Data Protection Information
Corporate Websites (“about.puma.com”)
This Data Protection Information provides information on the processing of your personal data whenever you visit websites of PUMA SE (hereinafter “PUMA”, “we” or “us”) under the domain “about.puma.com” in accordance with the EU General Data Protection Regulation (hereinafter “GDPR”).
1. Scope, data controller, data protection officer and definitions
1.1 Scope of this Data Protection Information
This Data Protection Information applies to the use of the websites of PUMA SE under the do-main “about.puma.com”. Data processing on websites of other companies within the PUMA Group are not covered by this Data Protection Information.
1.2 The Controller for the processing of your personal data
Unless otherwise specified in this Data Protection Information, the Controller for the processing of your personal data is:
PUMA Way 1
1.3 Contact details of the Data Protection Officer
Please send any questions concerning data protection to:
Data Protection Officer
PUMA Way 1
This Data Protection Information is based on the following terms under data protection law, which we have defined to facilitate understanding.
- GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Recipient means a natural person or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; Examples of possible recipients: IT services providers or adverting partners; for more information please refer to Section 4)
- PUMA Group means all enterprises that are affiliated with PUMA SE pursuant to Section 15 Aktiengesetz [German Stock Corporation Act].
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data: Name, contact details, IP addresses.
- Controller means the natural person or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the data processing activities described in this Data Protection Information, the Controller is PUMA SE (Section 1.2.).
- Processing means any operation or set of operations which is on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Purposes and legal bases of our processing of your personal data
2.1 Processing of your data when you visit our websites
If you visit our websites in order to find out about our brand without actively transferring information to us (purely for informational purposes), we process your personal data for the following purposes and by virtue of the following legal bases:
2.1.1 IT Security
We process your personal data that are technically necessary to allow us to provide our websites to you and to guarantee stability and security when you visit our websites. This includes the following personal data:
- IP address
- type and version of browser
- operating system and platform
- the complete Uniform Resource Locator (URL)
This data processing is necessary for the purpose of our legitimate interest to guarantee IT security (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).
2.1.2 Google Analytics
This data processing is necessary for the purpose of our legitimate interest to carry out analyses in order to improve our website and our products (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).
Google Analytics Opt-out:
You can prevent the processing of your usage data (including your IP address) by Google Analytics generally, by downloading and installing the browser add-on available at the following link:
In addition, you can also prevent Google Analytics from collecting your usage data on our websites by clicking on the following link:
In this case a persistent opt-out cookie is set, that prevents your data from being recorded in the future when you visit our websites. Please note that if you delete this cookie (e.g. by deleting all cookies on your browser) you will have to reset this opt-out cookie if you still want to prevent Google Analytics on our websites.
In your browser settings you can restrict or completely prevent the storage of (certain types of) cookies and delete cookies that have already been stored there. For more detailed information, please refer to the instructions or help function of your browser.
In principle, our websites can still be visited and used even after cookies have been restricted in the browser settings. Please note, however, that such restrictions can lead to limited functionalities of our website.
2.2 Careers / Job application
If you want to apply to a job advertisement in the “Careers” section you will forwarded to our job application platform. For further information on the processing of job applicants’ personal data please refer to the respective Data Protection Statement published under this link:
3. Retention and erasure of your personal data
The personal data we process for security purposes according to Sec. 2.1.1 will be deleted after 7 business days. (Personal) data collected in connection with Google Analytics according to Sec. 2.1.2 will be deleted after 14 months).
4. Transfer of personal data and the categories of recipients
Your personal data may be transferred / disclosed to the following categories of recipients:
- IT Service providers who prepare the platforms, databases and tools for our products and services (e.g. our website, the sale of goods, the dispatch of newsletters and informative emails), issue analyses on user habits on our websites, carry out marketing campaigns, and process your personal data during the purchasing process on our behalf.
- In connection with the use of Google Analytics, including tags and cookies, your personal data may be transferred to the USA. In the case of the USA, the EU Commission has not decided that there is a suitable level of data protection within the meaning of the GDPR; such an adequacy decision (Art. 45 GDPR) has not been taken. Google LLC is, however, subject to the EU-U.S. Privacy Shield. This means that adequate protection of your personal data is guaranteed. You can retrieve the full text of the US Privacy Shield Framework at the following link:
- In the case of legal disputes, we transfer your data to the competent court and, if you have engaged a lawyer, to the latter, in order to conduct the legal dispute. This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR) and/or for the purpose of our legitimate interest in the establishment and exercise of legal claims (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR).
- In addition to this, we only transfer your personal data if we are legally obliged to forward such data (e.g. to the police authorities within the scope of criminal investigations or to the data protection supervisory authorities). This transfer of personal data is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).
5. Right to object to data processing based on legitimate interests
If we process your personal data according to Section 2 of this Data Protection Information on the basis of our legitimate interests (Legal basis: Art. 6 (1) sentence 1, lit. f GDPR), you can – without prejudice to, if applicable, specific unsubscribe / opt-out possibilities provided in Section 2 – object to the respective data processings at any time on grounds relating to your particular situation by sending your request to email@example.com. We will then no longer process your data for this / these purpose(s) unless our legitimate interests in processing overweights or the processing serves to establish, exercise or defend legal claims.
If you object to the processing of your data, we will process any collected personal data in this context in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).
6. Your other data protection rights
In accordance with the GDPR, you may demand at any time that we:
- provide you with information on your personal data that we process (Art. 15 GDPR),
- rectify any of your personal data (Art. 16 GDPR),
- erase (Art. 17 GDPR), restrict (Art. 18 GDPR) and/or export (Art. 20 GDPR) any of your personal data stored on our systems.
Please send your request by email to firstname.lastname@example.org.
If you exercise these rights against us, we will process your personal data in order to respond to your request. This data processing is necessary for compliance with a legal obligation (Legal basis: Art. 6 (1) sentence 1, lit. c GDPR).
Irrespective of your above mentioned rights, you can lodge a complaint with a data protection supervisory authority, if you are of the opinion that the processing of your personal data by PUMA violates the GDPR (Art. 77 GDPR).
7. Changes to this Data Protection Information
The provisions of this Data Protection Information shall apply in the version in force at the time our websites are visited.
We reserve the right to supplement and modify the content of this Data Protection Information. The updated Data Protection Information applies from the time, in which it was published on our websites.
We will inform you promptly of these additions and modifications on our websites and, if we already have your contact information on file, will inform you via email or by post. You have the opportunity to inspect, print out and store the modified Data Protection Information at any time.