Privacy & Data Protection

Dear zooplus customers, dear visitors to the zooplus website, protecting your personal data is very important to us. The following information explains which data we collect and process in connection with your use of our website.

Overview

1. Who is responsible for data protection on this website?

zooplus SE (hereafter: zooplus), Sonnenstrasse 15, D-80331 Munich, Germany is responsible for the processing of personal data on this website. Further information can be found here.

You can get in touch with our Data Protection Officer, Dr Philipp Herrmann, through our Privacy Portal:

- I have a zooplus customer account

- I do not have a zooplus customer account

2. Which data is processed on our website?

When you visit the zooplus website your web browser sends various data to our servers. This serves only to optimise the technology, configuration and stability of our website as well as the system security. We gather log file data, including IP addresses.

3. Do we use cookies on the website?

Yes, various cookies are used on our website. Detailed information on how they work, how you can delete these cookies or how you can prevent them from being stored can be found in the data protection information and in the Preference Centre.

4. Do we use web analytics tools on our website?

Yes, we work with various providers to design and optimise our website and our offers in line with our requirements. Detailed information about these service providers, how the analysis tools work and how you can switch off these tools can be found in the Preference Centre.

5. Is there user-targeted advertising?

Yes, we work with service providers who can display user and interest-related advertising for us or our advertising partners, with the help of cookies and advertising IDs. Detailed information about these service providers, how the advertising tools work and how you can switch them off can also be found in the Preference Centre.

6. Do we pass your data on to third parties?

No. We do not pass on your data to unauthorised third parties. Furthermore, we guarantee to have the necessary contractual agreements with all external providers.

7. Who do I contact if I have a query?

If you have any questions about data protection, please contact zooplus Customer Services or our Data Protection Officer. We look forward to receiving your queries through our Privacy Portal:

- I have a zooplus customer account

- I do not have a zooplus customer account

8. How to withdraw consent or object to processing under GDPR Article 6 (1) (f)

Here is a brief overview of your options. You can find more information in our privacy policy.

a. Cookies and similar technologies – go to the Preference Centre in our app or website. We cannot manage your preferences as they are device-specific.

b. Push notifications (app only) - depending on your mobile device, you can change your settings directly in the app or in your system settings. We cannot manage your settings as they are device-specific settings.

c. Email - you can click on the unsubscribe link in an email at any time to withdraw or opt-out. If you have an account with us, you can also change your newsletter preferences in your account. If you only wish to receive emails regarding your orders and your zooplus account, you can contact us at zooplus Customer Services at any time.

d. Postal mail- if you do not wish to receive postal advertising, you can contact us at zooplus Customer Services at any time.

e. Custom Audience - To withdraw your Custom Audience consent, you can contact us at any time at zooplus Customer Services or visit our Privacy Portal.

Other - If you wish to withdraw other consent, delete your data or object to processing, you can contact us at zooplus Customer Services at any time or visit our Privacy Portal:

- I have a zooplus customer account

- I do not have a zooplus customer account

Data Protection Information

A. General information about data protection at zooplus

1. Scope and Definition

1.1 This Privacy Statement includes information referred to in the General Data Protection Regulation (GDPR) Article 13 about data processing in the context of visiting our website and using the shop accessible via this website.

1.2 Information on the type and purpose of data processing in connection with the use of our contact functions on the website (customer care), our community services, the job application platform and our social media presence can be found separately in the corresponding portal or when using the respective application.

1.3 In as much as we link to other pages, we have neither influence nor control over the linked content nor the respective data protection regulations. We recommend that you check the privacy policies on the linked web pages to determine whether and to what extent personal data is collected, processed, used and made accessible to third parties.

1.4 The full text of the General Data Protection Regulation (GDPR) along with further definitions and terms can be found here.

2. Location of Data Storage

2.1 All personal data that we collect and process via the website and our shop is stored and secured both on local servers in Germany and at Amazon Web Services EMEA SARL (AWS), a specialised cloud provider. Due to its technical and organisation measures, AWS is able to guarantee the greatest possible protection of your customer and user data against loss and unauthorised access. Should it be necessary within this context to transfer your data outside the EU/EEA, it will only be done on the basis of a valid adequacy decision or concluded standard contractual clauses.

2.2 The purpose of this data processing is the hosting of our web servers and databases as well as the data protection (backup) on the basis of corresponding order processing contracts.

3. Common Data Processing

3.1 zooplus has many branches and subsidiaries in Europe. zooplus SE, headquartered in Munich, Germany is solely responsible for data protection as well as complying and guaranteeing the technical and organisational measures necessary to protect your personal data.

