Privacy policy and notes on the use of cookies


Fielmann takes the protection of your personal data very seriously and complies with the statutory provisions in the General Data Protection Regulation („GDPR“) and in the current version of the German Federal Data Protection Act („BDSG“) for the processing of personal data. In the following and in accordance with the GDPR, we would like to inform you of when and for what purposes personal data are processed on our websites.


1. What are personal data?


Pursuant to Art. 4 n° 1 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person („data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


If, while using our websites, you enter any details on your eyesight or other medical aspects that may be required for providing you with prescription eyewear like glasses or contact glasses, these details will be classed as data concerning health pursuant to Art. 4 n°15 GDPR, which are afforded a higher level specially protected as personal data.



2. Who is responsible for your data?


The Controller responsible for processing your personal data on our websites is Fielmann AG, Weidestraße 118a, 22083 Hamburg.


You can contact our Data Protection Officer at datenschutz@fielmann.com or via our postal address by adding „Data Protection Officer“.



3. Your rights


You can assert the following rights concerning us with regard to the processing of your personal data:



  • Right of access (Art. 15 GDPR),

  • Right to rectification (Art. 16 GDPR) and/or erasure including the „right to be forgotten“ (Art. 17 GDPR),

  • Right to restriction of processing (Art. 18 GDPR),

  • Right to object to the processing (Art. 21 Para. 1 GDPR) and the right to object to processing for direct marketing purposes (Art. 21 Para. 2 GDPR),

  • Right to data portability (Art. 20 Para. 1 GDPR).


In addition, you are also entitled to lodge a complaint to a supervisory authority for data protection.


If you have given your consent to the processing of your data when accessing this website, you can revoke it any time with effect for the future.


To the extent that we base the processing of your personal data on our prevailing legitimate interests, you have the right to object to such processing (Art. 21 Para. 1 GDPR).


This applies where the processing is not necessary for the performance of a contract with you, which is outlined in the course of the following description. When exercising your right to object, we ask you to provide the reasons why we should not process your personal data as carried out by us. In case of a justified objection, we shall examine the situation and shall either cease or adapt the data processing, or otherwise demonstrate our compelling legitimate grounds for continuing the processing.


Irrespective of this, you may object at any time and without providing reasons to the processing of your personal data for marketing and related data analysis purposes (Art. 21 Para. 2 GDPR).



4. Processing personal data when our websites are accessed



a) Documenting the access

When using the internet services provided by Fielmann, certain data are automatically stored on our servers for system administration purposes and for statistical or security purposes, particularly for protection against attacks on our IT infrastructure. Provided such data qualify as personal data as defined in Art. 4 n° 1 of the GDPR, they shall be processed on the basis of Art. 6 Para. 1 lit. f of the GDPR for these purposes.



  • IP address

  • Accessed page/name of the accessed file

  • Date and time of the access

  • Transferred amount of data

  • Notification if the access was successful

  • The referring site, if access was made via an external link, and the search term, if access was made via an external search engine

  • The browser software used for the access (language, version and configuration)

  • Details on your device's operating system and interface


The data are only used in anonymised form in order to evaluate the user experience. These statistical evaluations help us to improve the Fielmann websites for you and to further enhance the user experience. There is no other usage, least of all a link to personal data.


The afore-mentioned documentation data shall be stored on our servers for a standard period of 7 days and then erased, provided Fielmann is not legally obliged to store the data for longer. In such cases, storing data for longer periods shall be based on Art. 6 Para. 1 lit. c of the GDPR.



b) Use of cookies on our websites


What are cookies?

Cookies are small files that are stored on your device and save certain settings and data for exchange with our systems or our service providers systems via your web browser. A distinction is made between two different types of cookies. There are so-called session ID cookies, which are erased as soon as you close your browser, and persistent cookies, which are stored on your device for a long time.


You can remove stored cookies in your browser settings and deactivate the future storage of cookies. We would like to point out that not all the features of the websites may be used if the cookies are deactivated.


