Privacy policy

1. Introduction

With the following information, we would like to give you, as the “data subject”, an overview of how we process your personal data and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to use special services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “Dressler Bekleidungswerke Brinkmann GmbH & Co. KG”. With this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller responsible for processing, we have implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, such as by telephone or post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to give you some tips for handling your data securely:

• Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
• Only you should have access to your passwords.
• Use each password for one account only (do not reuse it elsewhere).
• Do not use the same password across different websites, apps or online services.
• Especially on public or shared devices: always log out after each session.

Passwords should be at least 12 characters long and not easily guessable. Avoid everyday words or your (family) names; use a mix of upper- and lower-case letters, numbers and special characters.

2. Responsible

The controller within the meaning of the GDPR is:

Dressler Bekleidungswerke Brinkmann GmbH & Co. KG
Stockstädter Str. 43, 63762 Großostheim, Germany

Representatives of the controller: Wolfgang Brinkmann, Klaus Brinkmann, Thomas Jaeger

3. Data Protection Officer

You can reach the Data Protection Officer as follows:

Thomas Otten
Email: t.otten@audatis.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

The privacy policy is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we explain some key terms below.

We use the following terms in this privacy policy, among others:

4.1 Personal data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

4.2 Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

4.3 Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or any other form of provision, alignment or combination, restriction, erasure or destruction.

4.4 Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

4.5 Profiling

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

4.6 Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.

4.7 Processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

4.8 Recipient

A recipient is a natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

4.9 Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4.10 Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis for processing

Art. 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG) serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party (e.g. delivery of goods or provision of services), the processing is based on Art. 6(1)(b) GDPR. The same applies to pre-contractual measures (e.g. enquiries about our products or services).

If our company is subject to a legal obligation that requires the processing of personal data (e.g. tax obligations), the processing is based on Art. 6(1)(c) GDPR.

In rare cases, processing may be necessary to protect vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR), e.g. in emergencies.

Finally, processing operations may be based on Art. 6(1)(f) GDPR if necessary for the purposes of our legitimate interests or those of a third party, provided your interests or fundamental rights and freedoms do not override those interests (see Recital 47 sentence 2 GDPR).

Our offer is generally aimed at adults. Persons under 16 years of age may not transmit personal data to us without the consent of their parents or legal guardians. We do not knowingly request personal data from children or young people, do not collect it, and do not pass it on to third parties.

6. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

1. you have given your express consent in accordance with Art. 6(1)(a) GDPR,
2. the transfer is permissible under Art. 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
3. there is a legal obligation for the disclosure pursuant to Art. 6(1)(c) GDPR, or
4. it is legally permissible and necessary under Art. 6(1)(b) GDPR for the processing of contractual relationships with you.

In the context of the processing operations described in this privacy policy, personal data may be transferred to the USA. An adequate level of data protection exists if the recipient is certified under the EU–US Data Privacy Framework (adequacy decision under Art. 45 GDPR). Otherwise, we use the EU Standard Contractual Clauses; where not sufficient, your consent under Art. 49(1)(a) GDPR may serve as a legal basis.

7. Technology

7.1 SSL/TLS encryption

This site uses SSL/TLS encryption to ensure secure data processing and protect the transmission of confidential content such as orders, login data or contact enquiries. You can recognise an encrypted connection by “https://” in your browser’s address line and by the lock symbol. We use this technology to protect the data you transmit.

7.2 Data collection when visiting the website

When you use our website for information purposes only—i.e. no registration, no other transmission of information and no consent to consent-required processing—we only collect the data that is technically necessary to provide the service (“server log files”). This can include:

1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system arrives at our website (referrer),
4. the sub-pages accessed on our website,
5. date and time of access,
6. a shortened (anonymised) IP address, and
7. the internet service provider of the accessing system.

We do not draw conclusions about your identity from this data. The information is required to (1) deliver our website content correctly, (2) optimise our website and advertising, (3) ensure the permanent operability of our IT systems and website technology, and (4) provide law enforcement authorities with information necessary for prosecution in the event of a cyber attack. Data is analysed statistically to increase data protection and security; log files are stored separately from any personal data. Legal basis: Art. 6(1)(f) GDPR.

7.3 Encrypted payment transactions

If, after concluding a contract requiring payment, you are obliged to transfer your payment data (e.g. account number for direct debit), this data is required for payment processing. Payment transactions using common methods (e.g. Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL/TLS connection.

