Privacy Policy



Table of contents


(Status: March 2024) 



Preamble


Huber Holding AG, FN 061259m, Hauptstraße 17, 6840 Götzis, HUBER Digital GmbH, FN 552053v, Exerzierplatz 1, 6841 Mäder, and all group companies of Huber Holding AG (hereinafter referred to as ‘HUBER’) take the protection of your personal data very seriously and use your personal data exclusively in accordance with the applicable legal provisions. 

 

The privacy policy applies to the following online portals and services as well as their mobile applications operated by HUBER

 

 

 
  • SKINY.com 

 

 
  • HANRO.com 

 

 
  • HUBER-bodywear.com 

 

 
  • HOM.com 

 

The way we process data is similar for most of our services. This privacy policy therefore applies to all services and performances that we offer our customers in Europe. Unless expressly stated otherwise, the contractual partner and controller within the meaning of the GDPR is HUBER Digital GmbH (hereinafter referred to as HUBER), FN 552053v, Hauptstraße 17, 6840 Götzis.  

 




1. General information


HUBER attaches great importance to the protection of personal data. We therefore comply with the statutory provisions such as the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG) when collecting, using and processing personal data. In the following, we will inform you about the scope and purpose of our data processing and your rights in this regard. 

 

 
  • Insofar as we have obtained the consent of the data subject for the processing of personal data, Article 6(1)(a) GDPR applies as the legal basis.

 

 
  • If the processing of personal data is necessary for the fulfilment of a contract with the data subject or for pre-contractual measures initiated by the data subject, Article 6(1)(b) GDPR serves as the legal basis. 

 

 
  • If the data processing is the result of a legal obligation to which we are subject, we invoke Article 6(1)(c) GDPR as the legal basis. 

 

 
  • Insofar as the processing of personal data is necessary to safeguard the legitimate interests of the controller or a third party - without jeopardising the interests, fundamental rights or freedoms of the data subject - Article 6(1)(f) serves as the legal basis. 

 




2. Data collection and processing


You can visit our website without providing any personal data. We only store access data without personal reference, such as the name of your Internet service provider, the page from which you visit us or the name of the requested file. This data is analysed exclusively to improve our offer and does not allow any conclusions to be drawn about your person. 

 

1. Personal data  

 

Personal data is only collected if you voluntarily provide it to us when ordering goods, opening a customer account, making an enquiry via the contact form or registering for our newsletter, vouchers, SMS, direct mailings or other electronic mail or by consenting to optional cookies. We use the data you provide without your consent exclusively to fulfil and process your order or to respond to your enquiry. Personal data is any information relating to an identified or identifiable natural person. .  

 

2. Use of personal data for contract processing 

 

For the purpose of contract fulfilment, we store the following data - if you have provided it to us - and may pass it on to third parties for the provision of services:

 

 
  • Name of

 

 
  • Date of birth (if applicable) 

 

 
  • Gender  

 

 
  • Your address

 

 
  • Delivery address

 

 
  • E-mail address

 

 
  • telephone number 

 

 
  • Bank details, credit card number and company (whereby these are processed exclusively by the payment provider and HUBER is not the controller within the meaning of the GDPR in the context of payment processing)

 

 
  • Information about the order (order, confirmation notification, dispatch confirmation) 

 

 
  • IP-adresse

 

 
  • Passwort

 

The data provided by you is required to fulfil the contract or to carry out pre-contractual measures. We cannot conclude a contract with you without this data. We therefore use this data for the purposes of order and order processing (including payment processing), for processing enquiries and evaluations. 

The legal basis for this is Article 6(1)(b) GDPR. 

If you open a customer account, your orders and saved goods will also be saved together with the customer account. You give your consent for this (Art 6 para 1 lit a GDPR).

 

3. Use of personal data for marketing and information purposes (newsletter, SMS, direct mailings or other electronic mail)

 

When you register for the newsletter, your name and email address will be used with your consent for our own advertising purposes until you unsubscribe from the newsletter or the email address provided is clearly incorrect. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. 

