Privacy Policy

CONTENT OF THE PRIVACY POLICY

1. General provisions

(1) What is personal data?

(2) Which data do we collect from you, and how or for what purposes do we process your data?

(3) Data of persons under 16 years of age/sensitive data

2. Handling personal data for website's informational use

(1) Cookies

(2) Google Services

① Google Analytics and Universal Analytics

② Google Ads (formerly Google Adwords)

③ Google Remarketing

④ Google Campaign Manager (formerly Google DoubleClick)

⑤ Google reCAPTCHA

⑥ Google Maps

⑦ Goole Fonts

⑧ Google Tag Manager

⑨ YouTube videos

(3) Facebook Business Manager

① Facebook Pixel and CAPI

② Facebook/Instagram lead ads

(4) TikTok Pixel

(5) Microsoft Advertising

(6) AB Tasty

(7) YotPo

① Ratings and Reviews

② Display of social media content

(8) Hotjar

(9) Salesforce

3. Operation of social media accounts

4. Handling personal data during proactive use be the user

(1) Making contact

(2) Applications

(3) Purchase via online store

(4) Create an account

(5) Using the HEAD Rebels Club App

(6) Processing of personal data based on our legitimate interests

(7) Newsletter

(8) Prize games and contests

5. Transmission of your personal data to third parties

6. Transmission of your personal data to third parties outside of the EU/EEA

7. Data security

8. Storage period

9. your rights



1. GENERAL PROVISIONS

The EU General Data Protection Regulation (“GDPR”) and the corresponding national data protection laws protect the fundamental rights and freedoms of individuals and their rights to the protection of personal data.

1.1. WHAT IS PERSONAL DATA?

Personal data is information about data subjects, whose identity is determined or at least can be determined. Personal data includes, for example, names, addresses, telephone numbers, e-mail addresses, user IDs, credit card numbers, social media account IDs, user names, IP addresses etc.

1.2. WHICH DATA DO WE COLLECT FROM YOU, AND HOW OR FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

We collect user data (for example, information provided during registration, ordering, using our HEAD Rebels Club App, subscribing to newsletters or when contacting us) and technical data (log files; for example, IP addresses, dates, times) from you, provided that this is permitted by law or required as part of contract performance or to preserve our legitimate interests, or you have provided your consent for this purpose.

1.3. DATA OF PERSONS UNDER 16 YEARS OF AGE/SENSITIVE DATA

Unless parental or guardian consent has been obtained, HEAD does not wish to collect information from persons under the age of 16. However, as it is not always possible for us to accurately determine the age of users, we cannot rule out the possibility that our offers/services may nevertheless occasionally contain personal data of persons under the age of 16 without the consent of their parents or guardians. Should we discover that persons under the legally permissible age have registered on our website or used our services without the consent of their parents or legal guardians, we reserve the right to exclude these persons from such offers/services, to block them or to delete the data.

Furthermore we do not wish to collect sensitive data such as your religious belief, health data or other special categories of personal data mentioned in Art 9 GDPR, unless you have been expressly requested by us to transmit such data.

 

2. HANDLING PERSONAL DATA FOR WEBSITE'S INFORMATIONAL USE

If you use our website purely for informational purposes, in other words if you do not register or if you transfer information to us otherwise, we only collect those personal data that are transferred by your browser to our server. If you would like to view our website, we collect the following data that are technically necessary for us in order to show you our website and guarantee stability and security (in addition to any data voluntarily provided by you based on your cookie settings – see section 2.1).

lIP address

ldate and time of the request

ltime zone difference from Greenwich Mean Time (GMT)

lcontent of request (actual web page)

laccess status/HTTP status code

lrespectively transferred data amount

lwebsite from which the request is received

lbrowser

loperating system and its interface

llanguage and version of the browser software

2.1. COOKIES

Like most websites, we also use cookies, provided that this is required from a technical standpoint for use of the website or you have provided your consent for this purpose, which you can withdraw at any time. For more information please see our Cookie Policy.

If you have questions or comments on this topic, please contact us using the contact information provided in section 9.

The legal basis for this processing is Art. 6 Para 1 (f) GDPR.

2.2. GOOGLE SERVICES

All services mentioned under sections 2.2 are provided by Google Ireland Gordon House, Barrow Street, Dublin 4, Ireland and/or Google Inc. 1600 Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (”Google”).

You can prevent participation in various Google services in several ways: a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies results in you not receiving any third-party ads; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain ”www.googleadservices.com”, https://adssettings.google.com, although this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the ”About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly. We point out that, in this case, you may not be able to use all features of this offer in full.

For detailed information on how Google secures and handles your personal data please see https://policies.google.com/technologies/product-privacy and https://policies.google.com/privacy.

Please also visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org/ to find out more about responsible data collection and its use for digital advertising.

2.2.1 GOOGLE ANALYTICS AND UNIVERSAL ANALYTICS

This website uses Google Analytics, a web analytics service that uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

This website uses Google Analytics with the extension “_anonymizeIp ()”. We have activated IP anonymization on this website by using the extension “_anonymizeIp ()”, so your IP address will be shortened beforehand by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area. As a result of this IP anonymization reference to particular individuals can be excluded. Therefore, as far as the data collected about you contains a personal reference, it is immediately excluded and the personal data deleted immediately. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to us Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google.The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.

You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at the following link and installing it: https://tools.google.com/dlpage/gaoptout. If you want to deactivate the tracking via Google Analytics for your mobile devices please follow the following link http://tools.google.com/dlpage/gaoptout to activate the respective opt-out cookie.

We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US,

The legal basis for the use of Google Analytics is Art. 6 Para. 1 (f) GDPR.

For further information please see the following links: Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/gb/, Overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245.

