Welcome to our website and thank you for your interest in our company. We take the protection of your personal information very seriously. We process your data in accordance with the applicable data protection regulations, especially the General Data Protection Regulation (GDPR) and the country-specific implementing regulations applicable to our company. This Privacy Notice provides a detailed explanation of how s.Oliver Bernd Freier GmbH & Co. KG processes your personal data and the rights you have with regard to your personal information.

Personal data refers to any information that is related to an identified or identifiable natural person. This includes a name, date of birth, address, telephone number, email address and even an IP address.

Data is anonymous when no personal connection to the user can be established.

Responsible Body and Data Protection Officer:

• Address: s.Oliver-Straße 1, 97228 Rottendorf

• Contact information: Tel.: +49 (0) 9302-309-0 / Email: info@soliver.com / www.soliver-group.com

• Data protection contact: datenschutz@de.soliver.com

Secure Transfer of Your Data

We implement technical and organizational security measures to protect the data that we store against manipulation, loss, destruction and access by unauthorized persons as far as possible. The security levels are constantly monitored in collaboration with security experts and adjusted in line with new security standards.

Data transmitted to and from our website is encrypted. We offer HTTPS as transmission protocol for our website, always using the latest encryption protocols. There is, of course, also the possibility of using alternative channels of communication (e.g. by mail).

Data Storage Duration

We store your personal data only for the duration required to achieve the relevant processing purpose. Please note that there are numerous retention periods that require data to be retained for longer than this. This applies in particular to aspects concerning commercial law or tax law (e.g. commercial code, tax code, etc.). When the purpose has been achieved or the obligation to retain data has expired, the corresponding data is routinely deleted.

We can also retain your data if you consent to this or in the case of legal disputes where relevant data can be retained as evidence according to statutory limitation periods, which can be up to thirty years; the usual limitation period is three years.

Categories, Sources and Origins of Data

The data we process is determined by the relevant context: This depends on whether you, for example, place an order online, make an inquiry using our contact form, send us an application or submit a complaint.

Please note that for specific processing scenarios we may make relevant information available separately at the appropriate location, e.g. when application documents are uploaded or in the event of a contact request.

When you visit our website, we collect and process the following data:

When you visit our website, we generally do not require any personal data from you. By accessing our website, you transmit data (for technical purposes) to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

• Name of the internet service provider (ISP)

• Information about the website you visited prior to visiting our website

• The web browser and operating system you are using

• The IP address assigned to you by your internet service provider

• Requested files, transferred data volume, downloads/exported files

• Information about the web pages you visit on our website, including the date and time of each visit

For reasons of technical security, in particular to prevent attempts to attack our web server, this data is temporarily stored by us in accordance with Article 6(1)(f) EU GDPR. After seven days at the latest, the data is anonymized at domain level by truncating the IP address, so that it is no longer possible to establish a reference to the individual user.

In the event of a contact request submitted via our contact form, we collect and process the following data:

• Name, surname

• Email address

• Your message itself

Purposes and Legal Bases of Data Processing

When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are observed. The legal bases for processing are set out in Article 6 of the EU GDPR.

We use your data for initiating business, to meet contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your granting of consent in specific cases may serve to establish consent under data protection law. Before granting your consent, we will clarify the purpose of the data processing and your right to withdraw consent.

Cookies (Art. 6(1)(a) and (f) GDPR; Section 25 (1) and (2) TTDSG)

Our website uses cookies. These serve to make our website offerings more user-friendly, effective and secure. Cookies are small text files that are stored locally on your end device by your browser. Cookies only contain mostly anonymous and some pseudonymous data. Some cookies only exist for the duration of a single session (session cookies), while others are saved on a long-term basis (persistent cookies, e.g. consent settings). The latter are deleted automatically after the relevant storage duration has elapsed (generally six months). In addition to our own cookies, our website also uses cookies controlled by third parties. Third parties use the information in the cookies to show you certain content, for example, or to record the sites you visit.

Based on our legitimate interest (Art. 6(1) sentence 1 (f) GDPR), we store strictly necessary cookies on your end device. These cookies are strictly necessary for the correct operation and functionality of the website. Furthermore, we also store cookies on your end device provided that the sole purpose of the cookies is to store information or access information on the end device in order to carry out the transmission of a communication, as well as cookies that are strictly necessary in order to be able to provide a service that was explicitly requested by you, in accordance with Section 25(2) TTDSG (Telecommunications and Telemedia Data Protection Act).

