New In
Outlet
Leggings Guide
All Products
Bras & Sport Tops
Leggings & Shorts
Hoodies, Shirts & Jackets
Sweatpants
Accessories
Gift Cards
New In
Outlet
All Products
Hoodies, Shirts & Jackets
Sweatpants
Accessories
Privacy Policy | OACE Athletic Club App
Privacy policy for the OACE Athletic Club app
We take the protection of your personal data very seriously and treat it confidentially and in accordance with data protection regulations (GDPR, TTDSG and BDSG new). This privacy policy applies to our mobile iPhone and Android apps (hereinafter referred to as "APP"). It describes the type, purpose and scope of data collection during the use of the APP.
Responsible for data processing:
Oace Exclusive GmbH
Köhlstraße 10b
50827 Cologne
Email: support@oace.de
The external company data protection officer is
Mr. Nico Becker
Project 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Email: anfragen@projekt29.de
Tel.: 0941-2986930
Table of contents
3. Information on the processing of your data
3.1. Information collected during download
3.2. Information that is collected automatically
3.4. Creating a user account (registration) and logging in
6. Receiving messages (push notification)
9. Disclosure and transfer of data
9.1. Abuse or violation of laws
12. Your rights as a data subject
12.2. Right to rectification of inaccurate data
12.4. Right to restriction of processing
12.5. Right to data portability
15. Changes to this Privacy Policy
1. General
When you use the app, we process your personal data. Personal data is any information relating to an identified or identifiable natural person. Because protecting your privacy when you use the app is important to us, we would like to inform you below about what personal data we process when you use the app and how we handle this data. We will also inform you about the legal basis for processing your data and, where processing is necessary to protect our legitimate interests, about those interests as well.
2. Encryption
This app uses encryption for security reasons and to protect the transmission of confidential information, such as requests you send to us as the app operator, or communication between app users. This encryption prevents unauthorized third parties from reading the data you transmit.
3. Information on the processing of your data
Certain information is processed automatically as soon as you use the app. We have listed below exactly which personal data is processed:
3.1. Information collected during download
When you download the app, certain necessary information is transmitted to your chosen app store (e.g., Google Play or Apple App Store). This may include your username, email address, customer number, the time of download, payment information, and your device's unique identifier. This data is processed exclusively by the respective app store and is outside our control.
3.2. Information that is collected automatically
As part of your use of the app, we automatically collect certain data that is necessary for using the app. This includes:
• Internal device ID
• Version of your operating system
• Time of access
This data is processed automatically for the following reasons:
• Provisioning the app environment
• App improvements
• Prevention of malfunctions
This data processing is justified because the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the app, and we also have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a market- and interest-oriented service, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR prevail in this respect.
3.3. App access rights
In order to offer our services via the app, we require the following access permissions. These permissions grant us access to certain functions of your device:
· Photos
Videos
Camera
· Location
Access to device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, and – insofar as a contract has been concluded – the performance of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
3.4. Creating a user account (registration) and logging in
You always have the option to use the app as a guest, meaning you can use it without providing any personal data. However, some functions will be limited in this case: for example, participation in voting, Outfit of the Week, competitions, etc.
When you create a user account or log in, we use your login credentials (email address and password) to grant you access to and manage your user account. Required fields are marked with an asterisk during registration and are necessary for concluding the user agreement. If you do not provide this information, you cannot create a user account. Your login credentials are the same as for the Oace shop. For registration, we process the following data:
· Gender
· First name Last Name
· E-mail address
For the ordering process, we process the following information:
· Address
Payment information
You can also optionally provide some additional information:
Desired size
· Birth date
• Pictures of your outfits
The processing of this personal data is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, your consent pursuant to GDPR, your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG and - insofar as a contract has been concluded - for the performance of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
4. Loyalty Program
As part of the loyalty program, members collect points through various activities. Depending on their point balance, members receive special benefits. By downloading the app and logging into your user account, you automatically participate in the program and can start collecting points in the future. The legal basis for this is Article 6 Paragraph 1 Letter b GDPR. You can find all the information about the different levels of our loyalty program and what earns points in the terms and conditions.
