Mammut UK Ltd. takes data protection issues very seriously and collects, processes and uses your personal data exclusively in accordance with the principles described below, taking into account the applicable data protection laws.
The controller responsible for operating the Mammut website (hereinafter called the "Website") and the Mammut online store (hereinafter called the "Online Store"), as well as for collecting, processing and using your personal data in accordance with the applicable data protection provisions is Mammut UK Ltd., Office 1&2, Brookside Mill, Brook Street, GB-Macclesfield Cheshire SK11 7AA (“Mammut”).
B. COLLECTION AND STORAGE OF PERSONAL DATA/DATA CATEGORIES
The term "personal data" refers to all information relating to an identified or identifiable natural person. This includes, for example, your name, telephone number, postal address and e-mail address.
Personal data, as defined in the applicable data protection provisions, also include information concerning your use of the Website, which are collected, processed, stored and used by our Web servers to enable the provision and optimisation of our Website and ensure system security and for statistical purposes (the "User Data"). These include, inter alia, the connection data of the requesting computer (IP address), the pages that you visit on our Website, the date and length of your visit, the identification data of the type of browser and operating system used, the website from which you visit us and the length of time until the order is placed.
Apart from the User Data described in para. (2) above, we will only collect personal data if you voluntarily share them with us. The following data are collected when you open a customer account: title, name, postal address, e-mail address (“Registration Data”). When you place an order, the following additional data is collected: payment information, such as your bank details or credit card number, as well as data concerning the products ordered/the contents of your shopping cart (“Order Data”).
You have the option to update the data in your customer account anytime und to add further details (e.g. your telephone number or date of birth) on a voluntary basis.
If you subscribe to our Newsletter (see Section F. below), we will collect and process the following personal data: title, name, e-mail address.
The personal data collected from you (Registration Data, Order Data and User Data) are stored lawfully and as specified by the applicable data protection provisions. Your data will, of course, be treated confidentially.
C. PURPOSES OF DATA PROCESSING AND LEGAL BASES
Your Registration Data and Order Data will be used to perform the agreements concluded between you and us, particularly for delivering ordered products to the address provided by you. The legal basis for this processing is performance of the agreement, respectively conducting precontractual activities. The provision of these personal data is a contractual requirement. If you do not provide these personal data, you cannot set up a customer account or order any products, as applicable.
If we have received your e-mail address in connection with the purchase of a product or service, we will use your e-mail address for advertising similar products or services of our own. You can opt out of this use of your e-mail address for these purposes at any time without incurring any cost other than the applicable transmission costs at the basic rates. The legal basis for this processing is our legitimate interests in processing personal data for direct advertising.
Furthermore, provided you have given your consent, your data may be used for purposes of internal marketing research or designing our product line to meet our customers' needs, as well as for sending e-mails containing information about our offerings, i.e. products and services that may interest you (e.g., tours). For purposes of market research and to design our product line in a goal-oriented manner so as to meet our customers' needs on all our sales channels, your data, which have been collected via several different communications channels and systems for mail order, over-the-counter trade and online trade, will be merged into a centralised electronic customer data-base, analysed and used for marketing campaigns. The legal basis for this processing is your consent.
Provided you have given your consent, in addition to the data transmitted by you, automatically generated data will also be collected and utilised to design advertising tailored to you. These include, for example, e-mail receipt and read confirmations, information about the computer and operating system used, orders already placed, date and time of your visit to our website, as well as products viewed by you. The legal basis for this processing is your consent.
To the extent technically possible and reasonable, you can also use our website anonymously or under a pseudonym.
Your Registration Data, Order Data and User Data will be processed by persons in departments of Mammut who need to know the personal data.
Your Registration Data, Order Data and User Data will also be transmitted to affiliated companies of Mammut, particularly to Mammut Sports Group AG, Birren 5, 5703 Seon, Switzerland. Disclosure to Mammut Sports Group AG is made for the purpose of centralised storage, evaluation and management of administrative tasks, as well as for marketing purposes. The legal bases for the disclosure are the legitimate interests of Mammut and of Mammut Sports Group AG, particularly internal management purposes, as well as marketing purposes. Switzerland is a third country according to the applicable data protection law, however, the EU Commission has issued an adequacy decision for Switzerland. Your data will be transmitted to Switzerland and stored there securely.
