Privacy Policy

A. Welcome to the website of TIERRA!

In this privacy notice, we would like to inform you about the personal data we process when you are visiting our website.

I. Personal Data

Personal data is all information that can be directly or indirectly associated with your person, for example name, address, telephone number, e-mail address and user behavior.

II. Controller

The controller as defined in Art. 4 (7) of the EU General Data Protection Regulation (“GDPR”) is the Swedish company Fenix Outdoor E-Com AB, Brogatan 141, 894 35 Själevad, Sweden, hereinafter referred to as "Fenix Outdoor", "we" or "us". The easiest way to reach us is to send an e-mail to ecom@fenixoutdoor.se.

III. Data protection officer

Our data protection officer can be contacted at privacy.ecom@fenixoutdoor.se. You can contact the data protection officer if you have any questions about how we process your personal data or if you need help in exercising your rights against us. The data protection officer is bound to secrecy.

IV. security

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us, our site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

B. Processing of personal data

In the following, you will find a description of how we process your data in different contexts.

I. visit of our Website

1. Accessing the website

If you use our website for information purposes only, meaning if you do not register or otherwise actively transmit information to us, we collect the data that your browser transmits to our server (so-called “server log files”). This includes browser type und browser version, used operating system, accessed website, the previously visited website (sog. Referrer URL), host name of the accessing computer, date and time of server request, http status code and IP address. This data is not merged with other data sources and not transferred or used in any other way than described in this Privacy Policy. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.

Purpose of the processing: The data is technically necessary for us to display our website to you and to ensure stability and security.

Legal basis of the processing: The processing of your personal data when you access this website is based on our legitimate interest (Art. 6 (1) sentence 1 (f) GDPR). Without the processing of personal data, it is technically impossible to provide, operate and secure the website. Securing the website also serves your interests.

Transfer to third parties:

Optimizely Inc. (Hosting)

Our website is hosted by Optimizely Inc (formerly EPiServer AB), Torsgatan 11, 103 86 Stockholm, Sweden ("Optimizely"). Optimizely is the recipient of your personal data and acts as a data processor for us. This serves our legitimate interest in accordance with Art. 6 (1) sentence 1 (f) GDPR not to have to maintain a server on our premises ourselves. The transmission and processing of your personal data is carried out exclusively on servers in the European Union.

Cloudflare (Content Delivery Network)

We also use the Content Delivery Network ("CDN") of Cloudflare, Inc., 701 Townsend St., San Francisco, CA 94107, USA ("Cloudflare"). A CDN is a network of servers distributed around the world that is capable of delivering optimized content to the website user. For this purpose, Cloudflare may process personal data in server log files. Cloudflare is the recipient of your personal data and acts as a data processor for us. The processing is carried out pursuant to Art. 6 (1) sentence 1 (f) GDPR on the basis of our legitimate interest in providing our website in a secure and efficient way, as well as improving the stability and functionality of our website. In addition, it is in our legitimate interest not to operate a content delivery network ourselves.

We have concluded a Data Processing Agreement with Cloudflare. Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses ("SCCs"). For more information, see Cloudflare’s privacy policy at https://www.cloudflare.com/privacypolicy/.

Retention period: Your data will be stored for 14 days from your respective visit to our website. After that, the stored data will be deleted, unless we have a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason.

Obligation to provide your personal data: You are not obliged to disclose your personal data. Without your personal data, however, it is not possible for you to access our website.

2. Cookies and similar technologies

a) Technologies we use

On our website we use cookies and similar technologies, such as web beacons. These technologies enable various functionalities and traceability of visitors to our website.

Cookies

Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. We can use cookies to uniquely identify your browser. For identification purposes, cookies may contain certain information, such as a device ID, your IP address, an ad ID, and browsing history information. The obtained information can also be combined with other personal data related to you.

When visiting our website, cookies from third-party companies (third-party cookies) may also be stored. These enable us or you to use certain services of the respective third-party company.

Cookies have a number of different functions. Technically necessary cookies help us make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. Our website cannot function and display properly without these cookies. Preference cookies collect and store information about your settings and preferences on our website, such as your preferred language or the region you are in. Statistics cookies collect information about how you interact with our website. This data helps us to better understand your user behavior and to optimize our website. Marketing cookies store information about websites you visit. The data collected in this way is used to display advertising tailored to you and your interests.

