Data Privacy Policy Online Shop

This data privacy notice applies to the processing of your personal data in the GERRY WEBER online shop, including data processing on this website, in the context of orders and in connection with an online customer account (if you have created one).

1. Controller for the data processing

The controller for the data processing is E-GERRY WEBER Digital GmbH, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: service@samoon.com (hereinafter: EGW, we, us).

You can contact the data protection officer at E-GERRY WEBER Digital GmbH, Data Protection Officer, Neulehenstr. 8, 33790 Halle/Westphalia, Germany, e-mail: datenschutz@gerryweber.com.

2. Categories of personal data

Depending on your status (guest, customer account, website visitor), we process the following categories of your personal data:
  • Contact details (e.g. name, address, e-mail address, telephone number)
  • Date of birth (if you have provided it)
  • Purchase data (e.g. time/place purchase, goods and services purchased, turnover (incl. unit and total price), shipping method, purchase frequency, purchase behaviour, allocation to a store)
  • Payment method and payment data (e.g. bank details)
  • Data regarding returns (e.g. frequency, returned goods)
  • Messages sent to us, e.g. via the contact form
  • Results of data analyses (e.g. in the context of market research studies and by evaluating customers), including reactivation score (identification of inactivity or risk of outflow), creation of customer profiles, classification into customer value groups
  • Participation in promotions or use of vouchers
  • If you have an online customer account, we also process back-end data (e.g. log-in data, login name and password, technical device and access data).
  • If you visit our website (i.e. even if you do not buy anything), we process the following categories of data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made, movement (pages accessed, items viewed, length of stay/heat map, shopping cart), click and purchase behavior on the websites.
  • When sending newsletters and for other e-mail communication with you, we also process the following data: used browser including version, operating system, mobile device designation (if any), telecommunications service provider, referral URL, IP address, session and cookie identifiers, pseudonymised identifiers, IDs of items that were viewed, placed in the shopping cart or purchased, and the country from which the request was made.
In addition, you will find more detailed information on individual data processing operations under Section 9 below.

3. Purposes and legal bases of the processing

We process your data on the following legal bases: fulfillment of a contract (i.e. orders through the online shop) and performance of pre-contractual measures (Art. 6 (1) lit. b) GDPR); compliance with our legal obligations (e.g. due to commercial or tax law requirements, Art. 6 (1) lit. c) GDPR); on the basis of your consent (Art. 6 (1) lit. a) GDPR), on the basis of our or third parties’ legitimate interests (Art. 6 (1) lit. f) GDPR). Legitimate interests of us or third parties exist, for example, in advertising and product improvement, digitalisation, assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion, cooperation with authorities or ensuring IT security.

We process your personal data for the following purposes:

  • Performance of a contract, e.g. processing of your order and complaint handling
  • Marketing, product information for advertising purposes about collections, products and services
  • Compliance with our legal obligations
  • Market and opinion research
  • Measures to improve and develop our services and products as well as creation of transparency and quality of our products, services and communication
  • Personalisation of advertising and communication in order to be able to offer you an individual approach with suitable offers and products, including automated analysis of your purchasing behavior and creation of customer profiles, classification into customer value groups, creating of a reactivation score (identification of inactivity or risk of outflow), dynamic reactivation (targeted advertising based on purchase frequency), allocation to a store, sending vouchers and item recommendations and invitations to special promotions (e.g. store events)
  • Analysis of the reach of our communication with you, e.g. by measuring click rates
  • Statistical evaluation of the success of (online) marketing campaigns
  • Contact with credit agencies to determine credit checks or payment default risks
  • Address determination
  • Assertion, exercise or defence of legal claims or defence against legal disputes, including judicial assertion
  • Cooperation with authorities
  • Ensuring IT security
  • Prevention and investigation of criminal offences or breaches of duty
  • Monitoring and prevention of fraudulent activities, e.g. through click fraud
  • Ensuring the proper functioning of our systems
  • Measures in connection with corporate transactions or corporate restructuring (e.g. the sale of our business operations or parts thereof).


4. Source of your personal data

We collect your personal data directly from you, e.g. when ordering in the online shop, in the registration form for the customer account or when registering for the newsletter. In addition, we receive some of your personal data from other sources, in particular from credit agencies and from other group companies of the GERRY WEBER Group (a list of all companies in the GERRY WEBER Group can be found here: samoon.com/jednostki-grupy-kapitałowej/).

