Fielmann takes the protection of your personal data very seriously and complies with the statutory provisions in the General Data Protection Regulation (“GDPR”) and in the German Federal Data Protection Act (“BDSG”) for the processing of personal data. In the following, and in line with the data protection provisions, we would like to inform you about the processing of your personal data on our websites and when using our online services.
1. What are personal data?
In accordance with the GDPR (Art. 4 Para. 1, no. 1 of the GDPR), personal data are all data relating to an identified or identifiable person. This includes, for example, your name or your e-mail address, as well as the IP address with which you use our services.
2. Data Controller
The company responsible for the processing is
Fielmann Group AG
Weidestrasse 118 a
Phone: +49 40 270 76-0
Fax: +49 40 270 76-399
3. Data Protection Officer
You can contact our Data Protection Officer at email@example.com or by post using the address Fielmann Group AG, Data Protection Officer, Weidestrasse 118 a, 22083 Hamburg, Germany.
4. Processing of your personal data when accessing our websites and online services
a) Documenting the access
Certain data on our servers are automatically processed for system administration purposes and for statistical or security purposes, particularly for protection against attacks on our IT infrastructure. Provided such data qualify as personal data as defined in Art. 4 no. 1 of the GDPR, they shall be processed on the basis of Art. 6 Para. 1, sentence 1 (f) of the GDPR for these purposes.
- IP address
- Accessed page/name of the accessed file
- Date and time of access
- Transferred amount of data
- Report if the access was successful
- The referring site, if access was made via an external link, and the search term, if access was made via an external search engine
- The browser software used for the access (language, version and configuration)
- Details on your device’s operating system and interface
The afore-mentioned log data shall be stored on our servers for a standard 7 days and then erased, provided Fielmann is not legally obliged to store the data for longer. In such cases, storing data for longer periods shall be based on Art. 6 Para. 1 (c) of the GDPR.
What are cookies? Cookies are small files that are stored on your device and save certain settings and data for exchange with our systems or our service providers’ systems via your web browser. Different types of cookies may be used. There are so-called session ID cookies, which are erased as soon as you close your browser, and persistent cookies, which are stored on your device for a long time. These are cookies from Fielmann or third-party providers, insofar as is stated below. We will also inform you of similar technologies below.
You will find detailed information on the cookies we use in the cookie list.
You can revoke an issued consent at any time or deactivate cookies used for our legitimate interest, as well as object to the processing of your data (“Opt-Out”).
c) Services with cookies and similar technologies
- your consent (Art. 6 Para. 1, sentence 1 (a) of the GDPR), provided we ask you for it,
- otherwise and insofar as this is not stated in any other way, the maintenance of our legitimate interests (Art. 6 Para. 1, sentence 1 (f) of the GDPR).
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LL.C., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
On our account, Google processes usage data and device information in order to analyse the use of the website and compile reports about website activities. Cookies and other technologies are used for this purpose. The statistics gained allow us to improve our service and provide you with an enhanced user experience. This website also uses Google Analytics for a cross-device analysis of visitor flow which is executed via a user ID.
If you have a Google user account, you can also deactivate the cross-device analysis of your use under the settings “My Data”, “Personal Data”.
We would also like to point out that Google Analytics has been supplemented on this website by the code “anonymizeIp();”, to ensure a shortened collection of IP addresses. This serves to prevent any personal reference via the IP addresses. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. For the event that personal data are transferred to the USA, appropriate guarantees are in place as per Art. 46 of the GDPR. When using Google Analytics, other user data will be collected which could enable your identification, such as a link to an existing Google account.
Google Ads, Google Search Ads, Remarketing
We use the online marketing tool Google Ads as well as the services Search Ads 360, Remarketing and Google Ad Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in order to place ads in Google’s advertising network via websites and other services, and control them optimally.
Furthermore, with the help of cookie IDs, Google Ads can record “conversions” that are related to requests concerning ads. This is the case, for instance, when a user sees a Google Ads ad and directly or later visits the advertiser’s website and makes a purchase there using the same browser.
With Search Ads 360, user data from Google Analytics is processed in real time in order to display relevant advertising based on your supposed interests.
Google’s remarketing feature serves to recognize users when they are visiting websites of the Google ad network. On these pages, users can be presented with advertisements that relate to content that the visitor has previously called up on websites that use the remarketing feature from Google.
As a result of the tools used, your browser automatically establishes a direct connection with the Google server. If you are registered with a service provided by Google, then Google can allocate your visit to your account.
You can find further information on Google Ads and the stated services at policies.google.com/technologies/ads; and also on data protection at Google in general at: https://www.google.de/intl/de/policies/privacy.
