Contact Data Protection Officer:
Type of processed data:
Processing of special categories of Data (Art. 9 (1) GDPR)
Categories of data subjects
Zweck der Verarbeitung
Rights of Data Subjects
Right of Withdrawal
Right to Object
Cookies and Right to Object in Direct Marketing
Erasure of data and archiving obligations
Relevant Legal Basis for the Processing;
Security of Data Processing
Disclosure and Transmission of Data
Transfers to Third Countries
The Key Area of Data Processing
Processing of Orders in the Online Shop
Answering Inquiries and Customer Service
Business and market research
External online profiles
Webserver and Security
Our own Global Single Sign-On procedure
Embedded content and functions
Google Services and Content
Facebook Features and Content
Instagram Features and Contents
Pinterest features and content
Sweepstakes and Competitions
Web analytics, online marketing and technology partners
Google Display Network
Microsoft Bing Ads
ZWILLING J.A. HENCKELS Canada Ltd.
435 Cochrane Drive, Markham, Ontario, L3R 9R5
No special categories of Data are processed.
In the following, we will also summarise the data subjects as "users".
You have the right to obtain from the controller confirmation as to whether personal data concerning you are being processed, and, where that is the case, access to the personal data and the further information and a copy of the data in accordance with Art. 15 GDPR.
You have correspondingly. In accordance with Article 16 of the GDPR, the right to obtain from the controller the rectification of inaccurate personal data concerning you, or the completion of the data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased without undue delay or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR.
You have in accordance with Art. 20 GDPR the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
In accordance with Art. 77 GDPR, you also have the right to file a complaint with the supervisory authority.
You have the right to withdraw consents granted pursuant to Art. 7 (3 GDPR with effect for the future.
You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.
If users do not want cookies to be stored on their computer, they are advised to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online services.
In accordance with statutory requirements, the records shall be kept for 6 years in particular in accordance with § 257 (1) German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) German Financial Act (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).
The principles for commercial communications outside of business relations, in particular by post, telephone, fax and e-mail, are contained in § 7 of the German Unfair Competition Act (UWG).
We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons; the measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, integrity and pseudonymity. Furthermore, we have established procedures that guarantee the assertion of data subjects' rights, the erasure of data and the response to data hazards. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design of technology and by data protection-friendly presettings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Employees are bound to confidentiality with regard to data protection, are instructed, monitored, and informed of possible liability consequences.
If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transfer the data to them or otherwise grant them access to the data, this will only be carried out on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for contract fulfilment pursuant to Art. 6 (1) b GDPR), if you have consented, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using agents, web hosting services, etc.).
If we commission third parties with the processing of data on the basis of a so-called " Data Processing Agreement", this is done on the basis of Art. 28 GDPR.
If we disclose, transfer or otherwise grant access to data to other companies in our Group of Companies (Undertakings), this is done in particular for administrative purposes as a legitimate interest and in addition on the basis of a Data Processing Agreement.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or let the data being processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised adequate data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "Standard Contractual Clauses").
The following section provides an overview of our processing activities, which we have subdivided into other areas of operation. Please note that the areas of operation are for guidance only and that processing activities may overlap (e.g. the same data may be processed in several operations).
For reasons of clarity and comprehensibility, you will find the frequently repeated terms in Section IV of this data protection declaration.
Processing of Orders in the Online Shop
We process the data of our customers in the context of the online services in our online shop to enable the customers to select and order the selected products and services, as well as their payment and delivery, or performance.
Data processed: Inventory data, contact data, contract data, payment data
A customer account requires a registration, which can take place both online, and in local stores.
We offer our own single sign-on method for the customer account. This means that users who register in one of the online services of the companies belonging to the Zwilling-Group can also use the access data for other online services of companies belonging to the Zwilling-Group.
If we make advance deliveries (e.g. when purchasing on account), we reserve the right to obtain identity and creditworthiness information from specialized service providers (credit agencies) for the purpose of assessing credit risk on the basis of mathematical-statistical procedures in order to safeguard our legitimate interests. We process the information received from credit agencies on the statistical probability of non-payment within the framework of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit assessment.
