I. Responsible body for the collection of data is:
Buffalo Boots GmbH
Data protection officer:
II. Subject of data protection
The subject of data protection is personal data. Personal data is any information relating to an identified or identifiable natural person; a natural person is considered to be identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified (Art. 4 No. 1 GDPR). This includes, for example, your name, your telephone number, your address, as well as all inventory data that you provide us with when registering and creating your customer account. Statistical data or anonymized data, which we collect, for example, when visiting our web shop and which cannot be directly related to your person, are not covered here.
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any process or series of operations related to personal data, such as collecting, capturing, organizing, organizing, storing, adapting or modifying, reading out, querying, using, with or without the aid of automated procedures; disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, erasure or destruction.
Collection, processing, use and transfer of personal data
You can visit our site without giving any personal information. We only store access data without personal reference such as the name of your Browser type /version, Referrer URL (the previously visited page, host name of the accessing computer (IP address), date and time of the server request etc. or the name of the requested file. These data are summarized in server log files on a statistical basis, stored and evaluated solely for the purpose of improving our offer and do not allow any conclusion to your person. A combination of these pseudonymous data with your personal data does not take place. We will not store any other personal information unless you log in. If the programming of our website causes your browser to load data from servers operated by third parties, we ourselves are not involved in these data transfers.
1.1 Registration with customer account
You can create a customer account on our website. If you register as a customer, we set up a password-protected direct access to your customer account. In your customer account, you can manage your stored personal data, view placed orders and active order processes. We will use the information you provided when registering in full in order to verify your eligibility for goods in accordance with our customer criteria. We will store the data, in order to be able to maintain the activation permanently and, if necessary, to carry out inspections. The operator assumes no liability for password abuse, unless this was caused by Buffalo.
1.2 Order processing
In the case that a contractual relationship shall be established between you and us or if the content of such a contractual relationship shall be developed or changed, we will collect and use your personal data (e.g. name, address, e-mail address, account or credit card data, etc.) insofar as this is necessary for the execution of the contract. We use the information provided by you without your separate consent exclusively for the fulfillment and processing of your order or your request, in particular for answering your inquiries and for processing your orders, payments, and possible warranty claims. With completion of the contract and full payment of the purchase price, your data will be blocked for further use and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to the further use of your data. By subscribing to the newsletter, your e-mail address will be used for your own advertising purposes until you unsubscribe from the newsletter. The deregistration is possible at any time. By placing my order, I agree that Buffalo may collect, process, store and use my personal data and transfer it to a third party to the extent mentioned above, insofar as this is necessary for processing the order.
If you participate in competitions on our website we store and use your personal data (name, address, e-mail address, etc.) for the prize draw and the consignment of the prize. We only inform you about further offers of Buffalo if you granted your consent. The participation in competitions is independent of this consent. By participating in a competition on this website I agree that my data is collected, stored, processed and used to the extent mentioned above and for the purpose mentioned above.
1.4 Newsletter- Data you provide when subscribing to Buffalo’s newsletter (e-mail address, title if applicable, first name, last name, address, zip code, preferred brands, interests, date of birth
We process your personal data when you subscribe to Buffalo’s newsletter. In particular, this may include the following data:
- Data that we need to prove your consent to receive Buffalo's newsletter and to process your data (IP address and timestamp of the newsletter order and of the click on the link in the confirmation e-mail, submitted consent forms, etc.)
- Data we receive when we read Buffalo's newsletter (opening the newsletter, clicking on links contained in it, data on the terminal device used, data on the location based on the IP address, accessibility of the e-mail address, making a purchase on www.buffalo-boots.com or a promotion on the website after clicking on an offer)
- Data we receive when we participate in a competition organised by us (details of the competition, answers)
- Information we receive when you register an account on our website, www.buffalo-boots.com, (title, first name, last name, email address, zip code, date of registration, date of the last log in)
- Information about your online purchases from Buffalo (goods/services, payment amount, currency, location, discount amount).
