We appreciate your interest in our company. We take the protection of your personal data very seriously and so would like to inform you about the processing of your data as comprehensively as possible.
a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter called "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person, whose personal data is processed by a data controller responsible for the processing.
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
d) Restriction of processing
Restriction of processing is marking stored personal data with the aim of limiting its processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for its nomination may be designated by European Union law or the law of the Member State.
The processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency, or any other body to whom personal data is disclosed, irrespective of whether it is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients.
j) Third party
A Third-party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
The data subject’s consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
BSTN Store GmbH,
Kühler Weg 1,
E-mail: [email protected] ,
Phone: +49 89 74 327 777
Contact information of data protection officer:
The BSTN Store GmbH data protection officer can be contacted as follows:
BSTN Store GmbH,
Kühler Weg 1,
E-Mail: [email protected]
Phone: +49 89 74327777
3.1 Accessing the website
When you access this website: www.bstn.com, the internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file. Until the automatic erasure, the following data is stored without further input by the visitor:
- IP address of the visitor’s device,
- Date and time of visitor access,
- Name and URL of the page accessed by the visitor,
- Website from which the visitor arrived at the website (so-called referrer URL),
- Browser and operating system of the visitor’s device, as well as the name of the access provider used by the visitor.
The processing of such personal data is in accordance with Art. 6 (1), sentence 1 lit f) of the GDPR. The company has a legitimate interest in data processing for the purpose of:
- Rapidly connecting to the website of the company,
- Enabling user-friendly use of the website,
- Identifying and ensuring the security and stability of the systems and
- Facilitating and improving the administration of the website.
3.2 Data collection during registration and payment processing
For the purposes of registration and payment processing, data such as the object of purchase, shopping basket, name, date of birth, address, email address, delivery address, payment type, and bank data is collected and processed by us, insofar as the processing is necessary for the performance of the contract or if the customer has consented to the processing.
The legal basis for the processing of personal data is Art. 6 (1), Sentence 1, lits a) and b) GDPR.
3.3 Contact form
Visitors can submit messages to the company via an online contact form on the website. In order to be able to receive an answer, at least a valid email address is required. All other information can be voluntarily provided to the person making the request. By sending the message via the contact form, the visitor agrees to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to requests via the contact form. This will be done on the basis of the voluntarily granted consent pursuant to Art. 6(1), sentence 1, lit a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the request has been completed and there are no grounds for further storage.
We offer our newsletter to persons with a minimum age of 16. If he/she subscribes to the newsletter, the visitor expressly agrees to the processing of the personal data provided. We use the so-called double opt-in procedure for the subscription to our newsletter. This means that after your registration, we will send an e-mail to the specified e-mail address in which we ask you to confirm that you want to receive the newsletter. Furthermore, we will always store the IP addresses used and the time of the registration and confirmation. This serves as a means of proof of your subscription and, if applicable, to solve any potential misuse of your personal data.
Mandatory information for sending the newsletter is your e-mail address. More, separately marked data can be specified voluntarily and will only be used to address you personally. If you have consented to the receipt of our newsletter, which is adjusted to your individual interests, we particularly process your e-mail address and your name for the purpose of sending the newsletter.
With your consent, we will record your user behaviour on our website. This evaluation of user behaviour includes in particular, which areas of the applicable website you visit, and what links you activate there. This creates personalised user profiles assigned to your person and/or email address, to better align any potential advertising campaigns, particularly in the form of newsletters and on-site advertisements, with your personal interests, and to improve the web content.
The legal basis for processing the personal data of the visitor for the purpose of sending newsletters is consent pursuant to Art. 6(1), sentence 1, lit a) GDPR.
The visitor can unsubscribe from the newsletter at any time This can be done by using a special link at the end of the newsletter or by a relevant e-mail message to [email protected] (without costs other than the transmission costs according to the base rates).
