<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=601402&amp;fmt=gif">

Legal Information

PRIVACY NOTICE OF SHOESIZE.ME AG


1. Introduction

We recognize the importance of your privacy and of transparency in our processing of your personal data.


This privacy notice (Privacy Notice) informs you on the personal data that we, ShoeSize.Me AG (we, our or ShoeSize.Me), collect and process when you access and use the services, solutions, and websites we operate, including our size advisor for online shoppers (Size Advisor) and our website available without limitation at www.shoesizeme.com/ and shoeai.com (together the Services). 

By accessing and using the Services, you expressly acknowledge that we may collect and process your personal data in accordance with this Privacy Notice.

2. Who is responsible for the processing of your personal data

ShoeSize.Me AG, Leberngasse 19, 4600 Olten, Switzerland, is responsible for the processing of your personal data through the Services. You will find our contact details below in Section 13.

3. How we collect your personal data

(a.) We collect the personal data that you provide to us.


We collect the personal data that you provide to us when you use Size Advisor and our other Services – either directly on the website we operate, or on the e-commerce platform of our partners which have implemented our plugin (our Partners). We will also collect the personal data that you provide when you create and/or manage a personal account with us, fill in web forms, or communicate with us.


(b.) Some information is mandatory and some is optional.


It is NOT required to create an account with us in order to use our Size Advisor. But when you create/manage an account with us, it is mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to the Services connected to your account. You are not required to complete the optional data fields in order to access the Services. If you have an account, these fields may be completed at any time through your account settings.

(c.) We receive information directly from our Partners using Size Advisor


We collaborate with many Partners, enabling them to make Size Advisor available to their users on their e-commerce platform. In order to make Size Advisor more accurate, our Partners send us information about their customers in a pseudonymized manner.  "Pseudonymized" means that the information that could identify you is replaced by a random code. For instance, we receive a unique code attributed to each customer, as well as encrypted email addresses, but we never receive your name or clear email address. We receive the following information:

  • Customer ID: a random code attributed to each customer
  • Hashed email: an encrypted email address
  • The list of products purchased and/or returned for each attributed Customer ID.
If you are a visitor, user or customer of any of our Partners (a User-of-a-Partner), please read the following: this Privacy Notice does not address how our Partners collect and use your personal data. If you would like to make any requests or queries regarding your personal data, please contact such Partner(s) directly. For example, if you wish to request to access, correct, amend, or delete inaccurate personal data that was originally collected by one of our Partners, please direct your query to the relevant Partner. If we are requested by our Partners to remove any User-of-a-Partner’s personal data, we will respond to such request in a timely manner upon verification and in accordance with applicable law (for example, thirty (30) days under Swiss law or the GDPR). 
(d.) Certain personal data are also collected in an automated manner.


We may also automatically collect personal data, including by means of tools, web forms, cookies and other active elements, such as the history of your interactions with our Services, as further described in this privacy notice. 

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plugin [made available in connection with certain Services]. For more detailed information, please see the cookie section below (section 11).


4. How we process your personal data

We process your personal data by automated means for the purposes indicated in this Privacy Notice and in accordance with applicable law.


We process your personal data in accordance with applicable law, in particular Swiss data protection law and if applicable the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom, using computers or computer tools, in line with the purposes set out in this Privacy Notice.  

We do not make decisions exclusively on the basis of an automated processing which have legal effects on the data subjects or affect them significantly (automated individual decision). We may process your personal data to create a profile about you and provide you with more relevant information and services (profiling), for instance to show you more relevant information based on prior interactions with our Services. We will, however, not do so in relation to children’s personal data. You may have the right to object to such activities, in accordance with applicable data protection laws (see section 12 below for additional information on your rights).

We may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law, in which case this Privacy Notice will no longer apply and we may use such data for purposes not contemplated by this Privacy Notice (e.g. for benchmarking or analytics purposes, or to develop and market new services). You may object to the anonymization or aggregation of your personal data for this purpose at any time (see section 12 below for additional information on your rights).

We take the technical and organizational appropriate security measures to prevent unauthorized access, disclosure, modification, alteration or destruction of your personal data, as specified in Section 10 below.


5. On which legal ground do we process your personal data

We process your personal data only if we have a valid legal ground to do so.

