Introduction

This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online shop and the websites, functions and content connected to it as well as external online presences, such as our social media presences (hereinafter jointly referred to as "online services").

• In the first section of this privacy policy, you will find details of the data controller as well as the contact details of our data protection officer.
• The second section contains information on the individual processing steps.
• In the third section you will find information about your rights and further general information regarding our data processing activities.
• The fourth and last section contains a glossary in the context of the provision of our services with explanations and descriptions of various terms used in the context of this privacy policy. In all other respects, all terms used (e.g. "responsible person" or "user") are to be understood as gender-neutral and in the sense of the retained UK version of the General Data Protection Regulation (GDPR).

Table of contents

Section I - Controller

Section II - Processing operations

Web server and security

Server logs

Core area of data processing

Order processing in the online shop

User account

Single sign-on procedure via third-party providers

Operating customer database, responding to enquiries and customer relationship management

Customer reviews and Q&A feature

Business analyses, marketing and market research

ZWILLING Culinary World App - Use of camera function of your mobile device

External online presences

Facebook

Instagram

Youtube

Pinterest

Links/buttons to social networks and platforms

Embedded content and functions

Cookie Management

Google Maps

Google reCAPTCHA

YouTube

Marketing

Electronic direct advertising with consent (ZWILLING newsletter)

Sweepstakes and competitions

Customer surveys

Vouchers

Affiliate programmes

Reach measurement (statistical analysis), online marketing and technology partners

Google Tag Manager

Google Analytics

Google Ads

Facebook Pixel

Microsoft Advertising

Taboola

Kameleoon

Section III - Data subject rights and general information

Data subjects' rights

Rights of the data subjects

Right of withdrawal

Right of objection

Duty to provide

Transmission of data

Transfers to third countries

Section IV - Definitions

Section I - Controller

ZWILLING J.A. Henckels (UK) Ltd. (hereinafter also referred to as "ZWILLING", "we" or "us")

Unit 4, Bardon Hill, Sence Court, Coalville, LE67 1GZ

Phone: 0330 363 0005

Email: compliance@zwilling.co.uk

Complete legal notice: https://www.zwilling.com/uk/terms-conditions/Legal+Notice.html

Section II - Processing operations

The following presentation provides you with an overview of our processing activities. We have subdivided these into different areas of activity. Please note that these are for orientation purposes only and that processing activities may overlap (e.g. the same data may be processed in several contexts).

Web server and security

Server logs

The server on which this online offer is located collects so-called log files each time the online offer is accessed, in which user data is stored. The data is used to maintain and optimise server operation as well as for security purposes, e.g. to detect potential attempts of unauthorised access.

• Categories of data processed: Usage data and metadata (name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL [the previously visited page], IP address and the requesting provider.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of processing: Optimisation of server operation and security monitoring.
• Necessity / interest in processing: Security, business interests.
• Categories of recipients: Data is only passed on to third parties if this is necessary for the operation of our website or for security or law enforcement purposes.
• Deletion of data: After 30 days from collection.

Core area of data processing

In this section, you will find information on our core services and tasks in connection with our online services, such as answering enquiries and providing our contractual services as well as ancillary tasks associated with them.

Order processing in the online shop

We process the data of our users to enable them to select and order the selected products and services, as well as to pay for and deliver or execute them.

• Categories of data processed: Inventory data, contact data, contract data, payment data.
• Legal basis: Art. 6(1)(b) (Execution of order transactions) (c) (Legally required archiving) and (f) (Legitimate interests) GDPR.
• Purpose of processing: Provision of contractual services for orders in the online shop, billing, delivery, user service.
• Necessity / interest in processing: The data are necessary for the justification and fulfilment of the contract for the order, to facilitate the purchase and to fulfill legal retention obligations. It is also in our legitimate interest to process the data to provide our customers with support in case of customer service requests.
• Categories of recipients: In the case of delivery: use of a fulfilment service provider as well as logistics companies; in the case of payment: payment service providers as well as banks and financial institutions; IT service providers for the operation of the online shop. Your data is stored within the European Union. However, in the case of data transfers in connection with payment processing and IT support or maintenance work, data access from other third countries, i.e. a country outside the UK and the European Union, cannot be ruled out.
• Deletion of the data: The deletion takes place after the expiry of legal warranty and comparable obligations (end of contract claims (6 years) and tax law (10 years) retention obligation). Information in the user account is stored until it is deleted.

