DATA PROCESSING INFORMATION PUMA SHOPPING APP

This Data Processing Information provides information on the processing of your personal data whenever you use this application "PUMA Shopping App" (hereinafter “App”) in ac-cordance with the Applicable Data Protection Laws, including the GDPR.

1. SCOPE, DATA CONTROLLER, DATA PROTECTION OFFICER AND DEFINITIONS


1.1. SCOPE OF THIS DATA PROTECTION INFORMATION

This Data Protection Information applies to the use of this App, including any measures connected with your orders. Data processing on websites of other PUMA entities within the PUMA Group are not covered by this Data Processing Information.


1.1.1. DEFINITIONS

This Data Processing Information is based on the following terms under data protection law, which we have defined to facilitate understanding.

  • Applicable Data Protection Law means any applicable laws and regulations in any relevant jurisdictions relating to privacy or the use or processing of per-sonal data, including the GDPR, and any consequential national data protection legislation, in each case, to the extent in force, and as such are updated, amended or replaced from time to time.
  • GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  • SPDI Rules means Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 framed under the IT Act 2000.
  • Recipient means a natural person or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
     

Examples of possible recipients: IT services providers or adverting partners; for more information, please refer to Section 4)

  • PUMA Group means all enterprises that are affiliated with PUMA SE pursuant to Section 15 Aktiengesetz [German Stock Corporation Act].
  • Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data: name, contact details, IP addresses.
  • Controller means the natural person or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processing means any operation or set of operations which is on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or altera-tion, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

     

1.1.2. DATA CONTROLLER AND DATA PROTECTION OFFICER

Unless otherwise specified in this Data Processing Information, responsible for the processing of your personal data is:

     PUMA SE 
     PUMA Way 1
     91074 Herzogenaurach
     Germany
     Email: shopping-app@puma.com
     Privacy contact/Data Protection Officer:  privacy@puma.com

Where specified in this Data Processing Information, responsible for the processing of your personal data is the PUMA Affiliate in the region from which you are using the App (“PUMA Affiliate”, and together with PUMA SE “we” or “us”):

For App users and customers within in India, the PUMA Affiliate responsible for the processing of your personal data is:

     PUMA Sports India Pvt Ltd.
     Madhuresh Singh
     Email: madhuresh.singh@puma.com
     Privacy contact/Grievance Officer: madhuresh.singh@puma.com

For App users and customers within the United States, the PUMA Affiliate responsible for the processing of your personal data is:

     PUMA North America, Inc
     455 Grand Union Blvd.Somerville, MA 02145
     Email: usprivacy@puma.com
     Privacy contact: usprivacy@puma.com

For App users and customers within Canada, the PUMA Affiliate responsible for the processing of your personal data is:

     PUMA North America, Inc
     455 Grand Union Blvd.Somerville, MA 02145
     Email: usprivacy@puma.com
     Privacy contact: usprivacy@puma.com

For App users and customers within the United Kingdom, the PUMA Affiliate responsible for the processing of your personal data is:

     PUMA UNITED KINGDOM LTD
     Canada House (6th Floor) 3 Chepstow Street, M1 5FW Manchester
     Email: puma-uk-app-privacy@puma.com
     Privacy contact: simon.venediger@puma.com

For App users and customers within Japan, the PUMA Affiliate responsible for the processing of your personal data is:

     PUMA Japan K.K.
     2-1-1 Osaki Shinagawa-ku, 1416018 Tokyo, Japan
     Email: cs-jp@puma.com
     Privacy contact: legal.compliance.japan@puma.com

 

2. PURPOSES AND LEGAL BASES OF OUR PROCESSING OF YOUR PERSONAL DATA

The legal basis for all data processing is stipulated in the relevant Applicable Data Protection Law. We process your personal data accordingly for business processes, for the initiation, performance, and recession of contractual relationships, upon legal obligations but also for upholding contractual relationships, for offering and delivering products and services, as well as for strengthening our customer relationship, which includes analysis for performance and marketing purposes.

Your consent can also constitute a permission for the processing of your personal data. In case your consent is asked for accordingly, we will inform you about the purpose of the data processing and your right of withdrawal. If your consent for processing personal data re-lates to special categories of personal data, we will specifically point this out to you in advance.

With the App, we would like to provide you with a comprehensive experience known from our shopping websites in an App as well.

When you have logged into the App, the PUMA shopping experience is directly available, like the functions you are already familiar with. This includes you customer account, receiving tailored product recommendations, personalised discounts, etc. Which data we process is determined by the respective context:

 

2.1. PROVISION OF THE APP AND FEEDBACK

When you use the App or provide feedback on the App, PUMA SE will process personal data from you to run the App and to guarantee its usability, stability and security. This includes the following personal data:

  • Requested files, transferred data volumes, downloads/ file exports
  • Geographical location
  • IP address (immediately anonymised by shortening the IP address to not es-tablish a connection to the user)
  • Type and version of browser
  • Type, version and language of operating system and platform
  • The complete Uniform Resource Locator (URL) This data processing is necessary for the purpose of our legitimate interest to run the App and to guarantee its usability, stability and security.
     

