Privacy & cookie policy

Privacy Policy

In this privacy policy we will inform you about the processing of your data during the use of our website and during your shopping experience.

The term “your data” means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number.

Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term "personal data".

You can print or save this privacy policy by using your browser’s usual functionality. You can also download and save this privacy policy as a PDF file.

RESPONSIBLE AUTHORITY AND CONTACT DETAILS

The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:

MADELEINE Fashion Ltd.
c/o Francis Clark LLP
North Quay House
Sutton Harbour
Plymouth
PL4 0RA

Telephone: 0333 400 0 400
E-Mail: service@madeleine.co.uk

You can also contact our data protection officer using the above contact details.

Please use the following contact details if you have any questions or requests regarding the protection of your data:

MADELEINE Fashion Ltd.
Woodview Road
Paignton
TQ4 7SR

Tel: 0333 400 0 400
E-Mail: service@madeleine.co.uk

(subsequently referred to as “MADELEINE”, “We” or “Us”)

DATA PROCESSING FOR THE EXECUTION OF THE CONTRACT AND WHEN CONTACTING US

Your order or purchasing data

We will record your order or purchase data if you order from us in our online shop, by phone or by order form.

Order or purchase data includes, for example:

Your details of purchased items, such as name, size, colour, purchase price, etc.;
Your payment details
Your delivery and billing address;
Your declarations of withdrawal, your complaints and other notifications with regard to your orders or purchases;
Your order number;
Your order status, e.g. "Dispatched" or “Returned”;
Your payment status;
The details of the service providers involved in the execution of the contract, in the case of shipping companies, for example your consignment number

· You can view your essential order data at any time under "My account".

We process your data so that we can process your order, so that we can send you your order and so that we can process returns, complaints and warranty cases if necessary.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

My account

You can register on our website or create a customer account.

You will need the following information to register:

Your full name;
Your address;
Your email address;
Password of your choice

You can subsequently log in to "my account" using your e-mail address and password.

We process your data so that you have an overview of your previous orders to make your shopping more convenient and easier, and so that you can manage your personal data and settings.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

You can also order as a guest without registration. We will also save your order history in this case, so that you will have an overview of your previous orders if you subsequently register under "my account".

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Your contact details and notifications

If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Payment information

We offer you the usual payment methods credit card, debit card, PayPal, etc. Depending on which payment method you select during the order process, we will pass on the payment data collected for the processing of payments to the relevant institution tasked with the payment and, if applicable, to payment service providers we have commissioned or to the selected payment service. Payment and contract processing cannot be carried out without these payment data and payment service providers.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

When paying by credit/debit card, we save your card details pseudonymised for processing the payment transaction. In addition, we will pseudonymise your credit card information to facilitate future payment transactions and for identification purposes based on our legitimate interest in providing our customers with an optimised and efficient purchasing process and to uniquely identify them. You can object at any time to the storage of your card data under the mentioned contact information. We will delete this pseudonymous data as soon as the credit card becomes invalid or you wish us to do so.

The legal basis for the above-mentioned data processing is Article 6(1) (f) of the GDPR.

DATA PROCESSING FOR CUSTOMER RELATIONSHIP MAINTENANCE

Your date of birth

You may tell us your date of birth. Provision of this information is voluntary. We record your date of birth to send you birthday greetings.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Competitions and surveys

If you take part in one of our surveys, we will use your data for marketing and opinion research. Naturally, we will only use this data in an anonymised form for statistical purposes. Personal data will only be collected with your consentif surveys are not conducted anonymously despite the foregoing. The GDPR is not applicable to anonymous surveys.

In exceptional cases, with respect to personal data, the legal basis of the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Regarding competitions, we will use your data for the purpose of conducting the competition and notifying you of the prize. You will find detailed information in the respective competition’s conditions of participation where required.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

NEWSLETTER AND PROMOTIONAL STRATEGY

Newsletter

If you register for our newsletter, we will use the data you provide to send you our newsletter with your express consent. The newsletter contains current information as well as offers from MADELEINE.

