Data Privacy Information


We have published the following notice to give you an understanding of how TOM TAILOR collects information from you; who we share your information with, for what purpose and on what basis.

The controller responsible for your personal data under applicable data protection law is


Garstedter Weg 14

22453 Hamburg



What are the legal Grounds?

If we obtain your consent for the processing of personal data, it will be done on the basis of Art. 6 (1)(a) EU General Data Protection Regulation (GDPR). 

Art. 6 (1)(b) GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which you are a party. This also applies to processing operations that are necessary for the implementation of pre-contractual activities.

For processing that personal data which is necessary to fulfil a legal obligation to which TOM TAILOR Holding SE is subject, Art. 6 (1)(c) GDPR is applied.

If the processing of personal data is necessary to safeguard the legitimate interests of TOM TAILOR Holding SE, it is legally based on Art. 6 (1)(f) GDPR.


Data erasure / storage duration

Your personal data will be deleted when the purpose of storage no longer applies. In addition, your personal data may be stored if provided for by European or national legislation in Union regulations, laws or other provisions to which TOM TAILOR Holding SE is subject. The data will also be deleted if a storage period prescribed by the aforementioned standards expires.


Creation of Log files

Each time you access the Internet pages of TOM TAILOR Holding SE, temporary information transmitted by your browser is automatically stored. In the log file records  the browser type/version, operating system used, name and URL of the retrieved file, reference URL (the previously visited page), host name of the accessing computer (IP address) and date and time of the server request. This data is not merged with other data sources. The storage and processing of this data is solely for system security and optimization of the Internet.



The website of TOM TAILOR Holding SE offers the facility to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties.  Data such as your name, address, e-mail address, date of birth and telephone number are collected as part of the registration process. Registration is required for the provision of certain content and services on the website. The processing of this data is based on your consent. Consent is obtained within the framework of registration with reference to the underlying data protection declaration. In the event of revocation of the declaration of consent, the data will be deleted.

Registration is regulated by Art. 6 (1)(1a) GDPR.



If you submit your application via our website or E-mail address, we will process the personal data and the documents you provide us exclusively for the purpose of examining your application and carrying out the application procedure.

Applications in Germany are processed for the purpose of deciding on the establishment of an employment relationship in accordance with the Federal Data Protection Act (§ 26 Paragraph 1 Sentence 1 BDSG).

Applications in Austria are processed for the implementation of pre-contractual measures according to the Basic Data Protection Regulation (Art. 6 para. 1 sentence 1 lit. b) DSGVO). The Austrian Tom Tailor Retail GmbH (Bahnhofstraße 53, 6300 Wörgl, ) is responsible for this data processing.

Without your consent, your application will not be stored beyond the application process or forwarded to third parties.

To handle the application process, we will use companies of the TOM TAILOR Group for internal administrative purposes or service providers. With such external service providers we have concluded an processing agreement in accordance with Article 28 of the DSGVO.



We also use cookies for data collection and storage.  Cookies are data packages that your browser stores in your end device at our request.  They do not cause any damage there. They do not contain any executable code and therefore no viruses and do not allow us to spy on you. There are two types of cookies: temporary, or session cookies, and persistent cookies.

Session cookies are automatically deleted when you close your browser. They store a session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The use of session cookies is necessary so that we can make the website available to you. The legal basis for the processing of your personal data using session cookies is Art. 6 (1)(f) GDPR.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. The cookies enable us to track your usage behaviour for the reasons mentioned above and to a reasonable extent. They are also intended to enable easier surfing of our website.   In addition, we use persistent cookies for direct marketing purposes on the Internet, for example in order to be able to offer you personalised advertising or to evaluate the success of our advertising campaigns. The use of persistent cookies is based on our legitimate interest in online direct marketing, web analysis and the improvement of our online presence. The legal basis for data processing is Art. 6 (1)(f) GDPR.

You can set your internet browser so that our cookies cannot be stored on your end device or delete cookies that have already been stored. If you do not accept cookies, this can lead to restrictions in the way the internet pages function.

When we have a legitimate interest, we also accept cookies from third parties.  In this case, the corresponding data packages are stored by third parties in your browser or transmitted to them. You can also generally prevent the use of third-party cookies by setting your browser accordingly.

The following third-party cookies are used:

For web analysis and to improve our online presence:

  • Google Analytics
  • etracker
  • Facebook
  • Google Tagmanager
  • Youtube
  • Vimeo



The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. Here, cookies are used which enable the statistical analysis of the use of this website by its visitors as well as the display of usage-relevant content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated with etracker is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to strict German and European data protection laws and standards.In this regard, etracker was checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data is processed on the legal basis of Art. 6 Section 1 lit f (legitimate interest) of the EU General Data Protection Regulation (GDPR).Our legitimate interest is the optimization of our online offer and our website. As the privacy of our visitors is very important to us, etracker anonymizes the IP address as early as possible and converts login or device IDs into a unique key with which, however,no connection to any specific person can be made with. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time provided it is related to your person. Your objection has no detrimental consequences for you.

