Privacy Policy UVEX ARBEITSSCHUTZ GmbH
Welcome to our website and thank you for your interest in our company. We – that’s UVEX WINTER HOLDING GmbH & Co. KG and its subsidiaries (hereinafter referred to collectively as the ‘uvex group’) – take the protection of your personal data seriously. We process your data in accordance with the applicable laws regarding the protection of personal data, especially the EU Data Protection Regulation (EU GDPR) and the country-specific implementation laws relevant to us. This privacy policy provides you with comprehensive information on the processing of your personal data by the uvex group and your rights.
Personal data means information that can be used to identify a natural person. This especially includes your name, date of birth, address, telephone number, email address and IP address.
Anonymous data are data that do not allow any relationships to the user’s identity to be established.
1. Responsible party
UVEX WINTER HOLDING GmbH & Co. KG
Würzburger Straße 181
90766 Fürth
Germany
Phone: + 49(0)911-9736-0
Email: datenschutz@uvex.de
Website: www.uvex.de
2. Data protection contact
The contact data of the data protection officer for all companies in the uvex group with headquarters in Germany are as follows:
UVEX WINTER HOLDING GmbH & Co. KG
Würzburger Straße 181
90766 Fürth
Germany
Phone: + 49(0)911-9736-0
Email: datenschutz@uvex.de
Website: www.uvex.de
3. Your rights as the data subject
We would first like to inform you of your rights as the data subject. These rights are standardised in Articles 15–22 of the EU GDPR. They cover the following:
- right to access (Article 15 of the EU GDPR)
- right to erasure (Article 17 of the EU GDPR)
- right to rectification (Article 16 of the EU GDPR)
- right to data portability (Article 20 of the EU GDPR)
- right to restriction of data processing (Article 18 of the EU GDPR)
- right to object to data processing (Article 21 of the EU GDPR).
To assert these rights, please contact datenschutz@uvex.de.
The same applies if you have any questions about data processing in our company or if you want to withdraw your consent. You also have the right to lodge a complaint with a data protection supervisory authority.
4. Right to object
In connection with the right to object, please note the following:
When we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without stating any reasons. This also applies to profiling if it is connected to direct advertising.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes. You can object free of charge in a formless message, preferably sent to datenschutz@uvex.de.
For the case that we process your data for safeguarding legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling protection-worthy grounds for processing that override your interests, rights and freedoms or the processing serves towards establishing, exercising or defending of legal claims.
5. Purposes of and legal basis for data processing
In the processing of your personal data, the provisions of the EU GDPR and all other applicable data protection provisions are complied with.
The legal basis for data processing is especially yielded from Article 6 of the EU GDPR.
We use your data for generating business leads, for fulfilling contractual and legal obligations, for performance of the contract, for offering products and services and for strengthening customer relationships, which can also include analysis for marketing purposes and direct advertising.
Your consent to data processing can also constitute a permissibility requirement under data protection law. Before you grant consent, we will inform you of the purpose of the data processing and your right to withdraw your consent.
If the consent also relates to processing of special categories of personal data, we will explicitly point this out to you in the consent statement. Processing of special categories of personal data in accordance with Article 9 of the EU GDPR will only occur if it is required by law and there is no reason to believe that your protection-worthy interest in exclusion of processing overrides it.
In certain cases we also base the processing of your data on a legitimate interest in accordance with Article 6(1)(f) of the EU GDPR. Here data processing only takes place if it serves to safeguard our own legitimate interests or the legitimate interests of third parties and a balancing of interests has not resulted in your interests, fundamental rights and fundamental freedoms overriding it.
6. Transfer to third parties
We will only pass on your data to third parties within the scope of the legal provisions or with the corresponding consent. Otherwise, we will not pass on your data to third parties unless we are under a legal obligation to do so (e.g. disclosure to external bodies such as supervisory authorities or law enforcement authorities).
7. Data recipients / Categories of data recipients
Within our company we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations. This concerns the following companies within the UVEX Group:
- UVEX WINTER HOLDING GmbH & Co. KG
- UVEX SPORTS GmbH & Co. KG
- UVEX ARBEITSSCHUTZ GmbH
- FILTRAL GmbH & Co. Vertriebs KG
- HIPLOCK GmbH
- ALPINA SPORTS GmbH
The transfer of data may be necessary, for example, if you apply for a job advertised by an affiliated company via our central recruitment portal. Data is passed on to UVEX WINTER HOLDING GmbH & Co. KG for the purpose of analysing our internal processes and providing technical support. In addition, marketing analysis data is passed on to the above-mentioned companies. It is possible that personal data will also be sent in the process.