User account

A user account (including wish list) requires registration. Afterwards, users can track their orders after entering their login data and use further functions of the user account. Users' account information is not searchable or viewable by external entities such as search engines or by other users. Users are responsible for the safekeeping of their access data.

We offer our own single sign-on procedure for the user account. This means that users who register with one of the online services of the companies belonging to the ZWILLING Group can also use the access data with other online services of companies belonging to the ZWILLING Group.

• Categories of data processed: Inventory data (first name, last name; email address; password [stored in encrypted form]), contact data, contract data, payment data, product data/product preference, usage data.

• Legal basis: Art. 6(1)(b) (Performance of a contract) GDPR.
• Purpose of the processing: Creation and operation of a user account for the administration of the contractual relationship.
• Necessity / interest in processing: The user account is optional, the data is necessary for its operation. Mandatory fields are marked as such. In addition, each user decides for himself/herself on further details.
• Categories of recipients: Companies of the ZWILLING Group (https://group.zwilling.com/subsidiaries-data-processing.html) as part of the single sign-on; provider of the CRM system (order processor). Your data is stored within the European Union. However, in the case of IT support or maintenance work, data access from other third countries, i.e. a country outside the UK and the European Union, cannot be ruled out.
• Deletion of data: Details in the user account remain in the system until it is deleted, with subsequent archiving in the event of a legal obligation (end of contract claims (6 years) and tax law (10 years) retention obligation.

Single sign-on procedure via third-party providers

In addition to our own single sign-on procedure, we also offer single sign-on logins via third-party providers. This allows you to log in to our online offering using the authentication data stored with the third-party provider (e.g. Facebook or Google).

Authentication takes place directly with the respective third-party provider. In the course of such authentication, we receive a user ID that cannot be used by us for any other purpose and the information that the user is logged in to the respective single sign-on provider under this user ID (so-called "user handle"). In addition, the user's name and email address are transmitted to us. Whether additional data is transmitted to us depends on the selected data releases in the context of authentication and your privacy or other settings with the third-party provider. Depending on the single sign-on provider and the user's choice, this can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure with the third-party provider is neither visible to us nor is it stored by us.

• Categories of data processed: Inventory data, contact data.
• Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 7 GDPR (Conditions for consent)
• Purposes of processing: registration and login
• Recipients (depending on single sign-on procedure):

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Privacy Policy: https://www.facebook.com/about/privacy.

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://policies.google.com/privacy.

Operating customer database, responding to enquiries and customer relationship management

As part of our customer data management and customer relationship management, we store information about your order history and about product or topic-specific issues (e.g. regarding any product registrations you may have made, your preferences with regard to individual product segments, brands or - if you have provided us with these - preparation methods favoured by you) in our customer relationship management system (CRM system) or in similar applications. The same applies to information that we receive from you via our contact form and in other ways, e.g. via e-mail, enquiries.

• Categories of data processed: Inventory data, contact data, contract data, payment data, usage data, metadata.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests); Art. 9(2)(a) GDPR (Processing of special categories of personal data), insofar as the customer's request contains special categories of data within the meaning of Art. 9(1) GDPR.
• Purpose of processing: answering enquiries, customer relationship management.
• Necessity / interest in the processing: The processing is necessary to answer incoming enquiries, serves the optimisation of advice, the improvement of user-friendliness as well as business interests.
• Categories of recipients: Provider of the CRM system (order processor). Your data is stored within the European Union. However, in the case of IT support or maintenance work, data access from other third countries, i.e. a country outside the UK and the European Union, cannot be ruled out.
• Deletion of data: We delete the enquiries if they are no longer required. We store enquiries from users who have a user account permanently and refer to the details of the user account for deletion. We delete other data processed within the framework of customer relationship management when your user account is terminated. In the case of statutory archiving obligations, deletion takes place after their expiry (end of contract claims (6 years) and tax law (10 years) retention obligation).

Customer reviews and Q&A feature

We collect customer feedback in the form of reviews and questions and answers and make them available on our platform so that other users can find out about our products and services. We also offer our customers the opportunity to ask questions about our products on our website and have them answered by us and other users.

