delivery
Last Updated: 13 January, 2023
We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link above to jump to that section.

Columbia Sportswear Company and its global affiliates ("Columbia" or "we") respect your right to privacy. When you purchase goods from us (through our website at https://www.columbiasportswear.fi or other local domains (“Website” or "Site") and offline), the controller of your personal data will be the local Columbia entity that sells the goods to you (as identified on your purchase receipt) or communicates with you. Columbia Sportswear Company and Columbia Sportswear International SARL are controllers of your personal data collected when you use our Website (other than when you purchase goods from us). Please refer to section 10 of this Notice for our contact details. This Privacy Notice explains how we collect, share and use your personal information, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information of our current and potential customers, that we collect through our online services and activities, including our website, at retail locations and at promotional events. This Notice will not apply where we display or link to a different privacy notice.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details under the “How to contact us” heading below.
1. Personal information we process
The personal information we collect either directly or indirectly from you will depend on how you interact with us and with the Site. We collect personal information about you from the following different sources:
  • Directly from you. We collect personal information directly from you when you voluntarily choose to provide us with this information online, in our stores and through your other interactions with us (such as data collected via social media and any surveys, competitions or other promotional programs in which you may participate). Certain parts of our Website may ask you to provide personal information: Account creation, purchase of goods, returns processing, product reviews, customer service information.
  • Indirectly. We collect personal information about you indirectly, including through automated means when you use our Site or in store (via CCTV cameras). Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained further in the Cookies and similar tracking technology section below.
  • Third parties. We also collect information about you from third-party sources, i.e. our service providers that provide operational assistance, email, marketing and analytics services, as well as financial and credit related services, payment services (e.g. Paypal and Apple Pay), and social media platforms. If you choose to register for a Site account via a social media account with Facebook or Google, we collect your email from your social media account to set up your account with us and to confirm whether you logged into to our Site using your social media account. We do not access your personal account settings on your social media account.


The table below describes the categories of personal information we collect from and about you through online services and activities on our Site and on social media, at our retail locations and at promotional events (we combine some of this information in our systems).

Personal data Description Source
Identity and Contact Data such as your name, email address and password, telephone number, delivery address. Directly from you (online or offline)
Third Parties
Automatic collection
Account Data, such as your your Login Information (email and password) and Profile Information (contact details including your name, surname, postcode, phone, optionally – your gender (includes 'prefer not to say' option), birth month and birth day, student status or other status relevant to your eligibility for discounts. Directly from you
Third parties
Transaction Data, such as truncated credit or debit card details, payment method, transaction statements, your billing address, your delivery address or the delivery address of the intended recipient of your order, payments and orders from you, and other details of products that you have purchased through the Site or in store. We do not collect nor store your full credit or debit card details (which are processed by payment service providers who are separate controllers of your data, please refer to your payment service provider’s privacy notice for further details on their data collection practices). Directly from you
Third parties
Automatic collection
Social media/External Account Data, such as social media handle and log in details where you choose to log in to your account using your Facebook or Google account or when you otherwise interact with us via your social media account or an external service application. Third parties
Automatic collection
Communications Data, such as your feedback on our products and services or the performance of our Site and other communications with us (including when you interact with our customer service agents offline), any queries you raise with us, competition and survey entries, email or call history, live chat. This will include information as to how you contact customer services and the channel of communication that you use or any information that you send to us (e.g. if you complain about the performance of our Site and send us screenshots). Directly from you
Third parties
Automatic collectiony
Marketing Data, such as your interests based on your use of our Site and other websites and inline services, your purchases, survey responses, promotions you enter, preferences in receiving marketing materials from us, communication preferences, your preferences for particular products or services. Directly from you
Third parties
Automatic collection
CCTV Data, collected in our stores to prevent theft and fraud and more generally to protect our property and assets, employees, customers, vendors, and visitors. Automatic collection
Device Data, collected using tags and pixels, including your IP address, your ISP, and the browser you use to visit our Site, device type, unique device identification numbers or other identifiers, advertising identifiers. Automatic collection
Site Usage Data, such as activity and Site interactions information that we capture using Cookies and similar technologies (see section 4 below), including, page views and searches, length of visits to certain pages, clicks, email entry, operating system, information that content had been viewed, and other functional information on Site performance. Automatic collection
Location Data, collected directly from you or using IP address from which we can identify your general geographic location, e.g., country or city- level location, and other technical information that associates your location to your use of the Site. Directly from you
Automatic collection
Uploaded Content, such as any personal data that you provide as part of product reviews, requests for assistance from customer service, or when you take part in contests or upload photos to social media (e.g. Instagram) where you allow us to use such images (User Generated Content). Directly from you
Automatic collection
Third parties


