Thank you for showing an interest in our online offer. Here, we will inform you in detail about how we process your personal data when using our offers:
Personal data means all data that can be personally related to you, e.g. name, address, telephone number, email address or user behaviour.
The service provider and party responsible for processing personal data (‘controller’) is sprd.net AG, Gießerstraße 27, 04229 Leipzig, Germany (hereinafter referred to as “Spreadshirt”). You can reach us using the following contact details:
Telephone: + 49 (0) 341 25 049 946
Fax: +49 (0) 341 59 400 5499
Email: privacy@spreadshirt.net
You can reach our external data protection officer at Fresh Compliance GmbH, Schönhauser Allee 43a, 10435, Germany; e-mail: dsb@freshcompliance.de
Shop Owners are solely responsible or jointly responsible with us for certain aspects of data processing. You can find details in the relevant data processing section. The name and contact details of Shop Owners are stored in the legal information section of the respective shop.
When using the Spreadshirt website for information purposes only, so when you do not log in to use the website, register or otherwise provide information, we collect the data that your browser transmits to our server. This includes in particular:
The data is technically necessary for us to display our website to you. It is also evaluated to make the website user-friendly and to ensure stability and security. For this purpose, we partly use the external web hosting service providers Akamai Technologies, Inc. and Amazon Web Services, Inc. In the event that data is also transferred to the USA, both service providers have subjected themselves to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework/). The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
In addition, we also use cookies on our website. Cookies are small text files that are assigned to your browser and stored on your device. Through them, certain information flows to the place that sets the cookie, such as settings or data for exchange with the system. This helps us to make our website more user-friendly and effective overall. The legal bases for this are Art. 6(1) Sentences 1(a) and (f) GDPR. Cookies cannot execute programs or transmit viruses to your device.
Our website uses the following types of cookies:
Session cookies store what’s called a session ID, which can be used to assign different requests of your browser to a common session. This allows your device to be recognised when you return to our website. For example, this lets you store certain information you have entered (such as log-in information, language settings) in such a way that you do not have to repeat it constantly. Session cookies are automatically deleted when you log out or close your browser.
Long-term cookies remain on your device for the time being, so that we can recognise your browser on your next visit and we can, for example, assign your preferred information and settings. Long-term cookies are automatically deleted after a specified period, which may vary depending on the cookie.
When you visit our website, our partner companies also store third-party cookies on your device. The cookies contain information about how our website is used, e.g. which pages and products were visited. The data is collected in a pseudonymised form by assigning an identification number, which is not combined with any other personal data you may have provided to us.
You can delete cookies in your browser settings at any time or prevent them from being stored, although the latter may result in a restriction of the functionality of our website for you. In the relevant sections of this Privacy Policy, we explain which technologies that are comparable to cookies are used on our website and how you can object to the use of cookies and other technologies with the individual third-party providers.
a) If you want to order something in our online shop, it is necessary for the conclusion of the contract that you give us the personal data we need to process the order. The mandatory data required to process the contract is marked as such; all other data you provide is voluntary. You can either enter your data only once for the order or use your email address to set up a password-protected user account with us, in which your data can be stored for later purchases until you revoke your consent. You can deactivate or delete the data and the user account at any time via the account.
To prevent unauthorised access to your personal data by third parties, the order process is encrypted using TLS technology.
When we process the data provided by you to process your order, this includes, for example, individual customer service. In the course of order processing, we pass on personal data to one of our production companies within the group, to a shipping company commissioned by us and (with the exception of PayPal) to our bank, ADYEN B.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Netherlands (“Adyen”). The payment data is encrypted and transmitted directly to Adyen.
Payment via PayPal is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). For information about data protection at PayPal, please refer to PayPal’s privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-prev?locale.x=en.
In the case of trackable parcels, we also pass on your order and address data to parcelLab GmbH, Landwehrstraße 39, 80336 Munich, Germany, to make it possible to track your parcel and to inform you about delivery deviations or delays, for example.
We work with external shipping service providers (e.g. DHL) to deliver orders. These shipping service providers receive the following data from us for the purposes of processing the relevant order:
We also use your data to collect outstanding debts. For this we involve KSP Kanzlei Dr. Seegers, Dr. Frankenheim Rechtsanwaltsgesellschaft mbH, Kaiser-Wilhelm-Straße 40, 20355 Hamburg, Germany or EOS Deutscher Inkasso-Dienst GmbH, Steindamm 71, 20099 Hamburg, Germany.
The legal bases for the processing of personal data as part of order processing are Art. 6(1) Sentences 1(b) and (f) GDPR. Due to commercial and tax regulations, we are obliged to store your order, address and payment data for a period of ten years.
b) During the order process we also conduct a fraud prevention check via our bank Adyen, which involves using your IP address to carry out a geolocalisation and compare your data with previous experience. This may mean that an order cannot be placed with the selected payment method. Our aim in this regard is to prevent any abuse of your chosen payment method by third parties and to protect ourselves from payment defaults. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
Since this involves automated decision-making, you have the right to challenge the decision (in this case the refusal of a certain payment method) and have the decision reviewed by a person. In such cases we ask that you contact us using the contact details mentioned in Section 1. Please note that the payment method may have been rejected due to a typing error and you should, therefore, check what you have entered again during the order process if necessary.
c) During the ordering process we use Google Maps Autocomplete, a service of Google LLC (“Google”). This allows an address you start typing to be completed automatically, avoiding delivery errors. Google sometimes conducts a geolocalisation using your IP address and receives the information that you have retrieved the corresponding subpage of our website. In addition, the data referred to in Section 2.1 is transmitted. This is regardless of whether you have a Google account and are logged in. Once you are logged in to your Google Account, the information will be directly associated with your account. If you do not want this assignment to occur, you must log out before entering your address. Google stores your data as user profiles and uses it (even in the case of users who are not logged in) for the purposes of advertising, market research and/or the needs-oriented design of its own website. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). You can object to Google creating such user profiles. For more information about the purpose and scope of data processing by Google and about protecting your privacy, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en. The binding terms of use for Google Maps/Google Earth can be found here: https://www.google.com/intl/en_US/help/terms_maps.html. Third-party provider information: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
d) After you place an order, we will process your order and address data to send you a personalised email asking you to rate our products. By obtaining ratings, our aim is to improve our services and adapt them to our customers’ wishes. We use the feedback software of eKomi Ltd, Markgrafenstraße 11, 10969 Berlin, Germany (“eKomi”). For the purpose of sending the feedback email (and in the event that a moderation or conciliation procedure is conducted via eKomi following negative feedback), we pass on your email address, name, order number, product types and a unique ID to eKomi for identification purposes and in order to generate a feedback link.