In certain cases, other service providers support our departments in carrying out their work. The necessary data protection agreements have been concluded with all service providers.
8. Transfer to third countries / Intent to transfer to third countries
Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for performance of the contractual obligations or is required by law, or if you have given us your consent.
We transfer your personal data to service providers and group companies outside the European Economic Area, including to the US. You can find a list of the tools / service providers together with the processing location under point 16 "Tools used".
The contracts required in accordance with data protection laws have been concluded with all service providers.
9. Data retention duration
We store your data as long as they are required for the respective processing purpose. Please note that numerous retention requirements result in or necessitate further storage of data. This especially applies to retention obligations according to commercial or tax law (e.g. commercial code, tax code etc.). As long as no further retention obligations exist, the data are routinely deleted after the purpose has been fulfilled.
We may also store data if you have granted permission to us to do so or if legal disputes arise and we use evidence within the statutory limitation period, which can be up to 30 years; the normal limitation period is three years.
10. Secure transmission of your data
We take the appropriate technical and organisational security measures for optimally protecting the data saved by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed and adapted to new security standards in collaboration with security experts.
Data exchange from and to our website is performed using encryption. For our website we offer the HTTPS transfer protocol using the respectively latest encryption protocols.
It is also possible to use alternative communication channels (e.g. conventional postal services).
11. Obligation to supply data
Various personal data are necessary for the establishment, performance and ending of the contract and the fulfilment of the associated contractual and legal obligations. This also applies to the use of our website and the various features it makes available.
In certain cases data must be collected or made available pursuant to legal provisions. Please note that it is not possible to process your request or achieve performance of the underlying contract if these data are not supplied.
12. Categories, sources and origin of data
The respective context determines which data we process: This depends on, e.g., whether you are completing an order online or entering a query in our contact form, submitting a job application to us or filing a complaint.
Please note that we may also supply information separately at suitable places for special processing situations, e.g. uploading of application documents or submission of a query via the contact form.
12.1 When you visit our website, we collect and process the following data:
- Name of the internet service provider
- Information on the web page from which you visited us ("referrer")
- Web browser and operating system used
- The IP address assigned by your internet service provider
- Requested files, volume of data transmitted, downloads/file export
- Information about the web pages that you access on our site, including date and time
This data processing is technically necessary so that the contents of our website can be delivered to your device. Accordingly, it is also necessary for your IP address to be collected and stored for the duration of the session. The same applies to other data, the processing of which is necessary for correct display of our website. The storage of data in log files also serves to further optimise the website, to ensure its functionality, to guarantee the security of our applications and for legal protection (e.g. detection of and defence against attacks on our website).
The legal basis for such data processing and temporary data storage is our legitimate interest as a website operator (Art. 6 (1) (f) EU GDPR).
The storage period for data is limited and the data is deleted as soon as it is no longer needed for processing purposes. In the case of data collection for correct display of our website, this occurs after the session has ended. When data is stored in log files, it is deleted or anonymised after 31 days.
12.2 When we are contacted with an enquiry, we collect and process the following data:
On our website there is a contact form that can be used for electronic contact purposes. If you write us via the contact form, we will process the data given by you in the contact form in order to contact you and respond to your questions and requests.
Via the contact form we collect the following data:
- Nature of the enquiry
- Last name, first name
- Company and possibly number of employees
- Title
- Email address
- Telephone number
- Content of the enquiry
In doing so, the principle of data economy and data reduction is observed: you only have to provide the data that we definitely need from you for the purpose of contacting you (mandatory information). This is your name, your email address and your request itself. This mandatory information is marked with an asterisk (*).
In addition, your IP address is processed due to technical requirements and for legal protection. All other data is voluntary and may be provided optionally (e.g. to answer your questions more specifically).
We implement appropriate security measures to protect the security and confidentiality of your data in the best possible way. Your request will be transferred to us in encrypted form.
If you contact us by email, we will process the personal data provided in the email solely for the purpose of processing your enquiry. If you do not use the forms offered for contacting us, no further data will be collected.
12.3 Within the scope of the registration process, we process the following data:
On our website we offer users the possibility of registering and in the process giving personal data.
We thereby collect the following data:
- title
- last name, first name
- date of birth
- shipping address
- billing address
- customer number
- VAT ID
- number of industrial employees
- contact partner details
- email address.
The registration is thus necessary or possible either for fulfilment of a contract (via our online shop) with you or for carrying out pre-contractual measures if guest access is also provided.
The principle of data minimisation and data avoidance is followed here because only the data needed for the registration are marked as required fields with an asterisk (*). These are, e.g., the email address and the password including password repetition.