We do not collect any sensitive personal information about you, such as health-related information or information about your race or ethnicity, or sexual orientation.

We will let you know at the time of collection whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data.
2. How we use your personal information (our purposes) and our legal basis for processing
We use the personal information that we collect from and about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information. Depending on our purpose for collecting your information, we rely on one of the following legal bases:

Contract – we require certain personal information to provide and support the goods and services you purchase or request from us;
Consent – in certain circumstances, we may ask for your consent (separately from any contract between us) before we will collect, use, or disclose your personal information, in which case you can voluntarily choose to give or deny your consent without negative consequences to you;
Legitimate Interests – we may use or disclose your personal information for the legitimate business interests of either Columbia or a third party, but only when we're confident that your privacy rights will remain appropriately protected. If we rely on our (or a third party’s) legitimate interests, these interests will normally be to operate, provide and improve our business, including our Site, to communicate with you and respond to your questions, improve our Site or use the insights to improve or develop marketing activities and promote our products and services, to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors.
Legal Obligation – there may be instances where we must process and retain your personal information to comply with laws or to fulfil certain legal obligations.

The following table provides more details on our purposes for processing your personal information and the related legal bases.

Purpose Personal information Legal basis
Register your account on our Site, to manage and administer your account, to facilitate purchases you make (including, where applicable, providing special discounts and managing online loyalty programmes) and to manage returns. Account Data
Transaction Data
Communication Data
Location Data
Contract
Provide and deliver products and services, including delivery of products, electronic receipts and returns, warranty returns and repairs. Identity and Contact Data
Account Data
Communication Data
Location Data
Transaction Data
Contract
Process transactions (in store and online/ecommerce payments), including online and in-store delayed payment options (via Paypal), and transaction fee recovery. Identity and Contact Data
Account Data
Communication Data
Transaction Data
Contract
Respond to your communications regarding our products and services, send you service updates, confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages, responding to your inquiries, requests or complaints. Identity and Contact Data
Account Data
Transaction Data
Communication Data
Uploaded Content
Device Data
Site Usage Data
Location Data
Contract
Our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you
Reviewing communications with you for customer support and quality assurance and training purposes, and related recordkeeping. Identity and Contact Data
Account Data
Transaction Data
Communication Data
Uploaded Content
Device Data
Site Usage Data
Location Data
Keep our business, including the Site, our retail stores and our employees, customers, vendors, and visitors secure and address threats to your safety or the safety of others; to detect and prevent fraud (online and in store). For example, online we may use malware and spyware monitoring tools to detect suspicious activity and algorithms to detect unauthorised access. In our stores, we use CCTV monitoring. Identity and Contact Data
Account Data
Transaction Data
Device Data
Location Data
Site Usage Data
CCTV Data
Communication Data
Our and third parties' legitimate interest (to operate and provide our business, including our Site; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors)
Manage compliance with our terms of service, manage our compliance hotline and related internal reporting. Identity and Contact Data
Account Data
Communication Data
Transaction Data
Location Data
CCTV Data
Uploaded Content
Social media/External Account Data
Contract
Legitimate interests (to operate, provide and improve our business, including our Site; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure, and the safety and security of our employees, customers, vendors, and visitors
Legal obligations
To administer and maintain this Site and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data). Identity and Contact Data
Account Data
Device Data
Location Data
Site Usage Data
Legitimate interests (to operate, provide and improve our business, including our Site; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure
Manage our use of tracking technologies such as cookies (including enabling you to manage your cookie preferences) and analyse collected data to learn about our Site to improve our Site, and to develop new products and services. This includes website analytics, identifying browsing/purchasing trends and patterns and evaluating this information on an aggregated, group(s) basis (Social media/External Account Data, Marketing Data) and individual basis (Account Data, Device Data, Location Data and Site Usage Data). Account Data
