Last Revised: May 2022
On AG, Foerrlibuckstrasse 190, 8005 Zurich, a Swiss Corporation (“Aktiengesellschaft”) or the respective On group company, which according to the respective data protection laws applicable to you is responsible for the processing of your personal information (hereinafter referred to as „On“ or „we/us„) is committed to responsibly handling your personal information. This privacy notice explains how we collect, use, disclose, retain, and protect your personal information, and certain rights you may have relating to such use (the „Privacy Notice„). If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please feel free to reach out to our Data Privacy Officer using the details set forth at the end of this Privacy Notice. We reserve the right to change or modify any of the terms and conditions contained in this Privacy Notice, at any time and at our sole discretion. To the extent permitted by law, any changes or modification will be effective immediately upon posting of the revisions on our website(s) without further notice.
What types of Personal Information we collect
Personal information is data that can be used to identify you or that we can otherwise link to you (the „Personal Information„). In particular, we collect certain Personal Information that you voluntarily provide to us, for example when you communicate with us via email or other channels, when you sign up for or ask us to send you newsletters or other materials or when you sign up for an event. The Personal Information we collect includes, but is not limited to, your name, e-mail address and language preference.
How we use your Personal Information
We use your Personal Information to offer you our products and provide you with and improve our services as well as for communication purposes, including sending you newsletters, invitations to events, promotions, and to maintain our list of contacts.
You may also elect to receive text messages from us (for example, about promotional offers), by signing up for this service on our website. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging (such as cart abandon messages). To offer this service, we collect and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages.
Our basis for using your Personal Information
When processing your Personal Information for the purposes described herein, we rely on your consent to this Privacy Notice, our legitimate interests in maintaining business relationships and communicating with you and/or our performance of any contract or another ground for lawful processing of your Personal Information under the applicable laws and regulations.
How we might share your Personal Information
We may disclose your Personal Information to the following parties for the following purposes:
On group companies, which may use it to:
- • provide joint content and services (e.g., customer support);
- • help detect, investigate, mitigate and prevent potentially fraudulent and illegal acts or violations of our contracts and data security breaches;
- • provide you personalized advertising;
- • improve products, sites, applications, services, tools and marketing communications; and
- • send you marketing communications if you have consented to receive such communications or if otherwise permitted by the law.
Service providers as follows:
- • third-party service providers, which assist us in providing customized advertising, assist us with the prevention, detection, mitigation, and investigation of potentially illegal acts, violations of our contracts, fraud and/or security breaches;
- • third-party providers of websites, applications, services and tools that we cooperate with so that they advertise our products on their websites or in their applications, services and tools. If we transfer Personal Information to third-party providers, this will be solely on the basis of an agreement limiting the use by the third-party provider of such Personal Information to processing necessary to fulfil their contract with us and obligating the third-party provider to take security measures with regard to such data. Third-party providers are not permitted to sell, lease or in any other way transfer the Personal Information included in your listings to third parties.
Law enforcement, legal proceedings and as authorized by law:
- • to comply with our legal requirements, enforce our contracts, respond to claims that a listing or other content violates the rights of others, or protect anyone’s rights, property or safety;
- • to law enforcement or governmental agencies, or authorized third-parties, in response to a verified request or legal process. We will only disclose information we deem relevant to the investigation or inquiry, such as name, city, state, postcode, telephone number, email address, user ID history, IP address, fraud complaints, bidding and listing history;
- • to third parties involved in a legal proceeding, if they provide us with a subpoena, court order or substantially similar legal basis, or we otherwise believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity; and
We may also disclose your Personal Information to provide information, on a need to know basis, to future purchasers or merger partners of all or a portion of On or any of our group companies.
How long we keep your Personal Information
We store your Personal Information only for as long as necessary for the purposes described above. How long we retain Personal Information can vary significantly based on context of the services we provide and on our legal obligations. The following factors typically influence retention periods:
- • How long is the Personal Information needed to provide our services? This includes such things as maintaining and improving the performance of our products and keeping our systems secure. This is the general rule that establishes the baseline for most of our data retention periods.
- • Is the Personal Information sensitive? If so, a shortened retention time is generally appropriate.
- • Have you provided consent for a longer retention period? If so, we will retain data in accordance with your consent.
- • Are we subject to a legal, contractual, or similar obligation to retain your Personal Information? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or Personal Information retained for the purposes of litigation.
After it is no longer necessary for us to retain your Personal Information, we will dispose of it in a secure manner according to our data retention and deletion policies.
We may scan messages automatically and check for spam, viruses, phishing and other malicious activity, illegal or prohibited content or violations of this Privacy Notice or any other applicable policies.
Subscription: You may register for our newsletter on the website by providing us with your e-mail address. The newsletter will keep you updated on our products, surveys, offers, and other promotional materials on a regular basis.
When registering for our newsletter, you give us your consent to receive the newsletter on a regular basis and that we collect and store the following information: your e-mail address as well as your language and country preferences used when registering for the newsletter. We use this information only for the purpose of sending you our newsletters.