Further information on data protection with etracker can be found here.


Data transfer to a third country

When using the Internet, data transmission to a third country, particularly the USA, is unavoidable. Services provided by Google, Facebook, Criteo, their partners and New Relic are the most notably affected, but there are others.  When selecting our partners, we make sure that the regulations of the Privacy Shield Agreement are respected.



Our sites contain plugins to the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304. These Plugins can be recognised on our site by the Facebook logo or the ‘Like button’.  An overview of Facebook plugins can be found at: http://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server.  Facebook is informed that you have visited our site from your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you will become a fan of our corporate presence at www.facebook.com/tomtailor. This allows Facebook to match visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Facebook.  Further information on this can be found in Facebooks privacy policy at http://dede.facebook.com/policy.php

If you do not wish Facebook to be notified of your visit to our website you should log out of your Facebook account. 


Integration of Social Networks

Integration of Social Networks

You are welcome to recommend our website on social networks and as such we have implemented a "two-click solution" so that personal data is not transferred to social networks when you use the website.  Data is only transferred to the social networks facebook (Facebook Inc. USA), twitter (Twitter Inc., USA), Google+ (Google LLC, USA), Instagram (Facebook Ireland Ltd.), LinkedIn (LinkedIn Ireland Unlimited Company) and XING (XING SE, Germany) if you click on the button in the "Recommend" section.  With a second click you can recommend the website.

By activating the plugins, the social network receives information that a user with a certain IP address is currently browsing this website. If the user is logged in to the social network at the same time, the visit can be attributed to the user's account.  Data collection is linked to the use of cookies stored in your browser by the respective provider. The legal basis for the integration of social networks is your consent according to Art. 6 (1)(a) GDPR. You can withdraw your consent at any time by deactivating the plugins.  We also recommend that you delete all cookies via the security settings of your browser.  Withdrawing consent only applies to future data and not to data processed prior to the withdrawal of consent.

Google LLC , Twitter Inc. and Facebook Inc. have committed to the EU-US Privacy Shield:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active (Google),

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (Facebook),

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active (Twitter)

For further information on the collection, processing and use of your personal data in social networks, as well as the relevant rights and setting options for privacy protection, please refer to the relevant providers.


Rights of the Data Subject

If your personal data is processed, you are the person concerned within the scope of the GDPR and you are entitled to the rights described below.

Information: You have the right at any time to receive free information from us as well as confirmation of the personal data stored about you and a copy of this data.

Correction: You have the right to have your personal data corrected and/or completed if it is incorrect or incomplete.

Limitation of processing: You have the right to request that the processing be limited if one of the following conditions is met:

  • The accuracy of the personal data is disputed by you, and for a period of time that allows us to verify the accuracy of the personal data.
  • The processing is unlawful, you decline to delete the personal data and instead demand the restriction on the use of the personal data.
  • We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
  • You have lodged an objection against the processing pursuant to Art. 21(1) GDPR and it is not yet clear whether our legitimate reasons outweigh yours.

Erasure: You have the right to have your personal data deleted immediately if one of the following reasons applies and if processing is not necessary:

  • The personal data has been collected or processed for purposes which are no longer necessary.
  • You withdraw the consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  • The personal data has been processed unlawfully.
  • The deletion of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

Data Portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, conventional and machine-readable format.  In addition, you have the right to transfer this data to another responsible person without any impediment on our part. In exercising this right, you also have the right to request that personal data relating to you be transferred directly by us to another responsible person, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

Objection: You have the right to object at any time to the processing of personal data concerning you which "only" takes place on the basis of legitimate interests of us or third parties (Art. 6 (1)(f) GDPR). In the event of objection, we will no longer process the personal data unless we can demonstrate compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Withdrawal of Consent: You have the right to withdraw your declaration of consent under data protection law at any time.  Withdrawing consent only applies to future data and not to data processed prior to the withdrawal of consent.

In order to exercise your rights, please contact the aforementioned person responsible, who are responsible for the implementation of your rights. However, you can also contact the data protection officer, especially if your request requires a higher level of confidentiality.

You can contact the data protection officer of the entire TOM TAILOR Group by post at the following address: TOM TAILOR Holding SE, Data Protection Officer, Garstedter Weg 14, 22453 Hamburg or by e-mail at datenschutz@tom-tailor.com.


Right of Appeal to a Supervisory Authority

Notwithstanding any other administrative or judicial recourse, you have the right to complain to a supervisory authority in the Member State where you live, work or where the suspected breach of privacy has taken place, if you consider that the processing of your personal data is in breach of the GDPR.

The data protection supervisory authority responsible for us is:

Freie und Hansestadt Hamburg

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Prof. Dr. Johannes Caspar

Klosterwall 6 (Block C), 20095 Hamburg

Tel.: 040 / 428 54 - 4040

Fax: 040 / 428 54 - 4000