Privacy Notice

1. Scope, controller, data protection officer, definitions
1.1 The present Privacy Notice informs about how and what kinds of personal data of the user (in the following “you”) are processed by us, Virtual Retail GmbH, when you visit our websites.
1.2    Controller

Virtual Retail GmbH
Martinshardt 19
57074 Siegen

Phone: +49 271 23871-2400

is the controller pursuant to Article 4 no. 7 EU General Data Protection Regulation (GDPR) for the processing of personal data on our websites according to this Data Protection Regulation.

You can also directly contact our Data Protection Officer:

Virtual Retail GmbH
Data Protection Officer
Martinshardt 19
57074 Siegen


1.3    Personal data means any data relating to you personally such as name, address, email addresses, the information about your use of our websites, apps or shop plug-ins (see under section 2).

Processing means any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

2.    Processing of personal data when visiting our websites, apps, shop plug-ins or contact by email; purpose and legal basis
2.1    Informatory use of our websites

If the websites are used for information only, i.e. if you do not register or transmit information in any way, we only collect the personal data your browser transmits to our server. If you want to look at our websites, we collect the following data:

  • IP address,
  • date and time of the request,
  • time zone difference to Greenwich Mean Time (GMT),
  • content of the request (specific site),
  • access status/HTTP status code,
  • transferred amount of data,
  • website from which the request is sent,
  • browser,
  • operating system and its user interface,
  • language and version of the browser software and
  • your approximate location data which we derive from the above-mentioned data.

Purpose and basis

The purpose of the processing of this data is to show you our websites and to ensure stability and protection. The basis is Article 6 paragraph 1 sentence 1 lit. f GDPR. According to this the processing of personal data for the purposes of our legitimate interests is lawful except where this is overridden by the interests or fundamental rights and freedoms of the data subject.

2.2    Contact by email or use of the contact form on our websites

If you contact us by email or use a contact form, we process

  • your advised request,
  • the company you work for,
  • your sex (salutation),
  • your first and last names,
  • your business contact data (email address, address and telephone number, the indication of your customer number is optional).

The purpose of the processing of this data is to answer your questions. We will delete the data collected in this context when storage is no longer necessary or restrict the processing if there is a legal obligation to retain data. The basis for the processing is Article 6 paragraph 1 sentence 1 lit. f GDPR except where there are legal obligations to retain data. In this case the basis for storage is Article 6 paragraph 1 sentence 1 lit. c GDPR; according to this the processing is lawful for compliance with a legal obligation.

Furthermore, you have the possibility to receive regular information from us (newsletter, see below section 2.6 lit. c) irrespective of filling in the contact form and the reply to your request.

2.3    Cookies

a)    In addition to the previously mentioned data cookies are stored on your PC when you use our websites. Cookies are small text files which are stored on your hard disk assigned to the browser you use and by means of which the person setting the cookie (here: we) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. Their purpose is to make the websites more user-friendly and effective. The basis is your explicit consent you give when you start visiting our website and which can be revoked at any time pursuant to Article 6 paragraph 1 sentence 1 lit. a GDPR or Article 6 paragraph 1 sentence 1 lit. f GDPR.

b)    These websites use the following types of cookies the scope and function of which are explained below:

transient cookies (see aa)

persistent cookies (see bb).

aa)    Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. They store a session ID by means of which several requests from your browser can be assigned to one and the same session. This allows your computer to be recognized when you return to our websites. The session cookies are deleted when you log out or close the browser.

bb)    Persistent cookies are automatically deleted after a time defined by us. This time may vary according to the cookies. You can delete the cookies in the security settings of your browser at any time. With this deletion you also withdraw your consent to process the respective cookie.

c)    You can configure your browser settings according to your wishes and for example reject the acceptance of third-party cookies or all cookies. Please note, that in such a case you may not be able to use all functions of our websites.

d) In our shop ware-plug-in we use a cookie that enhances the overall user experience of the online size recommendation, identifies returning users and makes it easier to use. It can identify returning users so that they don’t have to re-enter the information when using the application again. In some cases, the cookie allows the immediate display of size recommendations on the product detail pages of our partner shops without using the application again.

2.4    Google Analytics

These websites use Google Analytics, a web analytics service provided by Google LLC (“Google”).  Google Analytics uses “cookies”, text files stored on your computer making it possible to analyse the way you use the websites. As a rule, the information about your use of these websites generated by means of cookies is transmitted to a Google server in the USA and stored there. 

