Joint Controller Information pursuant to Art. 26 GDPR
The following outlines the key contents of the joint controller agreement between Woow Club GmbH and its partners concerning the processing of personal data in connection with the use of the Stella AI Tool.
Joint Controllership
Woow Club GmbH, Kaiserdamm 87, 14057 Berlin, and its partners are considered joint controllers under Art. 26 GDPR when they jointly determine the purposes and means of processing personal data within the context of Stella AI.
This joint responsibility applies to all processing activities related to Stella AI when the tool is embedded on a partner’s website or accessed via QR code in-store.
Purpose of Data Processing
The purpose of processing personal data in Stella AI is to analyze user preferences and provide a personalized shopping experience through tailored product recommendations from the partner’s catalog.
User data is submitted via a website operated by Woow Club GmbH or directly within the Stella AI Tool embedded on a partner’s website. This data is stored in Woow Club’s systems and made available to the respective partner.
Scope of the Agreement
Woow Club GmbH and its partners have entered into a joint controller agreement under Art. 26 GDPR. This agreement governs:
Responsibilities regarding data subject rights (Art. 15–22 GDPR)
Information obligations (Art. 13 and 14 GDPR)
Principles of cooperation and data protection management
The key provisions are summarized below.
Roles and Responsibilities
Each party has appointed a Data Protection Coordinator to manage internal data protection matters. Both parties regularly coordinate and inform each other of any developments that may affect joint processing.
Despite the internal allocation of responsibilities, both parties remain jointly accountable toward data subjects.
Data Subjects and Data Categories
Data Subjects: Website visitors, users, interested individuals
Data Categories:
Names, contact details, address data
Identifiers
Physical characteristics
Lifestyle and consumption data
Image data
Allocation of Responsibilities
Woow Club GmbH is responsible for:
Data Collection: via its own forms or embedded Stella Tool; providing information in accordance with Art. 13, 14 and 26(2) GDPR
Data Storage: within its own systems
Data Processing: analyzing data to personalize the user’s shopping experience
The Partner is responsible for:
Data Collection: via embedded tools or QR code; providing information in accordance with Art. 13, 14 and 26(2) GDPR
Data Storage: within its CRM system
Data Processing: using data to personalize its product offerings
Joint responsibility applies to:
Defining processing purposes and data categories
Exercising data subject rights (Art. 15–21 GDPR)
Documenting technical and organizational measures (Art. 32 GDPR)
Risk assessment and communication with authorities
Selecting and supervising processors (Art. 28 GDPR)
Maintaining records of processing activities (Art. 30 GDPR)
Handling data breaches (Art. 33 and 34 GDPR)
GDPR Compliance Obligations
Transparency Obligations:
Both parties ensure data protection notices required under Art. 12–14 and 26(2) GDPR are clearly aligned and made available to data subjects.
Data Breaches:
The Data Protection Coordinator of Woow Club GmbH handles the investigation and coordination of incidents related to joint processing. In the event of a breach:
Both parties take immediate measures to secure data and mitigate harm
Data Protection Coordinators are notified immediately
Further Commitments:
Each party ensures within its area of responsibility that:
Only data necessary for the process is collected
Staff are trained and bound to confidentiality (Art. 28(3), 29, and 32 GDPR)
Technical and organizational measures are implemented and kept up to date (Art. 32 GDPR)
Processing is documented (Art. 30 GDPR)
Accountability obligations are fulfilled (Art. 5(2) GDPR)
Central Point of Contact
The primary contact for matters related to joint processing is:
Sandro Spieß
Woow Club GmbH
Phone: +49 151 2307 3434
Email: sandro@askstella.ai
Notwithstanding this arrangement, data subjects may exercise their rights under Art. 26(3) GDPR with either controller. Both parties will cooperate to ensure timely and appropriate responses.