Device Data
Location Data
Site Usage Data
Social media/External Account Data
Marketing Data
Legitimate interests (to operate, provide and improve our business, including our Site, to improve our Site or use the insights to improve or develop marketing activities and promote our products and services)
Consent (where required under applicable law)
Analyse data, including metrics related to consumer transactions and behaviour (online and offline) to assess trends and the effectiveness of our advertising and marketing campaigns, to help us understand your needs and provide you with better service and offers, to drive customer engagement, promote our brand, and inform other business decisions by understanding consumer behaviour. Account Data
Transaction Data
Device Data
Location Data
Site Usage Data
Social media/External Account Data
Communication Data
Marketing Data
Consent (where required under applicable law – see cookie consent tool on our website
Otherwise (for strictly necessary cookies) legitimate interests to operate, provide and improve our business, including our Site, to improve our Site or use the insights to improve or develop marketing activities and promote our products and services
Contact current and prospective customers (including Site visitors) about our products and services, promotions, competitions and events we think may be of interest to you, including with our newsletter and other promotional mailers and electronic communications. Account Data
Site Usage Data
Marketing Data
Communication Data
Social media/External Account Data
Location Data
Uploaded Content
Consent (where required under applicable law)
Otherwise (where we can rely on an exemption) - legitimate interests (to operate, provide and improve our business; to communicate with you)
Personalize and customize your Site experience, including to provide local or otherwise targeted content and information for customers, and to tailor the content and advertising served on our Site. Account Data
Marketing Data
Site Usage Data
Device Data
Social media/External Account Data
Location Data
Consent (where consent is required under applicable law – for non- strictly necessary cookies)
Otherwise Legitimate interests (to operate, provide and improve our business, including our Site, to use the insights to improve or develop marketing activities and promote our products and services)
Personalize, target, and deliver advertising for our products and services on third party websites, apps, and other online services (including to identify audiences and individuals like you to better tailor our marketing campaigns and communications), and measure the effectiveness of our campaigns and adjust our methods Account Data
Marketing Data
Site Usage Data
Social media/External Account Data
Location Data
Device Data
Consent (where consent is required under applicable law)
Otherwise Legitimate interests
Analyse social media performance metrics to evaluate and execute social media campaigns, including to interact with our current and prospective customers on various social media channels to promote our products, run contests and promotions, answer questions and otherwise drive and monitor customer engagement and satisfaction. Account Data
Marketing Data
Social media/External Account Data
Communication Data
Uploaded Content Data
Site Usage Data
Device Data
Consent (where consent is required under applicable law)
Otherwise Legitimate interests
Administer sweepstakes, competitions or surveys to drive customer engagement and to collect user perceptions and measure satisfaction Identity and Contact Data
Account Data
Communication Data
Uploaded Content Data
Social media/External Account Data
Legitimate interests
Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law Identity and Contact Data
Account Data
Transaction Data
Site Usage Data
Communication Data
Uploaded Content Data
Legal obligation
Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims against us and to conduct litigation to defend our interests. Identity and Contact Data
Account Data
Transaction Data
CCTV Data
Site Usage Data
Communication Data
Legitimate interests
3. Who does Columbia share my personal information with?
We share your personal information with the following categories of recipients:

    our group companies, who provide data processing services necessary to provide you with our goods and services (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal information in reliance on legitimate interests for purposes described in this Privacy Notice. Our group companies, to which we transfer your personal information, operate in retail and retail supporting sectors;
  • third party services providers and partners who provide data processing services to us as necessary to provide you with our goods and services (to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal information for purposes that are described in this Privacy Notice. The following table lists the main third-party service providers we engage to process your personal information, the categories of services they provide, and the types of personal information they receive in order to provide us these services.