If IP anonymisation is activated on these websites, your IP address is shortened beforehand by Google in countries in the European Union or other contracting states of the Agreement on the European Economic Area.  Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been expanded to include the code “anonymizelp” in order to ensure that the IP address is anonymised.

On behalf of the website owner, Google will use this information to evaluate your use of the websites, create reports about website activities and provide further services related to website and internet use to the website owner. The IP address transferred by your browser in the context of Google Analytics will not be combined with other Google data.

The basis for data processing is your consent in accordance with Article 6 Paragraph 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our cookie consent tool.

Google processes some of your personal data in the USA. There is currently no adequacy decision by the EU Commission for data transmission. The appropriate level of data protection is therefore guaranteed by using the EU standard contractual clauses.

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you can if applicable not use all functions of this website in full.

2.5 Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means: No cookies are used and no personal data is recorded. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

2.6 DoubleClick

This website uses DoubleClick. The use of the Google service DoubleClick allows us to present the user with relevant advertisements. Cookies are used that enable the user’s browser to be identified. In this way, it can be traced which ads were displayed to the user and which of them he called up.

2.7 Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google AdWords, we use so-called conversion tracking. If you click on an ad placed by Google, a cookie will be set for conversion tracking. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through AdWords advertisers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can object to this use by simply deactivating the Google conversion tracking cookie in your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

“Conversion cookies” are stored on the basis of Article 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

You can find more information about Google AdWords and Google Conversion Tracking in Google’s data protection regulations:

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

2.8 Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in connection with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing to the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalized advertising messages can be placed on every device on which you log in with your Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link:

The summary of the recorded data in your Google account is based solely on your consent, which you can give or revoke with Google (Article 6 (1) (a) GDPR). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merger), the collection of data is based on Article 6 (1) lit. f GDPR. The legitimate interest results from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.

Further information and the data protection regulations can be found in Google’s data protection declaration at:

2.9 Facebook Website Custom Audiences

On our website we use the “Custom Audiences” pixel from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. So-called tracking pixels are integrated on our website. When you visit our pages, a direct connection is established between your browser and the Facebook server via the tracking pixel. Facebook receives information from your browser, among other things, that our site has been accessed by your device. If you are a Facebook user, Facebook can use this to associate your visit to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Facebook. We can only choose which segments of Facebook users (such as age, interests) our advertising should be displayed. We use one of two Custom Audiences working methods in which no data records, in particular no e-mail addresses of our users – neither encrypted nor unencrypted – are transmitted to Facebook. You can find more information on this in Facebook’s privacy policy at

If you wish to object to the use of the Facebook Custom Audiences website, you can do so at

Conversion measurement with the conversion pixel from Facebook

We use the “conversion pixel” or visitor action pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By calling up this pixel from your browser, Facebook can then recognize whether a Facebook ad was successful, e.g. led to an online purchase. We only receive statistical data from Facebook without reference to a specific person. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. In particular, if you are logged in to Facebook, we also refer to their data protection information

Please go to if you wish to revoke your consent to Conversion Pixel.

2.10 AdobeTarget

We use the Target software from Adobe. The software enables us to carry out so-called A/B tests or multivariate tests on the website. For this purpose, the software controls a modified version of the website compared to the original version (e.g. with different design and content). By comparing the two variants, it can then be determined which presentation our website visitors prefer. You can find more information about the functions of Adobe Target here:

At Adobe Target, personal data, such as the complete IP address, is never stored and processed by our website. Only such information is processed that does not allow any conclusions to be drawn about individual persons. The user behavior is represented by quantitative methods. Adobe uses “session cookies” and “permanent cookies” on the one hand. The former are only cached for the duration of your use of our website. “Permanent cookies” are used to record information about visitors who repeatedly access our website.

You can access the data protection information for Adobe Target here:

Opt Out:

2.11 LinkedIn Insight Tag

We use the LinkedIn Insight Tag from the provider LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland. This enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. This data is encrypted, the IP addresses are shortened and the direct LinkedIn IDs of the members, if they have a LinkedIn user account, are removed within seven days in order to pseudonymise the data. This remaining pseudonymised data will then be deleted within 90 days. From this pseudonymised data we receive summarized reports about the website target group and the ad performance of our placed advertisements.