LinkedIn Insight Tag und Conversion Tracking
We use LinkedIn Insight Tag and Conversion Tracking from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). These services enable us to analyse the success of our ads in the LinkedIn network and display personalised advertising to you in it.
The LinkedIn Insight Tag inserts a cookie in your browser. If you visit this website and are logged into your LinkedIn account at the same time, a connection to the LinkedIn server will be established. The following personal data will be processed: referrer URL, IP address, device and meta data, timestamp and your page views/use. This data will be encrypted, anonymised within seven days, and deleted within 90 days. We only receive summarised reports from LinkedIn about the target groups for the website and the performance of the advertising, so that we are able to analyse the success of our ads.
Conversion tracking also enables you to be recognised as a website user (across devices) so that we can show you targeted advertising for our job offers on LinkedIn, which may be of interest to you (retargeting).
You can find more information about data protection on LinkedIn at https://www.linkedin.com/legal/privacy-policy
You can revoke the data processing at any time and deactivate the use of your personal data for advertising purposes: https://www.linkedin.com/psettings/enhanced-advertising
d) Integration of other third-party services and content
Content is integrated into some of the pages of this online service. The use of third-party online services always implies that the providers of this content get access to the users’ IP address, because without the IP address the content could not be sent to the users’ browsers. The IP address is therefore required to be able to display this content. We strive only to use content from providers that use the IP address solely for the purpose of transferring their content. However, we have no control over third parties storing users’ IP addresses for statistical purposes, for example. We will immediately inform users if we become aware of such behaviour.
Further information on data protection when using ReCaptcha can be found at https://policies.google.com/privacy.
Vimeo (video integration)
Our online service integrates videos from the platform Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA.
Usage and communication data, device data and content data may be transferred to the provider. The legal basis for this is provided by Art. 6 Para. 1 (f) of the GDPR. Our legitimate interests lie in the user-friendly integration of videos and their best possible visualization.
You can find more information about data protection at Vimeo here: vimeo.com/privacy. Vimeo can use Google Analytics for its own purposes. You can object to the processing by following the procedure described above for Google Analytics.
5. Making contact, contact form
Personal data are also processed when you contact us. The data you provide, such as your name and your e-mail address, and the content provided in the contact form will be forwarded to the respective contact persons at Fielmann who use your data exclusively to process your request (for example, to our customer service for queries regarding our products, or to our Investor Relations department for questions on Fielmann shares, etc.).
In this case, your personal data are processed in connection with the performance of a contract concluded with you, or in order to take steps upon request prior to entering into a contract, or for the general processing of your request (Art. 6 Para. 1 (b) of the GDPR).
There is no processing of personal data that goes beyond this, provided nothing to the contrary is stipulated and there are no retention obligations. Your data will be stored until the respective purpose of processing them has been achieved.
6. Information for applicants
a. Online applications
The Fielmann careers page as well as the websites www.optiker-werden.de and www.akustiker-werden.de (for Switzerland: www.optiker-werden.ch and www.akustiker-werden.ch) enable you to submit an online application for advertised job vacancies or to send us an unsolicited application.
For this purpose, we use the tool Workday, a service from Workday Limited, The King’s Building, May Lane, Dublin 7, Ireland (“Workday”). Your personal data will be stored by this processor and processed within the EU.
Fielmann Group AG, Weidestrasse 118 a in 22083 Hamburg, Germany, is responsible for the processing of your data, possibly together with the respective company (store) of the Fielmann Group (hereinafter referred to jointly as “Fielmann”) where you applied for a job. For applicants in Switzerland, Fielmann AG, Steinenvorstadt 62 in 4051 Basel, is solely responsible for processing your personal data.
We process the personal data you send us and provide to us during the application procedure in order to conduct the application process for the position you applied for and, if necessary, to establish an employment relationship and for our applicant management. The following kinds of personal data may be processed:
- Contact data: Name, title (if any), address data, date of birth, language, e-mail address and telephone number (including mobile number).
- Qualifications data: All the data provided as part of the application process, in particular the data provided in the cover letter, the CV, the submitted certificates and in the completed questionnaires for applicants.
- Data from interviews and tests: All the personal information that may have been provided during an interview or was part of a test during the application process.
This data is necessary to give us an impression of your qualifications and both your personal and professional suitability for the job, as well as to be able to communicate with you during the application process.
Using Workday also requires the IP address and possibly usage data to be processed in order to provide the services securely.
In addition, we process your personal data for the purpose of analysing and optimising our applicant management.
The processing of your personal data for conducting the application process is carried out on the basis of § 26 Para. 1, sent. 1 of the German Federal Data Protection Act (BDSG) and Art. 6 Para. 1, sent. 1 b) of the GDPR. It is not possible to carry out the application process without this. Provided you give us your consent or transfer further personal data to us voluntarily and without being asked, we shall process this data reliably on the basis of Art. 6 Para. 1 a), Art. 9 Para. 2 a) of the GDPR. This consent can be revoked at any time with effect for the future, using the contact details stated above.
