Privacy policy and notes on the use of cookies


Fielmann takes the protection of your personal data seriously and complies with the statutory provisions in the General Data Protection Regulation („GDPR“) and in the German Federal Data Protection Act („BDSG-nF“) for the processing of personal data. In the following and in accordance with the GDPR, we would like to inform you of when and for what purposes personal data are processed on our websites.



1. What are personal data?


Pursuant to Art. 4(1) of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


If, while using our websites, you enter any details on your eyesight or other medical aspects that may be required for providing you with prescription eyewear like glasses or contact glasses, these details qualify as data concerning health pursuant to Art. 4 para. 15 GDPR, which are specially protected as personal data.



2. Who is responsible for your data?


Responsibility for processing your personal data on our websites lies with Fielmann AG, Weidestraße 118a, 22083 Hamburg.


You can contact our Data Protection Officer at datenschutz@fielmann.com or via our postal address by adding „Data Protection Officer“.



3. Your rights


You can assert the following rights concerning us with regard to the processing of your personal data:



  • Right of access (Art. 15 GDPR),

  • Right to rectification (Art. 16 GDPR) and/or erasure including the „right to be forgotten“ (Art. 17 GDPR),

  • Right to restriction of processing (Art. 18 GDPR),

  • Right to object to the processing (Art. 21 (1) GDPR) and the right to object to processing for direct marketing purposes (Art. 21 (2) GDPR),

  • Right to data portability (Art. 20 (1) GDPR).


In addition, you are also entitled to lodge a complaint to a supervisory authority for data protection.



If you have given your consent to the processing of your data when accessing this website, you can revoke it any time with effect for the future. To the extent that we base the processing of your personal data on a balancing of interests, you have the right to object to the processing (Art. 21(1) GDPR).



This applies where the processing is not necessary for the performance of a contract with you, which is outlined in the course in the following description. When exercising your right to object, we ask you to provide the reasons why we should not process your personal data, as carried out by us. In case of a justified objection, we will examine the situation and will either cease or adapt the data processing, or demonstrate our compelling legitimate grounds for continuing the processing.



Irrespective of this, you may object at any time and without providing reasons to the processing of your personal data for marketing and data analysis purposes (Art. 21(2) GDPR).



4. Processing personal data when our websites are accessed



a) Documenting the access


When using the internet services provided by Fielmann, certain data are automatically stored on our servers for system administration purposes and for statistical or security purposes, particularly for protection against attacks on our IT infrastructure. Provided such data qualify as personal data as defined in Art. 4 no 1 of the GDPR, they will be processed on the basis of Art. 6(1)(f) of the GDPR for these purposes.




  • IP address (anonymised)

  • Accessed page/name of the accessed file

  • Date and time of the access

  • Transferred amount of data

  • Report if the access was successful

  • The referring site, if access was made via an external link, and the search term, if access was made via an external search engine

  • The browser software used for the access (language, version and configuration)

  • Details on your device's operating system and interface


The data are only used in anonymized form for evaluating the general user behaviour. These statistical evaluations help us to improve the Fielmann websites for you and to further enhance the user experience. There is no other usage, least of all a link to personal data. The afore-mentioned documentation data will be stored on our servers for a standard 7 days and then erased, provided Fielmann is not legally obliged to store the data for longer. In such cases, storing data for longer periods will be based on Art. 6(1)(c) GDPR.



b) Use of cookies on our websites


What are cookies?

Cookies are small files that are stored on your device and save certain settings and data for exchange with our systems or our service providers' systems via your web browser. A distinction is made between two different types of cookies. There are so-called session ID cookies, which are erased as soon as you close your browser, and persistent cookies, which are stored on your device for a longer period of time.


You can remove stored cookies in your browser settings and deactivate the future storage of cookies. We would like to point out that not all the features of the websites may be used if the cookies are deactivated.



