Privacy Policy

Version 4.5, Effective Date: August 26, 2025

Introduction

At Vollcom Digital GmbH, protecting your personal data is a priority. This Privacy Policy provides a comprehensive overview of how we collect, process, and safeguard your information when you visit our website. Personal data includes any information that can be used to identify you personally. We handle your data confidentially and in strict compliance with statutory data protection regulations, including the General Data Protection Regulation (GDPR).

This document explains what data we collect, why we collect it, and your rights regarding the collection and use of your data. Please note that data transmission over the internet, such as via email, can be vulnerable to security risks. While we take extensive measures to protect your data, complete protection from third-party access cannot be guaranteed.

1. Data Controller and Data Protection Officer

Responsible Party (Data Controller)

The entity responsible for data processing on this website is:

Vollcom Digital GmbH
Oskar-von-Miller-Ring 20, c/o WeWork
80333 Munich, Germany
Telephone: +49 (0) 89 125 034 06
Email: privacy@vollcom-digital.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Protection Officer

We have appointed a data protection officer to oversee our data protection strategy and ensure compliance. You can contact them directly with any privacy-related questions.

Vollcom Digital GmbH
Oskar-von-Miller-Ring 20, c/o WeWork
80333 Munich, Germany
Telephone: +49 (0) 89 125 034 06
Email: privacy@vollcom-digital.com

2. Your Data Protection Rights

Under the GDPR, you have several rights concerning your personal data. We are committed to upholding these rights and have established processes to help you exercise them.

  • Right to Information (Article 15 GDPR): You have the right to request free information about your personal data that we have stored, including its origin, recipients, and the purpose of its processing.
  • Right to Rectification (Article 16 GDPR): You have the right to request the correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17 GDPR): You have the right to request the deletion of your personal data, provided there are no legal grounds (such as tax or commercial law retention periods) that require us to continue storing it.
  • Right to Restriction of Processing (Article 18 GDPR): You can request that we restrict the processing of your data under certain conditions, such as while the accuracy of your data is being verified.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive the data you have provided to us in a structured, standard, and machine-readable format, or to request its transfer to another controller where technically feasible.
  • Right to Withdraw Consent (Article 7(3) GDPR): If our data processing is based on your consent, you can withdraw that consent at any time for future processing. The legality of processing conducted before the withdrawal remains unaffected.
  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal data based on our legitimate interests (Art. 6(1)(f) GDPR). This includes objecting to direct marketing. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to Complain (Article 77 GDPR): You have the right to complain with a supervisory authority if you believe our processing of your data violates the GDPR.

To exercise any of these rights, please contact us at any time using the details provided above.

3. Data Collection on Our Website

We collect your data in two primary ways: data you provide to us directly and data collected automatically by our IT systems.

A. Data You Provide

This includes information you actively share with us, for example, by filling out a contact form, sending an email, or communicating with our chatbot. This data is processed to handle your specific inquiry.

B. Data Collected Automatically

When you visit our website, our systems automatically collect certain technical data. This includes:

  • Browser type and version
  • Operating system
  • Referrer URL (the page you came from)
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This information is stored in server log files and is essential for the technically error-free presentation and security of our website.

Purposes and Legal Bases for Data Processing

  • Contractual Obligations (Art. 6(1)(b) GDPR): We process your data to fulfill a contract or to take steps before entering into a contract (e.g., responding to an inquiry).
  • Legitimate Interests (Art. 6(1)(f) GDPR): We process data to ensure the functionality and security of our website, analyze user behavior to optimize our services, and manage customer communications effectively.
  • Consent (Art. 6(1)(a) GDPR): Where required, we process your data based on your explicit consent (e.g., for certain cookies or marketing communications). You can withdraw this consent at any time.
  • Legal Compliance (Art. 6(1)(c) GDPR): We may process your data to comply with legal obligations.

Data Storage Duration

We store your personal data only for as long as necessary to fulfill the purpose for which it was collected. After this purpose is fulfilled, your data will be deleted, unless legal retention periods (e.g., under tax or commercial law) require us to store it longer.