Provided that you have given your consent, we also use additional cookies that make it possible for us or third parties to analyze how our services are used. In this way, we can adapt the content to user requirements accordingly. Cookies also help us to measure the effectiveness of a particular advertisement and to place it, for example, depending on the thematic interests of the user. The legal basis for this is your explicit consent (Art. 6(1)(a) GDPR, Section 25(1) TTDSG).

You can revoke your consent via our consent banner at any time with effect for the future and you can change the cookie settings. Please note that changes must be made separately on each end device.

[Consent tool call-up]

If you have an account with the third parties used by us and you are logged into the relevant account, the data can be linked to the relevant account. You can prevent this merging of your data by not providing consent for the relevant cookies or by revoking your consent, or by logging out of the relevant third-party account prior to visiting our website.

Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or via software-supported settings. If you block all cookies, then you may not be able to fully use all of the functions of our website.

Please also note the information provided in the sections for the relevant service that uses cookies.

Cloudfront (Art. 6 (1)(f) GDPR)

This website uses the Cloudfront content delivery network (CDN). This is a service from Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN copies the data of a website to various Amazon Web Services (AWS) servers distributed around the world and allows users to access the data through these servers. This reduces loading times, increases reliability and provides additional protection against data loss. Some of the images and videos embedded on this website are served by the Cloudfront CDN when the site is called up. As a result of this call-up, information about your use of our website (such as your IP address) is sent to Amazon servers and saved there. This occurs as soon as you visit our website. We use Amazon Web Services and the Amazon Cloudfront CDN in the interest of higher fail-safety of the website, increased protection against data loss and faster loading of the website. This represents a legitimate interest in accordance with Art. 6(1)(f) GDPR.

You can find information about the data protection measures and Privacy Notice of Amazon Web Services at: https://aws.amazon.com/privacy/.

This service may transfer the data collected to another country. Please note that this service can transfer data outside of the European Union and the European Economic Area and into a country that does not provide an adequate level of data protection. If your data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any means of judicial redress. However, we take the possible measures and those required by data protection law in accordance with Art. 44 et seq. in order to establish the adequate level of data protection in third countries.

Matomo Analytics

This website uses the open source web analytics service Matomo Analytics in the form of a server-side WordPress plugin in order to be able to analyze how our website is used and make regular improvements. The statistics we receive from this service allow us to improve our offering and make our website more interesting for you as a user. The legal basis for the use of Matomo is our legitimate interest in accordance with Art. 6(1)(f) GDPR.

Measurement and analysis by Matomo Analytics is based on the connection data that is already processed when the website is called up (IP address, referrer, etc.) In this respect, an evaluation takes place at the level of the server log files. The data is only processed by the data controller and is not provided to or even made accessible to a third party, including Matomo.

The data is stored for a maximum of seven days.

The controller saves the information collected in this way exclusively on their server in Germany.

This website uses Matomo with the "AnonymizeIP" extension. As a result, IP addresses are processed in truncated form, thereby preventing direct references to people. The IP address communicated by your browser via Matomo is not combined with other data collected by us.

In addition, the analytics tracking cookie is deactivated so no cookies can be stored on your device.

Furthermore, the visitor log, the visitor profile feature and the geolocation feature are deactivated.

You can object to data processing by Matomo Analytics at any time with effect for the future. To do this, simply select the corresponding settings in the consent banner. The Matomo program is an open-source project. You can find information about this third-party provider's data protection measures at https://matomo.org/privacy-policy/ .

YouTube

We use embedded content on our website, for example, in online offerings. These embedded videos can be hosted on the YouTube platform, for example. A classic type of content embedding is embedding a video from YouTube.

Content on YouTube is embedded using the technical process of framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on the third-party site, allowing the video stored on YouTube servers to be played on the website.

We use the framing codes generated by YouTube in the "no cookies mode". According to information from the YouTube platform, this means that no cookies are set. Against this background, the collection of data merely as a result of using the website with framed content is prohibited.