For purposes of delivering goods and processing payments, we transmit the necessary data to logistics companies and payment service providers. These service providers are carefully selected and contractually obligated to treat your data confidentially and to use them exclusively for purposes of making the delivery or processing payment, as applicable.
Furthermore, unless this Data Protection Policy specifies otherwise, we will only disclose your personal data to third parties if we are authorised or obligated to do this based on legal provisions or official or court orders or if you have given us your express consent to do this.
If you register for the Mammut newsletter and have consented to receiving newsletters and advertising e-mails, we will use your e-mail address for internal advertising purposes. You can opt out of delivery of the newsletter and the use of your e-mail address for advertising purposes with prospective effect at any time by clicking on the link included in the newsletter or in the promotional e-mails or via e-mail to email@example.com. We will also notify you separately of this right to opt out in the e-mail that accompanies our newsletter and in all other promotional e-mails. The legal basis for the processing of your personal data is your consent.
G. WEB ANALYSIS
This Website uses Google Analytics, a web analysis service of Google Inc. („Google“, www.google.com) and Econda Shop Monitor from Econda GmbH (“Econda“, www.econda.de).
Google Analytics uses "cookies", text files that are stored on your computer and make it possible to analyse your use of the Website. The information generated by the cookie regarding your use of this Website is normally transferred to one of Google's servers in the USA and stored there. IP anonymisation has been activated on this website, so the IP address of users will be abbreviated beforehand by Google within Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to one of Google's servers in the USA and abbreviated there. Google will utilise this information on behalf of the operator of this Website to analyse the use of this Website, compile reports on Website activity and to provide its operator with additional services related to the use of the Website and of the Internet. The IP address transmitted by your browser in connection with Google Analytics will not be combined with other Google data. You can find additional information about data protection at Google here. You can prevent the storage of cookies by configuring your browser software appropriately; however, please note that, if you do this, you may not be able to use all of this Website's features to the fullest extent.
You can also prevent the data generated by the cookie regarding your use of the Website (including your IP address) from being recorded and transferred to Google and from being processed by Google by downloading and installing the browser plugin via the following link.
To ensure the tailored design and optimum performance of this website, as well as for marketing purposes, solutions and technologies from econda GmbH (www.econda.de) not only collect and store anonymised data but also utilize these data to compile usage profiles by means of pseudonyms. Cookies can be used for this purpose which make it possible for an Internet browser to be recognized. Usage profiles will only be stored together with data pertaining to the pseudonymous visitor with his or her express consent. IP addresses, in particular, are rendered indecipherable immediately after receipt, which makes it impossible to match a usage profile with an IP address. Visitors to this website can opt out - at any time - of the collecting and storing of their data. (Note: As regards opting out, please refer to the following link.)
H. USE OF SOCIAL PLUGINS
On the Website, we use "social plugins", e.g. from Facebook, Twitter, Google etc., which bear the logo of the respective provider. These plugins are intended to better distribute the content of our website. The legal basis for this processing is our legitimate interest in distributing the content of our website.
Our website contains buttons that allow you to share content on the sites regarding the services of Facebook, Twitter and Google. Facebook, Twitter and Google are social networks that are not affiliated with Mammut. They have their respective registered offices at the following addresses:
Facebook: 1 Hacker Way, Menlo Park, CA 94025, USA
Twitter: 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Google: 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
If you use the “share” buttons of Facebook, Twitter or Google, your device accesses the respective websites. As a result, your data are sent to the party associated with the “share” button. Your computer will use your browser to set up a direct connection to the provider's computer. The plugin's content is transferred by the provider directly to your computer and integrated into the web page by your browser. The provider thereby receives notification that you have called up the relevant Mammut Website. If you are simultaneously logged on to the respective provider, this provider may also add your visit to your profile. You can obtain more information about the collection, use and disclosure of your personal data by Facebook, Twitter and Google in their respective privacy statements, which you can access on their respective websites.
