​​

1. Data we collect

​

1.1. Device and usage data

As soon as you access our website, certain information about your device is collected automatically. This includes for example:

• Browser type and version

• IP address

• Time zone

• Installed cookies

While you navigate our site, we also store:

• Which subpages or products you view

• Which website or search engine referred you to our site

• How you interact with the site (clicks, time spent, etc.)

We refer to this automatically collected information as “Device Information”.

To collect this data, we use, among other things, the following technologies:

• “Cookies” – small text files that are stored on your device and can contain, for example, an anonymous identifier. You can find more information and opt-out options at: http://www.allaboutcookies.org

• Server / log files – these store, for example, IP address, date and time of access, accessed pages, amount of data transferred and the requesting provider.

• Web beacons, tags and pixels – small graphic files or code snippets that allow us to track how you move around our site.

Unless otherwise stated in this policy, you are not obliged to provide us with personal data. Not providing data generally has no negative consequences – unless a particular section explicitly states that the data is required, for example to perform a contract.

“Personal data” means any information relating to an identified or identifiable natural person.

 

2. Server log files

You can generally visit our website without actively providing personal information.

However, each time you access our pages, your browser automatically transmits usage data to us or to our hosting / IT service provider. This data is stored in server log files. This includes for example:

• Accessed page / URL

• Date and time of access

• IP address

• Amount of data transferred

• Name of the requesting provider

Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring a secure, stable technical operation of the website and in improving our online offering.

In the course of processing, your data may also be transferred to Canada. An adequacy decision by the EU Commission exists for Canada.

​

3. Contact

​

3.1. Controller

The controller responsible for data processing in connection with this website is:

Fitting Heroes
(You can find additional contact details in the imprint on our website.)

3.2. Contact by e-mail

If you contact us by e-mail, we process the data you provide (e.g. name, e-mail address, content of your message) solely for the purpose of processing and responding to your enquiry.

If the contact is made in order to carry out pre-contractual measures or in connection with an existing contract, processing is based on Art. 6(1)(b) GDPR.

In all other cases, processing is based on Art. 6(1)(f) GDPR (legitimate interest in properly handling enquiries).

If we process your data on the basis of Art. 6(1)(f) GDPR, you have the right to object to processing at any time on grounds relating to your particular situation.

We use your e-mail address only as long as necessary to handle your enquiry. Your data is then deleted in compliance with statutory retention periods, unless you have consented to further use.

3.3. Contact form

If you use our contact form, we collect the information you provide there (e.g. name, e-mail address, message text) only to the extent you specify.

The purposes and legal bases correspond to those for contact by e-mail (see above).

​

4. Orders in our shop

 

4.1. Processing for contract performance

When you place an order with Fitting Heroes, we process your personal data only to the extent necessary for:

• Handling your order

• Delivering the goods

• Processing payment

• Answering questions and follow-up enquiries

Providing your data is necessary for contract performance. Without this information, a purchase contract cannot be concluded. The legal basis is Art. 6(1)(b) GDPR.

 

4.2. Disclosure to service providers

To process your order, we share your data to the required extent, for example with:

• Shipping providers and, where applicable, dropshipping partners

• Payment service providers

• IT and order processing service providers

Disclosure is limited to the minimum necessary for each task and is carried out in strict compliance with legal requirements.

In this context, data may also be transferred to Canada; an adequacy decision by the EU Commission exists for this.

​

5. Newsletter / THE FITTING HERALD

 

5.1. Use of your e-mail address

We use your e-mail address, separate from contract processing, to send you our Fitting Heroes newsletter / The Fitting Herold if you have expressly consented to this.

The newsletter may include for example:

• Information about new products and designs

• Exclusive offers and promotions

• Background stories and humorous content from the world of Fitting Heroes

The legal basis is Art. 6(1)(a) GDPR.

You can withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by contacting us. The lawfulness of processing carried out before the withdrawal remains unaffected. After unsubscribing, your e-mail address will be removed from the mailing list, unless other legal grounds (e.g. statutory retention obligations) require further storage.

 

5.2. E-mail marketing service provider

We use an external service provider to send our newsletter. In this context, your data is transmitted to this provider only to the extent necessary. No further transfer to third parties takes place.

 

6. Payment service providers

 

6.1. PayPal / PayPal Express

For payments via PayPal and PayPal Express, we use services provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

All PayPal transactions are subject exclusively to PayPal’s privacy policy, available at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

To integrate PayPal Express on the website, PayPal may collect, store and evaluate data such as IP address, device type, operating system, browser type and, where applicable, location information when you access the page. Cookies may be used for this.

