1. Name and Contact Details of the Controller
This data protection information applies to data processing by Odlo Trading AG, Bösch 47, 6331-Hünenberg, Switzerland, as the primary controller for the operation of the website odlo.com and associated marketing activities.
2. Contact Details of the Data Protection Officer
Odlo Trading AG, Bösch 47, 6331-Hünenberg, Switzerland
Email address: datenschutz@odlo.com
3. Purposes of Data Processing and Categories of Recipients
3.1. Visiting our Website
When you visit our online shop, log files are stored that do not allow us to directly identify you. This includes, for example, the name of your internet provider (possibly in connection with your company's name in the case of corporate networks), the website you visited previously, information you access in our online shop, the date and time of your visit, and the operating system and browser version used.
The collection and analysis of these log files are done in an anonymized form. Their sole purpose is to improve the attractiveness, content, and functionality of our online shop. The disclosure of the information collected and analyzed in this way to third parties is excluded in all cases.
Cookies are small text files that can be stored on your respective device (laptop, tablet, smartphone, etc.) when you visit and/or use our services. Cookies cause no harm, contain no viruses, trojans, or other malicious software. Information is stored in the cookie that arises in connection with the specifically used device. However, this does not mean that we gain immediate knowledge of your identity and/or can draw conclusions about a person.
Some of the cookies used are deleted from your device after the end of the browser session (so-called session cookies). Other cookies remain on the device and enable us to recognize your device on your next visit (so-called persistent or cross-session cookies). These cookies are used, for example, to show you personally tailored ads and content in our services.
We use cookies based on your consent. We ask for this consent in our Consent Management Platform (CMP). There, it is described as "Store and/or retrieve information on your device." If you give your consent, this is the legal basis for the use of cookies under the GDPR (Art. 6(1)(a) GDPR). We store the decision you have made regarding whether you wish to give consent in order to implement it accordingly. An exception to this consent requirement only applies to cookies that are strictly necessary to provide a service you have expressly requested. We may use these cookies based on § 25 Abs. 2 Nr. 2 TDDDG (German Telecommunications Telemedia Data Protection Act).
Consent to Cookie-Based Processing of Your Data
In our CMP, we also ask for your consent – where necessary – for the processing of your data based on these cookies. We request consent not only for ourselves but also for the processing of such data by our partners. In our CMP, you will find detailed information on the purposes for which we and our partners would like to process your data based on your consent, as well as a list of our partners with further information on the data processing they wish to undertake based on that consent.
We store the decision you make in the CMP regarding whether and to what extent you wish to consent to cookie-based data processing under a so-called Consent ID (e.g., FZVRxk7UjuX2XhkVZ0DypM9ybSzm9MBaiJsSWH4ul2xflhpTvdZ7Uw==), which you can also find on the separate "Cookie Settings" page, to implement it accordingly. This pseudonymous Consent ID is generated individually for you as a website user to provide legal proof of your settings made in our CMP and the consents given/withdrawn therein, including the time (date, time). You can retrieve the Consent ID at any time in our CMP under the "Settings" section.
Under the scope of the GDPR, the legal basis for the data processing that takes place is Art. 6(1)(f) GDPR. We have a legitimate interest in processing your decision regarding the granting of consent so that we do not have to ask you again each time you access our services whether you wish to give your consent. If you have given your consent to the processing of your data, we rely on Art. 6(1)(a) GDPR as the legal basis for this data processing under the scope of the GDPR.
The following cookie categories are used:
Cookies necessary for the operation of our website: These cookies are required for the operation and functionality of the website. They help to make the website technically accessible and usable and provide essential and basic functionalities, such as navigation on the website, the correct display of the website in the internet browser, or consent management. The website cannot function correctly without these cookies.
Functional / Analytics Cookies: These cookies are used to measure online traffic and for behavioural analysis. This allows us to better understand the use of our website and improve our services.
Marketing Cookies: Marketing cookies help us and our advertising partners to address you on our websites and on third-party websites with advertising for products or services that may be of interest to you, or to 1display our advertisements during your further internet use after a visit to our websites.