Our websites use the following cookies:


Fielmann cookies:



  • Server-Cookies

  • State-save cookies

  • Long-term cookies

  • Watch list (state-save cookie)

  • Cookie layer accept (state-save cookie)



Third-party cookies:



  • Chartbeat (analytics)

  • Mapp (advertising, analytics)

  • Google Analytics (analytics)

  • DoubleClick (advertising)

  • Tradedesk (advertising)

  • Google (advertising)

  • Ligatus (advertising)

  • AppNexus (advertising)

  • crazyEgg (analytics)



c) Web analysis and personalised advertising

In order to continuously improve and optimise our service, as well as to insert interest-based personalised advertising, we use the third-party web-tracking and analytics services described below:



Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LL.C., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The statistics gained allow us to improve our service and provide you with an enhanced user experience. This website also uses Google Analytics for a cross-device analysis of visitor flow which is executed via a user ID. if you have a Google user account, you can deactivate the cross-device analysis of your use under the settings “My Data”, “Personal Data”.


The legal basis for using Google Analytics is provided by Art. 6 Para. 1 cl. 1 (f) of the GDPR. The IP address transferred from your browser through Google Analytics will not be associated with any other data held by Google. We would also like to point out that Google Analytics has been supplemented on this website by the code “_anonymizeIp();”, to ensure an anonymized collection of IP addresses. As a result, IP addresses will be processed in an abbreviated form so that a personal reference to individual users can be excluded. If the data collected about you allow for a reference to you individually, such reference will be excluded immediately and the personal data will be erased at once.


Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.


Google Analytics uses cookies. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie about your use of the website (including your IP address) to Google and the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.


You can also prevent the use of Google Analytics by clicking on this link: deactivate Google Analytics. By doing so, a so-called opt-out cookie will be stored on your hard drive to prevent Google Analytics from processing personal data. Please note that when deleting all cookies on your computer, this opt-out cookie will also be deleted, so you have to reset the opt-out cookie if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer, and therefore have to be separately activated for every browser, computer or other device.



Doubleclick by Google

This website uses the online marketing tool DoubleClick by Google (“DoubleClick”). DoubleClick uses cookies to display ads that are relevant to the user, to improve reports on the campaign's success, or to avoid repeatedly showing the same ad to a particular user. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent this ad from being displayed multiple times. Furthermore, with the help of cookie IDs, DoubleClick can record “conversions” that are related to requests concerning ads. This is the case, for instance, when a user sees a DoubleClick ad and later visits the advertiser’s website and makes a purchase there using the same browser. According to Google, DoubleClick cookies do not contain personal data.


As a result of the marketing tools used, your browser automatically establishes a direct connection with the Google server. The use of DoubleClick means that Google receives the information that you have visited the corresponding section of our website or have clicked on one of our ads. If you are registered with a service provided by Google, then Google can allocate your visit to your account. Even if you are not registered with Google or are not logged into your account, it is possible that the provider will recognise and store your IP address.


There are several ways to prevent your participation in this tracking process:




a) by changing the settings of your browser software; in particular, by rejecting third-party cookies, you will not receive ads from third-party providers;


b) by deactivating the cookies for conversion tracking by configuring your browser settings in such a way that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.de/settings/ads, and these settings will be deleted when you delete your cookies;


c) by deactivating the interest-related ads of providers who are part of the self-regulation campaign “About Ads” using the link http://www.aboutads.info/choices and these settings will be deleted when you delete your cookies;


d) by means of a permanent deactivation in your Firefox, Internet Explorer, or Google Chrome browsers using the link http://www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to fully use all the functions of this website.


The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data is not precluded by overriding conflicting interests on your part (Art. 6 Para. 1, cl. 1 (f) GDPR). You can find further information on DoubleClick by Google at https://www.google.de/doubleclick, and also on data protection at Google in general at: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.



Google Remarketing

This website uses the Google's remarketing feature. This feature is used to present website visitors interest-based advertising within the Google ad network. Cookies are stored in the browser of a visitor to the website that enables the visitor to be recognised again later when visiting these websites, which are a part of the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use the remarketing feature from Google. According to its own policy, Google does not collect any personal data in this process. The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data is not precluded by overriding conflicting interests on your part (Art. 6 Para. 1, cl. 1 (f) GDPR).


