary.

3. Transfer of Data to Third Parties:

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  1. You have given your express consent pursuant to Art. 6 para. 1 lit. a GDPR,
  2. the transfer is permissible under Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest in not having your data disclosed,
  3. in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 lit. c GDPR, and
  4. this is legally permissible and necessary for the execution of contractual relationships with you pursuant to Art. 6 para. 1 lit. b GDPR.

To protect your data and to allow us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a GDPR may serve as a legal basis for the transfer to third countries. This does not apply to data transfers to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework and thus covered by the EU Commission's adequacy decision pursuant to Art. 45 GDPR. We have explicitly named the affected service providers in this privacy policy. In all other cases, we protect your data through data processing agreements based on the Standard Contractual Clauses of the European Commission. If these are not sufficient, your consent pursuant to Art. 49 para. 1 lit. a GDPR may serve as the legal basis for the transfer to third countries. This also does not apply to countries with an adequacy decision pursuant to Art. 45 GDPR.

4. Disclosure of Personal Data for Order Processing:

The personal data we collect will be forwarded to the transport company entrusted with the delivery, insofar as this is necessary for the delivery of the goods.

In the event of a purchase, Held Fashion Retail GmbH will obtain a credit report to safeguard our legitimate interest in proper payment processing. For this purpose, the data required for a credit check about you will be used under a data processing agreement, and the statistical probability of default determined from these data will be used to make a balanced decision about the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated based on scientifically recognized mathematical-statistical methods and may include address data. Your interests worthy of protection will be taken into account according to the legal provisions.

We transmit personal data collected within this contractual relationship regarding the application, execution, and termination of this business relationship as well as data about non-contractual behavior or fraudulent behavior to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich. Legal bases for these transmissions are Article 6(1)(b) and Article 6(1)(f) of the GDPR. Transfers based on Article 6(1)(f) GDPR may only take place if this is necessary to protect the legitimate interests of our company or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data. The data exchange with CRIFBÜRGEL also serves to fulfill legal obligations for the creditworthiness check of customers (§ 505a and 506 of the German Civil Code). CRIFBÜRGEL processes the received data and also uses them for the purpose of profiling (scoring) to provide its contractual partners in the European Economic Area, Switzerland, and possibly other third countries (provided an adequacy decision by the European Commission exists) with information, including for assessing the creditworthiness of natural persons. Further information on CRIFBÜRGEL’s activities can be found in the CRIFBÜRGEL information sheet or online at www.crifbuergel.de/de/datenschutz.

You must ensure that you inform third parties to whom you make your devices available and that they also accept the described measures or otherwise refrain from visiting the FRANK WALDER online shop using your devices.

If you choose the credit card payment method, payment is processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. We transmit your information provided during the order process and details about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency, and transaction number) to Stripe. Your data is passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. For more information on Stripe's data protection, please visit: https://stripe.com/de/terms.

We have integrated components from PayPal on this website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option to process virtual payments via credit cards for users who do not maintain a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal allows online payments to be triggered to third parties or payments to be received. PayPal also performs trustee functions and offers buyer protection services.

If you choose "PayPal" as a payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal typically includes first and last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Also necessary for the execution of the purchase contract are those personal data that are related to the respective order.
The transmission of the data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. This transmission is intended to check identity and creditworthiness.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors, provided that this is necessary to fulfill contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to the handling of personal data at any time from PayPal. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
The use of PayPal is in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The transmission of your personal data is carried out exclusively based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
The applicable data protection regulations of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

5. Use of the Newsletter Tool "BREVO":

The newsletters are sent using "Brevo", a newsletter platform provided by the German provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

The email addresses of our newsletter recipients and customers, as well as their other data as described in these notes, are stored on the servers of Sendinblue. Sendinblue uses this information to send and evaluate the newsletters on our behalf. Furthermore, according to Sendinblue, they may use this data to optimize or improve their own services, e.g., for technical optimization of the sending and display of the newsletter or for economic purposes to determine from which countries the recipients come. However, Sendinblue does not use the data of our newsletter recipients to write to them themselves or pass them on to third parties.

Sendinblue’s privacy policy can be found here. By using the form on this website, you consent to the data processing by Sendinblue to the extent specified.

Statistical Collection and Analyses

The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from the Sendinblue server when the newsletter is opened. In the context of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times.

Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. This information can technically be assigned to the individual newsletter recipients. However, it is neither our intention nor that of Sendinblue to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Use of the Chat Function of BREVO

This website uses the Brevo Chat operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

Brevo Chat is a service for managing and analyzing live chats and messenger conversations. The data you enter during the conversation will be stored on servers of Sendinblue in Germany or France. The use of Brevo Chat may result in information about your website activities, such as operating system/device, location, and browser type, being transmitted to and stored on a server of Sendinblue.

More details can be found in Brevo’s privacy policy: https://www.brevo.com/de/legal/privacypolicy/.

The processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time. The withdrawal does not affect the lawfulness of the processing carried out until the withdrawal.

6. Use of Cookies:

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. Stored data may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was watched. We also include other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as "user IDs").