3.2. Establishment, Execution, and/or Termination of a Contract
When you register for one of our services or conclude a contract with us, such as purchasing a product, we collect and process the data necessary for the initiation, execution, or termination of this contractual relationship. This includes the following information:
Title
First and last name
Billing and shipping address
Email address
Billing and payment information
Date of birth
Phone number
Details of your orders
Your personal shop settings
The legal basis for this processing under the scope of the GDPR is Article 6(b). This means that the provision of your data is based on the contractual relationship between you and us (e.g., for managing your customer account or processing a purchase contract). Furthermore, after a purchase via our websites or applications, we are legally obliged to use your email address to send you an electronic order confirmation (according to Art. 3(1)(s) of the Swiss Federal Act Against Unfair Competition, "UWG").
If we do not use the data collected for contract processing for our own marketing purposes, we store it for the duration of the contract. The storage also extends until the expiry of all applicable statutory or possible contractual warranty and guarantee rights, as well as the applicable statutes of limitation. After this period, we retain the information required by commercial and tax law for the legally prescribed periods. During this time, this data is re-processed exclusively for the purpose of an audit by the financial authorities. Additional information on this can be found in Section 6. The legal basis for this further data processing is Art. 6(1)(c) and Art. 6(1)(f) GDPR, based on our legitimate interest in the assertion, exercise, or defense of legal claims.
To process a purchase contract via our services, the following additional data processing steps are necessary:
We forward your payment data to the payment service providers commissioned by us who carry out the transaction.
We transmit your delivery address to our logistics companies and shipping partners so that your order can be delivered.
To ensure the delivery of the goods as requested, we may pass on your email address and/or phone number to the responsible logistics or shipping company. This company may contact you in advance to coordinate the delivery details with you. The data is shared exclusively for this purpose. After delivery, it is not used for other purposes and is deleted after the expiry of the commercial and tax law retention periods.
The information you provide as part of an order can also be used to check for an atypical ordering process (e.g., simultaneous ordering of many goods to the same address using different customer accounts).
In the course of order processing, your data will also be processed by our logistics provider, Odlo Logistik GmbH (Christenfeld 11, 41379 Brüggen) or Odlo Sports GmbH (Christenfeld 11, 41379 Brüggen in the case of "Endless Aisle"), or by other logistics service providers / transport companies and/or shipping partners: first name, last name, company, postal address, and, if applicable, also the email address or phone number.
3.3. Data Processing for Advertising Purposes
We do not send you any postal advertising or mailings.
Within our services, we offer you the opportunity to subscribe to our newsletters. To ensure that no errors are made when entering the email address, we use the so-called Double-Opt-In procedure (DOI procedure): After you have entered your email address in the registration field and given your consent to receive our newsletters, we will send you a confirmation link to the specified email address. Only when you cli2ck this confirmation link will your email address be added to our distribution list for sending our newsletters. Under the scope of the GDPR, the legal basis for this processing is Art. 6(1)(a) GDPR; in Swiss data protection law, Art. 31 applies.
As an existing customer, you may receive product recommendations by email from us for products you have already purchased. We send these product recommendations regardless of whether you have subscribed to a newsletter. In this context, we use the email address you provided during the purchase to promote our own goods and/or services that are similar to those you have already purchased from us in a previous order. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(f) GDPR. We have a legitimate interest in sending you product recommendations by email, provided this is in accordance with the legal requirements for direct marketing.
Note on the Right to Object
Since we send you these product recommendations based on our legitimate interests, you have the right to object to this use of your email address for direct marketing purposes at any time. This right is absolute and requires no justification. Please use the unsubscribe link at the end of each email or send an informal message to kundendienst@odlo.com. Your data will then no longer be processed for this purpose.
If you participate in contests organized by Odlo, we use your data for the purpose of conducting the contest and, if applicable, for advertising our offers or those of our contest partners. You will always find detailed information on this in the terms and conditions for the respective contest.
3.4. Personal User Experience
We and our partners aim to provide you with the most personal user experience possible on our services. For this reason, in our CMP, we ask for your consent for the processing purposes described in the following sections 3.4.1 to 3.4.4. The legal basis for the data processing described in these sections is Art. 6(1)(a) GDPR under the scope of the GDPR.