• Categories of data processed: Content data (texts, images, videos), user name (username, alias), email addresses, date of review or change, order if applicable, verification data.
• Legal basis: Article 6(1)(f) GDPR (Legitimate interests: review examination).
• Purpose of the processing: Management and offering of the feature.
• Necessity / interest in processing: The data is necessary for communication with the customer, for their identification and for the publication of their reviews and questions. It is in our legitimate interest to check the content of reviews received before publication.
• Categories of recipients: Provider of the review management tool (processor). In the context of processing by our processors, data is transferred to a third country or such data transfer cannot be ruled out.
• Deletion of data: Upon customer request; in the case of unpublished customer contributions, 90 days after submission.

Business analyses, marketing and market research

In order to operate our business economically and to be able to recognise market trends as well as customer and user wishes, we analyse the data we have on business transactions, contracts, enquiries, etc.. For this purpose, we combine the user data from registrations and orders with the behaviour-related data of the users.

• Categories of data processed: Inventory data, contact data, contract data, payment data, usage data and metadata, e.g. activity data outgoing from emails via our online channels, e.g. data on the page accessed, the page history, the device used, geo-data and data for pseudonymised identification of the user profile).
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of the processing: Business analyses, marketing and market research.
• Necessity / interest in the processing: Increase in user-friendliness, optimisation of the offer, business management.
• Categories of recipients: Provider of the CRM system (processor). Your data is stored within the European Union. However, in the case of IT support or maintenance work, data access from other third countries, i.e. a country outside the UK and the European Union, cannot be ruled out.
• Deletion of data: If a user account has been created, upon its termination, otherwise after two years from the conclusion of the contract. In all other respects, the business analyses and general trend determinations are prepared anonymously wherever possible.

ZWILLING Culinary World App - Use of camera function of your mobile device

If you use our ZWILLING Culinary World app, it must access your mobile phone's camera for the following functions:

• Scanning of the QR codes on the boxes and bags of the Fresh & Save vacuum system. The corresponding size and, in the case of the bags, the printed individual ID are recorded to identify the bag.
• Take your own photo of the vacuumed food for the food organiser function.

The photos are only stored locally on your mobile phone. There is no access or other transfer of photo data to ZWILLING or third parties.

External online presences

We maintain online presences within the social networks and platforms listed below in order to communicate with the users active there and to inform them about our company and our products. If you communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages, we process your data for communication purposes. In addition, when you visit and use our respective online presence, the operator of the network or platform may evaluate your usage behaviour and provide us with information obtained from this. This information is used for the purpose of economic optimisation and demand-oriented design of our online presence.

Furthermore, your data within social networks and platforms is usually processed by the respective operator for market research and advertising purposes. For example, user profiles can be created based on your usage behaviour and the resulting interests, in order to place interest-based advertisements within and outside of the networks and platforms. For further information on the operator's processing and any opt-out options, please refer to the privacy policies of the respective operators.

Our processing of your data is in each case based on our legitimate interest (Art. 6(1)(f) GDPR) in increasing awareness of our company, in communicating with people who are interested in our company and our products, and in better understanding your wishes and interests. In doing so, the categories of data we may collect are inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta and connection data (e.g. device information, IP addresses). The deletion of your data is determined by the privacy policies of the respective operator.

Facebook

Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller - the essence of the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum), Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Operator's privacy policy: https://de-de.facebook.com/policy.php.

Instagram

Operator: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller - the essence of the agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum), Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Operator's privacy policy: https://help.instagram.com/help/instagram/519522125107875/?locale=en_GB

Youtube

Operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Operator's privacy policy: https://policies.google.com/privacy.

Pinterest

Operator: Pinterest Europe Ltd; Palmerston House, 2nd Floor; Fenian Street; Dublin 2, Ireland; Parent company: Pinterest, Inc. 505 Brannan Street; San Francisco, CA 94107; Operator's privacy policy: https://policy.pinterest.com/en/privacy-policy.