5. Upload outfit
You can upload photos of your current outfits to the app. These photos will then be published for all app users. This not only earns you points for your account, but also gives you the chance to win weekly and monthly prizes. These photos will only be published after manual selection; no photos will be shared before then. Further information can be found in the Terms and Conditions.
The legal basis for this data processing is your consent pursuant to GDPR, your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG and - to fulfill our contractual obligations for the competition (Art. 6 para. 1 lit. b GDPR).
6. Receiving messages (push notification):
You have the option to activate "Push Notifications" in the app (push technology or server push describes a type of communication where data is transmitted even though the receiving app is running in the background). With "Push Notifications," you can be informed, for example, when there are new updates in a news channel that contains information relevant to you. You can configure this feature in the app's settings and enable/disable notifications separately.
To enable "push notifications", we store the following information along with your identification data: activation or deactivation of "push notifications" per service, activation or deactivation of "push notifications" in general, and push tokens from your mobile device (only if at least one "push notification" is activated).
The data is stored only and is visible to the currently logged-in app user. This personal data is stored for the purpose of "push notifications" to keep app users informed. No further analysis of the collected personal data will be performed beyond the purposes described.
The basis for data processing is your consent within the framework of the voluntary use of this service pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
7. Voting system
Our app uses a voting system from the provider lyket.dev (Italy) to store and process ratings. This involves storing the IP address and the date and time of each vote. This data is not shared with third parties and is automatically deleted after a few days. No personal data is processed. Furthermore, this information is only stored after you click. The legal basis for this processing is therefore your consent pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time.
8. Services and Data Analysis
We have integrated external services to provide the app and some of its functions. We have concluded corresponding data processing agreements with these service providers in accordance with Article 28 of the GDPR.
When you access our app, your behavior may be statistically evaluated using certain analytics tools and analyzed for advertising, market research, or to improve our services. We ensure compliance with legal data protection regulations when using such tools. When using external service providers (data processors), we ensure through appropriate contracts with these providers that data processing complies with German and European data protection standards.
8.1. DatoCMS
(1) This app displays content managed in DatoCMS, a so-called headless content management system. This content is located on servers of the provider of DatoCMS, therefore, accesses to these servers and the associated data transfers are carried out in accordance with Section 3 Paragraph 1 of this privacy policy.
(2) The use of DatoCMS is necessary for technical reasons in order to display the content you have requested. The legal basis for this use is our legitimate interest pursuant to Article 6(1)(f) GDPR.
(3) The provider of DatoCMS is Dato Srl, Via Francesco Botticini 3, 50143 Florence, Italy. Information on Dato Srl's privacy policy can be found at https://www.datocms.com/legal/privacy-policy
8.2. Heroku
We use the European data center of Heroku, Inc., a service of Salesforce, located at Salesforce Tower, 415 Mission St., San Francisco, CA 94105, USA, to operate our API. The legal basis for using Heroku is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR. Our legitimate interest lies in the technically flawless and optimized provision of our services. You can find further information on Heroku's data processing and storage practices here: https://www.heroku.com/policy/security.
8.3. Shopify
We host our shop with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).
Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data.
Data related to the purchase (e.g., phone number, total sales, etc.). Shopify stores cookies in your browser for analysis purposes.
For details, please refer to Shopify's privacy policy:
https://www.shopify.de/legal/datenschutz
The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.
8.4. Algolia
Our app uses Algolia Instantsearch, a search engine service provided by Algolia Inc. ("Algolia"), to search and index content. By using Algolia Instantsearch, your IP address and search query are transmitted to an Algolia server and stored there for statistical purposes for 90 days. Please refer to Algolia's Terms of Service and Privacy Policy .