4. Hosting, Security, and Content Delivery

A. External Hosting

Our website is hosted by Kinsta Inc. (8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA). The personal data collected on this website is stored on Kinsta’s servers. This includes IP addresses, contact requests, communication data, names, and other data generated through the site.

We use external hosting to ensure the secure, fast, and efficient delivery of our online services. Our legal basis for this is our legitimate interest (Art. 6(1)(f) GDPR) and the fulfillment of our contract with customers (Art. 6(1)(b) GDPR). We have concluded a Data Processing Agreement (DPA) with Kinsta to ensure your data is processed only on our instructions and in compliance with the GDPR.

B. Content Delivery Network (CDN)

We use Cloudflare (Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA) to improve the security and performance of our website. Cloudflare acts as a filter between our servers and internet traffic, analyzing data to prevent malicious activity. This is based on our legitimate interest in providing an error-free and secure website (Art. 6(1)(f) GDPR). We have a DPA with Cloudflare to ensure compliant data processing.

C. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries or payment data, this site uses SSL or TLS encryption. An encrypted connection is indicated by “https://” in the browser’s address bar and a lock symbol. This ensures that the data you transmit to us cannot be read by third parties.

5. Cookies and Consent Management

A. Cookies

Our website uses cookies, which are small data packages stored on your device.

  • Session cookies are deleted automatically after your visit.
  • Permanent cookies remain on your device until you delete them or they expire.

Cookies are used for various functions. Necessary cookies are technically required for website functions like the shopping cart. Other cookies are used to analyze user behavior or display advertising.

The storage of necessary cookies is based on our legitimate interest (Art. 6(1)(f) GDPR). For all other cookies and similar technologies, we request your consent (Art. 6(1)(a) GDPR & § 25(1) TTDSG), which you can withdraw at any time. You can also configure your browser to manage cookie settings. Disabling cookies may limit the functionality of this website.

B. CookieYes Consent Banner

We use CookieYes (CookieYes Limited, Ground Floor, 71 Lower Baggot Street, Dublin 2, Ireland) to obtain and document your consent for the use of cookies and other technologies. This service stores a cookie in your browser to assign the consent given or its revocation. The use of CookieYes is necessary to comply with legal requirements (Art. 6(1)(c) GDPR).

6. Third-Party Tools and Services

We use various third-party tools for analysis, advertising, and functionality. We only use these services with your explicit consent where required by law.

A. Analytics and Advertising

  • Google Analytics & Google Tag Manager: We use these tools from Google Ireland Limited to analyze website traffic and manage website tags. Data collected may include page views, user location, and demographic data. This is based on your consent (Art. 6(1)(a) GDPR).
    Opt-out: You can prevent data collection by installing the Google Analytics opt-out browser add-on.
  • Google Ads & Conversion Tracking: We use Google Ads to display advertisements. Conversion tracking helps us measure the effectiveness of our campaigns. This is based on your consent (Art. 6(1)(a) GDPR).
    Opt-out: You can manage your ad settings and opt out of personalized ads in your Google Ads Settings.
  • Microsoft Clarity: This tool from Microsoft Corporation helps us understand how users interact with our site through heatmaps and session recordings. This is based on our legitimate interest in improving user experience (Art. 6(1)(f) GDPR).
    Opt-out: You can learn more and manage your choices in the Microsoft Privacy Dashboard.
  • Facebook Pixel, Conversion API, and Custom Audiences: We use these tools from Meta Platforms Ireland Limited to measure ad effectiveness, create targeted audiences, and track conversions. This processing is based on your consent (Art. 6(1)(a) GDPR). We are jointly responsible with Meta for the data collection and transfer.
    Opt-out: You can control ad preferences and opt out via your Facebook Ad Preferences and, for users without a Facebook account, via the European Interactive Digital Advertising Alliance (EDAA). Additional information can be found in Meta’s Privacy Policy.
  • LinkedIn Insight Tag & Conversion API: These tools from LinkedIn Ireland Unlimited Company are used for conversion tracking and ad optimization. This is based on your consent (Art. 6(1)(a) GDPR). We are jointly responsible with LinkedIn for this data processing.
    Opt-out: You can manage your advertising preferences in your LinkedIn Settings or via your LinkedIn Account Ad Settings. Non-members can opt out using the EDAA Opt-Out Platform.