The following types and functions of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes their browser.
  • Persistent cookies: Persistent cookies remain stored even after the browser is closed. For example, the login status can be stored or preferred content can be displayed directly when the user revisits a site. Similarly, user interests used for reach measurement or marketing purposes can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly necessary) cookies: Cookies may be strictly necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).
  • Statistics, marketing, and personalization cookies: Cookies are also usually used for reach measurement as well as when user interests or behavior (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles are used to show users content that matches their potential interests. This process is also known as "tracking", i.e., tracing the potential interests of users. Where we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Legal Basis Information: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in a business operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations, the processing is based on this necessity.

Storage Duration: Unless we provide you with explicit information about the storage duration of permanent cookies (e.g., as part of a cookie opt-in), you can assume that the storage duration can be up to two years.

General Information on Revocation and Objection (Opt-Out): Depending on whether processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data through cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection via your browser settings, e.g., by disabling the use of cookies (which may also restrict the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. You can also receive further objection instructions within the information on the service providers and cookies used.

Processing of Cookie Data Based on Consent: Before we process or allow data to be processed in the context of the use of cookies, we ask users for a revocable consent. Before consent is not given, we use cookies only if they are strictly necessary for the operation of our online offering.

  • Types of processed data: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

7. Web Analytics:

7.1 Meta Pixel (formerly Facebook Pixel)

This website uses the Facebook Pixel from Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). If you give your express consent, the behavior of users can be tracked after they have seen or clicked on a Facebook ad. This process is intended to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures.

The data collected is anonymous for us, so we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta, so a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with Meta's data usage policy (https://www.facebook.com/about/privacy/). Meta and its partners can also place advertisements on and outside of Facebook. Furthermore, a cookie may be stored on your computer for these purposes.

This processing is carried out exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR.

This US company is certified under the EU-US Data Privacy Framework. There is thus an adequacy decision according to Art. 45 GDPR, so that a transfer to the USA is permissible without additional measures.

7.2 Use of the Conversions API

We use the Facebook Conversions API, an interface for servers that sends event data directly from our servers to Facebook. The functionality and purpose are essentially the same as those of the Facebook Pixel described above. For this reason, please also refer to the data protection notices regarding the use of the Facebook Pixel and Facebook Custom Audiences. In addition to event data, we may transmit additional data such as name, email address and telephone number to Facebook in encrypted form. This data is used to assign events to individuals and to create Custom Audiences. After the assignment, the data is deleted again.

7.3 Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Analytics uses cookies that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server and stored there. In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted.

The following data may be collected:

  • IP address (in anonymized form)
  • Technical browser and device information
  • Location (based on anonymized IP)
  • Interaction data (e.g., clicks, scroll behavior, session duration)
  • Page views
  • Referrer URLs

Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website and internet usage. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

The use of Google Analytics takes place on the basis of your consent according to Art. 6 para. 1 lit. a GDPR.

This US company is certified under the EU-US Data Privacy Framework. There is thus an adequacy decision according to Art. 45 GDPR, so that a transfer to the USA is permissible without additional measures.

For more information on the terms of use of Google Analytics and data protection at Google, please visit: https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/privacy?hl=en.

7.4 Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This function enables the advertising target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google Ads and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you depending on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have given the corresponding consent, Google will link your web and app browser history with your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google Account.

To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account: https://www.google.com/settings/ads/onweb/.

The summary of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not merged with your Google Account (e.g., because you do not have a Google Account or have objected to the merger), the data collection is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

8. Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

  • Right to access pursuant to Art. 15 GDPR: You can request confirmation as to whether your personal data is being processed by us. If so, you can request detailed information about the data and processing activities.
  • Right to rectification pursuant to Art. 16 GDPR: You have the right to request the correction of incorrect personal data or completion of incomplete data.
  • Right to erasure pursuant to Art. 17 GDPR: You can request the deletion of your personal data under certain circumstances (e.g., when the data is no longer needed or you withdraw your consent).
  • Right to restriction of processing pursuant to Art. 18 GDPR: You may have the right to restrict processing if you contest the accuracy of the data or object to processing.
  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
  • Right to object pursuant to Art. 21 GDPR: You have the right to object to processing based on legitimate interests or direct marketing purposes.
  • Right to withdraw consent pursuant to Art. 7(3) GDPR: You can withdraw consent at any time with effect for the future.
  • Right to lodge a complaint pursuant to Art. 77 GDPR: You have the right to lodge a complaint with a supervisory authority if you believe the processing of your data violates data protection law.

9. Contact for Data Protection

If you have questions regarding the collection, processing, or use of your personal data, for information, correction, blocking, or deletion of data, as well as for revocation of granted consents or objections to specific data use, please contact:

Held Fashion Retail GmbH
Data Protection Officer
Hans-Hofmann-Str. 11
95213 Münchberg
Email: datenschutz@frankwalder.com

10. Changes to the Privacy Policy

We reserve the right to change this privacy policy at any time in compliance with applicable data protection regulations. The current version is always available on our website. Please inform yourself regularly about the contents of the data protection declaration.

Filter