The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. If you no longer want your data to be used for this purpose, you can object to this at any time. Just click on the unsubscribe link included with each email or send a message using the contact details provided under Section 1.
e) We also use Google Customer Reviews, a service of Google Ireland Ltd. (“Google”), through which we receive feedback about us as a seller and about our products. This allows us to improve our services and adapt them to our customers’ wishes. The legal basis is Art. 6(1) Sentence 1(f) GDPR. After placing an order, you can give Google permission to use your email address to request a review. In the event that data is also transferred to a Google server in the USA, Google LLC has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework/). You can revoke your consent to the use of your data at any time by clicking on the unsubscribe link contained in the emails from Google. For more detailed information about the purpose and scope of data processing by Google and about protecting your privacy, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en. Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: + 353 (1) 436 1001.
a) If you want to offer designs on our marketplace or operate a shop, it is necessary for the conclusion of a contract with us that you use your email address to open a password-protected user account and store your name and address there. For the payout of earnings, it is necessary that you additionally provide your bank details or your PayPal information as well as information about your tax status. Any other information you may provide to us when using the account is voluntary. You do not have to enter a real name when choosing your username. You can manage and change this information in your account. You can also deactivate or erase it – or the entire user account. If this affects data necessary for the performance of the contract, we may retain that data for a longer period in accordance with commercial and tax regulations (standard period of ten years). We process this data to conduct the contractual relationship that exists with you; the legal bases are Art. 6(1) Sentences 1(b) and (f) GDPR.
b) Within the scope of the contractual relationship, we also process the email address provided by you in order to send you emails at irregular intervals containing information and tips about the Marketplace and your Shops (“Partner Newsletter”). We use your name to allow us to personalise these emails. We may also personalise the information and tips we send in these emails, namely on the basis of (i) your input and other activities in your user account and/or (ii) depending on certain events for the duration of the contractual relationship. For instance, we may remind you to complete empty data fields. We may send you tips and suggestions for design creation if you set up a user account but have not yet uploaded any designs.
To this end, the data is passed on to the software company Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany (“Emarsys”), which handles the technical side of the mailing on our behalf. You can unsubscribe from the Partner Newsletter at any time by clicking on the unsubscribe link provided in each email, informing us via the contact details specified in Item 1, or changing your newsletter settings in your user account (“My Account” – “Newsletter subscriptions”).
When sending the Partner Newsletter, we use Emarsys to statistically evaluate your user behaviour in order to optimise the design. To enable this evaluation, the emails contain what are called web beacons or tracking pixels. These are single-pixel image files that establish a connection to our website und thus permit a log file analysis. The web beacons are linked with the data mentioned in Section 2.1 a and an individual ID. The links contained in the email also contain this ID. For example, we can see if and when an email has been opened and which links have been clicked on. The data is stored on the Emarsys servers for 13 months and collected pseudonymously, meaning the IDs are not linked to other personal data at this point, thus ruling out any possibility of direct personal reference. You can object to the recording of your usage behaviour at any time by clicking on the unsubscribe link provided in each email, informing us via the contact options listed in Section 1, or changing the newsletter settings in your user account (“Account settings” – “Newsletter subscriptions”). Recording is not possible if you have disabled the display of images in your email settings. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. If you choose to display the images manually, recording will take place as described above.
The legal bases for the processing are Art. 6(1) Sentences 1(a), (b) and (f) GDPR.
c) If you store your address in your user account, we use Google Maps Autocomplete, a service of Google LLC (“Google”). This allows an address you start typing to be completed automatically. This helps us verify your address, which we do for tax reasons. Google sometimes conducts a geolocalisation using your IP address. We also use Google Fonts to enhance the user experience in the Partner section of your account as well as Google Calendar to inform you about Partner-related promotions for customers. Via these services and applications, Google receives the information that you have retrieved the corresponding subpage of our website. In addition, the data referred to in Section 2.1 is transmitted. This is regardless of whether you have a Google account and are logged in. Once you are logged in to your Google Account, the information will be directly associated with your account. If you do not want this assignment to occur, you must log out before entering your address. Google stores your data as user profiles and uses it (even in the case of users who are not logged in) for the purposes of advertising, market research and/or the needs-oriented design of its own website. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). You can object to Google creating such user profiles. For more information about the purpose and scope of data processing by Google and about protecting your privacy, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en. The binding terms of use for Google Maps/Google Earth can be found here: https://www.google.com/intl/en_US/help/terms_maps.html. Third-party provider information: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
d) By activating a Spreadshop, a Shop Owner triggers the processing of personal data by Spreadshirt. The Shop Owner and Spreadshirt are jointly responsible for the data processing facilitated by Spreadshirt. This joint responsibility only extends to the personal data processing operation(s) for which the Shop Owner actually determines the purposes and means:
Spreadshirt remains solely responsible for the processing of personal data relating to purchases in the Spreadshop, order processing and customer service.
If you contact us via a contact form, letter, fax, email, social media or telephone, we process the data provided by you for the purpose of processing your enquiry and – only in the legally permissible cases when communicating with entrepreneurs – for advertising purposes. We use the software of Sematell GmbH, Neugrabenweg 1, 66123 Saarbrücken, Germany, to coordinate and process emails, which means that Sematell GmbH gains access to the data. We use the management software of Hootsuite Media, Inc, 5 East 8th Avenue, Vancouver, BC, Canada to coordinate and process enquiries via our social media channels Twitter, Facebook and Instagram. The EU Commission has established the adequacy of the level of data protection in Canada. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. If the aim of establishing contact is to conclude a contract, then an additional legal basis is Art. 6(1) Sentence 1(b) GDPR.