- Data we receive when redeeming vouchers or coupons and activating credit (redeemed vouchers and coupons from Buffalo, date and place of redemption)
- Information collected when you use the www.buffalo-boots.com website (pages viewed, services used, wish list, preferences)
- Data that we receive when using customer surveys (survey results)
- Data that we generate on the basis of the evaluation of the aforementioned data (customer segments, assumed product preferences)
We only process the above-mentioned data to the extent that we actually receive them. For example, when using our website features, placing an order on buffalo-boots.com or participating in one of our competitions.
Direct mail: We use your e-mail address to send you Buffalo's newsletter on products, offers, services, promotions, satisfaction surveys.
The legal basis for the described data processing is Art. 6 para. 1 (a) of the GDPR (consent).
Personalisation of the newsletter content
We want to provide you with advertising that is geared to your individual interests. To this end, we analyse your data and try to select products, services and promotions that suit you when designing the newsletter. The above-mentioned data helps us to identify typical patterns of purchasing behaviour, clearly define target groups and tailor the advertising to the respective target group. Calculated purchase probabilities help us to identify your needs better. In addition, your data enables us to display selected offers, adjust the frequency of Buffalo's newsletter to your usage habits and address you personally with your name. The legal basis for the described data processing is Art. 6 para. 1 (a) of the GDPR (consent).
If you do not object, your personal data will be stored and updated as long as you are subscribed to our newsletter. When you unsubscribe the newsletter, we will stop sending it to you and delete your data as long as we are not entitled to store it for certain purposes, including the defence against legal claims, due to legal reasons.
The legal basis for data processing is Art. 6 para. 1 (f) of the GDPR. Our legitimate interests consist of the aforementioned purposes.
We process your data automatically with the intent of evaluating certain personal aspects (profiling). For example, we analyse your data using mathematical-statistical methods to tailor advertising to your individual interests.
Within Buffalo, only people who need to know your information to perform the tasks assigned to them are granted access to your data. Outside of Buffalo, we may provide access to your information to service providers who assist us in fulfilling our functions. These are, for example, service providers that we have commissioned to operate our servers, send out newsletters, or perform data analysis. These service providers must meet specific confidentiality requirements. They are only granted access to your data to the extent and for the period necessary to perform their tasks.
Countries outside the European Union handle the protection of personal data differently from EU member states. We also use service providers located in third countries outside the European Union to process your data. There is currently no EU Commission resolution that these third countries generally offer an adequate level of protection. Therefore, we have taken special measures to ensure that your data is processed just as securely in the third countries as within the European Union. With service providers in third countries, we conclude the data protection agreement (standard data protection clauses) provided by the Commission of the European Union for the processing of personal data in third countries. This contract provides for appropriate safeguards for the protection of your data with service providers in the third country.
You can request information about your personal data processed by us.
If your information is not (no longer) correct, you can request that your data be corrected. If it is incomplete, you can request that it be completed.
You have the right to demand the deletion of your data. Note that a claim for deletion depends on the existence of a legitimate reason. Furthermore, there must not be any regulation that obliges us to keep your data.
You have the right to request that the processing of your data be restricted. Note that a right to limit processing depends on the existence of a legitimate reason.
If data is collected on the basis of Art. 6 para. 1 (f) of the GDPR, (data processing to safeguard legitimate interests), you have the right to object to the processing of your data for reasons arising from your particular situation. In the event of an objection, we will no longer process your data, unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You are entitled to issue a complaint with the competent data protection authority if you do not agree with the processing of your data.
You have the right to receive personal information that you have provided us electronically.
You have the right to revoke your consent to receive Buffalo's newsletter and to have your data processed at any time. This also applies to the revocation of any declarations of consent you may have made to us prior to the validity of the GDPR, i.e., prior to 25 May 2018. The easiest way to revoke your consent is to click on the unsubscribe link found in every e-mail. The revocation of your consent does not affect the legality of the processing of your data carried out up to the revocation.