This website also uses Google Analytics for a cross-device analysis of visitor traffic conducted via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.

Universal Analytics enables cross-device tracking of users and leads to more refined information for those responsible (generally https://support.google.com/analytics). The opinion of the supervisory authorities is not yet available. In any case, the data subject must be informed about the extended use and be shown the possibility to opt-out.

2.2.2. GOOGLE ADS (FORMERLY GOOGLE ADWORDS)

We use the offer of Google Ads, in order to draw attention to our attractive offers with the help of advertising (so-called Google Ads) on external web pages. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.

These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies, from which certain performance metrics such as ads or user clicks can be measured. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and should not serve to personally identify you. As a rule, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.

These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the advertisement and was redirected to that page. Each Ads customer is assigned a different cookie. Thus cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.

The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.2.3 GOOGLE REMARKETING

In addition to Ads Conversion, we use the Google remarketing application, which enables you to see our ads after visiting our website as you continue to use the internet. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. Consolidation of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur by Google according to its own statements. In particular, according to Google, pseudonymization is used in remarketing.

With the use of remarketing, information about your browsing behavior is collected for marketing purposes in anonymous form and stored on your computer using cookies (targeting / retargeting). Based on an algorithm, we can then show you targeted product recommendations as personalized banner ads on other websites (so-called publishers). If you do not want this to occur, you can disable it via the Ads Preferences Manager (https://www.support.google.com/ads/answers/2662922).

The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.2.4 GOOGLE CAMPAIGN MANAGER (FORMERLY GOOGLE DOUBLECLICK)

This website uses the online marketing tool Campaign Managerby Google. Campaign Manager uses cookies to place ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are shown in which browser and can prevent them from being displayed multiple times. In addition Campaign Manager uses cookie IDs to track so-called conversions related to advertising requests. This is the case if, for example, a user sees a Campaign Manager advertisement and later goes to the advertiser’s website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server when you visit our website. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Campaign Manager, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.

Furthermore Campaign Manager cookies (DoubleClick Floodlight) help us to understand whether you complete certain actions on our website after viewing any of our display/video ads on Google or other platforms through Campaign Manager or clicking through one of these ads (conversion tracking). Campaign Manager applies this cookie to understand the content with which you have interacted on our website to be able to send you targeted advertising later on.

If you want to prevent Google from collecting the data generated by the cookies please download and install the browser plugin available under “Display settings”, “Extension for Campaign Manager deactivation” at https://support.google.com/adsense/answer/142293.

Further information on Campaign Manager is available at https://www.google.de/doubleclick.

The legal basis for the processing of your data is Art 6 Para. 1 (a) GDPR.

2.2.5 GOOGLE RECAPTCHA

This website uses Google reCAPTCHA to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program (“bots”).

reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website.

This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.

The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.6 GOOGLE MAPS

This website uses Google Maps to display our location and to provide directions (e.g. via our store finder and event calendars). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. All user settings and data are processed to display a location and describe a certain route.

By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.7. GOOGLE FONTS

This website uses Google Fonts to display external fonts. For this purpose, your browser loads the required web fonts into your browser cache to display texts and fonts correctly, which requiresyour browser to establish a direct connection to Google Servers. Google can identify the website from which your request has been sent and to which IP address the fonts are being transmitted for display.

The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.8. GOOGLE TAG MANAGER

This website uses the Google Tag Manager that allows website tags to be managed using an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, it remains valid for all tracking tags implemented with Google Tag Manager.

The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

2.2.9. YOUTUBE VIDEOS

We have also incorporated YouTube videos into our websites. The videos are stored at www.youtube.com and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.

If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator. When playing videos stored with YouTube, the following personal data is sent to Google, Inc.: the IP address and cookie ID, the specific address of the page visited on our websites, language setting of the browser, system date and time of access and your browser’s identifier. The data is transmitted regardless of whether you are registered with or logged in to Google. If you are logged in, this data will be attributed directly to your account.

If you do not want this attribution to your profile, you must log out before activating the button. YouTube or Google, Inc., stores this data as use profiles and uses this data for the purposes of advertising, market research and/or designing its websites based on demand. Such use is meant in particular (not only for logged-in users) to provide advertising based on demand and to inform other users of your activities on our website. You have a right to oppose the creation of these user profiles, and to exercise this right, you must address yourself to Google Inc. as the operator of YouTube. Additional information on the purpose and scope of data collection and processing by Google, Inc., can be found at www.google.at/intl/policies/privacy/. We do not process the personal data collected when the YouTube video is accessed.

2.3. FACEBOOK BUSINESS MANAGER

The Facebook Business Manager is a tool that helps us to create, manage, monitor, and report on various business-related assets on Facebook and Instagram in an organized and targeted way, such as our Facebook company pages, Instagram profiles, and advertising. The Facebook Business Manager also includes a wide range of Facebook Business Tools that are explained below:

The Facebook Business Tools are technologies offered by Facebook Inc. and Facebook Ireland Limited that help website owners and publishers, app developers, and business partners, including advertisers and others, integrate with Facebook, understand and measure their products and services, and better reach and serve people who use or might be interested in their products and services.

All of these tools can be used for the so called „Facebook Products“ which include Facebook (including the Facebook mobile app and in-app browser), Messenger, Instagram (including apps like Boomerang), Facebook Shops, Spark AR, Audience Network and any other features, apps, technologies, software, products, or services offered by Facebook Inc. or Facebook Ireland Limited under the Data Policy of Facebook. For details please also see sections 2.3.1 and 2.3.2 below.

All services mentioned under section 2.3.1 and 2.3.2 are provided by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook“).

2.3.1. FACEBOOK PIXEL AND CAPI

For conversion measurement, our website uses the pixel visitor promotion as well as the Conversions Application Programming Interface (“CAPI”) of Facebook.