In our blog, where we publish various articles on topics related to our activities, you can post public comments. Your comment will be published along with your chosen username. We recommend using a pseudonym instead of your real name. It is necessary to provide a username and email address, while all other information is voluntary. The necessary information is processed to run the Forum. We need your email address to contact you if a third party should complain that your comment is unlawful. We reserve the right to delete comments if third parties complain that they are unlawful. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
With the exception of a few sections, our Forum can be read without the need to register. If you wish to actively participate in the Forum under your chosen username, you must log in using your Spreadshirt user account access data. To open a Spreadshirt user account, only your email address and a password are required. We process your activities (public posts, private messages, likes, profile information, activity logs) and your IP address in order to operate the Forum. The legal basis is Art. 6(1) Sentence 1(f) GDPR. If you deactivate or delete your user account, your public posts will continue to be visible. If you would like your public posts to be deleted, please contact us using the contact details provided in Section 1. When writing a comment and in the Forum settings (under “Preferences” – “Emails” and “Notifications”), you can specify in which cases and to what extent you would like to be notified by email about new activities in the Forum. You can unsubscribe again at any time, either in the Forum settings or by clicking on the unsubscribe link contained in the respective notification email.
Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. (“Google”). Google uses cookies (see Section 2.1 b), which enable an analysis of your use of our website. The information generated by the cookie about usage is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on our website, your IP address will first be shortened by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use.
The IP address transmitted by your browser in the context of Google Analytics will not be combined with other data held by Google.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this you may not be able to use the full functionality of our website. You can also prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout/. Specifically in the case of mobile devices, you can prevent Google Analytics from recording data by clicking here: DisableEnable Google Analytics. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website.
This website uses Google Analytics with the “_anonymizeIp()” extension. Consequently, IP addresses are further processed in shortened form, so that any personal association with the data subject can be ruled out. As far as the data collected about you relates to you personally, that association is therefore ruled out immediately and the personal data thus erased without delay.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics this yields allow us to improve our website and make it more interesting for you as a user. We also use Google Analytics to share limited aggregated & anonymised data with Shop Owners, including for example the number of visits to their Shop over time, and the referral sources for those visits (e.g., Facebook vs Google search). For the exceptional cases in which personal data is transferred to the USA, Google LLC has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). The legal bases for our use of Google Analytics are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: + 353 (1) 436 1001. See also the terms of use (https://www.google.de/analytics/terms/gb.html) and privacy overview (https://support.google.com/analytics/answer/6004245?hl=en) for Google Analytics as well as Google’s privacy policy: https://policies.google.com/privacy?hl=en.
To allow us to analyse and regularly improve the use of our website, our website also uses the Adobe Analytics web analytics service. The statistics this yields allow us to improve our website and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Adobe has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). The legal bases for our use of Adobe Analytics are Art. 6(1) Sentences 1(a) and (f) GDPR.
The analysis involves storing cookies (see Section 2.1 b) on your device. The information collected in this way is stored on servers, including in the USA. We would like to point out that if you prevent the storage of cookies, you may not be able to use this website in its entirety. You can adjust your browser settings to prevent the storage of cookies. You can also prevent Adobe Analytics from recording your data on this website by clicking here: DisableEnable Adobe Analytics. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. How to prevent the recording of your data on other websites is explained on the respective sites and at https://www.adobe.com/privacy/opt-out.html.
Our website uses Adobe Analytics with the settings “Before Geo-Lookup: Replace visitor’s last IP octet with 0” and “Obfuscate IP-Removed”, which removes the last octet from your IP address and replaces it with a generic IP address, i.e. one that can no longer be assigned. Any personal connection can therefore be ruled out.
Third-party provider information: Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; privacy@adobe.com; Adobe’s privacy policy: https://www.adobe.com/privacy/policy.html.
Our online offering also uses the Lead Forensics service provided by Lead Forensics Limited. The service uses a tracking code to identify companies that visit our online offering based on their business IP address. If your IP address is not associated with a company, Lead Forensics does not process the IP address. If you visit our online offering from a business IP address and the company is in Lead Forensics Limited's database, Lead Forensics will show us details of the company and its visits to our online offering. For example, we see - among other things - the number, times and duration of visits, which pages of our online offering were visited, from which location and via which page the visits came (e.g., Google, social media), as well as publicly available information about key employees of the company (including name, job title, business email address and LinkedIn profile, if applicable). However, the data is not used to identify individual users of our website. The data is used to analyse which companies are interested in our online offer so that we can adapt and optimize the offer according to their interests. The legal basis for the processing is article 6(1), sentence 1(a) of the GDPR. You may withdraw your consent at any time in the manner described below (without affecting the lawfulness of the processing carried out until the withdrawal).
You can prevent the storage of cookies in the browser settings. We would like to point out that in this case you may not be able to use all functions of our online offer. You can also prevent Lead Forensics from collecting information on this online site by clicking here: DisableEnable Lead Forensics . An opt-out cookie is set, which prevents future collection of data when visiting our online offer. The opt-out cookie is set per top-level domain, per browser and per end device and prevents the collection of data only for this online offer. How to prevent collection on other Internet sites (if necessary), is explained on the respective pages and here: https://optout.leadforensics.com/.
Information of the third party provider: Lead Forensics Limited, 3000 Lakeside Western Road, Portsmouth, PO6 3EN, England, United Kingdom. The EU Commission has determined the adequacy of the level of data protection in the United Kingdom (adequacy decision of June 28, 2021). For more information about Lead Forensics Limited's privacy policy, please see their Privacy Policy.
Our website also uses the web analytics service Hotjar from Hotjar Ltd. This service allows us to track movements on our website (so-called heat maps). These make it possible to see how much time you spend on which pages, how far you scroll, the movement of your mouse and how often you click on certain links and buttons. Your keystroke data, i.e. your entries in input fields, are not recorded. Hotjar uses cookies (see point 2.1 b) to collect this information about your behavior, as well as the following information about your device: IP address of the device (only collected and stored in an abbreviated, anonymized form), screen size, device type (unique device identifiers), browser used, geographic location (country only) and language preferred when viewing the online offer. Hotjar Ltd. stores the information on servers in Ireland for 365 days, after which the data is deleted. Neither Hotjar Ltd. nor we will merge or associate the information with any other data about you, and it will not be used to identify individual users. The data collected by Hotjar Ltd. is only used for our internal evaluation of the user behavior when interacting with our online offer. It is used to improve aspects of user-friendliness of our website. The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. You can revoke your consent to the processing as stated below at any time (without this affecting the lawfulness of the processing up to the point of revocation).
