in accordance with Art. 13, 14 GDPR - Fulfilment of information obligations
1. Joint Controllers
The following companies are Joint Controllers for all processing of personal data in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) and Art. 26 of the GDPR:
• Outlet Mall Messancy SRL, Rue d'Arlon 199, 6780 Messancy
E-mail: info@designeroutletluxembourg.com
• ROS Belgium Management SRL, Avenue du Boulevard 21 Box 8, 1210 Saint-Josse-ten-Noode, E-mail: info@designeroutletluxembourg.com,
Tel: +32 (0) 63 23 00 40
hereinafter referred to as "data controllers".
Being Joint Controllers means that each of the data controllers process your data jointly, taking into account the highest data protection standards. A corresponding contract has been concluded between each of the data controllers. Even if there is joint responsibility, the data controllers fulfil the obligations under data protection law in accordance with their respective responsibilities. Within the framework of joint responsibility, you can assert your rights in connection with data processing with each of the data controllers. In the first instance, please address your concerns and enquiries to ROS Belgium Management SRL, Avenue du Boulevard 21 Box 8, 1210 Saint-Josse-ten-Noode, E-mail: info@designeroutletluxembourg.com, Tel: +32 (0) 63 23 00 40
2. General Data processing
2.1 Data processing in accordance with Art 13 GDPR
We process the data that data subjects provide to us, for example in the context of an enquiry by E-mail, for the purpose of initiating and concluding a contract or a business relationship.
2.2 Data processing in accordance with Art 14 GDPR
In addition, we process data of persons who may be part of a contractual relationship, which we have permissibly received in the context of information provided by third parties (e.g., managing directors provide us with the data of their employees or colleagues).
2.3 Data Subjects
We process the following data from contracting parties (e.g. VIP Club members, competition participants): first and last name, E-mail address, date of birth.
We process the following data from contact persons of tenants: Company, title and name of contact person, business address data and contact data, bank details, contract data.
We process the following data from suppliers and business partners that is required for the initiation or conclusion of a contract: Company, title and names of contact persons, business address data and contact data, bank details, contract data.
We process the following data from event participants: Name, contact data and address data.
2.4 Recipients of personal data
Recipients of personal data will only be third parties if it is necessary for the fulfilling of a contract or if it is required by law.
2.5 Data retention
The data will be deleted by us as soon as storage is no longer necessary or legal retention periods have expired. If the basis of the processing is consent, we restrict the processing or delete the data upon withdrawal of the consent - unless there are legal provisions to the contrary.
2.6 Contact by E-mail
When you contact us by E-mail, the data you provide will be stored by us on the basis of your consent in order to answer your questions. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing if there are legal retention periods.
2.7 Publication of the names of originators
We are required by law to disclose names of creators of image data (photos or videos) whenever we publish image data. We automatically delete this personal data as soon as we stop using the image data.
2.8 Legal basis
The below points are the legal basis of data processing:
• Initiation and fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR.
• Legal obligations in accordance with Art. 6 para. 1 lit. c GDPR, (for example, legally prescribed storage and documentation obligations).
• Legitimate interests of our company within the meaning of Art. 6 para. 1 lit. f GDPR (for example usage of software).
• Art 6 para. 1 lit. a GDPR when obtaining consent (for example when processing image data or for advertising purposes).
3. Data processing of VIP Club members
If you decide to become a member of our VIP Club, we will process the data you enter in our form (online or print).
A membership in our VIP Club with many financial advantages requires the authorisation of the Outlet to send you offers, information, advertising, invitations to competitions as well as promotions of the partners of the designer outlet by E-mail.
In order to complete your registration in the VIP Club, we require your first and last name as well as a valid E-mail address or a further confirmation that you are indeed the supposed recipient of the mailings sent to you. For this purpose, we will send a confirmation E-mail to the E-mail address entered with a link contained therein (double opt-in); only after clicking on this link is the registration completed.