Links/buttons to social networks and platforms

The links/buttons to social networks and platforms (e.g. Facebook, Twitter or Pinterest) used within our online offer generally only establish contact between social networks or platforms and the users when users click on the links/buttons. This function corresponds to the mode of action of a regular online link. If you click on a corresponding link/button, this opens a new page that is retrieved from the servers of the respective social network or platform. Through this, the operator of the social network obtains knowledge that our website was accessed via your IP address. At the same time, the provider may place cookies on your end device or read cookies, unless you have prohibited the use of cookies in your browser. For further information on any processing of your personal data by the operators of the social networks or platforms, please refer to the privacy policy of the respective operator.

Embedded content and functions

In this section, we inform you which content, software or functions (in short "content") of other providers we embed within the scope of our online offer (so-called "embedding"). This does not create a copy of the content, as it is called up from the original server. Embedding is done for legal reasons - e.g. for cookie management - to make our online offer more interesting for our users - e.g. to be able to display directions to our shops - or to improve the security of the online offer - e.g. to prevent bot attacks.

In order to display the content, it is necessary for the third-party providers of this content to process the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is thus necessary for the presentation of this content or function. Insofar as the collection of further categories of data is necessary for the presentation of the content, these are listed below under the respective service. ZWILLING's responsibility under data protection law is limited to the collection and transmission of the IP address and any other data required for the presentation of the content to the third-party provider. The responsibility after transmission of the data lies solely with the third party provider. For further information on any processing of your data by the respective third-party provider, please refer to the privacy policies of the respective third-party provider.

Cookie Management

When you visit our website, certain information is placed on your terminal device or read if this is absolutely necessary for the operation of our website. This includes information processed by the "Cookiebot" service of our cookie management service provider Cybot A/S ("Cybot") to ensure that only those cookies are set or read that are technically necessary to operate our website or for which you have consented to use. When the code from Cookiebot is loaded, your IP address is transmitted to Cybot, where it is stored anonymously.

• Categories of data processed: Usage data, connection data.
• Legal basis: Art. 6(1)(c) GDPR (Compliance with a legal obligation), Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of processing: Cookie management.
• Necessity / interest in processing: The use of Cookiebot prevents the use of optional cookies without the prior consent of the user.
• Categories of recipients: Cookie management service provider (processor).
• Deletion of the data: Depending on the cookie used.

Further information on individual cookies, their purposes and deletion periods as well as options for cookie management (consent and revocation of consent) can be found at https://www.zwilling.com/uk/privacy-security/cookie-declaration.html

Google Maps

• Categories of data processed: Usage data, connection data, possibly location data (depending on GPS usage).
• Legal basis: Art. 6(1)(c) GDPR (Compliance with a legal obligation), Art.6(1)(f) GDPR (Legitimate interests).
• Purpose of processing: integration of interactive maps and map function of Google Maps.
• Necessity / interest in the processing: The use of Google Maps makes it easier for the user to locate the nearest ZWILLING shop.
• Recipient of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, cannot be ruled out.

Google reCAPTCHA

• Categories of data processed: Usage data, connection data.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of processing: To prevent misuse of our website by verifying that accesses to our website are made by humans and not by bots or similar programs.
• Necessity / interest in processing: It is in our legitimate interest to ensure the security of our website and our information technology systems.
• Recipient of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, cannot be ruled out.

YouTube

• Data categories: Usage data, connection data.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of processing: Integration of videos via the YouTube video plugin.
• Necessity / interest in processing: It is in our legitimate interest to be able to present you with further information on our products by integrating videos. In order to minimise data, we use the so-called extended data protection mode offered by the service provider.
• Recipient of the data: Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, cannot be ruled out.

Marketing

This section provides you with information on the data processing we carry out for the purposes of optimising our services, marketing and market research.

Electronic direct advertising with consent (ZWILLING Newsletter)

What does the ZWILLING world include?
In addition to the ZWILLING companies themselves, the ZWILLING World also includes products from the ZWILLING, Staub, Ballarini, Miyabi, Demeyere, and Tweezerman brands, grills and grilling accessories from various manufacturers (including Santos and Flammkraft), and related services (e.g. engraving and grinding services or grilling seminars).

