A. Data controller
The party responsible for the operation of the HUGO BOSS website (www.hugoboss.com), including the HUGO BOSS Online Store integrated into the website and any versions adjusted for mobile devices as well as associated Services like the HUGO BOSS mobile application (the “Website”), is HUGO BOSS AG, Dieselstraße 12, 72555 Metzingen, Germany (“HUGO BOSS”).
B. Your personal data
Personal data means any information concerning an identified or identifiable individual. Such data includes, for example, your name, your telephone number as well as your postal and e-mail addresses.
C. Data processing by HUGO BOSS
HUGO BOSS will only collect, process and use your personal data to the extent described below.
I. Orders in the Online Store
You have the following options when ordering in our Online Store:
1. Orders placed from a My HUGO BOSS customer account
2. Direct orders
You can of course also use the Online Store without using a My HUGO BOSS customer account. In this case, you have to enter the information required to process your order in the order form “Address & Delivery”. While you are entering the details, your address will be checked to ensure that it is correct and complete in order to avoid any errors and to make sure that you have entered the correct address.
3. Orders using PayPal Express
If you would like to pay for your order with PayPal and use “PayPal Express”, by clicking on “Checkout with Paypal” you will be directed to the website of PayPal S.à r.l, et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg, Luxemburg, where you will be asked to enter and/or confirm your PayPal log-in and contact details. PayPal will then send us the information needed to be able to process your order so that we can carry out your order.
4. Order processing
Your orders in our Online Store will be processed by HUGO BOSS UK Limited, Registered office: 39 Plender Street, London, NW1 0DT, United Kingdom, who is responsible for performing the sales contracts as the contracting partner. For this purpose, we will forward your contact details and the details of your order (type and price of the product purchased, time of order, etc.) to HUGO BOSS UK Limited.
If you provided your consent to this provision on our Website (by ticking the relevant checkbox), you agree to the collection, processing and use of your personal data as described below:
To reduce the risk of bad debts as far as possible, we carry out an mainly automatic fraud and credit check on our Website during and after completion of the order process. On this basis we decide what methods of payment we can offer you, if any, and/or whether we can carry out your order to the extent desired by you.
You hereby consent to the fraud and credit checks described in detail below being carried out by arvato eCommerce Beteiligungsgesellschaft mbH (An der Autobahn, 33333 Gütersloh, Germany) (“arvato”) and to the processing of your personal data by arvato for this purpose. arvato will only act in accordance with our instructions and is bound by an agreement on commissioned processing of data as set out in section 11 German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
1. Checks before completion of the order
a) Collection of device data
During the order process, we will transmit the technical details of the device used (in particular the browser version, operating system and your IP address) to arvato. arvato will use this data to create a hash ID in order to be able to check and recognise this specific device.
As the order process progresses, arvato will match this hash ID with the personal data used for the order. This means that arvato will store which contact details (salutation, first name and last name, postal address, e-mail address) and delivery and billing addresses (jointly the “Contact Details”) are used by this specific device for each order transaction. arvato uses these details to identify potential suspected fraud during the credit checks described below (see clauses C. II 1. bb) und C.II. 2 a)).
b) Performance of pre-risk checks
As soon as you have clicked on “continue” after entering your contact details during the order process, arvato starts the fraud and credit check by carrying out a pre-risk check. This pre-risk check includes in particular the following checks:
aa) In order to check whether the billing and delivery addresses are valid, arvato will forward your address details to AZ Direct GmbH (Richard-Neutra-Gasse 9, 1210 Vienna, Austria) who will check whether the address is correct, notably whether the address specified exists and whether people can be found there.
bb) Checking the device data
In addition, arvato will check whether the hash ID obtained from your device data has been clearly classified as suspicious during fraud checks in our Online Store in the past.
cc) Comparing the Contact Details specified with the customer data already stored by us
In addition, we will compare the Contact Details specified in your current order with the customer data already stored by us. This is primarily for technical data management purposes, so that the system is able to recognise returning customers. Moreover, arvato compares your Contact Details with the results of the complete fraud checks carried out in the past.
dd) Limit check
arvato will also carry out a limit check on your Contact Details and the order value. The purpose of this is to assess whether the order value limit configured as the limit for each individual order, the order value per address or the order value per customer (“Debit Limit”) has been reached. Configuration of the Debit Limit (maximum order value per customer) is based on the results of the complete fraud checks carried out in the past.
ee) Checking information from our accounts receivables
arvato also checks the information from our accounts receivables, especially whether any outstanding items exist, reminders have been issued or collection processes are ongoing and to what value. When checking this information, we transmit the latest information from our accounts receivables (outstanding items, reminders, ongoing collection processes, payment receipts) to arvato on a daily basis.
ff) Result of checks
If the result of the various checks carried out as part of the pre-risk check is already clearly negative, we will only allow you to order using safe methods, i.e. no purchase on account.