3.2 In order to ensure group-wide process control and customer service, the data will also be made available to other branches and subsidiaries, whereby this will done based on the corresponding contract for order process (GDPR Article 28) and these companies are obliged to process the personal data only in accordance with the instructions and under the responsibility of zooplus. These companies do not store this data locally. 

3.3 zooplus also processes data in so-called joint responsibility with bitiba GmbH. The basis for this is a comprehensive contact in accordance with GDPR Article 26, which regulates the respective accountabilities and responsibilities of the two companies. Further details may be obtained from zooplus Customer Services or from our Data Protection Officer.

4. General IT Services

We work together with various IT service providers who maintain our IT infrastructure and continually develop it further (in terms of security). If and insofar as these service providers have access to personal data in the course of these activities, this is always done under the supervision of zooplus and it is guaranteed that no personal data is stored outside of zooplus.

Legal basis: GDPR Article 6, (1) (f).

5. Data processing in the exercise of data subject’s rights

Should you choose to exercise your data protection rights, we will process your data separately from other processing activities in order to process and fulfil your request.

For the purpose of identity verification, we need your first and last name, address, email address and your order data.

For the purpose of fulfilment: In order to process your verified request, we will need to process the data relating to you that is included in the request.

Legal basis: GDPR Article 6, (1) (c).

We will transfer the above-mentioned data to our technology service provider Onetrust Technology Limited based on a corresponding contract for commissioned processing (GDPR Article 28).

Should it be necessary within this context to transfer your data outside the EU/EEA, it will only be done on the basis of a valid adequacy decision or concluded standard contractual clauses.

Regardless of any existing customer or order data, we will store any data related to your request separately for the purpose of fulfilling your rights as the data subject, and to ensure documentation and verification obligations (GDPR Article 5 (2)). The storage period is dependent on the relevant legal requirements.

6. Transmission of data to law enforcement authorities

If we are requested by the relevant law enforcement authorities to disclose personal data, this will only be done if we are legally obliged to do so; or are directly authorised to do so; or can prove a legitimate interest that outweighs the interests or fundamental rights and freedoms of the person concerned. In this instance, you are not able to object to this processing of data.

Under no circumstances do we transmit data directly to law enforcement authorities outside Germany.

Legal basis: GDPR Article 6 (1) (c), GDPR Article 6 (1) (f)

When processing such requests, we transmit the data to the above-mentioned technology service provider Onetrust Technology Limited. For further information, please refer to Section A, point 5 above.

B. Data Processing on the zooplus website

1. Logfiles

For technical reasons, when you call up the zooplus website, zooplus gathers so-called access da-ta, which includes the IP address, and stores it in a log file. This log file also stores the name of the web page you accessed, the file accessed, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) as well as the requesting provider.

Legal basis: GDPR Article 6, (1) (f).

We do not pass this data onto third parties. The log files are automatically deleted two (2) months after collection. Prior to that the IP is anonymised and stored only for administrative / technical and security-related purposes. The collect of data is only necessary for the technical operation of the website.

2. Cookies & Pixels

In addition to the log files, so-called cookies and similar technologies (e.g. pixels) are used when you visit our website and use the services that can be accessed via it. Details on the cookies and technologies used when using our website, duration of storage and information on how you can delete the data collected can be found in the Preference Centre Please note that a general deactivation of cookies can lead to functional restrictions of our website.

We differentiate between the following types of cookies:

2.1 Necessary (technical) Cookies

Certain cookies are necessary for the functioning of the website and cannot be deactivated in your system. Please refer to the Preference Centre for more information.

Legal basis: GDPR Article 6, (1) (f).

2.2 Performance Cookies

These cookies enable us to evaluate the call ups and visits to our website shops in order to measure and improve the performance of our website. All information collected by these cookies is aggregated and therefore anonymous.

Legal basis: GDPR Article 6, (1) (a).

2.3 Functional Cookies

With these cookies we are able to provide extended functionalities and personalisation options. They can be set by us or by third parties whose services we use on our pages. You can also find further information in the Preference Centre.

Legal basis: GDPR Article 6, (1) (a).

2.4 Targeting Marketing Cookies

These cookies can be set via our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant ads on other websites. They do not store personal information directly, but are based on a unique identification of your browser and Internet device. Further information can be found in the Preference Centre.

Legal basis: GDPR Article 6, (1) (a).