5. Disclosure of personal data to third parties (recipients)

Recipients of your personal data may be, for example:
  • Billing service providers and IT service providers
  • Credit agencies
  • Call centers
  • Marketing agencies
  • Market research institutes
  • Service and cooperation partners
  • Debt collection agencies
  • Printing and mailing service providers
  • Data destruction service providers
  • Consultants and consulting firms (e.g. lawyers, auditors or tax consultants)
  • Authorities and courts
  • Distributor in the field of wholesale
  • Companies (e.g. buyers and their advisors) in connection with corporate transactions or corporate restructurings (e.g. the sale of our business operations or parts thereof)
  • Group companies of the GERRY WEBER Group (a list of all companies of the GERRY WEBER Group can be found here: gerryweber.com/jednostki-grupy-kapitałowej/)
Please also see the additional information provided under Section 9 below.

6. Recipients outside the EEA

The processing of personal data takes place primarily in the territory of the European Union (EU). In some cases, we also transfer your personal data to recipients outside the European Economic Area (EEA) (so-called third countries), for example to subsidiaries belonging to the group or foreign processors. For some third countries, such as Switzerland, the EU Commission has decided that the level of data protection is adequate. Our transfer of your personal data to these countries is based on the respective adequacy decision of the EU Commission (Art. 45 GDPR). For data transfers to third countries without such an adequacy decision, such as the USA, we for example conclude appropriate data transfer agreements (so-called EU standard contractual clauses) or ensure that another transfer mechanism is applicable. For a copy of the relevant transfer mechanisms and further information or questions, you are welcome to contact the Data Protection Officer at datenschutz@gerryweber.com.

Please also see the additional information provided under Section 9.

7. Storage period

Personal data will be stored for the purposes mentioned for the duration necessary to fulfill these purposes, e.g. for the duration of the fulfilment of the order process as well as statutory limitation periods and warranty periods, and if there are no other statutory retention obligations (German Commercial Code (HGB), German Fiscal Code (AO)) or legal reasons for storage. We are subject to various storage and documentation obligations, which result, among others, from the German Commercial Code (HGB) and the German Fiscal Code (AO) and reach up to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, can be up to thirty years according to §§ 195 et seqq. of the German Civil Code (BGB), whereas the regular limitation period is three years. The storage period of the data collected via cookies can be found under Section 9.

8. Your rights in relation to the processing of your personal data

You have the following rights against us in relation to your personal data:
  • Right to information on your stored personal data (Art. 15 GDPR),
  • Right to rectification if the stored data that relates to you is incorrect, outdated or inaccurate (Art. 16 GDPR),
  • Right to erasure if the storage is impermissible, the purpose of the processing is fulfilled and the storage is therefore no longer necessary or when you have revoked your consent to the processing of certain personal data (Art. 17 GDPR),
  • Right to restriction of processing if one of the conditions listed in Art. 18(1) lit. a) to d) GDPR is fulfilled (Art. 18 GDPR),
  • Right to transfer the personal data that relates to and that you have provided (Art 20 GDPR),
  • Right to withdraw your consent, whereby the withdrawal does not affect the lawfulness of the processing carried out up to that point on the basis of the consent (Art. 7 (3) GDPR), and
  • Right to object: You can object to the processing of your personal data, which is carried out on the basis of Art. 6(1) lit. f) GDPR (data processing on the basis of legitimate interests), at any time. In particular, you have the right to object to electronic (e-mail) or telephone advertising at any time without incurring any costs other than the transmission costs according to the basic rates.
You are welcome to assert your rights using our contact details given at the beginning.
In addition, you have the right to lodge a complaint with a supervisory authority of your choice (Art. 77 GDPR). This also includes the data protection supervisory authority responsible for us, which can be reached under the following contact details: The State Commissioner for Data Protection North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.

9. Data protection information for further use

In the following and in addition to the information provided under Sections 1 until 8 certain data processing operations are presented in detail:

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the system of the calling computer. The following data is processed:
  • Information about the browser type and used version
  • The user's operating system
  • The user's internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website.
The data is stored in the log files of our system. The data is stored in system log files to ensure the functionality of our website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems.

10. Questions about data protection

If you have any questions about data protection, please contact us using the contact details above. We amend our privacy policy from time to time.



Effective April 2023

10. Questions about data protection

If you have any questions about data protection, please contact us using the contact details above. We amend our privacy policy from time to time.



Effective April 2023