Nevertheless, if you do not want to use the remarketing feature from Google, you can deactivate it by changing the appropriate settings at https://adssettings.google.com/. Alternatively, you can disable the use of cookies for interest-based advertising via the advertising network initiative, by following the instructions at http://optout.networkadvertising.org. You can find further information on Google Remarketing and the Google privacy policy at https://policies.google.com/technologies/ads?hl=de.



Chartbeat

This website also uses the web analysis tool “Chartbeat” created by Chartbeat, Inc., 826 Broadway, 6th Floor, New York, NY 10003, USA. In order to analyse the use of websites, Chartbeat collects and evaluates specific usage data that are transmitted by your browser. Chartbeat can use one or more cookies to record this usage data. The IP address assigned to your device at that time and, in some cases, a device-specific customer number are also transmitted. The IP address is required only for the purpose of session ID and for geolocation (to town/city level). We only obtain statistical, aggregated data without being able to establish a personal connection.


The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data is not precluded by overriding conflicting interests on your part (Art. 6 Para. 1, cl. 1 (f) GDPR). You can find further information on Chartbeat at https://chartbeat.com/about/. Chartbeat's privacy policy is available at https://chartbeat.com/privacy.



CrazyEgg.com

This site uses the tracking tool CrazyEgg.com to record randomly selected individual visits (with anonymous IP address only). This tracking tool allows us to use cookies to evaluate how you use the website (e.g. what content is clicked on). For this purpose, a usage profile is visually displayed. Usage profiles are only created when pseudonyms are used.


The legal basis for the processing of your data is a balancing of interests, according to which the previously described processing of your personal data is not precluded by overriding conflicting interests on your part (Art. 6 Para. 1, cl. 1 (f) GDPR). You may object at any time to the collection, processing and recording of data generated by CrazyEgg.com by following the instructions at http://www.crazyegg.com/opt-out. You can find further information on data protection at CrazyEgg.com at https://www.crazyegg.com/privacy.



Mapp DMP technology

This website uses a tag of the company MEME Germany GmbH, Dachauer Straße 63, 80335 Munich, for the determination of usage and movement data on services from Fielmann. We cannot establish a direct personal connection from the pseudonymous data. The legal basis for processing your data is a balancing of interests, according to which the previously described processing of your personal data is not precluded by overriding conflicting interests on your part (Art. 6 Para. 1, cl. 1 (f) GDPR).


You can find further information on the procedure on the provider's website [http://flxone.com/privacy-statement/]. You can object to this data processing by using the following link: http://go.flx1.com/opt-out. By clicking on the link, the system will add an opt-out cookie that prevents the system from tracking any more client activities. Please bear in mind that, in the event of your browser cookies being deleted, this opt-out cookie will also be deleted and you will have to add it again via the above-stated internet address.



Ligatus

This website uses technology from Ligatus GmbH, Hohenstaufenring 30-32, D-50674 Cologne, Germany. Ligatus places cookies. The cookie file contains exclusively automatically created, numeric IDs and/or a timestamp that do not permit any direct personal connection. Your computer's IP address will not be stored either.


You can find further information on data protection at Ligatus at http://www.ligatus.de/datenschutz.




Fonts.com

This website uses “fonts.com”, a fonts service provided by Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (“fonts.com”). Every time this website is accessed, files are uploaded from a “fonts.com” server in order to portray texts in a particular font. In this process, your IP address may be transferred to a “fonts.com” server and stored as part of the usual weblog. Responsibility for further processing this information lies with “fonts.com”; please refer to the Notes on data protection of “fonts.com” for the corresponding conditions and setting options.



The Trade Desk

This website uses technology from The Trade Desk Inc., 42 N Chestnut St, Ventura, California, CA – 9300, USA. Information on website visitors surfing behaviour is collected in purely anonymised form for marketing purposes and cookies are placed for this purpose. No personal data are collected or stored in this process.


You may object at any time to the processing of the cookie data generated by The Trade Desk at http://www.adsrvr.org/opt-out.html. You can find further information on data protection at The Trade Desk at https://www.thetradedesk.com/general/privacy-policy.



d) Integration of other third-party services and content

Content is integrated into some of the pages of this online service. The use of third-party online services always implies that the providers of this content get access to the users IP address, because without the IP address the content could not be sent to the users' browsers. The IP address is therefore required to be able to display this content. We strive only to use content from providers that use the IP address solely for the purpose of transferring their content. However, we have no control over third parties storing users' IP addresses for statistical purposes, for example. We will immediately inform users if we become aware of such behaviour.