You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do this you may not be able to use the full functionality of our website. You can also prevent Hotjar from recording your data on this website by clicking here: DisableEnable Hotjar. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device, and only prevents the recording of data for this website. How to prevent collection on other websites is explained on the respective site and here: https://www.hotjar.com/privacy/do-not-track/.
Third Party Information: Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ, Malta. For more information about Hotjar Ltd.'s privacy practices, please see their privacy policy: https://www.hotjar.com/legal/policies/privacy.
Our partners can also use the Google Analytics web analytics service (see Section 2.5 a) in their Spreadshirt shops themselves, as a rule to analyse use of the shop and improve their offer in the shop. In this case, they determine the purposes and means of processing personal data. The name and contact details of our partners are stored in the legal information section of the respective shop.
If you register separately for our newsletter via our website and give us your consent, we will use your email address to send you regular emails about product offers, discounts and contests. To this end, we pass the data on to the software company Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, 80339 Munich, Germany (“Emarsys”), which handles the technical side of the mailing on our behalf.
When you register for our newsletter, we use the so-called double opt-in procedure. This means that after you register we will send you an email to the email address you provided, in which we ask you to confirm that you would like to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after one month. On the other hand, if you confirm the newsletter subscription, we will save your email address for the purpose of sending you the newsletter until you unsubscribe from the newsletter.
You can revoke your consent to the sending of the newsletter at any time (without this affecting the lawfulness of the processing up to the point of revocation). You can declare your revocation by clicking on the link provided in every newsletter email, by emailing privacy@spreadshirt.net or by sending a message to the contact details provided in Section 1.
When sending the newsletter, we use Emarsys to statistically evaluate your user behaviour in order to measure how successful the newsletter is and to optimise its design. To enable this evaluation, the emails contain what are called web beacons or tracking pixels. These are single-pixel image files that establish a connection to our website und thus permit a log file analysis. The web beacons are linked with the data mentioned in Section 2.1 a and an individual ID. The links contained in the newsletter also contain this ID. For example, we can see if and when an email has been opened and which links have been clicked on. The data is stored on the Emarsys servers for 13 months and collected pseudonymously, meaning the IDs are not linked to other personal data at this point, thus ruling out any possibility of direct personal reference. You can object to the recording of your usage behaviour at any time by clicking on the unsubscribe link provided in each email or by informing us using the contact details provided in Section 1. Recording is not possible if you have disabled the display of images in your email settings. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. If you choose to display the images manually, recording will take place as described above.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
As a Spreadshirt customer, so if you order something in our online shop (see Section 2.2 a), we process the email address you provide in order to send you regular email recommendations for products that might be of interest to you based on your previous orders from us. We also use your name to allow us to personalise these emails. The data is passed on to the software company Emarsys (see Section 2.6 a), which handles the technical side of the mailing on our behalf. The legal bases are Section 7(3) of the German Act against Unfair Competition (UWG) and Art. 6(1) Sentence 1(f) GDPR.
You receive these product recommendations because you did not object to the use of your email address for this purpose by removing the corresponding check mark during the order process. If you subsequently no longer wish to receive product recommendations or any advertising messages, you can object at any time without incurring any costs other than the transmission costs at the basic rates. Just click on the unsubscribe link included with each email, send a message using the contact details provided under Section 1 or – if you have a user account with us – adjust your newsletter settings accordingly (“Account settings” - “Newsletter subscriptions”).
When sending the product recommendations, we use Emarsys to statistically evaluate your user behaviour in order to measure their success and to optimise their design. The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR. To enable this evaluation, the emails contain what are called web beacons or tracking pixels. These are single-pixel image files that establish a connection to our website und thus permit a log file analysis. The web beacons are linked with the data mentioned in Section 2.1 a and an individual ID. The links contained in the email also contain this ID. For example, we can see if and when an email has been opened and which links have been clicked on. The data is stored on the Emarsys servers for 13 months and collected pseudonymously, meaning the IDs are not linked to other personal data at this point, thus ruling out any possibility of direct personal reference. You can object to the recording of your usage behaviour at any time by clicking on the unsubscribe link provided in each email, informing us via the contact options listed in Section 1, or – if you have a user account with us – changing the newsletter settings in your user account (“Account settings” – “Newsletter subscriptions”). Recording is not possible if you have disabled the display of images in your email settings. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. If you choose to display the images manually, recording will take place as described above.
In exceptional cases where you register separately in a Spreadshirt shop for a Shop Partner’s newsletter and thus give your consent, we transmit your email address to the Shop Partner so that it can send you emails on product offers, discounts and contests.
You can revoke your consent to the sending of the newsletter at any time (without this affecting the lawfulness of the processing up to the point of revocation). This revocation must be declared vis-à-vis the Shop Partner. The contact details of the respective Shop Partner can be found in the legal information section of their Spreadshirt shop.
The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR.
Our website uses various conversion tracking and retargeting technologies made available by other service providers. We use these technologies to make our website interesting for you. The information also helps us to address users who have already shown an interest in our products with individually tailored advertising on the websites of our partner companies. We assume that the display of personalised, interest-based advertising is generally more interesting for the internet user than advertising that has no such personal relevance. At the same time, we want to avoid inappropriate and intrusive advertising.
General information about third-party advertising-based technologies and how to disable them can be found on the following websites, among others:
- Google AdWords conversion tracking
We use Google AdWords, a service of Google LLC (“Google”), to use ads (so-called Google AdWords) to draw attention to our offers on external websites. In relation to the data of advertising campaigns, we can identify how successful the individual advertising activities are. In this way we want to show you advertising that is of interest to you, make our website more attractive to you and achieve a fair calculation of advertising costs.
These ads are deployed by Google via so-called ‘ad servers’. For this purpose, we use ad server cookies, which enable the tracking of certain parameters for measuring success, such as the display of ads or clicks by users. If you arrive at our website via a Google ad, Google AdWords will store a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. Analysis values usually stored for this cookie are the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (marker showing that the user no longer wishes to be targeted).
