Go to homepage Go to homepage

Data protection

Sign In
Telephone advice

Data protection

Privacy Policy

Held Fashion Retail GmbH (hereinafter referred to as TUZZI) is a subsidiary of Frankenwälder E. Held GmbH & Co. KG. The protection of your personal data is very important to us. TUZZI issues this privacy policy to inform you about our data protection practices and measures.

This privacy policy covers personal data, the collection of non-personal data, and aggregated reports for statistical analysis.

You can generally visit our website without providing any personal data.

With the following information, we would like to provide you, as the "data subject", with an overview of the processing of your personal data by us and your rights under data protection laws. Use of our website is generally possible without entering personal data. However, if you wish to use specific services provided by our company via the website, the processing of personal data may be required. If such processing is necessary and there is no legal basis for it, we will generally obtain your consent.

The processing of personal data—such as your name, address, or email address—will always be carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection provisions applicable to Held Fashion Retail GmbH. Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed through this website. Nevertheless, internet-based data transmissions can fundamentally have security gaps, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, for example by telephone or post.

You can also take simple and effective measures to protect your data from unauthorised access. Therefore, we would like to offer the following tips for handling your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords.
  • Only you should have access to your passwords.
  • Ensure you use your passwords for only one account (login, user or customer account).
  • Do not reuse passwords across different websites, applications, or online services.
  • Especially when using publicly accessible or shared IT systems: always log out after each session on a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Avoid using everyday words, your name, or relatives' names. Use a combination of upper and lower case letters, numbers, and special characters.

1. Controller

Held Fashion Retail GmbH

Hans-Hofmann-Str. 11
95213 Münchberg

Register Court: Amtsgericht Hof, HRB 3473
Tax Number: 223/159/57005
VAT ID: DE 224925645

Authorised representative:
Carolin Kittel (Managing Director)

Operational responsibility:
Head of E-Commerce
Johannes Diehl

For questions, we are available Monday to Thursday from 8 am – 4 pm and Friday from 8 am – 12 pm at +49 (0) 9251 447 0 or via email at info@tuzzi.de.

2. Personal Data

These are individual details about your personal or factual circumstances. TUZZI uses personal data to better meet your needs and interests and to provide you with optimal service. TUZZI does not sell your personal data to third parties for marketing purposes.

The following data is collected during a purchase in our online shop:

  • First name, last name, street and house number, postcode and city, date of birth, email address

Depending on the payment method selected, the following data may also be collected to process your purchase:

  • Billing and transaction data, credit card information

TUZZI will only pass on your personal data to third parties if this is necessary for fulfilling the contract. Service providers within the EU are engaged to handle the purchase process and shipment and process personal customer data on our behalf.

To provide you with better personal service and continuously improve our offerings, we may ask you to share personal or professional interests, demographic data, or feedback on your experiences with our products or services. Providing this additional information is voluntary.

3. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

  1. You have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR,
  2. The disclosure is permissible under Art. 6 para. 1 lit. f GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest in your data not being disclosed,
  3. There is a legal obligation to disclose data pursuant to Art. 6 para. 1 lit. c GDPR, or
  4. This is legally permissible and required for the execution of contractual relationships with you under Art. 6 para. 1 lit. b GDPR.

To protect your data and enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. Where these are not sufficient to ensure an adequate level of protection, your consent under Art. 49 para. 1 lit. a GDPR may serve as the legal basis for such transfers. This does not apply to data transfers to countries for which the European Commission has issued an adequacy decision under Art. 45 GDPR.

As part of the data processing activities described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only offer an adequate level of data protection if they are certified under the EU-US Data Privacy Framework, meaning the EU Commission's adequacy decision pursuant to Art. 45 GDPR applies. We explicitly name such service providers in this privacy policy. In all other cases, we use data processing agreements based on the EU standard contractual clauses. Where those are not sufficient, your consent according to Art. 49 para. 1 lit. a GDPR may serve as a legal basis for such transfers—unless an adequacy decision pursuant to Art. 45 GDPR exists.