Web Beacons

Our website and any HTML e-mails we send to you may also contain so-called web beacons (also called pixels). These are small, often transparent image files that record how you interact with the website or the e-mail. This data helps us especially in the statistical evaluation of our online marketing.

Purpose of the processing: When using necessary cookies, we process your personal data in order to provide you with certain functions of our website.

When using other cookies or technologies, we process your data in order to analyze your user behavior, to tailor the offerings on our website to you and to display advertising that is of interest to you - also on other websites/platforms.

You can find more information about the respective purposes of the cookies we use in our cookie banner. You can access the cookie banner at any time by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Legal basis of the processing: The processing of your personal data in connection with the use of necessary cookies on this website is based on our legitimate interest (Art. 6 (1) sentence 1 (f) GDPR) and to fulfill our contract with you. Without the processing of personal data, we cannot provide certain functions of our website without technical errors. In addition, you have the option to prevent the processing of your personal data in connection with cookies through your browser settings.

The processing of personal data in connection with the use of other cookies and technologies only takes place with your consent (Art. 6 (1) sentence 1 (a) GDPR). You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: In cases where we transfer your personal data to third parties, we will inform you separately in this privacy policy.

Retention period: Session cookies are automatically deleted at the end of your visit to our website. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. You can find more information about the retention period of the cookies and similar technologies used by us in the cookie banner. You can access the cookie banner at any time by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Obligation to provide your personal data: You are not obliged to disclose your personal data. However, without your personal data, not all functions of our website may be available to you.

b) Consent management

Browser settings

You can usually configure your browser to notify you when cookies are set and to allow cookies only in individual cases. In addition, you can refuse to accept cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. Please note that the functionality of our website may be limited by the deactivation of cookies.

Most browsers also offer a do-not-track feature. When this feature is activated, the browser tells ad networks, websites, and applications that you do not want to be tracked for behavioral advertising and similar purposes.

In addition, you can prevent the loading of scripts by default. "NoScript“ allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, please contact your browser provider.

 

3. Services we use

Our website uses the following services:

a) Google Tag Manager

On our website, we use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). Google Tag Manager provides a solution that allows us to manage and control cookies, conversion pixels or tracking codes from Google or other providers via a web interface. Google Tag Manager itself does not profile our website visitors or set cookies in your browser. However, Google obtains your IP address and creates a digital fingerprint (so-called browser fingerprint) when running the Google Tag Manager. You will find more information about the data processing of the services integrated by the Google Tag Manager in other parts of this privacy policy.

You can find Google's privacy policy here: https://policies.google.com/privacy.

Purpose of the processing: Google processes your personal data on our behalf in order to run Google Tag Manager and facilitate the management of the services we use.

Legal basis of the processing: The processing of your personal data for the use of Google Tag Manager is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

b) Google Analytics

On our website, we use Google Analytics to analyze how our website visitors interact with our website. For this purpose, Google Analytics uses cookies and transmits your IP address from your browser. However, we use the IP anonymization extension, which means that your IP address is shortened by Google, eliminating any personal reference. The IP address will not be merged with other data from Google.

Purpose of the processing: Google processes your personal data on our behalf to evaluate your use of the website, to compile reports on website activities and to provide us with other services related to website and internet use. This allows us to continuously improve our online offering.

Legal basis of the processing: The processing of your personal data for the use of Google Analytics and the evaluation of your website behavior is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA. Since we use IP anonymization, your IP address will be shortened by Google beforehand within the European Economic Area. Google will only transfer the full IP address to a Google server in the USA and shorten it there in exceptional cases.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

c) Google Ads

We use the online advertising program Google Ads. This allows us to display ads in Google search or on third-party websites when you enter certain search terms in Google search (so-called keyword targeting). In addition, you may be presented with advertisements based on your user data available at Google, such as location or interests (so-called target group targeting). We can also evaluate the data that Google collects in this context to determine which search terms led to the presentation of our advertisements and how many of our advertisements were clicked on. Google Ads uses cookies and transmits your IP address from your browser. However, we use the IP anonymization extension, which means that your IP address is shortened by Google, eliminating any personal reference.