For ordering in our online shop, we additionally require details of the billing address (title, first name, last name and address) for delivery. If the shipping address differs from the billing address, the above details must also be given for the shipping address.
Through registration on our website, the IP address of the user, the date and the time of registration (technical background data) are additionally stored. By clicking the button ‘Register now’, you give consent to the processing of your data.
Please note: The password assigned by you is stored by us in encrypted form. Employees of our company cannot read this password. For that reason they cannot give you any information if you have forgotten your password.
In this case use the function ‘Forgot password’, with which an automatically generated new password is sent to you by email. No employee is authorised to request your password by phone or in writing. Please therefore never state your password if you receive such requests.
With the completion of the registration process, your data are stored with us for use of the protected customer area. As soon as you log in to our website with email address as username and password, these data are made available for actions carried out by you on our website (e.g. for orders in our online shop). Orders made can be traced in the order history. You can specify changes to the billing or shipping address here.
Registered persons are free to carry out changes/corrections to the billing or shipping address in the order history themselves. Our customer service will also be happy to make changes/corrections if you contact them. You can also of course have the registration or your customer account terminated or deleted. Please contact our customer service for this.
12.4 For newsletters we collect and process the following data:
You can subscribe to a free newsletter on our website.
Within the scope of the newsletter registration, the following data are collected:
- last name, first name
- ‘Registration as private person, business customer, dealer’ selection
- email address IP address assigned by your internet service provider
- analysis data of the embedded tracking pixel (time of opening of the newsletter, accessed links).
The email address given in the newsletter registration and your name are used for sending of the personalised newsletter.
The principle of data minimisation and data avoidance is followed here because only the email address is marked as a required field. Your IP address will also be processed for technical reasons and for legal protection purposes when you order the newsletter.
For sending newsletters by email, we use the so-called double opt-in process. This means that you only receive advertising via email if you have expressly confirmed beforehand that we should activate the newsletter service. We do this by sending you a notification email and asking you to confirm that you would like to receive our newsletter at this email address by clicking on a link contained in this email.
You can of course end the subscription and thus withdraw your consent at any time via the unsubscribe option provided in the newsletter. Moreover, you can also directly unsubscribe from the newsletter dispatch at any time via our website.
A so-called tracking pixel is also embedded in our newsletter. This is a small graphic that is integrated directly into the newsletter. With the help of the tracking pixel, we can statistically record the reach and the success of a newsletter. For this evaluation to be carried out, the following data are collected through the tracking pixel:
- time of opening of the newsletter
- links accessed in the newsletter.
The purpose of using the tracking pixel is to optimise the newsletter dispatch and adapt the content of the newsletter as well as possible to the interests of the users.
If you agree to receive the newsletter, your consent also applies to the use of the tracking pixel. If you end the newsletter dispatch via the unsubscribe link or our website, your data collected by the tracking pixel are also deleted.
12.5 In the online blog we collect and process the following data:
On our website we offer registered users the possibility of leaving comments on our blog entries as well as responding to already existing comments. The following data are thereby collected:
- user’s comment
- time of comment
- selected username or name
- email address
- IP address assigned by your internet service provider.
In this connection we would like to point out that comments in our blog are displayed in each case with the username (alias) selected by the user as well as the time of the entry.
The storage of the IP address thereby serves the purpose of legal protection of the uvex group in the event that a comment infringes upon the rights of third parties or illegal content is posted.
We will not pass on personal data collected within the framework of the blog to third parties unless this is necessary due to legal requirements or for asserting or defending legal claims by the uvex group.
12.6 We collect and process the following data from users of the uvex size advisor app:
We provide the uvex size advisor app, which measures your feet and recommends suitable shoes, via the Apple App Store and the Google Play Store.
The app suggests shoes in an appropriate model, size and width using anonymised measurement data only.
The app includes the product portfolio that was available at the time of installation. This can be updated by updating the app.
We collect and process the following data from users of our app:
- Location
- Foot length and width measurements
- Date and time of the foot size measurement
We need to collect this data to ensure the basic function of the app. This data is not linked with other data or with the products you have viewed. An individual ID is generated for each measurement – it is not possible for us to link this with an app user.
When the app is downloaded, the information required to do this is sent to the app store operator. We have no influence over and assume no responsibility for the collection of this data. We process the data that the app store operator makes available to us as part of our contractual relationship for the purposes of further developing our apps and services.
To ensure that the app works on your device, the app must be authorised to access various device functions. We have outlined the primary functions of this authorisation – the actual terms used to describe the authorisation may vary depending on the operating system:
- Location:
We require your location in order to load the country-specific catalogue and adapt the selection of measurement methods.