3. Plugins

Plugins are used on our websites. They are normally used to interact with other services or websites (plugin providers). We use the so-called “Shariff” solution (Shariff Wrapper), with which you yourself can determine whether and when data is transmitted to the operators of the respective networks. Only when you click on the relevant consent button will your browser establish a connection to the servers of the respective network.

Please note that zooplus is only responsible for collecting the IP address using the plugin. The provider is responsible for subsequent processing including data protection and duration of data storage.

Legal basis: GDPR Article 6, (1) (a).

In addition to the IP address collected by us, the plug-in provider may use available personal data for advertising purposes (also for third parties), market research and / or the needs-based design of its own website and to inform other users of the respective network about your activities on our website. The provider also acts as the controller for data protection. We have no knowledge of the extent to which the provider uses the data obtained once you have clicked on the relevant consent button. Further information about the purpose and scope of data processing by the plugin provider and information about exercising your rights (e.g. disclosure and objection) can be found in the data protection information linked below.

Go to the following providers for more details about plugins and information about data protection:

Facebook

Instagram

Pinterest

Twitter

YouTube

LinkedIn

XING

C. Data Processing when using online shops

1. Registration and use of the "my zooplus account"

When you create a user (customer) account with your first order we collect the following data:

  • Registration data (e.g. first and last name, address, email address); login data (email address, password; customer data (invoice address, delivery address); connection data (IP address).

This data is processed in order to provide you with access to your user account (my zooplus). The login details verify your customer account so that you can check your orders, manage your data settings, including delivery, payment and newsletter preferences and view your order history. You can also access your zooPoints loyalty account.

Legal basis: GDPR Article 6, (1) (b).

This data is never passed on to unauthorised third parties. We store this data for the duration of the existence of your customer account (my zooplus), unless you request that we delete it beforehand and that there are no other legal storage obligations. The provision of the above-mentioned personal data is a contractual obligation otherwise you would not be able to use or manage your account.

2. Order Process & Delivery

We process payment, processing and delivery data in connection with an order:

  • Customer data (e.g. first and last name, email address, invoice address, delivery address, phone number, customer ID); connection data (IP address); payment data (e.g. payment information).

We process the data within the framework of an order in order to be able to record and process your order with the help of the data provided, to adapt the product selection according to your preferences and preferences and to make appropriate recommendations

Legal basis: GDPR Article 6, (1) (b).

Your data will not be passed on to unauthorised third parties. We share details of your delivery address to the logistics and shipping companies commissioned by us (see Logistics & Shipping) solely on the basis of contracts relating to order processing and only insofar as it is necessary for the contractual provision of the services. We store the data collected while executing the contract only for the duration of the contractual relationship, unless you request that we delete it beforehand, but at least until the statutory warranty claim expires. After expiry of these deadlines we retain the information of contractual relationship required by commercial and tax law for the legally determined period.

2.1 Logistics & Shipping

In order for the customer to receive information about the shipping status, zooplus sends the respective delivery company the email address and - if specified - the customer's phone number (only for freight forwarding deliveries), which you can use to find out about the delivery status of your order. zooplus respects the interest of its customers as well as its own. Delivery companies are obliged to protect your personal data and can use this data solely for shipping and dispatch purposes. You can find details about our logistics and shipping partners here.

Legal basis: GDPR Article 6, (1) (f).

2.2 Payment

Depending on your selected payment method, your payment data is transferred to the corresponding payment service provider. For credit card payments, we use a PCI-DSS certified and specialised service provider with whom we have concluded a contract for the processing of orders.

Legal basis: GDPR Article 6, (1) (b).

Details of the providers with whom we work and who act as so-called contract processors and in some cases as companies responsible for data protection can be obtained at any time by contacting zooplus Customer Services or from our Data Protection Officer. We store this data for the duration of the existence of your customer account (my zooplus), unless you request that we delete it beforehand and that there are no other legal storage obligations. The provision of the above-mentioned personal data is a contractual obligation otherwise you would not be able to use or manage your account.

Please contact the relevant provider in regard to the duration of the respective data storage.

2.3 Credit Checks

zooplus permits its customers to pay for goods by bank transfer. When the customer uses this payment method, zooplus reserves the right to check the customer's creditworthiness in advance. In order to do this, we process the following data:

  • Customer data (first and last name, email address, address, invoice address, delivery address, customer ID).
    zooplus is entitled to use the information given in the order to calculate the payment default probability (internal scoring). The data used for internal scoring is taken from a combination of the following data categories:
  • Address data (invoice address, delivery address), age, desired payment terms, ordering method and product groups.