Purpose of the processing: Google processes your personal data on our behalf to place interest-based advertisements. This allows us to tailor our advertising offer to your interests and needs.

Legal basis of the processing: The processing of your personal data for the use of Google Ads and the display of interest-based advertisement is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA. Since we use IP anonymization, your IP address will be shortened by Google beforehand within the European Economic Area. Google will only transfer the full IP address to a Google server in the USA and shorten it there in exceptional cases.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

d) Google Conversion Tracking

We use the so-called conversion tracking as part of our advertising measures with Google Ads. This allows us to track what happens after a click on our Google ads, for example, whether a purchase of the advertised product or other products on our website has been made. When you click on one of our Google ads, Google stores a cookie for conversion tracking on your end device. Once you subsequently complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. The conversion data is sent to Google Ads and we receive a report from Google with statistical analyses. We thereby learn the total number of users who clicked on our ad, and which advertising measures were successful. In addition to the data on user behavior, Google obtains your IP address. However, we use the IP anonymization extension, which means that your IP address is shortened by Google, which eliminates a personal reference.

Purpose of the processing: Google processes your personal data on our behalf to create conversion statistics. This allows us to tailor our advertising offer to your interests and needs.

Legal basis of the processing: The processing of your personal data for the use of Google Conversion Tracking is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA. Since we use IP anonymization, your IP address will be shortened by Google beforehand within the European Economic Area. Google will only transfer the full IP address to a Google server in the USA and shorten it there in exceptional cases.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

e) Google Remarketing

We also use the remarketing function of Google Ads. This makes it possible for us to present you with ads tailored to your interests on websites of the Google advertising network (e.g. in Google Search, in the so-called "Google Ads", on YouTube or on other third-party websites) after you have visited our website. For this purpose, Google analyzes your interactions on our website and stores a cookie on your end device, which can then be used to recognize you on other websites. Google obtains your IP address through this. However, we use the IP anonymization extension, which means that your IP address is shortened by Google, which eliminates a personal reference.

Purpose of the processing: Google processes your personal data on our behalf to place interest-based advertisements. This allows us to tailor our advertising offer to your interests and needs.

Legal basis of the processing: The processing of your personal data for the use of Google Remarketing is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA. Since we use IP anonymization, your IP address will be shortened by Google beforehand within the European Economic Area. Google will only transfer the full IP address to a Google server in the USA and shorten it there in exceptional cases.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

f) Google Display & Video 360

On our website, we use Google Display & Video 360 (hereinafter referred to as "Google DV360"). This allows us to analyze your behavior on our website and display ads tailored to your interests on other websites in the Google advertising network. In addition, we can track whether you complete an action on our website after clicking on an ad (so-called conversion). For this purpose, Google stores a cookie on your end device. The data is assigned by Google via a so-called cookie ID.

Purpose of the processing: Google processes your personal data on our behalf to display interest-based advertisements and to create conversion statistics for us. This allows us to tailor our advertising offer to your interests and needs.

Legal basis of the processing: The processing of your personal data for the use of Google Remarketing is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Google is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Google are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Google undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

g) Hotjar

On our website, we use the web analytics service Hotjar Ltd, Dragonara business center, 5th floor, Dragonara road, Paceville St Julians, STJ 3141, Malta ("Hotjar"). With the help of Hotjar we get a better understanding of your user experience on our website, e.g. how much time you spend on which pages, which links you click on, what product you look at etc. This helps us to tailor our offer to your interests and needs. Areas of the websites where personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable at any time. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular the device's IP address (collected and stored only in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information in a pseudonymized user profile.

Purpose of the processing: Hotjar processes your personal data on our behalf to analyze your behavior on our website. This helps us to better understand your needs and optimize our offerings and your experience on our website.

Legal basis of the processing: The processing of your personal data for the use of Hotjar and the analysis of your website behavior is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Hotjar is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the European Economic Area.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

h) Meta Pixel

On our website, we use the service Meta Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta"). This enables us to track your user behavior on our website and to determine you as a target group for the display of advertisements on Meta social networks (e.g. Facebook or Instagram). This allows us to ensure that the ads we display are only shown to Meta users who are also interested in our online offering or who have certain characteristics, such as an interest in certain topics (so-called Custom Audiences). Meta uses both pixels and cookies. In addition to your user behavior on our website, Meta obtains access in particular to your IP address, information on the browser used, location, requested website, the previously visited website (so-called referrer URL) as well as the pixel ID. The data collected by Meta is anonymous for us, which means that we cannot draw any conclusions about your identity. However, Meta can link your data to your Facebook user profile and use it for its own advertising purposes.