Service Provider Services Personal Information
Avent Media Group Behavioral Advertising and Paid Marketing IP address
Cycleon Product Returns (E-comm purchases) Name, Email, Shipping address, Order ID, Purchase date and amount
Emarsys Email Marketing Name, Email, Phone, Home address, Gender, Birth month and day, Email opt in/out, Order ID, Loyalty ID, Coupon code
Instagram Social Media Campaigns and Contest Promotions Social medial contact, Photographs, Social media account content
Labelium Behavioral Advertising and Paid Marketing Name, Social media contact and account content, Gender, Marketing subscriptions
Rakuten Affiliate Marketing IP address, Email, Browsing time and behavior, Website history
Zendesk Customer Service Inquiries Name, Email, Phone, Order ID, Warranty/return info


  • third-party services when you use third-party services linked through our Website, e.g. third party payment services, your personal information will be collected by the provider of such services. Please note that when you use third-party services, their own terms and privacy policies will govern your use of their services.
  • any competent law enforcement body, regulatory, government agency, court or other third party (our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • a buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice; or
  • any other person with your consent to the disclosure (obtained separately from any contract between us).
4. Cookies and similar tracking technology
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to serve interest-based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice and our consent management platform.
5. How does Columbia keep my personal information secure?
We use technical and organisational controls to protect the personal information that we collect and process about you. These measures are designed to provide a level of security appropriate to the risk of processing your personal information. We govern and align our Information Security programme with an industry standard framework, employ advanced malware protections, use data encryption technologies, and implement other reasonable security defences (including vulnerability management, access management, recovery/resilience measures).

Where you have created an account and unique password to enable your access, it is your responsibility to keep this password secure and confidential.
6. International data transfers
In some cases, where your personal information is transferred to Columbia group companies or third parties, it is processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, our Website servers are located in the United States and our group companies and third party service providers and partners operate around the world. This means that when we collect your personal information we will process it in any of these countries.

Where we transfer your personal information to countries and territories outside of the European Economic Area and the UK, which have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations” from the Secretary of State in the UK. We transfer your personal information from the European Economic Area and the UK to Canada and Switzerland in reliance on the European Commission’s adequacy decision and the Secretary of State's adequacy regulations.

Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice and applicable laws. The safeguards we use to safeguard transfers of personal information between our group companies and transfers to our service providers are the European Commission’s Standard Contractual Clauses for controller to controller and controller to processor transfers, including the UK Addendum for the transfers of data originating in the UK. Our Standard Contractual Clauses can be provided on request (with some sensitive commercial information redacted).
7. Data retention
We retain the personal information we process where we have an ongoing legitimate business need to do so or to comply with applicable legal, tax or accounting requirements. In certain circumstances, we will need to keep your information for legal reasons after we have fulfilled our contract with you or your account has been deleted. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement. For further details of applicable retention periods you can contact us at privacy@columbia.com.
8. Your data protection rights
You may have the following data protection rights:
  • You may access, correct, update or request deletion of your personal information.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request for portability of your personal information (i.e. your data to be transferred in a readable and standardised format).
  • You have the right to opt-out of marketing communications we send you at any time. In addition to contacting us using the contact details provided under the “How to contact us” heading below, you can also exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by clicking this unsubscribe link and entering the email address you wish to unsubscribe. If you choose to opt out of marketing communications, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations.
  • If we process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local supervisory authority. Certain supervisory authorities may require that you exhaust our internal complaints process before looking into your complaint.


To exercise any of them see specific instructions below or contact us using the contact details provided under the “How to contact us” heading below [link].We respond to all requests we receive from individuals in accordance with applicable data protection laws.
9. Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make and applicable legal requirements. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
10. How to contact us
If you have any questions or concerns about our use of your personal information, please contact us at privacy@columbia.com. You may also write to us at the following address:

Columbia Sportswear Finland Oy.
Attn: Columbia Privacy Department
Keilaranta 11
02150 Espoo
Suomi

The data controllers of your personal information are as described at the beginning of this Privacy Notice and include the local Columbia entity, Columbia Sportswear Finland Oy., whose contact details are provided above. See below for contact information of additional controllers previously identified.

Columbia Sportswear International SARL.
Attn: Columbia Privacy Department
Avenue des Morgines 12
Geneva Business Center
1213 Petit-Lancy, Switzerland

Columbia Sportswear Company
Attn: Columbia Privacy Department
14375 NW Science Park Drive
Portland, OR 97229 USA