Privacy policy

1 General information

1.1 The following privacy policy applies to the processing of personal data by Sequence Holding ApS (hereinafter "Sequence" or "we" or "us"), as the controller within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR).

1.2 The privacy policy informs you about the processing of your personal data in connection with the use of our website www.sequencesoles.com (hereinafter "website") and the services offered through it. In particular, it explains what data we collect and what we use it for. It also informs you how and for what purpose this is done.

1.3 Overall, personal data is information that relates to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes information such as name, address, telephone number and date of birth.

1.4 Insofar as this privacy policy has been translated into several languages, the German version shall prevail. 

2 Processing of personal data in the context of our website presence

In the following, we will first inform you about the processing of your personal data when you visit and use our website.

2.1 Automated data collection and processing by the browser

2.1.1 The server used by us automatically and temporarily collects information in the server log files that are transmitted by the browser, unless you have deactivated it:

(i) IP address of the requesting connection (for IPv4 addresses the last 16 bits are removed, for IPv6 addresses the last 32 bits);

(ii) IP address of the requesting computer;

(iii) Type of event; (iv) File request from the client;

(v) the http response code;

(vi) the website from which you visit us (referrer URL);

(vii) Date, time and duration of the server request;

(viii) Browser type and version;

(ix) Type of end device and operating system used by the requesting computer;

2.1.2 The storage of server log files is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the aforementioned purposes, we use server log files exclusively for the needs-based design and optimization of our website purely statistically and without drawing any conclusions about your person. The data mentioned in section 2.1.1, with the exception of the IP address, is also collected and processed by additional programs used for statistical analysis. No personal data is stored during the analysis. Anonymized user profiles are created from the collected data. Cookies or other tracking tools (see generally section 2.3) may be used for this purpose. The data collected via the statistics program cannot be used to personally identify the user of the website, as the data is not merged with personal data. The access data collected as part of the use of our website is only stored for the period for which this data is required to achieve the aforementioned purposes.

2.1.3 If you visit our website to find out about our range of products and services or to use them, the basis for the temporary storage and processing of server log files is Art. 6 para. 1 lit. b) GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, in the present case Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the temporary storage of technical access data and a statistical evaluation. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

2.2 Use of Shopify

2.2.1 Our website is hosted on a server of Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). We use Shopify's services to provide our website and to operate our online store.

2.2.2 When using Shopify, your personal data is processed as follows:

(i) When you visit our website, Shopify collects the data mentioned under section 2.1.1. Shopify also analyzes your customer behavior and creates user statistics (see section 2.3 for more information). Since we use Shopify in this context in order to display our website reliably and thus provide a professional website that meets the necessary requirements for security, speed and efficiency, we have a legitimate interest in using Shopify and Art. 6 para. 1 lit. f) GDPR serves as the legal basis in this respect. Something else applies if Shopify creates analyses and statistics and uses cookies for this purpose. In this context, we obtain your consent via our cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 sentence 1 of the Telecommunications Digital Services Data Protection Act (TDDDG). Your consent can be withdrawn at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal (see section 2.3 below on cookies used in general).

(ii) If one of our sales partners makes a purchase on our website on your behalf, Shopify also collects your name, email address, delivery and billing addresses, payment details and other data related to the purchase. In addition, we contact you with the help of Shopify, so that the use of Shopify in this context serves to initiate and fulfill the contract, Art. 6 para. 1 lit. b) GDPR. Insofar as additional health data (see section 3.1) is transmitted when a purchase is made via our website, we have obtained your consent for this, Art. 9 para. 2 lit. a) GDPR. Your consent can be withdrawn at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

2.2.3 As part of our use of Shopify, data may also be passed on to companies affiliated with Shopify and subcontractors. These may be companies based in Canada or the USA, for example (see www.shopify.com/de/legal/datenschutz#wohin-senden-wir-ihre-daten and section 2.5.3). 

2.2.4 Further information on the processing of your data using Shopify can be found in sections 2.3, 2.4.2, 2.4.3 and 2.4.4 as well as at https://www.shopify.com/de/legal/privacy/app-users and at https://www.shopify.com/de/legal/datenschutz . 

2.3 Cookies and tracking tools used on our website 

2.3.1 This website uses cookies and other tracking technologies. Cookies are small text files that contain an identification number. Cookies are stored on your computer, tablet or smartphone (from here on "end device") when you visit our website. If you visit our website again, your device can be recognized by this identification number.