You can find Meta's privacy policy here: https://www.facebook.com/privacy/policy?section_id=0-WhatIsThePrivacy.

Purpose of the processing: Meta processes your personal data on our behalf to analyze your user behavior on our website. This helps us to display only the advertising that is relevant to you. In addition, we can evaluate the effectiveness of our advertisements for statistical and market research purposes in order to further optimize future advertising measures.

Legal basis of the processing: The processing of personal data for the use of Meta Pixel and the analysis of your website behavior as well as the display of interest-based advertisements is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Meta is the recipient of your personal data. Meta is partly acting as a data processor for us and partly as a joint data controller with us (see Art. 26 GDPR). The transfer and processing of your personal data takes place on servers in the EU and the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Meta are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Meta undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

i) Pinterest Tag

On our website, we use the conversion tracking technology Pinterest Tag of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (parent company: Pinterest, Inc, 651 Brannan St, San Francisco, CA 94107, USA) ("Pinterest"). Pinterest Tag allows us to show you relevant advertising on Pinterest after your visit to our website. Pinterest includes a so-called conversion tracking pixel on our website, which informs Pinterest that you have visited our website and which parts of our offer you were interested in. In addition to your user behavior, Pinterest receives access to your IP address, the operating system used and device information and may combine such information with other information that Pinterest has collected via other websites and/or in connection with the use of the social network Pinterest, and thus create pseudonymized usage profiles.

Purpose of the processing: Pinterest processes your personal data on our behalf to generate statistics about your user behavior on our website after redirection from a Pinterest pin and thus optimize our offer.

Legal basis of the processing: The processing of personal data for the use of Pinterest Tag is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: Pinterest is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the EU and the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Pinterest are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Pinterest undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

j) TikTok Pixel

On our website, we use the conversion tracking technology TikTok Pixel of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (parent company: Beijing Douyin Information Service Co Ltd, Room 10A, Building 2 A, 48 Zhichun Rd, Haidian Dist, Beijing, 100098 China) ("TikTok"). Firstly, this enables us to show you relevant advertising on TikTok after you have visited our website. With the help of cookies, TikTok receives information that you have visited our website and which parts of our offer you were interested in. In addition to your user behavior, TikTok obtains access to your IP address, the operating system used and device information. Furthermore, we can track whether you complete an action on our website after clicking on an advertisement (so-called conversion) and thereby measure how effective our advertisements are. The data collected by TikTok is anonymous for us, which means that we cannot draw any conclusions about your identity. However, your data may be associated by TikTok with your TikTok user profile and other information collected by TikTok via other websites or in connection with the use of the social network TikTok and used for its own advertising purposes.

Purpose of the processing: TikTok processes your personal data on our behalf to display relevant advertisements for you and to generate statistics about your user behavior on our website after you have been redirected from a TikTok advertisement. This allows us to measure the effectiveness of our advertisements and to constantly optimize our offerings.

Legal basis of the processing: The processing of personal data for the use of TikTok Pixel is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by clicking the link "Revise your cookie settings” that is located at the bottom of the website.

Transfer to third parties: TikTok is the recipient of your personal data and acts as a data processor for us. The transfer and processing of your personal data takes place on servers in the UK. For data transfers to UK, there is an adequacy decision of the European Commission pursuant to Article 45 GDPR.

Please note that TikTok might share your data with other entities of the TikTok group and transfer them to other third countries outside the EU. You can find more information about that in TikTok’s privacy policy.

Retention period: The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Obligation to provide your personal data: You are not obliged to disclose your personal data.

k) Consent Manager

We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, mail@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period. You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to mail@consentmanager.net.

