Privacy policy
The protection of personal data is highly important to Harry's Grooming Limited, 5th Floor 101 St Martins Lane, London, United Kingdom, WC2N 4AZ, e-mail: hallo@harrys.com (“Harry’s” or “we”). This Privacy Policy serves to inform visitors to the website www.harrys.com/en/de of Harry’s (“User(s)” or “you”) about the processing of personal data (hereinafter “Data”) that takes place on the websites of Harry’s subject to the applicable data protection laws, in particular Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”).
As described in our Terms and Conditions (www.harrys.com/en/de/terms-of-service), Harry’s web shop is exclusively aimed at customers who have reached the age of 18 and live in the Federal Re-public of Germany. We do not knowingly collect or solicit Data from anyone under the age of 18. If you are under the age of 18, please do not access or use our website, or attempt to send us any Data. If we learn that we have collected Data from an individual under the age of 18, we will delete that in-formation as quickly as possible.
1. Controller of data processing
Harry’s is the controller of the lawful processing of the Users’ Data within the meaning of Art. 4(7) GDPR. Harry’s EU representative is Feintechnik GmbH Eisfield, Seeweg 4, 98673 Eisfeld, Germany, e-mail: hallo@harrys.com.
2. Data processed and purposes of processing
2.1 Usage data
When the websites of Harry’s are accessed, the servers of Harry’s automatically store certain data of the accessing system. This includes the type of browser used, the browser version, the operating system used, the website from which the website of Harry’s is accessed, the con-trolled subpages of the website of Harry’s, the date and time of access, the internet protocol address (IP address), the internet service provider and data comparable with such data.
Harry’s uses this data to make the websites available, to detect and remove possibly occurring technical problems and to prevent and, if need be, prosecute any abuse of the services of Har-ry’s. Harry’s also uses this data in anonymised form, i.e. without being able to identify the us-er, for statistical purposes and in order to improve the websites. The legal basis for processing personal usage data is Art. 6(1)(f) GDPR.
2.2 Data processed in the course of entering into a contract
Before products can be ordered via Harry’s web shop, a password-protected user account must be set up. Certain information is required for registration, such as the name of the User, pass-word and an e-mail address. Users will have the possibility of creating individual “shave plan” subscriptions in the User account area. In this context, certain specific information in connec-tion with the “shave plan” subscription are processed (e.g. supply intervals, type of shaving product, etc.).
You may be able to register for access to the web shop by using third party services, such as Facebook. If you have registered for an account with us through Facebook or another third party service, we will collect and receive your login credentials for such third party service in connection with providing you with access to the web shop if you expressly provide us with such information. We will only use such login information for the purposes described above. In any case, we urge you to review your privacy settings on any third party service and their as-sociated privacy policies to understand more about disclosures of information from your appli-cable third party services.
After having created a user account, Users may purchase products on the website of Harry’s. The Data transferred to Harry’s in this connection (e.g. name of User, e-mail address, bank ac-count, payment card details, billing address and delivery address) are used in order to fulfil the contract with the User.
We need the above-mentioned information to set up and manage the User account, identify au-thorized Users, be able to offer the User the functions desired and to send the User the prod-ucts it has ordered. More details on registering and using the functions offered on the websites of Harry’s including how contracts with Harry’s are concluded and can be terminated are pro-vided in the General Terms and Conditions: www.harrys.com/en/de/terms-of-service. All pay-ment information collected, including your bank account, payment card details and billing ad-dress, is encrypted and maintained using industry standard methods designed to ensure its se-curity against loss or theft, including during transmission to our applicable third party payment processing company based on your chosen method of payment, which currently includes Stripe, Inc., iDeal B.V., certain participants who facilitate Single Euro Payments Area (SEPA) bank transfers and PayPal (Europe) S.à r.l. et Cie, S.C.A., who processes your payment infor-mation on our behalf. Please note that your payment information is stored by our payment pro-cessors, not by us, and use and storage of that information by the payment processors is gov-erned by the payment processor's applicable terms of service and privacy policy.
We also use your payment information to verify your identity when you manage your account, your shave plan or your orders, or make a new purchase, based on our legitimate business in-terests in keeping your account secure and preventing fraudulent transactions. As stated above, we do not store your payment information – our payment processors do, and we must retrieve your payment information from our payment processors and/or from you in order to use it to verify your identity or to process and fulfill your shave plans.
The legal basis for processing Data in the context outlined above is Art. 6(1)(b) GDPR.
2.3 Data processed in the course of contacting Harry’s
Harry’s websites provide Users with the option to make contact with Harry’s. The Data trans-ferred to Harry’s in this connection are exclusively used in order to handle the respective en-quiries. The legal basis for processing the Data outlined above, depending on the content of the respective contact-making, is Art. 6(1)(b) GDPR (if contact is contract-related) respectively Art. 6(1)(f) GDPR (in all other cases).