7.4 Cloudflare (Content Delivery Network)

Our website uses Cloudflare features (Cloudflare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA). Cloudflare operates a globally distributed CDN with DNS. Traffic can be analysed to detect and prevent attacks; cookies may be set. Legal basis: your consent (Art. 6(1)(a) GDPR) and our legitimate interest (Art. 6(1)(f) GDPR). Cloudflare is certified under the EU–US Data Privacy Framework. More information: https://www.cloudflare.com/privacypolicy/.

7.5 Hosting by Host Europe

We host our website with Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany. Personal data (e.g. IP addresses in log files) is processed on Host Europe’s servers. Legal basis: Art. 6(1)(f) GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place. Details: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

8. Cookies

8.1 General information about cookies

Cookies are small files that your browser automatically creates and stores on your device when you visit our website. They serve session recognition, user-friendliness and statistical evaluation. Storage duration depends on the consent tool’s settings.

8.2 Borlabs Cookie (consent management tool)

We use the WordPress plugin “Borlabs Cookie” (Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany) to obtain and manage consents. Logged data can include: cookie lifetime, version, domain/path, banner selection, UID. Consent status is stored in the browser for up to 12 months; consent records up to three years (regular limitation period, Sec. 195 BGB). Legal basis: Art. 7(1), Art. 6(1)(c) GDPR. Info: https://de.borlabs.io/borlabs-cookie/.

9. Contents of our website

9.1 Data processing when opening a customer account and for contract processing

Pursuant to Art. 6(1)(b) GDPR, we collect and process personal data for contract execution or when opening a customer account. After completion or account deletion, data is blocked considering statutory retention periods and then deleted, unless further use is permitted by consent or law.

9.2 Data processing for order handling

For contract performance, we pass data to the transport company handling delivery and payment data to the commissioned credit institution (Art. 6(1)(b) GDPR).

9.3 Contact / contact form

When contacting us (e.g. via form or email), we process the details provided solely to handle your request and for technical administration. Legal basis: Art. 6(1)(f) GDPR; if contract-related, additionally Art. 6(1)(b) GDPR. After completion, data is deleted unless statutory retention obligations apply.

9.4 Application management / job board

We process applicant data to handle the application process; in case of hiring, for the employment relationship. If not hired, data is deleted after six months unless legitimate interests (e.g. evidence under the German General Equal Treatment Act) oppose deletion. Legal basis: Art. 6(1)(b), Art. 88 GDPR in conjunction with Sec. 26(1) BDSG.

10. Newsletter dispatch

10.1 Newsletter dispatch to existing customers

If you provided your email address when purchasing goods/services, we may email offers for similar goods/services from our range (§ 7(3) UWG). Legal basis: Art. 6(1)(f) GDPR. You may object at any time.

10.2 Advertising newsletter

Subscription requires a valid email and registration (double opt-in). We store the IP address and date/time of registration for verification. Unsubscribe at any time. Legal basis: Art. 6(1)(a) GDPR.

10.3 CleverReach

We use CleverReach (CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany) for sending and analysing newsletters. Data is stored on servers in Germany/Ireland. Tracking of opens, clicks and conversions may occur. Legal basis: Art. 6(1)(a) GDPR. Unsubscribe/withdraw anytime. Privacy: https://www.cleverreach.com/de/datenschutz/.

11. Our activities in social networks

We operate pages on social networks to communicate with you and inform you about our services. We are (joint) controllers with the respective providers within the meaning of Art. 26 GDPR for processing triggered by visits to our pages. Processing may occur outside the EU/EEA; enforcing your rights may be more difficult. Processing is based on our legitimate interests (Art. 6(1)(f) GDPR) and, where required by the platforms, on your consent (Art. 6(1)(a) GDPR).

11.1 Facebook

(Joint) controller: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Meta may process adult users’ content to train its own AI models under Art. 6(1)(f) GDPR; objection via Meta forms. Privacy: https://www.facebook.com/about/privacy

11.2 Instagram

(Joint) controller: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Notes as per Facebook. Privacy: https://instagram.com/legal/privacy/

11.3 YouTube

(Joint) controller: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy: https://policies.google.com/privacy

12. Web analytics

12.1 Meta Pixel (formerly Facebook Pixel)

With consent, we use Meta Pixel (Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA) for reach measurement and optimisation (e.g. page views, clicks, conversions). Default retention at Meta: up to 180 days without revisit. Legal basis: Art. 6(1)(a) GDPR. Meta is certified under the EU–US DPF.