Furthermore, we process your data to be able to provide our services securely and reliably and in the form you desire. You can find more information on this in section 3.5.1. The legal basis for the data processing described there is Art. 6(1)(f) GDPR under the scope of the GDPR. Our legitimate interest is to offer our services securely and reliably and to provide services that you have expressly requested (e.g., our shopping cart function).
For certain services, it is necessary to be able to recognize you on our own or on third-party sites, for example, to show you ads for our products on third-party sites. For this purpose, we or our partners assign a pseudonymous identifier (ID). In addition, we and our partners can associate you on third-party sites using your pseudonymized email address or phone number. You can find out what information we or the respective partners wish to use based on your consent in the partner list. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a) GDPR.
To offer you a great Odlo shopping experience, we and our partners use certain information with your consent (e.g., browser information, click path, date and time of visit, geographic location, IP address, usage data, websites visited). We use this to present you with tailored ads and content in our online shop and on third-party sites, which may, for example, be based on your preferences or recently viewed products. You can find out what information we or the respective partners wish to use based on your consent in the partner list. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a) GDPR.
If you have consented, we and our partners use certain information about the interaction with content and ads in our online shop and on third-party sites. This serves the purpose of better understanding how they are received by our users. For this, we combine datasets (such as user profiles, statistics, market research, and analysis data) that provide insight into how you and other users interact with content and ads. Based on this information, we can identify common characteristics to determine, for example, which content is relevant for which target groups. You can find out what information we or the respective partners wish to use based on your consent in the partner list. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a) GDPR.
With your consent, we and our partners use information about your activities in our online shop and on third-party sites (e.g., your interaction with ads or content). This information helps us to improve our products and services and to develop new products and services based on user interactions, the type of target audience, etc. The development or improvement of user profiles and identifiers is not covered by this purpose. You can find out what information we or the respective partners wish to use based on your consent in the partner list. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a) GDPR.
We use Google Analytics 4 (Google Ireland Limited) to analyze and improve the use of our website. For this purpose, cookies/similar technologies are used – only with your consent (see 3.1.3 Cookie Consent). Processed data includes page views, interactions, device/browser information, and approximate location data. Google processes the data on our behalf.
Legal basis: Art. 6(1)(a) GDPR (consent); in Switzerland, we base the processing on our overriding interest, but storage/reading on the end device only occurs after consent via the CMP. A transfer to third countries (especially the USA) is possible; we rely – where applicable – on the EU-U.S. Data Privacy Framework adequacy decision. You can withdraw your consent at any time via the Cookie Settings.
3.5. Performance
We require certain information to provide our online shop securely and reliably. For this, we monitor and prevent unusual and potentially fraudulent activities and ensure that systems and processes function properly and securely. The legal basis for this data processing is Art. 6(1)(f) GDPR. We have a legitimate interest in offering our services securely and reliably.
Furthermore, we use and store information to provide you with functions in our online shop such as the shopping cart or wishlist. In doing so, we remember, for example, which products you have placed in the shopping cart or added to the wishlist. The legal basis for this data processing is Art. 6(1)(f) GDPR. We have a legitimate interest in providing functions you have expressly requested (e.g., our shopping cart function).
We use the Google Tag Manager (Google Ireland Limited) to manage website tags centrally. The Tag Manager itself does not set its own cookies and is not used to create user profiles. Non-essential tags (e.g., for analysis/marketing) are only triggered after you have given your consent via our Consent Management Platform (see 3.1.3). A transfer to a third country (especially the USA) may occur for technical reasons; for this, the guarantees from Section 7 (DPF/SCCs) apply.
3.6. Size Recommendations
To offer you a precise size recommendation for our products, we use the "Size Widget" service from the provider EyeFitU AG (CHE-159.923.770), Switzerland, on our website. When you use this function, you will be asked to provide personal data such as height, weight, age, and your preferred fit. This data is used exclusively to generate an individual size recommendation for you. The processing of this data is based on your explicit consent according to Art. 6(1)(a) GDPR, which you grant by voluntarily entering your data and using the widget.