These cookies allow Google to recognise your internet browser. If a user visits certain pages of an AdWords customer’s website (in this case ours) and the cookie stored on their device has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this site. Each AdWords customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of AdWords customers. We do not collect and process any personal data in the aforementioned advertising activities. Google merely provides us with statistical evaluations. On the basis of these evaluations we can identify which of the advertising activities used are particularly effective. We do not receive any further data from the use of ads; in particular we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further processing of the data collected by Google through the use of this tool and therefore inform you according to what we know: By integrating AdWords Conversion, Google receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address.
We use Google Enhanced Conversions on our website to improve analysis of online user actions. For the use of Google Ads Enhanced Conversions, encrypted user data (here: the user’s email address) is shared with Google. If a user performs a specific action on our website, e.g. makes a purchase, user data is collected, encrypted and sent to Google in encrypted form, then used to improve conversion measurement. Google then compares the transmitted user data to existing Google customers to see if they match. This information is used to assign users to the corresponding Google accounts that users were logged into when they interacted with one of our ads.
- Google AdWords remarketing
Besides AdWords Conversion, we also use Google’s remarketing feature. This is a process we use in an attempt to contact you again. After visiting our website, this feature makes it possible to show you our ads when you continue to use the internet. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when visiting various websites. This is how Google can determine that you have previously visited our website. According to its own information, Google does not combine the data collected in the context of remarketing with your personal data, which may be processed by Google. Specifically, according to Google, pseudonymisation is used during remarketing.
There are various ways in which you can prevent your participation in this tracking procedure:
The legal bases for the processing of your data are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For further information about privacy at Google, please refer to: https://policies.google.com/privacy?hl=policies and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at: http://www.networkadvertising.org. Google has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
- Facebook Custom Audiences
Our website also uses the Website Custom Audiences remarketing function of Facebook, Inc. (“Facebook”). This allows users of the website to see interest-based ads (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the process. Our intention here is to show you ads that are of interest to you.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further processing of the data collected by Facebook through the use of this tool and therefore inform you according to what we know: By integrating Facebook Custom Audiences, Facebook receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will obtain and store your IP address and other identifying information.
- Facebook Website Custom Audiences
Our website also uses the Facebook product “Custom Audiences from your website”. For this purpose, we have integrated remarketing tags (so-called Facebook Pixel or web beacon) into our website. The Facebook Pixel is a small piece of JavaScript code that provides a range of functionalities for sending application-specific events and user-defined data to Facebook. We use the Facebook Pixel to track how visitors use our site. The Facebook Pixel records and reports to Facebook information about the user’s browser session, a hashed version of the Facebook ID, and the URL being viewed. Every Facebook user therefore has a device-independent Facebook ID, which enables us to recognise users across multiple devices on the social network Facebook so that we can use Facebook Ads to reach our visitors again for advertising purposes. After 180 days, the user information is deleted until the user returns to our website. No personal information is transmitted to us about individual website visitors, and we can only specifically deploy ads to website custom audiences if the custom audience has reached a critical size. This makes it impossible for us to determine the individual identities of visitors.
- Facebook Conversion Tracking
We also use the Facebook Pixel on our website to measure the reach of ads. This allows us to track users’ actions after they have seen or clicked on a Facebook Ad. The Facebook Pixel records and reports to Facebook information about the user’s browser session, a hashed version of the Facebook ID, and the URL being viewed. The way it works is comparable to Facebook Website Custom Audiences via the Facebook Pixel, which is already described above. Using the hashed Facebook ID, we can measure the reach and effectiveness of an ad to find out whether you are actually interested in our advertising. This enables us to measure the effectiveness of Facebook Ads for statistical and market research purposes. For us, the data used is not personally identifiable.
We use Meta Advanced Matching on our website to improve analysis of online user actions. For the use of Meta Advanced Matching, encrypted user data (here: the user’s email address) is shared with Meta. If a user performs a specific action on our website, e.g. makes a purchase, user data is collected, encrypted and sent to Meta in encrypted form, then used to improve conversion measurement. Meta then compares the transmitted user data to existing Meta customers to see if they match. This information is used to assign users to the corresponding Meta accounts that users were logged into when they interacted with one of our ads.
You can prevent Facebook from recording your data on this website by clicking here: DisableEnable Facebook Custom Audiences, Facebook Website Custom Audiences and Facebook Conversion Tracking. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. How to prevent the recording of your data on other websites is explained on the respective sites, and if you are a user who has logged in to Facebook, here: https://www.facebook.com/settings/?tab=ads#_.
The legal bases for the processing of data when using the functions specified above are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, telephone: +0016505434800, fax: + 0016505435325. For more information about data processing by Facebook, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy.
- LinkedIn conversion tracking
Our website uses the feature “LinkedIn conversion tracking” from LinkedIn Ireland Unlimited Company (“LinkedIn”) to measure the reach of ads. This is to determine how successful individual advertising activities are on LinkedIn. Our intention here is to develop and display advertising that is of interest to you and make our website more attractive. For this purpose, the LinkedIn Insight Tag is integrated into our website. This JavaScript code enables LinkedIn to use cookies to collect pseudonymous data about your visit and the use of our website (e.g. about the browser session and the website displayed) and to provide us with aggregated, non-personal statistics on this basis. This allows us to trace the actions that have taken place after a LinkedIn ad has been viewed or clicked on.
- LinkedIn website retargeting
Our website also uses the “LinkedIn website retargeting” feature. After visiting our website, this feature makes it possible to show you our ads when you continue to use the internet. Our intention here is to show you ads that are of interest to you. This is done by means of a cookie stored in your browser (see above for more information), which is used to record and evaluate your usage behaviour. No personal information is transmitted to us about individual website visitors, and we can only specifically deploy ads to website custom audiences if the custom audience has reached a critical size. This makes it impossible for us to determine the individual identities of visitors.
There are various ways in which you can disable this tracking. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent LinkedIn from recording your data on this website by clicking here: DisableEnable LinkedIn conversion tracking and website retargeting. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, you can disable interest-based ads from providers who are part of the “YourAdChoices” self-regulation initiative (http://optout.aboutads.info/?c=2#!/) or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=en_GB.