Google Maps

This website uses the service provided by Google Maps. This enables us to show you interactive maps directly in the website and offers you a convenient use of the maps feature. By visiting the website, Google receives the information that you have accessed the corresponding sub-site on our website. In addition, the data mentioned in section 3 of this policy will be transferred. This is done regardless of whether Google provides a user account that you have logged into or if no user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not wish your data to be assigned to your Google profile, you have to log out before the button is activated. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based website design. Such evaluation is mainly done (even for users not logged in) to place appropriate advertising and to inform other users of the social network about your activities on our website.


You are entitled to object to the generation of these user profiles, although you must address Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as on your rights in this respect and settings options for protecting your privacy is available at: http://www.google.de/intl/de/policies/privacy.



Vimeo

Some pages of this online service integrate videos from the platform Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. The company's privacy policy is available here: https://vimeo.com/privacy.




5. Processing personal data when making contact via the websites


Personal data are always processed on our websites if you enter personal details on one of the provided contact forms. These data and the content provided in the contact form are forwarded to the respective contact persons at Fielmann who use your data exclusively to process your request within the given individual purpose (for example, to our customer service for queries regarding our products, or to our Investor Relations department for questions on Fielmann shares, etc.).


In this case, your personal data are processed in connection with the performance of a contract concluded with you or in order to take steps upon request prior to entering into a contract (Art. 6 Para. 1 lit. b of the GDPR). There is no processing of personal data that goes beyond this. Provided nothing to the contrary is stipulated below, your data will be stored until the respective purpose of processing them has been achieved.



6. Online applications / optiker-werden.de


The www.optiker-werden.de page enables you to submit an online application for advertised job vacancies or to send us an unsolicited application. When you use the application form, a separate window containing the contact form will open. This form is provided by the online application service “Beesite” from milch & zucker Talent Acquisition & Talent Management Company AG, Friedrich-List-Straße 23, 35398 Gießen. Once the online application process is completed, Beesite transfers your data to Fielmann, where they are stored for further use.


As part of the application process, the Fielmann HR department will forward your application to the companies in the Fielmann Group that advertised the vacant position. We will process unsolicited applications accordingly and, of course, adhere to your wishes and possible restrictions into consideration. The processing procedures described above are carried out on demand with a view to measures leading up to a possible employment contract at a later date between you and the entity operating the respective Fielmann-store (§ 26 of the German Federal Data Protection Act (BDSG)).



7. Newsletter


Our website offers you the opportunity to register to receive regular e-mail newsletters containing information for investors and/or job offers (“Newsletter”). Registration to our newsletter containing job offers involves a so-called double opt-in procedure in which you receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register unknown e-mail addresses for the newsletter.


Registrations to the newsletter are documented by Fielmann in order to be able to prove compliance with statutory regulations. This includes storing the time of registration and confirmation, as well as the IP address. By ordering the newsletter you consent to receiving it (§ 7 Para. 2 no. 3, and. Para. 3 of the German Law against unfair competition (UWG)) as well as to the previously described processing of your personal data (Art. 6 Para. 1 no. 1 (a) GDPR). You can end your registration to our newsletter at any time and thereby revoke your consent with effect for the future.



8. Will your data be transferred to third parties?


As a rule, your personal data will not be transferred to third parties. In exceptional cases, the transfer of personal data within the Fielmann Group is considered if this is necessary for the purpose of answering your enquiry or of checking your application.


Personal data may also be forwarded based on the GDPR, the current version of the German Federal Data Protection Act (BDSG) and, where applicable, other relevant statutory regulations, provided we are legally obliged to do so (Art. 6 Para. 1 no. 1 (c) GDPR).



9. How are your data secured?


Fielmann takes technical and organisational measures to protect your data from unauthorised access or loss. Our security measures are continuously improved in line with technological developments.



10. Do you have any further questions?


If you have any further questions on the processing of your personal data, please contact our Data Protection Officer:



Fielmann AG
- Data Protection Officer -
Weidestraße 118a
22083 Hamburg
datenschutz@fielmann.com