4. Social Media

Our website contains links to the social media networks Facebook and Instagram, both provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, as well as the network Linked, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, ("Providers"). You can recognize the Providers by their logo in the footer of our website. You have the option of clicking on the logo to be redirected directly to our official business page of the respective social media network. In order to increase the protection of your personal data when visiting our website, these logos are not unrestricted plugins, but are only integrated into the website using an HTML link. This type of integration ensures that when you access our website, no connection is yet established with the servers of the Providers. When you click on the logo you will be redirected to the Provider’s website where you can interact with our official business page (possibly after entering your login data).

We have no control over the scope of the data that the Providers process once you clicked on this link and therefore inform you according to our state of knowledge: Through the link, the Providers receive the information that you have visited the corresponding website from our website. We have neither control over the collected data and data processing operations of the above-mentioned Providers, nor is the full extent of the data collection, the purpose of the processing or the retention period known. The Providers’ user terms and privacy policy apply. The Providers may store the data collected about you as usage profiles and use them for purposes of advertising, market research and/or demand-oriented design of their website. If you are logged in to Facebook, Instagram, or LinkedIn the information can be assigned to your respective account.

II. CONTACTING OUR CUSTOMER SERVICE

You can contact us by using our contact form, e-mailing us, or calling us. We process the personal data you provide us with, such as your e-mail address, first and last name and, if applicable, other voluntary information.

Purpose of the processing: We process your personal data to respond to your request and to provide you with the best possible customer service.

Legal basis of the processing: The processing of your personal data to handle your request is based on our legitimate interest (Art. 6 (1) sentence 1 (f) GDPR). Without the processing of personal data, it is not possible to process your request. In addition, contacting us is voluntary.

Transfer to third parties:

Zendesk

In order to provide our customer service, we use Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, USA ("Zendesk"). Zendesk is the recipient of your personal data and acts as a data processor for us. This serves our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR to provide you with an efficient and secure customer service. The server location is in the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Zendesk are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Zendesk undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Fenix Outdoor Group

We may share your personal data with a company belonging to our group of companies (see Art. 4 no. 19 GDPR) if this is necessary for the intended processing purpose. This serves our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR to handle your request in the best possible way and also serves internal administrative purposes.

Retention period: We store your personal data for as long as it is necessary to handle your request. Your personal data will be deleted no later than three years after receipt unless we are required by law to retain it for a longer period.

Obligation to provide your personal data: You are not obliged to disclose your personal data. The fields marked with * in the contact form are mandatory fields. Without this personal data, your request cannot be handled. The remaining information is voluntary and can simplify the processing of your request.

III. ORDERING FROM OUR ONLINE STORE

If you want to order something in our online store, we need certain information from you, such as e-mail address, first and last name, address, telephone number, billing address or credit card information. To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

Purpose of the processing: We process your personal data to handle the order you have placed and to send you the ordered goods.

Legal basis of the processing: The legal basis is Art. 6 (1) sentence 1 (b) GDPR as the processing serves to fulfill our contract with you.

Transfer to third parties:

Order management

For managing our customers’ orders, we use Optimizely Inc (formerly EPiServer AB), Torsgatan 11, 103 86 Stockholm, Sweden ("Optimizely"). Optimizely is the recipient of your personal data and acts as a data processor for us. This serves our legitimate interest in accordance with Art. 6 (1) sentence 1 (f) GDPR to offer you an efficient and secure order process. The transmission and processing of your personal data is carried out exclusively on servers in the European Union.

Payment processing

All payments made in our online store are processed by the payment service provider Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, The Netherlands, ("Adyen"). Adyen offers several ways of paying securely, such as payment by payment card, Apple Pay and PayPal. Adyen is a so-called acquirer, which means that Adyen accepts payments on our behalf and then transfers the funds paid by you to us. As an acquirer, Adyen receives and processes your personal data as a data controller. You can find more information about Adyen’s processing activities in their privacy policy: https://www.adyen.com/policies-and-disclaimer/privacy-policy.

The transfer of your data to Adyen takes place exclusively for the purpose of payment processing with Adyen and only to the extent necessary for payment processing. The legal basis for the data transfer is Art. 6 (1) sentence 1 (b) GDPR as it serves to fulfill our contract with you.