- Camera:
We require access to your camera so that we can measure your foot size.
- Network connection / mobile data:
Your foot and shoe sizes are calculated on the central uvex servers. An Internet connection is therefore required to enable this function.
13. Payment systems (Articles 6(1)(a) and 6(1)(b) of the EU GDPR), credit check (Article 6(1)(f) of the EU GDPR)
In our online shop you can pay by invoice, credit card, PayPal or direct debit (SEPA direct debit process). For this the respective payment-relevant data are collected so that your order and payment processing can be carried out. Moreover, your IP address is processed for technical reasons and for legal protection purposes.
The principle of data minimisation and data avoidance is followed in that you only have to provide the data that we absolutely need for carrying out the payment processing and thus winding up the contract or that we are legally obligated to collect.
Without these data we unfortunately will have to reject the conclusion of the contract with you because we will then not be able to execute it.
The payment system deployed by us uses SSL encryption for the protected transmission of your data.
Note on invoice payment: If you select the payment method ‘Invoice’ in our online shop, we perform a credit check. For this the creditworthiness-relevant data will be obtained from the Schutzgemeinschaft für allgemeine Kreditsicherung, credit bureaus or credit insurance companies for determination of creditworthiness or default risks.
Note on credit card payment: As is usual with credit card payments, the credit card information will be checked.
Note on PayPal: PayPal is a company of PayPal (Europe) S.à.r.l. et Cie, S.C.A. 22–24 Boulevard Royal, L-2449 Luxembourg. If the data subject selects ‘PayPal’ as the payment option during the ordering process in our online shop, data of the data subject will automatically be transferred to PayPal.
With the selection of this payment option, the data subject consents to the transfer of personal data required for payment processing. The personal data transferred to PayPal usually involve the first name, last name, address, email address, IP address, telephone number, mobile number or other data needed for payment processing.
Such personal data that are connected with the respective order are also necessary for the winding up of the purchase contract. Details on data protection at PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE (for the legal situation as of 25.05.2018).
Note on direct debit process: As is usual with direct debits, your account data will be collected so that the corresponding amount can be debited from your account.
14. Automated individual decision making
We do not use purely automated processing processes to bring about a decision.
15. Technologies to evaluate your usage behaviour on our website (Art. 6 (1) (a) EU GDPR)
Our website uses technologies at several points to evaluate your usage behaviour and to optimise the website. Cookies, third-party providers and local storage are used for this purpose. Cookies are small text files which are placed on your computer and saved by your browser (locally on your hard drive).
We only use these technologies with your consent (Art. 6 (1) (a) EU GDPR). This enables us to analyse how visitors use our websites. For example, we can then design the website content based on visitors' needs. In addition, cookies allow us to measure the effectiveness of a particular ad and to place it accordingly, for example depending on the topics that a user is interested in.
If you have given your consent to this, you can revoke it at any time for the future by accessing the Consent banner again HERE and changing the relevant setting.
We use Google Tag Manager to manage the various cookies and tools integrated into this website.
On our website, we use the tools and services described in section 14.1. The legal basis for use is your consent, which you provide using the consent banner that is displayed when you first visit our website. Details on the tools and services used can be found in the following sections.
You can, of course, revoke your consent at any time by either deleting the stored opt-in cookie manually in your Internet browser or using appropriate software and then reloading our website, or by clicking on the button "Change data protection settings".
16. Tools used
17. Links to other providers
Our website also contains – clearly recognizable – links to websites of other companies. If links to websites of other providers exist, we have no influence over the content. Hence, we also cannot accept any responsibility or liability for this content. The respective site providers or operators are always responsible for the content of these sites.
At the time of linking, the linked sites were examined for possible violations and identifiable breaches. No illegal content was found at the time of linking. However, without concrete grounds for suspecting a violation of the law, it is not possible to monitor the content of the linked sites on a permanent basis. If we become aware of violations, we will immediately remove the associated links.
18. Online offerings and children
Persons under the age of 16 may not transfer any personal data to us or submit a declaration of consent without the consent of their legal guardians. We would like to ask parents and legal guardians to participate actively in the online activities and interests of their children.
