CUSTOMER LOGIN
BOOK A DEMO

    Joint Controller Information

Joint Controller Information pursuant to Art. 26 GDPR

The following outlines the key contents of the joint controller agreement between Woow Club GmbH and its partners concerning the processing of personal data in connection with the use of the Stella AI Tool.

Joint Controllership

Woow Club GmbH, Kaiserdamm 87, 14057 Berlin, and its partners are considered joint controllers under Art. 26 of the General Data Protection Regulation (GDPR), as they jointly determine the purposes and means of processing personal data through the Stella AI tool.

This joint controllership applies to all data processing activities related to the use of the Stella AI Tool when it is embedded on a partner’s website or accessed via QR code in physical retail environments. It covers both the analysis tool (e.g., color or skincare analysis) and the Stella Assist chat feature.

Purpose of Data Processing

The purpose of data processing is to analyze user characteristics and preferences to enable a personalized shopping experience and product recommendations. Users receive individual product suggestions from the partner brand – either through a guided analysis funnel (e.g., color type or skincare quiz) or via the Stella Assist chat.

Data is entered either on a Woow Club GmbH-hosted page or directly within the embedded Stella AI Tool on the partner’s website. The data is stored in systems operated by Woow Club GmbH and made available to the partner.

Scope of the Agreement

Woow Club GmbH and its partners have entered into a joint controller agreement under Art. 26 GDPR. This agreement governs:

  • Responsibilities regarding data subject rights (Art. 15–22 GDPR)

  • Information obligations (Art. 13 and 14 GDPR)

  • Principles of cooperation and data protection management

The key provisions are summarized below.

Roles and Responsibilities

Each party has appointed a Data Protection Coordinator to manage internal data protection matters. Both parties regularly coordinate and inform each other of any developments that may affect joint processing.

Despite the internal allocation of responsibilities, both parties remain jointly accountable toward data subjects.

Data Subjects and Data Categories

Data subjects: Website visitors, users, and interested individuals

Personal data categories: Depending on whether the analysis funnel or chat feature is used, the following personal data may be processed:

  • Name and email address (if entered voluntarily)

  • Physical characteristics such as hair color, eye color, and skin tone

  • Uploaded images (selfies used to analyze color type)

  • Analysis results (e.g., color type, matching product suggestions)

  • Skin condition and skincare needs

  • Age

  • Skincare preferences

  • Free-text entries within the chat (e.g., product preferences, questions, goals)

  • Behavioral data within the tool (e.g., clicks or engagement patterns)

Note: Chat interactions are stored only in anonymized form, and no connection to a specific individual is possible. Anonymized data may be used to improve the quality of Stella Assist responses within the context of the respective partner’s brand.

Allocation of Responsibilities

Woow Club GmbH is responsible for:

  • Data Collection: via its own forms or embedded Stella Tool; providing information in accordance with Art. 13, 14 and 26(2) GDPR

  • Data Storage: within its own systems

  • Data Processing: analyzing data to personalize the user’s shopping experience

The Partner is responsible for:

  • Data Collection: via embedded tools or QR code; providing information in accordance with Art. 13, 14 and 26(2) GDPR

  • Data Storage: within its CRM system

  • Data Processing: using data to personalize its product offerings

Joint responsibility applies to:

  • Defining processing purposes and data categories

  • Exercising data subject rights (Art. 15–21 GDPR)

  • Documenting technical and organizational measures (Art. 32 GDPR)

  • Risk assessment and communication with authorities

  • Selecting and supervising processors (Art. 28 GDPR)

  • Maintaining records of processing activities (Art. 30 GDPR)

  • Handling data breaches (Art. 33 and 34 GDPR)

GDPR Compliance Obligations

Transparency Obligations:
Both parties ensure data protection notices required under Art. 12–14 and 26(2) GDPR are clearly aligned and made available to data subjects.

Data Breaches:
The Data Protection Coordinator of Woow Club GmbH handles the investigation and coordination of incidents related to joint processing. In the event of a breach:

  • Both parties take immediate measures to secure data and mitigate harm

  • Data Protection Coordinators are notified immediately

Further Commitments:
Each party ensures within its area of responsibility that:

  • Only data necessary for the process is collected

  • Staff are trained and bound to confidentiality (Art. 28(3), 29, and 32 GDPR)

  • Technical and organizational measures are implemented and kept up to date (Art. 32 GDPR)

  • Processing is documented (Art. 30 GDPR)

  • Accountability obligations are fulfilled (Art. 5(2) GDPR)

Central Point of Contact

The primary contact for matters related to joint processing is:

Sandro Spieß
Woow Club GmbH
Phone: +49 151 2307 3434
Email: sandro@askstella.ai

Notwithstanding this arrangement, data subjects may exercise their rights under Art. 26(3) GDPR with either controller. Both parties will cooperate to ensure timely and appropriate responses.