3.7. Product Reviews
We use the service Reviews.io on our website to collect and display customer reviews of our products and services. The provider is REVIEWS.co.uk Limited, 29 St Nicholas Pl, Leicester LE1 4LD, United Kingdom. After your order is completed, we may send you an email asking you to submit a review. For this purpose, we transmit the data required for the review invitation (your name, your email address, and information about your order) to Reviews.io. You can object to receiving review invitations at any time by clicking the unsubscribe link included in every invitation email. The legal basis for this processing is our legitimate interest according to Art. 6(1)(f) GDPR. The United Kingdom has an adequacy decision from the European Commission (Art. 45 GDPR), which ensures an adequate level of data protection. For more information on data protection at Reviews.io, please see the provider's privacy policy at: https://www.reviews.io/front/user-privacy-policy
3.8. Fan Pages
Odlo operates social media profiles (so-called "Fan Pages") on the social networks Facebook but mainly Instagram. These services are offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland ("Meta"). On these pages, we regularly publish and share content and offers. When you interact with our Fan Pages or other Facebook or Instagram websites, Meta collects your usage behavior using cookies and similar technologies. For its Fan Pages, Odlo receives general statistics about the interests and demographic characteristics (e.g., age, gender, region) of visitors.
When you use social networks, the type, scope, and purposes of data processing are primarily determined by the operators themselves. An exception is the so-called "Page Insights," for which we are jointly responsible with Meta. We explain this below.
Processing of your data by Meta
Meta also processes your data for its own purposes when you use the Fan Pages. These purposes are not covered in this data protection information, as we have no influence over them. You can find more information directly on the respective social networks:
Privacy Policy of Instagram
Privacy Policy of Facebook
Usage Analysis (Page Insights)
When you interact with our Fan Pages, Meta records your usage behavior using cookies and similar technologies. Odlo then receives so-called "Page Insights." These are statistical, anonymized (depersonalized) data about the visitors. It is not possible for us to link this data to you personally. The responsibility for the selection and preparation of this Page Insights information lies exclusively with Meta. The insights help us to understand how our Fan Pages are used, what interests the visitors have, and which topics and content are particularly popular. We use this information to offer relevant content to the visitors of our Fan Pages and to better cater to the interests and usage habits of our visitors.
Odlo and Meta are jointly responsible for the processing of your data for the creation of Page Insights. An agreement exists between Odlo and Meta that specifies which company fulfills which data protection obligations under the GDPR with regard to the processing of Page Insights data.
The agreement with Meta is available here: https://www.facebook.com/privacy/policy/
Meta has summarized the key contents of this agreement (including a list of Page Insights data) here: https://www.facebook.com/privacy/policy/
Insofar as you have consented to the creation of Page Insights as described above with Meta, the legal basis under the scope of the GDPR is Art. 6(1)(a) GDPR.
3.9. Customer Account / User Account
Opening a customer account to process the contract is not mandatory; you can also complete the contract at any time via a guest access (Guest Checkout). However, to offer you the greatest possible convenience, we allow you to permanently store your personal data in a password-protected customer account/user account.
Creating a customer account is generally voluntary. If you create a customer account, the processing of your data collected here is based on Art. 6(1)(b) GDPR under the scope of the GDPR. After setting up a customer account, no new data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.
In addition to the data requested for an order, you must provide a password of your choice to set up a customer account. This, along with your email address, is used to access your customer account. Please treat your personal access data confidentially and, in particular, do not make it accessible to any unauthorized third parties. Please note that you will remain automatically logged in even after leaving our website unless you actively log out.
You have the option to delete your customer account at any time. Please note, however, that this does not simultaneously delete the data visible in the customer account if you have ordered from us before. Your data will be automatically deleted after the expiry of the commercial and tax law retention obligations applicable to us or the applicable statutes of limitation. More information on this can be found in Section 6. Under the scope of the GDPR, the legal basis for this further data processing is Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. We have a legitimate interest in the assertion, exercise, or defense of legal claims.