Algolia does not transfer the collected data to third parties, but processes it exclusively internally for statistical evaluations and the monitoring of its services.
The use of Algolia Instantsearch serves the purpose of making the information contained on our website and app easier to find and thus ensuring user-friendliness. This also constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
9. Disclosure and transfer of data
Your personal data will only be shared without your explicit prior consent, in addition to the cases explicitly mentioned in this privacy policy, if it is legally permissible or necessary. This may be the case, for example, if processing is necessary to protect the vital interests of the user or another natural person.
9.1. Abuse or violation of laws
If it is necessary to investigate unlawful or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities, as well as, where applicable, to injured third parties or legal counsel. This will only occur, however, if there is evidence of unlawful or abusive behavior. Data may also be disclosed if this serves to enforce terms of use or other legal claims. Furthermore, we are legally obligated to provide information to certain public authorities upon request. These include law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and tax authorities.
Any transfer of personal data is justified because the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) GDPR in conjunction with national legal requirements for the transfer of data to law enforcement authorities, or because we have a legitimate interest in transferring the data to the aforementioned third parties if there are indications of abusive behavior or for the enforcement of our terms of use, other terms and conditions or legal claims, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not override this interest.
9.2. Further Development
As our business evolves, our company structure may change through alterations to our legal form, or the establishment, acquisition, or sale of business units or components. In such transactions, customer information may be transferred along with the relevant part of the business. Whenever we transfer personal data to third parties to the extent described above, we ensure that this is done in accordance with this Privacy Policy and applicable data protection law.
Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our company structure to economic and legal circumstances as needed, and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not override this interest.
10. Changes of purpose
Your personal data will only be processed for purposes other than those described if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before the further processing and provide you with all other relevant information.
11. Data storage period
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of your use of the app or the contractual relationship, plus a period of [7] days during which we retain backup copies after deletion, unless this data is required for a longer period for criminal prosecution or for securing, asserting, or enforcing legal claims.
Specific information in this privacy policy or legal requirements regarding the retention and deletion of personal data, in particular data that we are required to retain for tax reasons, remain unaffected.
12. Your rights as a data subject
12.1. Right to Information
You have the right to request information from us at any time regarding the personal data we process concerning you, in accordance with Article 15 of the GDPR. You can submit your request by post or email to the address provided below.
12.2. Right to rectification of inaccurate data
You have the right to request that we immediately correct any inaccurate personal data concerning you. Please contact us using the contact details provided below.
12.3. Right to erasure
You have the right, under the conditions described in Article 17 of the GDPR, to request that we erase your personal data. These conditions include, in particular, a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, if you have objected to the processing, or if there is a legal obligation to erase the data under Union law or the law of the Member State to which we are subject. For information on the data retention period, please see section 5 of this privacy policy. To exercise your right to erasure, please contact us using the contact details provided below.
12.4. Right to restriction of processing
You have the right to request that we restrict the processing of your personal data in accordance with Article 18 of the GDPR. This right exists in particular if the accuracy of the personal data is contested between you and us, for the period necessary to verify its accuracy; if you, instead of erasure, request restricted processing when you have a right to erasure; if the data is no longer necessary for the purposes for which it was collected, but you require it for the establishment, exercise, or defense of legal claims; and if the successful exercise of an objection is still contested between you and us. To exercise your right to restrict processing, please contact us using the contact details provided below.
12.5. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with Article 20 of the GDPR. To exercise your right to data portability, please contact us using the contact details provided below.
13. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based, among other things, on point (e) or (f) of Article 6(1) of the GDPR, pursuant to Article 21 of the GDPR. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
14. Right of appeal
You also have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is:
The State Commissioner for Data Protection and
Freedom of information in Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel.: 0711/615541-0
15. Changes to this Privacy Policy
We keep this privacy policy up to date. Therefore, we reserve the right to amend it from time to time and to reflect changes in the collection, processing, or use of your data. The current version of the privacy policy is always available within the app.