We will only process your personal data if we have a valid legal ground for doing so. Depending on the processing in question, we will only process your personal data if:

  • Data processing is necessary to fulfill our contractual obligations to you or to take pre-contractual measures at your request (Contractual Necessity);

    This is the case in particular when processing your personal data is strictly required to provide you with the Services, as further specified in section 6 below. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b) GDPR;
  • Data processing is necessary for the fulfillment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing (Legitimate Interest);

    Our Legitimate Interests include in particular (i) ensuring that our solutions and related Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting, as well as support services); (ii) improving and developing the Services (including monitoring our performance or the use of the Services, and for statistical purposes); (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); and (iv) achieving our corporate goals. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR;

  • We have obtained your prior consent in a clear and unambiguous manner (Consent);

    We may process your personal data if we have obtained your consent to do so, as further specified in section 6 (f) below. When the GDPR applies, Consent is based on Article 6(1)(a) GDPR;

  • Data processing is necessary to comply with our legal or regulatory obligations (Legal Obligation);

    Finally, we will process your personal data if we are required by law to do so, as further specified in section 6 (e) below. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.
If we access your personal data because it was transmitted to us by one of our Partners (see Section 3 (c) above), it is our Partner which is responsible for ensuring that your personal data is collected and transferred to us in accordance with all privacy and data protection laws of all relevant jurisdictions, based on an appropriate legal ground. Please refer to our Partner’s privacy notice for information about their processing activities. 


6. Purposes for which we process your personal data?

(a.) We process your personal data for legitimate and clearly identified purposes:

Your personal data is collected and processed for the purpose of operating and delivering the Services and for the other legitimate purposes explicitly specified below, only to the extent relevant to achieve these purposes, and is not further processed in a manner that is incompatible with those purposes. 

We process your personal data for the following purposes:

(b.) To provide our Services and operate our solutions.

We mainly process your personal data to provide the Services, based on our Contractual Necessity to do so, including to improve your shopping experience by automating the size selection of footwear or other apparel based on your foot and/or other body dimensions, for creating and maintaining a user account, interacting with you, providing you with the requested information and Services, making the Services available through our website and solutions, as well as for customer and user management purposes. 

In particular, you have the option when using our Services to submit information (such as your age, foot width, foot type, gender, kids shoe length, kids gender, shoe model, brand and size of shoes you wear) in order to receive recommendations about which shoe size to pick. You also have the option to save your answers using your email address. 

In addition to the personal data which you provide, or which is transmitted by our Partners, when interacting with the Services, we automatically collect technical information about your interactions with the Services, such as IP address, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the Services, including your navigation details on our websites. We process this data to establish a connection with your device over the internet, to identify you when you use the Services, control the use of the Services and manage its stability and security, based on our Legitimate Interest to do so.  

Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). This does not include log files, which are automatically deleted or anonymized 30 days after their collection, unless we must retain them for a valid reason.

(c.) To send you our newsletter and other advertising information.

If you subscribe to our newsletter, we will collect your contact details (name and email address) and use it to provide you with our newsletter, based on your Consent. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted. 

We also process the time of registration and your opt-in confirmation based on our Legal Obligation to demonstrate compliance. We also analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter, based on our Legitimate Interest.

We use the third party services of Hubspot to provide our newsletter service and “Hubspot Chat” to communicate with you. Hubspot will have access to your login data in order to provide you with the service. Its privacy policy is applicable in connection with this. It is available at https://legal.hubspot.com/privacy-policy.

We also use Google Ads to promote our business, raise awareness of our services and to help to sell our products and services. You can find Google’s Privacy Terms here.

(d.)  For internal analysis and statistical purposes in order to improve our Services and solutions.

Unless you object to such processing, we may process your personal data, in particular data relating to your use of the Services and your habits and preferences (e.g. your reference shoes, the shoes models you selected, purchased or returned, the date and time of your requests and your preferences), for internal analysis and statistical purposes, in order to better understand the needs of our users and to optimize their experience, and to improve the ergonomics, accuracy and functionality of the Services in general. You may object to such processing activities at any time (see section 12 below for additional information on your rights). However, as further detailed in section 3(c) above, if your request concerns the pseudonymized information which we received from our Partner(s), you should direct your enquiries directly to the relevant Partner(s). 