You can also subscribe to SMS messages, other electronic mail (e.g. push-up messages in apps) or direct mailings under the same conditions so that you receive all the latest news and information about our company and products at regular intervals.  

With your consent, we transmit the data within the Group and to the locations cooperating with us for the purpose of analysing user behaviour and, based on this, for the transmission of information for advertising purposes. 

We also use your data to display or send you vouchers and personalised product recommendations based on the products you have ordered or viewed and your wish list data, including by email.

Data that we have collected from interested parties and customers for marketing and information purposes or for sending a newsletter or surveys as well as for advertising products that might interest you, we process in the case of consent until revoked, otherwise due to our legitimate interest for marketing purposes for a period of three years from the last purchase or contact initiated by the interested party.   

If you have given us your express consent to this during or after your order or because it is permitted on another legal basis in accordance with Art. 6 GDPR, we will send you a reminder by e-mail to submit an evaluation of your order. Any consent given in this regard can be revoked at any time by sending a message to the contact option described below.  

 

4. Use of personal data for competitions  

 

We regularly offer competitions on our website in order to increase the attractiveness of our site and achieve more interaction from visitors. 

We use the personal data disclosed in the context of a competition solely for the purpose of organizing the competition and not for marketing purposes. If you give your express and voluntary consent to receive a newsletter or other marketing measures from us when registering for the competition, this will be considered as part of the consent.

 

5. Use of personal data for customer service

 

If you contact us via the contact form on the website or by email, the data you provide will be stored by us for 24 months for the purpose of processing your enquiry and in the event of follow-up enquiries.

 

If you register on our website and/or create a customer account or place an order, the purpose of processing your data is the technical operation of this website, the operation and administration of your customer account, the processing of your order(s) and the ongoing information about current promotions (in particular by electronic newsletter or email). We use the personal data provided by you only insofar as your data is required to fulfil the respective purpose (e.g. registration as a customer, sending the newsletter, processing an order, sending information material, processing a competition, answering a question) and/or this is permitted by law.

 

6. Use of personal data for job applications

 

We collect data from applicants for job offers open with us for the purpose of initiating a possible employment relationship in accordance with Art. 6 para. 1 lit b GDPR or, if necessary, on the basis of explicit consent for record-keeping purposes. Further data protection information in relation to application processes can be found here.

 

7. Use of affiliate programmes

 

We use partner programmes from various providers. With your consent, your data may be transferred to the respective affiliate programme provider, stored and processed through the use of an affiliate programme. This means that as soon as you interact with products and services of an affiliate programme, this provider (apart from us) also collects data (in particular IP address, location, etc.) from you. Exactly which data is stored depends on the individual provider. In particular, we participate in the AWIN affiliate programme.

Data processing is carried out in compliance with this privacy policy and that of AWIN:

https://www.awin.com/de/datenschutzerklarung.

The information stored in this case includes user behaviour, IP address, device information and the URL.

 

8. Processing of customer data by the Customer Data Platform (CDP) and for merging this data

 

Your customer data, which is lawfully processed by a HUBER company for the reasons described above, may be merged with the data systems (CRM, etc) of the entire HUBER Group. This occurs either i) because other group companies act exclusively as processors or ii) because you have given your consent to the merging and processing of your personal data within the HUBER Group.

The purpose of consenting to the processing of your customer data by CDP is to gain comprehensive insights into customer behaviour and preferences. This enables us to provide personalised marketing campaigns and improved customer experiences. The customer data is aggregated from various HUBER sources and databases, including our internal systems, website interactions, social media and other data sources with which we have a business relationship. You consent to the processing and merging of personal data within the HUBER Group.

We also use klaviyo Inc. based in the USA as a processor for this purpose. Your personal data will also be transferred to the USA. Klaviyo has adopted the standard contractual clauses of the European Commission and is committed to them. You can find further information on this here:

https://www.klaviyo.com/legal/privacy.  