We require your consent (Art. 6 (1)(a) GDPR) in order to be able to play the YouTube content. The "Google Fonts" are also loaded to display the videos, which means that the consent you provide also extends to this service. For your convenience, we remember your consent for thirty days by means of a local storage object that we save in your browser. Once you have given consent, your consent can be revoked at any time here [please insert link to cookie banner here].

Social Media Links

Our website contains links to the social media platforms of Instagram, LinkedIn and Xing. You can recognize links to the websites of the social media platforms through the relevant company logo. When you follow these links, you are taken to the company profile/account of s.Oliver Bernd Freier GmbH & Co. KG on the relevant social media platform. When you click on a link to a social media platform, a connection to the servers of the social media platform is established. As a result, data showing that you visited our website is transferred to the server of the social media platform. Additional data is also transferred to the provider of the social media platform. This can include:

• The address of the website that hosts the link you clicked on

• The date and time of your visit to the website and the date and time you clicked on the link

• Information about the browser and operating system used

• IP address

If you are already logged in to the relevant social media platform when you click the link, the provider of the social media platform may be able to determine your user name and potentially even your real name based on the transferred data and may assign this information to your personal user account on the social media platform. You can prevent this from happening by logging out of your personal user account prior to clicking on the link.

The servers of the social media platforms are located in the USA and in other countries outside of the European Union. Therefore, the data can also be processed by the providers of the social media platform in countries outside of the European Union. Please note that companies in these countries are subject to data protection regulations that do not provide the same level of data protection as that which is provided in Member States of the European Union.

Please note that we do not have any influence on the scope, type, and purpose of data processing by the provider of the social media platform. You can find more information about how your data is used by the social media platforms embedded in our website by reading the privacy notice of the relevant social media platform.

Contact Form/Contact via Email (Art. 6(1)(a) and (b) GDPR)

Our website features a contact form that can be used for electronic contact. If you write to us via the contact form, we process the contact data you provide to contact you and answer your questions and requests.

The principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. This includes your email address, your name and the message field itself. Your IP address is also processed for technical reasons and for legal protection. All other data is optional (e.g. to allow us to answer your questions more specifically) and is provided on a voluntary basis.

We take appropriate security measures to protect the security and confidentiality of your data in the best way possible.

If you contact us by email, we will process the personal data provided in the email solely for the purpose of processing your request. If you do not use the contact form provided to contact us, then there will be no data collection beyond this.

Purpose of Advertising – Existing Customers (Art. 6 (1)(f) GDPR)

s.Oliver Bernd Freier GmbH & Co. KG is interested in maintaining a customer relationship with you and providing you with information about and offers on our products/services. Therefore, we process your data to send you relevant information and offers via email.

If you do not want this, you can object to the use of your personal data for the purpose of direct marketing at any time. This includes any profiling of data that is related to direct marketing. If you file an objection to direct marketing, then we will no longer process your data for this purpose.
The objection can be submitted for free and does not require the user to state reasons or use a particular format. However, if possible, the objection should be communicated by calling 09302-309-0, by sending an email to datenschutz@de.soliver.com or by sending a letter in the mail tos.Oliver-Straße 1, 97228 Rottendorf, Germany.

Online Offerings for Children

Persons under 16 years of age may not transmit any personal data to us or submit a declaration of consent without the consent of a parent or guardian (usually a parent). We encourage parents and guardians to actively participate in their children's online activities and interests.

Links to Other Providers

Our website also contains clearly visible links to other companies' websites. We have no influence on the contents of any such links to other providers, and therefore cannot provide any guarantee or accept any liability for these contents. The corresponding provider or operator of the sites is always responsible for the contents of these sites.

When the link is set up, the linked pages are checked for possible legal infringements and recognizable legal violations. No unlawful content was recognizable at the time of creation of the links. However, we cannot reasonably be expected to permanently monitor the content of linked pages in the absence of any specific indications of an infringement. Such links are removed immediately upon discovery of infringements.

Transfer of Data to Third Parties

We will only pass on your data to third parties within the scope of the legal provisions or if you have given us consent to do so. Other than this, your data will not be passed on to third parties unless we are obligated to do so in accordance with mandatory legal provisions (e.g. being required to pass on your data to external parties, such as supervisory authorities or law enforcement agencies).

Recipients of Data / Categories of Recipients

Within our company, we ensure that your data is only received by persons who require this data to fulfill contractual and legal obligations (e.g. to handle questions about your order). This means that personal data can only be accessed by authorized persons who are involved in technical, commercial, editorial or customer management support.