We will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to verify your registration. You can unsubscribe from the newsletter at any time here. Every newsletter also contains a corresponding unsubscribe link. Naturally, a notification sent using the contact details indicated above or in the newsletter (e.g. by e-mail, phone or letter) will also suffice. In this case, please provide us with the e-mail address to be unsubscribed.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

For sending the newsletter, we use the service provider Emarsys Interactive Services GmbH ("Emarsys"), Stralauer Platz 34, 10243 Berlin. Information can be found below under "Information on the use of cookies and comparable technologies" and there under "Emarsys / Scarab".

Object to data collection by Emarsys.

The legal basis for the aforementioned data processing is Article 6 (1) f) GDPR, based on our aforementioned legitimate interest.
If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletter (see above) or deactivate graphics in your e-mail program by default. For more information, see the instructions for Microsoft Outlook and Mozilla Thunderbird. We want to use our newsletter to share content that is as relevant as possible for our customers and to better understand what the readers are actually interested in.

New customer acquisition and marketing existing customers

We augment our customer data with information that we receive from companies selected for acquisition of new customers. The information we receive are only so-called score values from which we can draw no conclusions concerning natural persons. These are calculated from characteristics of consumer behaviour, mail order information, information on the respective housing situation and micro-geographical data. They originate, for example, from household surveys on consumption and lifestyle topics as well as from house valuations. This information helps us distinguish active customers from inactive customers, activate inactive customers, determine the probability that existing customers might be interested in certain products and strengthen customer relationships.

If we haven’t collected your data directly from you, you may find out more information about the source of the data by calling our customer services team at 0333 400 0 400. We will then use the postal address section of the respective catalogue to determine the source of your data.

The legal basis for the aforementioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

Third-party marketing purposes

We transmit generally published data such as surname, first name, address, date of birth and purchase data for our own and third-party marketing purposes on the basis of legitimate interests to retailers, mail-order companies with an interesting product range and cooperative databases, such as Epsilon Abacus and Experian Limited based on Article 6 (1) (f) of the GDPR.

We will share your data with Experian Limited, Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ, who will use it to create products and services to help organisations better understand the likely characteristics of their customers; communicate with them more effectively; and find others like them across a range of marketing channels. This may mean that you receive advertising that is more relevant to you via direct mail. For more information have a look at www.experian.co.uk/privacy

We work with Epsilon International UK Ltd, a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. (Please note that Epsilon Abacus may transfer your data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.) For more information have a look at: emea.epsilon.com/privacy-policy

If you would like more information, please call us on 0333 400 0 400, email us at service@madeleine.co.uk or write to us at the address below: MADELEINE Fashion Ltd, Woodview Road, Paignton, Devon, TQ4 7SR.

The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR.

Advertising partners

We receive information from selected operators of online advertising networks such as Google or Facebook and data providers who carry out advertising for or together with us (subsequently referred to as "advertising partners").

The information we receive from advertising partners is information and statistics about demographics (such as age, gender, region, etc.), device and access data, and our users’ interests. This information can help us better understand our users, for example in the context of customer structure analyses and user segmentation. We only receive aggregated, encrypted or anonymous data and we cannot assign the data to any particular person, in particular any particular user.

The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on our above-mentioned legitimate interests.

VISITING THIS WEBSITE

Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:

IP address of the requesting terminal;
Date and time of the request;
Address of the web page called up and the requesting web page;
Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)

The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits (e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.

The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.