 




3. Personalised service and product recommendations


The development and provision of personalised functionalities and services is a top priority for us. Examples of our personalised services include:

 

 
  • When you add a product to your shopping basket, we can provide you with recommendations for selecting a suitable clothing size based on your previous orders and returns

 

 
  • If you have subscribed to our newsletter, we can present you with products that match your previous orders

 

 
  • We also take your previous orders into account when suggesting products that match your shopping preferences

 

In addition, you may also receive advertising messages from HUBER brands without subscribing to our newsletter, either on the basis of your consent or insofar as this is legally permissible without consent. These include individual recommendations based on your purchasing behaviour. As part of our services, we present you with information and offers based on your interests. You will receive a limited number of product recommendations, surveys and requests for product reviews from us, even if you have not subscribed to a newsletter. When selecting these personalised product recommendations, we prefer to use the data from your previous orders in compliance with legal requirements.

If you do not wish to receive personalised product recommendations from us by email, you can opt out at any time by clicking on the unsubscribe link available in each email.

In order to be able to offer you more personalised content, we collect data based on your previous user behaviour and your use of the services. For example, if you open our newsletters more frequently, we interpret this as an interest on your part and ensure that your requirements in terms of the frequency and content of the emails are met.

 




4. Deletion of personal data and storage period


Personal data processed in connection with purchase transactions will be stored for as long as required by legal provisions (retention obligations, etc.). 

If you register on our website and/or create a customer account or make a purchase and have provided us with personal data in this regard as part of our contract of use, we generally store this data for three years after your last contact with us, unless you request deletion at an earlier point in time and there are no mandatory legal requirements that make longer data storage necessary.

If you contact us via the contact form on the website or by email, the data you provide will be stored by us for 24 months for the purpose of processing your enquiry and in the event of follow-up questions. Personal data that we have received as a result of surveys will be anonymised after 12 months.   

If you have given your consent to the use of your personal data and we are then continuously active (e.g. when sending the newsletter), we will only delete your data after you have revoked your consent.

 




5. Disclosure of data

Your personal data will be passed on to third parties if this is necessary for the purpose of contract processing or to provide customers with information, to fulfil legal obligations or if you have consented to the transfer. If necessary, we may also use service providers to help us with advertising and information that may be of interest to you and to conduct surveys that help us to improve our services. The service providers we use (e.g. payment service providers for payment processing, shipping companies for delivery processing, providers for shipping communication, IT companies for technical support for order processing, for e-mail marketing) receive the data in order to fulfil the contracts concluded with you or to support us with advertising or surveys as described above. Our service providers may only use the data to fulfil their task.

 





6. Transfer of data to third countries 


We use services in the course of which data is or may be transferred abroad. The transfer may take place if this third country has been confirmed by the European Commission as having an adequate level of data protection or if other suitable data protection guarantees are in place (e.g. binding internal company data protection regulations or EU standard data protection clauses). 

The European Commission has adopted a new adequacy decision pursuant to Art. 45 GDPR for the USA. This adequacy decision applies to those data importers in the USA that are registered in the Data Privacy Framework List (https://www.dataprivacyframework.gov/s/participant-search).

We check for each of our service providers whether they are registered in the Data Privacy Framework List or otherwise fulfil the legal requirements for data transfer to third countries. If necessary, your consent is required for this (Art. 49 para. 1 lit. a GDPR).

We have no direct influence on the access of US authorities to personal data that is transferred to service providers in the USA when using these services. Even if we assume that the level of protection is guaranteed, access by US authorities to data processed in the USA is nevertheless conceivable:

 




7. Use of Cookies  


In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

As the cookies used also change regularly, we have set out the information on the cookies we use in a separate cookie policy, which can be viewed here and forms an integral part of this privacy policy.