2.3.2 The legal basis for data processing by the programs described in this section 2.3 is, unless otherwise stated, your consent in accordance with Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 sentence 1 TDDDG . When you visit our website for the first time, you will be asked whether you wish to give your consent for cookies that collect personal data to be set. You can choose to give your consent for all cookies(button "[Accept all cookies]"), reject them (button "[Reject all cookies]") or make user-defined settings under the button "[Individual settings]". There you can decide by deactivating or ticking a box whether you wish to give your consent for certain services, give your consent for certain categories of services or refuse to give your consent. Consent is voluntary and you can withdraw it at any time under "[Customize settings]" at the bottom of our website with effect for the future by deselecting a checkmark once it has been set. 

2.3.3 Cookies

2.3.3.1 Categories of cookies

Depending on the function and purpose of the data processing taking place, the cookies used on our website are divided by us into the following categories categories:

(i) Necessary

These cookies are necessary to provide you with website functions and to fulfill our legal obligations. The legal basis for the processing of your personal data is our legitimate interest (Art. 6 para. 1 lit. f) GDPR) to make our website usable for you and to fulfill our legal obligations (Art. 6 para. 1 lit. c) GDPR). 

(ii) Functional

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

(iii) Analytics

We use these cookies for statistical analysis purposes in order to statistically record the use of our website. Statistical cookies help us to improve our website and to offer you content that is of particular relevance to you. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 sentence 1 TDDDG, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the website itself.

(iiii) Performance

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

(iv) Advertisement

We use these cookies for advertising purposes, i.e., for example, to provide visitors with customized advertising based on the pages they have previously visited and to analyze the effectiveness of advertising campaigns. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 sentence 1 TDDDG, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the website itself. 

2.3.3.2 Storage duration of the cookies Session cookies (from here on "session cookies") are deleted after the browser is closed. We also use persistent ("permanent") cookies. Details on the storage period can be found in the following sections and in the cookie overview. 

2.3.3.3 Individual cookies 

2.4 Data collection and processing of voluntarily provided data 

2.4.1 Contact form or general contact 

2.4.1.1 If you send us inquiries via the contact form or via one of the contact options provided, your message/message, including the contact details you provide there, will be stored and processed by us for the purpose of processing and answering the inquiry and in the event of follow-up questions. We will not pass this data on to third parties unless this is necessary in the context of processing and responding to your contact request or you have given us your consent to do so.

2.4.1.2 If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 para. 1 lit. b) GDPR (legal basis), otherwise to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR for the purpose of responding appropriately to customer/contact inquiries.

2.4.1.3 The data you enter in the contact form will remain with us until the purpose for data storage/processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.

2.4.2 Newsletter

2.4.2.1 With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised services are named in the declaration of consent.

2.4.2.2 We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

2.4.2.3 Your e-mail address is mandatory for sending the newsletter. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we store the data you provide for the purpose of sending you the newsletter (legal basis is Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 sentence 1 TDDDG).

2.4.2.4 You can withdraw your consent to the sending of the newsletter at any time for the future and unsubscribe from the newsletter. You can declare your withdrawal by clicking on the link provided in every newsletter e-mail or by sending an e-mail to info@sequencesoles.com.

2.4.2.5 We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to the actions you take on our website.

2.4.2.6 You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

2.4.2.7 The newsletter is sent using the service provider Shopify. The services are used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Shopify may use the recipients' data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. to technically optimize the mailing and presentation of the newsletter or for statistical purposes. However, Shopify does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

2.4.3 Competitions

If we run competitions, we use your data (name, contact details) for the purpose of notifying you of the prize (Art. 6 para. 1 lit. b) GDPR) and advertising our offers by post (Art. 6 para. 1 lit. f) GDPR) or by e-mail with your consent (Art. 6 para. 1 lit. a) GDPR). Additional information can be found in the conditions of participation for the respective competition.

2.4.4 Direct advertising by e-mail

2.4.4.1 We also use your e-mail address, which we have received in connection with the booking of our services, for direct advertising by e-mail for our own services similar to those you have ordered. You will receive these emails regardless of whether you have subscribed to the newsletter. The legal basis for this is Section 7 para. 3 UWG.

2.4.4.2 You can object to these e-mails at any time without incurring any costs in addition to the transmission costs (e.g. postage), either by post to Sequence Holding ApS, Industrievj 5, 6261 Bredebro, Denmark or by e-mail to info@sequencesoles.com.

2.4.4.3 We evaluate your user behavior when sending direct advertising by email. We use Shopify services to send the emails (see www.shopify.com/de/legal/privacy/app-users for more information). Information on the evaluation of user behavior can be found in the section of this declaration on newsletters.