In order to operate our business economically and to identify market trends, customer and user requirements, we analyse the data available to us on business transactions, contracts, enquiries, etc., in order to ensure that we are able to offer our customers the best possible service. For this purpose, we combine the personal data of customers from registrations and orders with the behaviour-related data of customers.
In the context of the economic evaluation we bring together the data of the users independently of the used devices (e.g. if users use our on-line offer on a mobile or on a stationary device).
In this area you will find information about our data processing in the context of operating external online activities, e.g. in social media.
The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online services do not establish a data transmission between social networks and users until users click on the links/buttons and access the respective networks or their websites. This function corresponds to the function of a regular online link.
Our services are operated on web servers. In the following section we will inform you about their use and data processed during the operation of our servers.
The server on which this online service is hosted collects so-called log files each time the online service is accessed, in which user data is stored. The data is used for statistical analysis to maintain and optimize server operation and for security purposes, e.g. to detect potential unauthorized access attempts.
We use the following services and contents of the provider Google: YouTube - Videos; Google Maps - Maps; Google Fonts - Fonts; Google - Recaptcha.
Functions and contents of the Facebook service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.
Functions and contents of the Instagram service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.
Functions and contents of the Pinterest service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions.
In this section you will find information on data processing carried out by us for the purpose of optimising our marketing and market research activities.
We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or a legal permission. Subscribers' data is logged as we are required to provide documentation of registrations. We also keep track of whether newsletters have been opened and whether links have been clicked. This information is stored on a per-user basis for technical reasons, but is not used to monitor individual users, but rather, for example, to adapt content and services to users. Information that we should collect in addition to the e-mail address (e.g. name) is used to personally address the users or to adapt the contents of the newsletter to the users.
Sending information material, contacting us by telephone.
In the course of sweepstakes and competitions (" sweepstakes" for short) we processed the data of the participants for the execution of the sweepstakes. Further information on the processing of your data within the scope of the individual sweepstakes as well as any consent to the publication of their names or contributions to the sweepstakes will be provided to the users within the conditions of participation of the respective sweepstakes.
We offer our customers the possibility to in the context of various programs, e.g. for purchases, for recruiting customers, newsletter subscribers or product evaluations.
We use Google AdWords to place ads on Google's and Google partner's websites and measure their performance.
Google's Double-Click technology enables us to target visitors to our website with targeted advertising as part of marketing campaigns for our products on our advertising partners' websites.
We use the Facebook pixel to form target groups and measure the success of the ads we place on Facebook and to build target groups for ads.
We use the conversion and tracking tool "Bing Ads" to measure the success of the ads we serve on Google.
Data processed: Usage data, metadata.
We use the Outbrain service for personalised marketing purposes, e.g. to display advertisements within other online offers based on the presumed interests of users.
We use the Sovendus service to obtain consent for our newsletters within other websites. We also participate in affiliate and after-sale programs. In the context of online check-out processes, for example, offers from other providers are displayed, which are selected on the basis of the services purchased, the users' demographic data and their potential interests.
We use the Taboola service for personalised marketing purposes, e.g. the presentation of advertisements within other online offers based on the presumed interests of users.
We use the Bluecore service for personalised marketing purposes, e.g. the presentation of marketing material and online offers based on the presumed interests of users in multiple channels.
We use the Channeladvisor service to manage our online ecommerce business offers based on the presumed interests of users.
We use the Aabaco Small busines service to manage our online ecommerce business offers based on the presumed interests of users.
Data processed: data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, time and click on a link in the newsletter, Usage data, metadata; if users are registered with the service, the above data can be linked to their profiles and to the data stored with the service (in particular inventory data),Inventory data, contact data, contract data, payment data, order management.
Affiliate Links - Affiliate links are links that are used to refer users to websites with product or other offers. The operators of the respective linking websites can receive a commission if users follow the affiliate links and then take advantage of the offers. For this it is necessary that the providers can track whether users who are interested in certain offers subsequently purchase them at the initiative of the affiliate links. Therefore, the functionality of affiliate links requires that they be supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the initial website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, as well as tracking specific values such as, for example, advertising material ID, partner ID and categorisations.