We use the service of Emarsys eMarketing Systems AG, Märzstrasse 1, A-1150 Vienna for processing the newsletter. For this purpose, your e-mail address is transmitted to Emarsys. We use the Emarsys Predict analysis tool for the composition of our individual e-mail newsletter, which evaluates both your use of the newsletter and your use of our website. In order to record your usage behaviour on our website, cookies are used to recognise your browser. Your movements on our website can thus be traced, and the success of specific marketing measures can be recorded and measured. Moreover, our newsletters may contain hyperlinks (“links”) that include random, but distinct identification numbers. These identification numbers can be collected and stored when these links are accessed by your computer. We also use the information on such access to trace the use of the newsletter and our website and to measure the success of specific marketing measures. We can thus adjust our offers to your individual requirements and interests.
Emarsys can use the recipients’ data in a pseudonymous form, i.e. without allocation to a user, for optimising or improving its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter, or for statistical purposes. However, Emarsys is not permitted to use the data to contact you itself or to pass on the data to third parties.
The legal basis for the processing of data after subscription to the newsletter by the user is your consent according to point (a) of Article 6(1) GDPR.
You can revoke your consent for the newsletter at any time as described above.
3.5 WhatsApp Newsletter
On our website, you have the option to receive a newsletter via the WhatsApp messaging platform. Under certain circumstances, a subscription to this WhatsApp newsletter may also be required in return for participation in competitions and/or raffles.
Data are collected automatically for sending the newsletter, including the user data you provided to WhatsApp (which may include your user name), your mobile number, your device, all messages sent to our service, and the messages you have read and clicked on. These data help us to send you individual messages according to your preferences. You can find further
The stated service can be cancelled as follows: If you do not wish to receive any more messages and wish to erase your data permanently, please send us a message stating “Remove all data” via WhatsApp. Please ensure exact spelling.
The legal basis for the processing of data after subscription to the newsletter by the user is your consent according to point (a) of Article 6(1) GDPR and/or the contractual consideration according to point (b) of Article 6(1) GDPR.
Furthermore, you have the option to participate in our raffles. They are offered during special promotions (e.g. sneaker release). In return for the participation, the participant agrees that BSTN Store GmbH may use the requested data disclosed by you (name, address, e-mail address, mobile number, age and date of birth, clothing and/or shoe size) for advertising purposes and for the individual presentation of our offers to you. In addition, you will subscribe to the e-mail newsletter in return (cf. item 3.3).
To prevent the unauthorised use of automated participations (e.g. via bots and other software or computer programs), we respectively store your used IP addresses and times of registration and confirmation. We can thus ensure a fair raffle to the benefit of all participants and counter any misuse. The legal basis for the processing of these personal data is point (f) of Article 6(1) GDPR.
In selecting the winner, we are supported by a service provider according to item 5.3, who receives the data from us.
The legal basis for the processing of personal data for participation in the raffle is point (b) of Article 6(1) GDPR. You may object to the use of your data at any time.
In the case of an application, we process only the data belonging to you that we require in the context of the application. This is, for example, contact data as well as all data in connection with your application, such as your C.V., references, and qualifications.
The legal basis for saving the data is derived from Section 26 of the Federal Data Protection Act (BDSG). The data will be deleted immediately, as soon as retaining it is no longer required. If the applicant is not appointed, the data will generally be deleted six months after the conclusion of the application process at the latest.
Our website and our service (e.g. raffles, newsletter, etc.) are addressed to persons who have completed the 16th year of age. Persons who have not yet completed the 16th year of age are not permitted to use our services.
Personal data will be transferred to a third party, if pursuant to Art. 6(1), sentence 1, lit a) GDPR it has been expressly consented to by the data subject, the transfer pursuant to Art. 6(1) sentence 1, lit f) GDPR is necessary to assert, exercise, or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in non-disclosure of their data, for the transmission of data pursuant to Art. 6(1) sentence 1 lit c) GDPR, there is a legal obligation, and/or pursuant to Art. 6(1), sentence 1, lit b) GDPR, this is required for the fulfillment of a contractual relationship with the data subject.
In other cases, personal data will not be passed on to third parties.