2.5 Disclosure to third parties

2.5.1 We pass on at least some of your data that we collect in accordance with the aforementioned paragraphs to processors. These process your data only on our instructions and not for their own purposes (Art. 28, 19 GDPR). These are companies that can be assigned to the following categories

(i) Technical service providers;

(ii) Companies that support us in providing our website, such as Shopify and companies and subcontractors affiliated with Shopify (see section 2.2);

(iii) payment processors who collect payment information (e.g. bank account, credit or debit card information, billing address) to process your payment, fulfill your orders and provide you with the products or services you have requested in order to perform our contract with you; and

(iv) Cooperation and sales partners who support us in the fulfillment and processing of contracts concluded with you.

2.5.2 In certain cases, we may share some of your data with other recipients. This may be the case if you have consented to this (Art. 6 para. 1 lit. a) GDPR), if we are legally obliged to do so (Art. 6 para. 1 lit. c) GDPR), or if this is necessary to safeguard legitimate interests (Art. 6 para. 1 lit. f) GDPR). These are the following recipients who receive data for the purposes listed below:

(i) Payment processing;

(ii) Marketing;

(iii) Website analysis;

(iv) Cloud computing;

(v) Other Group companies for the purpose of internal communication and to improve administrative processes;

(vi) Law enforcement authorities and courts (e.g. for the enforcement or defense of legal claims); and

(vii) External auditors, lawyers or tax consultants (e.g. for auditing).

2.5.3 If we transfer data to recipients in a third country (based outside the European Economic Area), you can find this in the information on the recipients/categories of recipients and the underlying legal basis in accordance with Art. 46 (2) GDPR as part of the description of the respective data processing. The European Commission certifies that some third countries have a data protection standard comparable to the level in the European Economic Area by means of so-called adequacy decisions. A list of these countries can be found at ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. For the USA, for example, there is an adequacy decision in the form of the EU-US Data Privacy Framework, according to which an adequate level of data protection is guaranteed if data is transferred to a certified service provider.

If there is no comparable data protection standard in a country, we ensure that data protection is adequately guaranteed by other measures. This is possible, for example, through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations, unless expressly stated otherwise in this privacy policy.

2.6 Social networks

2.6.1 You will find social plugins from the following social networks on our website: Facebook, Instagram, LinkedIn and YouTube.

2.6.2 By activating the social plugins, your browser establishes a direct connection with the servers of the social network provider. The content of the social plugin is transmitted directly to your browser by the provider. At the same time, certain data is transmitted from your browser to the provider. This happens regardless of whether you click on the social plugins or not. We have no influence on the scope of the data that the provider collects in this way. To the best of our current knowledge, this generally involves the following data:

(i) visited page on our website that contains the social plugin,

(ii) the general data transmitted by your browser (IP address, browser type and version, operating system, time),

(iii) for registered and logged-in users, the respective identification number of the social network. This applies accordingly to directly embedded YouTube videos.

3 Data processing in the context of a contractual relationship with us

Below we inform you about the processing of your personal data when you conclude a contract with us (e.g. for the purchase of individualized shoe insoles that are individually adapted to your needs (hereinafter "individualized shoe insoles") or shoe insoles that are not individually manufactured for you (hereinafter "generic shoe insoles")):

3.1 If you conclude a contract with us via the website (with the help of one of our sales partners as your representative), we process the data required for the conclusion, execution or termination of the contract with you. This includes

(i) First name, last name;

(ii) Billing and delivery address, if applicable; 

(iii) E-mail address;

(iv) Invoice and payment data;

(v) Date of birth;

(vi) Telephone number and

(vii) Health data, whereby this is so-called pedography data, which is collected as part of the analysis of your gait with the help of a so-called gait measuring plate (hereinafter "measurement data").

3.2 In total we process your personal data (including measurement data) as follows:

(i) Collection of your personal data (including measurement data) by one of our sales partners and the forwarding of this data to us. Insofar as you have given your consent to the collection and disclosure of this personal data, Art. 9 para. 2 lit. a) GDPR is the legal basis;

(ii) After the conclusion of the contract, we pseudonymize your data by separating your measurement data from the other personal data provided and forwarding only the measurement data and a unique identifier, which can only be assigned by us to your other personal data, to a cooperation partner, DIERS International GmbH, Dillenbergweg 4, 65388 Schlangenbad, Germany, for analysis. After the analysis, they will return the data to us together with the associated analysis. The legal basis for pseudonymization and forwarding is Art. 9 para. 2 lit. a) GDPR, i.e. the data processing takes place on the basis of your consent;