2.2. USE OF THE APP

  • When you use the App, the following data and information from the calling device may be recorded by our system:
  • App version and app language • Operation system and version
  • Device type, device name, device manufacturer and device language
  • Network provider/ network/ country code
  • Date and time of use
  • Session ID and user status to identify your connection session
  • Cookie ID
  • IP address – anonymized as soon as possible
  • Time of occurrence of app malfunctions for troubleshooting purposes

These log files are stored anonymized and help us to find errors and to correct such as quickly as possible. Log files also help us to optimise the functionality of the App, con-trol server and storage capacity and improve our services towards you. Processing log file data for these purposes is based on our legitimate interest. Your log file data is not used for marketing purposes in this context. The data stored in log files is deleted after 90 days at the latest.

 

2.3. APP PERMISSIONS

When you use certain features in the App, PUMA SE will ask you for permission to ac-cess specific system- and device level functions. This includes the following permissions:

  • When you first launch the App, PUMA SE will ask you to send push notifications to keep you up-to-date with the latest news and product drops.
  • When you use the Virtual Try-On feature, PUMA SE will ask you to access your camera to detect your foot and overlay the 3D model of the shoe. PUMA Affiliate will also ask you to access your camera, when you scan barcodes via the search.
  • When you use the store locator, PUMA SE will ask you to access your geoloca-tion to display stores that are close to your current location.

You can change your permissions in your App account settings or in your device’s sys-tem settings.

 

2.4. ANALYTICS

When you use this App, PUMA SE will process personal data from you to understand how you interact with the App (e.g. if you add or remove certain products to/from the shopping cart). This includes the following personal data:

  • Cookie or similar identifier (see further information under “Use of cookies and similar technologies”)
  • Usage events (e.g. when you click on certain a product)
  • Cart and Purchase events (e.g. what products did you purchase)
  • Referral data and traffic events (e.g. did you load the app from a weblink)
  • Geographical location and device language
  • Gender and age range
  • Your unique app store account ID
  • Cart and Purchase events (e.g. what products did you purchase)
  • Referral data and traffic events (e.g. did you load the app from a weblink)
  • Geographical location and device language
  • Gender and age range
  • Your unique app store account ID

This data processing is based on your consent. You can withdraw your consent in your App account settings. If you do not consent or withdraw your consent, PUMA SE will on-ly analyze your use of the App on an aggregated basis without identifying you.

 

2.5. USE OF COOKIES AND SIMILAR TECHNOLOGIES

In our App, PUMA SE uses cookies and other similar technologies (e.g. scripts, pixels or fingerprinting; altogether “Cookies”). They serve to make our offering more user-friendly, more effective and secure. Through Cookies, your actions and settings on our App can be tracked, stored and recognized for the duration of the browser session or even after this. In addition to this, Cookies and their respective identifiers allow your device to be recognised. This allows us to design our App content and gives us the option to measure the effectiveness of announcements or advertisement and to place it appropriately.

Further information about the use of Cookies is available under cookie notice of App.

Our use of cookies is primarily based on our legitimate interest in data processing; in most cases, however, we obtain your consent in advance, which you can of course with-draw at any time via the privacy settings.

 

2.6. REGION SPECIFIC CONTENT FROM PUMA AFFILIATES

Where PUMA Affiliates provide region specific content within the App, responsible for the processing of your personal data is the PUMA Affiliate in the region from which you are using the App. Which data is processed is determined by the respective context, but can include the following purposes:

  • Registration and management of a customer account
  • User authentication
  • Purchase and payment of products
  • Purchase and payment of digital gift cards
  • Product reviews
  • Instagram social tagging
  • Customer care
  • Marketing communication (subscribers)
  • Marketing communication (non-subscribers)
  • Order management and order fulfilmen


For App users and customers within in India, further information about the processing of your personal data is available under India Privacy Notice.

For App users and customers within in the USA, further information about the processing of your personal data is available under: US Privacy Notice.

For App users and customers within Canada, further information about the processing of your personal data is available under: Canada Privacy Notice.

For App users and customers within in the UK, further information about the processing of your personal data is available under: UK Privacy Policy.

For App users and customers within in Japan, further information about the processing of your personal data is available under: Japan Privacy Policy.

