Data security

Pri­vacy policy and notes on the use of cookies

Fielmann Ven­tures GmbH takes the pro­tec­tion of your per­son­al data very ser­i­ously and com­plies with the stat­utory pro­vi­sions in the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (“GDPR”) and in the cur­rent ver­sion of the Ger­man Fed­er­al Data Pro­tec­tion Act (“BDSG”) for the pro­cessing of per­son­al data. In the fol­low­ing and in accord­ance with the GDPR, we would like to inform you of when and for what pur­poses per­son­al data are pro­cessed on our websites.

1. What are per­son­al data?

Pur­su­ant to Art. 4 Para. 1 of the GDPR, ‘per­son­al data’ means any inform­a­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (‘data sub­ject’); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, dir­ectly or indir­ectly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fic­a­tion num­ber, loc­a­tion data, an online iden­ti­fi­er or to one or more factors spe­cif­ic to the phys­ic­al, physiolo­gic­al, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­tity of that nat­ur­al person.

2. Who is respons­ible for your data?

Respons­ib­il­ity for pro­cessing your per­son­al data on our web­sites lies with Fielmann Ven­tures GmbH, Weidestraße 118a, 22083 Ham­burg.

3. Your rights

You can assert the fol­low­ing rights con­cern­ing us with regard to the pro­cessing of your per­son­al data:

  • Right of access (Art. 15 GDPR),
  • Right to rec­ti­fic­a­tion (Art. 16 GDPR) and/or eras­ure includ­ing the ‘right to be for­got­ten’ (Art. 17 GDPR),
  • Right to restric­tion of pro­cessing (Art. 18 GDPR),
  • Right to object to the pro­cessing (Art. 21 Para. 1 GDPR) and the right to object to pro­cessing for dir­ect mar­ket­ing pur­poses (Art. 21 Para. 2 GDPR),
  • Right to data port­ab­il­ity (Art. 20 Para. 1 GDPR).

In addi­tion, you shall also be able to lodge a com­plaint to a super­vis­ory author­ity for data pro­tec­tion. To the extent that we base the pro­cessing of your per­son­al data on the bal­an­cing of interests, you shall be able to object to the pro­cessing (Art. 21 Para. 1 GDPR). This is the case if the pro­cessing is not neces­sary for the per­form­ance of a con­tract with you, which is out­lined by us in the fol­low­ing descrip­tion. When exer­cising such an objec­tion, we ask you to provide the reas­ons why we should not pro­cess your per­son­al data, as car­ried out by us. In the event of your reasoned objec­tion, we shall exam­ine the situ­ation and shall either end or adapt the data pro­cessing, or demon­strate our com­pel­ling legit­im­ate grounds for con­tinu­ing the pro­cessing. Irre­spect­ive of this, you may object at any time and without provid­ing reas­ons to the pro­cessing of your per­son­al data for mar­ket­ing and data ana­lys­is pur­poses (Art. 21 Para. 2 GDPR).

4. Pro­cessing per­son­al data when our web­sites are accessed

a) Doc­u­ment­ing the access
When using the inter­net ser­vices provided by Fielmann Ven­tures GmbH, cer­tain data are auto­mat­ic­ally stored on our serv­ers for sys­tem admin­is­tra­tion pur­poses and for stat­ist­ic­al or secur­ity pur­poses, par­tic­u­larly for pro­tec­tion against attacks on our IT infra­struc­ture. Provided the data are per­son­al data as defined in Art. 4 Para. 1 of the GDPR, they shall be pro­cessed on the basis of Art. 6 Para. 1 lit. f of the GDPR.

  • IP address
  • Accessed page/name of the accessed file
  • Date and time of the access
  • Trans­ferred amount of data
  • Report if the access was successful
  • The refer­ring site, if access was made via an extern­al link,
    and the search term, if access was made via an extern­al search engine
  • The browser soft­ware used for the access (lan­guage, ver­sion and configuration)
  • Details on your device’s oper­at­ing sys­tem and interface

The data are only used in anonym­ized form for eval­u­at­ing the gen­er­al user beha­viour. These stat­ist­ic­al eval­u­ations help us to improve our web­sites for you and adapt them to your needs. There is no oth­er usage, least of all a link to per­son­al data.
The afore-men­tioned doc­u­ment­a­tion data shall be stored on our serv­ers for a stand­ard 7 days and then erased, provided we are not leg­ally obliged to store the data for longer. In such cases, stor­ing data for longer peri­ods shall be based on Art. 6 Para. 1 lit. c of the GDPR.

b) Use of cook­ies on our websites

What are cookies?