You can opt-out of the newsletter at any time using the unsubscribe link in the footer of each newsletter. You can also unsubscribe via the newsletter settings in your customer account or by sending your request via our contact form to our customer service.
We use so-called "cookies" in order to identify you as our customer and to offer you a smooth shopping trip in this way. Cookies are small text files which are stored on your computer and which allow an analysis of your use of the website. For example, the function of the "shopping cart" and its "remember function" are controlled by cookies. The combination of this data with other data sources is not carried out by us. Most of the cookies used by us are so-called "session cookies" which are deleted when you terminate your browser session. Long-term cookies enable us, among other things, to recognize you as visitor of our website and, thus, to make this website more comfortable for you.
Most browsers are set by default to accept cookies. However, you have the possibility to set your browser in such a way that the automatic storage of cookies is avoided. You may allow or prohibit temporary and stored cookies independently of each other. The acceptance of cookies is not a prerequisite to visit our online service. If you deactivate cookies, certain features of the website of Buffalo may not be available to you and some pages may not be displayed correctly. In order to use our shopping cart and place orders, cookies must be allowed.
By using this website, I agree that Buffalo stores, collects, processes and uses my data by using so-called cookies to the extent mentioned above and for the purpose mentioned above.
1.6 Market research and statistics
Some of the data gathered during the visit of this website, so called movement data i.e. the website you have visited before and the website that you enter after your visit, number of clicks, viewed products, duration of your website visit (see sec 1. and sec. 3.) will be used for statistical analysis for the purposes of advertisement control, market research, and for the tailor-made design of our internet service. This data is stored separately from other data which you enter while using our service. Buffalo does not carry out an analysis of this data for the purpose of preparing personal usage profiles. The storage and use of this data is anonymized.
We transfer data to our statistics service providers, Google Inc., for the purpose of analysis ("tracking"). You may object to this tracking at any time (see sec 1.7 below). In this case we cannot provide personalized contents to you.
Disclosure of personal data for order processing
If you shop in our online shop, we offer you various ways to pay.
2.1 Prepayment or payment via credit card
One possibility is the prepayment in which you transfer the total amount to be paid to our business account in the specified period. For this you will receive in the order confirmation the required information about our bank details. A further possibility is to pay via credit card. However, we process the bank as well as credit card details received strictly confidential and do not pass them on to third persons or companies.
Your payment data for PayPal payments will be collected and stored directly through PayPal's servers. This data is not cached on our servers for security reasons. We do not have access to this data, we only receive a confirmation of the transaction release or error message. The payment process is performed in the background via an SSL encrypted connection. Upon completion of the payment, you will be redirected back to our servers. Of course, we treat the data that is visible to us in a PayPal transaction as strictly confidential and do not disclose it to third parties and companies.
Please note, however, that personal data may also be passed on by PayPal to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or if the personal data are to be processed in the order.
PayPal reserves the right to carry out a credit check, whereby PayPal transmits personal data to credit reporting agencies. This submission is used for identity and credit checks related to the order you have placed. The result of the credit check on the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit information can contain probability values (so-called score values). Insofar as score values are included in the results of the credit rating, they are based on a scientifically recognized mathematical-statistical procedure. In the calculation of the score values, inter alia, address data is incorporated.
2.3 Logistics Companies
We will only transfer your personal data to a third party (for example to logistics companies, payment service providers, collection agencies) or otherwise submit it to a third party insofar as this is necessary for the execution of the contract. We are in particular entitled to transfer personal data to a third party for the purpose of processing the delivery, billing, and debt collection. Furthermore, we may be required by law in individual cases to provide information concerning your personal data to public authorities. This may in particular be necessary in the case of prosecution or for hazard prevention. The logistics company or the parcel service also uses the personal data exclusively for the purpose of delivery and internal use.