Unsubscribe: If you wish to unsubscribe from our newsletter, you can do so at any time by clicking on the “unsubscribe” link at the bottom of any newsletter that you receive. If you decide not to receive our newsletters, we may still send you service related communications.
Newsletter tracking: The newsletters contain so-called “web beacons”, which are retrieved from an external server when the email is opened. This call will initially collect technical information, such as details about your browser and operating system, as well as your IP address and the time of retrieval. In addition, based on your e-mail address, we can track whether and when you opened a newsletter and which links were clicked. The analysis of this information helps us to identify the reading habits of our users and to adapt our content to you or to send out different content based on the interests of our users.
Third Party Social Media Platforms
We are also present on various social media platforms such as Facebook, Instagram or Twitter. On these On Social Media Pages, we publish and share various content with regards to our newest products, product recommendations or other marketing material („On Social Media Pages„).
You can always choose to communicate or interact with us directly via our On Social Media Pages. In this case, we collect all information you provide to us directly, e.g. when you post or like something on our On Social Media Pages or when you send us a direct message. In addition, we might access all information that is publicly available on your profile.
How we protect your Personal Information
We restrict the use and access to your Personal Information to those who have an absolute need-to-know to provide you with our services or access to our website and/or to communicate with you. We maintain appropriate technical, physical and organisational measures to help protect your Personal Information from unauthorised access, disclosure, modification, loss or destruction in accordance with applicable data protection and security laws.
When transferring Personal Information to countries not providing an adequate level of data protection, we use appropriate measures (such as the standard contractual clauses approved by the European Commission, which may be read here) to ensure a sufficient level of protection of your Personal Information. As with all online mediums, the storage and transmission of electronic information is unfortunately not always completely secure. Although we strive to protect your personal information, we cannot guarantee the security of information stored on our or our vendors’ servers or transmitted via email or through our website; you transmit personal information to us at your own risk.
Your Choices and Rights
We welcome your inquiries and comments. You have the right to know what Personal Information we process about you and may request a copy. You are also entitled to have incorrect or incomplete Personal Information about you corrected or completed and you may ask us to delete your Personal Information. You can also object to certain Personal Information about you being processed and request that processing be limited. Please note that the limitation or deletion of your Personal Information may mean that we will be unable to provide the services and information described above. You also have the right to receive your Personal Information in a machine-readable format and have the information transferred to another party responsible for data processing.
You also have the right to contact the data protection supervisory authority in your country of residence.
Third Party Privacy Practices
This Privacy Notice addresses only our use and handling of Personal Information, which we collect from you in connection with providing you our services. If you disclose your Personal Information to a third party, or visit a third party website via a link from our services, their privacy notices and practices will apply to any Personal Information you provide to them or they collect from you.
We cannot guarantee the privacy or security of your Personal Information once you provide it to a third party and we encourage you to evaluate the privacy and security policies of your trading partner before entering into a transaction and choosing to share your Personal Information. This is true even where the third parties to whom you disclose Personal Information are bidders, buyers or sellers on our site.
Cookies are small text files that are downloaded to your device by visiting our website or opening our marketing related emails. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e., how long it will remain on your device) and a value, which is usually a randomly generated unique number. Cookies (including third-party cookies such as tracking technologies provided by Google Analytics) are in particular used to ensure and improve the functionality of the website or for general marketing purposes by providing information on interaction of unique browser-device pairs with the website (such as number of sessions, pageviews, clicks and ecommerce interactions and time spent), statistical information on interaction with the website (including referrals thereto, popularity of certain content, accessing users‘ categories, markets, regions, languages, demographics, browser and device types and similar information), or statistical information on interaction with our marketing emails (such as if they have been opened or forwarded or links have been clicked on). Cookies are also used to provide you with personalized advertising on third party websites and/or apps for your specific interests.
Third-party service providers such as Google, Rockerbox, Wunderkind, Dynamic Yield may track your use of our website, combine this information with information from other websites you have visited (and which they also track) and use such combined information for their own purposes. If you have registered with the respective service providers, they may be able to identify you. In these instances, their processing of your Personal Information will be governed by their privacy policies.
Additional Information for Individuals Whose Personal Data is Subject to the GDPR or the UK GDPR
Residents of the European Economic Area (“EEA”) and the United Kingdom (“UK” and such residents of either, “EEA/UK Residents”) have certain rights with respect to their personal data pursuant to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or the UK General Data Protection Regulation (i.e., the GDPR as implemented into UK law, the “UK GDPR”), as applicable and as further described in this section. If you are an EEA/UK Resident and do not agree with our use of your personal data as set forth in this Privacy Notice, you should not submit your personal data to us. However, if you do not submit certain personal data to us, or if you exercise your rights to prevent us from using such personal data, you should be aware that we may not be able to do business with you.
For the purposes of applicable data privacy legislation, On is a “controller” of EEA/UK Residents’ personal data. We transfer, use, store and/or otherwise process your personal data outside of the EEA or the UK, primarily in the U.S., and the laws of the U.S. and certain other destination countries may not offer the same standard of protection for personal data as countries within the EEA or UK. EEA/UK Residents’ personal data also may be processed by staff operating outside the EEA or UK who work for us or for one of our vendors (for example, those who supply support services to us).
