Handling personal data
Both our head office and the Zalando data centers are situated in Germany. This means that we are subject to the strict rules imposed by the German Data Protection Act and the corresponding EU directives. We also abide by the requisite standards for the use, storage and processing of personal data. Our customers can view their personal details and their customer account at any time, so that they will always know what personal information we have in our possession. We pass personal data onto third parties, e.g. logistics service providers or banks, only if we are required to do so for billing purposes or to implement a contract, or if the customer has given us their permission to do so beforehand. Our service providers, in turn, may use the data passed on to them only in order to fulfil their task, and must also abide strictly to the specifications of applicable data protection law.
To counter the risk of a breach of data security, all of our customers' data is transmitted in encrypted form. This applies both to orders and customer logins. In this respect we use the SSL (Secure Socket Layer) coding system which is also used in online banking. The encryption process ensures that data cannot be viewed by outside parties; this means that data can be transmitted securely at any time and at any location. It also means that when public Wi-Fi networks are used our customers can purchase goods from Zalando without any misgivings.
In order to ensure that we are further protected against external attacks, we make use of special security technologies which constantly monitor our system and identify and indicate any suspicious features immediately. Whilst we cannot guarantee absolute protection, we do everything to minimize the risk of unauthorized access to our customers' data. This includes the proactive provision of information to our customers. For example, on our shop page we provide answers to the most relevant questions on the subject of data security under the heading "Security". Where it is suspected that data has been misused, a team is available 24 hours a day and can be contacted at any time.
These cookies are used, in particular, to improve the purchasing experience as they are able to identify whether a user has already been on the site and if so what settings they prefer. We are able to use this information to display content that is specially adapted in line with the interests of our customers and thus avoid entries that have already been made having to be repeated on every subsequent visit.
The cookies used by Zalando do not store any personal data. When the cookie is activated it is assigned an identification number which is never linked to a specific person – this procedure is known as pseudonymization.
We offer our customers payment methods that are popular in online trading, i.e. prepayment, credit card, PayPal or invoice. We pass on such data to our payment service providers only for data for which the handling of payments is required. In a small number of cases this would be purely numerical data, e.g. bank details and the corresponding identification information such as the customer's name. Service providers in the area of creditworthiness, reminders or collection generally require additional data such as the customer's address or order details.
Collaboration with our payment service providers is within the framework of the German Data Protection Act, thereby ensuring that statutory requirements are complied with. Moreover, we are PCI-DSS-certified and therefore abide by the very high standards of the credit card industry in order to protect personal data during credit card transactions.