2. Fraud checks on completion of the order
a) Automatic fraud check based on your device data
Once you have completed your order (by clicking on “place order and pay”) arvato will carry out the automatic fraud check. This is based on predefined rules and checks whether the order is to be classified as suspicious. In the course of this, arvato checks in particular the frequency of orders and the Contact Details provided in order to identify suspicious orders. To do so, we set fraud parameters, e.g. the number of different names or e-mail addresses that may be used per hash ID, based on which arvato should be able to identify suspicious transactions.
b) Manual fraud check
If the automatic fraud check describes above leads to a clear suspicion of fraud, arvato will tell us to cancel the order concerned. In unclear cases, arvato will additionally carry out a manual fraud check. During the manual fraud check. The result of this manual fraud check can also lead to the order being cancelled.
You can contact us directly at any time using the contact form on our Website, via our online chat feature or via the customer hotline. We collect, process and use the information provided only for the purpose of handling the matter that you contacted us about.
If you have subscribed to the HUGO BOSS newsletter, HUGO BOSS will only use your personal information for the purpose of sending the requested newsletter to you. If you cancel your subscription to a newsletter, your data will be deleted without delay. You can cancel the subscription at any time by clicking the related link in each newsletter or by using the e-mail-address email@example.com
V. Use of service providers
VI. Contests and campaigns
You may also have the opportunity to take part in contests or other campaigns conducted by HUGO BOSS. Where you are required to provide your personal data (e.g. your name, e-mail address, postal address, etc.) for the purpose of taking part in such contests or campaigns, HUGO BOSS will only use this data for the purposes of conducting the contest or other campaign and only in compliance with the applicable terms and conditions. If you have expressly consented to being sent newsletters, HUGO BOSS will send newsletters to you as described in section C. IV. Neither your participation in a contest nor your chances of winning will be affected should you not consent to receiving newsletters or should you revoke your consent at a later time.
VII. Cookies and web beacons
You can also block cookies in your browser’s settings. However, if you do so, some areas of the Website or Online Store may no longer function properly.
HUGO BOSS also uses web beacons (pixel tags). When you open a page in the Online Store or on the Website, this pixel will be downloaded from a server and registered. This enables us to determine which pages were viewed when and how often, as well as what actions were undertaken on these pages, for instance.
VIII. Use of web analysis tools
You can revoke your consent to the collection and use of information by Google at any time with future effect by installing the Google Opt-out Browser Add-on. You can revoke your consent to the collection and use of information by Webtrekk at any time with future effect by installing the Webtrekk Opt-Out Cookies.
IX. Social plugins
The Website and Online Store contain social plugins from Facebook, Google and Twitter (the Facebook "Like" button, the "Google +1" button and the Twitter button). These are offered by the American companies Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA), Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). If you visit a website containing such a plugin, your browser can establish a direct connection with the servers of Facebook, Google or Twitter and transmit data about your surfing behaviour to the servers of Facebook, Google or Twitter (e.g. even if you do not click the “Like” button). If you are logged into one of the social media sites, Facebook, Google or Twitter can assign the visit to your social media account. HUGO BOSS has no influence on the type and scope of the data collected and transmitted. For further information on protecting your privacy, see the relevant websites: Facebook http://www.facebook.com/policy.php, Google http://www.google.com/intl/en/policies/privacy/, Twitter http://twitter.com/privacy.
D. Data security
To protect your payment data, it is encrypted using a 256-bit key and transferred to our servers using the SSL (Secure Sockets Layer) protocol. You can verify that the connection is secure by checking the URL displayed in your browser. If the beginning of the address changes from "http" to "https", a secure connection has been established. In addition, all payment providers are PCI-DSS (Payment Card Industry Data Security Standard) certified and comply with highest security standards in order to secure your payment data. For more information please visit: www.pcisecuritystandards.org.
You have a right to obtain information regarding the personal data stored about you free of charge. Furthermore, you have the right to correct your personal data or have it blocked or deleted. You may, at any time, revoke any given consent to the collection, processing and use of data with future effect.
Within the scope of statutory provisions, HUGO BOSS may produce and analyse anonymised user profiles for the purposes of advertising, market research or optimizing the Website or Online Store. You may revoke your consent to this usage.
Should you have any questions regarding data protection and the use of your personal data, or if you wish to obtain information regarding the personal data we have stored about you or would like to exercise your right to have this data corrected, blocked or deleted, please send an e-mail with your request to firstname.lastname@example.org. You can also use the contact details supplied in the legal notice to contact us or use the contact form available at the Online Store or Website.
Last updated: 16 September 2016