In ECCO we respect your privacy and therefore all companies within ECCO (“ECCO Affiliates”) are committed to protect information that identifies or is capable of identifying an individual (“personal data”), which it collects, uses and/or has access to.
How personal data is collected, used and shared depends on which ECCO Affiliates you interact with, and how.
This website, enter.ecco.com, is provided and controlled by ECCO Sko A/S with its registered address at Industrivej 5, 6261 Bredebro, Denmark (hereinafter referred to as “we”, “us” and “our”).
Your comments and feedback are always welcome.
1. OUR CONTACT DETAILS
1.1. Identity of the Controller(s) and how to contact the Controller
ECCO Sko A/S
If you have any questions or need to get in contact with us we urge you to contact us through our Customer Care representatives either by;
Letter: ECCO Sko A/S, Industrivej 5, 6261 Bredebro, Denmark attn: Customer Service
1.2. Contact details for ECCO’s Group Privacy Officer
Our appointed Group Privacy Officer can be contacted either by:
Letter: ECCO Holding A/S, Legal Department, Industrivej 5, 6261 Bredebro, Denmark attn.: Group Privacy Officer
When you interact with us we will collect personal data about you, and use it for various purposes, such as operating this website, enabling you to make use of our various services and getting in contact with us etc.
If you are asked to provide information, then it is optional for you to disclose such information. The information might, however, be needed for statutory, contractual or practical reasons. We will always clearly indicate whether the information is mandatory. If you refrain from disclosing information which we deem as mandatory, as a consequence it may be that we will not be able to provide you with the services you have requested.
How we collect and use your personal data depends on how you interact with us, and which services you make use of.
We, like all other ECCO Affiliates, strongly believe in the protection of the personal data in our custody and control, and thus we have implemented what we believe are appropriate technical and organisational security measures to protect this personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Below you can read more about how we collect and process your personal data in different situations, including the general categories of personal data being processed; the source of the personal data that we do not directly obtain from you; the purposes for which personal data is being processed; and the legal basis for the processing.
2.1. Cookie Information
This website uses 1st and 3rd party cookies to optimize your user experience, and for statistical and marketing purposes. Read more about the cookies and how you can administer and reject these in our Cookie Declaration.
2.2. When signed up for newsletters.
You have the opportunity to sign up to receive information by e-mail and text messages (SMS) about ECCO and ECCO’s products (shoes, bags and related accessories), job positions, services, contests and promotions from us and other ECCO Affiliates (“Newsletters”).
We will only send you newsletters and other marketing material, if you have specifically consented to receive newsletters from us.
If you sign up to receive Newsletters either through one of our websites or in another manner, then you will be asked to provide certain basic information about yourself. The mandatory personal data includes your first and last name and e-mail address (“Newsletter Registration Data”), which will be used for the purpose of your registration, checking the validity of the e-mail and providing you with relevant Newsletters. We cannot sign you up for Newsletters, unless you provide us with the mandatory information.
We may also give you the opportunity to provide us with other supplementary data other than the data, which we clearly have indicated as mandatory such as gender, shoe size and phone number. It is your own choice whether you provide such supplementary data to us. If you provide us with the supplementary data, it will help us improve our services and offerings to you.
The Legal basis for sending you Newsletters is GDPR art. 6(1) a) namely the consent you have granted, when signing up to receive Newsletters.
You can always withdraw from a consent to receive Newsletters and unsubscribe from an e-mail or SMS list by following the instructions in any e-mail, SMS or other communication you receive from us. Please also refer to SECTION 5 (YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE).
2.3. When contacting us through Customer Care etc.
When you contact us either through one of our Customer Care representatives, or e-mail us with a comment or questions we will retain and use such information in order to respond to your request. You may be asked for further information that identifies you, such as your name, e-mail address, telephone number and country for the purpose of being able to answer your questions etc. We might also request other information, which might be needed to reply to your request. It is always optional for you what information you chose to provide us with. However, please note that in case we do not have sufficient information to process your request, then it might have as a consequence, that we will not be able to accommodate your request. The Legal basis for this processing is GDPR art. 6(1) f) our legitimate interests namely in providing customer services, understanding customer behaviour and interests and establishing, exercising and/or defending legal claims.