2.4 Other Data we receive about you
Covered in section 2.5 below.
2.5 Use of cookies
The websites of Harry’s use cookies and similar technologies such as pixel tags or web bea-cons (for the purposes of this Privacy Policy, we refer to these technologies individually and collectively as “Cookies”). Cookies are small text files that are stored on the User’s data carri-er and exchange certain settings and data with the system of Harry’s via the browser. A cookie normally contains the name of the domain from which the cookie data are sent and information on the age of the cookie and an alphanumerical identifier. Cookies enable Harry’s to design the website attractively to the User and also facilitate use by, for example, storing certain input such that it need not be entered repeatedly.
Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are tempo-rary Cookies that are stored on your device while you are accessing or using our Services, whereas “persistent Cookies” are stored on your device for a period of time after you leave our website. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie.
We use the following types of Cookies:
a) Essential Cookies: These are Cookies that enable you to access and use our website and other features or content on the website that you request or seek to use. For example, certain Cookies enable you to log into your account or use the “shopping cart” func-tionality on the website. Such Cookies are generally known as “essential cookies”. You can disable these Cookies, but doing so will encumber the performance of the website and may make certain of its features and services unavailable to you. The legal basis for processing Data contained in such Cookies is Art. 6(1)(f) GDPR (legitimate interests). Our essential Cookies include:
Name: h_locale Provider: Harry’s Grooming Limited and Harry’s, Inc. Purpose: specifies which lo-cale the user is in Retention: 1 year Type: Cookie
Name: HX Provider: Harry’s Grooming Limited and Harry’s, Inc. Purpose: This cookie is for versioning and split testing (the process of comparing two versions of a web page and measur-ing the difference in performance) on our website. It en-sures Users remain on the appropriate versions of the site so they have a consistent experience Retention: 1 year Type: Cookie
Name: HV Provider: Harry’s Grooming Limited and Harry’s, Inc. Purpose: This cookie is for versioning and split testing (the process of comparing two versions of a web page and measur-ing the difference in performance) on our website. It ensures Users remain on the appropriate versions of the site so they have a consistent experience Retention: 1 year Type: Cookie
Name: h_gdrp_cookie_agree Provider: Harry’s Grooming Limited and Harry’s, Inc. Purpose: remembers if a user agreed to be tracked via Cookies. Retention: 1 year Type: Cookie
Name: stripe_mid Provider: Stripe, inc. Purpose: a token set by Stripe (payment provider) to facilitate the payment of online orders Retention: 1 year Type: Cookie
Name: stripe_sid Provider: Stripe, inc. Purpose: a token set by Stripe (payment provider) to facilitate the payment of online orders Retention: 30 minutes Type: Cookie
b) Functionality cookies: If you give us your consent, some Cookies enable us to determine whether you have previously visited or otherwise used the website, and if so, whether you indicated any preferences during your previous visits or use. Such Cookies are generally known as “functionality cookies” and are persistent Cookies. You can dis-able these Cookies, but doing so will impair our ability to personalize the website for you. The legal basis for processing Data contained in such Cookies is Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To do so, e-mail hallo@harrys.com. Our functionality Cookies include:
Name: referrer, utm_source, h_p_utm_source, utm_medium, h_p_utm_medium, utm_campaign, h_p_utm_campaign, h_p_utm_term, h_p_utm_content h_p_eid Provider: Harry’s Grooming Limited and Harry’s, Inc. Purpose: Identify from which campaigns visitors to our web-site originated Retention: session Type: Cookie
Name: pin_unauth Provider: Google LLC Purpose: The cookie sets or reads an ID and then sends information about when such ID visited the site, what pages it saw and, in some cases, what products it interacted with Retention: 1 year Type: Cookie
Name: uetsid Provider: Microsoft Corporation Purpose: The cookie sets or reads an ID and then sends information about when such ID visited the site, what pages it saw and, in some cases, what products it interacted with Retention: 1 day Type: Cookie
Name: gcl_au Provider: Google LLC Purpose: The cookie sets or reads an ID and then sends information about when such ID visited the site, what pages it saw and, in some cases, what products it interacted with Retention: 3 months Type: Cookie
Name: uetvid Provider: Google LLC Purpose: The cookie sets or reads an ID and then sends information about when such ID visited the site, what pages it saw and, in some cases, what products it interacted with Retention: 16 days Type: Cookie
Name: dc_gtm_UA-38502581-1 Provider: Google LLC Purpose: The cookie sets or reads an ID and then sends information about when such ID visited the site, what pages it saw and, in some cases, what products it interacted with Retention: session Type: Cookie