What kind of information can it be?
By information we mean, for example 
-    Offers and promotions
-    News about products and services
-    Recipes
-    Tips such as care tips
-    Reminders for unfinished orders in the ZWILLING online store
-    Information on our applications such as our ZWILLING app and our online presences.
-    other interesting news from the ZWILLING world

In what contexts can invitations be sent?
Invitations can be made to
-    Events and actions
-    Customer surveys and customer feedback
-    Panels / Presentations
-    Sweepstakes
-    Product tests

Sweepstakes and competitions

In the context of sweepstakes and competitions (in short "competitions"), we process the data of the participants for the purpose of conducting the competitions. Users will receive further information on the processing of their data within the framework of the individual competition as well as any consent to the publication of their names or competition entries within the conditions of participation of the respective competition.

• Categories of data processed: Inventory data, contact data, content data (e.g. entries to competitions).
• Legal basis: Art. 6(1)(b) GDPR (Performance of a contract).
• Purpose of the processing: Administration of the competitions, notification of prizes, dispatch of prizes, possibly presentation of winners.
• Necessity / interest in processing: The provision of your data is required in each case for the implementation of the competition in accordance with the respective conditions of participation.
• Categories of recipients: Shipping companies for the purpose of shipping the prizes, possibly partners and sponsors of prizes.
• Deletion of data: As soon as the data is not required for the implementation of the competition (e.g. in the event of queries about prizes); when winners or competition entries are published, these generally remain online permanently; otherwise archiving in the event of a legal obligation (end of contract claims (6 years) and tax law (10 years) retention obligation).

Customer surveys

In connection with your visit to our online shop, it is possible that you will be invited by us to participate in customer surveys. Depending on the survey, you may be invited to participate directly on our website or we may invite you to participate by e-mail.

• Categories of data processed, depending on the survey: Metadata (e.g. referrer URL [the previously visited page], click behaviour, browser type and version, the user's operating system, IP address and the requesting provider), email address (for communication purposes), survey responses. If it is necessary to prevent multiple participations, we use a cookie block by storing a cookie in the participant's browser. This means that the user is recognised on further visits and can be excluded.
• Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).
• Purpose of the processing: Internal analysis of customer preferences, further development and optimisation of our product portfolio as well as sales and marketing purposes.
• Necessity / interest in processing: Participation in a survey is voluntary. However, if you decide to participate, it is in our legitimate interest to use your data for the purposes mentioned above.
• Categories of recipients: Within the ZWILLING Group, access to your data is granted to those business units that need it to fulfil the above-mentioned purposes. Access to your data is also possible by service providers used by us (e.g. service providers who provide the IT infrastructure for processing the survey or for managing our customer data). Your data will be stored within the European Union. However, in the case of IT support or maintenance work, data access from third countries, i.e. a country outside the UK and the European Union, cannot be ruled out.
• Deletion of the data: As soon as we no longer have a legitimate interest in further processing and the deletion does not conflict with any statutory retention obligations.

Vouchers

In certain situations, it is conceivable that we or third parties may provide you with vouchers for purchases in our online shop, e.g. as a thank you for your participation in a survey or other promotions or in the form of discount vouchers when using third-party affiliate programmes. For further information on the respective vouchers, please refer to the respective voucher terms and conditions.

• Categories of data processed: Voucher number, issue date, validity date, redemption date, voucher amount and, depending on the voucher form, authorisation status, name and e-mail address, if applicable.
• Legal basis: Art. 6(1)(b) GDPR  (Performance of a contract)  (e.g. if you participate in a promotion linked to a voucher), Art. 6(1)(f) GDPR  (Legitimate interests) (e.g. if we proactively provide you with vouchers from us).
• Purpose of the processing: Voucher management
• Necessity / interest in processing: The data is necessary for voucher management. It is in our legitimate interest to provide you with vouchers as needed for customer retention or customer acquisition. The redemption of a voucher is voluntary.
• Categories of recipients: Service providers who provide the IT infrastructure for voucher management (order processors). Your data is stored within the European Union. However, in the case of IT support or maintenance work, data access from third countries, i.e. a country outside the UK and the European Union, cannot be excluded.
• Deletion of the data: As soon as we no longer have a legitimate interest in further processing and the deletion does not conflict with any statutory retention obligations.

