Privacy Notice Introduction

Horze (later “we”) respects your privacy and is dedicated to protecting the privacy of persons using our products and services. The Privacy Notice helps you to understand what personal information (“Personal Data”) we collect, and how we use it. “Personal Data” refers to information, which allows a person to be directly or indirectly identified as an individual person.

The Privacy Notice applies to your use of our products and services and you should read it before using the products and services. If you do not agree to the terms of the Privacy Notice, you should not use the products and services.

If you are under 16, we will need to receive a parental consent for you to use our products and services. See further instructions in the section Privacy Notice / Consent.

Tietosuojavastaava:

datenschutzbuero.HAMBURG
Mag. jur. Djoko Lukic
Suhrenkamp 59
22335 Hamburg
https://datenschutzbuero.hamburg

Summary

The Privacy Notice will give you more detailed information on the following subjects:

Contact information

Who we are and how you can contact us upon any concerns regarding your Personal Data.

Personal Data we collect and sources of information

We collect different types of Personal Data such as name, email-address and IP-address.

We collect information from various sources such as Check-out page, Newsletter signup, etc.

Purpose and legal basis for processing Personal Data

We use your Personal Data for Email marketing, Customer Service, Order processing, etc.

The legal basis for collecting Personal Data is first of all to enable us to process your order. Furthermore, we collect your Peronal Data in order to send you relevant information of our products and services.

Consent

We need your consent before we process your Personal Data.

You have the right to withdraw your consent regarding further processing of your Personal Data.

If you are under 16, we need to receive a parental consent.

Retention of Personal Data

The Personal Data is only stored for the time necessary to fulfill the purposes it has been collected for unless a longer retention period is required by law.

The retention periods depend on the purpose of the processing and type of the information.

Transfer of Personal Data

Horze only uses top professional third-party partners and systems that comply to the EU data protection regulations. Furthermore, Horze has signed a data protection agreement with each of them to ensure they do not misuse any of our customers Personal Data.

Protection of Personal Data

We commit to follow the security provisions of applicable data protection regulation(s), as well as to process Personal Data in compliance with good processing practices. Our personnel and processors that process Personal Data are obliged to keep Personal Data strictly confidential. Access to Personal Data is only granted to those employees that need the information to perform their work tasks.

Rights of the Data Subjects and Supervisory Authority

For any questions or complains regarding processing your Personal Data, you can contact Horze Data Privacy Officer by email at privacy@horze.com. You also have a right to contact the data protection supervisory authorities directly. Contact information of the applicable supervisory authority can be found here: https://tietosuoja.fi/en/our-data-protection-policy.

Privacy Notice

1. Controller and contact information

Horze International GmbH
Flemingstraße 20-22
36041 Fulda
Germany

VAT number: DE288579384
Register number: HRB 7995 
Registered in: Amtsgericht Fulda

2. Scope

All persons (data subjects) whose Personal Data is collected in connection to the Products and Services delivered via Horze web-sites and Horze Shops.

3. Personal Data processed and sources of information

The information we collect include the following categories of Personal Data:

  • Indentity and Contact details (such as name, email, telephone number and shipping, billing address)
  • Login and account information (such as username and password)
  • Payment or credit card information
  • Images, photos and videos
  • Personal preferences (such as your wish list as well as marketing and cookie preferences)
  • Electronic identification data (Internet Protocol (IP) address, username, password, cookies, device identification data such as type, MAC address, browser and Operating System)
  • Location data (such as General location based on Internet Protocol address, geolocation from your mobile device)
  • Personal characteristics (such as date of birth, age, gender)
  • Lifestyle data and preferences such as leisure activities and interest

We collect the information in following ways:

We ask you for certain Personal Data that we need in order to provide you the products or services you request. For example, when you make purchases, contact our Customer Service, request to receive communications, create an account, participate in our events or contests, or interact with our Sites or our Shops.

When interacting with our Sites and Apps, Personal Data is automatically collected and shared with Horze by the technology platforms providing the experience. For example, your web browser or mobile device may share certain Personal Data with Horze as those devices interact with Horze’s Sites or Apps. More information about these practices is included in our Cookie Policy.

4. Purpose and legal basis for processing Personal Data

We use the Personal Data we collect from you in the following ways:

To Deliver and fulfil your Purchases and other Services You Request

When you use our Sites and Apps, we will use your Personal Data to provide the product or service you have selected. For example, if you make a purchase on Horze website, or participate in an event or promotion, we will use the contact information you give us to communicate with you about the purchase, event or promotion. If you reach out to our Customer Service, we will use information about you, such as delivery or payment information, or the product you have purchased to help you resolve a problem or question.

In many cases, to use particular features within our Sites, and services you may need to provide Horze with additional Personal Data or additional consent to use particular Personal Data in a certain way.

The legal basis for processing this Personal Data is the purchase contract with its terms and conditions.