(iii) After your shoe insoles have been manufactured and delivered to you, we store your personal data (including measurement data) for two years from the conclusion of the contract so that we can process your future orders more easily. This storage only takes place if you have given us your consent in accordance with Art. 9 para. 2 lit. a) GDPR. The storage of your personal data due to legal requirements remains unaffected by this;

(iv) After processing the contract concluded with you, we will forward your personal data (including measurement data) to the University Hospital Erlangen, Department of Orthopaedics and Trauma Surgery, Krankenhausstraße 12, 91054 Erlangen. The data is passed on for research and development purposes in the field of biomechanics and the associated further development of artificial intelligence. The aim is to observe the change in biomechanics due to your use of individualized shoe insoles. The legal basis for this is Art. 9 para. 2 lit. a) GDPR.

3.3 Your personal data listed above, which is not measurement data, will also be transmitted to your chosen payment service provider when you order individualized shoe insoles and when you order generic shoe insoles in order to process the payment method granted by the payment service provider. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. Further information on the processing of your data can be found in the respective data protection notice of the payment service provider you have chosen.

3.4 Obligation to provide data If you do not provide us with the aforementioned data, we will not be able to fulfill the contract concluded with you.

4 Duration of storage

Unless otherwise stated, we initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage. This may also include the periods for the initiation of a contract (pre-contractual legal relationship) and the performance of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is required for the following purposes:

(i) Fulfillment of statutory retention obligations arising, for example, from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 (3), (4) AO). The retention and documentation periods specified there are up to ten years. 

(ii) Preservation of evidence, taking into account the statute of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

5 Corporate customers

In the case of corporate customers, we process personal data of contact persons that you as a corporate customer have provided to us as contact persons. The processing takes place, for example, for the establishment, processing and termination of the customer relationship.

We process this data as part of our legitimate interest in being able to establish, implement and terminate a service relationship with a corporate customer, to fulfill our contractual duties and obligations and to enforce our claims. This legitimate interest outweighs the interests of the data subject in processing data for this purpose (Art. 6 para. 1 lit. f) GDPR).

6 Profiling

We do not carry out automated decision-making or profiling in accordance with Art. 22 GDPR.

7 Contact details of the data protection officer

You can reach our data protection officer under: +45 31 75 73 11 8

Person responsible

The controller within the meaning of Art. 4 No. 7 GDPR is:

Sequence Holding ApS
Industrivej 5
6261 Bredebro
Denmark

Telephone number: +45 31 75 73 11

E-mail address: info@sequencesoles.com 

9 Your rights

9.1 You are entitled to the following rights as a data subject under the legal requirements:

(i) Right to information You can request information from us under the conditions of Art. 15 GDPR as to whether we process your data. If this is the case, you have the right to receive information about this data.

(ii) Right to rectification In the event that your data stored by us is incorrect or incomplete, you can request that this data be corrected and, if necessary, completed (Art. 16 GDPR).

(iii) Right to erasure or restriction of processing If the legal requirements are met, you can request the erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) of your data.

(iv) Right to data portability In the case of automatically processed data that we have received from you on the basis of your consent or a contract, you can assert the right to data portability (Art. 20 GDPR). We will then send you your data in a machine-readable format. If you wish and if this is technically possible, we will transfer this data to a third party. All of the aforementioned rights may be restricted or excluded by law in certain cases.

9.2 Withdrawal of consent

If you have given us your consent to process personal data for specific purposes, the lawfulness of the processing is based on your consent. Consent that has been granted can be withdrawn. You can send your withdrawal to: info@sequencesoles.com or Sequence Holding ApS, Industrivej 5, 6261 Bredebro, Denmark. Please note that your withdrawal will only be effective for the future. Processing that took place before the withdrawal is not affected.

9.3 Objection to processing on the basis of a legitimate interest

You have the right to object at any time to the processing of your data, which is based on a legitimate interest or in the public interest, if there are reasons for this arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. We also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time. We will observe this objection for the future. The objection can be made informally and should preferably be addressed to: info@sequencesoles.com.

9.4 Right to lodge a complaint with a supervisory authority

Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with the supervisory authority responsible for us or another competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link: www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html 

Other concerns:

For further data protection questions and concerns, please contact our data protection officer. Corresponding inquiries and the exercise of your aforementioned rights should, if possible, be sent in writing to our address given above or by e-mail to info@sequencesoles.com.