c) Performance/analytical cookies: If you give us your consent, some cookies help us understand how visitors use the website, such as by collecting information about the num-ber of visitors to our website, what pages visitors view on our website and how long visitors are viewing pages on the website. Such Cookies are generally known as “performance/analytical cookies,” and are persistent Cookies. We use a number of third parties, as described below, to help deliver these services. The legal basis for processing Data contained in such cookies is Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To do so, e-mail hallo@harrys.com. Our performance/analytical cookies include:
Name: ga Provider: Google LLC Purpose: Google Analytics cookie that collects and stores User IDs, a third party Cookie served by Google Retention: 30 minutes Type: Cookie
Name: gid Provider: Google LLC Purpose: Google Analytics user identifier, a third party Cookie served by Google Retention: 2 years Type: Cookie
Name: hp2_id.2002065820 Provider: Heap Inc. Purpose: User ID for Heap Analytics, clickstream tracking for website usage analytics Retention: 14 months Type: Cookie
Name: hp2_props.2002065820 Provider: Heap Inc. Purpose: User Properties for Heap Analytics, clickstream tracking for website usage analytics Retention: 14 months Type: Cookie
Name: hp2_ses_props.2002065820 Provider: Heap Inc. Purpose: User Session Events for Heap Analytics, clickstream tracking for website usage analytics Retention: 30 minutes Type: Cookie
Name: hjTLDTest Provider: HotJar Limited Purpose: Domain check for HotJar Analytics, confirms usage data is only sent from approved domains Retention: session Type: Cookie
Name: hjAbsoluteSessionInProgress Provider: HotJar Limited Purpose: Session time for HotJar Analytics, scroll/click tracking for website usage analytics, measures session length in time Retention: 30 minutes Type: Cookie
Name: hjFirstSeen Provider: HotJar Limited Purpose: Session timestamp for HotJar Analytics, scroll/click tracking for website usage analytics, measures session start time Retention: 30 minutes Type: Cookie
Name: hjid Provider: HotJar Limited Purpose: User Id for HotJar Analytics, unique id to track users’ clicks and scrolls Retention: 1 year Type: Cookie
d) Retargeting and advertising cookies: If you give us your consent, some Cookies help us learn about the pages on our website and on third party services that you visit, and thus enhance our understanding of your interests and preferences, so that we can serve you with advertisements for our products or services that we believe may be of interest to you. Such Cookies are generally known as “retargeting and advertising cookies”, and are persistent Cookies. Through these Cookies, we collect information about your online activity after you leave our website. We use a number of third parties to help deliver these services, including, for example, Google. We serve advertisements, and also allow third party ad networks, including third party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the website. The legal basis for processing Data contained in such cookies is Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. To do so, e-mail hallo@harrys.com. Our perfor-mance/analytical cookies include:
Name: fbp Provider: Facebook, Inc. Purpose: allows advertisers to measure the effectiveness of advertising by understanding the actions people take on a website. Retention: 3 months Type: Cookie
Name: IDE Provider: Google LLC Purpose: used by Google DoubleClick to register and report the user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Retention: 13 months Type: Cookie
Name: MUID Provider: Microsoft Corporation Purpose: Microsoft User Identifier tracking cookie used by Bing Ads Retention: 13 months Type: Cookie
Name: taboola_session_id Provider: Taboola, Inc. Purpose: Creates a temporary session user ID to avoid the display of duplicate recommendations on the site Retention: session Type: Cookie
You can decide whether or not to accept most Cookies. Most browsers allow you to delete Cookies and have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allowing you to decide whether to accept each new Cookie in a variety of ways. To explore what Cookie settings are available to you, look in the “preferences” or “options” sec-tion of your browser’s menu. You can always choose to stop us from collecting Cookies by turning off the Cookie feature on your browser or by ceasing to use our website. However, if you do prevent us from collecting Cookies, you should know that some of the functions on our website may not work properly.
2.6 Marketing
Harry’s websites provide Users with the option to receive marketing e-mails and to consent to the processing of Data necessary for this purpose. In order to register for marketing e-mails the User must provide his or her e-mail address. Additional information can be provided on a vol-untary basis. These Data are exclusively used in order to send the marketing e-mails and are not transferred to third parties. The date and time of registration and the e-mail verification are also collected at registration. These Data are exclusively processed for the purpose of identify-ing the possible abuse of an e-mail address. The contents of the marketing e-mails are adapted to the User’s behaviour when receiving the e-mails (clicking on links contained in the e-mail, etc.) and to products a User may have ordered. The legal basis for processing the Data outlined above is Art. 6(1)(a) GDPR. The User has the right to withdraw his consent at any time with-out prejudice to the lawfulness of the processing carried out based on the consent prior to his withdrawal.
We provide Users with choices regarding certain Data uses, particularly around marketing and advertising. We have established a communication preferences centre within your account area where Users can view and make certain decisions about how we communicate with Users.