To Communicate Information about our Products, Services, Events and Promotions

If you are an existing customer of Horze (for example, if you have placed an order with us), we may use the email address provided to send you marketing communications about similar Horze products or services, unless you have opted-out. In other cases, we ask for your consent to send you marketing information about Horze’s products, services, events and promotions. We use the information that you provide to us as well as information from other Horze products or services - such as your use of Horze’s Sites and Apps, your visits to or purchases made in Horze Shops, your participation in Horze events and contests (possibly through other Horze affiliates) - to personalize communications on products and services that may be interesting for you.

The legal basis for processing this Personal Data is your consent and our legitimate interest to provide information, news and offers.

To Operate, Improve and Maintain our Business, Products and Services

We use the Personal Data you provide to us to operate our business. For example, when you make a purchase, we use that information for accounting, auditing and other internal functions. As another example, we use Personal Data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our Sites and Apps. See more information about automatic profiling in our Cookie policy.

The legal basis for processing this Personal Data is a legitimate interest.

To Protect Our or Others' Rights, Property or Safety

Based on legitimate interest, we may also use Personal Data about how you use our Sites and Apps to prevent or detect fraud, abuse, illegal uses and violations of our Terms of Use and to comply with court orders, governmental request or applicable law.

For General Research and Analysis Purposes

We use Personal Data about how our visitors use our Sites, Apps and Services to understand customer behavior or preferences. For example, we may gather and analyze information about site search to better understand how to optimize our product offering and customer experience to our customers and site visitors.

Other Purposes

We may also use your Personal Data in other ways, but we will provide specific notice at the time of collection and obtain your consent where necessary. In these cases the legal basis for processing your Personal Data is based on your consent or our legitimate interest.

If you have received any unauthorized or inappropriate advertisement or other marketing through our products and/or services, we ask you to contact privacy@horze.com.

5. Consent

At Horze we take privacy very seriously. It is important for us to be transparent and ask for your consent when required for processing your Personal Data.

Parental consent

If you are below 16 years old and using our services, please make sure that your parents approve the processing of your Personal Data.

If you believe that we might have any information from or about a child under the age that requires parental consent, without a parental consent, please contact us at privacy@horze.com.

Withdrawal of consent

You can withdraw your consent at any time. We will comply with such request unless there is another legitimate ground to process the Personal Data.

For email marketing you can withdraw your consent using the unsubscribe link provided in all emails or by logging in on "My account" page on our webshop and change your marketing preferences from there.

For Cookie consent: Please read our cookie policy.

You can contact privacy@horze.com for all other requests related to withdrawal of consent.

6. Retention of Personal Data

The Personal Data we collect is retained for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law. Thereafter, the Personal Data will be deleted within a reasonable timeframe or rendered anonymous.

The retention periods depend on the purpose of the processing and type of the information.

Personal Data and retention periods are listed in the table below:

Category of Personal Data Retention period or criteria used to determine the period
Customer Data
Core customer and transactional data
  • Horze keeps all customer data for 10 years since the transaction date for legal basis reasons. After that data will be anonymized.
  • This also includes customer service tickets that are directly related to an order.
Customer service data
  • Support tickets and other customer service data related will be deleted 3 years after last update to the case.
Shipping data
  • Shipping companies have different policies related to retension. See privacy policy for each shipping provider in the section "Processing Operations"
Payment data
  • Payment providers are under strict regulation from goverments in each country. See privacy policy for each payment provider in the section "Processing Operations".
  • Horze does not keep any personally identifiable financial information such as credit card numbers.
Marketing Data
Browsing data
  • Browsing Data will be stored for 6 months since your last session.
Email marketing data
  • If you withdraw your consent to email marketing Horze will delete your contact data within one year of the withdrawal.
  • If you have given your consent but we do not register any activity (read, click or purchase) we will delete your contact data from our database within reasonable time period.
Other third-party marketing data
  • Facebook and other third-party marketing services that Horze is using have their own privacy policy.
  • Please see the privacy policy which you can find in the chapter "Processing Operations".
CCTV Data

Applies only when visiting our physical Horze Shops. CCTV data is kept for security reasons and will always be deleted after 30 days.

Analytics Data
Salesforce Commerce Cloud and Salesforce Marketing Cloud
  • Salesforce stores the analytics data for 6 months since the latest update.
Google Analytics
  • Analytics data will be automatically deleted after a retention period of 38 months.
Hotjar
  • Hotjar will maximum keep data for up to 5 years.

7. Transfer of Personal Data

Horze is using various systems to provide a good and personalized service and keep our web-sites operational. Such third-party systems will only store and use Personal Data that is needed for them to complete the service they provide to Horze.

Horze only uses top professional third-party partners and systems that comply to the EU data protection regulations. Furthermore, Horze has signed a data protection agreement with each of them to ensure they do not misuse any of our customers Personal Data.

Some third party service providers, e.g. payment providers, are under goverment regulations and have strict guidelines for information we have to give them for your purchase related transactions. When you leave the shop at our web-site or get directed to third-party website or App, you are no longer governed by this privacy notice and our terms and conditions.

