Fielmann takes the protection of your personal data very seriously and complies with the statutory provisions in the General Data Protection Regulation (“GDPR”) and in the German Federal Data Protection Act (“BDSG”) for the processing of personal data. In the following, and in line with the data protection provisions, we would like to inform you about the processing of your personal data on our websites and when using our online services.
1. What are personal data?
In accordance with the GDPR (Art. 4 Para. 1, no. 1 of the GDPR), personal data are all data relating to an identified or identifiable person. This includes, for example, your name or your e-mail address, as well as the IP address with which you use our services.
2. Data Controller
The company responsible for the processing is
Tel.: +49 (0)40/270 76 0
Fax: +49 (0)40/270 76 399
3. Data Protection Officer
You can contact our Data Protection Officer at firstname.lastname@example.org or by post using the address Fielmann AG, Data Protection Officer, Weidestraße 118a, 22083 Hamburg.
4. Processing of your personal data when accessing our websites and online services
a) Documenting the access
Certain data on our servers are automatically processed for system administration purposes and for statistical or security purposes, particularly for protection against attacks on our IT infrastructure. Provided such data qualify as personal data as defined in Art. 4 n° 1 of the GDPR, they shall be processed on the basis of Art. 6 Para. 1, sentence 1 (f) of the GDPR for these purposes.
- IIP address
- Accessed page/name of the accessed file
- Date and time of access
- Transferred amount of data
- Report if the access was successful
- The referring site, if access was made via an external link, and the search term, if access was made via an external search engine
- The browser software used for the access (language, version and configuration)
- Details on your device’s operating system and interface
The afore-mentioned log data shall be stored on our servers for a standard 7 days and then erased, provided Fielmann is not legally obliged to store the data for longer. In such cases, storing data for longer periods shall be based on Art. 6 Para. 1 (c) of the GDPR.
What are cookies? Cookies are small files that are stored on your device and save certain settings and data for exchange with our systems or our service providers’ systems via your web browser. Different types of cookies may be used. There are so-called session ID cookies, which are erased as soon as you close your browser, and persistent cookies, which are stored on your device for a long time. These are cookies from Fielmann or third-party providers, insofar as is stated below. We will also inform you of similar technologies below.
You will find detailed information on the cookies we use in the cookie list.
Marketing & Personalisation
Functional Cookies (not in use at Fielmann)
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Social Media Cookies (not in use at Fielmann)
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
You can revoke an issued consent at any time or deactivate cookies used for our legitimate interest, as well as object to the processing of your data (“Opt-Out”).
c) Services with cookies and similar technologies
- your consent (Art. 6 Para. 1, sentence 1 (a) of the GDPR), provided we ask you for it,
- otherwise and insofar as this is not stated in any other way, the maintenance of our legitimate interests (Art. 6 Para. 1, sentence 1 (f) of the GDPR).
This website uses “fonts.com”, a fonts service provided by Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (“fonts.com”). Every time this website is accessed, files are uploaded from a “fonts.com” server in order to portray texts in a particular font in order to offer you an optimised and pleasant representation of the website. In this process, your IP address may be transferred to a “fonts.com” server and stored as part of the usual weblog. Responsibility for further processing this information lies with “fonts.com”; please refer to the Notes on data protection of “fonts.com” for the corresponding conditions and setting options.
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LL.C., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
On our account, Google processes usage data and device information in order to analyse the use of the website and compile reports about website activities. Cookies and other technologies are used for this purpose. The statistics gained allow us to improve our service and provide you with an enhanced user experience. This website also uses Google Analytics for a cross-device analysis of visitor flow which is executed via a user ID.
If you have a Google user account, you can also deactivate the cross-device analysis of your use under the settings “My Data”, “Personal Data”.
We would also like to point out that Google Analytics has been supplemented on this website by the code “anonymizeIp();”, to ensure a shortened collection of IP addresses. This serves to prevent any personal reference via the IP addresses. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. For the event that personal data are transferred to the USA, appropriate guarantees are in place as per Art. 46 of the GDPR. When using Google Analytics, other user data will be collected which could enable your identification, such as a link to an existing Google account.
Google Ads, Google Search Ads, Remarketing
We use the online marketing tool Google Ads as well as the services Search Ads 360, Remarketing and Google Ad Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in order to place ads in Google’s advertising network via websites and other services, and control them optimally.
Furthermore, with the help of cookie IDs, Google Ads can record “conversions” that are related to requests concerning ads. This is the case, for instance, when a user sees a Google Ads ad and directly or later visits the advertiser’s website and makes a purchase there using the same browser.
With Search Ads 360, user data from Google Analytics is processed in real time in order to display relevant advertising based on your supposed interests.
Google’s remarketing feature serves to recognize users when they are visiting websites of the Google ad network. On these pages, users can be presented with advertisements that relate to content that the visitor has previously called up on websites that use the remarketing feature from Google.
As a result of the tools used, your browser automatically establishes a direct connection with the Google server. If you are registered with a service provided by Google, then Google can allocate your visit to your account.
You can find further information on Google Ads and the stated services at policies.google.com/technologies/ads; and also on data protection at Google in general at: https://www.google.de/intl/de/policies/privacy.
LinkedIn Insight Tag and Conversion Tracking
We also use the online marketing from Bing Ads/ Microsoft Advertising of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Microsoft processes usage data, such as the accessed websites in the online network, interaction with the pages, device information and your IP address, and creates pseudonymised user profiles for the purposes of online marketing. This serves, in particular, to market advertising space or display advertising based on users’ potential interests, as well as to measure effectiveness for optimisation purposes. If you have consented to the collection of location data, this can also be processed.
Neither we nor Microsoft nor any other participants in the online network know the actual identity of the users, and only have pseudonymous data. We generally only receive access to summarised information about the success of our ads. Nevertheless, conversion tracking enables us to check which of our online marketing processes have led to a conversion, i.e. to an order, for example. The tracking is solely used to analyse the success of our marketing measures.
You can find further information on data protection at Microsoft here: https://about.ads.microsoft.com/ https://privacy.microsoft.com/de-de/privacystatement
The Trade Desk
Diese Seite verwendet eine Technologie der The Trade Desk Inc., 42 N Chestnut St, Ventura, California, CA – 9300, USA. Es werden Informationen über das Surfverhalten der Webseitenbesucher zu Marketingzwecken in, soweit möglich, anonymisierter Form gesammelt und hierfür Cookies gesetzt.
Weitere Informationen zum Datenschutz bei The Trade Desk finden Sie unter https://www.thetradedesk.com/general/privacy-policy
LinkedIn Insight Tag und Conversion Tracking
We use LinkedIn Insight Tag and Conversion Tracking from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). These services enable us to analyse the success of our ads in the LinkedIn network and display personalised advertising to you in it.
The LinkedIn Insight Tag inserts a cookie in your browser. If you visit this website and are logged into your LinkedIn account at the same time, a connection to the LinkedIn server will be established. The following personal data will be processed: referrer URL, IP address, device and meta data, timestamp and your page views/use. This data will be encrypted, anonymised within seven days, and deleted within 90 days. We only receive summarised reports from LinkedIn about the target groups for the website and the performance of the advertising, so that we are able to analyse the success of our ads.
Conversion tracking also enables you to be recognised as a website user (across devices) so that we can show you targeted advertising for our job offers on LinkedIn, which may be of interest to you (retargeting).
You can find more information about data protection on LinkedIn at https://www.linkedin.com/legal/privacy-policy
You can revoke the data processing at any time and deactivate the use of your personal data for advertising purposes: https://www.linkedin.com/psettings/enhanced-advertising
d) Integration of other third-party services and content
Content is integrated into some of the pages of this online service. The use of third-party online services always implies that the providers of this content get access to the users’ IP address, because without the IP address the content could not be sent to the users’ browsers. The IP address is therefore required to be able to display this content. We strive only to use content from providers that use the IP address solely for the purpose of transferring their content. However, we have no control over third parties storing users’ IP addresses for statistical purposes, for example. We will immediately inform users if we become aware of such behaviour.
Google Maps (map)
This website uses the service provided by Google Maps. This enables us to show you interactive maps directly in the website and offers you a convenient use of the maps feature. By visiting the website, Google receives the information that you have accessed the corresponding sub-site on our website. In addition, the data mentioned in section 4. a. of this policy will be transferred. This is done regardless of whether Google provides a user account that you have logged into or if no user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not wish your data to be assigned to your Google profile, you have to log out before the button is activated. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based website design. Such evaluation is mainly done (even for users not logged in) to place individualized advertising and to inform other users of the social network about your activities on our website. The legal basis is Art. 6 Para. 1 (f) of the GDPR, and our legitimate interests lie in the ideal provision of the mapping material and the map features.
You are entitled to object to the generation of these user profiles, although you must address Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as on your rights in this respect and settings options for protecting your privacy is available at: https://www.google.de/intl/de/policies/privacy.
Vimeo (video integration)
Our online service integrates videos from the platform Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA.
Usage and communication data, device data and content data may be transferred to the provider. The legal basis for this is provided by Art. 6 Para. 1 (f) of the GDPR. Our legitimate interests lie in the user-friendly integration of videos and their best possible visualization.
You can find more information about data protection at Vimeo here: vimeo.com/privacy. Vimeo can use Google Analytics for its own purposes. You can object to the processing by following the procedure described above for Google Analytics.
5. Making contact, contact form
Personal data are also processed when you contact us. The data you provide, such as your name and your e-mail address, and the content provided in the contact form will be forwarded to the respective contact persons at Fielmann who use your data exclusively to process your request (for example, to our customer service for queries regarding our products, or to our Investor Relations department for questions on Fielmann shares, etc.).
In this case, your personal data are processed in connection with the performance of a contract concluded with you, or in order to take steps upon request prior to entering into a contract, or for the general processing of your request (Art. 6 Para. 1 (b) of the GDPR).
There is no processing of personal data that goes beyond this, provided nothing to the contrary is stipulated and there are no retention obligations. Your data will be stored until the respective purpose of processing them has been achieved.
6. Information for applicants
a. Online applications
The Fielmann careers page as well as the websites www.optiker-werden.de and www.akustiker-werden.de (for Switzerland: www.optiker-werden.ch and www.akustiker-werden.ch) enable you to submit an online application for advertised job vacancies or to send us an unsolicited application.
For this purpose, we use the tool Workday, a service from Workday Limited, The King’s Building, May Lane, Dublin 7, Ireland (“Workday”). Your personal data will be stored by this processor and processed within the EU.
Fielmann AG, Weidestraße 118a in 22083 Hamburg, is responsible for the processing of your data, possibly together with the respective company (store) of the Fielmann Group (hereinafter referred to jointly as “Fielmann”) where you applied for a job. For applicants in Switzerland, Fielmann AG, Steinenvorstadt 62 in 4051 Basel, is solely responsible for processing your personal data.
We process the personal data you send us and provide to us during the application procedure in order to conduct the application process for the position you applied for and, if necessary, to establish an employment relationship and for our applicant management. The following kinds of personal data may be processed:
- Contact data: Name, title (if any), address data, date of birth, language, e-mail address and telephone number (including mobile number).
- Qualifications data: All the data provided as part of the application process, in particular the data provided in the cover letter, the CV, the submitted certificates and in the completed questionnaires for applicants.
- Data from interviews and tests: All the personal information that may have been provided during an interview or was part of a test during the application process.
This data is necessary to give us an impression of your qualifications and both your personal and professional suitability for the job, as well as to be able to communicate with you during the application process.
Using Workday also requires the IP address and possibly usage data to be processed in order to provide the services securely.
In addition, we process your personal data for the purpose of analysing and optimising our applicant management.
The processing of your personal data for conducting the application process is carried out on the basis of § 26 Para. 1, sent. 1 of the German Federal Data Protection Act (BDSG) and Art. 6 Para. 1, sent. 1 b) of the GDPR. It is not possible to carry out the application process without this. Provided you give us your consent or transfer further personal data to us voluntarily and without being asked, we shall process this data reliably on the basis of Art. 6 Para. 1 a), Art. 9 Para. 2 a) of the GDPR. This consent can be revoked at any time with effect for the future, using the contact details stated above.
We may also be subject to legal obligations, Art. 6 Para. 1, sent. 1 c) of the GDPR, and also conduct processing to maintain our legitimate interests as per Art. 6 Para. 1 f) of the GDPR, such as for asserting and defending claims, and optimising the applicant management (provided we do not ask you for your consent).
Only those Fielmann employees will receive access to your personal data who require it for the stated purposes. Besides the people working directly with it in the HR department, this could also include decision-makers in the respective departments or Fielmann companies, particularly stores, where you have applied for a job. We also have agreements on order processing with the providers whose services we use. Beyond this, your personal data is only then made available once we have informed you and you have provided the necessary consent.
We only store your data for the period of time required to conduct the application process or for the above-mentioned purposes. When the application process is complete, we will block your data from further access and delete it no later than 6 months after the end of the application process, provided the application does not lead to an employment relationship that is not bound to any statutory retention obligations or if you do not expressly consent to a longer period of storage, such as through being added to our poool of candidates. Your data is then only transferred to our candidate database for other positions with your consent. You can revoke the consent you provided at any time with effect for the future using the contact details stated above.
b. Online tests
We conduct suitability tests in the pre-selection of applicants for vocational training. For this purpose, we will send you an invitation to the test or request you to take the test as part of the online process. We also offer you the chance to practise answering questions online in a test trainer (“Test Trainer”) in the way you might come across them in an application process. We use the service provider Cyquest GmbH, Heußweg 25, 20255 Hamburg (“Cyquest”): https://www.cyquest.net/.
To conduct the test, the data processed is your name, your address and date of birth, the communication data, your statements and answers, as well as technically important data such as the IP address and device data. The use of the test trainer, however, is possible without entering any further personal data. In this case, only your IP address, device data and the required usage data will also be processed. The legal basis for processing your personal data is provided by § 26 Para. 1 of the BDSG and, for the use of the test trainer, Art. 6 Para. 1, sent. 1 (b) of the GDPR. The data will only be processed for the period in which you use the test trainer on the website, and will be deleted when you finish with and leave the test trainer. When it comes to the processing as part of the suitability test for the application process, your data will be deleted 6 months after the end of the application process, which does not lead to an employment, provided there are no other retention rights or obligations.
We would also like to enable our customers to register for our e-mail newsletters. These newsletters contain information for people interested in our products and services, and information for investors.
To register for the newsletters, customers can simply provide an e-mail address.
Interested parties can register using a so-called double opt-in procedure. After registering to our newsletter, you will receive an e-mail asking you to confirm your registration. This serves the purpose of checking the provided e-mail address.
Registrations to the newsletter are documented by Fielmann in order to be able to perform the service and prove compliance with statutory regulations. This involves storing the time of registration and confirmation, as well as the IP address.
For the management and sending of the newsletters, we also use service providers (processors). These include Klaviyo Inc. (“Klaviyo”), 225 Franklin St, Boston, MA 02110, USA, Mailjet SAS (Global HQ) (“Mailjet”) office and postal address in Paris: 13-13 bis, rue de l’Aubrac, 75012 Paris, France and Exponea DE GmbH, Kemperplatz 1, Mitte D, 10785 Berlin or Exponea s.r.o., City Business Center I, Karadžičova 8/7244, 821 08 Bratislava (“Exponea”).
An analysis of the sending of the newsletters is made on our behalf. The newsletters contain a so-called “web beacon”, i.e. a pixel file that is accessed when the newsletter is opened. As part of this access, technical information such as information about the browser and system, your IP address and the time of the access is collected, as is information on whether the e-mail was opened and which hyperlinks were used. This information (opening rate, access times, link use) is used to improve the service.
The providers use these data partly to optimise or improve their services, such as for a technical improvement to the shipping or the representation of the newsletters, as well as to determine which countries the recipients come from. Your personal data will not be transferred to third parties. The legal basis is your consent as per Art. 6 Para. 1 (a) of the GDPR. You can end your registration to our newsletters at any time and thereby revoke your consents with effect for the future. For this purpose, you can find an unsubscribe link at the end of every e-mail. An appropriate level of data protection for data transfer to third-party countries is guaranteed pursuant to Art. 44 et seq. of the GDPR or by way of suitable guarantees as per Art. 46 of the GDPR.
8. Disclosure to third parties and order processors
All service providers are carefully chosen by us and are contractually obliged to adhere to our high security standards. As part of the so-called order processing work, the companies receive personal data in the scope required for the task they have been appointed to perform. Usage of this data by the appointed company for its own purposes is contractually excluded, unless otherwise stated.
The legal basis here is provided by the legal bases for processing described in more detail above. Personal data may also be forwarded based on the GDPR, the German Federal Data Protection Act (BDSG) and, where applicable, other relevant statutory regulations, provided we are legally obliged to do so (Art. 6 Para. 1 (c) of the GDPR).
9. Secure processing of your data in the EU
Fielmann takes technical and organisational measures to protect your data from unauthorised access or loss. Our security measures are continuously improved in line with technological developments.
As a rule, your data are processed within the EU. If, in exceptional cases, data are transferred to a third country, this is only done if it is essential to be able to offer you the respective services and in compliance with the strict requirements of the GDPR, including compliance with the appropriate guarantees (Art. 44, 46f. of the GDPR).
10. Duration of storage
We store your personal data at most until the respectively stated processing purposes have been fulfilled.
11. Your rights
You can assert the following rights with regard to the processing of your personal data:
- Right of access as per Art. 15 GDPR, on which data concerning you we process;
- Right to rectification of inaccurate or incomplete data as per Art. 16 GDPR and/or erasure including the ‘right to be forgotten’ as per Art. 17 GDPR, particularly if there are no retention obligations;
- Right to restriction of processing as per Art. 18 GDPR;
- Right to object to the processing, in the legally stated cases as per Art. 21 Para. 1 GDPR and the right to object at any time to processing for direct marketing purposes (Art. 21 Para. 2 GDPR) (see below for further details);
- Right to data portability as per Art. 20 Para. 1 GDPR.
In addition, you are also entitled to lodge a complaint to a supervisory authority for data protection.
If you have given your consent to the processing of your data, you can revoke it any time with effect for the future.
To the extent that we base the procesing of your personal data on our prevailing legitimate interests, you have the right to object to the processing (Art. 21 Para. 1 GDPR).
Irrespective of this, you may object at any time and without providing reasons to the processing of your personal data for marketing and data analysis purposes (Art. 21 Para. 2 GDPR).