Processing of your personal data in connection with the integration of PayPal is based on Art. 6(1)(f) GDPR (legitimate interest in offering you convenient, widely-used payment methods). You may object to this processing at any time on grounds relating to your particular situation.

For the actual payment processing (your selected payment method), the necessary data is additionally transmitted to PayPal on the basis of Art. 6(1)(b) GDPR. For further details, please refer to PayPal’s full privacy policy.

​

6.2. Klarna

If you choose to pay with Klarna, we transmit personal data such as contact and order details to Klarna for processing. This serves to:

• Check whether you can use the payment methods offered by Klarna

• Offer and adapt Klarna’s payment options appropriately

General information about Klarna can be found here:
https://www.klarna.com/de/

Processing is carried out in accordance with Klarna’s applicable privacy rules, available at:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

The legal basis is Art. 6(1)(b) GDPR (contract performance) and, in some verification processes, your consent under Art. 6(1)(a) GDPR.

 

7. Cookies

Our website uses cookies – small text files stored on your device. These allow us, among other things, to:

• Recognise your browser on a subsequent visit

• Provide certain functions (e.g. shopping cart)

• Make our offering more user-friendly, efficient and secure

In your browser you can:

• Be informed when cookies are set

• Allow cookies only in individual cases

• Exclude the acceptance of cookies in certain cases or in general

• Delete cookies that have already been stored

Please note: If you completely deactivate cookies, some functions of our website may no longer be available.

Information on managing cookies in common browsers:

• Chrome: https://support.google.com/accounts/answer/61416?hl=de

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

• Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

We use technically necessary cookies to provide basic functions (e.g. shopping cart, login). The legal basis is § 15(3) sentence 1 TMG and Art. 6(1)(f) GDPR (legitimate interest in a functional website). You may object to this processing at any time on grounds relating to your particular situation.

 

8. Analytics and advertising tools

 

8.1. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (for users in the EEA: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Google Analytics helps us to:

• Analyse how our website is used

• Create reports on website activity

• Optimise our site technically and in terms of content

• Analyse marketing measures

The following data may be processed, among others:

• IP address (anonymised)

• Date and time of page views

• Visited pages and click paths

• Browser and device type

• Referrer URL

• Approximate location data

• Purchase activities

Google Analytics uses cookies, local storage in the browser and pixel tags. The information collected is usually transferred to a Google server in the USA and stored there. IP anonymisation is activated – your IP address is therefore shortened within the EU / EEA. Only in exceptional cases is the full IP address transmitted to the USA and shortened there.

There is no adequacy decision for the USA; data transfer is based, among other things, on Standard Contractual Clauses (SCC).

Legal basis: § 15(3) sentence 1 TMG and Art. 6(1)(f) GDPR (legitimate interest in a needs-based, targeted web presence). You may object at any time on grounds relating to your particular situation.

You can prevent data collection by Google Analytics, for example, by installing the browser plugin available at:
https://tools.google.com/dlpage/gaoptout?hl=de

Further information:
https://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/
https://policies.google.com/technologies/cookies?hl=de

 

8.2. Facebook Pixel (Meta)

We use the Facebook Pixel of Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta Platforms) on our website.

Purpose:

• To later show visitors to our website interest-based advertising on Facebook/Instagram (“Custom Audiences”)

• To see, for example, whether users complete certain actions (such as purchases) after clicking on an ad

For this, a connection to Facebook’s servers is established when you visit our website and information including which page you visited is transmitted. If you are logged in to Facebook, Facebook can associate this with your account.

Data may be transferred to the USA (SCC as safeguards).
Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in interest-based advertising). You may object at any time on grounds relating to your particular situation.

More information:
https://www.facebook.com/about/privacy/

 

8.3. TikTok Pixel

When using the TikTok Pixel (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland), we process data in order to:

• Analyse user behaviour

• Measure the effectiveness of our TikTok campaigns

• Deliver targeted advertising on TikTok

Data processed includes, for example, clicks, visited pages, and order events.

Legal basis: Your consent under Art. 6(1)(a) GDPR.
This may also involve a transfer to a third country outside the EU (Art. 49(1)(a) GDPR).

Privacy information:
https://www.tiktok.com/legal/privacy-policy-eea?lang=de

8.4. Google Ads Conversion Tracking

We use Google Ads including conversion tracking to see how many users perform a particular action (e.g. purchase) after clicking on our ads.

When you click on a Google ad, a cookie is stored on your device for a limited time which does not contain direct personal data. Google and we can recognise from this that you clicked on an ad and reached a specific page.

Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in assessing the success of advertising). You can object, for example, by deactivating personalised advertising in your Google account or via the Network Advertising Initiative opt-out page:
https://www.networkadvertising.org/choices/

 

8.5. Google Remarketing / “Similar Audiences”

We also use Google’s remarketing function to show users who have visited our website relevant ads later while they browse within the Google Display Network.

Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in interest-based advertising). You can permanently disable Google’s cookies (browser plugin) or manage preferences via the NAI opt-out page.

 

8.6. Pinterest Tag

We use the Pinterest Tag (Pinterest Europe Limited, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) to target users who have visited our website or performed actions (e.g. purchase) with relevant ads on Pinterest.

When a user clicks on a pin and then visits our website, a cookie can be set to create conversion statistics (e.g. how many users placed an order via Pinterest).

Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in showing interest-based ads). You can deactivate personalised advertising in your Pinterest settings or via AdChoices (optout.aboutads.info).

 

9. Other tools & plug-ins

 

9.1. WhatsApp

We offer you the option of contacting us via WhatsApp.
For this we use a solution provided by Charles GmbH, Gartenstr. 86–87, 10115 Berlin, with whom we have concluded a data processing agreement. Charles stores personal data in the EU and uses the WhatsApp Business API. This means that no additional third parties within our responsibility have access to the content of your communication.

Use of WhatsApp is based on WhatsApp’s terms of use and privacy notices. We process your phone number, display name and messages to communicate with you and handle your enquiry.

Legal basis: Your consent under Art. 6(1)(a) GDPR (contact; possibly newsletter via WhatsApp) and Art. 6(1)(b) GDPR where communication relates to pre-contractual or contractual matters.

You can withdraw your consent at any time with effect for the future. You also have the GDPR rights (access, rectification, erasure, restriction, data portability, objection, right to complain).

 

9.2. Google Maps

We integrate Google Maps to show maps and locations. The provider is Google (see above). When you access a page with an embedded map, data (e.g. IP address, browser information) is transmitted to Google.

Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in user-friendly design and easy location of places). You may object at any time on grounds relating to your particular situation.

 

9.3. YouTube

Videos on our website may be embedded via YouTube (Google Ireland Limited). We use the extended data protection mode, so no data is transmitted to YouTube until you actively play a video. Once you do, information (e.g. IP address, accessed page) is transmitted to YouTube.

Legal basis: § 15(3) sentence 1 TMG, Art. 6(1)(f) GDPR (legitimate interest in an attractive, multimedia presentation). You may object at any time on grounds relating to your particular situation.

 

9.4. Google Fonts

Our website uses Google Fonts to display fonts consistently. When fonts are loaded, a connection to Google’s servers is established and data such as IP address and browser information is processed.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent, aesthetic appearance).

 

10. Storage period and your rights

 

10.1. Duration of storage

We store personal data only as long as necessary for the respective purpose:

• Contract data: until full completion and subsequently for the duration of statutory warranty, tax and commercial retention periods

• Contact data from enquiries: until final processing and, where applicable, in accordance with legal obligations

• Newsletter data: until you withdraw your consent

Afterwards, data is deleted unless another legal basis permits further processing.

 

10.2. Your rights as a data subject

If the legal requirements are fulfilled, you are entitled to the following rights under Articles 15 to 20 GDPR:

• Right of access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

You also have the right to object at any time, on grounds relating to your particular situation, to processing carried out on the basis of Art. 6(1)(f) GDPR under Art. 21(1) GDPR. This applies in particular to processing for direct marketing purposes.

 

10.3. Right to lodge a complaint

If you believe that the processing of your personal data infringes data protection law, you have the right to lodge a complaint with a data protection supervisory authority under Art. 77 GDPR.

 

11. Shop categories & information (Fitting Heroes)

​

To help you navigate our website, we use, among others, the following areas (labels may vary slightly depending on language / layout):

 

Categories

• Unisex T-Shirts

• Sweatshirts

• Premium Hoodies

• Embroidered Items

• Caps

• Cups / Mugs

• Stickers & Sticker Sets

Info & Service

• Search

• WhatsApp Channel

• Subscribe to The Fitting Herold

• Read the Blog

• Shipping Times

• Size Charts

• Quality Promise

• Reviews

Legal

• Terms & Conditions

• Imprint

• Privacy Policy

• Shipping Policy

• Returns / Exchanges

About Fitting Heroes

• About Us

• Contact

• Newsletter / The Fitting Herold

Sign up for our Heroletter and regularly receive updates with the latest heroic designs, promotions and exclusive offers!
The best deals and news come via e-mail – just enter your address and secure a discount code for your next order.