Our websites use the following cookies:


  • Server cookies

  • State-save cookies

  • Long-term cookies

  • Watch list (state-save cookie)

  • Cookie layer accept (state-save cookie)



Third-party cookies:


  • Chartbeat (Analytics)

  • Google Analytics (Analytics)

  • Google Ads (Advertising)

  • Tradedesk (Advertising)

  • Google (Advertising)

  • AppNexus (Advertising)

  • crazyEgg (Analytics)




c) Web analysis and personalised advertising

In order to continuously improve and optimise our service, as well as to insert interest-based personalised advertising, we use the third-party web-tracking and analytics services described below:



Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LL.C., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The statistics gained allow us to improve our service and provide you with an enhanced user experience. This website also uses Google Analytics for a cross-device analysis of visitor flow which is executed via a user ID. If you have a Google user account, you can deactivate the cross-device analysis of your use under the settings “My Data”, “Personal Data”.


The legal basis for using Google Analytics is provided by Art. (1)(f) GDPR. The IP address transferred from your browser through Google Analytics will not be associated with any other data held by Google. We would also like to point out that Google Analytics has been supplemented on this website by the code “anonymizeIp();”, to ensure an anonymized collection of IP addresses. As a result, IP addresses will be processed in an abbreviated form so that reference to individual users can be excluded. If the data collected about you allow for a reference to you individually, the relationship will be excluded immediately and the personal data will be erased at once.


Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.


Google Analytics uses cookies. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie about your use of the website (including your IP address) to Google and the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.


You can also prevent the use of Google Analytics by clicking on this link: Deactivate Google Analytics. By doing so, a so-called opt-out cookie will be stored on your hard drive to prevent Google Analytics from processing personal data. Please note that when deleting all cookies on your computer, this opt-out cookie will also be deleted, so you have to reset the opt-out cookie if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer, and therefore have to be separately activated for every browser, computer or other device.



Google Ads

This website uses the online marketing tool Google Ads by Google (“Google Ads”). Google Ads uses cookies to display ads that are relevant to the user, to improve reports on the campaign's success, or to avoid repeatedly showing the same ad to a particular user. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent this ad from being displayed multiple times. Furthermore, with the help of cookie IDs, Google Ads can record “conversions” that are related to requests concerning ads. This is the case, for instance, when a user sees a Google Ads ad and later visits the advertiser's website and makes a purchase there using the same browser. According to Google, Google Ads cookies do not contain personal data.


As a result of the marketing tools used, your browser automatically establishes a direct connection with the Google server. The use of Google Ads means that Google receives the information that you have visited the corresponding section of our website or have clicked on one of our ads. If you are registered with a service provided by Google, then Google can allocate your visit to your account. Even if you are not registered with Google or are not logged into your account, it is possible that the provider will recognise and store your IP address.


There are several ways to prevent your participation in this tracking process:


a) by changing the settings of your browser software; in particular, by rejecting third-party cookies, you will not receive ads from third-party providers;


b) by deactivating the cookies for conversion tracking by configuring your browser settings in such a way that cookies from the domain “www.googleadservices.com” are blocked, https://adssettings.google.com, and these settings will be deleted when you delete your cookies;


c) by deactivating the interest-related ads of providers who are part of the self-regulation campaign “About Ads” using the link https://www.aboutads.info/choices and these settings will be deleted when you delete your cookies;


d) by means of a permanent deactivation in your Firefox, Internet Explorer, or Google Chrome browsers using the link https://www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to fully use all the functions of this website.


The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data does not preclude any overriding conflicting interests on your part (Art. 6(1)(f) GDPR). You can find further information on Google Ads by Google at https://ads.google.com/intl/de_DE/home/, and also on data protection at Google in general at: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org



Google Remarketing

This website uses the Google's remarketing feature. This feature is used to present website visitors interest-based advertising within the Google ad network. Cookies are stored in the browser of a visitor to the website that enables the visitor to be recognised again later when visiting these websites, which are a part of the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously called up on websites that use the remarketing feature from Google. According to its own policy, Google does not collect any personal data in this process. The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data does not preclude any overriding conflicting interests on your part (Art. 6(1)(f) GDPR).