I. DATA SECURITY
Your payment data are protected in the course of transmission to our servers by using SSL security procedures (Secure Socket Layer) in connection with 256-bit encryption. You can check the security of the connection using the information in your browser's URL display. If the start of the address line changes from "http" to "https", the connection is secure.
Furthermore, all service providers used for purposes of processing payments are PCI-DSS certified (Payment Card Industry Data Security Standard). By complying with the PCI Data Security Standards, they fulfil the most stringent requirements of e-Commerce industry standards. More information about this is available, for instance, at www.pcisecuritystandards.org.
J. RETENTION PERIODS
We will keep your personal data as long as necessary to perform the requested service for you. If we no longer need your personal data for purposes of complying with our contractual or statutory obligations, we will delete the data from our systems or anonymise them appropriately so that any identification is impossible, unless we must retain information, including your personal data, in order to comply with statutory or official obligations to which we are subject, e.g., statutory retention periods indicated in the Commercial Code or the Tax Code, which generally last for 6 to 10 years or, if we have to safeguard evidence for the statutory limitations periods, which are normally 3 years, but may last up to 30 years.
K. RIGHTS OF DATA SUBJECTS
Under the applicable data protection provisions, you have, where applicable, the right to (i) information regarding your stored data, (ii) correction, (iii) restriction, (iv) deletion, (v) opt out, (vi) data portability and (vii) revocation of your consent. You can find more detailed information about the various individual rights in the Appendix to this Data Protection Policy. You also have the right to submit a complaint to a supervisory authority.
Should you have any additional questions concerning data protection and the exercise of the above rights, please e-mail us at firstname.lastname@example.org. Of course, you may also use the contact details provided in the Legal Information section of our Website or the contact forms provided on the Website and in the Online Store. Mammut will process and use the information provided by you exclusively for purposes of handling your request.
Mammut reserves the right to amend this Data Protection Policy from time to time. We will notify you in good time before any change or addition.
If you have granted your consent for certain data processing operations, you can revoke your consent prospectively at any time. This type of revocation does not affect the lawfulness of the processing performed based on the consent until the time of revocation.
Under the applicable data protection provisions, you have, where applicable, the right to (i) information (ii) correction, (iii) deletion, restriction on processing, (iv) data portability and/or (vii) opt out of the processing. The aforementioned rights may be restricted under national data protection provisions. Specifically:
(i) Right to information: You have, where applicable, the right to require us to confirm whether personal data concerning you are being processed and, if so, you have the right to receive information about these personal data. The right to information includes, in particular, the purposes of the processing, the categories of personal data processed and the recipients or categories of recipients to whom the personal data are disclosed. Moreover, you have the right, where applicable, to receive a copy of the personal data processed. However, this right is not unlimited, as the rights of other persons may restrict your right to receive a copy. The right to information is restricted by Section 34 of the Federal Data Protection Act (FDPA).
((ii) Right to correction: You have, where applicable, the right to require that incorrect personal information concerning you be corrected. Taking into account the purposes of the processing, you have the right to require that incomplete personal data be completed, including by means of a supplementary declaration.
(iii) Right to deletion (“right to be forgotten”): Under certain conditions, you have the right to require us to delete personal data concerning you, and we are required to delete such personal data. The right to deletion is restricted by Section 35 FDPA.
(iv) Right to restriction of the processing: Under certain conditions, you have the right to require us to restrict the processing of your personal data. In this case, the relevant data will be marked and used by us only for certain purposes.
(v) Right to data portability: Under certain conditions, you have the right to receive, in a structured, conventional and machine-readable format, the personal data that you have provided to us concerning you, and you have the right to transmit these data to another controller without interference from us.
To exercise these rights, please contact us as described in L.2.
RIGHT TO OPT OUT PURSUANT TO ART. 21 GENERAL DATA PROTECTION REGULATION
You have the right to opt out, on grounds relating to his or her particular situation, at any time to the processing of personal data that concerning you which is based on Art. 6(1)(e) (data processing in the public interest) and (f) (data processing based on legitimate interests) General Data Protection Regulation. If you opt out, we will no longer process your personal data unless we can demonstrate that we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to opt out, at any time, of the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling to the extent that it is related to such direct marketing.