Beyond the freely accessible area of our website, e.g. As part of your registration or order in our online store, we need your personal information in order to respond to you personally. We collect and use your personal data during the use of our online services (usage data) andfor the following purposes:
• Provision of products in our online store
• Sales and payment processing
• customer support and communication with the customer (e.g., by responding to his requests, questions and comments)
• Establishment and management of customer accounts
• Offering products that the customer may be interested in
• Announcement of certain events, programs, surveys, contests, sweepstakes and other offers or promotions and customer management participation
• Customer contact via social media
• Handling complaints related to our products / services
• Operation, evaluation and improvement of our business (e.g. development of new products and services, communication management, measurement of the effectiveness of our sales, marketing and advertising, analysis and improvement of products, services, website, and performance of activities related to Accounting, auditing, invoicing, account reconciliation and dunning)
• Data analysis (e.g. market and consumer research, trend analysis, financial analysis and anonymization of personal data)
• Protection against fraud, claims for benefits and other obligations as well as their detection and prevention
• Compliance with applicable law and our policies
In addition, we use information collected through cookies and other automated processes for the following purposes:
• Adaptation of the website to individual visitor needs
• Submission of content (including advertising) tailored to the interests of users and their use of the website, as well as • Business management
• diagnose problems related to technology and customer service,
• Management and improvement of the website
We process personal data exclusively on the basis of an appropriate authorization. If processing is based on consent, the legal basis is Article 6 (1) lit. a GDPR. If the processing of personal data is necessary for the performance of a contract in which the contracting party is the data subject, e.g. on delivery of a good or performance of a service the processing according to Art. 6 (1) lit. b GDPR. This also includes pre-contractual measures, which may be necessary in the context of inquiries, for example. If we are subject to a legal obligation to process data, such as the fulfillment of tax obligations, the processing of personal data falls under Art. 6 (1) lit. c GDPR. If processing is necessary to safeguard the legitimate interests of our company or a third party, provided that the interests, basic rights and fundamental freedoms of the person concerned do not prevail, then according to Art. 6 (1) lit. f GDPR personal data of a data subject are processed.
Duration of data storage
The criteria for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
III. Web analysis tools, tracking and social plugins
On our website, we use Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies" which allow an analysis of your use of our website (for more detailed information concerning cookies see number 1.1.4 above). The gathered information includes for example information about the operating system used by you, your browser, your IP address, etc. This data is transferred to a server of Google in the USA and stored there. Google observes the data protection provisions of the US Privacy Shield Agreement and is registered with the Privacy Shield program. Our website uses Google Analytics with the extension "gat. anonymizeIp();“ so that the collection of IP addresses is made anonymously. Due to this extension Google shortens the IP addresses of the users from the European Union so that a direct personal reference is excluded for this data. Furthermore, we gather data on shopping carts and orders in an anonymized manner for statistical analyses and transfer them to Google.
Google shall use the collected data on our behalf in order to analyse your use of our website, to prepare reports concerning the user's behavior, and to render other related services to us. The IP address transmitted from your browser to Google shall not be combined with other data. For more information about Google's use of the Google data, hiring and opt-out options, please visit Google's websites: https://www.google.com/intl/en/policies/privacy .
You have the right to oppose and you can prevent the installation and storage of cookies for Google Analytics by a corresponding setting in your browser. Details can be found in the help of your browser. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by following the link https://tools.google.com/dlpage/gaoptout?%20hl%20=%20en&hl=en .
An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The data collection and storage for Google Analytics can be contradicted with this browser plugin at any time with effect for the future.
By using this website, I agree that Buffalo collects, stores, processes and transfers my data to Google to the extent mentioned above and for the purpose mentioned above and that this data is processed to the extent mentioned above.