- Bing Ads Conversion Tracking
Our website also uses the “Bing Ads Conversion Tracking” feature from Microsoft Corporation ("Microsoft") to measure the reach of ads. This is to determine how successful our individual advertising activities are on Bing and Yahoo. Our intention here is to develop and display advertising that is of interest to you and make our website more attractive. For this purpose, Microsoft’s UET tag (Universal Event Tracking tag) is integrated into our website. This JavaScript code enables Microsoft to use cookies to collect pseudonymous data about your visit and the use of our website (e.g. about the browser session and the website displayed) and to provide us with aggregated, non-personal statistics on this basis (e.g. how many visitors have reached a particular target page). This allows us to trace the actions that have taken place after an ad has been viewed or clicked on on Bing or Yahoo.
- Bing Ads remarketing
Our online offering also uses the “Bing Ads remarketing” feature. After visiting our website, this feature allows us to show you our ads when you continue to use the internet. Our intention here is to show you ads that are of interest to you. This is done by means of a cookie stored in your browser (see above for more information), which is used to record and evaluate your usage behaviour. No personal information is transmitted to us about individual website visitors, and we can only specifically deploy ads to website custom audiences if the custom audience has reached a critical size. This makes it impossible for us to determine the individual identities of visitors.
There are various ways in which you can disable this tracking. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent Microsoft from recording your data on this website by clicking here: DisableEnable Bing Ads Conversion Tracking and Remarketing. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, you can disable interest-based ads from providers who are part of the “YourAdChoices” self-regulation initiative (http://optout.aboutads.info/?c=2#!/) or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies. It is also possible to disable interest-based ads at https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft’s privacy policy: https://privacy.microsoft.com/en-us/privacystatement. Microsoft has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
Our website also uses the “Twitter Ads conversion tracking” feature from Twitter, Inc. (“Twitter”) to measure the reach of ads. This is to determine how successful our individual tweets and advertising activities are on Twitter. Our intention here is to develop and display advertising that is of interest to you and make our website more attractive. For this purpose, a conversion tag is integrated into our website. This JavaScript code enables Twitter to use cookies to collect pseudonymous data about your visit and the use of our website (e.g. about the browser session and the website displayed) and to provide us with aggregated, non-personal statistics on this basis (e.g. how many visitors have reached a particular target page). This allows us to trace the actions that have taken place after a tweet or an ad has been viewed or clicked on.
There are various ways in which you can disable this tracking. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent Twitter from recording your data on this website by clicking here: DisableEnable Twitter Ads Conversion Tracking. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, you can disable interest-based ads from providers who are part of the “YourAdChoices” self-regulation initiative (http://optout.aboutads.info/?c=2#!/) or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
Twitter’s privacy policy: https://twitter.com/en/privacy. Twitter has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
In addition, we use a plug-in of the international affiliate network Webgains, which is provided by ad pepper media GmbH (“Webgains”). This enables us to measure the success of our ads on partner sites brokered for us by Webgains. In this way we want to show you advertising that is of interest to you, make our website more attractive to you and achieve a fair calculation of advertising costs. For this purpose, a tracking code is integrated into our site. This code enables Webgains to collect pseudonymous data about your visit and the use of our online offer via cookies and make aggregated, non-personal statistics available to us on this basis, in particular about how many visitors of a certain partner site have ordered something from us after clicking on our advertisement.
There are various ways in which you can disable this tracking. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent Webgains from recording your data on this website by clicking here: DisableEnable Webgains tracking. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, you can disable interest-based ads from providers who are part of the “YourAdChoices” self-regulation initiative (http://optout.aboutads.info/?c=2#!/) or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
Information from the third-party provider: ad pepper media GmbH, FrankenStraße 150C, FrankenCampus, 90461 Nuremberg, Germany. Webgains privacy policy: http://www.webgains.com/public/en/privacy/.
Our website also uses the feature “Nextperf Retargeting” from Nextperf. After visiting our website, this feature allows us to show you our ads when you continue to use the internet. Our intention here is to show you ads that are of interest to you. This is done by means of a cookie stored in your browser by Nextperf, which is used to pseudonymously record and evaluate your usage behaviour (e.g. which products were clicked on). No personal information is transmitted to us about individual website visitors. This makes it impossible for us to determine the individual identities of visitors.
There are various ways in which you can disable this tracking. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent Nextperf from recording your data on this website by clicking here: DisableEnable Nextperf retargeting. This will place an opt-out cookie which prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again using the above button. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, you can disable interest-based ads from providers who are part of the “YourAdChoices” self-regulation initiative (http://optout.aboutads.info/?c=2#!/) or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies. It is also possible to disable interest-based ads from Nextperf on other sites at http://www.nextperf.com/privacy/.
The legal bases for the processing are Art. 6(1) Sentences 1(a) and (f) GDPR.
Third-party provider information: Nextperf, 25 rue de Choiseul, 75002 Paris, France. Nextperf’s privacy policy: http://www.nextperf.com/privacy/.
We use the ‘TikTok Pixel’ tool from the providers TikTok Information Technologies Limited, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, One London Wall, 6th Floor, London, EC2Y 5EB, United Kingdom. They are jointly responsible for users in the EEA (jointly referred to as ‘TikTok’).
The TikTok Pixel is a JavaScript code snippet that collects what is known as ‘event data’ on visitors to our website(s) who have reached our website(s) via ads shown by TikTok. The TikTok Pixel collects and reports to TikTok:
We may use the data collected via the TikTok Pixel to measure the reach of our ads on TikTok. This allows us to track users’ actions after they have viewed or clicked on a TikTok ad from us. We can use this approach to measure the reach and effectiveness of an ad and find out whether you are actually interested in the advertising. For us, the data used is not personally identifiable.
We may also use the TikTok Pixel for the remarketing function ‘TikTok Custom Audiences’. This allows us to show interest-based ads (‘TikTok ads’) to users who have visited our website(s) after clicking on one of our TikTok ads as part of their visit to the social network TikTok or other websites that also use the process.
Due to the marketing tools used, your browser automatically establishes a direct connection to the TikTok server. We have no further influence on the further processing of the data by TikTok and therefore we inform you that, to the best of our knowledge, as a result of the integration of the TikTok Pixel, TikTok receives the information that you have visited our website(s) or clicked on one of our ads. If you are registered with a TikTok service, TikTok can associate the visit with your account. Even if you are not registered with TikTok or have not logged in, it is possible that TikTok will obtain and store your IP address and other identifying information.