We may also use your name and shipping address to mail you information and materials about us and our products and services that we think may be of interest to you, based on our legiti-mate business interest in marketing to individuals who have indicated an interest in our products and services. You can always choose not to receive such communications when you regis-ter an account with us, and you can stop receiving these communications at any time by email-ing us at hallo@harrys.com.
3. Recipients of the Users’ Data
Harry’s receives assistance from outside service providers for certain technical processing or storage processes and data analysis (e.g. to obtain aggregated, non-personal statistics from data bases or for the storage of backup copies), such as Google, Inc. For the purposes of pro-cessing, hosting and storing, Users’ Data are also shared with Amazon Web Services, Inc. and other companies of the Harry’s group, such as Harry’s, Inc. and Harry’s USA, Inc., both locat-ed at 75 Varick Street, New York, New York 10013. These service providers are carefully se-lected and meet high data protection and data security standards. They are obligated to main-tain strict confidentiality and process Data only when commissioned to do so by Harry’s and according to Harry’s instructions. The legal basis for the involvement of such service providers is Art. 28 GDPR.
In addition, your Data will be transferred to delivery services or payment providers, such as Stripe, Inc., iDeal B.V., certain participants who facilitate Single Euro Payments Area (SEPA) bank transfers and PayPal (Europe) S.à r.l. et Cie, S.C.A., if and to the extent necessary for the fulfilment of your orders (Art. 6(1)(b) GDPR). In individual cases, your Data may also be transferred to lawyers, auditors or tax consultants in order to facilitate effective advice (Art. 6(1)(f) GDPR). Harry’s requires all third parties to re-spect the security of your Data and to treat it in accordance with the law.
Some of the aforementioned recipients, such as Harry’s, Inc., Harry’s USA, Inc., Google, Inc., Amazon Web Services, Inc. and some of the third party cookie providers mentioned in section 2.5 above, are located in countries that are outside the European Union or European Economic Area and that, according to the European Commission, do not offer an adequate level of data protection. Harry’s safeguards that the Data is transferred to these recipients in line with the special data protection requirements on transfers of Data to such countries and has entered into the European Commission’s standard contractual clauses, which can be accessed by contacting Harry’s via the contact details below.
Harry’s, Inc. and Harry’s USA, Inc. have certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Data trans-ferred from the European Union. Although Harry’s, Inc. and Harry’s USA, Inc. do not rely on the Privacy Shield Framework as a legal basis for transfers of Data in light of the judgment of the Court of Justice of the EU in Case C-3111/18, both are still self-certified to the Privacy Shield Principles and adhere to them. To view Harry's, Inc.’s and Harry's USA, Inc.’s certification, please visit www.privacyshield.gov.
Except in the cases set out in this Privacy Policy, Harry’s only transfers Data to third parties without the User’s explicit consent if so obliged by law or by administrative or judicial directive.
4. Storage period
We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Data, we consider the amount, nature, and sensitivity of the Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For Data that is not required to be kept for legal purposes or where our legitimate interest is not overridden by your interests or fundamental rights and freedoms, we will retain your Data for up to 24 months from the point at which you cancel your subscriptions with us.
Usage data (see section 2.1 above) will be stored for a period of up to 10 days.
5. Rights of the Users
In accordance with relevant statutory requirements, Users requesting detailed information on the processing of Data concerning them may contact Harry’s at any time (Art. 15 GDPR). Should Users establish that the Data stored about them is incorrect or incomplete, they may re-quire rectification or completion of such Data (Art. 16 GDPR). Subject to the preconditions set out in Articles 17 and 18 GDPR, Users may also require the erasure or restriction of processing of Data. They may also ask to receive in a structured, commonly used and machine-readable format the Data which they have provided to Harry’s or for such Data to be transferred to a third party (Art. 20 GDPR). Users also have the right to lodge a complaint with the competent supervisory authority.
Finally, Users have the right to object, on grounds relating to his or her particular situation, at any time to processing of Data concerning him or her which is based on Art. 6(1)(f) GDPR, in-cluding profiling based on those provisions (Art. 21 GDPR). Harry’s will no longer process the Data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Users or for the establishment, exercise or defence of legal claims. Where Data are processed for direct marketing purposes, the Users shall have the right to object at any time to processing of Data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
6. Change of ownership or control
If we are acquired by or merge with another company, go out of business or enter bankruptcy, or sell some or all of our assets, your Data may be sold or transferred in connection with the transaction in question. If such events do take place, this Privacy Policy will continue to apply to your Data. The legal basis for processing Data in this context will be, as the case may be, Art. 6(1)(a),(b) or (f) GDPR.
7. Contact information
The User may contact Harry’s at any time regarding questions concerning Harry’s processing of Data and the exercise of rights to which the User is entitled against such processing. To do so it is sufficient to contact Harry’s at the contact details provided above. Harry’s data privacy team may be contacted at security-council@harrys.com.