After-Sales - "After Sales" is a marketing procedure in which, for example, customers of an online shop are presented with advertising offers from other companies (which are usually based on the services or products purchased in the online shop). Furthermore, the functionality of after-sales corresponds to the functionality of affiliate links.
Aggregated Data - Aggregated data is pooled data that cannot be traced back to a person and is therefore not personal. For example, visit times on a website can be saved as median values.
Anonymous data - Anonymity occurs when a person cannot at least be identified by the controller using the reasonable means at his disposal on the basis of data. In particular, aggregated data may be anonymous.
Click tracking - "Click tracking" allows to track the movements of users within an entire website. Since the results of these tests are more accurate if the user interaction can be monitored over a certain period of time (e.g. if a user likes to return), cookies are usually stored on the user's computers for these test purposes.
Consent – „consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Conversion - "Conversion", or "Conversion measurement" refers to a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie is stored on the user's devices within the websites on which the marketing activities take place and then retrieved again on the target website (e.g. this enables us to trace whether the ads we placed on other websites were effective).
Cookies - Cookies are small files that are stored on the user's computer. Different data can be stored in the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to a website. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves a website and closes his browser. In such a cookie, for example, the content of a shopping basket in an online shop or a login status within a community can be stored. Cookies are referred to as "permanent" or "persistent" if they are stored even after the browser is closed. For example, the login status can be saved permanently. Likewise, the interests of users used for web analytics or marketing purposes (see e.g. "Remarketing") may be stored in such a cookie. As a "third party cookie", cookies are offered by providers other than the operator of the website (otherwise, if they are only the operators cookies, they are referred to as "first party cookies").
Cross-Device-Tracking - Cookies and fingerprints are device-related. Cross-device tracking is required to evaluate the interests of users using smartphones for advertising on desktop PCs. Logins in social networks such as Facebook, for example, can be used for this purpose. Alternatively, location data, IP addresses and user behaviour are used to achieve up to 98% more precise user restriction. Cookies and web beacons are usually used for cross-device tracking purposes.
Custom Audiences - Custom audiences are people who are targeted for advertising purposes, e.g. the display of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it may be concluded that the user is interested in advertisements for similar products or the online shop in which he has viewed the products. "Lookalike audiences" are users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences. "Custom Audiences from Website" means that the target groups are formed on the basis of visitors of the own website. "Custom Audiences from File" means that, for example, a list of e-mail addresses is uploaded to the respective advertising network or platform to form the target group.
Data subject - See "Personal data".
Demographic Data - Demographic data are general information about groups of people or persons, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected within the scope of web analytics and in online marketing for the purposes of online behavioural marketing or for business analyses that are used, for example, to determine the target groups.
Embedding - Embedding involves integrating external content or software functions (see "Plug-ins") into one' s own website in such a way that they are displayed or executed on this website. No copy of the content is created because it is called from the original server (e.g. videos, images, posts on social networks, widgets with ratings). With embedding, it is technically necessary for the provider of the content to obtain the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may, for example, store cookies on the user's devices.
Advanced matching - The "advanced matching" is a Facebook pixel option, which means that inventory data such as phone numbers, email addresses or Facebook IDs of users are transmitted to Facebook in encrypted form to form target groups for Facebook ads and are used only for this purpose.
Error tracking - During error tracking, e.g. incorrectly executed program code is detected in order to eliminate it and thus guarantee the functionality and security of websites.
Fingerprints and other online identifiers - "Fingerprints" correspond in their function to cookies, whereby the storage of a file on the user's device is not required. These digital fingerprints can be individually created as cross sums of individual factors of devices, e.g. computing power or browser plug-ins for devices, and thus used for web analytics, profiling, remarketing, online- and behavioural advertising.
First-Party Cookies – See „Cookies”.
Heatmaps - "Heatmaps" are mouse movements of the users, which are combined to an overall picture, with the help of which e.g. it is possible to recognize which website elements are preferred and which website elements users prefer less.
IP address - The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user visits a website on a server, he informs the server of his IP address. The server then knows that it must send the data packets containing the content of the website to this address.
IP Masking - IP masking is a method in which the last octet, i.e. the last two numbers of an IP address, are deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing methods, especially in online marketing.