4. Transfer of Personal Data for Order Processing

The personal data we collect will be passed on to the transport company entrusted with the delivery as part of contract fulfilment, insofar as this is necessary for the delivery of the goods.

In the event of a purchase, Held Fashion Retail GmbH obtains a credit report to safeguard our legitimate interest in proper payment processing. For this purpose, the data required for a credit check will be used as part of order processing, and the statistical probability of a payment default determined on the basis of this data will be used for a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognised mathematical-statistical methods, which include address data in their calculation. Your legitimate concerns will be taken into account in accordance with legal provisions.

As part of this contractual relationship, we transmit personal data collected concerning the application, execution and termination of this business relationship, as well as data on non-contractual behaviour or fraudulent behaviour, to CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich. The legal bases for these transmissions are Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transmissions based on Article 6(1)(f) GDPR may only take place if this is necessary to protect the legitimate interests of our company or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject who requires the protection of personal data. The data exchange with CRIFBÜRGEL also serves to fulfil legal obligations to carry out creditworthiness checks of customers (Sections 505a and 506 of the German Civil Code). CRIFBÜRGEL processes the data received and also uses it for profiling (scoring) purposes to provide its contractual partners in the European Economic Area and Switzerland, and possibly other third countries (if there is an adequacy decision by the European Commission for these), with information, among other things, for assessing the creditworthiness of natural persons. More detailed information on CRIFBÜRGEL's activities can be found in the CRIFBÜRGEL information sheet or viewed online at www.crifbuergel.de/de/datenschutz .

Accordingly, you must ensure that you inform third parties to whom you provide your end devices about this, and that they also tolerate the described measures or, alternatively, do not visit the TUZZI Online-Shop with your end devices.

If you choose credit card as your payment method, payment processing will be handled by the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we transmit the information provided by you during the order process, along with information about your order (name, address, account number, sort code, possibly credit card number, invoice amount, currency and transaction number). The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/terms

We have integrated components of PayPal on this website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which means there is no classic account number. PayPal enables online payments to be initiated to third parties or payments to be received. PayPal also assumes trustee functions and offers buyer protection services.

If you select "PayPal" as a payment option during the order process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Personal data related to the respective order is also necessary for the execution of the purchase contract.
The purpose of transmitting the data is payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. This transmission is for the purpose of identity and creditworthiness checks.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

The use of PayPal is in the interest of proper and smooth payment processing. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Your personal data will only be transmitted if explicit consent is given in accordance with Art. 6(1)(a) GDPR.
The applicable data protection regulations of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

5. Use of the "Brevo" Newsletter Tool

Newsletters are sent via "Brevo", a newsletter sending platform from the German provider Sendinblue GmbH, Köpernicker Straße 126, 10179 Berlin.

The email addresses of our newsletter recipients and purchasers, as well as their other data described in these notes, are stored on Sendinblue's servers. Sendinblue uses this information for sending and evaluating the newsletters on our behalf. Furthermore, according to its own information, Sendinblue may use this data to optimise or improve its own services, e.g., for the technical optimisation of newsletter delivery and display, or for economic purposes to determine the countries from which recipients originate. However, Sendinblue does not use the data of our newsletter recipients to contact them directly or pass them on to third parties.

Brevo's data protection provisions can be found here. By using the form on this website, you agree to the data processing by Sendinblue to the extent shown.

Statistical Collection and Analysis

The newsletters contain a "web-beacon", i.e., a pixel-sized file that is retrieved from Sendinblue's server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used for the technical improvement of services based on technical data, or for target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor Sendinblue's to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Use of BREVO's Chat Function

This website uses Brevo Chat, operated by Sendinblue GmbH, with its registered office at Köpenicker Straße 126, 10179 Berlin.

Brevo Chat is a service for managing and analysing live chats and messenger conversations. Your data entered for the conversation is stored on Sendinblue's servers in Germany or France.

The use of Brevo Chat may result in information about your website activities, such as operating system/device, location and browser type, being transmitted to and stored on a Sendinblue server.

Further details can be found in Brevo's privacy policy at: https://www.brevo.com/de/legal/privacypolicy/.