 

2.7. OTHER PROCESSING (CUSTOMIZATION OF SHOPPING EXPERIENCE)

When we process personal data from you as described in Section 2 of this Data Protec-tion Information, PUMA SE will also use this personal data to individualize our services and to provide you with a more customized shopping experience. Your personal data help us to build and understand your individual profile, including your individual shop-ping interests and preferences (e.g. what products you like). This allows us to provide you with more relevant content, offers, recommendations and communication tailored to you (e.g. we may display selected products we think you will be most interested in). This data processing is necessary for the purpose of our legitimate interest to improve the products and services we offer and to carry out marketing activities.

 

3. RETENTION AND ERASURE OF YOUR PERSONAL DATA

We store your personal data only for as long as it is required for the applicable processing purposes. As soon as the data for the purposes is no longer required, we might keep your personal for the length of time, during which you can assert claims against us or we can assert claims against you (the statutory period of limitations is generally three years, start-ing with the end of the year in which the claim arises, e.g., the end of the year of purchase). In addition to this, we store your personal data for as long and to the extent we are obliged to do so by law. Corresponding obligations of proof and retention can be found, inter alia, in the applicable commercial codes, tax law and money laundering act, and all related applicable laws or legislations. The retention periods may accordingly last up to ten years.

 

4. TRANSFER OF PERSONAL DATA AND THE CATEGORIES OF RECIPIENTS

Your personal data may be transferred / disclosed to the following categories of recipients:

  • Our service providers who are involved in the development and provision of the App and its functionalities, our CRM system provider as well as our service analytics and retargeting providers and linked social media platforms; we ensure that suitable safeguards (e.g. conclusion of EU Standard Contractual Claus-es and, if necessary, additional measures with such providers) for adequate data protection are in place, if Personal Data are disclosed to service provides established outside the EU/EEA,
  • Selected employees within the PUMA Group, insofar as this is absolutely necessary (on a need-to-know base) for the performance of their obligations (e.g., support staff),
  • In the case of legal disputes, we transfer your data to the competent court or law enforcement authority and, if you have engaged a lawyer, to the latter (if requested by the lawyer), in order to conduct the legal dispute. This transfer of personal data is necessary for compliance with a legal obligation and/or for the purpose of our legitimate interest in the establishment and exercise of legal claims.
  • In addition to this, we only transfer your personal data if we are legally obliged to forward such data (e.g., to the police authorities within the scope of criminal investigations or to the data protection supervisory authorities). This transfer of personal data is necessary for compliance with a legal obligation.

     

5. OBLIGATION TO PROVIDE PERSONAL DATA

Certain personal data is necessary for the initiation, performance, and recession of a contractual relationship, as well as the fulfilment of related contractual and legal obligations. The same applies to the use of this application and the various functions within. Please be aware, that the use of this App and the underlying contractual relationship cannot be guaranteed without the provision of the above-mentioned personal data.

 

6. RIGHT TO OBJECT TO DATA PROCESSING BASED ON LEGITIMATE INTERESTS

If we process your personal data according to Section 2 of this Data Processing Information on the basis of our legitimate interests, you can – without prejudice to, if applicable, specific unsubscribe / opt-out possibilities provided in Section 2 – object to the respective data processing at any time on grounds relating to your particular situation by sending your request either by email to shopping-app@puma.com or in writing, to a PUMA entity as named under section 1. We will then no longer process your data for this / these purpose(s) unless our legitimate interests in processing overweighs or the processing serves to establish, exercise, or defend legal claims. If you object to the processing of your data, we will process any collected personal data in this context in order to respond to your request. This data processing is necessary for compliance with a legal obligation.

 

7. YOUR OTHER DATA PROTECTION RIGHTS

In accordance with Applicable Data Protection Laws, you may demand at any time that we:

  • provide you with information on your personal data that we process,
  • rectify any of your personal data,
  • erase, restrict and/or export any of your personal data stored on our systems,
  • address any grievances you may have with respect to the personal data that we process through our grievance officer.
     

Please send your request either by email to shopping-app@puma.com or in writing, to a PUMA entity as named under section 1.

If you exercise these rights, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation.

Irrespective of your abovementioned rights, you can lodge a complaint with a data protec-tion supervisory authority, if you are of the opinion that the processing of your personal da-ta by PUMA violates Applicable Data Protection Laws.

 

8. LINKS TO THIRD PARTIES

Within this App links to websites of other parties are – visibly – included. As far as links to websites of other providers are available, we have no influence on their contents. There-fore, no guarantee or liability can be assumed for these contents. The respective provider or operator of these sites is always responsible for the contents of these sites. The linked pages were checked for possible violations of law and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements of the law, such links will be removed immediately.

 

9. CHANGES TO THIS

Data Processing Information The provisions of this Data Processing Information shall apply in the version in force at the time this App is visited, and the service is used. We reserve the right to supplement and modify the content of this Data Processing Information. The updated Data Processing Information applies from the time, in which it was published on this application.