Re-targeting and deployment of Criteo service
Use of tracking pixels
Tracking pixels perform similar functions to cookies, but are unnoticeable to the user. We use tracking pixels within the shop functionality to measure user behavior, in the newsletter and to control the offers in remarketing. This information is anonymous and not associated with personal information on the user's computer or database. To prevent web bugs on our sites, you can use tools such as: B. webwasher, bug-nosys or AdBlock (for example, the Firefox or Chrome browser) use. To prevent web bugs in our newsletter, please set your mail program so that no HTML is displayed in messages. Web bugs are also prevented if you read your e-mail offline.
Facebook plug-ins and "Like" function
Our website contains browser extensions (so-called plug-ins) of the social network Facebook which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The plug-ins on our websites are identified by the Facebook logo and/or the text "Like". When you visit one of our web pages which contain a plug-in of Facebook, your browser will establish a connection with the servers of Facebook which is used to transmit the content of the plug-in to your browser and your browser integrates this content in the displayed web page. In this way, your IP address and the URL of the visited web page are transmitted to Facebook.
If you are a member of the Facebook service, Facebook can allocate your visit of our website to your Facebook account. In this case, data, such as date, time, URL, and the browser type, is transferred to Facebook and stored there when you visit the web page with the Facebook plug-in. By interacting with the Fcebook plug-ins, for example by clicking the "Like" button or by leaving a comment, further data will be transferred to Facebook.
We have no influence on the extent to which Facebook collects data by means of the "Like" button. For information on the purpose and extent of the data collection by Facebook as well as the further processing and use of your data by Facebook as well as your rights in this respect and settings options for the protection of your privacy, please refer to the data protection information under the following link: http://www.facebook.com/policy.php
In addition, you can also install appropriate blocker add-ons for your browser.
By clicking on the Facebook button I agree that the Facebook plug-in is activated and my data is transferred to Facebook to the extent described above.
Our website uses Instagram's social plugins ("plugins") operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 4025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". An overview of the Instagram plugins and their appearance can be found here.
When you visit a page of our website that contains such a plugin, your browser connects directly to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or if you are not logged in on Instagram. This information (including your IP address) is sent from your browser directly to an Instagram server in the US and stored there.
If you do not want Instagram to directly map the data collected through our website to your Instagram account, you have to log out of Instagram before visiting our website. You can completely prevent the loading of Instagram plugins even with add-ons for your browser, e.g. for example, with the script blocker "NoScript" (http://noscript.net/).
Use of Kameleoon
This website uses the test and web analysis service Kameleoon. The software tool enables an analysis of user behavior based on user segmentation. By evaluating the logfile data, Kameleoon can determine how individual user segments are visiting the website, which landing pages are visited and how click rates can be increased.
As described above, cookies and or the local storage of the browser are used for the analyses, which are linked to a pseudonymised ID. Your IP address is completely anonymized and not stored. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with any other Kameleoon data.
The use of Kameleoon serves the purpose of evaluating your use of the website and compiling reports on website activity so that we can regularly improve our services. The legal basis for the storage of cookies is the consent given (Art. 6 Para. 1 S. 1 lit. a DS-GVO). The further evaluation of the collected data takes place over a period of max. 365 days on the base of Art. 6 Para. 1 S. 1 lit. f DS-GVO.
Use of Livereach
1. Social media users (“users”), in particular Instagram users, regularly get in touch with us in their own photo and video content (“content”). This happens e.g. by tagging a photo or comment with our Instagram profile @buffaloshoes, or by using one of our campaign hashtags, e.g. #buffaloshoes, in their posts.
2. Tagged content features products that we sell. To search for this relevant content and to make it usable, we use the third-party software “Livereach”, provided by Gorilla GmbH, Geisbergweg 8, 48143 Münster, Germany.
3. When Livereach discovers publicly available content that is relevant to us, we contact the user who published it. The user then has the option to grant us usage rights by agreeing to the terms and conditions.
4. When a user has granted us usage rights to her content, we can share that content in accordance with the terms and conditions agreed to. Content can be shared on the internet (e.g. in our online shop, newsletters, ads) and in print. Personal data associated with the original content, such as the username / alias may be shared alongside such content.
