Data Protection Information - Smartfit Integration

Overview

This page provides technical and data protection information for merchants, integration partners, and data protection officers who integrate SmartFit into an online shop.

It serves as B2B documentation for the technical integration of the service and complements the respective privacy information of the shop.

This documentation is primarily intended for:

technical integration partners
product managers
data protection officers on the merchant side

This page is not an end-user privacy notice.

Roles and Responsibilities

Controller

The respective online shop acts as the controller for the integration and use of SmartFit within its shop environment. The shop is responsible in particular for:

the legal assessment of the integration
its end-user privacy information
the configuration of any consent management system

Data Processing on Behalf

SmartFit (Radlabor GmbH) processes personal data as a data processor pursuant to Art. 28 GDPR on behalf of the respective shop, unless explicitly stated otherwise.

Technical Storage Mechanisms

SmartFit does not use traditional cookies for advertising, marketing, or cross-site tracking. For the operation of the service, the following browser-side storage mechanisms may be used.

Session Storage

Session Storage is used to store temporary technical session information during an active browser tab session.

Purpose:

maintaining the current widget state
synchronizing interactions during usage

Storage duration:
Session Storage is automatically cleared when the browser tab is closed or reloaded.

Local Storage

SmartFit may store a pseudonymous session identifier in the browser’s Local Storage. This session identifier is only created after a user actively starts a SmartFit function.

The Local Storage contains only the following information:

a pseudonymous SmartFit session ID

The following information is not stored in the browser:

body measurements
leasing or financing data
marketing or tracking identifiers

Purpose of the Session Identifier

The session identifier is used to:

technically associate repeated SmartFit interactions on the same device
prevent unnecessary duplicate sessions
maintain continuity of a SmartFit interaction initiated by the user

Depending on the specific implementation, the session identifier may also allow previously processed SmartFit inputs or results to be reassociated with the same SmartFit session when the service is used again on the same device.

This may allow, for example:

continuing an interrupted SmartFit interaction
pre-filling previously entered inputs

The session identifier automatically expires after 30 days of inactivity.

Categories of Processed Data

Depending on the SmartFit feature used, the following categories of data may be processed.

Technical Data

IP address (where technically required)
browser and device information
session identifiers and technical configuration data
shop, product, or feature identifiers

Functional User Inputs

body measurements entered by the user
product-related information used to generate size recommendations
leasing or calculation parameters where applicable

Such inputs may be processed server-side on behalf of the shop as part of the service.

They are not stored in the browser’s Local Storage, unless explicitly described for a specific implementation.

Purpose of Processing

Data processing is carried out exclusively for the following purposes:

technical provision of the SmartFit service
execution of the function requested by the user (e.g. size recommendation)
application stability and synchronization
error analysis and misuse prevention
reconnecting a previously initiated SmartFit interaction
avoiding unnecessary duplicate sessions
contractual documentation and billing towards the merchant

SmartFit does not use data for:

advertising
marketing profiling
cross-site tracking
cross-shop user profiles.

Legal Framework

Where personal data is processed through SmartFit, this generally takes place within the framework of data processing on behalf pursuant to Art. 28 GDPR on behalf of the respective shop.

The legal basis for the collection and use of data with respect to the end user is determined by the respective shop.

Storage on the User’s Device (§ 25 TDDDG)

The storage of information on a user’s device or access to such information must be assessed separately under Section 25 TDDDG.

From a technical perspective, the storage described above serves the provision and continuity of a SmartFit function actively requested by the user.

In particular:

only a pseudonymous session identifier is stored in the browser
the identifier is created only after active use of the service
the storage is not used for advertising, tracking, or profiling purposes

Where the session identifier also enables the continuation or restoration of a previously initiated SmartFit interaction on the same device, this is considered a functional extension of the same user-initiated interaction.

The final legal classification within the shop environment, including any configuration of a consent management system, remains the responsibility of the respective shop as controller.

Storage Location and Retention

Processing generally takes place within the European Union or the European Economic Area.

Retention periods:

Session Storage
→ until the browser tab is closed or reloaded

Local Storage
→ automatic expiration after 30 days of inactivity

Server-side data
→ retained only as long as necessary for

technical operation
security purposes
documentation
billing

Data Subject Rights

Since the respective online shop acts as the controller, requests from data subjects should generally be addressed to the shop.

SmartFit supports the shop in fulfilling its obligations within the scope of data processing agreements.

FAQ

Is SmartFit a tracking technology?

No.

The storage mechanisms described above are not used for advertising, cross-site tracking, or cross-shop user profiling.

Can the session identifier enable a convenience feature?

Yes.

Depending on the implementation, the pseudonymous session identifier may allow a previously initiated SmartFit interaction on the same device to be recognized and resumed.

This may allow, for example:

continuing an interrupted interaction
pre-filling previously entered inputs.

However, only the session identifier itself is stored in the browser, not the user inputs.

This depends on the legal assessment of the respective shop and its consent management setup.

From a technical perspective, the storage described above supports the provision of a user-requested SmartFit function and is not used for advertising or analytics purposes.

Some merchants may nevertheless decide to include such mechanisms in their consent management systems as part of their compliance or risk management approach.

Legal Notice

This information does not constitute legal advice.

Merchants should consult their own legal or data protection advisors for a binding legal assessment.

Overview​

Roles and Responsibilities​

Controller​

Data Processing on Behalf​

Technical Storage Mechanisms​

Session Storage​

Local Storage​

Purpose of the Session Identifier​

Categories of Processed Data​

Technical Data​

Functional User Inputs​

Purpose of Processing​

Legal Framework​

GDPR​

Storage on the User’s Device (§ 25 TDDDG)​

Storage Location and Retention​

Data Subject Rights​

FAQ​

Is SmartFit a tracking technology?​

Can the session identifier enable a convenience feature?​

Does the merchant need to include SmartFit in the consent manager?​

Legal Notice​