Data protection

Thank you for your interest in our website. The protection of your personal data is very important to us. In accordance with Article 13 of the General Data Protection Regulation (GDPR), we would like to inform you below which personal data we process on this website, for what purposes and on what legal basis we do so.

1. Responsible for data protection

CBR Service GmbH, Imkerstraße 4, 30916 Isernhagen, phone: +49 (5136/9711-0), e-mail: info@cbr.de, is responsible for the data collection and processing described below.

2. Scope of data processing

We collect, store and use your personal data only for the purposes of processing your inquiries, the service you have requested, on the basis of legal permissions and within the scope of any consent you may have given separately. If we require your consent, you will find this highlighted below. You can revoke your consent at any time for the future. The consequences of this are described below in the respective declaration of consent.

2.1 Data processing during your visit to the website

It is not necessary for you to provide us with personal data simply to visit our website. We only store and use access data without personal reference (browser type and version used, operating system, shortened IP address and date and time of the visit). This data is evaluated to improve our offer and for IT security reasons and does not allow any conclusions to be drawn about your person. We use cookies, small text files that your browser stores on your computer or smartphone. A cookie itself does not contain or collect any personal information about you or your internet usage.

We use the following cookie when you visit the site: NEXT_LOCALE: This cookie is necessary for language selection. The use of the cookie serves to safeguard our legitimate interest in the best possible functionality of the website within the meaning of Art. 6 para. 1 lit.f GDPR.

2.2 Data processing for general inquiries and requests for information material

If you request information material or make individual inquiries about our company, we collect, store and use your personal data only to the extent necessary to process the inquiry, on the basis of legal permission or on the basis of your express consent to the further use of your data. To answer general inquiries, we need your name and e-mail address. You can provide further information, but this is not mandatory. The legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will only be processed to answer your request and will be deleted if there are no statutory retention periods (e.g. from commercial and tax law), or the data is required for the fulfillment of an existing contract between you and us or there is no longer a legitimate interest in the processing.

2.3 Data processing when registering in the press portal

In the press portal of our website, we offer you the opportunity to register to receive press material. If you register, we store and use the data required for this on the basis of Art. 6 para. 1 lit. a GDPR. You have given us the following consent by registering for our press portal: "Yes, I would like to regularly receive current image material and product information from the CECIL and Street One brands by email. I can revoke this consent at any time with effect for the future." and/or "Yes, I would like to receive press information from the CBR Fashion Group. I can revoke this consent at any time with effect for the future". You can withdraw your consent at any time without this affecting the lawfulness of previous data processing. If consent is withdrawn, we will cease the corresponding data processing and you will no longer receive press releases. You can send your revocation e.g. by e-mail to info@cbr.de or via the unsubscribe link that you will find in every e-mail with press information.

2.4 Data processing when registering in the Applicant portal

We offer you the opportunity to apply to us and the companies affiliated with CBR Service GmbH via our applicant portal. In such case this privacy policy and the specific privacy policy for the Applicant portal, which you can find in the Applicant portal, apply.

2.5 Data processing when registering in the Investor Relations portal

Under the link “Investor Relations” we provide information for capital market participants. Access to information in the section "Publications" is restricted to "investors" within the meaning of "qualified institutional buyers" as defined in Rule 144A of the U.S. Securities Act of 1933 or to "qualified investors" as defined in EU Regulation 2003/71/EC). Access requires contacting the IR team by e-mail. The IR team uses the e-mail address and publicly available information to check the plausibility of the investor status of the user of the e-mail. If the investor status appears plausible, the e-mail address will be approved for registration. The transmitted e-mail address is stored until the user informs us that they no longer wish to access the portal. The legal basis for the processing is our legitimate interest in avoiding violations of capital market law (Article 6(1)(f) GDPR).

We use the following necessary cookies for the registration process: _Secure-next-auth.session-token: This cookie is necessary to recognize which website visitor is logged in. _Secure-next-auth.callback-url: This cookie is necessary for the assignment of a log-in. -Host-next-auth.csr-token: This cookie is required to prevent so-called cross-site request forgery attacks.

The cookies we use serve to safeguard our legitimate interest in the best possible functionality of the website within the meaning of Art. 6 para. 1 lit.f GDPR. When you first log in, after entering your e-mail address and a password of your choice, you will be asked to confirm a disclaimer regarding the qualification of the publications via a checkbox. A further checkbox is used to request confirmation that the site visitor is an investor. After ticking the checkboxes and clicking the "Submit" button, the confirmations are saved in the site visitor's local storage. This processing is necessary to ensure the website visitor's desired access to the information without repeated requests for confirmations. The legal basis for the processing is our legitimate interest in avoiding repeated confirmation requests when visiting our website multiple times (Article 6(1)(f) GDPR). The cookies we use serve to safeguard our legitimate interest in the best possible functionality of the website within the meaning of Art. 6 para. 1 lit.f GDPR.

3. Transfer of personal data

We transfer your data to third parties who support us in the operation of the website and the associated processes. The transfer takes place exclusively within the framework of strictly instruction-bound order processing in accordance with Art. 28 GDPR.

These companies may only use your data to process the respective order and not for their own purposes.

We use the Microsoft Azure Cloud to host our website. Data processing takes place exclusively within the EEA. We have an order processing contract with Microsoft. In addition, we use IT service providers for the provision of the website.

4. Your rights as a user

When processing your personal data, the GDPR grants you certain rights as a website user:

Right to information (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data. You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of any examination. Right to data portability (Art. 20 GDPR): In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right to object (Art. 21 GDPR):

If data is collected based on Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.

Right to lodge a complaint with a supervisory authority:

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you infringes data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

5. Contact details of the company data protection officer

You have the right to contact our data protection officer at any time, who is obliged to maintain confidentiality regarding your request. The contact details of our data protection officer are Dr. Uwe Schläger Datenschutz Nord GmbH, Konsul-Smidt-Straße 88 28217 Bremen, e-mail: office@datenschutz-nord.de