5.1 Payment service providers
We use payment service providers as third parties in order to execute purchase contracts.
The personal data that is transferred during a payment generally includes first and family names, your address, telephone number, IP address, email address, and other information that is required for the processing of your order, including the quantity of the ordered article, the article number, the invoice amount and invoice details.
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
Payment in our shop is via the following providers:
d. Credit card payments are processed by Paymill GmbH, St.-Martin-Strasse 63
5.2 Shipping companies
Our offered products are delivered to you with the assistance of shipping companies (DHL, UPS, and Fed-Ex). For this purpose, the shipping companies receive the following data:
Your email address (if the shipping service provider should inform you in advance of the expected delivery date).
Delivery is executed by the following service providers:
Storing this data is required for the execution of the purchase contract in accordance with Art. 6 paragraph 1b GDPR.
5.3 Competitions and Raffles
We use third parties as service providers for the selection of the winners of our raffles according to item 3.6. The personal information that is transferred usually includes your first and last name, shipping address, phone number, e-mail address, and other details such as shoe size and/or clothing size. The third party is our partner Smart Industries GmbH, Augustenstrasse 43, 80333 Munich, Germany. The legal basis for the transfer of personal data to participate in the raffle is your consent in accordance. Article 6 (1) (1) (a) GDPR. You can withdraw your consent at any time.
5.4 Cloud and storage services
We use the cloud and storage services of third-party providers to store and retain your data. This means that we send or otherwise disclose your data to third parties who can be anywhere in the world, including in the USA, for the purpose of storing such data on our behalf or for other processing purposes. Such facilities may be
- Xplenty (Privacy Policies: https://www.xplenty.com/privacy/)
- Amazon Web Services (Privacy Policies: https://aws.amazon.com/de/privacy/?nc1=h_ls)
- Tableau (Privacy Policies: https://www.tableau.com/de-de/privacy).
They are all certified under the Privacy Shield, i.e. the companies have submitted to the Privacy Shield agreement concluded between the European Union and the USA and received the relevant certification. They thus undertake to comply with the standards and provisions of the European data protection law (further information: https://www.privacyshield.gov/welcome).
So-called cookies are used on the website. These are data packets exchanged between the BSTN Store GmbH server and the visitor's browser. These are stored when you visit the website by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they contain no viruses or other malicious software. Cookies store information that is related to the specific terminal used. BSTN Store GmbH cannot use them to obtain direct knowledge of the identity of the visitor to the website.
Cookies are largely accepted by default browser settings. The browser settings can be configured so that cookies are not accepted, either on the equipment used or with specific notice being given before a new cookie is created. It is however important to note that disabling cookies may affect the optimum functionality of the website.
Cookies help to make it easier to use the company website. Session cookies, for example, can be used to keep track of whether the visitor has already visited individual pages of the website.
Session cookies are automatically deleted when you leave the website.
Temporary cookies are used to enhance user-friendliness. They are stored on the visitor's device for a temporary period. When you visit the website again, it automatically detects that the visitor already accessed the site at an earlier point in time and which inputs and settings were made so as not to have to repeat these.
Cookies are also used to analyse the number of times the website was accessed for statistical purposes and for the purpose of improving the content. When you next visit the website, cookies make it possible to automatically detect that the web page was previously accessed by the visitor. We use both temporary and permanent cookies on our website.
Cookies of third-party providers are used on the website that enables us to improve the quality of our offers to you during the use of our website. These cookies can collect your IP address and non-personal data of your visit. This is done anonymously and does not include your name, address, e-mail address, or other personal data. These cookies are used in addition to receiving anonymous statistical information on the use of the website. These cookies are deleted after one year.
If cookies are linked to personal data, they are deleted if and to the extent that storage is no longer required for the purpose of data collection. Cookies can be deleted by the visitor at any time.