The legal basis for the processing of data when using the functions specified above is your consent in accordance with Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time in the footer of our website(s) via the ‘Data settings’ link (without affecting the lawfulness of the processing carried out until the withdrawal).
Third-party provider information: Further information on data processing at TikTok and information on exercising your rights towards TikTok can be found in TikTok's Privacy Policy:https://www.tiktok.com/legal/page/eea/privacy-policy/en.
Our website uses tracking from the affiliate network of AWIN AG (“AWIN”). In doing so we wish to establish which Spreadshirt customers (Item 2.2) and/or new Spreadshirt Shop Owners (Item 2.3) have been referred to us by members of the AWIN network. It also allows us to optimise referral.
For this purpose, a cookie (see Item 2.1 b) is placed on your computer if you arrive on our website via a link with AWIN tracking function. This allows AWIN to assign your purchases as a customer or registration as a new Partner or Shop Owner of ours to an AWIN member, who will then receive remuneration.
The following (personal) data is collected: Ads viewed, browser type, ads clicked, device information, operating system version, referrer URL, time the ad was clicked, time the ad was viewed, touchpoint to the ad, usage data, user agent, business transaction, order information, leads, information on the newsletter, referrer success.
The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time in the footer of our website(s) via the “Data settings” link (without affecting the lawfulness of the processing carried out until the withdrawal).
Third-party provider information: AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany. AWIN Privacy Policy: https://www.awin.com/gb/privacy
We use a retargeting technology from Criteo SA 32 Rue Blanche, 75009 Paris, France (“Criteo”). This makes it possible to target advertising at Internet users who are already interested in our website(s) and the products contained therein within Criteo’s advertising network. The display of ads is based on cookie or Javascript technology and analysis of previous usage behaviour.
The following (personal) data is collected: Browser information, click path, date and time of visit, device information, files viewed, location information, IP address, mobile advertising IDs, number of page views, products viewed, search terms, technical IDs, usage data, number of ads shown, referrer URL, product category page visit, wish list, baskets, orders, product information (product IDs, name, price), hashed email, Criteo Click ID
Retention periods are set by Criteo, storage period: 1 year.
The legal basis for the processing of data when using the functions specified above is Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time in the footer of our website(s) via the “Data settings” link (without affecting the lawfulness of the processing carried out until the withdrawal).
Third-party provider information: Further information on data processing at Criteo and information on exercising your rights towards Criteo can be found in Criteo's Privacy Policy: https://www.criteo.com/de/privacy/.
On our website, we use the tool “Snap Pixel” provided by Snap, Inc. (“Snap”). Snap operates the social network “Snapchat”.
The Snap Pixel is a JavaScript code snippet that collects what is known as “event data” on visitors to our website(s) who have reached our website(s) via ads shown by Snap.
The following (personal) data is collected: Conversions, ads clicked, IP address, usage data, referrer URL, user agent, pixel ID, website visit, basket, orders, product information (product ID, name, price), hashed email address, click ID.
- Snap conversion tracking
We may use the data collected via the Snap Pixel to measure the reach of our ads on Snapchat. This allows us to track users’ actions after they have viewed or clicked on a Snap ad from us. We can use this approach to measure the reach and effectiveness of an ad and find out whether you are actually interested in the advertising. For us, the data used is not personally identifiable.
- Snap remarketing
We can also use the Snap Pixel for remarketing purposes. This allows us to show interest-based ads to users who have visited our website(s) after clicking on one of our Snap ads as part of their visit to the social network Snapchat or other websites that also use the process.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Snap server. We have no further influence on the further processing of the data by Snap and therefore we inform you that, to the best of our knowledge, as a result of the integration of the Snap Pixel, Snap receives the information that you have visited our website(s) or clicked on one of our ads. If you are registered with a Snap service, Snap can associate the visit with your account. Even if you are not registered with Snap or have not logged in, it is possible that Snap will obtain and store your IP address and other identifying information.
The legal basis for the processing of data when using the functions specified above is Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time in the footer of our website(s) via the “Data settings” link (without affecting the lawfulness of the processing carried out until the withdrawal).
Third-party provider information: Further information on data processing at Snap and information on exercising your rights towards Snap can be found in Snap's Privacy Policy: https://values.snap.com/privacy/privacy-policy
Our Partners can also use Meta Pixels (for more information see point 2.7b) in their Spreadshops. These enable them to show you relevant advertising on Facebook and Instagram after you visit their Shop, to measure advertisement reach, and to tailor products accordingly.
The legal basis for the processing of data when using the functions specified above is your consent in accordance with Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time (without affecting the lawfulness of the processing carried out until the withdrawal).by clicking on ‘Tracking’ in the footer of the relevant Spreadshop, then clicking the ‘Reset tracking’ button in the pop-up window that opens. Choosing this option will only withdraw from data processing in the relevant Spreadshop, per browser and per device.
Shop Partners can choose whether to integrate Meta Pixels into their Spreadshop, as well as the purpose and means of processing personal data. The names and contact details of Shop owners can be found online in their respective store imprints.
Our partners can also use the ‘TikTok Pixel’ tool (see Section 2.7 i for a detailed explanation) in their Spreadshirt shops themselves, as a rule in order to be able to show you advertising on TikTok that is of interest to you after your visit to their shop, or in order to measure the reach of ads and in turn make their products more attractive.
The legal basis for the processing of data when using the functions specified above is your consent in accordance with Art. 6(1) Sentence 1(a) GDPR. You may withdraw your consent at any time (without affecting the lawfulness of the processing carried out until the withdrawal).by clicking on ‘Tracking’ in the footer of the relevant Shop, then clicking the ‘Reset tracking’ button in the pop-up window that opens. Choosing this option will only revoke data processing in the relevant Spreadshirt shop, per browser and per device.
Shop Partners can choose whether to integrate Meta Pixels into their Spreadshop, as well as the purpose and means of processing personal data. The names and contact details of Shop owners can be found online in their respective store imprints.