 When the customer selects this payment method (purchase on account), zooplus is also entitled to obtain credit information about the customer from an external credit agency. For details of these providers please contact zooplus Customer Services or our Data Protection Officer.

Legal basis: GDPR Article 6, (1) (f).

2.4 Fraud Prevention

zooplus uses information about suspicious ordering processes (e.g. simultaneous ordering of large amounts of goods using different customer accounts registered at the same address), to help avoid payment defaults and to protect our customers from misuse of their accounts or their identities. The risk assessment of the likelihood of attempted fraud also takes into account whether the end device has dialled in via different service providers, whether the end device has a frequently changing geo-reference, how many transactions have been made via the end device and whether a proxy connection is used.

The following data is processed:

  • Customer data (first and last name, email address); invoice data (invoice address, delivery address, payment information), customer ID; connection data (IP address, browser information)

Legal basis: GDPR Article 6, (1) (f).

zooplus is legally obliged to secure customer authentication (3DS2) as part of the payment process, which also includes the encrypted transmission of the payment information to the banks concerned.

Legal basis: GDPR Article 6, (1) (c).

zooplus works with various credit agencies and providers within the framework of fraud prevention. Details of the providers responsible for the extent and duration of data storage can be obtained from zooplus Customer Services or from our Data Protection Officer. 

3. Sanctions List Check

Under European Union legislation, zooplus is obliged to prevent the supply of goods to persons on so-called sanctions lists (terrorist groups, organisations and individuals). For this purpose, the names and invoice addresses are compared with the sanctions lists. No data processing beyond the initial query is carried out.

Legal basis: GDPR Article 6, (1) (c).

4. zooPoints Loyalty Programme

The zooPoints programme is a loyalty programme where registered customers can earn loyalty points based on their purchases. The zooPoints programme is an integral part of the contractual relationship between the customer and zooplus. zooPoints can be redeemed in the zooPoints reward shop. We only process the following data:

  • Customer data (email address; customer number, order history)

We process this data exclusively to give you access to the zooPoints loyalty programme. The data is not linked to any other data or stored in a separate profile. After registering, the customer receives information about the zooPoints programme and is subsequently informed by email about the status and expiry of their zooPoints.

This data is not shared with unauthorised third parties. We store this data for the duration of the existence of your customer account (my zooplus). If you do not wish to receive email notifications about the status of your zooPoints please let us know via the above-mentioned contact details. 

5. Product Preferences and Favourites

We collect information in connection with the use of "my zooplus" and your orders so that we can learn about your product favourites and preferences. This is to make your shopping experience more pleasant and enjoyable. You can adjust the data processing settings yourself via "my zooplus account". We only process the following data:

  • Customer number, order history, preferred delivery service, preferred payment method

Legal basis: GDPR Article 6, (1) (f).

This data is never passed on to unauthorised third parties. We store this data for the duration of the existence of your customer account (my zooplus), unless you request that we delete it beforehand. The provision of the above-mentioned personal data is not a contractual or legal obligation.

6. Buying Behaviour and Profile Building

We want to provide you with an optimal shopping experience when using our online shop and show them personalised offers including special offers, based on previous purchases and product research. For this purpose, we internally process the customer number, product searched for or purchased, each shopping cart and the order history to analyse the buying and user behaviour. The results of this analysis have no legal consequences or negative effects for you. You have the right to object to associated profile formation at any time.

Legal basis: GDPR Article 6, (1) (f).

6.1 zooplus Savings Plan

As part of the zooplus Savings Plan, we evaluate your purchase history and product preferences in our online shop. Depending on the number and volume of your orders, you may be offered the purchase of the so-called zooplus savings plan which permits you to receive special discounts.

6.2 zooplus Product Recommendation

By evaluating data gathered from your "my zooplus account" and the purchases you make, we are able to prioritise which products are shown to you according to your preferences, favourites, and them make appropriate recommendations. This information is used only to improve our range of services to enhance the customer's shopping experience.

7. Customer Survey

We use Google Customer Review software on our websites for the purposes of customer reviews and internal quality management. We want to provide our customers with the opportunity to evaluate their purchases once they have received them. Google does not get any customer data from our database. Only order numbers, customer number and email address are transmitted.

Legal basis: GDPR Article 6, (1) (a).

8. My Pet Profile

You have the option to create a profile for your pets in your "my zooplus account". The data will be used for profiling, personalisation and advertising purposes in any channels for which zooplus has your documented consent, pursuant to GDPR Article 6 (1) (a), unless you have withdrawn your consent pursuant to GDPR Article 6 (1) (f). You can withdraw your consent to the use of your personal data at any time by changing the settings in your pet profile.