 




8. Use of Google applications


We use Google Analytics, a web analytics service provided by Google Inc (www.google.com).Google Analytics uses so-called ‘cookies’, text files that are stored on your end device and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymisation is active on this website. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser plugin, you can click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will be stored on your end device. If you delete your cookies, you must click the link again.

We also use Google Maps services on our website. If you are logged in to Google, the data will be assigned directly to your account. Google uses your data for the purposes of advertising, market research and customised website design. Further information on the purpose and scope of data collection and the right to object can be found at http://www.google.de/intl/de/policies/privacy.

Google may process your data in the USA. Before you give your consent to the storage of cookies through the use of Google Analytics, please read the relevant information in the privacy policy. Google LLC is registered in the Data Privacy Framework List.

 




9. Use of social media plugins 


We are also represented on various social networks. Some data processing takes place in this context. Further data protection information can be found in their privacy policiesWir sind auch auf diversen sozialen Netzwerken vertreten. Im Rahmen dessen findet eine Datenverarbeitung teilweise statt. Weitere Datenschutzinformationen hierzu sind auf deren Datenschutzerklärungen zu finden:

 

 
  • Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc, Menlo Park, California, is registered in the Data Privacy Framework List. Further information can be found here: https://developers.facebook.com/docs/plugins.

 

 
  • Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc, Menlo Park, California, is registered in the Data Privacy Framework List.

 

 

 

 

 

 

 

The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in the providers' data protection notices.

If you do not want the data collected via our website to be directly assigned to your profile in the respective service, you must log out of the respective service before visiting our website.

 





10. Loyalty Programme | SKINY Fancy Club


1. Use of personal data as part of the Loyalty Programme

When you place your first order, you register for the Loyalty Programme. In the course of this, your name and e-mail address, as well as optionally your date of birth, are stored. The order number, the amount of the order, the returns information and the device, information about the device you are using and the IP address are also processed to calculate and manage the statuses. The legal basis for the processing in this regard is your consent to our GTCs. This data processing serves the purpose of implementing the Loyalty Programme. You can unsubscribe from the Loyalty Programme at any time by sending a message to [email protected].

With your consent, we transmit the data within the Group and to the locations cooperating with us for the purpose of analysing user behaviour and, based on this, for the transmission of information for advertising purposes.

We also use your data to display or send you vouchers and personalised product recommendations, including by email, based on the products you have ordered or viewed and your wish list data.

We process data that we have collected from customers as part of the loyalty programme until revoked, provided that consent has been given.

We use the ‘Yotpo’ programme of Yotpo Ltd, New York, 400 Lafayette St, New York, USA (see https://www.yotpo.com/privacy-policy/) to implement the loyalty programme. Against this background, personal data is also processed in the USA. See also Section VI. Processing of data abroad.

 




11. Data security 


We use HTTPS (the Hypertext Transfer Protocol Secure stands for ‘secure hypertext transfer protocol’) to transmit data tap-proof on the Internet. We have thus introduced an additional security layer and fulfil data protection through technology design. By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission security by the small lock symbol at the top left of the browser, to the left of the Internet address and the use of the https scheme (instead of http) as part of our Internet address.

 




12. Changes to the privacy policy


We reserve the right to amend this privacy policy at any time in order to adapt it to changed legal requirements or technical changes. The current version of the privacy policy is always available on our website. If you have any questions about data protection or wish to exercise your rights in relation to your personal data, you can contact us at any time.

 




13. Your rights


For the purposes of the GDPR, you are a data subject if personal data concerning you is processed by us. For this reason, you can make use of various data subject rights that are enshrined in the General Data Protection Regulation. These are the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to object (Article 21 GDPR), the right to lodge a complaint with a supervisory authority (Article 77 GDPR) and the right to data portability (Article 20 GDPR).

 

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority

 




14. Contact person


If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of consents granted, please contact:

 

HUBER DIGITAL GmbH

Hauptstraße 17

6840 Götzis, Österreich

 

E-Mail: [email protected]