 

Horze is transferring Personal Data to the following Data Recipients:

System Description Data Recipients Data Recipients Outside EU/EEA, Transfer SafeGuard
Payment processors

Horze uses Klarna, Ingenico and Paypal for payment processing.

These third party payment processors process payments made to us. In connection with the processing of such payments, Horze does not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly to our third party processors, whose use of your Personal Data is governed by their privacy policy.

Klarna Privacy

Ingenico Privacy

PayPal Privacy

 
Shipping

PostNord, DHL, PostNL, Unifaun, DPD, Bring and Posti are used to provide the delivery service for Horze.

We provide these shipping companies with necessary information such as name, address and phone-number so they can fullfil the delivery service to your satisfaction.

PostNord Privacy

DHL Privacy

PostNL Privacy

nShift Privacy

DPD Privacy

Bring Privacy

Posti Privacy

 
Analytics

Horze uses Google Analytics and Hotjar for analytics services. They help for example to identify issues at the web-site so we can improve the experience for you as a visitor/customer.

Google Privacy

Hotjar Privacy

 
Marketing

Whenever you visit one of our web-sites we use Salesforce Commerce Cloud and Marketing Cloud systems to handle browsing data for profiling in order to optimize and personalize your experience.

Furthermore, we use the following marketing systems for various marketing purposes: Facebook, Google Adwords, BlueCore, Talkable, Sleeknote, Adroll, Affilinet, AdTraction.

Salesforce Privacy

Facebook Privacy

Google Privacy

Sleeknote Privacy

Adroll Privacy

Afilinet Privacy

AdTraction Privacy

Talkable Privacy, Safe Harbor Privacy Principles

BlueCore Privacy, EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework

Customer service

Olark for web-chat, Sipgate for phone-service.

Olark Privacy

Sipgate Privacy

 

In addition we are using consultants and contractors from different companies (such as Northern Logistics) working under our supervision for processing the Personal Data on behalf of us. We have signed and NDA/DPA with these companies to ensure your Personal Data is protected.

We may share your information in connection with any merge, sale of our assets, or a financing or acquisition of all or a portion of our business.

In exceptional cases, Personal Data may be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.

8. Protection of Personal Data

We commit to follow to the security provisions of applicable data protection regulation(s), as well as to process Personal Data in compliance with good processing practices. Our personnel and processors that process Personal Data are obliged to keep Personal Data strictly confidential. Access to Personal Data is only granted to those employees that need the information to perform their work tasks.

All Personal Data is protected by appropriate industry standards and technical and organizational safety measures.

We inform the authorities and users/data subjects of data breaches according to applicable information security and data protection regulation(s).

9. Rights of the Data Subjects and Supervisory Authority

Right to access and correct

You have the right to obtain information from us regarding your Personal Data that we process. You have the right to have corrected and/or removed any incorrect, incomplete, outdated, or unnecessary Personal Data.

Right to object and restriction of processing

You have the right to object to certain types of processing of your Personal Data, including direct marketing, if such data are processed for other purposes than purposes necessary for delivering the products and/or services to you or for compliance with a legal obligation.

You have the right to object to any further processing of your Personal Data after prior given consent. If you object to the further processing of your Personal Data, this may lead to fewer possibilities to use products and/or services.

You have the right to request us to restrict processing of your Personal Data. This may however lead to limited possibilities to use our products and services.

Right to erasure

You have the right to ask us to delete your Personal Data that we process. We will comply with such request unless we have a legitimate ground to not delete the data.

After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems. Such copies shall be deleted as soon as reasonably possible.

Right to data portability

You have the right to receive Personal Data provided by you to us, in a structured, commonly used format. You have the right to transmit the Personal Data to another controller. You can also have the Personal Data transmitted directly to another controller, if technically feasible.

Objecting to direct marketing and withdrawal of consent

You can deny any direct marketing and withdraw your consent regarding electronic direct marketing. You can always withdraw any other consent including parental consent. See separate chapter on Consent.

How to use the rights

These rights can be used by updating your preferences on the My Account page or by sending an e-mail to us on privacy@horze.com, including the following information: name, phone number, email address, user id and details of the products and services you have used. We may request additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

Right to lodge a complaint with the supervisory authority

In case you consider our processing activities of your Personal Data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain to the data protection supervisory authorities.

Contact information of the applicable supervisory authority (Data Protection Ombudsman) can be found here: https://tietosuoja.fi/en/our-data-protection-policy

10. Changes to this Privacy Notice

We may change this Privacy Notice from time to time, whenever necessary. All changes hereto will be made available on https://www.horze.eu/privacy-policy.html. We will inform of the changes in the products and services by email, if available, in case of any significant changes affecting your rights.

This Privacy Notice has been published on 01.05.2018.

Privacy Notice Change History:

Date Version number Change description
01.05.2018 2.0

First version of the new policy based on the General Data Protection Regulation (GDPR) (EU) 2016/679