Information on the use of cookies and comparable technologies

In order to be able to implement certain technically necessary functions of our website, to be able to trace the use of our offers and to be able to provide content adapted to your wishes for the constant optimisation of the websites, MADELEINE uses cookies. Cookies are small text files that are stored on your hard disk by a website. Cookies do not cause any damage to your computer, they cannot execute programs and cannot contain viruses. Instead of cookies, so-called tracking pixels or comparable common technologies can also be used, which serve to (temporarily) store information on specific users or usage processes (collectively referred to as "cookies" in the following). You can prevent the storage of cookies on your computer at any time by changing the settings of your browser (please use the settings or the help function of your browser). The function of our website may then be restricted under certain circumstances. MADELEINE uses cookies for various purposes. The individual cookies are listed below:

Technically required cookies

The main purpose of these cookies is to enable you to use the functions of the site, e.g. to store form data (e.g. in the frame of the contact form) or to control the display of information (e.g. the cookie banner). The legal basis for data processing in connection with the technically required cookies is Art. 6 para. 1 f) GDPR, based on our legitimate interest in enabling you to use our website conveniently and individually and to make use of it as time-saving as possible. In certain cases, these cookies may also be required for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 para. 1 p. 1 b) GDPR. It is not possible to deactivate these technically required cookies.

Comfort Cookies

Further cookies serve to make the website and the MADELEINE offer more comfort for you. These cookies enable us to provide you with personalised content and product recommendations, as well as to evaluate your purchase. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the comfort cookies is your consent (Article (6) (1) (a) of the GDPR).

In the event that personal data is transferred to the USA, we will obtain your express consent in accordance with Art. 49 para. 1 sentence 1 a) GDPR via the cookie banner for this data transfer. You will find the associated risks below under "Data transmission to third countries".

You can revoke your consent by calling up the cookie settings and changing the corresponding selection there. You can also access the cookie settings from any page of this website via the footer.

Marketing cookies

We also use cookies for advertising and marketing purposes to enable personalised advertising and to display advertising content on external websites (e.g. Google or Facebook) for our products and offers that you have been interested in on our website or that match content that we think you might find interesting. Also general information about possible interests of users of our website and other interested parties, collected by third parties on other websites, are used in the context of personalised advertising of our content (so-called re-targeting). The information is stored as cookie identifiers. You will not be identified as a person, but the recognition is based solely on the terminal devices you use. If the cookies are deleted, the personalisation of the advertising content is also omitted. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the marketing cookies is your consent (Article (6) (1) (a) of the GDPR).

In the event that personal data is transferred to the USA, we obtain your express consent for this data transfer via the cookie banner in accordance with Art. 49 para. 1 a) GDPR. You will find the associated risks below under "Data transmission to third countries".

You can revoke your consent by calling up the cookie settings and changing the relevant selection there. You can also access the cookie settings from any page of this website via the footer.

Please note that some pages of our website may contain cookies that are not directly related to MADELEINE. If you visit a page with content embedded by third parties, these third parties may have set their own cookies. MADELEINE has no influence on the use of these cookies and cannot access them because of the way cookies work, as cookies can only be accessed by the person who originally set them. For further information, please refer to the websites of the third party concerned.

Information on the individual cookies:

Bing Remarketing / Bing Conversion

We use Bing's technologies to display personalized advertising. Use of these technologies enables Microsoft and its partner sites to serve ads based on previous visits to our or other sites on the Internet.
Category: Marketing
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
For more information, see the Microsoft privacy statement: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy

Criteo OneTag

We use Criteo to display personalised advertising on partner websites, in apps and emails. Retargeting technologies use cookies or ad IDs and display ads based on your past browsing behaviour. We may use information such as technical share identifiers from your registration information on our website or CRM system with trusted advertising partners. This allows us to link your devices and/or environments and provide you with a seamless user experience with the devices and environments you use Category: Marketing Provider: Criteo SA, 32 Rue Blanche, 75009 Paris, France For more information, please refer to Criteo's privacy policy: https://www.criteo.com/privacy/