Nevertheless, if you do not want to use the remarketing feature from Google, you can deactivate it by changing the appropriate settings at https://adssettings.google.com/. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative, by following the instructions at http://optout.networkadvertising.org. You can find further information on Google Remarketing and the Google privacy policy at https://policies.google.com/technologies/ads?hl=de.



Chartbeat

This website also uses the web analysis tool “Chartbeat” created by Chartbeat, Inc., 826 Broadway, 6th Floor, New York, NY 10003, USA. In order to analyse the use of websites, Chartbeat collects and evaluates specific usage data that are transmitted by your browser. Chartbeat can use one or more cookies to record this usage data. The IP address assigned to your device at that time and, in some cases, a device-specific customer number are also transmitted. The IP address is required only for the purpose of session ID and for geolocation (to town/city level). We only obtain statistical, aggregated data without being able to establish a personal connection.
The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data does not preclude any overriding conflicting interests on your part (Art. 6(1)(f) GDPR). You can find further information on Chartbeat at https://chartbeat.com/about/. Chartbeat's privacy policy is available at https://chartbeat.com/privacy.



CrazyEgg.com

This site uses the tracking tool CrazyEgg.com to record randomly selected individual visits (with anonymous IP address only). This tracking tool allows us to use cookies to evaluate how you use the website (e.g. what content is clicked on). For this purpose, a usage profile is visually displayed. Usage profiles are only created when pseudonyms are used. The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data does not preclude any overriding conflicting interests on your part (Art. 6 (1)(f) GDPR).


You may object at any time to the collection, processing and recording of data generated by CrazyEgg.com by following the instructions at https://www.crazyegg.com/opt-out. You can find further information on data protection at CrazyEgg.com at https://www.crazyegg.com/privacy.



Fonts.com

This website uses “fonts.com”, a fonts service provided by Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (“fonts.com”). Every time this website is accessed, files are uploaded from a “fonts.com” server in order to portray texts in a particular font. In this process, your IP address may be transferred to a “fonts.com” server and stored as part of the usual weblog. Responsibility for further processing this information lies with “fonts.com”; please refer to the Notes on data protection of “fonts.com” for the corresponding conditions and setting options.



The Trade Desk

This website uses technology from The Trade Desk Inc., 42 N Chestnut St, Ventura, California, CA - 9300, USA. Information on website visitors' surfing behaviour is collected in purely anonymised form for marketing purposes and cookies are placed for this purpose. No personal data are collected or stored in this process.
You may object at any time to the processing of the cookie data generated by The Trade Desk at https://www.adsrvr.org/. You can find further information on data protection at The Trade Desk at https://www.thetradedesk.com/general/privacy-policy



d) Integration of other third-party services and content

Content is integrated into some of the pages of this online service. The use of third-party online services always requires that the providers of this content get access to the users' IP address, because without the IP address the content could not be sent to the users' browsers. The IP address is therefore required to be able to display this content. We strive only to use content from providers that use the IP address solely for the purpose of transferring their content. However, we have no control over third parties storing users' IP addresses for statistical purposes, for example. We will immediately inform users if we become aware of such behaviour.



Google Maps

This website uses the service provided by Google Maps. This enables us to show you interactive maps directly in the website and offers you a convenient use of the maps feature. By visiting the website, Google receives the information that you have accessed the corresponding sub-site on our website. In addition, the data mentioned in section 3 of this policy will be transferred. This is done regardless of whether Google provides a user account that you have logged into or if no user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not wish your data to be assigned to your Google profile, you have to log out before the button is activated. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based website design. Such evaluation is mainly done (even for users not logged in) to place appropriate advertising and to inform other users of the social network about your activities on our website.


You are entitled to object to the generation of these user profiles, although you must address Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as on your rights in this respect and settings options for protecting your privacy is available at: https://www.google.de/intl/de/policies/privacy.



Vimeo

Some pages of this online service integrate videos from the platform Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. The company's privacy policy is available here: https://vimeo.com/privacy.