The processing of your data is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw this consent at any time. The withdrawal does not affect the lawfulness of the processing of your data carried out until the withdrawal.

6. Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was watched. The term cookies also includes other technologies that fulfil the same functions as cookies (e.g., when user data is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following cookie types and functions are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user revisits a website. Similarly, user interests, which are used for audience measurement or marketing purposes, can be stored in such a cookie.
  • First-party cookies: First-party cookies are set by us.
  • Third-party cookies: Third-party cookies are primarily used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).
  • Statistics, marketing, and personalisation cookies: Furthermore, cookies are generally also used for audience measurement and when a user's interests or behaviour (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles serve to display content to users, for example, that matches their potential interests. This process is also referred to as "tracking", i.e., tracking the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or when obtaining consent.

Notes on Legal Bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g., in the economic operation of our online offering and its improvement) or, if the use of cookies is necessary to fulfil our contractual obligations.

Storage Duration: Unless we provide you with explicit information on the storage duration of permanent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-Out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke given consent or to object to the processing of your data by cookie technologies (collectively referred to as "Opt-Out"). You can initially declare your objection via your browser settings, e.g., by deactivating the use of cookies (although this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can receive further objection information as part of the information on the service providers and cookies used.

Processing of Cookie Data Based on Consent: Before we process or have data processed within the scope of using cookies, we ask users for their consent, which can be revoked at any time. Unless consent has been given, only cookies that are absolutely necessary for the operation of our online offering will be used.

  • Types of Data Processed: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

7. Web Analytics

7.1 Meta Pixel (formerly Facebook Pixel)

This website uses the "Facebook Pixel" from Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). If explicit consent is given, this allows for tracking user behaviour after they have viewed or clicked on a Facebook advertisement. This process serves to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help to optimise future advertising measures.

The data collected is anonymous to us and therefore does not allow us to draw conclusions about the identity of users. However, the data is stored and processed by Meta, so a connection to the respective user profile is possible, and Meta can use the data for its own advertising purposes, in accordance with Facebook's Data Policy (https://www.facebook.com/about/privacy/). This enables Meta and its partners to place advertisements on and off Facebook. A cookie may also be stored on your computer for these purposes.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

7.2 Use of the Facebook Conversion API

We use Facebook's "Conversions API". The Conversions API is an interface that allows event data to be sent directly from our servers to Facebook. The functionality and processing of data within the Conversions API corresponds to the functionality and processing within the use of the Facebook Pixel, which is why we refer to the privacy notices for the Facebook Pixel and audience formation in this regard. Extended matching for the Facebook Pixel: In addition to the processing of event data within the use of the Facebook Pixel (or comparable functions, e.g., in apps), contact information (data identifying individual persons, such as names, email addresses, and phone numbers) is also collected by Facebook within our online offering or transmitted to Facebook. The processing of contact information serves to form target groups (so-called "Custom Audiences") for displaying content and advertising information tailored to the presumed interests of users. The collection, transmission, and matching with data already existing at Facebook do not take place in clear text, but as so-called "hash values", i.e., mathematical representations of the data (this method is used, for example, when storing passwords). After matching for the purpose of forming target groups, the contact information is deleted.

7.3 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymised usage profiles are created and cookies are used (see section "Cookies"). The information generated by the cookie about your use of this website may include:

  • a short-term collection of the IP address without permanent storage
  • location data
  • browser type/version
  • operating system used
  • referrer URL (previously visited page)
  • time of server request

The pseudonymised data may be transferred by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website use and internet use for the purposes of market research and the needs-based design of these web pages. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information on Google Analytics can be found at: https://support.google.com/analytics/answer/12017362?hl=de and https://business.safety.google/privacy/.

7.4 Google Analytics Remarketing

We have integrated Google Remarketing services on this website. The operating company of Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that allows a company to display advertisements to internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently to show the internet user advertisements that are relevant to their interests.