Because we use the “Custom Audiences” remarketing feature, which you can disable an time as described below, your behaviour can be tracked after you have been redirected to our website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures optimized.

The data collected is anonymous to us as operators of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable advertising to be displayed on Facebook sites and outside of Facebook. This use of the data cannot be influenced by us as a site operator.

See the data protection notice of Facebook for more information on how to protect your privacy: https://www.facebook.com/about/privacy/.

You can also disable the “Custom Audiences” remarketing feature in advertisement settings at https://www.facebook.com/ads/preferences/. For this you have to be logged in to Facebook.

If you do not have a Facebook account, you can opt out of Facebook Commercial Advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.

The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.3.2. FACEBOOK/INSTAGRAM LEAD ADS

To enable subscription to our newsletter and/or your participation in a prize game or contest via Facebook/Instagram we use lead ads on our Facebook and Instagram accounts (for example Facebook: HEAD Tennis, Instagram: HEAD Tennis).

Please note that

(1) if you register for our newsletter via lead ads, the information provided under 4.7 applies mutatis mutandis with the following deviation: Apart from you IP address, which we don’t collect, we use the same personal data (namely first name, email address, country and language) but we included a mandatory field “country” and your language is automatically allocated based on the language that you used on your social media channel when signing up for the newsletter (instead of allocating the country/language via the Browser Regional Manager);

(2) if you register for our newsletter in connection with your participation in one of our prize games or contests via lead ads, the information provided under section 4.8 applies with the following deviation: We don’t process your IP address.

Based on your freely granted consent to receive the newsletter and after confirmation of the double opt-in e-mail by clicking on the button contained therein, your first name, your e-mail address, country and your IP address will be processed by us for the purposes of sending (i) personalised marketing and product information related to goods and services from the HEAD's Group sports product range, (ii) personalised promotional information and news matching your interest categories and based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services, products and advice of the HEAD Group and demand analyses, (iv) contests, coupons, discount campaigns and prize games, (v) electronic greeting cards via e-mail, and will be transmitted for these purposes to the companies of the HEAD Group mentioned above.

Subscription via the form is only effective if you activate the subscription by “clicking” on the confirmation link in the confirmation e-mail that you receive. At the time of subscription, only your personal data recorded with Facebook/Instagram or entered voluntarily by you, such as your e-mail address and name in all cases (and usually also your country), are required in the form. We use the personal data provided exclusively to send to you via e-mail our newsletter as described above, provided that you have explicitly provided consent. You may revoke your consent to receive the newsletter at any time with effect for the future without specifying the reasons. For details on how we generally handle your personal data when you sign up for our newsletter please see section 4.7.

The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.4 TIKTOK PIXEL

On our website, we use the "TikTok pixel" of the provider TikTok (For users in the EU, EEA and Switzerland: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland; for UK: TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom.) If you have given your explicit consent, which you can revoke at any time with effect for the future (e.g. via your cookie settings), the TikTok pixel allows TikTok, to determine you as a user of our online offer as a target group for the display of advertisements (so-called "TikTok ads").

We use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offers or who have certain characteristics (e.g. interests in certain topics or products ) that we transmit to TikTok (so-called "Custom Audiences"). With the help of the TikTok pixel, we also want to ensure that our TikTok ads correspond to the potential interest of users and are not harassing. The data collected is anonymous and not visible to us and is only used by us to track the effectiveness of the TikTok ads for statistical and market research purposes by seeing the users behavior after they have been redirected to our website after clicking on a TikTok ad (so-called "conversion").

For further information please see the following links:

TikTok’s Privacy Policy: www.tiktok.com/legal/new-privacy-policy

TikTok’s Terms of Service: www.tiktok.com/legal/new-terms-of-service

The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

2.5 MICROSOFT ADVERTISING

On our website, we use Microsoft Advertising by Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft“).

Data processing serves marketing and promotional purposes as well as the purpose of measuring the success of advertising measures (Conversion Tracking). We find out the total number of users who clicked on one of our ads and were forwarded to a website provided with a conversion tracking tag. A personal identification of those users is not possible in this way, however. Microsoft Advertising uses technologies such as cookies and tracking pixels with which your use of the website can be analysed. When you click on an ad placed by Microsoft Advertising, a cookie for the conversion tracking will be saved on your computer. This cookie has limited validity and does not serve the purpose of personal identification. If you visit specific pages on our website and the cookie has not yet expired, we and Microsoft can see that you clicked on the ad and were forwarded to this page. The following information may be collected: IP address, identifiers (tags) allocated by Microsoft, information about your browser and your device, referrer URL (website from which you visited our website), URL of our website.

Furthermore, we use the so-called “Remarketing function” which enables Microsoft to track your consumption behaviour and therefore show you personalised advertising on Microsoft websites or in Microsoft apps.

If you do not want your information about your consumption behaviour to be used by Microsoft as described above, you can decline the placing of required cookies. The automatic placing of cookies can be deactivated via your browser settings. Furthermore, you can prevent the collection and processing of data generated by the cookie as well as data related to the use of the website by entering an objection using the following link: https://account.microsoft.com/privacy/ad-settings/signedout

Further information on data protection and the cookies used by Microsoft can be found on Microsoft's website at: https://privacy.microsoft.com/en-us/privacystatement

The legal basis for data processing is Article 6 Para 1 (a) GDPR.