Legal basis: GDPR Article 6 (1) (a).

9. Wish List

You have the option to create a wish list with products you are interested in. We store this data and products in your customer account when you are logged in. The data is used exclusively to create your wish list so you can look at it whenever you want to.

Legal basis: GDPR Article 6 (1) (a). 

D. Customer Communication Data Processing

1. Newsletter

When you register for our email newsletter, we only process your email address. The data will only be used to send you information about zooplus products and promotions at regular intervals, depending on your selected areas of interest.

Legal basis: GDPR Article 6, (1) (a).

When you receive the newsletter, we use so-called web beacons or tracking pixels, which can help us to determine whether you have received or opened the newsletter and if you have clicked on links within the newsletter. With the data obtained, we create a user profile to tailor the newsletter to your individual interests. We may use tracking to link this data to actions you have taken on our website.

Legal basis: GDPR Article 6, (1) (a).

We do not pass on the personal data you provide when registering for the newsletter to unauthorised third parties. However, the newsletter tool is provided by an external provider, which is why we have concluded a contract for the processing of data with this provider.

Details of the providers can be obtained from zooplus Customer Services or from our Data Protection Officer. You can object to the receipt of newsletters, at any time, including the processing of your aforementioned data by contacting zooplus Customer Services. The legality of the processing based on the consent until your revocation remains unaffected. Furthermore, if you do not wish an automated evaluation and analysis of your user behaviour in connection with the newsletter, you must unsubscribe from the newsletter service. Until then, the data will be stored for as long as you have subscribed to the newsletter. After cancellation we store the data anonymously, only for statistical purposes only. The provision of personal data is not required by law or contract. However, it is not possible to send or receive the newsletter without providing the email address.

2. Facebook and Google Custom Audience

On some websites and as part of our newsletter registration, you will be given the opportunity to participate in the Custom Audience or Customer Match marketing programme. This allows us to connect with you through social media and networks, better understand your product preferences and display interest-based advertising where appropriate. However, this requires a separate consent and is not automatically done when you register for our newsletter. Your email address collected in the process is "hashed" in advance and forwarded to the following recipients as independent responsible parties. If you do not maintain a user account with these providers, your email address will be automatically deleted.

Legal basis: GDPR Article 6, (1) (a).

You can find details about data protection at

  • https://policies.google.com/privacy?hl=en
  • https://www.facebook.com/about/privacy

You can object to the data processing at any time by contacting zooplus Customer Care or visiting our Privacy Portal. The legality of the processing based on your consent until revocation remains unaffected.

3. Product Availability Reminder

You can choose to be notified by email about the availability of certain products. If you request a reminder, we will send you information when the product you want is back in stock. If the requested product is still not available after a few weeks, we will inform you and, if applicable, offer suitable product recommendations or vouchers.

Legal basis: GDPR Article 6, (1) (a).

We do not pass the data on to third parties. We automatically delete your email address from the respective product availability mailing list after 95 days.

4. Marketing (email)

In as much as it is permitted by law and provided that you have concluded a contract with zooplus and provided your email address, zooplus has the right to use your email address for direct advertising for its own similar goods or services. You can to object to the use of this email address at any time, without incurring any costs other than the basic rate transmission costs, by contacting zooplus Customer Services

5. Marketing (postal)

In as much as it is permitted by law and unless the recipient has objected to receipt, zooplus may send you postal advertising. For the purpose of printing and sending these advertising materials, we work together with service providers as contract processors. Your right to object at any time to the use of your address for advertising purposes at any time shall remain unaffected.

E. Your Rights

You have the right to request confirmation from zooplus at any time as to whether we are processing your personal data and the right to receive information about this personal data. You also have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent for data processing at any time or to request the transfer of data.

For any information needs or requests, revocations or objections to the processing of data, please contact zooplus Customer Services or send an email to our Data Protection Officer. In addition, you have the right to complain to a supervisory authority if violations of privacy should occur. You can visit our Privacy Portal anytime to exercise your Data Subject Rights:

- I have a zooplus customer account

- I do not have a zooplus customer account

F. Notes on specific rights of objection

You have the right to object at any time, for reasons arising from a specific situation, to the processing of your personal data, on the legal basis of: GDPR Article 6, (1) (e) or (f) in accordance with GDPR Article 21. We will cease processing of your personal data unless we can provide compelling protection reasons for processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If you wish to exercise your right to objection, please contact zooplus Customer Services or visit our Privacy Portal. 

Status of this Privacy & Data Protection Policy: 30.05.2022