We might also request other information including health data, biometric data or special categories of data, if you have made a claim against us, and the information is needed for establishing, exercising or defending the claim. The legal basis for this is GDPR art. 9(1) f) namely that the processing is necessary for establishing, exercising or defending legal claims.
2.4. When participating in competitions and surveys etc.
Occasionally we may give you the opportunity to participate in competitions, surveys etc. If you choose to participate, then we will be asking you to provide us with certain data. Such data depends on the specific competition or survey etc., but might include your name, e-mail, age, gender, family information, shoe size, other demographic information or information about your interests and purchasing preferences. We use this information for running competitions or surveys etc., but we also use it for general market research purposes and to tailor or improve our websites and service offerings. The Legal basis for this is GDPR art. 6(1) a) namely the consent you have granted, when choosing to participate in the competition or survey etc.
3. HOW WE SHARE YOUR PERSONAL DATA WITH OTHERS
In order to make our services available to you, provide you with requested services and support and in general to operate our business, we will have to disclose and transfer your personal data to third parties, such as IT suppliers, marketing agencies, and other relevant service providers.
Please be ensured that we will not sell or rent your personal data to third parties for them to be able to use your personal data for their own direct marketing purposes, unless we have your consent to do so.
When using data processors to process your personal data on our behalf we require, that they only process your personal data in accordance with our instructions. We also require that the data processors signs relevant contracts providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the data processing will meet the requirements of the applicable data protection regulation and ensures an appropriate protection of your rights.
Below you can read more about how we share your personal data.
3.1. Categories of Recipients
The main categories of potential recipients of your personal data are:
A. Service Providers
We may share your personal data with our trusted third party service providers, who, on our behalf, operate, maintain, and/or support our IT systems and IT infrastructure, our websites, perform statistical analysis, provide customer support and perform other important services for us.
B. Other ECCO Affiliates
We may disclose your personal data to ECCO Holding A/S with its registered address at Industrivej 5, 6261 Bredebro, Denmark and other companies, which are owned or controlled by ECCO Holding A/S in order for them to provide us with relevant services.
C. Legal Successors
A transfer of your personal data to another legal entity may occur as part of a transfer of our business or parts thereof in form of a reorganization, sale of assets, consolidation, merger or similar.
D. Other disclosures
In addition to where you have consented to a disclosure of the personal data or where disclosure is necessary to achieve the purpose(s) for which, it was collected, personal data may also be disclosed in special situations, where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities, or otherwise where necessary for the establishment, exercise or defence of legal claims.
3.2. Transfer of data to third countries
The use of service providers and disclosure of your personal data to other ECCO Affiliates and other recipients might imply a transfer of your personal data to countries, which might not have data protection regulation as protective as in your jurisdiction and might not be considered ensuring an adequate level of protection of personal data by the EU Commission or a national data protection authority (so called “unsafe Third Countries”). Such countries include, but is not limited to, the United States, Canada, China, Vietnam, Singapore, Thailand, Malaysia, Japan, South Korea, Indonesia, Australia and New Zealand.
We require that all recipients of your personal data provide appropriate safeguards to protect your personal data, when it is transferred to “unsafe Third Countries”, through the adherence to standard data protection clauses adopted by the EU Commission cf. the GDPR article 46(2). To obtain more information about the standard data protection clauses we use please click here. If the recipient is certified under the US Privacy Shield this is also considered as providing appropriate safeguards to protect your personal data cf. the EU General Data Protection Regulation article 46(2). Please click here to obtain more information about the US Privacy Shield.
If you have any questions, please contact our Customer Care representatives in accordance with SECTION 1 (OUR CONTACT DETAILS).