3.10. Login with Google
In the future, Odlo may offer you the option to log in to the service with your Google account ("Sign in with Google"). This login function is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). A separate registration with Odlo is not necessary in this case. For the login, you will be redirected to the Google website, where you can log in with your Google user data. This links your Google account and the Odlo service. Through this link, Odlo automatically receives from Google the information for which you have consented to its transmission (e.g., first name, last name, email address, profile picture, gender, country setting/language, date of birth). We use this information to identify you when using Odlo. When you use the login function, your IP address is also transmitted to Google. The legal basis for this data processing is Art. 6(1)(a) GDPR.
Further information on data processing by Google can be found here:
This feature is not currently available on Odlo.
3.11. Login with Apple
Odlo may offer you the option to log in to our service with your Apple ID ("Sign in with Apple"). This is a service of Apple Distribution International Limited, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple"). A separate registration with Odlo is not necessary in this case. For the login, you will be redirected to the Apple website, where you can log in with your Apple user data. Your Apple ID will be linked to our service. You have the choice to either use the email address stored with Apple ("Share My Email") or a pseudonymized email address ("Hide My Email"). If you choose "Share My Email," Odlo will receive the email address and name stored in your Apple ID. With the "Hide My Email" function, Apple allows you to register for other services like Odlo without revealing your actual email address. If you activate this function when creating a new Odlo customer account, Apple creates a random email address with the domain privaterelay.appleid.com. All emails to this address are automatically forwarded to the email address associated with your Apple ID. When using this login function, your IP address is also transmitted to Apple. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a) GDPR.
Further information on data processing by Apple can be found here:
This feature is not currently available on Odlo.
3.12. Login with Klarna
In the future, Odlo may offer you the option to log in to the service with your Klarna access ("Sign in with Klarna"). This login function is a service of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna"). A separate registration with Odlo is not necessary in this case. To log in, you will be redirected to the Klarna website, where you can log in with your user data. This links your Klarna account and our Odlo service. Through the link, Odlo automatically receives from Klarna the information for which you have consented to its transmission (e.g., first name, last name, email address). We use this information to identify you when using Odlo. The legal basis for this data processing is Art. 6(1)(a) GDPR.
Further information on data processing by Klarna can be found here:
This feature is not currently available on Odlo.
3.13. Contact Odlo
You can contact us in several ways: by email, by phone, or by post. When you contact us, we use the personal data you voluntarily provide in this context (e.g., your name or email address) exclusively for the purpose of communicating with you and processing your request.
On some pages, you can also contact us via our chat. You have the choice of how you want to interact with the chatbot: either by entering your query in a free-text field or through a guided list of contact reasons in the form of clickable buttons. We access data from your customer account via a technical interface, such as order and delivery information, to answer your query about an order, delivery, or return.
When you contact our customer service, the data you transmit (e.g., name, email address, phone number, and the content of your request) is processed by PVS-Europe on our behalf to handle your query. The legal basis for this is, depending on the content of your request, the fulfillment of our contract with you (Art. 6(1)(b) GDPR) or our legitimate interest in efficient and professional customer communication (Art. 6(1)(f) GDPR).
For processing customer inquiries, we use the CRM system from MS Dynamics by Microsoft. Microsoft processes your data for inquiries to us exclusively on our behalf and for no other purposes.
For the automation of our customer service, we use the support of DigitalGenius, 110 Clifton Street, London EC2A 4HT, United Kingdom. Email inquiries are transmitted to the DigitalGenius platform for processing and are sent back to you as a customer from there in an automated manner. As part of this process, DigitalGenius processes personal data to handle your request. All data is stored on the platform for only 30 days. We use this service to be able to answer your inquiries faster and more accurately.
The legal basis for this data processing is Art. 6(1)(b) GDPR, if the processing of your data is necessary for answering your questions or handling your request in connection with a purchase made. We also have a legitimate interest in answering general inquiries that are not directly related to a contractual relationship. In this case, the legal basis for data processing is our legitimate interest (Art. 6(1)(f) GDPR) in providing you with a fast and specific response to your request, which you have expressly desired (e.g., information on general delivery times, availability of sizes or products).