In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can also use this data to deliver targeted advertising to you outside of our website. You can find more information on data protection at LinkedIn in the LinkedIn data protection information:

The legal basis for this is your consent within the meaning of Article 6 Paragraph 1 lit. a GDPR. To disable (“opt-out”) the Insight tag on our website, click here: .”

2.12 Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: Hotjar is a tool for analyzing your user behavior on our website. With Hotjar we can e.g. Record your mouse and scroll movements and clicks. Hotjar can also determine how long you stayed on a certain spot with the mouse pointer. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are viewed by website visitors.

We can also determine how long you stayed on a page and when you left it. We can also determine at which point you canceled your entries in a contact form (so-called conversion funnels).

In addition, direct feedback from website visitors can be obtained with Hotjar. This function serves to improve the web offers of the website operator.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. In particular, these cookies can be used to determine whether our website was visited with a specific end device or whether the Hotjar functions were deactivated for the browser in question. Hotjar cookies remain on your device until you delete them.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Hotjar is used and Hotjar cookies are stored on the basis of Article 6 Paragraph 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

Disable Hotjar

If you want to deactivate data collection by Hotjar, click on the following link and follow the instructions there:

Please note that Hotjar must be deactivated separately for each browser or device. For more information about Hotjar and the data collected, see Hotjar’s privacy policy at the following link:

Contract for order processing

We have concluded an order processing contract with Hotjar in order to implement the strict European data protection regulations.

2.12 Use of Exactag

2.12.1 Data for marketing and optimization purposes is collected and stored on this website using technologies from exactag GmbH ( User profiles can be created from this data under a pseudonym.

2.12.2 Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor’s Internet browser. Cookies enable recognition of the Internet browser.

2.12.3 In addition to cookies, we reserve the right to process your website visitor data using a technique called fingerprinting. Fingerprint technology stores your Internet browser’s environment variables in a database without recording unique user-related data such as an IP address.

2.12.4 The data collected with Exactag technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separate consent of the person concerned.

2.12.5 Opportunities to Object Opt-Out Cookie

You can object to the collection and storage of data by cookies (see 2.12.2 above) at any time with effect for the future by setting an opt-out cookie in your browser. This cookie is called “exactag_new_ccoptout” and is set by “”. It may not be deleted as long as the storage of the data is objected to. If you would like to object to the storage of your anonymously recorded visitor data for the future, please click on this LINK to install the opt-out cookie. Browser add-on

If you wish to object to data processing by fingerprint technology, you can install an extension for your browser (browser add-on) that blocks fingerprinting.

2.12.6 We use the technologies of Exactag GmbH to analyze and regularly improve the use of our websites. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The collected data is stored permanently and analyzed pseudonymously. The legal basis for the use of these technologies is Article 6 Paragraph 1 Clause 1 lit. f GDPR.

2.12.7 Information on the third-party provider: Exactag GmbH, Wanheimer Straße 68

40468 Düsseldorf,

2.13 Akamai Content Delivery Network

We use the Content Delivery Network (CDN) from Akamai Technologies GmbH, Parkring 20, 85748 Garching Germany (Akamai) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 Para. 1 lit. f GDPR). A CDN is a network of [worldwide] distributed servers that is able to deliver optimized content to the website user. For this purpose, the following personal data may be processed in Akmai server log files: your IP address, URLs of pages visited, date and time of access, location based on your IP address and the location of the Akamai server,

Telemetry data (e.g. mouse clicks, movements and associated browser data)

Akamai is the recipient of your personal data and works for us as a processor. This corresponds to our legitimate interest within the meaning of Article 6 Paragraph 1 Clause 1 Letter f GDPR in not operating a content delivery network ourselves.

You have the right to object to the processing. Whether the objection is successful must be determined within the framework of a weighing of interests.

The processing of the data specified under this section is not required by law or contract. The functionality of the website is not guaranteed without processing.

Your personal data will be stored by Akamai for as long as is necessary for the purposes described.

You can find further information on objection and removal options with regard to Akamai at:

Akamai has implemented compliance measures for international data transfers. These apply to all global activities where Akamai processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, see:

2.14 Salesforce

Salesforce Salescloud. Data that you make available to us via our website (e.g. in forms for purchase, newsletter registration) is currently stored in the Salesforce Sales Cloud ( Germany GmbH, Erika-Mann-Str. 31, 80636 Munich). Servers in the EU and/or UK and used to send order confirmations and shipping information. Salesforce undertakes to comply with an appropriate level of data protection with binding internal data protection regulations in accordance with Art. 46 Para. 2 b) and Art. 47 DS-GVO (so-called binding corporate rules), even when processing data outside the European Union.