4. HOW WE RETAIN AND DELETE YOUR DATA
Your personal data will be held by us and kept in a form, which permits identification of you for no longer than is necessary for the purposes for which the personal data is collected and legitimately processed. This implies that we will keep and process your personal data as long as we are providing services to you and also keep it afterwards for as long as would be needed for the settlement of any potential disputes that may be raised afterwards or as long as the law otherwise provides for. Thereafter, we will either delete your personal data or anonymise it so that it no longer can be used to identify you.We will delete any information, which according to our reasonable assessment seems to be inaccurate or out of date by reason of the time elapsed since it was collected or by reason of any other information in our possession.
If you provide us with a written request, we will also erase or anonymize your personal data without undue delay, unless we have a valid legal ground to continue to keep your personal data. Please also refer to SECTION 5 (YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE).
5. YOUR RIGHTS AND HOW TO WITHDRAW CONSENTS AND UNSUBSCRIBE
You have certain rights according to the applicable data protection regulation. Some of the rights are rather complex and include exemptions, accordingly you are recommended to read relevant laws and guidance from the regulatory authorities for full explanation of these rights. Immediately below you can find a summary of your rights.
5.1. The right to access
You have a right to obtain the confirmation as to whether or not your personal data are being processed by us. In addition, you have a right to obtain more detailed information about the personal data kept and the processing undertaken by us and under certain circumstances the right to receive a copy of this personal data.
5.2. The right to rectification
You have the right to have inaccurate personal data about you rectified, and, taking into account the purpose of the processing, to have incomplete personal data completed.
5.3. The right to erasure
In some cases, you have the right to erasure of your personal data without undue delay. Those circumstances include; i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; ii) you withdraw consent to consent-based processing; iii) the processing is for direct marketing purposes and iv) the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary; i) for the exercising the right of freedom of expression and information; ii) for compliance with legal obligation; or iii) for the establishment, exercise or defence of legal claims.
5.4. The right to restriction of processing
In some cases, you have the right to restrict the processing of your personal data. Where processing has been restricted, we may continue to store your personal data. However, we will only otherwise process it i) with your consent; ii) for the establishment, exercise or defence of legal claims; iii) for the protection of the rights of another natural or legal person; or iv) for reasons of important public interest.
5.5. The right to data portability
To the extent the legal basis for the processing is your consent, and such processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
5.6. The right to object
You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for i) the performance of a task carried out in the public interest or in the exercise of any official authority vested in ECCO; or ii) the purpose of legitimate interests pursued by us or a third party. In such case we will cease processing the personal data, unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
You also have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
5.7. The right to withdraw consent
To the extent that the legal basis for the processing is your consent, you have the right to withdraw from that consent at any time.
In case you withdraw from a consent given, then we will cease to process your personal data, unless and to the extent the continued processing is permitted or required according to the applicable personal data regulation or other applicable laws and regulations. The withdrawal from your consent will in no event effect the lawfulness of processing based on consent before its withdrawal.
If you refrain from providing required consents, or later on withdraw from the consents, it might have as a consequence that you may not be able to benefit from some of the service offerings provided by us.
5.8. The right to complaint to data protection supervisory authority
You may always lodge a complaint with your local data protection supervisory authority. The data protection supervisory authority in Denmark is
the Danish Data Protection Agency,
1300 Copenhagen K,
We do our best to ensure that we protect your personal data, keep you informed about how we process your personal data and comply with the applicable data protection regulation. In case you are not satisfied with the processing and protection of your personal data or the information you have received from us, then we urge you to inform us in order for us to improve. Please also do not hesitate to contact us, if you want to make use of your rights.
Please contact us through the points of contact listed in SECTION 1 (OUR CONTACT DETAILS). Please also provide us with relevant information to take care of your request, including your full name and email address so that we can identify you. We will respond to your request without undue delay.
6. LINKS TO OTHER WEBSITES
We may provide links to third party websites. These linked websites are not under our control, and we therefore cannot accept responsibility or liability for the conduct of third parties linked to our websites. Before disclosing your personal data on any other website, we advise you to examine the terms and conditions of using that website and its privacy policies.