3.14. Payment Processing for Orders
We process your payment information for the purpose of payment processing, for example, when you purchase a product and/or a service from www.odlo.com. Depending on the payment method you choose, payment processing is handled by different payment service providers. Personal data is processed to be able to carry out the payment. Under the scope of the GDPR, the legal basis for this data processing is Art. 6(1)(a), Art. 6(1)(b) GDPR, and Art. 6(1)(f) GDPR.
For the processing of payments by credit card as well as other digital or country-specific payment methods, we use the payment service provider Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands. Adyen processes the data necessary for payment processing (e.g., name, address, payment information, transaction data) and enables various payment methods, such as credit card (Visa, Mastercard, American Express, Discover, Diners Club, JCB, Cartes Bancaires), TWINT, Vipps, iDEAL, or other local payment methods. If you are redirected to an external payment platform for payment (e.g., TWINT or Vipps), your data will be processed by the respective provider according to their own data protection policies. Further information on data protection can be found at https://www.adyen.com/policies-and-disclaimer/privacy-policy.
For a purchase on account, a credit check is carried out during the ordering process. In the case of a positive credit check, you will receive an invoice from our service provider, which you can pay by bank transfer to our account. For the credit check, we use external service providers with your consent, to whom we transmit your data – in particular, name, address, date of birth, and order value. The data is transmitted to Payolution GmbH, Columbusplatz 7-8, Stiege 1, 5th floor, 1120 Vienna, Austria. The legal basis for processing in the context of the credit check is Art. 6(1)(a) GDPR. If you do not consent to the credit check, you must choose another payment method. As part of the credit check, an assessment is obtained on the probability of default on our claim from the order. The data protection provisions and supplementary information on data protection of the provider apply to the data processing by Payolution, available at https://www.unzer.com/de/privacy-payolution-consumers/ and https://payment.payolution.com/payolution-payment/infoport/dataprivacydeclaration/.
When paying via PayPal, your payment data is forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") as part of the payment processing. Under the scope of the GDPR, the legal basis for this transfer is the performance of the contract, Art. 6(1)(b) GDPR. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" via PayPal. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further data protection information, especially about the credit agencies used by PayPal, can be found in PayPal's privacy policy, available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. PayPal acts as a controller in the sense of data protection law.
In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden ("Klarna"), we may offer you the following payment options in the future. The payment is made to Klarna in each case:
Invoice: The payment period is 30 days from the dispatch of the goods/ticket/or, in the case of other services, the provision of the service. The complete invoice conditions for the countries where this payment method is available can be found [here].
Direct Debit/Instant Transfer: Available in Germany, Austria, Belgium, Italy, Spain, Poland, and the Netherlands. Your account will be debited immediately after placing the order.
The use of the payment methods Invoice and Direct Debit/Instant Transfer requires a positive credit check. If you choose a Klarna payment option, we will forward your data to Klarna as part of the purchase initiation and processing of the purchase contract for the purpose of address and credit checks. Please understand that we can only offer you those payment methods3 that are permissible based on the results of the credit check. Further information and Klarna's terms of use can be found [here]. Your personal data will be handled by Klarna in accordance with the applicable data protection regulations and as specified in Klarna's privacy policy. Klarna acts as a controller in the sense of data protection law. Under the scope of the GDPR, the legal basis for the transfer of your data to Klarna is the performance of the contract (Art. 6(1)(b) GDPR).
This feature is not currently available on Odlo.
If you select a Klarna service for payment, your necessary data, in particular name, contact details, and other identification information, as well as payment information and creditworthiness data, will be forwarded to and processed by Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden ("Klarna"). Information on data protection at Klarna can be found at https://www.klarna.com/ and https://www.klarna.com/international/privacy-policy/.
For a purchase on account, a credit check is carried out during the ordering process, which we will inform you about in more detail below. In the case of a positive credit check, you will receive the corresponding invoice from our service provider, which you can pay by bank transfer to our account. If you pay in advance, no assessment by service providers is carried out; the shipment will be made after we receive payment.
The legal basis for payment processing is Art. 6(1)(b) GDPR. The processing of your personal data is necessary for the fulfillment of the contract with you, whereby the payment method can be freely chosen by you. The data will be stored by us for as long as it is necessary for the fulfillment of the contract. In addition, we store this data for the fulfillment of post-contractual obligations and due to commercial and tax law retention periods for the legally prescribed period. This retention period is generally 10 years to the end of the respective calendar year.