Cook­ies are small files that are stored on your hard drive and save cer­tain set­tings and data for exchange with our sys­tems or our ser­vice pro­viders’ sys­tems via your web browser. A dis­tinc­tion is made between two dif­fer­ent types of cook­ies. There are so-called ses­sion ID cook­ies, which are erased as soon as you close your browser, and per­sist­ent cook­ies, which are stored on your hard drive for a long time.
You can remove stored cook­ies in your browser set­tings and deac­tiv­ate the future stor­age of cook­ies. We would like to point out that not all the fea­tures of the web­sites may be used if the cook­ies are deactivated.

Our web­sites use the fol­low­ing cookies:

Our own cookies:

  • Serv­er cookies
  • State-save cook­ies
  • Long-term cook­ies

Third-party cook­ies:

  • Google Ana­lyt­ics (Ana­lyt­ics)

c) Web analysis

In order to con­tinu­ously improve and optim­ise our ser­vice, we use the third-party web-track­ing and ana­lyt­ics ser­vices described below:

Google Ana­lyt­ics

This web­site uses Google Ana­lyt­ics, a web ana­lyt­ics ser­vice provided by Google LL.C., 1600 Amphi­theatre Park­way, Moun­tain View, CA 94043, USA (“Google”). The stat­ist­ics gained allow us to improve our ser­vice and make it more inter­est­ing for you as a user. This web­site also uses Google Ana­lyt­ics for a cross-device ana­lys­is of vis­it­or flow which is executed via a user ID. If you have a Google user account, you can deac­tiv­ate the cross-device ana­lys­is of your use under the set­tings “My Data”, “Per­son­al Data”.
The leg­al basis for using Google Ana­lyt­ics is provided by Art. 6 Para. 1 lit. f of the GDPR. The IP address trans­ferred from your browser through Google Ana­lyt­ics will not be asso­ci­ated with any oth­er data held by Google. We would also like to point out that Google Ana­lyt­ics has been sup­ple­men­ted on this web­site by the code “_anonymizeIp();”, to ensure an anonym­ized col­lec­tion of IP addresses. As a res­ult, IP addresses will be pro­cessed in an abbre­vi­ated form so that a per­son­al rela­tion­ship can be excluded. If the data col­lec­ted about you cre­ate a per­son­al rela­tion­ship, the rela­tion­ship will be excluded imme­di­ately and the per­son­al data will be erased at once.

Only in excep­tion­al cases, the full IP address is sent to and shortened by Google serv­ers in the USA. On behalf of the web­site pro­vider, Google will use this inform­a­tion for the pur­pose of eval­u­at­ing your use of the web­site, com­pil­ing reports on web­site activ­ity for web­site oper­at­ors and provid­ing oth­er ser­vices relat­ing to web­site activ­ity and inter­net usage to the web­site pro­vider. For the excep­tion­al cases in which per­son­al data are trans­ferred to the USA, Google has sub­mit­ted to the EU-US Pri­vacy Shield,
Google Ana­lyt­ics uses cook­ies. The inform­a­tion gen­er­ated by the cook­ie about your use of the web­site will nor­mally be trans­mit­ted to and stored by Google on serv­ers in the United States. You may refuse the use of cook­ies by select­ing the appro­pri­ate set­tings on your browser. How­ever, please note that if you do this, you may not be able to use the full func­tion­al­ity of this web­site. You can also pre­vent the col­lec­tion of data gen­er­ated by the cook­ie about your use of the web­site (includ­ing your IP address) to Google and the pro­cessing of this data by Google, by down­load­ing and installing the browser plu­gin avail­able under the fol­low­ing link:

You can also pre­vent the use of Google Ana­lyt­ics by click­ing on this link: Deac­tiv­ate Google Ana­lyt­ics. By doing so, a so-called opt-out cook­ie will be stored on your hard drive to pre­vent Google Ana­lyt­ics from pro­cessing per­son­al data. Please note that when delet­ing all cook­ies on your com­puter, this opt-out cook­ie will also be deleted, so you have to reset the opt-out cook­ie if you wish to con­tin­ue to pre­vent this form of data col­lec­tion. The opt-out cook­ies are set per browser and com­puter, and there­fore have to be sep­ar­ately activ­ated for every browser, com­puter or oth­er device.