We do not link this information to you or your account. To assist us in this context, we use analytics tools provided by known market providers – such as Google Analytics – which provide to us only aggregated, non-identifiable data. The privacy policy of Google Analytics is applicable in this context. You will find information on Google Analytics privacy practices and how to opt out of its analytics cookies by clicking on the following link: for Google Analytics.

We also use the following tools:

Name

Link to Privacy Policy

Linkedin Insight Tag

LinkedIn Privacy Policy

Hubspot Analytics

https://legal.hubspot.com/privacy-policy

Google Ads Conversion Tracking

https://policies.google.com/privacy

Matomo Analytics

Self hosted

You will find additional information in Section 11 in relation to the use of cookies for this purpose, including on the duration for which data collected this way are stored. Data collected by other means is deleted or anonymized 7 days after their collection.

(e.) To comply with our other Legal Obligations or for other Legitimate Interests.

We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise or defense of legal claims. 

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us.  

(f.) If we have obtained your consent

In addition to the above, we may process your personal data if we have obtained your prior unambiguous consent for specific purposes. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal. For children under 16 years old, the consent must be provided by an adult with parental responsibility. 


7. The circumstances in which we disclose your personal data to third parties

 We may disclose your personal data to third parties if this is necessary for the operation of the Services or to comply with a legal obligation.

We may disclose your personal data to third parties in connection with the operation of the Services, and to subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Amazon Web Services (cloud/storage provider), Google Analytics (data analytics tool). More detailed information on these providers can be found in the previous section. We also use cloudflare (connectivity and security tool) for which you can find their Privacy Policy here.

If you use our Services on the e-commerce platform of one of our Partners, we will communicate with this Partner to enable you to benefit from the Services (such as providing you with a size recommendation), and the Partner will have access to this information.  

We may also enable you to use third-party services to log in to the use Services, for instance using your Facebook or Google credentials, in which case you acknowledge that the third-party operators of such services may access some of your personal data related to the Services, in accordance with their own privacy practices.

Our Services may also contain links to other websites. This Privacy Notice applies only to our actions and does not apply, in particular, to the practices of third-party companies, individuals, or any other websites that may be referenced on the Services. You should carefully review the privacy policies of any other websites you visit from the Services to learn more about their personal data processing practices. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those other websites. We are not responsible for their privacy practices.

 We may also disclose your personal data to third parties where we have a legal obligation to do so or a legitimate interest in doing so.

We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular if we transfer our assets to another company.


8. International Transfers

Your personal data is stored in Switzerland and/or the European Union, or in the geographic location where you reside, but may in certain circumstances be disclosed in other countries.

We  mainly store your personal data on servers located in Switzerland and/or the European Union. We may also store a copy your personal data near to the geographic location where you reside (e.g. in the U.S. for U.S. users) in order to provide you with a better service. 

In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g. Amazon Web Services and Google are headquartered in the U.S., from which location some data may be available). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission. 

If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 13 below.


9. How long we store your personal data?

Your personal data will not be stored longer than necessary.

We will erase or anonymize personal data as soon as it is no longer necessary for us to fulfill the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above. If you suppress your user account, we will delete your personal data within 30 days after such event, unless data must be retained for a valid reason.


10. Security

We maintain physical, technical and procedural safeguards to keep secure your personal data.

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We use two-factor authentication whenever possible. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our Services, we encrypt it using Transport Layer Security (TLS) technology.

Although we take appropriate steps to protect your personal data, no website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.

If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Services).

 


11. How we use cookies or other analytics tools

We use Cookies, other analytical tools and similar technologies in connection with the Services.

We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies), some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.

These technologies are generally used to monitor and analyze your interactions with the Services and/or to enable us to improve the Services and their functionalities, including customizing the Services, depending on your interactions. We may also use Cookies to measure and monitor the traffic and use of the Services and their performance. 

Cookies are generally divided in four categories:

A. Essential Cookies. Some cookies are placed on your electronic devices to make the Services capable of being used, by providing basic features such as page browsing and accessing secure areas. The Services cannot function properly without this type of Cookies.