If you want to receive special birthday vouchers as a member of the VIP Club, we also need your date of birth. However, you can also become a member without mentioning your date of birth.
We collect further data in this context insofar as you provide it, but this is not necessary for the receipt of the advertisements.
If you do not wish to receive any more mailings, you can terminate your membership at any time informally by sending an E-mail to the contact details given in section one of this Privacy Policy.
Legal basis: Art. 6 para. 1 lit. b GDPR
4. Data processing of competition participants
If you take part in our competitions, we will process your data to carry out the competition, to determine and notify the winner and to send the prize offered. For this purpose, we need your name and your E-mail address. Without this data, you cannot participate in the competition. In this context, we also need your date of birth, as participants must be at least 18 years old.
If you also provide your telephone number, we will use this to contact you by telephone if you have not responded to the previous E-mail prize notification. However, this is not necessary for the implementation of the competition.
The data will be deleted after the winner has been determined and the competition has been completed.
Legal basis: Art. 6 para. 1 lit. b GDPR
5. Data processing via our website
5.1 Contact
If you have asked us to contact you via our web form or if you have sent us a message, we store the data that is required to contact you. This is your gender, name, your E-mail address and other data that you provide in the message. We process other data if you provide it to us voluntarily. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.
You also have the option of registering for the VIP Club in the contact form. For more details, see the section "Data processing of VIP Club members".
Legal basis: Art. 6 para. 1 lit. a GDPR
5.2 Applicants
5.2.1 General
If you send us your application documents, we will process your personal data contained therein as well as your CV and references for the purpose of personnel selection and filling the position. In the event of a rejection, we will delete your documents after the legal retention periods have expired.
Legal basis: Art. 6 para. 1 lit. b GDPR
Should you consent to be kept on record with us for contact at a later date, we will approach you with a separate request to provide consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all of your applicant data one year after you have sent us your consent.
Legal basis: Art 6 para 1 lit a GDPR
5.2.2 Applicant Portal
People interested in working for our company can apply directly on our website using the form provided there. To do this, we need your title, first and last name, E-mail address, date of birth and place of residence. You can also voluntarily provide us with your telephone number. In the further application process you have the possibility to upload your application documents (e.g. CV). In the event of a rejection, we will delete your documents no later than 7 months after the rejection has been sent to you.
Legal basis: Art. 6 para. 1 lit. b GDPR
If you agree to be kept on file with us for contact at a later date, we will approach you with a separate request for the transmission of consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a vacancy with us within one year, we will delete all your applicant data one year after you have sent us your consent.
Legal basis: Art. 6 para. 1 lit. a GDPR
6. Data processing when visiting our website
6.1 Informative use of the website
In the case of informative use of the website, we only collect the personal data that your browser transmits to our server (server log files). If you wish to view our website, the most data we collect is that which is technically necessary for us to display our website to you and to ensure its stability and security:
• IP address
• Date and time of the request
• Time zone difference to Coordinated Universal Time (UTC)
• Content of the request (specific page)
• Access status/HTTP status code
• Website from which the request came
• browser
• Operating system and its interface
• Language and version of the browser software.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of unlawful use and to pass on the data to the law enforcement authorities if there has been a hack attack. The data will not be passed on to third parties beyond this.
Legal basis: Art. 6 para. 1 lit. f GDPR
6.2 Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your computer.
The cookie allows you to be recognised when you visit the website without having to re-enter data that you have already entered previously.
The information contained in the cookies is used, for example, to determine whether you are logged in or which data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser. With most web browsers, cookies are automatically accepted.
By using our websites, you agree to the use of these cookies, insofar as cookies are accepted according to your browser settings.
6.2.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
6.2.2 Persistent cookies
Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
6.2.3 Third-party cookies
These originate from providers other than the website operator. They can be used, for example, to collect information for advertising, custom content and web statistics.
6.2.4 Browser
Most browsers are set by default to accept all cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of our website may be limited.
You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. f GDPR (in the case of technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies).