The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing allows us to display advertisements within the Google advertising network or on other websites, which are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the data subject's IT system. By setting the cookie, Google is enabled to recognise the visitor to our website when they subsequently access websites that are also members of the Google advertising network. With each call to a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data, such as your IP address or surfing behaviour, which Google uses, among other things, to display interest-relevant advertising.

Personal information, such as the websites you have visited, is stored via the cookie. Therefore, with each visit to our websites, personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information on Google Analytics Remarketing can be found at: https://www.google.de/intl/de/policies/privacy/ and https://business.safety.google/privacy/.

8. Advertising

8.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads on this website. The operator of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use this to advertise this website in Google search results, as well as on third-party websites. For this purpose, Google sets a cookie in your device's browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit.

Further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked to your Google account and that information from your Google account will be used to personalise ads you see on the web. In this case, if you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked with Google Analytics data by Google to form audiences.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information on Google Ads Remarketing can be found at: https://www.google.com/policies/technologies/ads/ and https://business.safety.google/privacy/.

8.2 Google Ads with Conversion Tracking

We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to pre-define certain keywords by means of which an ad will only be displayed in Google's search engine results if the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, ads are distributed by means of an automatic algorithm and in consideration of the previously defined keywords on thematically relevant websites.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine, and to display third-party advertising on our website.

If you reach our website via a Google ad, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used for your identification. If the cookie has not yet expired, the conversion cookie tracks whether certain sub-pages, for example, the shopping cart of an online shop system, have been accessed on our website. Through the conversion cookie, both we and Google can track whether a user who came to our website via an AdWords ad generated revenue, i.e., completed or abandoned a product purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are used by us in turn to determine the total number of users who were referred to us via Ads ads, i.e., to determine the success or failure of the respective Ads ad and to optimise our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google by which you could be identified.

Personal information, such as the websites you have visited, is stored via the conversion cookie. Therefore, with each visit to our websites, personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information on Google Ads can be found at: https://www.google.de/intl/de/policies/privacy/ and https://business.safety.google/privacy/.

9. Plugins and Other Services

9.1 Google Tag Manager

On this website, we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows "website tags" (i.e., keywords embedded in HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link, or personalised image you have actively clicked, and then determine which content on our website is particularly interesting to you.

The tool also triggers other tags that may, in turn, collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, this remains valid for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information on Google Tag Manager can be found at:  https://www.google.com/intl/de/policies/privacy/ and https://business.safety.google/privacy/.

9.2 Google Web Fonts

Our website uses so-called Web Fonts for the uniform display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you open a page, your browser loads the necessary Web Fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use establishes a connection to Google's servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on Google Web Fonts and Google's privacy policy can be found at:  https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

9.3 Microsoft Bookings

We use the scheduling tool Microsoft Bookings ("Bookings") on our website, a service offered by Microsoft Corp., One Microsoft Way, Redmond, Washington, USA.

When you click on the corresponding booking button, you will be automatically connected to our booking account with Bookings. After choosing your appointment, confirming it and entering your contact details and concerns, you will receive an email from Bookings confirming your appointment.

When using the service, the following data may be processed, among others:

  • First name, last name,
  • Phone number,
  • Email address,
  • preferred form of communication (phone, video conferencing system),
  • reason for your enquiry,
  • time of appointment request and agreed appointment,
  • free text added by you.

These processing operations are carried out exclusively upon receipt of explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR.

Alternatively, appointments can also be arranged by email or telephone.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

Microsoft's privacy policy can be viewed at: https://privacy.microsoft.com/de-de/privacystatement.

9.4 Microsoft Forms

We use the "Microsoft Forms" service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to create surveys, polls, and quizzes.

Microsoft Forms is a web-based application for creating surveys, quizzes, and polls. The created forms can be shared via links or embeds on a website to gather feedback from a target audience or conduct polls. Survey results are automatically collected and can be viewed and analysed in real-time.

When using Microsoft Forms, various personal data may be collected, including:

  • Information you provide yourself when you complete a survey, poll, or answer a quiz, such as name, email address, or answers to questions.
  • Data about the use of Microsoft Forms, such as date and time of access, browser type, operating system, and IP address.