5. We use Livereach based on our interest to advertise our brand and products. The lawfulness of the processing of personal data is based on 6 (1) (b), (f) GDPR
IV Deletion and blocking of personal data
If during the collection (e.g. in the context of a declaration of consent) no explicit storage period specified, personal data will be deleted, as far as they are no longer necessary to fulfill the purpose of the storage. If the storage purpose is omitted or if a storage period prescribed by the responsible legislator expires, we will delete or block the personal data in accordance with the statutory provisions.
V. Rights of the data subject
Right of access, rectification, and deletion
Your trust is important to us. For this reason, we want to answer your questions concerning the processing of your personal data free of charge at any time. If you have any questions that could not be answered by this data protection declaration or if you require more detailed information concerning a certain aspect, please contact us by writing an e-mail to the following address:
or write a letter to
Buffalo Boots GmbH
Data protection officer
At this address, you can also obtain information about your data stored with us without giving reasons and free of charge at any time (Art. 15 GDPR). You can block your personal data collected by us or have it rectified at any time (Ar. 16 GDPR) or cancellation (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) or Data transferability (Art. 20 GDPR) and a right to object to processing (Ar. 21 GDPR). Please direct your inquiries to the above mentioned data protection officer.
Furthermore, you can revoke your consent granted to us concerning the collection, storage, processing and use of data without giving reasons at any time, but without affecting the legality of processing on the basis of the consent to revocation. It is sufficient to send your withdrawal in text form (e.g. e-mail, fax, or letter) to the address stated above. If you have further questions concerning our information on data protection and concerning the processing of your personal data, please do not hesitate to contact us at any time. Stored personal data will be deleted when you revoke your consent concerning the storage, when knowledge of the data is no longer needed to fulfil the purpose for which it has been stored, or when storage of the data is not allowed for other legal reasons. Your data cannot be blocked or deleted if we need your data to fulfil the contract or if we are legally required to store this data.
In addition, you have a right of appeal to the relevant supervisory authority. This is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Tel.: +49 211-38424-0, Fax: +49 211-38424-10, E-Mail: firstname.lastname@example.org.
Revocation of consent
We would like to point out that you can revoke your consent to the following data uses at any time with effect for the future:
• Subscribe to the newsletter (unsubscribing possible at any time)
The DHL package notice, which can be actively selected during the ordering process, does not require any revocation, as it will only be used once by DHL and not for advertising purposes.
Right of withdrawal
Withdrawal concerning data storage by Google Inc.
You may prevent the transfer of the data generated by the cookies set by Google and which refer to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in provided under the following link (http://tools.google.com/dlpage/gaoptout?hl=en). For further information, please refer to the URL http://www.google.com/intl/en/analytics/privacyoverview.html=en (general information concerning Google Analytics and data protection).
Reservation of the right of modification
Please note that the data protection provisions may be subject to modifications. For this reason, it is recommended and necessary to keep oneself informed at regular intervals about modifications of the statutory provisions and the practice of companies, such as e.g. of Google Inc.
Buffalo uses a secure transfer method – the so-called "Secure Socket Layer" (SSL) transfer – in order to transfer customer data. A 128-bit key is used for this transfer method. All information transferred by using this method is encrypted before it is sent to Buffalo. In this way it is intended to prevent, this data from being read by unauthorized persons when it is transferred via the internet. Due to the fact that we work with different frames, it is possible that you cannot directly identify the encryption or that your browser does not always inform you, by displaying a message, about the connection to a SSL server. However, you can see the protected transfer of your data (https mode) if you press the right mouse button in the checkout area and then select the feature "Display source code" in the context menu. You can help to protect yourself and others against misuse. Support us in our efforts to secure your personal data by never disclosing your Buffalo password and inform us if you suspect password abuse.
Last modification: 29 October 2020