Payment card

If you choose to pay by credit or debit card, Adyen will process your payment card number (encrypted in accordance with PCI DSS standards), the expiry date of your payment card, the amount of the transaction and the currency in which the transaction is done, the date, time and location of the transaction as well as information about us (category and merchant ID) and transfer it to the payment service provider of your payment card. The legal basis for the data transfer is Art. 6 (1) sentence 1 (f) GDPR and serves Adyen’s legitimate interest of providing acquiring services to us.

PayPal

If you choose to pay via PayPal, your payment data will additionally be shared with PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transfer of your data to PayPal takes place exclusively for the purpose of payment processing with PayPal and only to the extent necessary for payment processing. The legal basis for the data transfer is Art. 6 (1) sentence 1 (b) GDPR as it serves to fulfill our contract with you. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) sentence 1 (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, address data. For further information on data protection, including information on the credit agencies used, please see PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

Apple Pay

If you choose to pay with Apple Pay, your payment data will additionally be shared with Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland (“Apple”). The payment is processed via the "Apple Pay" function of your iOS, watchOS or macOS operated end device by charging a payment card deposited with "Apple Pay". For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment. If personal data is processed during the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) sentence 1 (b) DSGVO. Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. The anonymization completely eliminates any reference to individuals. Apple uses the anonymized data to improve Apple Pay and other Apple products and services. For further information on Apple’s processing activities in connection with Apple Pay, please see their privacy policy: https://www.apple.com/uk/legal/privacy/data/en/apple-pay/.

Order handling

When handling your order, we may transfer your personal data within the Fenix Outdoor Group, insofar as this is necessary for the order handling. In particular, we may share your personal data with Fenix Outdoor Logistics B.V., Konigsbelteweg 12, 1329 AG Almere, Netherlands or Fenix Outdoor Logistics GmbH, Am Alten Flugplatz 5, 19288 Ludwigslust, Germany. The personal data collected by us will also be transferred to the transport service provider commissioned with the delivery, insofar as this is necessary for the delivery of the goods. The legal basis for the data transfer is Art. 6 (1) sentence 1 (b) GDPR.

UPS

If the delivery of the goods is carried out by the transport service provider United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss ("UPS"), we will transfer your e-mail address to UPS before delivery of the goods for the purpose of coordinating a delivery date or notification of the shipping status, provided that you have given your explicit consent to this during the ordering process. Otherwise, we will only transfer the name of the recipient and the delivery address to UPS. In this case, a prior coordination of the delivery date with UPS or the communication of status information of the shipment delivery is not possible.

Retention period: We store your personal data as long as this is necessary to handle your order. Your personal data will be deleted no later than three years after receipt, unless we are required by law to retain it for a longer period. For example, we are required by commercial and tax law to store your address, payment and order data for a period of up to ten years.

Obligation to provide your personal data: You are not obliged to disclose your personal data. The fields marked with * during the order process are mandatory fields. Without this personal data your order cannot be handled. The remaining information is voluntary and can simplify the handling of your order.

IV. CREATINg AND USing A CUSTOMER ACCOUNT

If you would like to create a customer account or already have a customer account and use our website as a logged in user, we process your personal data as follows. To create a customer account, we first ask you for your first and last name and your e-mail address. Once your customer account has been created, you have the option of storing your address and payment data there. In addition, we store information about your orders provided that you were logged in during the ordering process.

Purpose of the processing: We process your personal data to provide you with the customer account and its functionalities.

Legal basis of the processing: The processing of your personal data when using the customer account is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent at any time with effect for the future by requesting to close the customer account. In order to close the customer account, please contact our customer service.

Transfer to third parties:

SendGrid/Twilio

The activation link for your customer account is sent via the service SendGrid of the service provider Twilio Germany GmbH ("Twilio"), Rosenheimer Str. 143C, 81671 Munich, Germany. Twilio is the recipient of your personal data and acts as a processor for us. The transfer of your personal data to Twilio is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) to provide you with a secure, efficient and user-friendly activation of your customer account and to prevent misuse of the customer account or the e-mail address being used. Furthermore, the creation of a customer account is voluntary. The data you enter for the purpose of opening the customer account will be stored on Twilio servers in the EU.

Fenix Outdoor Group

We may share your personal data within the Fenix Outdoor Group if this is necessary for the intended processing purpose.

