Data protection
Is the data (e.g. IP address, if applicable) genuinely anonymized, i.e. no further reference to a person is possible, or only pseudonymized (i.e. reference to a person is only possible with the help of further information)?
As a matter of principle, we do not store IP addresses. Therefore, we also have no personal reference to the end customer (visitors to the website).
At what point data is stored? Already when you surf to the webshop or a product subpage?
As soon as a visitor lands on a page where the button is implemented an entry to the local storage is (automatically) generated. At this point, only the login token is stored in local storage, which contains a session ID.
When a user opens the sizing widget, default values for gender, body height and ride style preference is stored in the local storage.
When the user changed his gender, height, arm length, inseam and ride style preference these updated values will be stored in the local storage. Furthermore, it is saved whether the client has changed the default values or not.
Is this a session cookie?
No. It is the Local Storage.
[Main reason: When a user clicks on a recommended wheel in our Recommendation Engine results list, this new wheel is typically opened in a new tab. So that the user doesn't have to re-enter the identical data into our sizing widget in the new tab, we take the values from the local storage here. If we were to store the data in the Session Storage, this would not be possible].
The local storage contains an ID that can be assigned to the respective user?
Yes, we store a session ID in the login token (which is stored in the local storage), which is logged on the server. Using the session ID we can identify recurring users so they do not have to re-enter their basic information when using the application again.
What data is transferred via the cookie? Under the link is only "gender, height, arm and leg length"? What about the session ID and IP address etc.?
We actually only store the 5 data fields mentioned and the session ID, no IP address.
What does the "renewal" of the "token" after four hours mean? Does it mean that recognition is no longer possible after four hours because the cookie "expires"?
Yes, the local storage is simply deleted after 30 days of inactivity. If a user clicks through our widget again after 30 days of inactivity, all data must be entered again and the new data is saved including a new session ID.
Do I need cookie consent from the user
Since this is a technically necessary cookie and neither personal data nor data for marketing purposes are collected, it is not necessary to obtain the customer's consent.