6.3 Data processing in the USA
It cannot be ruled out that personal data will be transmitted to the USA when visiting our website. If this is the case, we will point this out separately in this Privacy Policy.
The GDPR requires so-called appropriate safeguards according to Art. 46 GDPR for a data transfer to a third country or to an international organisation. Such guarantees do not exist for the USA.
Possible risks that cannot currently be ruled out for you as a data subject in connection with the aforementioned information are in particular:
• Your personal data may be shared with other third parties (e.g. : US authorities) by the respective service provider beyond the actual purpose of fulfilling the order.
• You may not be able to sustainably assert or enforce your rights of access against the respective service provider.
• There may be a higher probability that incorrect data processing may occur because the technical organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly agree to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. a GDPR
7. Social Media
We operate social media channels such as Facebook and Instagram. When visiting our social media presence, personal data, including the IP address, is processed by the respective provider and cookies are used for data collection. Which information exactly is transmitted, please refer to the Privacy Policy of the respective service. There you will also find information about contact options as well as for various settings.
We focus on comprehensive customer satisfaction and use these services primarily to be able to get in touch or to communicate with you.
In the case of services with a US connection, the data collected is usually sent to a server in the USA and stored there. We have no influence or possibility of control over the type and scope of the data processed by these services, the type of processing and use or the transfer of this data to third parties. For options to restrict the processing of this data in the respective settings of these services, please refer to the detailed descriptions of the Privacy Policy of the respective providers.
The providers of the social media services and we concluded respective agreements - in most cases these are agreements on joint responsibility for data processing. The use of social media is based on our legitimate, operational interest.
Legal basis: Art. 6 para. 1 lit. f GDPR
8. Akamai CDN
We use the Akamai CDN to increase the loading speed on the website. The provider of the service is Akamai Technologies, Inc, 145 Broadway Cambridge, MA 02142, USA. Information about your use of our website (e.g. your IP address) is transmitted to Akamai.
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
For more information, please refer to Akamai's privacy policy at www.akamai.com/legal.
Legal basis: Art. 6 para. 1 lit. a GDPR
9. Cloud.Typography
Our website uses external fonts from Hoefler & Co, 611 Broadway, Room 725, New York, NY 10012-2608, USA.
This service provides the "Cloud.Typography" fonts, which are displayed on users' end devices. In each session, your browser establishes a direct connection with the company's servers in the USA, whereby your IP address can be retrieved.
For more information, please see Typography's privacy policy:
www.typography.com/policies/privacy
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
Legal basis: Art. 6 para. 1 lit. a GDPR
10. Facebook
10.1 Facebook Plugins
We operate a Facebook page and have social plugins ("Plugins") of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland on our website for this purpose. The Plugins are recognisable by one of the Facebook logos (dark grey or black "f" on a light grey circle or white "f" on a blue tile, or the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: developers.facebook.com/docs/plugins/.
We have concluded a contract with Meta Ireland, nevertheless it may happen that Meta Ireland transfers personal data to Meta USA.
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
When a user accesses a website of this offer that contains such a plugin, his browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to its level of knowledge:
The data collected in this way is anonymous for us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our level of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage policy www.facebook.com/about/privacy/. You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes.
Legal basis: Art. 6 para. 1 lit. a GDPR
10.2 Facebook Pixel
Our website uses Facebook pixels ("Pixel") of the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) for the analysis, optimisation and economic operation of our online offer.
Facebook can use the pixels to determine the website visitors as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use them to display the Facebook ads placed by us only to those Facebook users who have also shown interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). The aim is to ensure that our Facebook ads correspond to user interest and do not have a harassing effect. On the other hand, we can use pixels to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Your actions are stored in one or more cookies. These cookies allow Facebook to match your user data (such as IP address, user ID) with your Facebook account data. The data that is collected is anonymous and not visible to us and can only be used in the context of advertisements. If you would like to prevent the linking with your Facebook account, you have the option to log out before taking any action.