If you are a partner of ours, we will provide you with a mobile app (hereinafter referred to as "SpreadApp") in addition to our online service that you can use to get an overview of your partner statistics (credits, sales and bestsellers) at any time.
a) Processing of personal data when using our SpreadApp
- Log-in
In order to connect your mobile device to your Spreadshirt user account via the SpreadApp, it is either necessary for you to use your smartphone camera to scan the QR code displayed or to enter your Spreadshirt user name or e-mail address and password in the input screen provided. The legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. b GDPR.
- App permissions and notifications
If you allow this on your mobile device, SpreadApp has the authorization to access your camera. This enables you to connect your mobile device to your user account by scanning a QR code. If you allow this on your mobile device, you will also receive notifications from SpreadApp (e.g. about new sales). You can manage these types of access at any time on your mobile device in the system settings. SpreadApp can also be used without the functions. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. a GDPR.
- Display of information from the Spreadshirt user account
The SpreadApp reads out and displays the following information from your user account: Your username, the user account number, your credit balance, an overview of your sales and your bestselling products and designs. This is necessary for the implementation of the amended contract that exists with you as our partner. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
- Log files
When using the SpreadApp, we also process personal data mentioned below. These are technically necessary for us to enable you to use the functions of the app comfortably and to guarantee stability and security (legal bases are Art. 6 Para. 1 S. 1 lit. b and f GDPR):
b) Processing of data for app analysis
In addition to processing the aforementioned data, a technology comparable to cookies is used for your use of SpreadApp. By the use of JavaScript code, counting impulses are transmitted to counting servers of the service providers listed below. This information enables us to analyse how you use our SpreadApp. You can prevent this usage information from being collected by deactivating the "I'm in" button when you install the SpreadApp or by deactivating the "App analysis" button in the "Settings" section of your SpreadApp later on.
- Google Analytics
The SpreadApp uses Google Analytics, an analysis service of Google Ireland Ltd. ("Google"). The information generated by the JavaScript code about your usage is usually transmitted to a Google server in the USA and stored there for 26 months. Due to the activation of IP anonymisation in the SpreadApp, your IP address will be shortened beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On our behalf, Google will use this information to evaluate how you use the SpreadApp in order to compile reports on app activity and to provide us with other services relating to the app use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data from Google. SpreadApp uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are shortened for further processing, so that it is not possible to identify individuals. If the data collected about you is related to your person, it is excluded immediately, and the personal data is deleted immediately. We use Google Analytics to analyse and improve the use of SpreadApp on a regular basis. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google LLC has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: + 353 (1) 436 1001. See also the terms of use (https://marketingplatform.google.com/about/analytics/terms/us/) and privacy policy overview (https://support.google.com/analytics/answer/6004245?hl=en) for Google Analytics and Google's privacy policy: https://policies.google.com/privacy?hl=en.
- Adobe Analytics
Our SpreadApp also uses the Adobe Analytics analysis service to analyse and regularly improve the use of SpreadApp. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases where personal information is transferred to the USA, Adobe has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). The legal basis for the use of Adobe Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR. Our website uses Adobe Analytics with the settings “Before Geo-Lookup: Replace visitor’s last IP octet with 0” and “Obfuscate IP-Removed”, which removes the last octet from your IP address and replaces it with a generic IP address, i.e. one that can no longer be assigned. Any personal connection can therefore be ruled out. The usage information is stored for 25 months.
Third-party information: Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; privacy@adobe.com; Adobe’s privacy policy: https://www.adobe.com/privacy/policy.html.
- Sentry
SpreadApp also uses the "Sentry" service of the provider Functional Software, Inc. The service detects and documents errors and performance problems that may occur during your use of SpreadApp. We use the service to improve the technical stability of SpreadApp by monitoring system stability and detecting code errors. The data (e.g. information about the device or time of error) is collected anonymously, is not used for personal purposes and stored for 90 days. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR.
Third-party information: Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. Functional Software, Inc. has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). For more information about this third party's privacy practices, please refer to Functional Software, Inc.'s Privacy Statement: https://sentry.io/privacy/.
If you participate in a survey offered by Spreadshirt, we use the information you provide for the purpose of market research and further development of our offers. Within the scope of the survey, we will inform you separately about the data to be provided by you and the scope of use by us.
We may also use our service provider Momentive Europe UC ("SurveyMonkey") for the technical implementation of the surveys. In this process, data may also be transferred to the USA (see point 3).
The legal basis for the processing of your personal data is Germany’s DS-GVO, art. 6 para. 1 p. 1 lit. a. You may withdraw your consent at any time (without affecting the lawfulness of the processing carried out until the withdrawal). You can declare your revocation by sending an e-mail to privacy@spreadshirt.net or by sending a message to the contact data mentioned in point 1.
Third-party provider information: Momentive Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Irland. Privacy policy of SurveyMonkey: https://www.surveymonkey.co.uk/mp/legal/privacy/
With regard to the personal data concerning you, you have the following rights vis-à-vis us – and vis-à-vis our partners, insofar as they are controllers within the meaning of the GDPR (see Sections 2.5 c, 2.6 c and 2.7 h):
You can exercise these rights vis-à-vis us by contacting us using the contact details mentioned in point 1.
You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us – or by our partners (see above). The data protection supervisory authority responsible for Spreadshirt is:
Saxon Data Protection Commissioner, Devrientstraße 5, 01067 Dresden.
If you have given your consent to the processing of your data (within the meaning of Art. 6(1) Sentence 1(a) or Art. 9(2)(a) GDPR), you can revoke this consent with future effect at any time. This does not affect the lawfulness of processing carried out on the basis of the consent before you revoke your consent.
If we base the processing of your personal data on the balancing of interests (Art. 6(1) Sentence 1(f) GDPR), you are entitled to object to the processing. This is the case if the processing is not necessary in particular for the performance of a contract with you, which was described by us in each case with the description of the individual functions. When exercising such a right of objection, we ask that you explain the reasons why we should not process your personal data as carried out by us. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.
However, you can of course object to the processing of your personal data for advertising or web analytics purposes at any time without giving reasons.
As described in the relevant sections, we sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
The personal data processed by us is generally erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored for a longer period if this has been provided for by the European or national legislator in EU regulations, laws or other rules to which we as the controller are subject. The data will also be blocked or erased once a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Further processing operations may be required for contests and other promotional campaigns. In such cases we will inform you in the context of the respective promotional campaign.
Thank you for reading this privacy policy in its entirety!