2.6 AB TASTY

We use the web analytics service of AB TASTY SAS, 17 - 19 Rue Michel-le-Comte 75003, Paris ("AB Tasty") to perform A/B or multivariate tests to continuously improve our online services. For this purpose, AB Tasty collects statistical information about visitor traffic. This usage data (such as browser used, number of pages viewed/visits, order and duration of visits to a website, filling/emptying of a shopping basket, recording of the use of individual web pages [except in the check-out and registration process], etc.) is recorded anonymously and statistically evaluated. It is not possible to draw conclusions about a specific person or purchase. In addition, AB Tasty carries out geolocation (regional details of your location) using your IP address immediately when you visit the website; the IP address is deleted immediately after geolocation. Based on your interests, AB Tasty designs personalised pattern, which are encrypted and do not allow any conclusions to be drawn about you personally. Cookies are stored for the storage and recognition of site visitors and will be automatically deleted after a maximum duration of 13 months. Further information can be found in our cookie policy.

Opt Out: If you do not wish to participate in these tests, you can deactivate this function on the AB Tasty website (at https://www.abtasty.com/terms-of-use/) by following the instructions given there. If you delete your browser cookies, you will need to opt out again via this link. We would like to point out that with an opt-out, some functions of the website will not be available or will only be available to a limited extent.

Further information on data protection and the cookies can be found on AB Tasty's website: https://www.abtasty.com/terms-of-use/.

The legal basis for this processing is Art. 6 Para. 1 (a) GDPR.

2.7 YOTPO

If you have made a purchase on head.com we might send you an email with a request to review the purchased products. For this purpose, we use the service provider YotPo Inc, 400 Lafayette St. Fl. #4, New York, NY 10003, USA ("YotPo"). In addition, we use the services of said provider to display content from Instagram or a submitted review on our website, in our newsletter, on Google and/or on our social media channels as explained in detail below.

Use of these services is only permitted on the basis of our current Terms of Use, which you can find here.

Further information on data protection with regard to YotPo’s services can also be found on YotPo's website: https://www.yotpo.com/privacy-policy/.

2.7.1. RATINGS AND REVIEWS

Ratings and reviews shall help to provide an improved user experience of our web shop through individual and independent evaluations of our products and services by verified buyers and verified reviewers or simply interested users.

Everyone who has already had their own experience with one of our products and would like to share it has the opportunity to rate and review the respective product on head.com under the conditions described below. For this purpose, you simply have to access our review form via our website and provide the respective details. After you have submitted your review, you will receive a confirmation email asking you to confirm that you have written the submitted review. After your confirmation, we will include the note that the review was written by a verified reviewer so that our customers know they can trust it. If you fail to confirm your submission, no information will appear next to your name. Apart from that, confirming your review will not affect its display or publication. After you have made a purchase on our website you will receive different emails, including possibly a requests to review and to rate the purchased product(s) as verified buyer, a reminder to submit a review, if you have not already done so, and a thank you message in case that you have submitted a review. For this purpose we will forward your email address, name and details on the purchased products (like name, color and size, date of purchase, purchase ID) to YotPo, who acts as our processor in this regard.

Before submitting a product review we ask for your consent to the processing of the personal data provided by you in your review as described below and the use of such content provided by you according to this Privacy Policy and our Terms of Use. You can withdraw your consent at any time with effect for the future by sending an email to privacy@head.com.

To submit a review, you must fill in the required fields indicated in the review form. Furthermore, you can optionally provide additional information about yourself, the purchased product or the purchase or upload content. Which information is required and which is optional depends on the product purchased, as clearly shown in each review request, and therefore may vary. Information we may request include: Your review title, review text, email address, name, age, gender, height, fit, athletic skills, athletic style, width, length, grip, recommendation, rating of quality, rating of comfort, rating of vision, rating of flex, rating of warmth, frequency of usage, preferred usage, preferred sport, preferred specs, preferred features, preferred court as well as picture content you choose to upload in connection with your review.

After you submit your review you will also have the option to share your review with certain service providers (e.g. Facebook, Twitter, Google, LinkeIn, Instagram). After your submission, your review, your review title, your status as “verified buyer”, the date of review, your first name and the first letter of your last name (but not your clear featured name), any picture or video content provided by you and any other content provided by you within your review submission may be published on our website (e.g. in our image gallery or on our product pages), in our newsletter, on Google and/or on our social media channels to promote our products and services without charge.

If you choose to share your review with another service provider, said data will be also forwarded to the chosen service provider. Further information on the purpose and scope of data processing, as well as your rights and setting options for protecting your privacy can be found in the privacy policy of the respective service provider as listed under Section 3 of this Privacy Policy.

The legal basis for this processing is Art. 6 Para. 1 (a) and (f) GDPR.

2.7.2 Display of social media content

We also use the services of YotPo to display social media content from Instagram (an offering of Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA - hereinafter "Instagram") on our website in a widget. Specifically, we use YotPo to embed posts from third-party Instagram channels, which have been published on Instagram and are related to our products and/or services, on our website (e.g. in our image gallery or on our product pages), our social media channels and/or in our newsletters free of charge, provided that you have given us your consent to do so.

That’s how it works: When we see a post that we like (usually because we and/or our products have been tagged or mentioned by you on your Instagram channel), we will contact you via Instagram and ask you to consent to the use of the personal data contained therein (like your picture or video, text of you post, your Instagram username, time of post) in accordance with this Privacy Policy and our Terms of Use. Only if and after you consent to such use, which you can revoke any time with effect for the future by sending an email to privacy@head.com, your content may be published on our website (e.g. in our image gallery or on our product pages), our social media channels and/or in our newsletters to promote our products and services without charge. The content of the widget is then transmitted directly from Instagram to your browser through a connection to the Instagram servers and integrated into the website by the latter.

Further information on the purpose and scope of data processing, as well as your rights in this regard and setting options for protecting your privacy can be found in the terms of use and privacy policy of Instagram: https://help.instagram.com/.