Affiliate programmes

We are integrated into various affiliate programmes of affiliate network providers (e.g. AWIN) or affiliate platforms (e.g. Unidays). In doing so, so-called affiliate links or other references to our online offer are integrated on third-party websites (collectively referred to as "affiliate links"). If users follow the affiliate links and subsequently purchase products in our online shop, these third-party providers may receive a commission. For this purpose, it is necessary that the respective third-party providers learn that the users have followed an affiliate link and have subsequently made a purchase from us. The assignment of the affiliate links to the respective orders serves the sole purpose of commission settlement.

• Types of data processed: Contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Legal basis: Depending on your agreement with the third-party provider, Art. 6(1)(a) GDPR (Consent), Art. 7 GDPR (Conditions for consent), Art. 6(1)(b) GDPR (performance of the contract within the framework of the third-party provider's affiliate programme) or Art. 6(1)(f) GDPR (our legitimate interest in commission accounting).
• Purposes of processing: Affiliate tracking and commission accounting.
• Categories of recipients: Affiliate partners.
• Deletion of the data: In the case of your consent, as soon as you revoke your consent, otherwise when we no longer have a legitimate interest in further processing and the deletion does not conflict with any statutory retention obligations.

Reach measurement (statistical analysis), online marketing and technology partners

In this section, we inform you which services of technology partners we use for reach measurement and online marketing purposes. Insofar as no anonymous or anonymised data is processed or we do not obtain your prior consent in the context of the use of cookie management (Art. 6(1)(a) GDPR (Consent), Art. 7 GDPR (Conditions for consent)), their use is based on our legitimate interest (Art. 6(1)(f) GDPR) in increasing user-friendliness and optimising and controlling our offer in a more targeted manner.

If you have given your consent to the processing, you can revoke this at any time via the settings in our cookie management. [LP2] If processing is carried out on the basis of our legitimate interest, you generally have the option to object (opt-out). If no explicit opt-out option of the respective service provider used by us has been specified below, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. Alternatively or additionally, you can also use the following general opt-out options: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

In all cases, the categories of data processed include usage data and metadata. Reach measurement and online marketing are carried out in particular on the basis of cookie and web beacon technology. Special categories of data are not processed. Further explanations can be found in the definitions of terms at the end of this privacy policy.

Unless otherwise stated, the deletion of data is determined in accordance with the privacy policies of the technology partners. Further information on individual cookies, their purposes and deletion periods as well as options for cookie management (consent and revocation of consent) can be found at https://www.zwilling.com/uk/privacy-security/cookie-declaration.html

Further information on data processing can also be found in the privacy policies of the respective providers listed below.

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer). The tag manager itself (which implements the tags) does not process any user data. With regard to the processing of users' data, please refer to the following information on Google services.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; privacy policy of the service provider: https://policies.google.com/privacy. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, or such a transfer cannot be ruled out. Guarantee for processing in third countries: EU standard contractual clauses https://privacy.google.com/businesses/processorterms/.

Google Analytics

We use Google Analytics for the purposes of range measurement and target group formation. We only use Google Analytics with activated IP anonymisation. This means that we have activated the IP anonymisation function offered by Google on our website, so that the last octet (type IPv4) or the last 80 bits (type IPv6) of your IP address are deleted. In addition to cookie management in our cookie management tool, you also have the option of using the following opt-out options: http://tools.google.com/dlpage/gaoptout?hl=en (browser add-on), https://adssettings.google.com/authenticated (setting for advertisements).

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy of the service provider: https://www.google.com/policies/privacy ; Within the scope of this service, a data transfer to a third country, i.e. a country outside the UK, takes place or cannot be excluded. Guarantee for processing in third countries (USA): EU standard contractual clauses https://privacy.google.com/businesses/processorterms/.

Google Ads

We use Google Ads to place advertisements on the websites of Google, Google partners and in the display network and to measure their success (conversion measurement). In doing so, we only receive an anonymous overall evaluation, but not information related to individual users. You have the option to use the following opt-out option of the service provider: https://adssettings.google.com/.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US A; privacy policy of the service provider: https://www.google.com/policies/privacy. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, or such a transfer cannot be ruled out. Guarantee for processing in third countries (USA): EU standard contractual clauses https://privacy.google.com/businesses/processorterms/.