B. Customer Relationship Management (CRM) & Communication

  • Zoho One / Zoho CRM: We use Zoho Corporation’s platform to manage customer and contact data efficiently. This allows us to analyze interactions and communicate with prospects. The legal basis is our legitimate interest in effective customer management (Art. 6(1)(f) GDPR) or your consent, where applicable.
    Opt-out: You can manage communications and opt out via links provided in Zoho emails or visit Zoho’s Privacy Policy for more information and instructions.
  • Chatbots: We use chatbots to communicate with you. The chatbot processes your input and other metadata to provide suitable answers. The legal basis is contract fulfillment (Art. 6(1)(b) GDPR) or our legitimate interest in effective communication (Art. 6(1)(f) GDPR).
    Opt-out: You may end a chatbot conversation or request data deletion by contacting us directly at privacy@vollcom-digital.com.
  • n8n: We use n8n GmbH for internal workflow automation. This tool processes data from forms or triggers to execute automated tasks, based on our legitimate interest in efficient operations (Art. 6(1)(f) GDPR).
    Opt-out: If you wish to have your workflow or form data deleted, please contact us at privacy@vollcom-digital.com.

C. Social Media Integrations

Our website integrates functions from platforms like Instagram, Facebook, LinkedIn, Twitter, YouTube, Threads, and Medium. When you interact with these elements, a direct connection is established with the respective platform’s servers, and data about your visit is transmitted. If you are logged into your account on that platform, your interaction may be linked to your profile. The use of these integrations is based on our legitimate interest in increasing our visibility (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR). We are jointly responsible with these platforms for the collection and transfer of data.

D. Plugins and Fonts

  • YouTube & Vimeo: We embed videos from these platforms to enhance our content. We use YouTube’s extended data protection mode and Vimeo’s “Do-Not-Track” setting to minimize data collection. The legal basis is our legitimate interest in an appealing presentation of our content (Art. 6(1)(f) GDPR).
  • Google Fonts & Font Awesome: We use these services for a uniform and appealing display of text and icons on our website, based on our legitimate interest (Art. 6(1)(f) GDPR). Your browser connects to their servers to load the required fonts, which involves transmitting your IP address.

7. Data Transfers to Third Countries

We use tools from companies based in the USA or other countries outside the European Union (EU). When these tools are active, your personal data may be transferred to and processed in these countries. We must inform you that these countries may not have a level of data protection comparable to that of the EU. For instance, U.S. authorities may be able to access personal data without you, the data subject, having effective legal recourse.

We ensure that such transfers are conducted with appropriate safeguards, primarily through the use of EU Standard Contractual Clauses (SCCs), to protect your data.

8. eCommerce and Payment Providers

A. Customer and Contract Data

We collect and process customer and contract data to establish and manage our contractual relationships. This is necessary for the performance of a contract (Art. 6(1)(b) GDPR). This data is deleted after the termination of the business relationship, subject to legal retention periods.

B. Payment Services

We integrate third-party payment services, such as PayPal, to process transactions. When you make a purchase, your payment data (e.g., name, credit card number) is processed by the payment service provider. The use of these services is based on contract fulfillment (Art. 6(1)(b) GDPR) and our legitimate interest in providing a secure and convenient payment process (Art. 6(1)(f) GDPR).

9. Newsletter and Postal Advertising

A. Newsletter

If you subscribe to our newsletter, we require your email address and confirmation that you agree to receive it. We use this data exclusively for sending the requested information. You can unsubscribe at any time by clicking the unsubscribe link provided in each newsletter or by visiting our Newsletter Opt-Out page.

B. Postal Advertising

We may use your address for sending postal advertising, based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR). You can object to this use of your data at any time. To opt out of postal advertising, please visit our Postal Advertising Opt-Out page.

10. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time to ensure it complies with current legal requirements or to reflect changes in our services. The most current version will always be available on our website.