The retention period for personal data is determined by the respective statutory retention period.

Participation in surveys, polls, or quizzes is voluntary. The legal basis for the processing of personal data is your voluntarily given consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can withdraw this at any time with effect for the future.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR is thus in place, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on the Microsoft Forms service and the privacy policy can be found at: https://privacy.microsoft.com/de-de/.

10. Use of Web Beacons

Some TUZZI web pages and HTML email newsletters use web beacons in conjunction with cookies to compile aggregate statistics about website usage. A web beacon is an electronic, invisible image, also known as a one-pixel GIF or clear GIF. Web beacons can recognise certain types of information on a visitor's computer, such as a visitor's cookie number, time and date of a page view, and a description of the page where the web beacon is located. You can render some web beacons unusable by rejecting the cookies associated with them.

11. Facebook

Responsible Parties:

Facebook Ireland Ltd. (hereinafter referred to as "Facebook")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

Held Fashion Retail GmbH
Hans-Hofmann-Str. 11
95213 Münchberg

Information about the Facebook page of: Held Fashion Retail GmbH

For the information service offered here, we rely on the technical platform and services of Facebook Ireland Ltd.

Please note that you use this Facebook page and its functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can access the information offered on this page on our website at www.tuzzi.de .

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Further information on this is provided by Facebook under the following link:
http://de-de.facebook.com/help/pages/insights 

The data collected about you in this context will be processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information Facebook receives and how it is used in its Data Policy. There you will also find information about how to contact Facebook and about the settings for advertisements. 

The Data Policy is available at the following link:
http://de-de.facebook.com/about/privacy 

Facebook's full Data Policy can be found here:
https://de-de.facebook.com/full_data_use_policy 

How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us. 

When accessing a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses). Facebook also stores information about its users' devices (e.g. within the "login notification" function); Facebook may therefore be able to assign IP addresses to individual users. 

If you are currently logged in to Facebook as a user, there is a cookie on your device with your Facebook ID. This allows Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Through Facebook buttons integrated into websites, Facebook can record your visits to these websites and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you. 

If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device, and close and restart your browser. This will delete Facebook information that can directly identify you. You can then use our Facebook page without your Facebook ID being revealed. If you access interactive functions of the page (Like, Comment, Share, Messages etc.), a Facebook login screen will appear. After any login, you will again be recognisable to Facebook as a specific user. 

Information on how to manage or delete information about you can be found on the following Facebook Support pages: https://de-de.facebook.com/about/privacy#

If you have questions about our information services, you can reach us at
Phone: +49 (0) 9251 447 0
Fax: +49 (0) 9251 447 355
Email: onlineshop@frankwalder.com

The agreement on joint controllership according to Art. 26 GDPR (as of 21.8.2020) with Facebook can be found at: https://www.facebook.com/legal/controller_addendum

Data Subject Rights of Users

I/we cannot unfortunately fulfil our information obligations under Art. 13 EU-GDPR, as only Facebook has full access to user data. If you wish to exercise your data subject rights, please contact Facebook directly. These rights include the following:

Right of access:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:

You can request that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g., in the case of legally regulated retention obligations.

Regardless of the exercise of your right to erasure, we will promptly and completely erase your data unless there is a legal or contractual retention obligation to the contrary.

Right to restriction of processing:

You can request that we restrict the processing of your data if
- you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse erasure and instead request a restriction of data use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.

Right to data portability:

You can request that we provide you with your data that you have provided to us in a structured, commonly used, and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

- we process this data based on consent given by you and revocable, or for the performance of a contract between us, and
- this processing is carried out by automated means.

If technically feasible, you can request that we transmit your data directly to another controller.

Right to object:

If we process your data based on legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons. 

Right to lodge a complaint:

If you believe that we are violating German or European data protection law when processing your data, please contact us to clarify any issues. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

For the implementation of these rights in accordance with Articles 15-20 of the GDPR regarding the data stored by Facebook Ireland after joint processing, Facebook Ireland is solely responsible. You also have a right to object and complain, as described above, against us. 