3.15. Algolia Search Function
If you give your consent, we use the analysis and marketing tool Algolia on our website (Algolia SAS, 55 Rue d'Amsterdam, 75008 Paris, France). This tool provides analysis services for our search function. It collects information about how you use our website and the search function with the aim of showing you personalized search results tailored to your interests. To recognize you across multiple visits, a UserToken (the modified Usercentrics Controller ID) is used. This allows us to present you with more relevant, AI-supported results and to analyze your behavior over a longer period.
If you have consented, the tool collects the following data: browser and device information, your IP address (which is shortened by four digits at Algolia), your search terms and filters used, clicks on results, products or other buttons, an individual User ID, timestamps, and usage data (e.g., pages visited, items viewed or added to the shopping cart, and purchases made). Based on your IP address, an approximate geolocation is also carried out. The storage period for this collected data is 365 days. There is no data transfer to third countries outside the EU or the EEA. Further details on data processing by Algolia can be found at https://www.algolia.com/policies/privacy/
You can withdraw your consent at any time with effect for the future. To do so, please open the privacy settings and deactivate the corresponding selection. Please note that this change in the privacy settings must be made separately for each device.
If you do not give your consent, we will, of course, only collect the data that is essential for the technical provision of the search function. In this case, your IP address will only be used to deliver the (non-personalized) search results and will then be shortened. Otherwise, only search queries and filters, browser and device information, timestamps, and an approximate geolocation based on your IP address will be collected.
Under the scope of the GDPR, the legal basis for the transfer of your data is: Art. 6(1)(a) GDPR & § 25(1) TDDDG WITH CONSENT; Art 6(1)(f) GDPR without consent.
In principle, you are under no obligation to provide us with your personal data. However, the use of certain areas of our services may require the provision of personal data, especially the purchase of goods. If you do not wish to provide us with the necessary data, you will unfortunately not be able to use the corresponding areas of the services.
5.1. Disclosure of Data to Third Parties
We only transmit your data to external third parties (outside of Odlo) if this is legally permissible. Reasons for this may be a legitimate interest (ours or the third party's), a legal obligation, or your consent given to us.
In addition to the partners, we already list by name in our data protection information and the CMP (Consent Management Platform), your personal data may also be disclosed in special cases to the following bodies:
if we are obliged to do so in individual cases by legal requirements or an enforceable official or judicial order (e.g., to authorities);
in legal disputes (to courts or our lawyers) or in the context of audits (to auditors);
in cooperation with tax advisors.
in case of suspicion of criminal acts (to the responsible investigative authorities);
in the event of a sale of the business (to the respective acquirer).
if the transfer of your data to third parties is based on your consent, a corresponding explanation may also be provided directly when this consent is obtained.
5.2. Disclosure to Processors
In some areas, we use so-called processors for the processing of your data. This is a natural or legal person who processes personal data on our instructions and on our behalf. We remain responsible for this data processing. Processors do not use the data for their own purposes but carry out data processing exclusively for us as the controller.
If the processors are not already named in this data protection information, they are the following categories of service providers:
IT service providers (sending emails and newsletters)
Call centres (answering customer inquiries)
Odlo stores personal data only for as long as is necessary for the purposes stated in this data protection information. This serves in particular to fulfil our contractual and legal obligations. We may also store your personal data for other purposes, provided and if the law permits further storage for specific purposes.
If you close your customer account/user account, we will delete all stored personal information. If complete deletion is not possible or not required for legal reasons, this information will be blocked by us. Blocking occurs, for example, if commercial or tax law retention obligations apply, such as from the German Commercial Code (HGB) and the Tax Code (AO). In this case, we are obliged to keep this information for up to ten years for tax and financial audits.
Even if there is no legal retention obligation, we may refrain from immediate deletion in certain legally permitted cases. This applies, for example, if the information concerned may still be needed for further contract processing or for legal prosecution or defence (e.g., in case of complaints). The decisive criterion for the duration of the blocking is then the respective statutory limitation periods. After their expiry, we will delete the information. As a rule, the limitation periods end 3 years after the end of the year in which you made a purchase from us.