d) Integ­ra­tion of oth­er third-party ser­vices and content

Con­tent is integ­rated into some of the pages of this online ser­vice. The use of third-party online ser­vices always implies that the pro­viders of this con­tent get access to the users’ IP address, because without the IP address the con­tent could not be sent to the users’ browsers. The IP address is there­fore required to be able to dis­play this con­tent. We strive only to use con­tent from pro­viders that use the IP address solely for the pur­pose of trans­fer­ring their con­tent. How­ever, we have no con­trol over third parties stor­ing users’ IP addresses for stat­ist­ic­al pur­poses, for example. We will imme­di­ately inform users if we become aware of such behaviour.

Google Maps

This web­site uses the ser­vice provided by Google Maps. This enables us to show you inter­act­ive maps dir­ectly in the web­site and offers you a con­veni­ent use of the maps fea­ture. By vis­it­ing the web­site, Google receives the inform­a­tion that you have accessed the cor­res­pond­ing sub-site on our web­site. In addi­tion, the data men­tioned in sec­tion 3 of this policy will be trans­ferred. This is done regard­less of wheth­er Google provides a user account that you have logged into or if no user account exists. If you are logged into Google, your data will be dir­ectly assigned to your account. If you do not wish your data to be assigned to your Google pro­file, you have to log out before the but­ton is activ­ated. Google stores your data as usage pro­files and uses them for the pur­poses of advert­ising, mar­ket research and/or needs-based web­site design. Such eval­u­ation is mainly done (even for users not logged in) to place appro­pri­ate advert­ising and to inform oth­er users of the social net­work about your activ­it­ies on our website.

You are entitled to the right to object to the gen­er­a­tion of these user pro­files, although you must address Google to exer­cise this right. Fur­ther inform­a­tion on the pur­pose and scope of data col­lec­tion and pro­cessing by Google, as well as on your rights in this respect and set­tings options for pro­tect­ing your pri­vacy is avail­able at:


Some pages of this online ser­vice integ­rate videos from the plat­form Vimeo, oper­ated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. The company’s pri­vacy policy is avail­able here:

5. Pro­cessing per­son­al data when mak­ing con­tact via the websites

Per­son­al data are always pro­cessed on our web­sites if you enter per­son­al details on one of the provided con­tact forms. This data and the con­tent in your con­tact form are for­war­ded to the respect­ive con­tact per­sons who use your data exclus­ively to pro­cess your request with­in the giv­en pur­pose (for example, to our cus­tom­er ser­vice for quer­ies regard­ing our products).
In this case, your per­son­al data are pro­cessed in con­nec­tion with the per­form­ance of a con­tract con­cluded with you or in order to take steps upon request pri­or to enter­ing into a con­tract (Art. 6 Para. 1 lit. b of the GDPR). There is no pro­cessing of per­son­al data that goes bey­ond this. Provided noth­ing dif­fer­ent is stip­u­lated below, your data will be stored until the respect­ive pur­pose of pro­cessing them has been achieved.

6. Will your data be trans­ferred to third parties?

As a rule, per­son­al data are not trans­ferred to third parties. In excep­tion­al cases, the trans­fer of per­son­al data to third parties is con­sidered if this is neces­sary for the pur­pose of answer­ing your enquiry.
Per­son­al data may also be for­war­ded based on the GDPR, the cur­rent ver­sion of the Ger­man Fed­er­al Data Pro­tec­tion Act (BDSG) and, where applic­able, oth­er rel­ev­ant stat­utory reg­u­la­tions, provided we are leg­ally obliged to do so (Art. 6 Para. 1 lit. c of the GDPR).

7. How are your data secured?

We take tech­nic­al and organ­isa­tion­al meas­ures to pro­tect your data from unau­thor­ised access or loss. Our secur­ity meas­ures are con­tinu­ously improved in line with tech­no­lo­gic­al developments.

8. Do you have any fur­ther questions?

If you have any fur­ther ques­tions on the col­lec­tion, pro­cessing and use of your per­son­al data, please con­tact or write to us at the address giv­en in sec­tion 2.