Salesforce Marketing Cloud. We use the Salesforce Marketing Cloud to send our newsletter, for automated mailings (e.g. welcome mailing) and for advertising campaigns in social networks. For this purpose, the data of the newsletter subscriber is transferred from the Salescloud to the Marketing Cloud. In this context, we use strict authorization concepts and encryption. Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the United States. With binding internal data protection regulations in accordance with Art. 46 Para. 2 b) and Art. 47 GDPR (so-called binding corporate rules), Salesforce undertakes to maintain an appropriate level of data protection even when processing data outside the European Union. With the help of so-called web beacons and pixels, we receive information about the click behavior of users via the Marketing Cloud. Interaction data is stored directly on the user in the Marketing Cloud so that we can send you targeted advertising, for example via social networks. If you do not want this, you have the option of displaying personalized advertising in your account settings on the social networks. You can also use a different email address for the newsletter or your customer account than that for your social media accounts.

Further information on data processing by Salesforce can be found here:

Salesforce data protection declaration:

Documents on Salesforce’s compliance with the GDPR, in particular when transferring data to third countries such as the USA (in English): Data-Transfer-Mechanisms-FAQ.pdf

3.0 Integration of YouTube videos and videos via Movingimage

a) We have integrated YouTube videos into our online offer, which are stored on and can be played directly from our website.

b) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2.1 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our websites. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

c) Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield,

We have included videos in our online offer that have been saved by Movingimage EVP GmbH, Stralauer Allee 7, 10245 Berlin on and can be played directly from our website. Data such as browser, browser version and country are collected.

The privacy policy of our video partner Movingimage can be found on the following website:

4. Registration, newsletter, apps, shop plug-ins

a) If you would like to use certain service areas of our website, for example downloading data, the following personal data must be registered:

Information on whether you or the company you work for is or is already a VR customer,

gender (for salutation),

First name Last Name,

company you work for,

Your business contact details (e-mail address, address and telephone number; providing the customer number is optional).

You must assign a sufficiently secure password for this data.

b) We use the so-called double opt-in procedure for registration. This means that after you have entered your registration data, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm your registration details. If you do not confirm your registration, your information will be blocked and deleted after the statutory storage periods have expired (at least until the expiry of the limitation period for any claims). In addition, we store the IP addresses you use and the times at which you entered your registration data and the confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 Paragraph 1 Sentence 1 lit. f GDPR.

c) Newsletter

On our website you have the option of registering to receive our newsletter with up-to-date information about our company and our range of services.

Your consent to receiving the newsletter is always voluntary. You can revoke your consent at any time. You can use all other functions of our website regardless of your consent to the newsletter, including the functions within the scope of registration or the contact form.

After you register for the newsletter, we carry out the so-called “double opt-in procedure”, as described above under letter b). If you signed up for the newsletter when you registered, you also confirm your consent to receiving the newsletter by using the double opt-in procedure.

To receive the newsletter, we only process your name, your gender (for salutation) and your e-mail address so that we can send you the newsletter and address you personally. The legal basis for this processing of your personal data is Article 6 Paragraph 1 Clause 1 Letter a) GDPR. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by email to or by sending a message to the contact details given in the imprint.

d) Apps/shop plug-ins

You have the option of using shop plug-ins via our cooperation partners or installing our app solutions (“sizeez”). In doing so, we use your personal data (photographs) that you have provided to determine clothing sizes and fittings. After a logical second (duration of the conversion), this personal data is automatically deleted and can no longer be reconstructed. The key to retrieving the calculation result (clothing size) lies solely with you and is not accessible to Virtual Retail Subject to your separately declared consent, we only process the data to determine clothing size and fittings; such a calculation cannot be made without consent.