You have the right to object to the creation of user profiles or the allocation, whereby you must contact the social media provider or Instagram directly to exercise this right. In addition, we point out that you can prevent this assignment by logging out of your Instagram profile before visiting the website and deleting the cookies used by Instagram. Alternatively, you can prevent the storage of cookies set by Instagram by adjusting your browser software accordingly.

The legal basis for this processing is Art. 6 Para. 1 (a) GDPR.

2.8 HOTJAR

On our website we use the Hotjar tool from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”).

The use of Hotjar allows us to better track visitor behavior on our website and helps us understand how long users stay on which pages, which links are clicked, etc. This allows us to better adapt our offer and services to the needs of our users.

We process information such as the IP address of the device used (collected and stored anonymously), screen size, device type (unique device identifiers), information about the browser used, location (country only) and the preferred language for viewing our website using cookies and other technologies. Hotjar stores this information on our behalf in a pseudonymized user profile. You can managed and disable the use of Hotjar via your cookie settings.

The legal basis for this processing is Art. 6 Para. 1 (a) GDPR.

2.9 SALESFORCE

Data that you provide to us via our website (e.g. in forms for purchase, newsletter registration, as part of a prize game/contests  or via your cookie settings) is currently stored in the Salesforce Service Cloud (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany) on servers in the EU and are e.g. used to send order confirmations and shipment notices.

For sending our newsletters and for automated mailings (e.g. welcome mailing) we use the Salesforce Marketing Cloud. For this purpose, the newsletter subscriber's data is transferred from Service Cloud to Marketing Cloud. The Salesforce Marketing Cloud data is also generally stored and processed on Salesforce servers in the EU. Only in the event of a disaster are services restored in the USA.

Salesforce has committed itself with binding internal data protection rules in accordance with Art. 46 (2) b) and Art. 47 EU-DSGVO (so-called binding corporate rules) to maintain an appropriate level of data protection even when processing data outside the European Union.

Further information on data processing by Salesforce can be found here:

Salesforce privacy policy: https://www.salesforce.com/company/privacy/

Documents on Salesforce's compliance with the provisions of the GDPR: https://compliance.salesforce.com/en/gdpr

With the help of so-called web beacons and pixels, we receive information about the click behavior of users via the Marketing Cloud. Interaction data is stored in the Marketing Cloud directly on the user.

The legal basis for this processing is either based on our legitimate interest in using a customer relationship management system pursuant to Art. 6 Para. 1 (f) GDPR or on your consent pursuant to Art. 6 Para 1 (a) GDPR.

3. OPERATION/USE OF SOCIAL MEDIA ACCOUNTS

We are operating several accounts on social media networks or platforms or using such social media networks or platforms in order to communicate with our customers, interested parties and other users and to inform them about our brands, products and services.

We would like to point out that user data may be processed outside the European Union by the Social Media companies when visiting their websites which can result in risks for users (e.g. it could be difficult to enforce data subject rights of users).

Please note that your data is usually processed for market research and advertising purposes by the Social Media platforms when visiting their websites. For example, user profiles can be created on the basis of user behaviour and the documented interests of users. The user profiles can then be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are registered users of the respective platforms and are logged in).

The processing of your personal data when visiting our social media channels is carried out on the basis of our and the social media platform’s legitimate interests (effective information of and communication with customers, prospects and users) pursuant to Art. 6  Para.1 (f) GDPR. If you are requested to consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para 1 (a) GDPR.

With regard to the exercise of your data subject rights under the GDPR we point out that these can be asserted most effectively with the Social Media providers. Only the social media providers have access to your personal data and can directly take appropriate measures and provide information to you. Should you nevertheless need help, please let us know.

For a detailed description of the respective processing operations and the opt-out options, please refer to the privacy policy of the respective service provider:

lFacebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings, www.youronlinechoices.com

lGoogle/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://tools.google.com/dlpage/gaoptout

lInstagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: https://help.instagram.com/519522125107875

lTwitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads

lPinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy / Opt-Out: https://policy.pinterest.com/en-gb/privacy-policy.

lTikTok (For users in EU/EEA/Switzerland: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland; for users in UK: 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom) – Privacy Policy: https://www.tiktok.com/legal/privacy-policy

lLinkedIn (For users in EU/EEA/Switzerland: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland; for all other users: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, User Agreement: https://www.linkedin.com/legal/user-agreement, Cookie Policy / Opt-Out: https://www.linkedin.com/legal/cookie-policy

4. HANDLING PERSONAL DATA DURING PROACTICE USE BY THE USER

In addition to the purely informational use of our website we offer you several services on our website that you may use if you are interested and which we have described in the following sections. For this purpose, as a rule you must provide further personal data that we will use to provide the respective service. You will receive more detailed information on this when you provide your personal data or in the service description below.

4.1. MAKING CONTACT

When the user actively makes contact with us (for example, via e-mail or via our contact form as part of a promotion), the data and information of the user will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise, and forwarded to the responsible person (for example, the IT department, the legal department, logistics etc.).

We process your personal data according to Art. 6 Para. 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para. 1 (f) GDPR.

4.2. APPLICATIONS

Depending on which job you are applying for, you have the chance to send your documents either by e-mail or using our online application form or by ordinary mail. Based on the consent you provide, we process the following data:

lIf you apply by e-mail or ordinary mail, please send us a cover letter, your CV and any certificates that are relevant for the position advertised.

lIf you apply using our online application form, you will also be required to enter certain personal data that are marked as mandatory in this form, namely your first and last name(s), gender, date of birth, nationality, native language, postal and e-mail address, phone number, and to upload your CV. You also have the change to transfer further data voluntarily, by completing the fields that are not marked as mandatory or by uploading further data and/or files in addition to your CV (e.g. certificates or a cover letter).