We also transmit personal data to third parties or processors who are based in countries outside the European Economic Area (EEA). In this case, we ensure before the transfer that either an adequate level of data protection is guaranteed at the recipient's end or that your express consent is obtained.
An adequate level of data protection exists, for example, if the European Commission has issued a so-called adequacy decision for the respective country (Art. 45 GDPR). For the USA, the European Commission has decided that an adequate level of data protection exists if the data recipient participates in the EU-U.S. Data Privacy Framework (DPF) and has a current certification for it. If the recipients of your personal data are located in the USA and participate in the DPF, we therefore rely on this adequacy decision (Art. 45 GDPR).
Alternatively, we establish an adequate level of data protection by agreeing with the recipients on the so-called EU Standard Contractual Clauses of the European Commission (Art. 46 GDPR). In this case, we carry out so-called Transfer Impact Assessments and agree with the recipient or implement, where necessary, additional protective measures. Specifically, we agree with recipients who are (independent) controllers on Module 1 of the EU Standard Contractual Clauses and with recipients who act as our processors on Module 2 of the EU Standard Contractual Clauses. These are third parties or processors in the following countries: USA (we rely on the DPF in this respect) and UK (we rely on the adequacy decision of the European Commission available [here] in this respect).
8.1. Overview
In addition to the right to withdraw the consents you have given us, you are entitled to the following further rights if the respective legal requirements are met:
the right to access information about your personal data stored by us (Art. 15 GDPR). You can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data (if it was not collected directly from you);
the right to rectification of inaccurate or completion of incomplete data (Art. 16 GDPR);
the right to erasure of your data stored by us (Art. 17 GDPR), provided that the applicable conditions are met and we do not have to comply with any legal or contractual retention periods or other legal obligations or rights to further storage;
the right to restriction of processing of your data (Art. 18 GDPR). This is the case if the accuracy of the data is contested by you (for a period enabling us to verify the accuracy); the processing is unlawful, but you oppose its erasure; we no longer need the data, but you require it for the establishment, exercise, or defence of legal claims; or you have objected to processing pursuant to Art. 21 GDPR (pending the verification whether our legitimate grounds override yours);
the right to data portability pursuant to Art. 20 GDPR. This means you have the right to receive the data we have stored about you in a common, machine-readable format, if the processing is based on your consent (Art. 6(1)(a) GDPR) or a contract (Art. 6(1)(b) GDPR) and is carried out by automated means. This includes the right to request the transmission to another controller, as far as this is technically feasible.
You can assert the rights to which you are entitled by contacting kundendienst@odlo.com.
In addition, you have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority at your usual place of residence, your workplace, or our company headquarters.
8.2. Rights to Object
You have the right to object at any time to the processing of your personal data for advertising purposes ("advertising objection").
Furthermore, you have the right to object, on grounds relating to your particular situation, to data processing that is based on Art. 6(1)(f) GDPR. We will then stop processing your data unless we can demonstrate – in accordance with the legal requirements – compelling legitimate grounds for the further processing which override your rights, or the processing serves the establishment, exercise, or defence of legal claims.
You can exercise your rights to object by contacting kundendienst@odlo.com.
8.3. Rights to Withdraw Consent
If we process data based on a consent you have given, you have the right to withdraw the given consent at any time. Your withdrawal does not affect the lawfulness of the data processing that has taken place based on the consent(s) until the withdrawal.
You can generally exercise your rights to object by contacting kundendienst@odlo.com.
8.4. Fan Pages
For the joint processing of your Page Insights information with Meta, we have agreed that Meta has the primary responsibility for providing you with information about the processing of your Page Insights information. This includes enabling you to exercise your data protection rights (e.g., right to object). You can find more information about your data protection rights in connection with Page Insights and how you can assert them directly with Meta [here].The agreement on joint controllership (Art. 26 GDPR) can be found in the Page Insights Controller Addendum.
Should you assert your rights against Odlo, we will forward your request to Meta.
Date: 10/2025