7.1 Social Media
Analysis services and social plug-ins of various providers are used on our website. These allow you, in particular, to share the contents of the website with your network contacts. As a result of the integration, network providers receive information that the corresponding web page of our website was accessed from your IP address. If you are logged in to the network, the network provider may also associate your visit to our website with your network account. Our analysis services work exclusively with pseudonymised user profiles, which do not make it possible to identify the data subject.
The legal basis for the use of analysis tools and social plugins is Art. 6(1), sentence 1, lit f) GDPR. The website analysis is in the legitimate interest of our company and is used for the statistical recording of the site usage to continuously improve our website and range of services.
We additionally use the plug-in of the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA) to send you advertisements that are, as far as possible, tailored to your requirements and interests. If you access a page that contains such a plug-in, your browser directly establishes a connection to Pinterest’s servers. The plug-in transmits log data to Pinterest’s server in the USA. Such log data may include your IP address, the address of the visited websites which also include Pinterest functions, browser type, and settings, date and time of the request, your way of using Pinterest as well as cookies.
The legal basis is point (f) of Article 6(1) GDPR.
7.3 Use of Google Analytics and Google Tag Manager
operating system used;
referrer URL (the website visited before);
the hostname of the accessing computer (IP address);
time of server request;
is usually transmitted to a server of Google in the USA and stored there. In the event of the activation of the IP anonymisation on this website, your IP address will be shortened beforehand by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on the website activities, and to provide other services relating to the use of the website and the Internet to the website operator.
7.3.2 The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with any other data of Google.
7.3.3 You can prevent the storage of such cookies by changing the settings of your browser software accordingly; however, we would like to draw your attention to the fact that, in this case, you might not be able to use all functions of this website to the fullest extent. In addition, you can prevent the collection of the data created by the cookie and related to your use of the website (incl. your IP address) as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
7.3.4 This website uses Google Analytics with the “_anonymizeIp()” extension. In this way, IP addresses will be further processed in a shortened form, making it thus impossible to link it to a particular individual. Insofar as the data collected about you is personal, it will be immediately excluded, and the personal data will be deleted immediately.
7.3.5 We use Google Analytics to analyse and make regular improvements to the use of our website. With the statistics that we obtain, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data are transferred to the USA, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is point (f) of Article 6(1) GDPR.
7.3.6 Information of the third-party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html
7.3.7 This website uses Google Analytics additionally for an overall device analysis of visitors, which is carried out via a user ID. You can deactivate the overall device analysis in your customer account under “my data”, “personal data”.
7.3.8 Use of the Google Tag Manager: Google Tag Manager is a solution by means of which marketers can manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect personal data. The tool triggers the implementation of other tags that may collect data on their part. Google Tag Manager does not access these data. In case of deactivation on domain or cookie level, it remains in effect for all tracking tags that are implemented using Google Tag Manager. http://www.google.de/tagmanager/use-policy.html
7.4 Use of Google Shopping Reviews
We use “Google Shopping Reviews” on our website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. Google Shopping Reviews stores and processes data on your user behaviour on our website. For this purpose, Google Shopping Reviews uses e.g. cookies, small text files that are stored locally in the cache of your terminal device’s web browser and that enable the analysis of your use of our website.
We use Google Shopping Reviews for marketing and optimisation purposes, particularly for analysing the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of the user behaviour, we can improve our offering and make it more interesting for you as a user. Herein also lies our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is point (f) of Article 6(1) GDPR.
You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in the settings of your web browser. Please note that you may not be able to fully use all functions of our website in this case. You can also prevent the collection of the aforementioned data by Google by setting an opt-out cookie on one of the following linked websites:
You can find further data protection information on the following website: https://www.google.com/intl/de/policies/
7.5 Use of Google Adwords
We use on our website “Google Adwords”, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google AdWords is a service for Internet advertising that enables us as advertisers to place ads both in the search engine results of Google and in the Google advertising network.
If you access our website via a Google ad, a conversion cookie is set by Google on your terminal device (it is no longer valid after 30 days and is not used for identifying the data subject). Through the conversion cookie, both we and Google can track whether you accessed our website via an AdWords ad and performed or interrupted a purchase ther