All the data provided by you (such as any personal data that is sent by e-mail or ordinary mail, uploaded in files or otherwise collected as part of the application process) (“DATA”) will be collected, stored and processed exclusively for the purpose of dealing with your application. Only the employees of the human resources department of the company with which you have applied for a job, the employees of the relevant department for which you apply, as well as the employees of the international human resources department of the HEAD Group, located at HEAD Sport GmbH, Wurkopfweg 1, 6921 Kennelbach, will have access to your DATA. All people who are involved in the processing of your application are obligated to maintain data secrecy.

You may revoke your voluntary consent to the processing of your DATA at any time, without specifying the reasons and with effect for the future (e.g. by sending an e-mail to the contacts named in the job advertisement).

If your application is successful, all DATA relating to the employment relationship with you will be processed further; you will then receive more detailed information on this in our employee information leaflet on data protection. If your application is not successful, all your DATA will be stored for a further 6 months (from the date of rejection, even in the case of a revocation received before expiry of this period), to enable us to answer any questions connected with your application and/or rejection, and will subsequently be erased; any applications sent by ordinary mail will either be returned to you by post or destroyed.

We process your personal data according to Art. 6 Para 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR.

4.3. PURCHASE VIA ONLINE STORE

If you make a purchase via this website, we collect, store and process personal data (your name, billing and delivery address, e-mail address, telephone number and the serial number assigned to the ordered items and information on the goods that you purchased) for the purposes of contract performance and the fulfilment of any post-contractual obligations (such as a warranty) or even for manufacturing purposes in the case of Head custom-made orders. For this purpose, we forward your name, telephone number and your delivery address to transport or courier services for the delivery of the goods that you purchased, and we also forward the payment and transaction data to credit or financial institutions for the handling of payment. It is necessary to provide personal data for the conclusion and fulfilment of the contract.

You have the option to register on our website in order to create a personalized account. However, you also have the possibility to place orders with us without setting up a personal user account (for details please see section 4.4.).

We can also process the data provided by you to ask you to review a product that you purchased, inform you about offers, news, surveys and contests regarding similar HEAD products or services, or to send you e-mails connected with your orders or with technical information. You may object to the use of your data at any time free of charge if the processing serves the purposes of direct marketing (for details please see section 9).

If you register through an existing account (such as ZEPP, Facebook, Google or WeChat), you agree that we will access the data that you store in this account (such as your name, e-mail address, address) and that they will be processed for the purposes described in this section 4.3. For this purpose, during registration, you must once again explicitly consent to data transmission from the respective existing account.

We process your personal data for the performance of the contract according to Art. 6 Para 1 (b) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR.

4.4. CREATE AN ACCOUNT

You have the option to register on our website in order to create a personalized account (“Registered User”), either (a) prior to your purchase by clicking on the person symbol in the upper right corner or (b) right before you conclude your purchase on our check out page.

In order to create your account you will be asked to provide the following data: first name, last name, email address and password and on a voluntary basis billing address, delivery address, gender, company name, phone number and fax number. On the one hand, this means that your personal data is saved and you do not have to re-enter it when you place a new order with us, and on the other hand, it allows you to easily manage your previous orders. In your account, you will find a comprehensive overview of your contact details, orders that have not yet been delivered, past orders as well as delivery, payment and return details.

Please note that you must already have an account at the time of purchase and be logged into this existing account so that the new order is also recorded in your account and can be managed by you. It is not possible to subsequently add orders to your account. So if you want to order as a Registered User, you have the option to either create an account directly before completing your order (if you had not created an account before) or if you already have an existing account but are not logged in, you have the option to log in to your account before completing your purchase so that your order can be assigned to your account.

If you set up an account on our website, we will be able to associate your previous interactions (e.g. your click path, completed forms, purchases made; ratings given) on our website with you after you have set up your account. If you make the purchase while logged in to your account, the data relating to the purchase and, as long as you remain, logged in, interaction data relating to your surfing behavior on our website will be assigned to your profile. The data is stored in the Salesforce Service Cloud and processed for the purpose of carrying out purchases, improving our offer and services and personalized advertising. For more information about Salesforce see 2.9.

If you set up and use an account, you shall be responsible for protecting your account and your password and for restricting access to your computer. Furthermore, you declare that you agree – to the legally permissible extent – to be liable for all activities which are performed through your account and/or with your password. You must take all required measures to ensure that your password is kept confidential and stored in a safe place and you should notify us immediately if you have reason to believe that a third party has gained access to your password or that your account is being used without prior authorisation or that such unauthorised use is likely.

You can also make the purchase without setting up a personal user account (“Guest User”), in which case the purchase data will also be stored in the Salesforce Service Cloud and processed for the purpose of carrying out the purchase, improving our offer and services and for personalized advertising.

If you have created an account on our website, you can manage and delete the details of your profile yourself. If you want to delete, change or add any account details or if you do not currently have an account and would like to find out how to set one up please click here.

4.5. USING THE HEAD REBELS CLUB APP

If you use our HEAD Rebels Club App, we collect, store and process personal data for the purposes of providing you with the functionality of the app and to improve and personalize your customer experience.

The categories of personal data we process depend on which features of the app you use and what kind of data you share with us. In order to be able to use the app, you have to sign into your personal account or, if you do not have one, create an account. For more information about the processing of personal data when creating a personalized account, please see section 4.4. which applies to the personalized account for the use of the HEAD Rebels Club App as well.

The following categories of personal data can be shared by you and can therefore be processed by us when using our app:

When using the app’s calendar, you can enter vital parameters (such as body height, body weight, pulse or body composition), create a workout routine and indicate workout sessions already completed.

When using the app’s community feature, you can write posts. You may also like and comment on other posts. You can also follow other accounts.