Facebook Pixel

We use Facebook pixels to create target groups and measure the success of the advertisements we place on Facebook. The aim is, on the one hand, to display advertisements placed by us on Facebook as precisely as possible to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/) who have also shown an interest in our products by visiting our website. On the other hand, with the help of the Facebook pixel, we can evaluate the effectiveness of the Facebook ads for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook ad. The data collected about you is anonymous to us. However, if you have a Facebook user account, Facebook may link the data to your Facebook user account. You have the option to use the following opt-out option of the service provider: https://www.facebook.com/settings?tab=ads

Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Privacy policy of the service provider: https://www.facebook.com/about/privacy; Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, or such a transfer cannot be excluded. Guarantee for processing in third countries (USA): EU standard contractual clauses and Facebook EU data transfer addendum https://www.facebook.com/legal/EU_data_transfer_addendum.

Microsoft Advertising

We use Microsoft Advertising's conversion and tracking tool to measure the success of the ads we place on Bing. This allows us to track that someone has clicked on an ad, been redirected to our online presence and reached a previously determined website there. We only receive statistical data without any personal reference to the respective user. You have the option of using the following opt-out option of the service provider: https://choice.microsoft.com/en-EN/opt-out.

Service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; privacy policy of the service provider: https://privacy.microsoft.com/privacystatement. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, or such a transfer cannot be ruled out.

Taboola

We use the service Taboola, which creates user-specific recommendations for content and advertisements based on surfing behaviour. The profiles are created using pseudonyms that are not merged with the data about the bearer of the pseudonym. Thus, they also do not allow any conclusions to be drawn about personal data. You have the possibility to use the following opt-out option of the service provider: https://www.taboola.com/privacy-policy#optout.

Service Provider: Taboola, Inc, Kings Court, 2-16 Goodge Street, 2nd fl. , London W1T 2QA, UK; privacy policy of the service provider: https://www.taboola.com/privacy-policy. Within the scope of this service, data is transferred to a third country, i.e. a country outside the UK, or such a transfer cannot be ruled out.

Kameleoon

We use the personalization and web analytics service Kameleoon. The program allows us to analyse user behavior based on (automated) user groups. We can use the analysis of log file data to determine how individual user groups visit the website, which landing pages are visited and how an increase in click-through rates can be achieved. For this purpose, the program analyses your behavior and its context when using this website and assigns this to target groups in an anonymized form.

For the analyses, cookies/local storage of the browser are used, which are linked to a pseudonymized ID. Your IP address is completely anonymized and not stored. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in the EU and stored there in aggregated and pseudonymized form. The IP address transmitted by your browser as part of Kameleoon is not merged with other data from Kameleoon.

Service Provider: Kameleoon SAS, 12 rue de la Chaussée d'Antin - 75009 Paris, France. Privacy policy of the service provider https://www.kameleoon.com/en/privacy-policy/. In addition to adjusting your cookie settings, you have the option to deactivate Kameleoon tracking via this link.

 

Section III - Data subject rights and general information

Data subjects' rights

Rights of the data subjects

You have the right to request confirmation as to whether data relating to you is being processed and to be informed about this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request that the data concerning you be completed or that the incorrect data concerning you be corrected.

In accordance with Article 17 of the GDPR, you have the right to demand that data relating to you be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with Article 18 of the GDPR.

You have the right to obtain the data concerning you that you have provided to us in accordance with Art. 20 of the GDPR and to request that it be transferred to other data controllers.

You also have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR.

Right of withdrawal

You have the right to revoke any consent you have given in accordance with Art. 7(3) GDPR with effect for the future.

Right of objection

Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms, you may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Duty to provide

Unless otherwise stated above in the respective information on the legal basis for processing, you are not obliged to provide data. In the cases of Art. 6(1)(b) GDPR (Performance of a contract)), however, the data is required for the performance or conclusion of a contract. If you do not provide the data concerned, the fulfilment or conclusion of the contract is not possible. In the cases of Art 6(1)(c) GDPR (Legal obligation), we are legally obliged to process the data. If you do not provide us with the data in the cases of Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR  (Legitimate Interests), the use of the affected parts of our website or services is not possible or only possible to a limited extent.

Transmission of data

If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), grant access to the data or transfer it in any other way, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to shipping and payment service providers, is necessary for the performance of the contract pursuant to Art. 6(1)(b) GDPR (Performance of a contract)), you have consented, a legal obligation pursuant to Art. 6(1)(c) GDPR (Legal obligation) provides for this or on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR (Legitimate interests) (e.g. in the case of receivables management).