Should you require assistance with this or have any other questions, please feel free to contact me/us via email at [insert email address here]. If you no longer wish the data processing described here in the future, please sever the connection of your user profile to my/our page by using the functions "Unlike this page" and/or "Unsubscribe from this page".

If you have any questions about data protection, you are also welcome to contact our data protection officer at:

Juergen C. Beer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
https://www.projekt29.de

Phone: 0049-941-2986930
Email: datenschutz@tuzzi.de

12. Competitions

Should you register for a competition organised by us, your personal data will be used for the execution and processing of the competition. The legal basis for this is Art. 6 para. 1 b GDPR. Further information on the competitions can be found in the respective terms and conditions of participation. To participate in the respective competition, you must accept these terms and conditions of participation. 

13. Google Maps

This site uses the Google Maps mapping service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy findability of the locations indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

14. Privacy Settings and Choices

To opt out of or unsubscribe from promotions and information you have previously expressly requested (e.g., email newsletters, software updates, etc.), please use one of the following methods: 

  • Select the "unsubscribe" or "cancel subscription" link, or follow the opt-out instructions included in each subscription-related communication.
  • Return to the web page(s) where you originally registered your preferences and follow the opt-out instructions. 

15. Use of WhatsApp Business

Consent Text

By opening and using the Messenger, I consent to Held Fashion Retail GmbH (hereinafter referred to as provider) processing my personal data (e.g. telephone number) for communication regarding the preparation and execution of any orders as well as for sending promotional information using the "WhatsApp" Messenger from WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin (Ireland). 

Data Protection - WhatsApp Business

Use of WhatsApp

Insofar as you have consented, we process your communicated or existing personal data (e.g., name, telephone number, email address, Messenger ID, profile picture, messages) for communication regarding the preparation and execution of any orders as well as for sending promotional information (e.g., offers, newsletters) using the instant messaging service "WhatsApp" from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

An existing messaging account is required to use this service.

We point out that WhatsApp Ireland Limited may also transfer personal data (in particular metadata of communication) to WhatsApp Inc., which may also be processed on servers in countries outside the EU (e.g., USA) where there is no adequate level of data protection. WhatsApp may pass this data on to other companies within and outside the Facebook corporate group. Further information can be found in the privacy policy of WhatsApp Business (https://www.whatsapp.com/legal/business-policy/) and WhatsApp (https://www.whatsapp.com/legal/#privacy-policy). We have neither precise knowledge of nor influence over the data processing by WhatsApp Ireland Limited or WhatsApp Inc., which is responsible for data protection in this respect.

In addition to the recipients already specifically named above, we use the help of other service providers (processors) to fulfil our obligations.

We would like to point out that you can revoke your consent at any time for the future without giving reasons by informing us of your revocation via WhatsApp with a message containing the note REVOCATION or by email to the email address mentioned in this privacy policy or our imprint, for the corresponding processing of your personal data. The data mentioned above will be deleted by us in accordance with legal requirements as soon as the consents permitting their processing are revoked or when the purpose of processing this data has ceased or they are not required for the purpose.

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

16. Use of Service Providers for Shipping Communication

To enable you to track your shipment after placing an order, we use the service of PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster (hereinafter - "Paqato").

On our behalf, Paqato sends shipping notifications and delivery status updates. For this purpose, in accordance with Art. 6 para. 1 lit f GDPR, based on our legitimate interest in effective and informative customer communication as well as transparent and reliable shipping processing that is also in the customer's interest, we transmit data.

With the dispatch of your goods, the order header data for tracking the shipment and identification of problems are processed in accordance with Art. 6 Para. 1 lit. b. (within contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f. (other inquiries) GDPR. User data is stored and processed in the PAQATO shipping analysis system of PAQATO GmbH in order to deliver the goods faster and without errors and to ensure smooth communication (legitimate interest pursuant to Art. 6 Para. 1 lit. f. GDPR). We delete the data as soon as it is no longer required. We review the necessity every two years; furthermore, statutory archiving obligations apply. 