12.2 Google Analytics 4 (GA4)

With consent, we use Google Analytics 4 (Google Ireland Limited). Pseudonymous usage profiles (cookies) may include short-term IP capture, location, browser/OS, referrer, time. Default retention: up to 14 months. Legal basis: Art. 6(1)(a) GDPR. Google LLC is certified under the EU–US DPF. Info: GA4 privacy.

12.3 Matomo

We operate Matomo (InnoCraft Ltd., New Zealand) on our server (self-hosted). Cookies may be set; e.g. IP address, time, location and frequency are recorded. No disclosure to third parties. Legal basis: Art. 6(1)(a) GDPR. Info: https://matomo.org/privacy/.

13. Partner and affiliate programs

13.1 DoubleClick

We use DoubleClick by Google for ad optimisation; cookies are used (e.g. to avoid duplicates and for conversion measurement). Legal basis: Art. 6(1)(a) GDPR. Google LLC is certified under the EU–US DPF. Privacy: https://www.google.com/intl/de/policies/.

14. Plugins and other services

14.1 Google Maps

We use Google Maps (Google Ireland Limited). When embedded, data (e.g. IP address) may be transferred to the USA; Google Web Fonts, Photos and Stats may also load. Legal basis: Art. 6(1)(a) GDPR. Google LLC is certified under the EU–US DPF. Terms: Google Terms, Maps: Maps Terms, Privacy: Privacy Policy.

14.2 Google Tag Manager

Used to manage website tags; it may trigger other tags but does not access data itself. Legal basis: Art. 6(1)(a) GDPR. Google LLC is certified under the EU–US DPF. Info: Google Privacy.

14.3 Google WebFonts

For uniform font display (Google Ireland Limited). Legal basis: Art. 6(1)(a) GDPR. Google LLC is certified under the EU–US DPF. Info: Fonts FAQ, Privacy.

14.4 Vimeo (videos)

Plugins by Vimeo, LLC, 555 West 18th Street, New York, NY 10011, USA. When embedded, data (including IP address) may be transferred to the USA; Vimeo is certified under the EU–US DPF. Vimeo’s Google Analytics tracking may be integrated (under Vimeo’s responsibility). Legal basis: Art. 6(1)(a) GDPR. Privacy: https://vimeo.com/privacy.

14.5 WooCommerce WordPress plugin

We use the WooCommerce plugin (Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA) to provide shop functions. WooCommerce sets e.g. cart cookies. Processing occurs on our web space. Legal basis: Art. 6(1)(f) GDPR (legitimate interests); non-essential cookies only with consent (Art. 6(1)(a) GDPR). Automattic is certified under the EU–US DPF. Info: WooCommerce Plugin.

15. Your rights as a data subject

15.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you is being processed.

15.2 Right of access (Art. 15 GDPR)

You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

15.3 Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you and the completion of incomplete data.

15.4 Erasure (Art. 17 GDPR)

You have the right to obtain the erasure of your personal data without undue delay where one of the legal grounds applies and insofar as processing/storage is not required.

15.5 Restriction of processing (Art. 18 GDPR)

You have the right to obtain restriction of processing where the legal requirements are met.

15.6 Data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller where the legal requirements are met.

15.7 Objection (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(e) or (f) GDPR, including profiling. If you object to processing for direct marketing, we will no longer process the data for these purposes.

15.8 Withdrawal of consent

You have the right to withdraw consent at any time with effect for the future.

15.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

16. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by legal provisions. If the purpose no longer applies or a prescribed period expires, the data will be blocked or deleted in accordance with statutory provisions.

17. Duration of storage of personal data

The criterion for the storage duration is the respective statutory retention period. After expiry, the data is deleted unless required for contract fulfilment or initiation.

18. Up-to-dateness and amendment of the privacy policy

This privacy policy is currently valid and was last updated in October 2025.

Due to the further development of our website and offers or changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. You can access and print out the current privacy policy at any time on the website at dressler1929.com/en/privacy-policy/.

This privacy policy was created with the support of the data protection software: audatis MANAGER.