5. Processing personal data when making contact via the websites


Personal data are always processed on our websites if you enter personal details on one of the provided contact forms. These data and the content provided in the contact form are forwarded to the respective contact persons at Fielmann who use your data exclusively to process your request within the given individual purpose (for example, to our customer service for queries regarding our products, or to our Investor Relations department for questions on Fielmann shares, etc.).


In this case, your personal data are processed in connection with the performance of a contract concluded with you or in order to take steps upon request prior to entering into a contract (Art. 6(1)(b) GDPR). There is no processing of personal data that goes beyond this. Provided nothing to the contrary is stipulated below, your data will be stored until the respective purpose of processing them has been achieved.



6. 3D fitting


Our website offers you the opportunity to try glasses on in real time using your webcam or a photo that you upload. For this purpose, we use the service provided by FittingBox SAS, 644 Voie l'Occitane, 31670 Labège, France. The legal basis for this is Art. 6(1)(f) GDPR. We offer this service to allow you to get a better impression of what you look like when wearing the selected glasses. This helps you to choose exactly the right pair of glasses for yourself. This advertising purpose represents our justified interest in data processing.


The FittingBox privacy policy is available here:
https://www.fittingbox.com/en/legal-information-general-terms-and-conditions#data-privacy



7. Fielmann Account


When you register for a Fielmann account, the Fielmann stores you visit will transfer your data to Fielmann AG, Weidestraße 118a, 22083 Hamburg. Fielmann AG is the provider and is responsible for the service. After submitting a declaration of consent as per Art. 6(1)(a) GDPR, your customer and order data will be centrally stored there.


The Fielmann account processes your data for the following purposes:



  • Your customer and order data from all the Fielmann stores you visit will be associated to be able to assist customer care and support in future with regard to all the available information.

  • We intend to enable you to independently manage stored personal data online, retrieve order details and online invoices, make appointments in Fielmann stores, and define preferences and notification settings.

  • We wish to offer you continued direct contact to Fielmann for your own needs.

  • We want to use our service to send you reminders for necessary follow-up inspections and arranged appointments, offer you advertising material on our products and services, and give you the chance to voluntarily participate in customer satisfaction surveys. We only commission renowned market research or consulting companies to carry out the surveys.


The following data is taken into account:


Contact data: Title, name, address data, date of birth, language, e-mail address and phone number


Customer and order data: Customer number and order history, details on products purchased and stores visited, data on appointments made


Health data: All the information collected and stored when providing ophthalmic treatment, particularly the medical information (medical history) relevant to the optical service and optical corrective values (refraction). For a contact lens fitting, data is also collected on the cornea and pupil diameter, the curvature radius of the corneal surface (topometry), test results on the front section of the eye and details on the compatibility with lenses worn during the tests. When providing a hearing aid, all data is collected on the selection and fitting in order to assess hearing ability and needs


Our website offers registered users of the Fielmann account the chance to make appointments in our stores. This service is provided by TerminApp GmbH, Munich, as part of the order processing. The transferred personal data is processed there for Fielmann as the contractor exclusively for the purpose of making appointments online.



8. Order status


You can check the current status of your order at any time as a registered user of the Fielmann account or directly via this website. To do so, please sign into your Fielmann account or enter the receipt number printed on your order slip into our website.


Personal data is processed on the basis of the consent provided when registering to the Fielmann account (Art. 6(1)(a) GDPR), otherwise for fulfilling the respective contractual relationship (Art. 6(1)(b) GDPR).



9. Customer satisfaction surveys


You can take part in voluntary customer satisfaction surveys on our websites.


We have commissioned renowned market research institutes and consulting companies to run this service. We provide the opportunity to take part in a confidential survey by the market research institute KANTAR EMNID (Kantar Deutschland GmbH, Munich) or in an individual-related survey by the consulting company KANTAR LIVE (Kantar Live GmbH, Munich).


By clicking on the corresponding buttons, a window will open from the company commissioned to manage the survey. You will then find the relevant surveys. Your entries and answers will be collected by the companies we commissioned and transferred to Fielmann AG, Hamburg.