19. Links to social media
Our website has links to the social media services of Meta, Facebook, YouTube, X, Xing, Pinterest, TikTok and Instagram. You can recognise links to the websites of social media services by the company logo. These links will take you to the uvex group's corporate presence on the particular social media service. When you click on a link to a social media service, a connection to the servers operated by the social media service is established. Information that you have visited our website is transferred in this way to the social media service's servers. Additional data is also transferred to the provider of the social media service. This includes for example:
- Address of the website on which the activated link is located
- Date and time the website was accessed or the link was activated
- Information about the browser and operating system used
- IP address
If you are logged in to the relevant social media service at the time of activating the link, the provider of the social media service may be able to determine your username and possibly even your real name from the sent data, and associate this information with your personal user account with the social media service. You can ensure that this information is not associated with your personal user account if you log out of your user account beforehand.
The servers operated by the social media services are located in the US and other countries outside the European Union. For this reason, the data may also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection legislation that generally does not protect personal data to the same extent as in the Member States of the European Union.
Note also that we have no influence over the scope, nature and purpose of the data processing by the provider of the social media service. For more detailed information on the use of your data by the social media services linked to our website, please refer to the privacy policy of the social media service in question.
20. Privacy policy / Information on data protection in social media
The uvex group maintains a presence in the ‘social media’, in this case on Facebook, Instagram, YouTube, Xing, Pinterest and LinkedIn. If we have the control over the processing of your data, we ensure that the applicable data protection provisions are complied with.
In the following you will find the most important information on data protection law in relation to our presence.
20.1 Name and address of person responsible for operation
Parties responsible for the company presence within the meaning of the EU Data Protection Regulation (EU GDPR) as well as other data protection provisions are, apart from the uvex group, the following:
- Facebook:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Instagram:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- YouTube:
Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
- Xing:
New York SE, Dammtorstraße 30, 20354 Hamburg, Germany
- Pinterest:
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
- LinkedIn:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
However, you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. comment, share, react).
We would like to point out that your data may thereby be processed outside the area of the European Union. The contracts required in accordance with data protection laws have been concluded with all providers.
20.2 Purpose and legal basis
We maintain the fan pages ourselves to communicate with the visitors to these pages and inform them in this way of our offerings.
Moreover, we collect data for statistical purposes in order to improve and optimise the content and make our offering more attractive. The data required for this (e.g. total number of page views, page activities and data provided by the visitors, interactions) are processed on the part of the social networks and made available to us. We have no influence over the generation and representation.
Moreover, your personal data are processed for market research and advertising purposes by the providers of the social media, but also by the uvex group. It is therefore possible that, e.g., usage profiles are created based on your usage behaviour and the interests yielded from it. Through this, among other things, ads matching your interests can be placed inside and outside the platforms. Cookies are usually saved on your computer for this. Independently of that, data that are not directly collected on your devices may be saved in your usage profiles. The storage and analysis also takes place across devices; this applies in particular, but not solely, if you are registered as a member and logged in to the respective platforms.
Beyond that, we do not collect and process any personal data.
The processing of your personal data by the uvex group takes place based on our legitimate interest in effective provision of information and communication in accordance with Article 6(1)(f) of the EU GDPR.
If you are asked to consent to the data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for processing is Article 6(1)(a) and Article (7) of the EU GDPR.
20.3 Your rights / Objection possibility
If you are a member of a social network and do not want the network to collect data about you and link it with your saved member data on the respective network via our presence, you must
- log out of the respective network before visiting our fan page,
- delete the cookies that are on your device and
- quit and restart your browser.
After logging in again, however, you can again be recognised by the network as a specific user. For a detailed description of the respective processing and the objection possibilities (opt-out), we refer to the information linked below:
- Facebook:
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
- Instagram:
Privacy policy: https://help.instagram.com/519522125107875
Opt-out: https://thenai.org/opt-out and http://www.youronlinechoices.com
- YouTube:
Privacy policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com
- Xing:
Privacy policy: https://privacy.xing.com/en/privacy-policy
Opt-out: http://www.youronlinechoices.com
- Pinterest:
Privacy policy: https://policy.pinterest.com/de/privacy-policy
Opt-out: https://help.pinterest.com/en/article/personalization-and-data
- LinkedIn:
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com
Overall, you have the following rights regarding the processing of your personal data:
right to access, right to rectification, right to erasure, right to restriction of processing, right to object, right to data portability and right to lodge a complaint of illegal processing of your personal data with the responsible data protection authority.
However, because the uvex group does not have complete access to your personal data, you should contact the social media providers directly when making a claim because they each have access to the personal data of their users and can take appropriate measures and provide information.
Should you nevertheless require help, we will of course try to support you.
Please contact the data protection officer as given above. Notes on copyright and artistic works copyright law
If you would like to publish images, texts, diagrams, videos, music etc. on our presence, you should know that you possibly thereby assign all rights of use to the network, which ultimately could have legal consequences for you if you are not the creator or rights holder yourself.