Emarsys / Scarab

We use Emarsys for sending the newsletter. We use commercially available technologies in our newsletter to measure interactions with the newsletter (e.g. opening of the email, links clicked on). We use this data in a pseudonymous form for general statistical evaluations, for the optimisation and further development of our content, for customer communication and for the delivery of personalised advertising. This is done by means of small graphics embedded in the messages (so-called pixels).
Furthermore, we use "Webextend" as an analysis technology from Emarsys to make advertising and newsletters appealing to you and to tailor them to your interests. In particular, this may include products and articles that you have viewed in our offer, as well as information about your computer, your surfing history and the time of your visit to the website. The data that is processed is exclusively pseudonymised. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys to create suitable and interesting newsletters for you. You can object to this use for personalised advertising at any time. Category: Marketing Provider: Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin Further information can be found in the Emarsys privacy policy: https://www.emarsys.com/de/datenschutzrichtlinie/

Facebook Pixel / Facebook Custom Audience

We use the technologies of Facebook for marketing purposes, so-called remarketing tags. When you visit our website, these tags create a connection between your browser and a Facebook server. Facebook thereby receives the information that our website was called up with your IP address.
Category: Marketing
Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Processed data: Facebook user ID, IP address, browser information, non-confidential custom data, referrer URL, location information
You can find further information in the Facebook privacy policy: https://www.facebook.com/policies/cookies/
Further information on the joint responsibility of Facebook and MADELEINE can be found at
https://www.facebook.com/legal/terms/page_controller_addendum

Google Ads Conversion Tracking

We use Ads Conversion Tracking to record and analyse customer actions defined by us (e.g. clicking on an ad, page views, downloads).
If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website.
You can configure your browser to reject cookies. You can also set your browser to reject cookies in Google's advertising preferences by clicking the disable "Personalised advertising" option. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en

Google Ads Remarketing

We use ads remarketing to display individualised advertising messages for our products on Google's partner websites. If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website. You can configure your browser to reject cookies. You can also select to disable "Personalised Ads" in Google's advertising preferences. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: pages visited, IP address, duration of visit
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en

Google Global Site Tag

We use the Google Site Tag to control and manage the Google tools we use.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: The Google Site Tag does not use cookies and does not collect any personal data.
For more information, please refer to the Google Privacy Notice: https://policies.google.com/technologies/cookies?hl=en

reCaptcha

We use Google reCaptcha to prevent automated software (so-called bots) from carrying out abusive activities on our website. This means that it is checked whether the entries made are actually from a human being.
Category: Technically required
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: referrer, IP address, input behaviour (e.g. answering the reCaptcha question, input speed in form fields, order of selection of input fields, browser type, browser plug- ins, browser size and resolution, date, language setting, display instructions).
For more information, please refer to the Performance Media privacy policy: https://www.performance-media.de/datenschutz/

SurveyMonkey

We use the SurveyMonkey tool to survey our customers. Participation in the surveys is voluntary. If you participate, your responses are provided to us only in the form of statistics and are not aggregated with your account. We delete the survey data from SurveyMonkey after the survey has been analysed. Within 90 days, this data will also be permanently deleted from SurveyMonkey's systems.
Category: Comfort
Provider: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland
Processed data: IP address, answers
You can find further information in the picalike privacy policy: https://www.picalike.com/privacy-policy/

Usercentrics Consent Management Platform

We use the Usercentrics tool to display the cookie banner and to store, manage and document your selection of cookies. In connection with Usercentrics, a cookie is used to store your selection of cookie settings for the MADELEINE Website.
Category: Technically required
Provider: Usercentrics GmbH, Sonnenstrasse 23, 80331 Munich
Processed data: Date and time of the visit, device information, browser information, anonymous IP address, opt-in and opt-out data.
Further information can be found in the Usercentrics data protection information: https://usercentrics.com/privacy-policy/

Webtrekk
We use Webtrekk technologies to analyse the use of our website and to optimise offers.
Category: Marketing
Provider: Mapp Digital Germany GmbH, Dachauer Str. 63, 80335 Munich. (formerly Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin)
Data used: Browser type/version, Browser language, Operating system used, Browser window resolution, Javascript activation, Java on/off, Cookies on/off, Referrer URL (the previously visited page), IP address, