Zalando
Privacy Notice

PDF-Version

As at: 11/2022

This Privacy Notice gives you an overview of how Zalando processes your data. It applies to all websites, apps and other benefits and services offered by Zalando.

If you have a question regarding this Privacy Notice or data protection at Zalando you can reach out to our Privacy Team by sending an email to datenschutz@zalando.de. Please also send an email to our Privacy Team if you would like to request data access or data deletion, or in order to exercise other data protection rights provided in Art. 15-22 GDPR, including withdrawal of consent to marketing, opt out from newsletter etc. For more information see the sections Which data protection rights do I have? and Contact.

How you can read these Privacy Notice: We offer you various options for reading this Privacy Notice. Firstly, you can find very basic information in this section. Then we have sorted this Privacy Notice into topics relevant for you and divided it accordingly into individual chapters. If you are already a “pro”, you can jump directly to individual chapters using the dropdown menu below.

We have prefixed each chapter with a short overview. This overview briefly summarises the content of the chapter. If you just want a quick high-level overview of all data processing, it is advisable to read the overviews. If you want to familiarise yourself with the details, you can click on “more” under the relevant overview. The full content of the chapter will then be displayed.

We have avoided cross-references wherever possible. That way you get all information coherently explained, regardless of which chapter you are currently reading. If you read this Privacy Notice from start to finish, you may find that parts of the text are repeated. We were unable to avoid a few cross-references. For example, we summarised all country-specific data processing in a single chapter and always refer to this chapter when discussing country-specific data processing.

Which services and offers this Privacy Notice applies to: Zalando processes your data in a similar way for most of our services. This Privacy Notice therefore applies to all benefits and services which we offer our European customers. This is true regardless of whether we do this via a website, an app, in transactions, on the phone, at events or via social networks or other channels. For ease of comprehension, we use the term “services” to summarise this “normal case”.

There are, however, also exceptional services where we process your data differently or for particular purposes. This may be due to the nature of a service or country-specific requirements. When we are referring to these cases (that is “deviations from the normal case”), we call them “service-specific” or “country-specific”.

Please note that Zalando iOS apps released after 10 June 2021 no longer share any data with third parties for marketing purposes. In case a particular iOS app still offers features that involve data sharing with a third party for marketing purposes, your data will only be shared if you click “agree” on an iOS tracking prompt.

Finally, you should also bear in mind that Zalando is not just a single company. Zalando is a group and thus consists of multiple companies. Not all of these companies offer you services or process your data. For simplicity, only the Zalando Group companies which are actually involved in processing your data are named below. Where we refer below to “Zalando”, “we” or “us”, we mean the responsible companies within Zalando Group which process your data.

  • Zalando SE, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Connected Retail GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • nugg.ad GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Beauty Store GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Customer Care Central Services SE & Co. KG, Mühlenstraße 15, 10243 Berlin, Germany
  • Zalando Customer Care DACH SE & Co. KG, Mühlenstraße 15, 10243 Berlin, Germany
  • Zalando Customer Care International SE & Co. KG, Mühlenstraße 15, 10243 Berlin, Germany
  • Zalando Finland Oy, Runeberginkatu 5 B, 2nd floor, 00100 Helsinki, Finland
  • Zalando Ireland Ltd., 2WML, Windmill Quarter, Dublin 2, D02 F206, Ireland
  • Zalando Logistics Gießen SE & Co. KG, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Logistics Mönchengladbach SE & Co. KG, Regioparkring 25, 41199 Mönchengladbach, Germany
  • Zalando Logistics Operations France SAS, 21 Boulevard Haussmann, 75009 Paris, France
  • Zalando Logistics Operations Italy S.R.L., Via Leonardo da Vinci 12, CAP 39100; Bolzano (BZ), Italy
  • Zalando Logistics Operations Netherlands B.V., Klappolder 130, 2665 LP Bleiswijk, Netherlands
  • Zalando Logistics Operations Polska sp. z o.o., ul. Innowacyjna 8, 74-100 Gardno, Poland
  • Zalando Logistics Operations Spain S.L.U., Carrer Arquitecte Santiago Pérez Aracil 1, 03203 Elche, Spain
  • Zalando Logistics SE & Co. KG, In der Hochstedter Ecke 1, 99098 Erfurt, Germany
  • Zalando Logistics Süd SE & Co. KG, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Lounge Logistics Polska sp. z o.o., Ameryka 30, 11-015 Olsztynek, Poland
  • Zalando Lounge Logistics SE & Co. KG, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Lounge Service GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Marketing Services GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando OpCo Polska Sp. z o.o., ul. Inwestycyjna 1, 95-080 Głuchów, Poland
  • Zalando Operations GmbH, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Outlets GmbH, Köpenicker Straße 20, 10997 Berlin, Germany
  • Zalando Payments GmbH, Mühlenstraße 13-19, 10243 Berlin, Germany
  • Zalando Stores GmbH & Co. KG, Valeska-Gert-Straße 5, 10243 Berlin, Germany
  • Zalando Switzerland AG, Stampfenbachstrasse 85, 8006 Zurich, Switzerland
  • Zalando UK Ltd., c/o Tradebyte Software Ltd, Studio 8 Montpellier Street, Cheltenham GL50 1SS, United Kingdom

What you will learn in this Privacy Notice:

  • Which data Zalando stores.
  • What we do with this data and what it is needed for.
  • Which data protection rights and options you have.
  • Which technologies and data we use to personalise and coordinate our services in order to offer you a secure, simple, seamless and individual shopping experience.
  • Which technologies and data we use for advertising, including the tracking technologies we use.

1. Which data does Zalando process?

Zalando offers you a wide range of services, which you can also use in a wide range of ways. Depending on whether you contact us online, by phone or otherwise and on which services you use, various data from different sources may come into play. Much of the data we process is provided by you yourself when you use our services or contact us, for example when you register and provide your name or email address or address. We do, however, also receive technical device and access data which is automatically collected when you interact with our services. This may, for example, be information on which device you are using. We collect further data using our own data analyses (e.g. within the framework of market research studies and customer evaluations). We may also receive data on you from third parties, for example for credit rating agencies and payment service providers.

When we talk about “your data”, we are referring to personal data. This includes all information which allows us to identify you straight away or by combining it with other information. Examples: Your name, your telephone number, your customer number, order numbers or your email address. All information which cannot be used to identify you (even by combining it with other data) is classified as non-personal data. Non-personal data is also referred to as anonymous data. If we combine your personal data with anonymous data, all the data in this record counts as personal data. If we delete the personal data from a piece of information or a record on your person, the remaining data in this record no longer counts as personal data. This procedure is referred to as anonymisation. The following generally applies: If we request that you share particular personal information with us, you may of course refuse to do this. You can decide which information you share with us. We may, however, be unable to provide you with the desired services (at least not optimally). For example, you cannot have a package delivered without giving a delivery address. If particular information is required in connection with a service (mandatory information), we will inform you by marking it accordingly.

Profile information is personal and demographic information on your person (so-called master data), along with your individual interests, which you share with us when registering for a customer account. Your profile data includes, for example:

  • Your first and last names
  • Your contact details
  • Your preferences, e.g. in relation to brands, product types or styles
  • Demographic information such as your gender, age and place of residence

Mandatory information is usually your name, your email address and a password you choose yourself. Your email address and the password will later constitute your login details.

Other mandatory information may also be required for the use of access-restricted, fee-based or personalised services, such as your date of birth or your title (e.g. in order to transfer you to the relevant Zalando shop page for your gender) or your favourite brands and clothing styles.

Profile data may also include further information on your person and your interests. These may be collected in the process of registering for the service, or only subsequently. This is the case, for example, if you later add voluntary information to your profile or you wish to use your customer account to register for a service which requires additional mandatory information.

Tip

If you are logged into your customer account, you can view your personal data there and can usually edit it directly there, e.g. in order to update your address after a move.

If you contact us, we collect your data. Depending on how you contact us (e.g. by phone or by email), your contact details may include your name, postal addresses, telephone numbers, fax numbers, email addresses, detail on your social network profiles (for example we receive your Facebook ID if you contact us via Facebook), user names and similar contact details.

If you order something from Zalando or shop on site, for example at a Zalando Outlet Store, we collect your shopping data. Depending on the type of purchase and processing status, shopping data may include the following information:

  • Order number
  • Details on the purchased items (name, size, colour, price etc.)
  • Payment method information
  • Delivery and billing addresses
  • Messages and communication relating to purchases (e.g. notice of revocation, complaints and messages to customer service)
  • Delivery and payment status, e.g. “completed” or “dispatched”
  • Return status, e.g. “successfully completed”
  • Information on service providers involved in executing the contract (for order purchasing perhaps shipment numbers of parcel services)

Tip

You can view your essential shopping data in your customer account in the areas “My orders”, “My returns” and “My address book”.

We offer you the common payment methods in online retail - especially advance payment, credit card, PayPal or invoice. We collect the payment details shared by you in order to execute the payment. We receive further payment details from external payment service providers and credit agencies which we work with in executing payments and carrying out credit checks. We only forward information to our payment service providers which is necessary for processing payment.

Payment details include:

  • Preferred payment method
  • Billing addresses
  • IBAN and BIC or account number and sort code
  • Credit card details
  • Creditworthiness data

The payment details also include other information directly connected to payment processing and credit checking. This applies, for example, to information which external payment service providers use for identification such as your PayPal ID (if you are paying with PayPal).

Zalando Payments GmbH, Mühlenstrasse 13-19, 10243 Berlin, Germany, is responsible for executing payments, managing claims and performing credit checks in connection with all private purchases from the Zalando shop and other fee-based services from Zalando Group.

Creditworthiness data consists of our own records on your previous payment behaviour towards all Zalando Group companies and of score values which we collect on you from external credit agencies. Creditworthiness data makes statements on a person’s estimated capacity and willingness to pay. This helps companies to avoid defaults which result when customers cannot fulfil their payment obligations or cannot do so in good time. Taking creditworthiness data when choosing payment methods is also intended to prevent us offering our customers payment methods which cannot be offered to them and our customers entering into payment obligations which they cannot fulfil themselves. Creditworthiness data is normally collected from so-called credit agencies. The credit agencies then use various information to calculate a so-called score value which takes into account existing payment obligations and any previous defaults. Score values are statistically justified estimates of the future risk of a person defaulting and are represented as a numerical value, such as a percentage. We only have limited influence on processing of data by external credit agencies (e.g. if we provide credit agencies information on payment obligations which have not been fulfilled).

Cooperation with external payment service providers and credit agencies is on a country-specific basis, in order to take country-specific features and requirements into account. Under Who is my data forwarded to? you can find information on external payment service providers and under Country-specific information you can find information on which credit agencies we work with in which countries. There you can also find special privacy policies which we provide you with on behalf of the relevant payment service providers and credit agencies.

When you interact with our services, data arises which we use to find out which content, topics, products, product types, brands or styles you are interested in. For example, we can use shopping data, wish list content and your age (if this information is available to us) and comparison with users with similar features to find out which styles and product categories you are interested in. Thus we can show the products which will probably be most relevant to you first the next time you perform a search.

Along with the interests you have directly shared with us, we can also derive your interests from other data we have collected. If, for example, you repeatedly visit a particular area of the Zalando shop, we can extrapolate your interests from your access data by means of usage analysis (e.g. we can deduce that you might be interested in sport if you frequently visit the category “sportswear” or order products from this category).

For this purpose, we also receive demographic information and statistics on our users from our external advertising partners (such as age, gender, region), as well as device and access data and interests. We take care that our advertising partners only provide Zalando with aggregate, encrypted and anonymous data, so that we cannot assign the data to any particular person, especially any particular user. This information may help us to understand our users better, perhaps within the framework of customer structure analyses and user segmentation.

You can find further information on the processing of your data for advertising purposes under “How does Zalando use my data for marketing?”.

If you communicate with us or other users regarding products (e.g. product evaluations) and other topics by phone, post, social media, contact forms or any other medium, we collect the content of your messages.

We may forward your messages to the office responsible for your concerns, perhaps to partner companies or manufacturers. If your messages are forwarded to another company (e.g. if you provide us with feedback on the manufacturer of a product), you of course have the option to tell us that the data should only be used by Zalando. If so, we will not forward your information to the responsible office, or will only do so without your personal information, provided that your concerns can be processed in this way.

If you transmit messages to us for other users via functions provided for this purpose (e.g. product evaluations), we may publish these within the scope of our services.

Recording of telephone conversations

Telephone conversations, for example with our hotline, will only be recorded with your consent for the purposes covered by your consent (e.g. quality assurance, training purposes). Consent to recording of conversations is of course voluntary. You may withdraw consent at any time with effect for the future, for example by asking the employee on the phone to stop the recording. You can find further information under “Which data protection rights do I have?”.

Zalando also uses social network services such as Facebook, Instagram and Twitter to communicate with customers and users. We use these popular platforms to offer you further contact and information options beyond our in-house communication channels. Please bear in mind, however, that we do not have any influence on the terms of use for social networks and the services they offer, and only limited influence on their data processing. We therefore ask you to carefully check which personal data you share with us via social networks. We cannot influence the behaviour of social media operators, other users or third parties who may work with the operators of the social networks or also use these services.

Zalando maintains profile pages (also called "fan pages") on various social networks. Additionally, Zalando services may incorporate social networking features. These may be messenger services and so-called social plug-ins or social logins such as "Sign in with Facebook". If you are in direct contact with us through our social media profiles or if you use social networking features integrated into our services and you are a member of the respective social network, we may receive data from the social network operator that allows you to be identified. Usually, we can see the following data:

  • Your public profile information stored on the respective social network (e.g. name, profile picture)
  • Details of the device type you are using
  • The account ID of your profile on the respective network (e.g. Facebook ID)

Please also refer to the notes on the processing of social network data related to social network features under “Info on websites and apps” and “Information about Social Media Fan Pages”.

Zalando currently uses the Facebook messenger service and social plug-ins / logins for the following social networks:

  • Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The link to Facebook's privacy policy is available here: Facebook's Data Policy.
  • Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The link to Twitter's privacy policy is available here: Twitter's Privacy Policy.
  • Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). The link to Pinterest's privacy policy is available here: Pinterest's Privacy Policy.

For particular purposes, we also collect data on your device’s current location when you use our services. Two different technologies are used for this.

If you approve your device’s location services for an app, a website or another online service by Zalando, Zalando processes the location data collected by your device and provided to us in order to provide you with location-specific services.

Example

Some of our apps show you shops in your area or suggest products which correspond to your current location.

If you allow a Zalando app to access your device’s location services, your location may be regularly processed by Zalando (e.g. even if you are not currently using the app). This serves to improve the user experience, for example by loading location-dependent content faster when you use the app at your location, or displaying location-based push notifications. We do not use this data to produce any motion profiles. You can obtain further information on location-based services if required.

We also collect location data derived from your device’s IP address (down to the city level). An anonymised IP address shortened to three characters is used for this purpose. Therefore, this cannot be used to identify your internet connection or device.

What are IP addresses?

Each device connected to the internet must be assigned a multiple-character, unambiguous number (example: 193.99.144.85). This is referred to as an IP address.

The first three characters of an IP address are usually assigned to a particular region or a particular internet provider. The approximate location of the internet connection can therefore be derived from the IP address.

This procedure (so-called geolocalisation) is used by us and many other online shops, for example to identify fraud and suspicious orders (e.g. it may be suspicious in particular situations if an order from your customer account uses an IP address from a country where you have never previously made any orders).

Some of our service-specific applications allow you to share photos and other personal content with us or other users, in order to communicate with us or other users or to personalise services (e.g. by uploading a profile picture, using the Zalando app’s photo search or communicating with a stylist).

If you take part in a campaign (e.g. competition) or survey (e.g. customer satisfaction survey for market research purposes) offered by Zalando, we ask you for personal information.

For example, if you take part in a competition we generally ask you for your name and email address, so that we can inform you if you win and to ensure that each participant only takes part in the competition once.

We may ask you for further information for some campaigns and surveys. This may be the case, for example, if we carry out a campaign with a partner and the partner needs information on you in order to make the prize available to you. In such cases we will, however, always inform you separately about the information required and how we use it.

Zalando Group companies use the central Zalando SE’s central applicant management system to accept and process job applications.

You can find the web portal for Zalando’s applicant management system at: https://jobs.zalando.com/. The Zalando applicant management system has a service-specific privacy policy, which you can access here: https://jobs.zalando.com/de/datenschutz.

When using online and mobile services, it is inevitable that technical data will be generated and processed in order to provide the features and content offered and to display them on your device. We refer to this data as "Device and Access Data". Device and Access Data are created whenever online and mobile services are used. It does not matter who the provider is. Device and Access Data are therefore created, for example, when using:

  • Websites
  • Apps
  • Social media fan pages
  • Email newsletters (i.e. if your newsletter interaction is recorded)
  • Location-based services

Zalando collects device and access data for online and mobile services offered by Zalando itself (e.g. Zalando Shop). Secondly, Zalando may receive device and access data from online and mobile services of other companies, as long as they are social media or advertising partners of Zalando or participate in the same online advertising networks (e.g. the "Google Network"). Additional information is available under “How does Zalando use my data for advertising?” and “Information about Social Media Fan Pages”.

Device and Access Data includes the following categories:

  • General device information, such as information on the device type, operating system version, configuration settings (e.g. language settings, system authorisations), information on internet connection (e.g. name of the mobile data network, connection speed) and on the app used (e.g. name and version of the app).
  • Identification data (IDs), such as session IDs, cookie IDs, unambiguous device ID numbers (e.g. Google advertising ID, Apple Ad ID), third party account IDs (if you use social plug-ins or social logins or pay by PayPal) and other common internet technologies, to facilitate recognition of your web browser, your device or a particular app installation.

Example

If you activate the push notification service in a Zalando app, you will be provided with a randomly generated, unambiguous push ID. We send the push ID together with the push notifications aimed at you to the push server, so that the latter can address the notification to the right recipient, that is to your device.

  • Access data automatically transmitted by apps and web browsers whenever you access web servers and databases (within the framework of so-called HTTP requests). This is standardised information on the required content (such as the name and file type of a retrieved file) as well as further information on server access (such as amount of data transferred and error codes), on your device (e.g. device type, operating system, software versions, device identifications, IP address, the site previously visited and the time of access).

2. What does Zalando use my data for?

Zalando processes your data in accordance with all applicable data protection laws. Of course, we observe the principles of data protection law for the processing of personal data. We therefore generally only process your data for the purposes explained to you in this Privacy Notice or shared when we collect the data. These are mainly purchase processing and the provision, personalisation and development as well as security of our services. We also use your data within the framework of the strict German and European data protection law, but also for other purposes such as product development, scientific research (especially in the areas of machine learning, artificial intelligence and deep learning) and market research, for the optimisation of business processes, the needs-based design of our services and personalised advertising.

In this chapter, we also inform you of the legal basis on which we process data for the individual purposes. Depending on the legal basis for our processing of your data, you may have additional data protection rights alongside your permanent rights such as the right to information. For example, in individual cases you have the right to object to the processing of your data. You can find further information under “Which data protection rights do I have?”.

We process your data in the necessary scope to fulfil contracts and to provide and execute further services requested by you, as described in this Privacy Notice. The purposes of the necessary data processing therefore depend on the purpose of the contract agreed with you (including our General Terms and Conditions and any service-specific terms and conditions or terms of use) or services requested by you. The most important purposes are:

  • The provision, personalisation and needs-based design of our services such as the Zalando shop and Zalon (including their respective websites, apps and cross-device and cross-platform functions).
  • The provision of local services, e.g. in Zalando Outlet Stores and at events and trade fairs.
  • The execution of customer programmes such as Zalando Outlet Card and Zalando Plus.
  • The execution of purchase agreements and customer service including dispatch and payment processing, claim management as well as the processing of returns, complaints and warranty claims.
  • The provision of messages, reports, newsletters and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.

Examples

You can request email information on the availability of out-of-stock items in the Zalando shop.

In our apps you can request push-service information on particular events or offers and other subjects.

If you take part in our online shopping club Zalando Lounge, you will regularly receive our Zalando Lounge newsletter with information on current promotions.

  • The guarantee of the general security, operability and stability of our service including defence from attacks.
  • Non-promotional communication with you on technical, security-related and contractually relevant subjects (e.g. fraud warnings, account blocking or contractual changes).
  • The mediation of contracts via our trading and sales platform, perhaps within the framework of the Zalando partner programme or Zalando Wardrobe.
  • The issuing, redemption, delivery of Zalando vouchers.
  • The execution of campaigns and competitions.

The processing of payments for execution of purchase agreements is provided by Zalando Payments GmbH. Zalando also uses the service of external payment providers for payment processing. You can find information on external payment providers under section Who is my data forwarded to?.

Legal basis: Insofar as the purpose relates to the execution of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6 (1) b GDPR. Otherwise, the legal basis is Article 6 (1) f GDPR, whereby we may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests.

We process your data for the provision of comfortable and useful services which correspond as well as possible to your needs and interests. Because the Zalando shop’s range encompasses hundreds of thousands of products and thousands of brands, it is necessary that we present our content and offers in a needs-based manner so that you can find products you are actually interested in. This requires a user-specific evaluation of the relevance of products and content.

To personalise shopping in the Zalando shop we use device and access data which we collect for usage analysis. Alongside this, we also use device and access data which we receive from advertising partners while you visit the Zalando shop. If you are logged in with your customer account while visiting the Zalando shop, we also use profile data, interest data and shopping data to personalise your shopping experience. We refer to this form of shopping personalisation as on-site optimisation. Only such shopping personalisation allows us to present you with suitable search results, product suggestions, style recommendations and other content corresponding to your actual interests. Without such shopping personalisation, as carried out today by many online shops as standard, your search for relevant products would be less convenient and more protracted and the utility of our range for you would be lower. Shopping personalisation does not, of course, prevent you from accessing all content. It does, however, allow you to see content which is more relevant to you more quickly.

Find out more

We have collected more details on the operating principle of Zalando’s websites and apps under “Shopping personalisation”.

You can find further details on the operating principle of personalised Zalando Services under “Personalised services”.

Legal basis: The legal basis for the processing of your data for shopping personalisation within the framework of personalised services is Article 6 (1) b GDPR. The legal basis for the processing of your data within the framework of on-site optimisation is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

We process the data collected on our customers for scientific research in the areas relevant to Zalando. This includes in particular the research areas of machine learning, artificial intelligence, natural language processing and deep learning. Research at Zalando concentrates on solutions to real, everyday online shopping problems and is meant to serve the improvement and development of the existing services range. In this way, for example, we can develop apps which can suggest products targeted to your interests and needs and recognise styles and assign products which correspond to your actual interests.

In doing this, of course, we observe recognised scientific data protection standards. This also means that we only process your data in summarised, anonymised or pseudonymised form for research purposes, for example by replacing all identifiable data such as your name with other values.

Find out more

You can find further information on the subject of research and science at Zalando at Zalando Research.

Research at Zalando includes the following purposes:

  • The development of machine learning procedures allowing estimates, prognoses and analysis of the needs and interests of our users.
  • The development of technical solutions for real customer problems which our specialist departments and fashion manufacturers encounter in day-to-day business (e.g. difficulties in finding suitable products, reducing the probability of bad buys, sizing).
  • The development of technical solutions for optimising business and logistics processes.
  • The development of technical solutions facilitating the improvement and development of shopping personalisation and fraud prevention.
  • The registration of patents and publication of specialist articles.
  • Participation in research communities and academic cooperation partners.

Example

The size recommendations for shoes in the Zalando shop use a machine learning algorithm developed by Zalando Research. In developing the learning algorithm, Zalando Research has used shopping data with shoe orders, returns due to sizing and sizing information from various manufacturers. We used this to develop an intelligent size recommendation procedure for shoes in order to predict which shoe models are too large or too small.

Legal basis: The legal basis for the processing of your data within the framework of the research purposes described above is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

Prevention of fraud

In order to combat the risk of data security breaches, data pertaining to users of our services is encrypted in transmission. This applies both to ordering and to registering for a customer account. For this we use the coding system SSL (Secure Socket Layer). Encryption prevents third parties from viewing the data. To provide additional protection from external attacks, we rely on special security technologies which constantly check our systems and identify and report anomalies. We also use technical and organisational measures to secure our systems against loss, destruction, unauthorised access or distribution of customer data by unauthorised persons. In this manner we wish to keep the risk of unauthorised access as low as possible, because protecting your data is our top priority. However, we - like other companies - cannot guarantee absolute protection.

We also use technical and manual procedures for fraud prevention in order to protect us and our users from misuse of data, especially by fraudulent orders. To this end, Zalando Payments GmbH summarises and evaluates your device and access data (including IP address, identifiers, user behaviour), shopping data and payment details (including address and other creditworthiness data from external credit agencies) as well as the change history of your profile information (e.g. when your delivery address was last changed) under a pseudonym when executing an order. The record is also compared with your previous usage and order habits. We also compare it to general records from all Zalando orders (also from other Zalando Group companies) involving confirmed or suspected fraudulent actions. This comparison allows us to identify fraud patterns and to prevent fraud and identity theft by comparing patterns. Sometimes when based on our analysis the likelihood of fraud is very high, we may cancel orders or deactivate accounts in order to minimise the risk of fraudulent orders and protect users whose accounts may have been taken over.

In some countries we offer customers the option to pay for purchases by Invoice. In the event that you select this payment method, Zalando Payments GmbH transmits your name and your addresses as provided by you during checkout to external credit agencies. This serves to ensure that you are actually registered and can be reached at the disclosed addresses. Zalando Payments GmbH also transmits your name and address to external credit agencies if you have selected to pay by SEPA Direct Debit to prevent payment default risks, for example, due to data misuse. Typical indicators which - usually in combination - may increase the probability of attempted fraud include:

  • Your delivery address was changed shortly before the submission of the order and/or is in a region with increased risk of fraud.
  • Your order is particularly large and/or includes products which are subject to particularly high demand at present and/or are carried out at an unusual time for your region (e.g. at night).
  • The payment methods invoice or direct debit are used for the order.
  • There were suspicious login attempts on your account before the order was submitted, the pattern of which suggests automation.
  • Your customer account is used from a suspicious IP address.
  • Your customer account is used by an unknown or suspicious device.

If our security system suspects attempted fraud or an increased risk of fraud, the relevant procedure will be forwarded to the Zalando fraud team for manual investigation. Appropriate preventative measures will be taken in view of the risk of fraud (e.g. temporary blocking of the customer account or restriction of payment methods offered).

These providers collect and process data, with help from cookies and other tracking technology, to establish the end device used by the user as well as further data on the use of the website. There is therefore no assignment to a specific user.

Over the course of the order process on our website, we request a risk assessment for the user's end device from the database of providers. This risk assessment on the likelihood of attempted fraud considers, amongst other things, whether the end device has logged on using different service providers, whether the end device has a geo-reference which frequently changes, how many transactions were affected on the end device and whether a proxy connection is used.

Legal basis: If your data is processed to prevent fraud at your expense, the legal basis is Article 6 (1) b GDPR. This processing of your data otherwise occurs on the basis of Article 6 (1) f GDPR, based on our legitimate interest and that of other users in the identification and prevention of fraud and clarification of criminal offences.

Choice of payment methods

Before we show you the payment methods available for a purchase, Zalando Payments GmbH will carry out a risk assessment and include the total costs for an order with Zalando. Your previously collected purchase data, payment details, creditworthiness data, data on your previous payment behaviour as well as your profile information (such as surname, first name, delivery and billing address, email address, date of birth) will be used to carry out the risk assessment. The assessment and evaluation will be carried out automatically using statistically justified estimates of the default risk in relation to the payment methods we offer. In the event that payment via Invoice is available in your country and you select payment by Invoice for your items, Zalando Payments GmbH shall transmit your data to external credit agencies to receive general information from these on the evaluation of the payment-specific default risks (e.g. on whether your address is plausible and up-to-date) as well as, in individual cases, creditworthiness data, perhaps on open invoices and circumstances directly resulting in a risk of payment default (e.g. insolvency, deferral due to inability to pay). Furthermore, Zalando Payments GmbH transmits your data to external credit agencies in order to evaluate payment-specific default risks if you have chosen to pay by SEPA Direct Debit. Which specific creditworthiness data is taken into account in the course of the risk assessment may vary from country to country.

Note

You can find country-specific information on the credit agencies charged with carrying out the risk assessment and on the creditworthiness data used under “country-specific information”.

When deciding on the payment types offered, the total costs for the specific payment type for Zalando as well as the availability of the payment type in the relevant country are considered. It may be the case that we no longer offer certain payment types, which are associated with higher costs, risks or increased returns for us, to our customers who typically return things at a rate higher than the average (for return rates higher than 70 %, for example) or who place incredibly small orders. The modification of available payment types contributes to lower return rates, which is more sustainable and more economic. At the same time, our customers continue to have the option of using our services, as every customer is offered at least one possible payment type and can then complete the purchase.

The default risk is assessed separately for each payment method in the form of an estimate. If the risk assessment yields a positive result, we can offer all the payment methods we generally offer. Otherwise, we will only offer you particular payment methods. Factors which may influence the availability of a payment method include:

  • The combination of name and address could not be found. This may result from typing errors, moves, marriage or a change of district.
  • You have given a delivery address, packing station or company address differing from the billing address.
  • There are still open claims against you.
  • There have been payment disruptions with particular payment methods in the past.

The risk assessment will not mean that you are not offered any payment method. If you are not in agreement with the payment methods offered, you can inform us of this in writing by letter or email at datenschutz@zalando.de. We will then check the decision again, taking your viewpoint into account.

Legal basis: The legal basis for processing of your data is Article 6 (1) f GDPR, based on our legitimate interest in avoiding default risks.

Credit check

Along with data already in Zalando Payments GmbH’s possession, creditworthiness data from external credit agencies in the form of score values is also used. Score values are statistically justified estimates of the future risk of a person defaulting and are represented as a numerical value, such as a percentage. To this end, Zalando Payments GmbH transmits on our behalf the personal data required for a credit check (generally your first and last name, your address and if necessary your date of birth or Social Security Number (in countries where this is required)) to the external agency. Address data may also be taken into account when calculating your score. The credit agency uses the data transmitted by us to correspondingly assess your creditworthiness on the basis of mathematical-statistical procedures.

Note

You can find information on the credit agencies charged with carrying out credit checks in your country under “Country-specific information”. If your country is not listed here, we do not carry out credit checks in your country.

Depending on the result of the credit check, i.e. whether it is positive or negative, we will show you appropriate payment methods which you can use to continue and complete your purchase. If you are not in agreement with this, you can inform us of this in writing or by email at datenschutz@zalando.de. We will then check the decision again, taking your viewpoint into account.

Legal basis: The legal basis for the credit check described above is Article 6 (1) b GDPR, because it is necessary for the execution of necessary pre-contractual measures. This processing of your data otherwise occurs on the basis of Article 6 (1) f GDPR, based on our legitimate interest and that of other users in the avoidance of payment defaults, the identification and prevention of fraud and the clarification of criminal offences.

In the event that outstanding invoices are not settled despite repeated reminders, we may transfer the data required to commission a collection service provider to a collection service provider for the purpose of collecting the debt. Alternatively, we may sell the debt to a collection service provider which is then able to file a claim in its own name. You can find information on the agencies charged with collection services in your country under "Country-specific information".

Legal basis: The legal basis for transferring data within the framework of fiduciary collection services is Article 6(1)(b) GDPR; data is transferred within the framework of selling debt on the basis of Article 6(1)(f) GDPR.

We use your data, also within the framework of data analysis, for advertising and market research, in particular for the following purposes:

  • Classification into various target and user groups within the framework of market research (user segmentation).
  • Findings on various target groups and their respective usage habits and shopping interests.
  • The production of findings on demography, interests, our users’ shopping and usage habits as well as the marketing on these findings within the framework of advertising services provided to third parties.
  • The early identification of trends in the areas of fashion and online shopping.
  • The execution of advertising to existing customers.
  • The execution of direct marketing, e.g. in the form of newsletters.
  • The planning, execution and success monitoring of advertising corresponding to the interests of the target groups being addressed (personalised advertising).
  • Findings as to how our services are used (usage analysis).
  • The marketing of the above findings within the framework of advertising services for advertising customers.

Info

Advertising services at Zalando are also offered by Zalando Marketing Services GmbH. On the Zalando Marketing Services GmbH website

Depending on the purpose, we use the data we have stored for data analysis. For example, we use summarised (aggregated), statistical, depersonalised (anonymised) profile information or data which can only be assigned to persons via further intermediate steps (pseudonymised profile information) as well as shopping and device and access data in order to understand and analyse purchasing processes using data analysis. This gives us anonymous or pseudonymised findings on our users’ general usage behaviour.

We process your data on the basis of balancing of interests to protect our legitimate interests or those of third parties (such as advertising partners or dealers which participate in Zalando’s partner programme). Zalando’s legitimate interest or that of third parties in data processing derives from the relevant purposes and is, unless otherwise indicated, of a competitive and economic nature.

Please note that Zalando IOS apps released after 10 June 2021 no longer share any data with third parties for marketing purposes. In case a particular IOS app still offers features that involve data sharing with a third party for marketing purposes, your data will only be shared if you click “agree” on an iOS tracking prompt.

Legal basis: If data processing for the above purposes occurs with your consent, the legal basis is Article 6 (1) a GDPR (consent). This data processing data otherwise occurs on the basis of Article 6 (1) f GDPR, whereby the legitimate interests are for the above purposes.

We use your data for product and technology development including the development and improvement of personalised services. In doing this we use aggregated, pseudonymised or anonymised data and machine learning algorithms, perhaps from our research, which facilitate estimates, prognoses and analysis in the interests of our users. In this way, for example, we can develop apps which can suggest products targeted to your interests and needs and recognise styles and assign products which correspond to your actual interests. Data is processed in relation to product and technology development particularly for the following purposes:

  • The development and improvement of personalised services and technologies for data analysis, advertising and personalised online shopping.
  • The development of technologies and concepts to improve IT security, prevent fraud and improve data protection e.g. by pseudonymisation, encryption and anonymisation technologies.
  • The development and testing of software solutions for the optimisation of necessary business and logistics processes.

Legal basis: The legal basis for the processing of your data for product and technology development purposes is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

We transmit and process your data where necessary for administrative and logistical processes and to optimise business processes within Zalando Group in order to design these in a more efficient and legally secure way and to fulfil our contractual and legal obligations (e.g. retention obligations under commercial and tax law). Many systems and technologies are shared within Zalando Group. This allows us to offer a more economical, secure, unified and personalised service. Therefore, various companies within Zalando Group have access to your data in so far as this is necessary for the fulfilment of the purposes named in this Privacy Notice.

Examples

  • If you register with your customer account (provider: Zalando SE) for Zalon (provider: Zalando Fashion Entrepreneurs GmbH), Zalando SE grants Zalando Fashion Entrepreneurs GmbH access to the information stored in your customer account in the necessary scope. This allows us to transfer your profile information and contact details without you having to enter them again. Your orders are then used by your Zalon stylist when advising you.
  • If you contact Zalando customer service, your request is forwarded to Zalando Customer Care DACH SE & Co. KG and processed there. Zalando Customer Care DACH SE & Co. KG is responsible for customer service in the German-speaking area within Zalando Group. If this is necessary for the processing of your concern, a customer service employee from Zalando Customer Care DACH SE & Co. KG may access the data stored on you by other Zalando companies, for example your order data (e.g. in order to clarify your questions regarding a return).

Data processing for business management and business optimisation also includes, for example, the following purposes:

  • The execution and improvement of customer service.
  • The prevention and clarification of criminal offences.
  • Guaranteeing the security and operability of our IT systems.

Legal basis: The legal basis for the processing of your data for business management and optimisation is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes. Where we process your data on the basis of legal specifications, e.g. retention obligations and money laundering tests under tax law, the legal basis is Article 6 (1) c GDPR.

If you have given us your consent for the processing of personal data, your consent is the primary basis of our data processing. Which of your data we process on the basis of your consent depends on the purpose of your consent. Typical purposes include:

  • Subscription to a newsletter.
  • Participation in surveys and market research studies.
  • The processing of particularly sensitive data, containing e.g. your political opinions, religious or ideological convictions or state of health.
  • The recording of telephone conversations which you have e.g. with our hotline.
  • The transmission of your data to third parties or to a country outside the European Union.
  • Processing of your location data by Google Maps in specific cases, such as offering information on the nearest pick-up points of your order.

Notices of withdrawal

You can withdraw consent at any time with effect for the future, e.g. by e-mail, letter or fax.

If the relevant service supports this function, you can adjust and withdraw consent to receive newsletters and other notifications in the preference centre. You can find the link to the preference centre in each newsletter. Each newsletter also contains a corresponding unsubscribe link.

You can find further instructions under “Which data protection rights do I have?”

If data protection law allows it, we can use your data for new purposes such as carrying out data analyses and developing our services and content without your consent. It is a prerequisite for this that these new purposes which the data is to be used for were not fixed or foreseeable when the relevant data was collected and the new purposes are compatible with the purposes for which the relevant data was originally collected. For example, new developments in the legal or technical sphere and new business models and services may lead to new processing purposes.

3. Personalised services

The development and provision of personalised functionalities and services for you is our top priority. We offer you an individual shopping experience and a range tailored to your individual interests, regardless of location, time and devices used. The processing of your data to personalise our service is therefore an integral part of Zalando’s service.

Examples

  • If you create a wish list in the Zalando app, you can view and edit this later on the Zalando website.
  • If you search for products on the Zalando website, we save your search terms. This allows us to show the results first which are probably particularly relevant to you when you search the Zalando website in future.
  • If you place a product in the basket, we can give you recommendations on the selection of a suitable clothing size on the basis of your previous orders and returns.
  • If you have subscribed to our newsletter, we can present you with products which fit your previous orders.
  • We also consider your previous orders when recommending new products to you that may fit your shopping preferences.

Personalised services allow us to offer you better, more practical and more secure services. To this end we use the data we have stored about you in order to determine your needs and interests. On this basis we can offer you more relevant content corresponding to your needs and interests. Of course, you still have access to all content. Personalisation allows you to see content which is more relevant to you more quickly, or content is specially presented to you (e.g. in the form of individual product recommendations).

Most of our personalised services require you to set up a customer account so that we can save data we collect on you at a central location.

Data which we collect about you is saved on your customer account, along with your customer number (customer ID). The customer number is a randomly generated sequence of numbers which does not contain any personal data. Your data is associated with your customer number, in order to link you to your customer account. The customer number also functions as a pseudonym.

Personalised content is generally selected on the basis of all data stored on your customer account.

If device and access data is used which is not saved on your customer account, these are only pseudonymised for the relevant personalisation (so e.g. in connection with your customer number, but not in connection with your named or other directly identifying profile data) for the duration of the usage.

Not used:

  • Creditworthiness data
  • Information for campaigns and surveys
  • Job applications
  • Notifications (e.g. from customer service)

You can view most of the data we have stored on your customer account at any time. If required you can also edit this data on your account and influence personalisation, perhaps by providing your preferences.

If personalisation is based on device and access data, you can prevent the collection of this data by deactivating the collection of this data by tracking tools. Please bear in mind, however, that you will receive less or no personalised content and services. Please bear in mind that the data used for personalised services are also needed for other purposes (including the provision of our services), in which case the collection of the data required will continue to be collected. However, the advertising presented to you will then not be personalised.

4. Info on websites and apps

We use your data to provide access to the Zalando websites and apps. Along with the device and access data collected whenever you use these services, the type of data processed as well as the processing purposes depend especially on how you use the functions and services provided via our services. We also use the data collected when you use our services to find out how our online offering is used. We use this information and other information in the course of shopping personalisation to improve our services and for personalised advertising.

You can find the responsible service provider in the imprint of the relevant website or app.

We generally collect all the data which you directly share with us via our services.

Device and access data

Whenever you access our services and databases, we collect device and access data and record it in so-called server log files. The IP address it contains is anonymised shortly after the end of the relevant session, as soon as storage is no longer required to maintain the functionality of the relevant website.

If it is available and activated on your device, we also collect a device-specific ID number (e.g. a so-called “promo ID” if you are using an Android device or an “ad ID” if you are using an Apple device). This device ID is issued by the manufacturer of your operating system and can be read by websites and apps and used to present content on the basis of your usage habits. If you do not want this, you can deactivate it at any time in your device’s browser settings or system settings.

Login

We set up password-protected personal access for users who register for a customer account or another service. If you do not log out again after logging in with your login details, most services automatically keep you logged in. Depending on the type of service, a cookie or similar technology is used for this. This function allows you to use part of our services without having to log in again every time. For security reasons, however, you will be asked to enter your password again if, for example, you want to change your profile information or submit an order. You can find more information under “Personalised services”.

Social plug-ins

Our services may contain social plug-ins (“plug-ins”) from various social networks. These plug-ins allow you, for example, to share content or recommend products. The plug-ins are deactivated as standard and therefore do not send any data. You can activate the plug-ins by clicking on the corresponding button (e.g. “activate social media”. The plug-ins can also be deactivated again with a click. If the plug-ins are activated, your web browser sets up a direct connection to the web servers of the relevant social network. The content of the plug-ins is then transferred by the social network directly to your web browser and integrated by the latter into our website. Integrating the plug-ins allows the social network to receive the information that you have called up the relevant page of our internet offering and can collect your device and access data. If you are logged into the social network, the latter may also assign the visit to your account with the relevant social network. If you interact with the plug-ins, for example by clicking the Facebook “like” button or making a comment, the corresponding information will be transmitted by your browser directly to the social network and stored there. The purpose and scope of the data collection, and the further processing and use of the data by the particular social networks and your rights and configuration options concerning this to protect your privacy, can be found in the privacy notices of the respective social networks and websites. You can find the links to these below. Even if you are not registered with the social networks, websites with active plug-ins may send data to the networks. An active plug-in will place a cookie with an ID each time you call up the website. Because your web browser sends this cookie without being asked every time you connect to a server, the social network could in principle create a profile of which websites the user belonging to the ID had called up. And it would also be quite possible to assign this ID to a person, for example if they later registered with the social network.

Facebook social plug-ins

We use plug-ins by the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”), on several websites. You can find the link to Facebook’s Privacy Policy here: Facebook’s privacy policy.

Twitter social plug-ins

We use plug-ins by the social network Twitter, operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”), on several websites. You can find the link to Twitter’s privacy policy here: Twitter’s privacy policy.

Pinterest social plug-ins

We use plug-ins by the social network Pinterest, operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”), on several websites. You can find the link to Pinterest’s privacy policy here: Pinterest’s privacy policy.

Social logins

Our services may offer you the option of registering with us directly using your social network accounts. If you wish to use this function, you will first be forwarded to the relevant social network’s offering. There you will be asked to log in with your user name and password. Of course, we do not ourselves take note of your login details. If you are already logged in, this step will be skipped. The relevant social network then notifies you and asks you to confirm which data are transmitted to us (e.g. public profile, friends list, email address and current residence). We use the data transmitted to create your customer account, but will not, of course, save your friends list, for example. No further permanent connection between your customer account and your social network account will take place. We also receive social network data from the providers of the relevant social networks.

Shopping personalisation

Our services use the device and access data from the usage analysis, which are collected when you use our service, for shopping personalisation. Depending on the type of service, this may include common tracking technologies using tracking pixels and identification cookies or similar Ids (so-called tagging). In addition, our advertising partners may collect your device and access data in this way, in order to provide us with information on your interests and demographic data (such as age, gender, region) during your use of our services. This allows us to present you with advertising and/or particular offerings and services which correspond to your interests (for example product recommendations based on the fact that you have only viewed trainers in the last few days). Our goal when doing this is to make our offering as attractive to you as possible and to present you with advertising corresponding to your interest areas. Of course, you can continue to use all content and functions. This on-site optimisation does, however, allow us to first show you content and functions which are more relevant for you. On-site optimisation is carried out automatically by our systems, which recognise that users have repeatedly called up products and content from particular categories.

Find out more

You can find further information under “How does Zalando use my data for advertising?”

If you do not want on-site optimisation, you can deactivate this function at any time:

  • To do this, please deactivate the “data processing” function (in the Zalando app you will find this function on the info menu under the point “About us”).

In other services, please do this by deactivating web analysis or app analysis.

Info on website cookies

Our websites use cookies. Accepting cookies is not a prerequisite for using our websites. We would, however, like to point out that our websites can only function on a limited basis if you do not accept cookies. You can set your browser up in such a way that cookies are only saved if you agree to this.

What are cookies?

Cookies are small text files which are saved by your web browser and which save particular settings and data for exchange with our web server.

A distinction is generally made between two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and temporary/permanent cookies which are stored for a longer period. Storing this data helps us to design our websites and services for you accordingly and makes them easier for you to use, for example by saving particular entries so that you do not have to repeat them constantly.

The cookies used by our website may come from Zalando or advertising partners. If you only wish to accept the Zalando cookies, but not our advertising partners’ cookies, you can choose the corresponding setting in your browser (e.g. “block third-party cookies). The help function in your web browser’s menu bar generally shows you have to reject new cookies, and to turn off cookies which have already been received. We recommend that you completely log out after you finish using our website on shared computers which are set to accept cookies and Flash cookies.

Our services use three categories of cookies:

  • Necessary cookies: These cookies are required for optimal navigation and operation of the website. For example, these cookies are used to implement the basket function, such that the goods in your basket stay saved while you continue with the purchase. The necessary cookies also serve to save particular inputs and settings which you have made so that you don’t have to constantly repeat them, and to adapt Zalando content to your individual interests. Only limited use of the website is possible without necessary cookies.
  • Statistical cookies: These cookies collect device and access data to analyse the use of our website, such as which areas of the website are used how (so-called surfing behaviour), how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our website and to find out what our users are interested in, and to measure how effective our advertising is. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
  • Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data, in order to adapt personalised advertising on Zalando websites to your individual interests. Our advertising partners who operate online advertising networks also collect device and access data on our websites. This allows us to display personalised advertising on other websites and in other providers’ apps which fits your interests (so-called retargeting). Marketing cookies can be blocked without adversely affecting the navigation and operation of the website. Shopping personalisation may, however, not be possible.

We have collected country-specific overviews of all cookies used in the Zalando shop. You can find these under “Information on individual websites”.

App stores/installation

Zalando apps are available on app platforms run by third parties, so-called app stores (e.g. Google Play and Apple App Store). Download may therefore require prior registration with the relevant app store. Zalando has no influence on the processing of your data in connection with your registration with and use of these app stores. The operator of the relevant app store therefore has full responsibility. Please get information if required from the relevant app store operator directly.

Sharing content

If your operating system has an integrated function for sharing app content, you can call this up in our apps via the share or recommend button in order to share content or recommend products. Depending on which functions your device or operating system has and how you have configured your device, you can also use social networks to share content.

We would like to point out that the share functions used by our app are operating system-side functions. We do not receive any information on the recipients and content of your communication. You can get more information on the share functions and your configuration options from the manufacturer of your device.

Which social networks are available to you for sharing content depends on which social networks you are a member of and how you have configured your membership account and device. You can find further information in the relevant privacy policies of the social networks you use.

Location-based services

The functions of some of our apps use your device’s location services to collect location information. This is for the purpose of offering you app-based services and content tailored to your current location. For example, an app can show you transactions in your area and suggest products to you which are suited to the weather at your current location. If you allow the app to access location services, your location will be regularly transmitted to us for this purposes. We do not use this data to produce any motion profiles.

Push service

Our apps can inform you using push notifications of particular events or topics even if you are not currently using the app. Push notifications are an app-specific form of notification which we can use to address you directly. If you do not want this, you can deactivate the push service at any time using your device settings and in the settings within the app.

If you activate the push notification service, your device will be assigned a device-specific push ID. For technical reasons, no push notifications can be sent without a push ID. Push Ids are only encrypted, randomly generated sequences of number.

System authorisations

For some functions, our apps must be able to access certain interfaces and data on your device. Depending on which operating system you use, this may require your express consent. Below we explain to you which authorisations (if these are relevant for the processing of your data) our apps may request and for which kind of functions these authorisations are required. You can change your authorisation settings in your devices’ system settings.

  • Location services/location information: Authorisation for access to your device’s location services is required, so that an app can access the location determined by your device. If you do not allow access, the location-based display of content may not be possible, or may only be possible on a limited basis.
  • Notifications/push notifications: Authorisation is required for the use of the push service. Some devices activate authorisation for all apps as standard.
  • Access to saved photos: The authorisation is necessary so that an app can access saved photos (read access) or photos produced by an app can be saved on your device (write access).
  • Camera: Authorisation is required so that an app can use your device’s camera function, perhaps to take photos or capture QR codes. The relevant app will only access the camera if you use the relevant function in the app.
  • Requesting mobile data (iOS) or access to all networks and network connections (Android): When using or installing certain apps, these authorisations will be requested in order to allow the relevant app to transfer data via your device’s internet connection (by WLAN or data connection). This authorisation may be necessary in order to transfer inputs in the app, e.g. in the course of a search, to our servers.
  • Changing, deleting or reading the content of USB memory devices/SD cards: These authorisations are required to allow the relevant app to store or read data on your device’s memory or any auxiliary storage. The relevant app will only read the data which was stored in connection with the use of this app.

Our websites and apps contain cookies and similar tracking technologies from advertising partners which operate an online advertising network. This also allows our advertising partners to collect your device and access data and to present you with personalised advertising on other websites and in other providers’ apps targeted to your interests (e.g. advertising based on which products you have previously viewed in the Zalando shop).

You can find further information under “How does Zalando use my data for advertising?”

You can deactivate the processing of your data for retargeting at any time:

  • To do this, please deactivate the “Data processing” function in the Zalando shop. You can find this function in the Zalando app in the info menu under the point “About us”. In the Zalando web shop you can find this function directly next to the link to this Privacy Notice.
  • In other services, please do this by deactivating usage analysis.
  • For other websites and apps you can also deactivate retargeting by participating online advertising networks on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Deactivate further advertising.

We use common tracking technologies to evaluate device and access data. This allows us to find out how our offering is being used by our users in general. We do this using identification cookies and similar identifiers. This allows us to find out, for example, which content and topics are particularly popular, when our services are used the most, from which regions (down to the city level) our services are used and which browsers and devices our users generally use.

We may also carry out so-called A/B tests in the course of usage analysis. A/B tests are a special kind of usage analysis. A/B testing (also known as split testing) is an approach to comparing two versions of a website or app in order to find out which version performs better, is more popular or lets users find their desired content quicker. Producing version A and version B and testing both versions provides data which makes it easier and faster to make changes to services and content.

You can find out which tracking tools our websites and apps use under “Information on individual websites”.

You can also find information there on deactivating usage analysis.

You can deactivate the processing of your data for usage analysis at any time:

  • To do this, please deactivate the “Data processing” function in the Zalando shop. You can find this function in the Zalando app in the info menu under the point “About us”. In the Zalando web shop you can find this function directly next to the link to this Privacy Notice.
  • In other services, please do this by deactivating usage analysis.

5. Information about Social Media Fan Pages

Zalando maintains social media profiles on the social networks of Facebook and Instagram (so-called "fan pages"). We regularly publish and share content, offers and product recommendations on our fan pages. The operators of the social networks record your usage behaviour via cookies and similar technologies upon every interaction on our fan pages or other Facebook or Instagram websites. Fan page operators can view general statistics about the interests and demographic characteristics (e.g. age, gender, region) of fan page visitors. When you use social networks, the nature, scope and purposes of processing social network data are determined primarily by the social network operators.

The responsible Zalando company, which acts as the content provider responsible of a fan page, is visible in the Legal Info of the respective fan page.

The Facebook and Instagram social networks are both provided by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

Insofar as you communicate directly with us via our fan pages or share personal content with us, Zalando shall be responsible for processing your data. An exception applies to the data processing for usage analysis (Page Insights) which is described in the following; in this case, we are jointly responsible with Facebook.

Processing of your data by Facebook

Please note that Facebook also processes your data when you use our fan pages for their own purposes, which are not covered in this Privacy Notice. We have no influence over these data processing operations of Facebook. In this regard, we refer you to the privacy policy of the respective social networks:

When you visit our fan pages, Zalando collects all communications, content and other information that you provide us directly, e.g. when you post something on a fan page or send us a private message. Of course, if you have an account on the social network, we can also see your public information, such as your username, information in your public profile, and content that you share with a public audience. For more information, see "Which data does Zalando process?”.

Usage Analysis (Page Insights)

Whenever you interact with fan pages, Facebook uses cookies and similar technologies to track the usage behaviour of fan page visits. On this basis, fan page operators receive so-called "Page Insights". Page insights contain only statistical, depersonalised (anonymised) information about visitors to the fan page, which can therefore not be assigned to a specific person. We do not have access to the personal information Facebook uses to create Page Insights ("Page Insights data"). Selection and processing of Page Insights data is performed exclusively by Facebook.

Page insights offer us information about how our fan pages are used, what interests visitors to our fan pages have, and what topics and content are particularly popular. This allows us to optimise our fan page activities, e.g. by better tailoring to the interests and usage habits of our audience when planning and selecting content.

Zalando and Facebook share responsibility for processing your data for providing Page Insights. For this purpose, we and Facebook have defined an agreement about which company fulfils the data protection obligations under the GDPR with regard to Page Insights data processing.

More about Page Insights

You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

Facebook has summarised the important parts of this agreement (including a list of Page Insights data) for you here: https://www.facebook.com/legal/terms/information_about_page_insights_data

Legal bases: If you have given consent to the creation of Page Insights data to Facebook, the legal basis is Article 6 (1) a GDPR (Consent). Otherwise, the legal basis is Article 6 (1) f GDPR, whereby our legitimate interests are in the above purposes.

Of course, your privacy rights described in "Which data protection rights do I have?" also apply to the processing of your data in connection with our fan pages.

For the purposes of processing your Page Insights data with Facebook, we have agreed with Facebook that Facebook is primarily responsible for providing you with information about the processing of your Page Insights data and for enabling you to exercise your privacy rights under the GDPR (e.g. right to object). You can find more information about your data protection rights in connection with Page Insights and how you can exercise them directly with regard to Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data

Tip:

You can also address your enquiry to Zalando; we will then forward your enquiry to Facebook.

6. Newsletter

We offer you various newsletter services which include

  • Inspirational content such as updates on brands, trends, offers, sales, categories;
  • Reminders e.g. when an item on your wishlist is reduced in price, if items in your bag are forgotten or if you asked for a size reminder;
  • Surveys which for example seek to find out whether you liked the items you purchased;
  • Personalised recommendations of items we think you might like based on your previous orders and browsing behaviour;
  • Updates from the influencers or brands that you may follow on our site.

If you signed up for newsletters, you will receive some of the newsletter services as described above (depending on the scope of your subscription). There are also service-specific newsletters, which are integral components of a particular service.

For example, you will only receive the Zalando Lounge newsletter if you are a member of the Zalando Lounge shopping club. You will need a Zalando Lounge newsletter so that you can be informed about current short time offers and use the advantages of the shopping club.

When sending out our notifiable newsletters (such as the Zalando shop newsletter), we use the so-called double opt-in procedure or single opt-in procedure (country-dependent), i. e. we will only send you the newsletter if you have given explicit prior consent to us activating the newsletter. If a double opt-in is required in your country, you must also have confirmed that the email address you have shared with us belongs to you. For this purpose, we will send you a notification email and ask you to confirm by clicking on one of the links in this email that you are the owner of the email address you have shared with us. We may waive this measure if you have already confirmed to us in this way for another purpose that you are the owner of this email address.

You can change the settings for the newsletter services anytime yourself. For Zalando Shop and Zalando Lounge you can choose your settings in the corresponding preference centre (www.zalando.[locale]/messages for the Zalando shop and https://www.zalando-lounge.de/myaccount/newsletter for the Zalando Lounge) - please visit the preference centre so that we can best respond to your wishes and interests.

Sometimes you may also receive email reminders if you have left items in your shopping cart without checking out. If you do not want to receive these alerts you can manage your preferences via login into your profile and unselect the checkbox “Item alerts” in the category “Your Newsletters”.

Furthermore, you may receive commercial messages from Zalando (subject to competition law) , e.g. individual recommendations after your last purchase, without having subscribed to a newsletter. You can find further information about this under “Individual product recommendations by email and push service”.

In order to provide you with more personalised content, Zalando also aggregates data based on your engagement with Zalando and its services. For example, if you open our newsletters often, we know that you are interested in them and will be able to serve your needs accordingly both in terms of frequency and content of the emails.

If you no longer wish to receive emails from us, you can unsubscribe at any time by using the unsubscribe link available in every newsletter or in every commercial message you receive from us. You may also send a notification in text form (e.g. email, fax, letter) to the Zalando company responsible for the relevant newsletter. Where preference centres are available (like for Lounge and Zalando Shop), you can unsubscribe from the newsletter in the preference centre too.

Feel free to contact datenschutz@zalando.de to unsubscribe or in case you experience any difficulties.

Unsubscribing from Newsletters

If you wish to unsubscribe from the Zalando shop newsletter, you can use the link provided in every newsletter email. If you are also subscribed to newsletters sent by another Zalando shop like Zalando Lounge or Zalando Outlets, please follow the unsubscribe link in those newsletters or contact datenschutz@zalando.de to unsubscribe from all newsletters. Please be aware that unsubscribing from one Zalando shop service does not automatically entail unsubscription from all services.

If you subscribe to a newsletter, we temporarily store your IP address and save the time of your subscription and confirmation. This way we can prove that you actually subscribed and identify any unauthorised use of your email address.

We collect device and access data when you interact with newsletters, transactional emails, as well as push notifications. For this evaluation, the newsletters contain links to image files stored on our web servers. When you open a newsletter, your email programme loads these image files from our web server. We collect the device and access data under a randomly generated ID number (newsletter ID), which we will not use to identify you without your consent. This way we can understand whether and when a newsletter was opened. The links contained in the newsletters likewise contain their newsletter ID so that we can determine which content is read. In order to personalise the communication, we collect open and click data to provide you with relevant communication. We aggregate the data for newsletter ID and connect your newsletter subscription with your customer account in order to personalise newsletter content according to your interests and usage habits and to statistically analyse how our users use the newsletter service.

This shopping personalisation is an integral component of the Zalando shop newsletter. You may object to the personalisation at any time by changing your settings in the “Data Preferences” section on Zalando’s website.

We connect this data to other data which we collect within the framework of usage analysis, as long as you opt in for analytics tracking in the “Data Preferences” section on our website.

Alternatively, you can deactivate the display of images in your email programme. In this case, however, the newsletter will not be displayed to you in full.

7. Individual product recommendations by email and push service

In connection with our services we present information and offerings from Zalando on the basis of your interests. You may receive a limited number of individual product recommendations, surveys, as well as product review requests from us regardless of whether you have subscribed to a newsletter. In accordance with legal stipulations, we preferentially use the data on your previous orders, to select individual product recommendations.

You can also find further information about the personalisation of individual recommendations under “Personalised services”.

If you do not wish to receive any individual product recommendations from us by email, you can informally object to it at any time by clicking the unsubscribe link which you will find in every email, or by sending an email to datenschutz@zalando.de. For push notification settings, you can deactivate these in the Zalando Application by following My Account > Settings > Notifications.

8. Vouchers

We use the data submitted when ordering Zalando vouchers to check and process the order and to issue and redeem the voucher. This also includes the recording and processing of the data connected to use of the voucher, especially for fraud prevention.

We also stored the following data for this purpose:

  • Date of issue
  • Voucher value
  • Voucher code
  • Personalisation data (if you provide this)
  • Name of voucher holder (for personal vouchers)
  • Time of voucher redemption
  • Name of the redeeming party and the customer account ID of the account used for redemption.

9. How does Zalando use my data for advertising?

We and our advertising partners use your data for personalised advertising presented to you in Zalando’s services and on other providers’ websites and apps. We and our advertising partners use the prevailing market technologies for this purpose. This allows us to advertise in a more targeted way in order to display as many adverts and offers to you which are actually relevant to you. This allows us to better meet our users’ needs as regards personalisation and discovering new products and to interest you in our service in the long run by providing a more personalised shopping experience.

Please note that Zalando IOS apps released after 10 June 2021 no longer share any data with third parties for marketing purposes. In case a particular IOS app still offers features that involve data sharing with a third party for marketing purposes, your data will only be shared if you click “agree” on an iOS tracking prompt.

Example

If you are looking for trainers on the website of a Zalando advertising partner, we can take this information into account in your product searches in the Zalando shop. This allows us e.g. to show you trainers first in the “shoes” area or to recommend you trainers in the feed on the homepage. If you inform us of preferences in your customer account or you have already bought sports items from us, we can also take this information into account in our recommendations.

The advertising formats used by Zalando and Zalando’s advertising partners include presentations in the Zalando shop (within the framework of on-site and in-app optimisation), adverts on social networks (e.g. Facebook ads, Instagram ads, YouTube video ads) and advertising spaces mediated via the online advertising networks used by Zalando such as DoubleClick by Google.

Zalando Marketing Services GmbH

Advertising services at Zalando are also offered by Zalando Marketing Services GmbH. On the Zalando Marketing Services GmbH website

Zalando does not sell any personal data. When our advertising customers book a Zalando advertising format with Zalando Marketing Services GmbH, they do not receive any data which could be used to contact or identify you without your express consent. Our advertising customers only receive anonymous, aggregated reports with information on the effectiveness and reach of the advertising services we provide. These reports are based on Zalando Marketing Services GmbH’s own surveys, and sometimes also take into account summarised reports which we receive from our advertising partners and social networks. These show, for example, how our advertising services have affected sales to various groups of customers.

In creating target groups we use our own findings from data analysis on our users’ usage and purchasing behaviour and customers as well as our market research on user segmentation which we apply to the user data collected by Zalando. In doing this we especially consider aggregated, pseudonymised or anonymised shopping data, search histories, interests data and demographic profile data as well as device and access data.

Example

A target group may be: “Women between 25 and 35 years old who are fashion-conscious and interested in sport, and who have ordered an Adidas product in the last year”.

Our advertising partners also have the option to provide us with their own data for user segmentation, which was collected by the advertising partners themselves. The advertising partners must undertake only to provide Zalando with aggregated, encrypted or anonymous data, so that we cannot assign the data to any particular person, especially any particular user of the Zalando shop. Some target groups are created on the basis of the users’ surfing behaviour. This is the case if advertising is only intended to be presented to users who have recently visited a particular website or searched for particular content.

We use the above information within the framework of on-site optimisation in order to present you with more relevant information and content when you search for products, call up your feed or visit a product area. On-site and in-app optimisation is based on cookies and similar identification technologies for the pseudonymous collection of device and access data. This data is not used to identify you personally, but rather to evaluate your usage pseudonymously. Your data is never permanently combined with other personal data we have stored on your person. This technology allows us to present you with products and/or particular offerings and services with content based on your device and access data (for example advertising geared to the fact that you have only viewed sports clothing in the last few days).

If you do not want on-site optimisation, you can deactivate this function at any time:

  • To do this, please deactivate the “Data processing” function in the Zalando shop. You can find this function in the Zalando app in the info menu under the point “About us”. In the Zalando web shop you can find this function directly next to the link to this Privacy Notice.
  • In other services, please do this by deactivating web analysis or app analysis. Please bear in mind that data used for on-site and in-app optimisation is also used for other purposes (including the provision of our services). The collection of the data used for this is therefore not prevented by deactivation. The advertising presented to you will, however, no longer be personalised.

If we advertise via advertising formats offered by social networks (e.g. YouTube, Facebook, Instagram), we have the option of forwarding encrypted information on Zalando users (e.g. device and access data such as advertising and cookie IDs, email addresses) which we believe belong to an advertising customer’s target group or show particular features (e.g. age group, region, interests).

The relevant social network will then - either on our behalf as an order processor or with the consent of the relevant user - decrypt the transmitted data and display the advertising booked by us to the user as part of his existing usage relationship with the relevant social network (if he is a member of the relevant social network).

If you do not want us to use your data to present you with personalised advertising on social networks, you can deactivate the forwarding of your data:

  • To do this, please deactivate the “Data processing” function in the Zalando shop. You can find this function in the Zalando app in the info menu under the point “About us”. In the Zalando web shop you can find this function directly next to the link to this Privacy Notice.
  • In other services, please do this by deactivating web analysis or app analysis.

If you have consented to the forwarding of your data to social networks, you can withdraw your consent at any time.

You may also have the option of deactivating the use of your data for personalised advertising by the social networks you use by directly contacting the relevant providers. For further information, directly contact:

Facebook (Facebook, Instagram):

Google (Google advertising network, YouTube, Google search):

Advertising partners which run an online advertising network may use cookies and similar technologies to pseudonymously collect your usage behaviour using device and access data on the Zalando shop and in other providers’ apps. These advertising partners use the data collected in order to identify the probability of you belonging to the target group we are addressing, and take this into account when choosing the adverts on the advertising spaces mediated via their online advertising network. This standard internet technology is referred to as retargeting. Retargeting allows us to run advertising which is as relevant to you as possible and to measure the efficiency and reach of the advertising materials, but also to check our advertising partners’ bills for campaigns we are running.

You can get further information on the operators of the respective advertising spaces and the online advertising networks charged with mediating them. You can find an overview of advertising partners and information on deactivation under “Information on individual websites”.

You can deactivate the processing of your data for retargeting at any time:

  • To do this, please deactivate the “Data processing” function in the Zalando shop. You can find this function in the Zalando app in the info menu under the point “About us”. On the Zalando web shop you can find this function directly next to the link which you used to reach this Privacy Notice.
  • In other services, please do this by deactivating usage analysis.
  • You can deactivate retargeting by participating online advertising networks for our websites on the deactivation page of the European Interactive Digital Advertising Alliance (EDAA): Deactivate further advertising.

Please bear in mind that the data used for retargeting is also needed for other purposes (including the provision of our services). The collection of the data used for this is therefore not prevented by deactivation. The advertising presented to you will then not, however, be personalised.

10. Who is my data forwarded to?

Zalando only forwards your data if this is allowed by German or European law. We work particularly closely with certain service providers, for example in the area of customer service (e.g. hotline service providers), with technical service providers (e.g. running computer centres) or with logistics companies (e.g. postal companies such as DHL). These service providers may generally only process your data on our behalf under special conditions. Where we use them to process orders, the service providers only receive access to your data in the scope and for the time period required for provision of the relevant service. If you shop with a Zalando partner, we forward particular shopping data regarding you to the Zalando partner (e.g. your name and your delivery address), so that the Zalando partner can send you the goods ordered.

Many systems and technologies are shared within Zalando Group. This allows us to offer you a more economical, secure, unified and personalised service. Therefore, companies within Zalando group which require access to your data to fulfil our contractual and legal obligations, or to fulfil their respective functions within Zalando group, receive this access.

Examples

  • If you register with your customer account (provider: Zalando SE) for Zalon (provider: Zalando Fashion Entrepreneurs GmbH), Zalando SE grants Zalando Fashion Entrepreneurs GmbH access to the information stored in your customer account in the necessary scope.
  • When you contact Zalando customer service, your request is forwarded to Zalando Customer Care DACH SE & Co. KG or Zalando Customer Care International Se & Co. KG and processed there. Both these Zalando companies are responsible for customer service within Zalando group. Where this is necessary to process your concerns, these two Zalando companies may access your data stored by other Zalando companies, for example your order data.
  • When you submit an order, your order and payment details are forwarded to Zalando Payments GmbH. Zalando Payments GmbH is responsible for payment processing within Zalando Group.

We work with external shipping companies (e.g. DHL) to deliver orders. These shipping companies receive the following data to execute the relevant order:

  • Your name
  • Your delivery address
  • your post number if applicable (if you wish to have the order delivered to a DHL packing station)
  • your email address if applicable (if the shipping company wishes to inform you of the provisional delivery date by email)

Within the framework of the Zalando partner programme we allow other retailers (so-called Zalando partners) to sell their products (so-called Zalando partner items) via the Zalando shop. The Zalando shop serves as a sales platform for the mediation of purchase agreements within the framework of the Zalando partner programme. “Sale and shipping by our partner” is then displayed under the relevant Zalando partner item, along with the name of the relevant Zalando partner.

When you order a Zalando partner item, the item is generally dispatched by the relevant Zalando partner. We forward your shopping data to the Zalando partner for this purpose. This includes:

  • Details on the Zalando partner items ordered
  • Your name
  • Your delivery address

In some cases or countries we also transmit your email address or telephone number to a partner, but only where this is necessary to facilitate the delivery of the item to you.

Even if you purchase a Zalando partner item, Zalando remains responsible for processing your data. Your data will neither be processed together with a Zalando partner nor on behalf of a Zalando partner. Zalando will ensure that the Zalando partner programme does not give Zalando partners any control over the processing of your data. When you purchase a Zalando partner’s items or goods from Zalando, Zalando only transmits to the Zalando partner the data listed above which the Zalando partner requires in order to fulfil its service to you, i.e. normally in order to deliver the purchased goods to you. When Zalando transmits your data to a Zalando partner for the reasons above, Zalando will ensure in the contractual agreements with the partners that the Zalando partner only processes your data for the above purposes.

Please bear in mind that the Zalando partners have their own data protection provisions. You can usually find these on the relevant partner pages of the Zalando partner. Zalando is not responsible for its partners’ data protection provisions and data processing practices.

We work with technical service providers in order to be able to provide our services. These service providers include, for example, Telekom Deutschland GmbH, Salesforce.com EMEA Ltd. and Amazon Web Services, Inc. If they process your data outside the European Union, this may mean that your data is transmitted to a country with a lower data protection standard than the European Union. In such cases Zalando will ensure that the relevant service providers contractually or otherwise guarantee an equivalent data protection level.

Zalando offers different payment options, such as advance payment, payment by credit card, payment by PayPal and payment on invoice. For this purpose, payment data can be transferred to payment service providers with whom we work with. You can find more details about processing of personal data by payment service providers in their privacy policies:

  • Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, the Netherlands. Please find more information in Adyen Privacy Policy.
  • American Express Payment Services Limited, a branch office in Germany, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. Please find more information in American Express Privacy Policy.
  • Elavon Financial Services DAC, a branch office in Germany, Lyoner Str. 36, 60528 Frankfurt am Main. Please find more information in Elavon Privacy Policy.
  • Worldpay B.V. Claude Debussylaan 16, 6th Floor, 1082 MD Amsterdam, the Netherlands. Please find more information in Worldpay Privacy Policy.
  • iDeal by Deutsche Bank AG, a branch office in the Netherlands, De Entree 195, 1101 HE Amsterdam. Please find more information in Deutsche Bank Privacy Policy.
  • Svea Payments Oy, Mechelininkatu 1a, 00180 Helsinki. Please find more information in Svea Payments Privacy Policy.
  • BS PayOne by PayOne GmbH, Lyoner Straße 9, 60528 Frankfurt am Main. Please find more information in PayOne Privacy Policy.
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Please find more information in Paypal Privacy Policy.
  • przelewy24 by PayPro Spólka Akcyjna, ul. Kanclerska 15, 60-327 Poznań and DialCom24 sp. z o.o., ul. Kanclerska 15, 60-327 Poznań. Please find more information in przelewy24 Privacy Policy.

Cooperation with external credit agencies for fraud prevention, payment method selection and credit checks is country-specific, in order to take account of country-specific features and requirements. Under Country-specific information you can find information on which external payment service providers and credit agencies we work with in which countries. There you can also find special privacy policies which we provide you with on behalf of the relevant payment service providers and credit agencies.

Work is carried out in collaboration with external collection service providers specific to each country to allow for peculiarities and requirements in each country. Under Country-specific information, you can find information on which external collection service providers we work with in which countries. There you can also find special privacy policies which we provide you with on behalf of the relevant payment service providers and credit agencies.

As part of advertising campaigns we forward data to social network providers within the scope of data protection law. You can find further information under “How does Zalando use my data for advertising?”.

Please note that Zalando IOS apps released after 10 June 2021 no longer share any data with third parties for marketing purposes. In case a particular IOS app still offers features that involve data sharing with a third party for marketing purposes, your data will only be shared if you click “agree” on an iOS tracking prompt.

If we are obliged by an official or court decision or it is for prosecution purposes, we will if necessary forward your data to prosecution authorities or other third parties.

11. Which data protection rights do I have?

You have the following legal data protection rights under the relevant legal conditions: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with a supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR). If you want to exercise your data protection rights you can reach out to our Privacy Team by sending an email to datenschutz@zalando.de. For more information see section Contact.

Important information:

  • In order to ensure that your data is not disclosed to third parties in the course of requests for information, please attach sufficient proof of identity to your request by email or post.

Tip

It is generally sufficient for this if you send your request to us using the email address saved to your account.

  • You can change most of your information yourself in your customer account. For other cases please contact customer service.
  • The competencies of the data protection authorities depend on the seat of the data controller. You may, however, contact any data protection authority in any member state of the European Union, in particular at your place of residence, which will forward your complaint to the competent authority. The lead authority competent for Zalando is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Alt-Moabit 59-61, 10555 Berlin, Germany.
  • If you have given consent for the processing of your data, you may withdraw it at any time. Withdrawal has no effect on the admissibility of the processing of your data which took place before the withdrawal.
  • You may object to the processing of your data for advertising purposes, including direct marketing (including in the form of data analysis) at any time without giving reasons.
  • If we are processing your data on the basis of balancing of interests according to Article 6 (1) f GDPR (e.g. the reporting of creditworthiness to an external credit agency), you may object to the processing. When asserting your objection, we ask you to give the reasons why you do not wish us to continue processing your data. In the event of a justified objection, we will check the state of affairs and either stop or adjust the processing, or inform you of the urgent reasons worthy of protection why we are entitled to continue the processing.

12. When will my data be deleted?

We will store your personal data as long as is necessary for the purposes named in this Privacy Notice, especially for the fulfilment of our contractual and legal obligations. We may also store your personal data for other purposes if or as long as the law allows us store it for particular purposes, including for defence against legal claims.

If you close your customer account, we will delete all the data we have stored regarding you. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be blocked for further processing.

What does blocking mean?

If data is blocked, restriction of access rights and other technical and organisational measures are used to ensure that only a few employees can access the relevant data. These employees may also only use the blocked data for the above purposes (e.g. for submission to the tax office in the event of a tax audit).

Blocking will occur, for example, in the following cases:

  • Your order and payment details and perhaps other details are generally subject to various legal retention obligations, such as those in the Handelsgesetzbuch (HGB - Commercial Code) and the Abgabenordnung (AO - Tax Code). The law obliges us to retain this data for tax audits and financial audits for up to ten years. Only then can we finally delete the relevant data.
  • Even if your data is not subject to any legal retention obligation, we may refrain in the cases allowed by the law from immediate deletion and instead carry out initial blocking. This applies especially in cases where we may need the relevant data for further contractual processing or prosecution or legal defence (e.g. in the event of complaints). The decisive criterion for the duration of the blocking is then the legal limitation periods. After the relevant limitation periods expire, the relevant data will finally be deleted.

Deletion may be waived in the cases allowed by law if the data is anonymous or pseudonymous and deletion would rule out or seriously hinder processing for scientific research or statistical purposes.

13. How does Zalando protect my data?

We transmit your personal data securely using encryption. This applies to your order and your customer login. We do this using the coding system SSL (Secure Socket Layer). We also use technical and organisational measures to secure our website and other systems against loss, destruction, access, change or dissemination by unauthorised persons.

14. Changes to this Privacy Notice

Further development of our websites and apps and the implementation of new technologies to improve our service for you may require changes to this privacy notice. We therefore recommend that you re-read this Privacy Notice from time to time.

15. Contact

You can reach out to our Privacy Team for general questions on privacy and in order to exercise your data protection rights by sending an email to datenschutz@zalando.de.

In order to directly contact our Data Protection Officer, please send your inquiry to the following postal address indicating that it is “to the attention of Data Protection Officer”:

Data Protection
Zalando SE
Valeska-Gert-Straße 5
10243 Berlin
Germany
Fax: +49 (0)30 2759 46 93
Email: datenschutz@zalando.de

16. Service-specific information

Our data processing may differ from service to service. Here you can find out which service-specific deviations apply.

Sizer

In Germany, we offer to our customers the service called Sizer in order to provide them with body size measurement so that it is easier to find fitting clothes and sizes. If you use this service, we will process the pictures that you take of yourself to take your measurements. Before we take measurements, we de-identify submitted images using pixelation and color reversals. After the measurements were taken, we delete the pictures and keep and share with you the data on your measurements to provide you with the right sizes of articles and to improve our fitting recommendations.

For the processing we are using the service provider Sizer Technologies Ltd., 22 Maskit St., Herzliya, based in Israel. Israel is considered a country offering level of protection adequate level of protection as compared to the EU.

Legal basis for the processing: We process your data in order to provide you the service that you requested from us. (Art. 6 (1) b GDPR). We process data on aggregated level to learn more about sizing and fitting and to improve the service. Art. 6 (1) f GDPR.

Information regarding the use of the Messenger-function

We use a messenger function on our website. Using the messenger function, you can get in touch with our stylists to determine your preferred style of clothing , which products you like and to negotiate individual contract components (deselecting products or adding products etc.) We store your messages in order to improve our service quality and to respond better to your needs within the scope of this contractual relationship. Through the messenger function, we can provide you with additional support for your enquiries.

The messenger function is used on the basis of article 6 para 1. sentence 1 lit.b GDPR in order to provide the service you have requested. We store the data collected through the use of the messenger function. The data is stored for as long as we require for the purposes stated. You can find more information on the criteria for determining the storage period in this data protection information under point 12. When will my data be deleted?.

If you decide to use the messenger function, we will process the following data:

  • First and Last name
  • Age
  • Gender
  • Height (Body size, Clothing size etc.)
  • Weight
  • Hair colour
  • Place of residence
  • Messages in the chat history
  • Photos
  • The products that are relevant for you/you are interested in

Google Maps

Zalando Lounge website uses the service of Google Maps, which is provided for users from the EEA and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together "Google"). This service allows Zalando Lounge customers to find a nearest pick-up point for orders based on their location. In order for Google Maps to enable this feature, your web browser must make a connection with a server operated by Google, which may be located in the USA. Should personal data be transmitted to the USA, we have concluded the Standard Contractual Clauses with Google.

If you access Google Maps service on our website while you are logged-on in your Google profile, Google may further combine this event with your Google profile. If you do not wish allocation to your Google profile, it will be necessary for you to log out before accessing our contact page. Google will store your data and use them for purposes of advertising, market research and personalised display of Google Maps. You can object to this data collection by contacting Google.

You will find more detailed information on this subject in Google’s Privacy Statement and in the Additional Terms of Service for Google Maps.

Legal basis for the processing: The legal basis is Art. 6 (1) a GDPR, based on your consent.

Web Push Notifications

We offer you the option to subscribe to browser (also known as web) push notifications to keep you up to date with Zalando Lounge’s latest offers. For this purpose, and to enable the sending of such notifications technically, we collect personal information. The data that we will gather for this activity involves personal data such as browser information, language setting, time zone, a device token, push address, when your web session started and which messages you may have clicked.

Your data will be shared with a third party company – Urban Airship Inc., 1125 West Burnside, Suite 401, Portland, Oregon/United States. The USA is a country that – in the terms of EU Regulation 2016/679 – does not provide an adequate level of protection of personal data; this implies, among other things, that governmental agencies in the USA may have the right to access your data without effective remedies being available. Zalando Lounge verifies additional measures to ensure adequate levels of data protection. This pertains to the conclusion of appropriate instruments such as the Standard Contractual Clauses as enacted by the European Commission.

In order to turn off the push notification service, update your browser settings in the following locations:

Google Chrome: Open Chrome/Settings/Privacy and Security/Site Settings/Notifications/

Firefox: Open Firefox/ Preferences/Privacy & Security/Scroll to Permissions/Select Settings for the Notifications

Safari: Open Safari/Preferences/Websites/Notifications

The legal basis for this processing is your consent, Art. 6 (1) a GDPR.

Data will be processed as long as it is necessary for the purpose.

17. Country-specific information

Our data processing may differ from country to country. Here you can find out which country-specific deviations apply.

Service providers for credit checks

The service provider of credit checks for consumers in Germany is Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden.

You can find detailed privacy policies for Infoscore Consumer Data GmbH in the sense of Article 14 GDPR, especially information on the business purpose, the purposes of data storage, data recipients as well as other data protection rights against Infoscore Consumer Data GmbH here and at https://finance.arvato.com/icdinfoblatt.

Service providers for collection services

The service providers for collection services in Germany are:

  • Alektum GmbH, Augustenstrasse 79, 80333 München;
  • Paigo GmbH, Gütersloher Strasse 123, 33415 Verl;
  • COEO Inkasso GmbH, Postfach 10 03 20, 41521 Dormagen;
  • Sirius Inkasso GmbH, Berliner Str. 93, 40880 Ratingen;
  • Pair Finance GmbH, Hardenbergstraße 32, 10623 Berlin.

Service providers for credit checks

The service provider of credit checks for consumers in Austria is CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany.

You can find detailed privacy policies for CRIF Bürgel GmbH in the sense of Article 14 GDPR, especially information on the business purpose, the purposes of data storage, data recipients as well as other data protection rights against CRIF Bürgel GmbH here: https://www.crifbuergel.de/de/datenschutz

Service providers for collection services

The service providers for collection services in Austria are:

  • Alektum GmbH, Schwedenplatz 2, 1010 Wien;
  • Infoscore austria GmbH, Weyringergasse 1, 1040 Wien;
  • COEO Inkasso GmbH, Hutweidengasse 22, 1190 Wien;
  • Lowell Inkasso Service GmbH, Regensburger Strasse 3, 4020 Linz.

Service providers for credit checks

The service provider of credit checks for consumers in Switzerland is CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany.

You can find detailed privacy policies for CRIF Bürgel GmbH in the sense of Article 14 GDPR, especially information on the business purpose, the purposes of data storage, data recipients as well as other data protection rights against CRIF Bürgel GmbH here: https://www.crifbuergel.de/de/datenschutz

Service providers for collection services

The service providers for collection services in Switzerland are:

  • Alektum AG, Gubelstrasse 24, 6300 Zug;
  • Infoscore Inkasso AG, Ifangstrasse 8, 8952 Schlieren;
  • Lowell Inkasso Service GmbH, Bahnhofstrasse 14, 9424 Rheineck.

Service providers for credit checks

The service provider of credit checks for consumers in the Netherlands is Experian Nederland B.V., Grote Marktstraat 49, 2511 BH The Hague, Netherlands.

Service providers for collection services

The service providers for collection services in the Netherlands are:

  • Alektum BV, Zekeringstraat 48-1, 1014 BT Amsterdam;
  • Infoscore Nederland BV, K. R. Poststraat 90-5, 8441 ER Heerenveen;
  • COEO Incasso BV, Wilhelminakade 159, 3072 AP Rotterdam.

Service providers for credit checks

The service provider of credit checks for consumers in Belgium is Focum Belgium BVBA, Nijverheidstraat 70, 2160 Wommelgem.

Service providers for collection services

The service providers for collection services in Belgium are:

  • Alektum BV, Lange Lozanastraat 142, 2018 Antwerpen;
  • Infoscore Nederland BV, K. R. Poststraat 90-5, 8441 ER Heerenveen, Netherlands;
  • COEO Incasso BV, Leonardo da Vincilaan 19a, 1831 Diegem.

Service providers for credit checks

The service provider of credit checks for consumers in Sweden is Creditsafe i Sverige AB, Box 320, 401 25 Göteborg.

Service providers for collection services

The service providers for collection services in Sweden are:

  • Alektum Group AB, Nils Ericsonsgatan 17, Box 111 08, 404 23 Göteborg;
  • Gothia Inkasso, Box 1143, 432 15 Varberg;
  • Lowell Sverige AB, Kungsgatan 57 A, 111 22 Stockholm.

Service providers for credit checks

The service provider of credit checks for consumers in Norway is Experian AS, Karenslyst Alle 8 B, PO Box 5275 Majorstuen, 0303 Oslo, Norway.

Service providers for collection services

The service providers for collection services in Norway are:

  • Alektum AS, Nedre Langgate 20, Postboks 2370, 3103 Tønsberg;
  • Gothia AS, Postboks 115, 7901 Rørvik;
  • Lowell Norge AS, Postboks 6354, Etterstad, 0604 Oslo.

Service providers for credit checks

The service provider of credit checks for consumers in Finland is Suomen Asiakastieto Oy, Työpajankatu 10 A, 00580 Helsinki, Finland.

Service providers for collection services

The service providers for collection services in Finland are:

  • Credit Visor Oy, PL 104, 00101 Helsinki;
  • Gothia Oy, PL 722, 20101 Turku;
  • Lowell Suomi Oy, PL 20, 20101 Turku.

Service providers for collection services

The service providers for collection services in France are:

  • Alektum SAS, 30 Rue Godot de Mauroy, 75009 Paris;
  • Infoscore France, K. R. Poststraat 90-5, 8441 ER Heerenveen, Netherlands.

Service providers for collection services

The service providers for collection services in Denmark are:

  • Alektum A/S, Ny Banegårdsgade 55, 2 8000 Aarhus;
  • Gothia A/S, Østbanegade 55 2 tv, 2100 København;
  • Lowell Danmark A/S, Langmarksvej 57D, 8700 Horsens.

Service providers for collection services

The service provider for collection services in Italy is Nivi S.p.A., Via Odorico da Pordenone 20, 50127 Firenze.

In Spain, our customers can take part in a friend referral promotion (the promotion) to receive gift cards and rewards according to the terms and conditions of the promotion. To take advantage of this offer you have to share a unique referral link with your friend. If your friend decides to take part in the promotion and clicks on the referral link, they will be asked to register their email address and will receive a link that allows them to create an account.

In order to classify the new customer as your friend and for us to ensure that both customers meet the requirements of the promotion, we will process the following personal data:

  • Name,
  • Email address and
  • Shipping address.

Legal basis: The legal basis for processing your data to send the gift cards and rewards under the terms of the promotion is article 6(1) b of the GDPR. Otherwise, the data processing is based on article 6(1) f of the GDPR, according to which our legitimate interests coincide with the above purposes.

Service providers for the verification of solvency

The service providers for the verification of consumer solvency in Poland are CRIF Sp. z o.o., ul. Lublańska 38, 31–476 Krakow and Krajowe Biuro Informacji Gospodarczej S.A. , ul. Lublańska 38, 31-476 Kraków.

Service providers for collection services

The collection service provider in Poland is:

  • Alektum Sp. z.o.o., Kilińskiego 30, 50-240 Wrocław.

18. Information on cookies

You can find out which cookies we use here. For an overview of all the cookies we use please click here.