Affiliated companies of s.Oliver Bernd Freier GmbH & Co. KG: Texlog AG, Texlog Sourcing GmbH, s.Oliver Sales GmbH & Co. KG, Freier Group Logistics GmbH & Co. KG, Freier Logistics Verwaltungs GmbH, Copenhagen Studios GmbH, Freier Group Austria GmbH, Freier Group Switzerland AG, s.Oliver Belgie NV, s.Oliver Benelux B.V., Freier Group Italy Srl, s.Oliver CZ, s.r.o., s.Oliver Slovakia s.r.o., s.Oliver S L O d.o.o., s.Oliver HR d.o.o., s.Oliver d.o.o. Beograd - Novi Beograd, s.Oliver Fashion Hungary Kft, s.Oliver Finland Oy, Freier Group France SAS, COPENHAGEN STUDIOS CPHS; UNIPESSOAL LDA, COPENHAGEN STUDIOS GmbH; Roermond, s.Oliver Eastern Europe LLC, s.Oliver Turkey Tekstil Tic.Ltd., s.Oliver Asia Ltd., Yau Kam Asia Ltd., PT S.O.T. Indo Sourcing, s.Oliver Overseas Ltd., Hangzhou s.Oliver Sourcing Company Limited (WOFE)

In certain cases, service providers help our departments to complete their duties. A data protection agreement has been agreed with all service providers. (e.g. dispatch service providers, pay services, credit check services, IT service providers)

• State authorities and institutions (such as the tax office)

• Service providers in the context of order processing

• Dispatch service providers, suppliers

Transfer to Third Countries / Purpose of Transfer to Third Countries

Data is only transferred to third countries (outside the European Union or the European Economic Area), if this is necessary to execute a contractual obligation, is required by law or if you have given us your consent, e.g. when you request contact from the procurement departments of our company as a potential business partner.

We pass your personal data on to a service provider or to group companies outside of the European Economic Area, namely in the USA.

Compliance with the required level of data protection is ensured through EU standard contractual clauses, for example.

Obligation to Provide Data

A wide range of personal data is necessary for the establishment, execution or termination of the contractual relationship, and to meet the associated contractual or legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarized the details in the aforementioned point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your inquiry or carry out the underlying contractual relationship without providing this data.

Automated Individual Case Decisions

We do not make decisions based purely on automated processing.

Your Rights As a Data Subject

At this point, we would like to inform you about your rights as a data subject. This rights are standardized in Articles 15 to 22 of the GDPR. They include:

• The right of access by the data subject (Art. 15 GDPR)

• The right to erasure or 'right to be forgotten' (Art. 17 GDPR)

• The right to rectification (Art. 16 GDPR)

• The right to data portability (Art. 20 GDPR)

• The right to restriction of processing (Art. 18 GDPR)

• The right to object to data processing (Art. 21 GDPR).

In order to exercise these rights, please contact: datenschutz@de.soliver.com. The same applies if you have questions regarding data processing in our company or if you wish to revoke consent that you previously gave. You also have the right to lodge a complaint with a supervisory authority.

Right to Object

With regard to the right to object, please note the following:

If we use your personal data for the purpose of direct marketing, you have the right to object to this form of data processing at any time without stating reasons for this. This includes any profiling of data that is related to direct marketing.

If you object to the processing of your personal data for the purpose of direct marketing, we will no longer process your personal data for this purpose. The objection can be submitted for free and does not need to be in a particular format. If possible, send the objection to: datenschutz@de.soliver.com.

If it is necessary for us to process your data to safeguard legitimate interests, you can object to this processing at any time due to reasons arising from your particular situation. This includes any data profiling that is based on these provisions.

We will then no longer process your personal data unless we can prove that we have compelling, legitimate reasons for the processing of your personal data that outweigh your interests, rights and freedoms or unless the data is processed for the purpose of establishing, exercising or defending legal claims.

Cookie banner:

We use cookies and similar technology on our website and process personal data from you (such as your IP address) to show media from third-party providers or to analyze visits to our website, for example. Specifically, we have embedded YouTube videos from the provider Google Ireland Limited on our website. We require your consent in order to be able to play these videos. You can find more information in our Privacy Notice.