We have entered into a contract with Facebook Ireland, nevertheless it may happen that Facebook Ireland transfers personal data to Facebook USA.
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
For further information, please refer to Facebook's data policy at en-gb.facebook.com/policy.php
For specific information on Facebook Pixels, please refer to en-gb.facebook.com/business/help/742478679120153.
Legal basis: Art. 6 para. 1 lit. a GDPR
10.3 Facebook-Connect
To log in to the website, the Facebook profile can also be used via Facebook Connect of the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland).
By clicking on the button provided, a pop-up in the design of the Facebook login mask will open. Here you enter your Facebook login data, agree to the data transfer and are thus logged in to our website. If you are already logged in to Facebook, you no longer need to log in to our website. The connection between Facebook and our website is automatic. Consent to access certain data on Facebook must still be set.
We have a contract with Facebook Ireland, nevertheless it may happen that Meta Ireland transfers personal data to Meta USA.
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
For more information, please see Facebook's data policy at en-gb.facebook.com/policy.php
11. Google Services
We have signed a contract with Google Ireland Limited ("Google"), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data is transmitted from Europe to the USA, over which we as a company have no influence.
With this service, a transfer of personal data to the USA cannot be excluded! - For more details, please refer to section 6.3 of this privacy policy.
For more information on the terms of use and data protection, please visit https://policies.google.com/technologies/partner-sites.
Legal basis: Art 6 para 1 lit a GDPR
11.1 Google Analytics
We have integrated Google Analytics on our website, a web analysis service from Google, which enables us to analyse visitor flows and the length of stay on our website.
This website uses the function "Activation of IP anonymization" (i.e. Google Analytics has been extended by the code "gat._anonymize Ip();" to ensure anonymized collection of IP addresses (so-called IP masking)). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
According to Google, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google may, however, transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of the website to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the websites (including your anonymized IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
For more information on the terms of use and data protection, please visit marketingplatform.google.com/about/analytics/terms/us/ or support.google.com/analytics/answer/6004245.
11.2 Google Analytics Conversion Tracking (Google Ads)
This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have accessed our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads client's website and the cookie has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. Each Ads client receives a different cookie. Cookies can therefore not be tracked across Ads clients' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads clients who have opted into conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain "www.googleadservices.com" are blocked. Google's privacy policy can be found here.
When you use SSL search, Google's encrypted search feature, the search terms are usually not sent as part of the URL in the referring URL. However, there are some exceptions to this, for example if you are using certain fewer common browsers. For more information on SSL search, click here. Search queries or information in the referral URL could also be viewed through Google Analytics or an application programming interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an ad. policies.google.com/faq
11.3 Google Doubleclick
The website uses the online marketing tool DoubleClick. To help AdWords customers and publishers serve and manage ads on the web, the Google advertising network and certain Google services may be used. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
11.4 Google Tag Manager
We use Google Tag Manager to recognise your user behaviour. The Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool itself processes the following personal data: IP address of the user. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. The Google Tag Manager can set cookies, at least in the preview and debug mode of the administrator, but also outside of it. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
More detailed information is available here: support.google.com/tagmanager/;
12. Your rights
You have the following rights in relation to personal data relating to you:
• Right of access, right to rectification and erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability
Please direct your enquiries and requests by E-mail to info@designeroutletluxembourg.com or contact us using the contact details provided.
If you believe that we have violated Belgian or European data protection law in the processing of your data and have thereby infringed your rights, please contact us so that we can clarify any issues.
You also have the right to complain to the supervisory authority, which is the Belgian Data Protection Authority:
Commission de la Protection de la Vie Privée
Rue de la Presse 35
1000 Bruxelles
Telefon: +32 (0) 2 274 48 00
E-mail: contact@apd-gba.be
Homepage: www.dataprotectionauthority.be
13. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Changes to this Privacy Policy will be published by us on this page. Please refer to the current version of our Privacy Policy in this regard.
Your wishlist is empty