Retention period: We store your personal data for as long as it is necessary for the provision of your customer account. Personal data that is collected and used solely for the purpose of providing you with a customer account will be deleted after the account is closed.

Obligation to provide your personal data: You are not obliged to disclose your personal data. Without the specification of your e-mail address and your name, a customer account cannot be provided to you. The remaining information is voluntary and can extend the functionality of the customer account.

V. Subscribing to our NEWSLETTER

1. Subscription

You have the option to subscribe to our newsletter. In this we will inform you regularly by e-mail about news and promotions of Tierra. We process your e-mail address in order to send you the newsletter.

Purpose of the processing: We process your personal data to inform you about news and promotions.

Legal basis of the processing: The processing of your personal data for sending the newsletter is based on your consent (Art. 6 (1) sentence 1 (a) GDPR).

You can withdraw your consent to this at any time with effect for the future by unsubscribing from the newsletter. You can unsubscribe either via your customer account or via the unsubscribe link in our newsletter.

Transfer to third parties:

MailChimp

Our newsletter is sent by the service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA („MailChimp“). MailChimp is the recipient of your personal data and acts as a data processor for us. The transfer of your personal data to Emarsys for sending the newsletter is based on your consent (Art. 6 (1) sentence 1 (a) GDPR) which you can withdraw at any time with effect for the future by unsubscribing from the newsletter. You can unsubscribe either via your customer account or via the unsubscribe link in our newsletter. The data you enter for the purpose of receiving the newsletter is stored on MailChimp’s servers in the USA.

There is currently no adequacy decision by the European Commission for data transfers to the USA. In order to ensure the European level of data protection, our data transfers to Pinterest are subject to so-called standard contractual clauses pursuant to Art. 46 GDPR. In these, Pinterest undertakes to comply with the European level of data protection, even if the data is stored, processed or managed in the USA.

Retention period: We store your personal data for as long as it is required for sending the newsletter.

Obligation to provide your personal data: You are not obliged to disclose your personal data. However, we cannot send you our newsletter without your e-mail address.

C. Withdrawal of consent

Many data processing activities are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

D. Your Rights

In addition to the right to withdraw consent given to us, you also have the following rights with regard to your personal data. In order to exercise these rights, you can contact us at privacy.ecom@fenixoutdoor.se.

I. Right to information

You can request information about your personal data stored by us at any time.

II. Right to correction

You can request the correction of your personal data if it is incorrect. In addition, you can also request the completion of your personal data, if it is incomplete. If you have a customer account, you can change some data directly under "My account".

III. Right to deletion

You can request that we delete personal data processed by us at any time, insofar as the data is not still required by us, for example to fulfill the contract with you, or if we are obligated to retain it due to legal or contractual regulations.

IV. Right to restriction of processing

You can request a restriction of the processing of your personal data in the following cases:

If you have notified us that the personal data we have stored is incorrect, you may request limited processing for the period of time that we need to verify the accuracy of the data.

If the processing is unlawful, but you refuse to erase the data and instead request restriction of the use of the personal data.

If we no longer need the personal data for the purposes of processing, but you need it in order to assert, exercise or defend legal claims.

If you object to processing based on our legitimate interest, you may request limited processing for the duration needed to verify the legitimate interest.

V. Right to Object to the processing

You can object to the processing of your personal data on the basis of a legitimate interest of ours. We will no longer process the personal data unless we can demonstrate legitimate grounds for processing that outweigh your interests and rights, or for the defense of legal claims.

VI. Right to data portability

You may request that we transfer personal data we have stored about you in a structured, common and machine-readable format or that we transfer it to another party.

VII. right to lodge a complaint with a data protection regulatory body

If you believe that we have handled your personal data in a manner that conflicts with the data protection legislation, you may at any time complain to the Swedish Data Protection Authority (Integritetsskyddsmyndigheten - IMY, Box 8114, 104 20 Stockholm, Sweden, Tel +46 8 657 61 00, e-mail imy@imy.se) or any other competent supervisory authority in your country of residence.

E. UPDATE OF OUR PRIVACY POLICy

From time to time we need to update our privacy policy. You will always find the latest version of the privacy policy on our website.

We will inform you about any significant changes to the privacy policy.

Version: January 2023