Lookalike Audiences – See “Custom Audiences”.
Online behavioural advertising (OBA) - online behavioural advertising is the term used when profiling is used to assess the potential interest of users in advertising. Cookies and web beacons are usually used for these purposes.
Opt-in - The term "opt-in" means, depending on the context, the same as registration or consent.. If a registration (e.g. by entering an e-mail address in an online form field) is confirmed by sending an e-mail with a confirmation link to the owner of the e-mail address, this is referred to as a Double-Opt-In (DOI).
Opt-Out - The term Opt-Out means unsubscription and may be an objection (e.g. against tracking) or a cancellation (e.g. for newsletter subscriptions).
Opt-Out-Cookie - An "Opt-Out-Cookie" is a small file (see "Cookies") which is stored in your browser and in which it is noted that, for example, a tracking service should not process your data. The "opt-out cookie" only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be limited to the domain on which the opt-out link was clicked.
Permanent Cookies – See „Cookies”.
Personal Data - "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Plugins/ Social Plugins - Plugins (or "Social Plugins" in the case of social functions) are external software functions that are integrated into a website. For example, they can be used to output interaction elements (e.g., a "I like" button) or content (e.g., external commenting function or postings in social networks).
Processor - "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Profiling - "Profiling" means any automated processing of personal data consisting in the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information regarding age, gender, location and movement data, interaction with websites and their contents, shopping behaviour, social interactions with other people) (e.g. interests in certain contents or products, click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes.
Pseudonymisation/ Pseudonyms - "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; E.g. if an exact interest profile of the computer user is stored in a cookie (a "marketing avatar"), but not the name of the user, then data is processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address is stored, then the processing is no longer pseudonymous.
Third countries - Third countries are countries in which the GDPR is not directly applicable law, i.e. in general states that do not belong to the European Union (EU) or the European Economic Area (EEA).
Web Analytics - Web Analytics is used to evaluate the visitor flows of a website and can include their behaviour, interests or demographic information, e.g. age or gender. With the help of range analysis, website owners, for example, can see what types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimize the content of the website to the needs of their visitors. Cookies and web beacons are often used for Web Analytics purposes.
Remarketing/ Retargeting - "Remarketing" or "Retargeting" is used when, for example, for advertising purposes is noted which products a user is interested in on a website in order to remind the user on other websites of these products, e.g. in advertisements. Cookies are usually used for retargeting purposes.
Session Cookies – See „Cookies”.
Single-Sign-On - Single-Sign-On" or "Single-Sign-On-Authentication" is a procedure that allows users to log on to an online service, using other online services, they are members with. A requirement for Single-Sign-On authentication is that users are registered with the respective Single-Sign-On provider and enter the required credentials on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that can no longer be used by us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the selected data shares as part of authentication and also which data users have authorised in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of users, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are asked to note that their data stored with us can be automatically synchronized with their user account with the Single-Sign-On provider, but this is not always possible or actually occurs. If, for example, the e-mail addresses of users change, users must change these manually in their user account at our site. If users decide that they no longer want to use their user account link with the Single-Sign-On provider for the Single-Sign-On procedure, they must cancel this link within their user account held with the Single-Sign-On provider. If users wish to erase their data from our system, they must cancel their registration at our service.
Special categories of personal data - Data identifying racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data relating to a natural person's sex life or sexual orientation.
Third Party - “Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Third-Party Cookies – See „Cookies”.
Tracking - Tracking is defined as when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behavioural and interest information collected with regard to the online services used is stored as user profiles in cookies or on the servers of marketing service providers (e.g. Google or Facebook).
Universal Analytics - "Universal Analytics" is a Google Analytics process in which the user analysis is based on a pseudonymous user ID and a pseudonymous profile of the user with information from the use of various devices is created ("cross-device tracking").
Controller – “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing – “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Tracking pixels – See Web-Beacons.
Web beacons - Web beacons (or "pixels", "measuring pixels" or "tracking pixels") are small, pixel-sized graphics that are integrated into Web pages or HTML e-mails. For example, they allow to determine whether an e-mail has been opened (at least if the image display in e-mails is enabled) or how often a website is accessed by a user.
Widgets – See Embedding.