We have concluded a data processing agreement with Paqato, obliging Paqato to protect your data in accordance with legal requirements.

Paqato's privacy policy can be viewed at the following link: https://www.paqato.com/datenschutzerklaerung/

17. Shopware Analytics 

Purpose of processing: Together with our shop software service provider, we jointly analyse certain information about our customer base (e.g., customer group, visited pages, click paths, date and time of visit, information about the device used (resolution, resolution density, operating system), referrer URL, information about the browser used, locale, search queries, and time zone). This information is processed by an external service provider and sent to us in near real-time so that we can monitor the use of our website and improve our offerings. 

Legal basis:  Art. 6 para. 1 lit. f GDPR Data categories: Derivations from master and contact data (the customer group, no individual customer data), usage data, connection data 

Recipient of the data: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service provider The essence of joint 

Responsibility: Joint responsibility exists between us and shopware AG; the data is collected on our shop and then transferred to Shopware's servers or their service providers; with the exception of obtaining your consent for the use of cookies or similar technologies and fulfilling these information obligations, all obligations, in particular the implementation of data subject rights, lie with shopware AG, whom you can reach at legal@shopware.com. You can also assert your data subject rights with us; we will then forward your request to shopware AG accordingly. Shopware AG can derive behaviour on our store from the collected data, but cannot assign this data to you as a person.

Intended third country transfer: 
 None 

Do we store or read personal data on your device based on your consent? Yes, details can be found in Consent Management.

18. Accessibility and Accuracy of Personal Data

TUZZI strives to store your personal data accurately. We have implemented technologies, management procedures, and policies designed to ensure accurate storage of customer data. We grant you access to your personal data and provide online access so you can modify your data if needed.

19. Data Subject Rights

Your Right to Information, Rectification, and Erasure of Your Personal Data

Furthermore, you naturally have the right to request information at any time about what data about you is stored and for what purpose this storage takes place. In addition, you can have incorrect data corrected or data deleted whose storage is inadmissible or no longer necessary. To assert the aforementioned rights, please contact the address below.

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation, and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to continuous improvement, and our privacy policies are constantly being revised. Please ensure you have the latest version.

Data Subject Rights

You have the right at any time to information, rectification, erasure, or restriction of the processing of your stored data, a right to object to processing, and a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to Information

You can request information from us as to whether and to what extent we process your data.

Right to Rectification

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to Erasure

You can request that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g., in the case of legally regulated retention obligations.

Regardless of the exercise of your right to erasure, we will promptly and completely erase your data unless there is a legal or contractual retention obligation to the contrary.

Right to Restriction of Processing

You can request that we restrict the processing of your data if

• You dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data.
• The processing of the data is unlawful, but you refuse erasure and instead request a restriction of data use.
• We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
• You have objected to the processing of the data.

Right to Data Portability

You can request that we provide you with your data that you have provided to us in a structured, commonly used, and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• We process this data based on consent given by you and revocable, or for the performance of a contract between us, and
• This processing is carried out by automated means.

If technically feasible, you can request that we transmit your data directly to another controller.

Right to Lodge a Complaint

If you believe that we are violating German or European data protection law when processing your data, please contact us to clarify any issues. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.


20. Changes to This Statement

Should there be any updates to the terms of TUZZI's online privacy policy, we will provide these changes with the corresponding information. 

21. Contacting Us or Our Data Protection Officer

All interested parties and customers of Held Fashion Retail GmbH can reach us at the address:

Held Fashion Retail GmbH
Hans-Hofmann-Str. 11
95213 Münchberg

Phone: +49 (0) 9251 447 0
Fax: +49 (0) 9251 447 355
Email: info@tuzzi.de

Should you have any questions or suggestions regarding the protection of your data, please contact our Data Protection Officer directly: 

Juergen C. Beer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
https://www.projekt29.de

Phone: 0049-941-2986930
Email: datenschutz@tuzzi.de

By using our websites, you agree to this privacy policy.

Privacy Policy in accordance with § 13 TMG
Version No. 2.1 dated 14 July 2025

Print this page

Filter