For the confidential survey, Fielmann will receive all the answers and results exclusively in anonymised form. In this case, it is not possible to identify which person has provided the responses. This is guaranteed by the regulations in the General Data Protection Regulation and other privacy stipulations as well as by the professional ethics applied by the German business association Arbeitskreis Deutscher Markt- und Sozialforschungsinstitute e.V. (ADM). Further information is available at www.adm-ev.de.


For the individual-related survey, the provided contact data is transmitted together with the results to Fielmann. This data will also be used to support customer communication, provided you have issued us your express consent as per Art. 6(1)(a) GDPR.



10. Online applications


The Fielmann careers page as well as the websites www.optiker-werden.de and www.akustiker-werden.de enable you to submit an online application for advertised job vacancies or to send us an unsolicited application. When you use this possibility, a separate window containing the application form will open. This form is provided by the online application service "Beesite" from milch & zucker Talent Acquisition & Talent Management Company AG, Friedrich-List-Straße 23, 35398 Gießen. Once the online application process is completed, Beesite transfers your data to Fielmann, where they are stored for further use.


When you register via our careers page, you create a personal account in our applicant management system that enables you to view the data you made available to us at any time as well as track the current status of your application.


As part of the application process, you can sign in to your personal applicant account using a social network account (Facebook, Google and LinkedIn). In the signing in process, a check is carried out to see if you have a valid user account whose access data allows you to log into your personal applicant account at Fielmann. Beyond this, there is no further data exchange between Fielmann and the selected network.


The retention period for the applicant account data is 12 months, provided you have not agreed to an extension of the period. If a user has an open application when the retention period comes to an end, the retention period will be extended by a further 12 months with the user's consent. Your applicant account will be deleted at the end of the retention period. If your applicant account is not used, your data will be deleted 6 months after an application process that did not lead to employment at Fielmann.


As part of the application process, the Fielmann HR department will forward your application to the companies in the Fielmann Group that advertised the vacant position. We will process unsolicited applications accordingly and, of course, take any restrictions you specify into consideration. The processing procedures described above are carried out on demand with a view to measures leading up to a possible employment contract at a later date between you and the respective company (§ 26 BDSG-nF).



11. Newsletter


Our website offers you the opportunity to register to receive regular e-mail newsletters. These newsletters contain information for people interested in our products and services, information for investors, and job offers for applicants. Interested parties and applicants can sign in using a so-called double opt-in procedure. After registering to our newsletter, you will receive an e-mail asking you to confirm your registration. This serves the purpose of checking the provided e-mail address.


Registrations to the newsletter are documented by Fielmann in order to be able to perform the service and prove compliance with statutory regulations. This involves storing the time of registration and confirmation, as well as the IP address. By ordering the newsletter, you consent to receiving it (§ 7(2)(3) of the German Law Against Unfair Competition (UWG)) as well as to the previously described processing of your personal data (Art. 6(1)(a) GDPR). You can end your registration to our newsletters at any time and thereby revoke your consents with effect for the future.



12. Will your data be transferred to third parties?


As a rule, your personal data will not be transferred to third parties. In exceptional cases, the transfer of personal data within the Fielmann Group is considered if this is necessary for the purpose of answering your enquiry or of checking your application.


Personal data may also be forwarded based on the GDPR, the BDSG-nF and, where applicable, other relevant statutory regulations, provided we are legally obliged to do so (Art. 6(1)(c) GDPR).



13. How are your data secured?


Fielmann takes technical and organisational measures to protect your data from unauthorised access or loss. Our security measures are continuously improved in line with technological developments.



14. Duration of storage


We store your personal data at most until the previously mentioned processing purposes have been fulfilled.



15. Do you have any further questions?


If you have any further questions on the processing of your personal data, please contact our Data Protection Officer:


Fielmann AG
- Data Protection Officer -
Weidestraße 118a
22083 Hamburg
datenschutz@fielmann.com