In cases of cross-border transfers to countries outside of the EEA or UK, as applicable, if your personal data will be processed in a country with laws that may not be equivalent to, or as protective as, the laws of your home country, we will take appropriate steps, in accordance with applicable laws, to require or maintain an adequate level of protection and security for your personal data. For additional information regarding such steps, please contact us using the details set forth at the end of this Privacy Notice.
We do not expect to process “sensitive” or “special” categories of personal data under the GDPR or UK GDPR. “Special” or “sensitive” categories of personal data include, among other things, data concerning your health, revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or concerning your sexual orientation. However, if we were to process such personal data, we would do so only where we have asked for your explicit consent, or otherwise where this is necessary for the establishment, exercise or defense of legal claims, or as otherwise may be permitted under applicable laws.
Under certain circumstances, by law you have the right to:
- • request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully;
- • request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected;
- • object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You may also have the right to object where we are processing your personal data for direct marketing purposes;
- • request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no good reason for us continuing to process it. You also have the
- right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see above);
- • request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and/or
- • request the transfer of your personal data to another party in a machine-readable, commonly used and structured format.
If you want to exercise any of these rights then please contact us using the details set forth at the end of this Privacy Notice. The various rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you wish to withdraw your consent or object to processing, it might still be that we use your personal data for other lawful purposes, such as fulfilment of a legal or contractual requirement.
We will respond to your request within one month of receipt of your request. In some cases, we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your business relationship with us.
You will not have to pay a fee to access your personal data (or to exercise any of the other above-listed rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.
To access your personal data (or to exercise any of the other above-listed rights), we may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other above-listed rights). This is another appropriate security measure designed to ensure that personal data is not disclosed to any person who has no right to receive it.
If you wish to request further information about any of the above-listed rights, or if you are unhappy with how we have handled your personal data, please contact us using the details set forth at the end of this Privacy Notice. If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with the GDPR, UK GDPR or other applicable data privacy legislation, you can make a complaint to the supervisory authority in your country.
Direct Communications: Privacy Notice for US Customers
For customers residing in the USA:
Further to On’s rights as outlined in the Privacy Notice, On reserves the right to send you marketing communications by direct mail. In addition, we might share, sell or exchange your personal information with other marketers for their own marketing or commercial purposes or we might
receive your personal information from other marketers for our own marketing or commercial purposes.
As a part of our commitment to your privacy, On supports and adheres to the guidelines and practices adopted by the Direct Marketing Association’s „Privacy Promise to American Consumers.“ We have agreed to (1) provide customers with notice of their ability to opt out of information rental, sale, or exchange with other marketers; (2) honor customers‘ requests not to share their contact information with other marketers; and (3) honor customers‘ requests not to receive mail, telephone, or other solicitations from On.
You have privacy rights for the information we process about you. You can choose to opt-out of third party sharing or selling and object to our use of your Personal Information for online behavioral marketing and advertising purposes, delete your personal information, or access your personal information. To do so contact us using the details set forth at the end of this Privacy Notice.
Additional Information for Individuals Whose Personal Information is Subject to the CCPA
Residents of the state of California have certain rights with respect to their personal information pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) as further described in this section. For the purposes of this section, “personal information” has the meaning given to such term in the CCPA. Please note that the rights under the CCPA do not apply to (i) On personnel or job applicants seeking opportunities at On or (ii) personnel working on behalf of business partners with whom we are conducting business.
Under certain circumstances, under the CCPA you may have the right to:
- • request that we disclose, free of charge, the categories and specific pieces of personal information we collect about you (and, if applicable, sell or otherwise disclose to a third party and the categories of such third parties), the sources from which such personal information was collected, and the business purpose for collecting, selling or disclosing such personal information;
- • choose to opt out of the sale of your personal information;
- • request that we delete the personal information we have collected about you.
For the purposes of the CCPA, “selling” information broadly means scenarios where we have shared personal information with partners in exchange for valuable consideration. We do not sell your personal information.
We will not discriminate against any California resident who exercises the rights set forth in this section.
You have the right to appoint an authorized agent to exercise these rights on your behalf. If you want to exercise any of these rights, or have your authorized agent exercise any of these rights on your behalf, then please contact us using the details set forth at the end of this Privacy Notice. To exercise any of these rights, we may need to request specific information from you or your authorized agent to help us confirm your identity and ensure your right to exercise these rights.
These rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you are currently an investor in one of our funds and you request that we delete the personal information we have collected about you, the CCPA permits us to deny such request and retain your
personal information to the extent necessary to manage the applicable fund and our business relationship with you in connection with that fund.
For consumers with disabilities who need to access this Privacy Notice in an alternative format, please contact us using the details set forth at the end of this Privacy Notice.
Should you have any questions or concerns relating to this Privacy Notice or the processing of Personal Information we hold about you, please contact us:
By post: On AG, DPO, Pfingstweidstrasse 106, 8005 Zurich, Switzerland
By email: DPO@on-running.com