B. Functionality Cookies. Some Cookies enable the Services to remember choices persons make, for example, user name, and language or text size. These cookies are known as “functionality cookies” and help to improve a person's experience of the Services by providing a more personalized service.

C. Advertising Cookies. These cookies are use to better understand user interests and to display more relevant advertisements.

D. Statistical / Productivity. Statistical/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the Services by anonymously collecting and reporting information.

Our use of cookies may vary depending on the section or functionalities of the Services you access.

You can manage Cookies through the settings of your web browser and/or electronic device.

If you do not want Cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. However, some Cookies are essential to the functioning of the Services, and they may operate differently if you refuse or completely restrict Cookies.


For more information, please visit the website http://www.allaboutcookies.org You can also see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies.

The following Cookies are used:

Name 

Owner

Purpose / Description

Duration and expiry

Type

ssm_sid

Partner(*)

Session-Id to identify product returns

indefinite

Required

ssm_auth_token

Partner(*)

Authorisation key to access our service

indefinite

Required

ssm_profile

Partner(*)

Status which distinguishes new customers

indefinite

Required

 

(*) Our partners who have integrated our services.
In addition, we may use Google Analytics, in relation to which the following Cookies are placed:

Name 

Owner

Purpose / Description

Duration and expiry

Type

_gcl_au

Google

Used by Google Analytics to understand user interaction with the Services. https://policies.google.com/privacy

90 days

Analytics

_ga

Google Analytics

Used to compute visitor, session, campaign data and to keep track of the use of the service for service analysis reporting.

It stores a number generated randomly to identify unique visitors

https://policies.google.com/privacy

2 years

Analytics

_gid

Google Analytics

Used to store information about the use of a website by visitors and creates an analytical report on the functioning of the website.

It stores the number of visitors, their source and the page visited in pseudonymised form.

https://policies.google.com/privacy

1 day

Analytics

_gat_UA-126103277-1

Google

Attribute Cookie. Contains the unique identification number of the account or website to which it relates. 

This is a variant of the gat_cookie which is used to limit the amount of data stored by Google on high traffic websites.

https://policies.google.com/privacy

1 minute

Analytics

 


12. Your rights with regard to the processing of your personal data

(a.) You have the right to access your personal data we process and may request without limitation that they be removed, updated, or rectified.

Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons. However, if your request concerns personal data which was provided to us by one of our Partners, you should directly contact such Partner (see Section 3 (c) above for more details).

By accessing your user account (if any), you can review, update, correct or delete the personal data available within your user account. 

If you wish us to delete your personal data from our systems, you may send us a request to the contact details below, which we will comply with unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent. 

You will find further details of your rights in sections 4 and 5 of this Privacy Notice in connection with each processing activity we perform.

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances. In particular, if the GDPR applies to the processing of your personal data the GDPR grants you certain rights as a data subject if the respective requirements are met:

  • Right of access (Art. 15 GDPR) - you have the right to access and ask us for copies of
    your personal data.
  • Right to rectification (Art. 16 GDPR) - you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure (Art. 17 GDPR) - you have the right to ask us to erase your personal data in certain circumstances.
  • Right to restriction of processing (Art. 18 GDPR) - you have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20 GDPR) - you have the right to ask that we transfer in a structured, commonly used and machine-readable format the personal data you gave us to another organization, or to you, in certain circumstances.
  • Right to object to processing (Art. 21) - you have the right to object to the processing of your personal data which is based on our Legitimate Interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.

As a rule, you are not required to pay any charge for exercising your rights and we will respond to your request within one month. 

(b.) You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above. 

Although this is not required, we recommend that you contact us first (see section 13) as we might be able to respond to your request directly.


13. Contact Us

If you believe your personal data has been used in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at privacy@ShoeSize.Me

You may also directly contact our Data Protection Officer, who is also our representative in the EU pursuant to Article 27 GDPR, using the following contact details: Wilhelm Steitz (wilhelm.steitz@shoesize.me), Grundfeld 18a, 85778 Haimhausen, Germany, +49 160 96971677.


14. Changes to this Privacy Notice

This Privacy Notice may be subject to amendments, in particular with to adapt it to any new commercial or technological practice or change in law, in which we will inform you by any appropriate means, including by email and/or via the Services (e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the Services.



Last updated: February 2024