If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR (e.g. in the processing of complaints or general product advice enquiries by service providers commissioned by us), which sets out the requirements for engaging a processor.

If we pass on data to other companies in our group of companies, grant access to the data or transfer it in any other way, this is done in particular for administrative purposes as a legitimate interest pursuant to Art. 6(1)(f) GDPR (Legitmate interests) or on the basis of commissioned processing. To the extent necessary, we have concluded intra-group data processing agreements for this purpose.

Transfers to third countries

Any transfer of your data to a third country (i.e. to a country outside the UK) will take place in accordance with Art. 44 et seq. GDPR. If a transfer is therefore not already permitted on the basis of the legal permissions there (e.g. to enable the delivery of goods ordered by you to an address given to you in the third country, see Art. 49(1)(b) GDPR), we have provided data protection guarantees to ensure a sufficient level of data protection for your data in these cases as well (e.g. the conclusion of officially recognised special contractual agreements, so-called "standard contractual clauses"). To obtain further information on the guarantees mentioned, please contact our data protection officer.

Section IV - Definitions

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the General Data Protection Regulation (GDPR) and defined primarily in Art. 4 GDPR. The following explanations are primarily intended to help you understand them. The terms are sorted alphabetically.

• Anonymous data - Anonymity is when a person is not at least identifiable by the data controller using the means at its disposal. In particular, aggregated data can be anonymous. This is a summary of data in a way that no longer allows conclusions to be drawn about a specific person (e.g. summary of the time our users spend on our website as an average value).
• Conversion - "Conversion" or "conversion measurement" refers to a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then retrieved again on the target website (e.g. we can thus track whether the ads we have placed on other websites were successful).
• Cookies - Depending on the settings you choose and your consent, we use temporary and permanent cookies, i.e. small files that are stored on users' devices. Further information on individual cookies, their purposes and deletion periods, as well as options for cookie management (consent and revocation of consent) can be found at https://www.zwilling.com/uk/privacy-security/cookie-declaration.html
• Demographic data - Demographic data is general information about groups of people or individuals, e.g. characteristics such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected within the scope of reach measurement and in online marketing for the purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups.
• Third country - Third countries are countries outside the UK for which the UK's government has not determined a level of data protection comparable to the GDPR (e.g. USA).
• IP address - The IP address ("IP" stands for Internet Protocol) is a sequence of numbers by which devices connected to the Internet can be identified. When a user calls up a website on a server, he or she informs the server of his or her IP address. The server then knows that it must send the data packets with the content of the website to this address.
• Plugins - Plugins are third-party software functions that are integrated into the online offer (e.g. videos or maps).
• Pseudonymisation - "Pseudonymisation" means the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and it is ensured that the personal data are not attributed to an identified or identifiable natural person.
• Reach measurement - Reach measurement is used to evaluate the flow of visitors to an online offer and can include their behaviour, interests or demographic information, such as age or gender. With the help of reach analysis, website owners can, for example, see which types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimise the content of the website to the needs of their visitors.
• Single sign-on - "Single sign-on" or "single sign-on authentication" is the term used to describe a procedure that allows users to log on to an online service, including other online services, with the help of a user account. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the required access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. In the course of such authentication, we receive a user ID with the information that the user is logged in under this user ID at the respective single sign-on provider and an ID that is not further usable for us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected in the context of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, this can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are requested to note that their details stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually occurs. If, for example, users' e-mail addresses change, they must change them manually in their user account with us. Should users decide at some point that they no longer wish to use the link between their user account and the single sign-on provider for the single sign-on procedure, they must remove this link within their user account with the single sign-on provider. If users wish to delete their data from us, they must cancel their registration with us.

• Tracking - Tracking is when the behaviour of users can be traced across multiple online services.
• Web beacons - "Web beacons" (or "pixels", "measuring pixels" or "tracking pixels") are small, pixel-sized graphics that are embedded in web pages or HTML e-mails. In this way they allow, for example, to determine whether an email has been opened (at least if the image display in emails is activated) or how often a website is called up by a user.