We may also be subject to legal obligations, Art. 6 Para. 1, sent. 1 c) of the GDPR, and also conduct processing to maintain our legitimate interests as per Art. 6 Para. 1 f) of the GDPR, such as for asserting and defending claims, and optimising the applicant management (provided we do not ask you for your consent).
Only those Fielmann employees will receive access to your personal data who require it for the stated purposes. Besides the people working directly with it in the HR department, this could also include decision-makers in the respective departments or Fielmann companies, particularly stores, where you have applied for a job. We also have agreements on order processing with the providers whose services we use. Beyond this, your personal data is only then made available once we have informed you and you have provided the necessary consent.
We only store your data for the period of time required to conduct the application process or for the above-mentioned purposes. When the application process is complete, we will block your data from further access and delete it no later than 6 months after the end of the application process, provided the application does not lead to an employment relationship that is not bound to any statutory retention obligations or if you do not expressly consent to a longer period of storage, such as through being added to our poool of candidates. Your data is then only transferred to our candidate database for other positions with your consent. You can revoke the consent you provided at any time with effect for the future using the contact details stated above.
b. Online tests
We conduct suitability tests in the pre-selection of applicants for vocational training. For this purpose, we will send you an invitation to the test or request you to take the test as part of the online process. We also offer you the chance to practise answering questions online in a test trainer (“Test Trainer”) in the way you might come across them in an application process. We use the service provider Cyquest GmbH, Heussweg 25, 20255 Hamburg (“Cyquest”): https://www.cyquest.net/.
To conduct the test, the data processed is your name, your address and date of birth, the communication data, your statements and answers, as well as technically important data such as the IP address and device data. The use of the test trainer, however, is possible without entering any further personal data. In this case, only your IP address, device data and the required usage data will also be processed. The legal basis for processing your personal data is provided by § 26 Para. 1 of the BDSG and, for the use of the test trainer, Art. 6 Para. 1, sent. 1 (b) of the GDPR. The data will only be processed for the period in which you use the test trainer on the website, and will be deleted when you finish with and leave the test trainer. When it comes to the processing as part of the suitability test for the application process, your data will be deleted 6 months after the end of the application process, which does not lead to an employment, provided there are no other retention rights or obligations.
7. Disclosure to third parties and order processors
All service providers are carefully chosen by us and are contractually obliged to adhere to our high security standards. As part of the so-called order processing work, the companies receive personal data in the scope required for the task they have been appointed to perform. Usage of this data by the appointed company for its own purposes is contractually excluded, unless otherwise stated.
The legal basis here is provided by the legal bases for processing described in more detail above. Personal data may also be forwarded based on the GDPR, the German Federal Data Protection Act (BDSG) and, where applicable, other relevant statutory regulations, provided we are legally obliged to do so (Art. 6 Para. 1 (c) of the GDPR).
8. Secure processing of your data in the EU
Fielmann takes technical and organisational measures to protect your data from unauthorised access or loss. Our security measures are continuously improved in line with technological developments.
As a rule, your data are processed within the EU. If, in exceptional cases, data are transferred to a third country, this is only done if it is essential to be able to offer you the respective services and in compliance with the strict requirements of the GDPR, including compliance with the appropriate guarantees (Art. 44, 46f. of the GDPR).
9. Duration of storage
We store your personal data at most until the respectively stated processing purposes have been fulfilled.
10. Your rights
You can assert the following rights with regard to the processing of your personal data:
- Right of access as per Art. 15 GDPR, on which data concerning you we process;
- Right to rectification of inaccurate or incomplete data as per Art. 16 GDPR and/or erasure including the ‘right to be forgotten’ as per Art. 17 GDPR, particularly if there are no retention obligations;
- Right to restriction of processing as per Art. 18 GDPR;
- Right to object to the processing, in the legally stated cases as per Art. 21 Para. 1 GDPR and the right to object at any time to processing for direct marketing purposes (Art. 21 Para. 2 GDPR) (see below for further details);
- Right to data portability as per Art. 20 Para. 1 GDPR.
In addition, you are also entitled to lodge a complaint to a supervisory authority for data protection.
If you have given your consent to the processing of your data, you can revoke it any time with effect for the future.
To the extent that we base the procesing of your personal data on our prevailing legitimate interests, you have the right to object to the processing (Art. 21 Para. 1 GDPR).
Irrespective of this, you may object at any time and without providing reasons to the processing of your personal data for marketing and data analysis purposes (Art. 21 Para. 2 GDPR).