When using the app’s shop function, you can purchase different products via the app. For the processing of personal data in this regard, please see section 3.

When using the app’s profile settings, you are able to amend personal information that you provided during the registration process (e.g., username, email address, name, date of birth, gender, height, weight, wheelchair use).

All the data mentioned above is shared by you voluntarily and is processed in order to be able to provide the functions of the app, such as recording your training process, sharing your posts within the HEAD Rebels community, or presenting your data in a visualized form to other users of the app. We process your personal data on the basis of the necessity for the performance of the contract (Article 6(1)(b) GDPR) and on the basis of our prevailing legitimate interest (Article 6(1)(f) GDPR). If and to the extent you provide health data to us, we process such data on the basis that it was manifestly made public by you (Article 9(2)(e) GDPR) or, where necessary, we obtain your express consent (Article 9(2)(a) GDPR).

4.6. PROCESSING OF PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS

We might also process the personal data provided in connection with using the HEAD Rebels Club App, registration and ordering (e.g. your name, billing and delivery address, e-mail address, telephone number, the serial number assigned to the ordered item as well as additional information on the goods that you purchased) to improve our products and services. In addition, we process the specified data categories for internal statistical and operational purposes, for example, to measure and understand trends related to demographics, users, user interests, purchases and other trends among our users, as well as for recall actions and for the quick processing of complaints based on our legitimate interests. The data may also be processed for research, precautionary, defence and other measures in particular with regard to non-compliance with this Privacy Policy, illegal actions or suspected fraud, or to take measures in situations in which the potential risk of violation of our legal rights or the rights of other persons exists. You may object to the use of your data at any time if the processing serves the purposes of direct marketing (for details please see sections 4.7 and 9).

4.7. NEWSLETTER

Below you find a description on how we generally handle your personal data when you sign up for our newsletter. Please note that this process may not apply entirely in all cases (for example the personal data that we collect may differ). In case of any deviations, you can find all the deviating information under the respective section of our Privacy Policy (for example in section 2.3.2 if you signed up via Facebook/Instagram lead ads or sections 4.3 in case you made a purchase on head.com).

Please note that all newsletter subscribers have to be at least 16 years old. Based on your freely granted consent to receive the newsletter and after confirmation of the double opt-in e-mail by clicking on the button contained therein, your first name, your e-mail address and your IP address as well as your country and language (as explained in detail below) and optionally the fields that are of particular interest to you (or any additional information that you optionally provide if you updating your newsletter profile)  will be processed by us for the purposes of sending (i) personalised marketing and product information related to goods and services from the HEAD Group’s sport product range, (ii) personalised promotional information and news matching your interest categories and/or based on your website use (for example, frequent viewing of products within your selected interest categories and geolocalisation), (iii) satisfaction surveys regarding services, products and advice of the HEAD Group and demand analyses, (iv) contests, coupons, discount campaigns and prize games and (v) electronic greeting cards via e-mail.

When we collect your email address in the context of a sale of a product or a service, we may use your email address also for direct marketing of similar products or services (via our newsletter), provided that you have not opted-out of this communication. You have the right to opt-out at any time and we will provide you with an opt-out in all such communications, e.g. via a unsubscribe link. The legal basis for this processing operation is our legitimate interest, Art. 6 Para. 1 (f) GDPR as described in section 4.6.

Based on your IP address and with the aid of our “Browser Region Managers”, we can locate the region where you are located when you are using the website. This information will be saved to direct you to the regional subpage and newsletter sign up applicable to your country of residence. We do not determine your exact location while doing this. You can manually change your allocated country before signing up to our newsletter by using the country drop down menu on our website or after you have already signed up for our newsletter by updating your preferences.  (instead of allocating the country/language via the Browser Regional Manager).

You can update your newsletter profile preference any time (for example, via a link at the end of every newsletter). Possible fields include: surname, gender, date of birth, address, further details regarding your particular fields of interest, your athletic preferences and abilities). After you have updated your preferences we will use the updated data instead of the previous one as described in this Privacy Policy. This means that if you change your country settings for example from Germany to France you will receive the French newsletter instead of the German newsletter.

If you would like to change your country settings to America or Canada, please go to the American or Canadian HEAD website and sign up for the respective newsletter there. Note that different legal requirements apply to these websites due to national legislation. For more information, please refer to the privacy policies on the respective websites.

Personalised promotional material and news is sent based on your IP address and your usage behaviour on the website. Based on your IP address and with the aid of our “Browser Region Managers”, we can send you regional offers to the extent to which you have consented. In the process, we also analyse the frequency of clicks solely for your selected areas of interest “ski, snowboard, sportswear, tennis, padel, squash, racquetball, swimming” and, for example, in the case of frequent use of the “Snowboard” section, send you information from this area of interest via e-mail based on the declaration of consent described above. The analysis is carried out based on the following assessment methods and sequence of preferences: The data regarding your usage behaviour on the website is compared anonymously with the empirical values for similar data sets in our database. Based on this, we calculate the probabilities of potential future contacts and purchases with us. We can therefore also make corresponding offers and send information that, based on our experience, was of interest to customers with similar behaviour. In the process, we can also create anonymised and pseudonymised user profiles.

We also store your IP address and the date and time of registration upon subscribing to the newsletter. This is only saved to serve as proof in the event that a third party misuses an e-mail address and subscribes to receive the newsletter without the knowledge of the rightful owner. Personal data collected when subscribing to the newsletter is not forwarded to third parties for marketing purposes.

You may revoke your consent to receive newsletters at any time with effect for the future without specifying the reasons (for example, via an unsubscribe link at the end of every newsletter or via e-mail at privacy@head.com). Please note that in some cases you may continue to receive the newsletter for a few days after unsubscribing (especially if you unsubscribe via our privacy email address).