4.1 Web Store

a) If you would like to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data requested there, which we need to process your order. Mandatory information required for the processing of the contracts is marked separately, further information is voluntary. We process the data you provide to process your order. The legal basis for this is Article 6 (1) sentence 1 lit. b GDPR. If you are not our customer yourself, but the company you work for, we process your business contact data on the legal basis of Article 6 Paragraph 1 Clause 1 Letter f GDPR for the purpose of communicating with our customer of the Treaty to enable and facilitate.

b) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, once the statute of limitations has expired, we will restrict the processing, i.e. your data will only be used to comply with legal obligations.

4.2 Chat Services

We offer chat services and technical chats at various points on our websites. For this we process your e-mail address, the company you work for, your question and your IP address. The purpose of the processing is to process and answer your chat requests for direct communication and thus to offer fast customer service. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Your data will only be stored for as long as is necessary to process your request.

We use the LiveChat chat service for this purpose. The provider is LiveChat Software S.A., ul. Zwycieska 47, 53-033 Wroclaw, Poland. For more information on how to handle user data, see LiveChat Software S.A.’s GDPR Implementation Statement. at and in the privacy policy at

4.3 Applicant Data

a) We process the following data from persons who apply for an employment relationship with us using the application form on our website or otherwise:

First name, last name, e-mail address, address, telephone number (if provided) and the application data sent to us.

b) Subject to a separately declared consent, we only process the data in order to carry out the application process on which the respective application is based; Without consent, the data will not be stored after the end of the application process and the relevant storage periods.

5. Social Media

We operate websites used for business purposes on various social media portals. These portals provide us with statistical evaluations based on the data collection of the social media portals. In this way, we partly help determine the purposes of data collection, so that we are also to be regarded as responsible in addition to the social media operators.

We use these pages to provide information about our company and our products. Interacting with you as a prospective customer gives us direct insights into how we and our products are perceived on the market and thereby helps us to improve ourselves and our products. In addition, these portals provide quick and easy contact options so that you, as an interested party, can send us your questions directly and we can answer them immediately.

The processing of this data takes place in our overriding legitimate interest in accordance with Article 6 Paragraph 1 lit. f GDPR.

Data processing via the platforms of the social media operators takes place within the framework of the general terms and conditions agreed between you and the platform operators, as well as their data protection regulations. We only have limited influence on the data processing of the platform operators. If you do not wish to use the social media channels, you can of course also reach us and our information via our own website.

If you would like more information about the data processing of the social media portals, you can find it under the following links:







6. Transmission and disclosure of your data to third parties

In principle, we do not transmit your data to third parties without your consent.

In some cases, we use the support of third-party companies for electronic data processing. These are reliable service providers that we have carefully selected to process your data on our behalf. The legal basis for this is Art. 28 GDPR. Of course, our service providers are obliged to handle the data carefully, only according to our instructions and in accordance with the applicable data protection regulations, in particular not to use the data for their own purposes or to pass it on to third parties.

In addition, there may be individual cases in which we are legally obliged to pass on your data by official order if and to the extent that this is necessary for the purposes of criminal prosecution or to avert danger by the police or other authorities. In these cases, the legal basis for the transfer is Article 6 Parargraph 1 lit. c GDPR.

Finally, there may be cases in which your data is passed on to companies that are legally affiliated with Virtual Retail GmbH (subsidiaries or sister companies) for one of the purposes stated in Section 2 due to the division of labor within the ifm group of companies.

The purpose of the transfer is to fulfill the tasks that arise in the pursuit of corporate goals within a group of companies in a structured manner within our group of companies and in accordance with our division of labor; The legal basis for this is Art. 6 Paragraph 1 Sentence 1 lit. f GDPR.

Insofar as personal data is processed outside of the states of the European Economic Area (“EEA”), we protect your personal data by passing them on and processing them within our group of companies exclusively in accordance with the standard data protection clauses that the EU Commission sets out in Art. 46 Paragraph 2 lit. c GDPR has specified. The standard data protection clauses are available at

7. Your Rights
7.1 You have the following rights towards us with regard to your personal data:
  • the right to information as to whether and which of your personal data is processed by us,
  • Right to rectification or erasure of your data,
  • right to restriction of processing,
  • Right to object to the processing if the legal basis for the processing is Art. 6 Paragraph (1) Sentence 1 lit. f) GDPR and
  • Right to data portability.
7.2 You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
8. Changes to this Privacy Policy

We reserve the right to change this data protection declaration at any time with effect for the future. A current version is available on our website. Please visit our website regularly and find out about the applicable data protection regulations.

9. Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at:

Status: 08/11/2023