If you forward our newsletter to third parties, you must comply with legal provisions and obtain the consent of the recipient in advance. If a third party lodges claims against us due to the forwarding of a newsletter by you, you shall indemnify and hold us harmless against all claims associated therewith, including penalties and costs of legal defence.

4.8. PRIZE GAMES AND CONTESTS

In connection with the prize games, contests or promotional activities that we offer, we will use your personal data solely for holding the prize game, contest or promotional activity (for example, to contact winners, to send the prize), unless you have granted us your explicit consent for use in other ways (for example receipt of our newsletter, publication of your review). You will receive the specific information for the processing of your personal data in detail in the T&C of the respective prize game/contest. Your data will be stored in the Salesforce Service Cloud and Salesforce Marketing Cloud. For more information about Salesforce see 2.9.

Please note that if you register for our newsletter in connection with your participation in one of our prize games or contests, the information provided under 4.6 applies mutatis mutandis with the following deviations:

We collect your last name and country (in addition to your first name, email address and IP address) and

You must confirm that you are at least 18 years old (instead of 16 years).

If you signed up via Facebook/Instagram lead ads please also see section 2.3.2.

5. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES

We also transmit your personal data to the necessary extent to external performance agents or service providers (including our other companies of the HEAD Group):

lto IT service providers and/or providers of data hosting or data processing or similar services, including Virtuagym B.V., Amstelplein, 6-38, 1096 BC Amsterdam, The Netherlands;

lto other service providers, providers of tools and software solutions who also support us in providing our services and work on our behalf (incl. providers of marketing tools, marketing agencies, communication service providers and call centres);

lto other Group companies of the HEAD Group (a list of our Group companies to which personal data is transmitted can be found here for contract performance, based on an existing legitimate interest and fulfilment of legal obligations;

lto any third parties who are involved in fulfilling our obligations to you (for example, parcel service providers for the shipment of your online store order to you, payment service providers for payment processing in the online store, banks for payment processing);

lto other external third parties to the necessary extent (for example, auditors, insurance companies if an insured event occurs, legal representatives should the situation arise etc.);

lto officials and other public offices to the extent required by law (for example, tax authorities etc.).

6. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF THE EU/EEA

We might transmit your personal data to companies and contractual partners outside of the EU/EEA for the provision of our services, the operation of the website, the handling of your order, the maintenance of our IT systems and software etc. However, such transmission does not change anything in our obligation to protect your personal data in accordance with this Privacy Policy. If your personal data is forwarded outside of the EU/EEA, we guarantee an adequate measure of security by forwarding them to countries that have an appropriate level of protection based on confirmation by the European Commission, or by concluding an appropriately formulated contract between us and the legal person outside of the EU/EEA who receives the data. In other cases, the data transfer might be based art. 49 para. 1 GDPR. You may receive a copy of the suitable guarantees by sending an e-mail to us at privacy@head.com.

7. DATA SECURITY

We take appropriate technical and organisational security measures to protect your personal data from unintentional or unauthorised deletion or modification, and from loss, theft and unauthorised viewing, forwarding, reproduction, use, alteration or access. We and our employees are also bound to data secrecy and confidentiality. Likewise, performance agents and authorised agents of the HEAD Group who must have access to your personal data to fulfil their professional duties will receive access and will be subject to the same obligations to observe data secrecy and confidentiality.

8. STORAGE PERIOD

We will save the personal data processed via our website as long as they are required for the fulfilment of our contractual obligations. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent. We will also store your data only as long as we are obligated by law to store them and as long as claims can be asserted against us.

9. YOUR RIGHTS

You have the right to receive information in a clear, transparent and intelligible manner regarding how we process personal data and regarding your rights as a data subject (Art. 13 et seqq. GDPR):

1. You therefore have the right to information and to receive a copy of the personal data about you that is processed; (Art. 15 GDPR);

2. If the personal data is incorrect or no longer current, you have the right to rectification; (Art. 16 GDPR);

3. You also have the right to erasure of your data (“right to be forgotten”); (Art. 17 GDPR)

4. You also have the right to unsubscribe from marketing campaigns and to opt out in this regard at any time; (Art.21 Para. 2 GDPR);

5. You may also revoke your consent to the processing of personal data at any time with effect for the future if processing is based on your consent; (Art 7 GDPR)

6. You also have the right to data portability (Art. 20 GDPR) in a commonly used and machine-readable format. This applies exclusively to data that you have provided, with which processing is based on a contract or consent and with which processing takes place automatically;

7. Finally, you have the right to request that the processing of data by us be restricted (Art. 18 GDPR), so that we may only continue to store them and no longer use or process them. However, this applies only in the following situations:

(1) The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;

(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;

(4) You have objected to processing based on our legitimate interests and the verification of whether legitimate grounds on our side override those on your side is not yet certain.

(5) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).

(6) You also have the right to lodge a complaint with the competent data protection authorities if you are of the opinion that the processing of the personal data about you violates the applicable data protection laws (Art. 77 GDPR).


Before you lodge a complaint with the data protection authorities, or if you have questions, you may also contact us:

Head Sport GmbH

To the attention of the Legal Department

Wuhrkopfweg 1, 6921 Kennelbach

Via e-mail at privacy@head.com


Your right to object : As the data subject, you may object to the use of your data at any time if the processing serves the purposes of direct marketing. If we process your data for legitimate purposes, you also have the right to object at any time if grounds for this arise from your specific situation. In this case, we ask you to provide reasons as to why the data should not be processed in the future.

So that we can process your inquiry regarding your rights specified above and ensure that personal data is not given to unauthorised third parties, please address the inquiry with a short description regarding the scope of the exercise of your data subject rights listed above.


Dated: August 2022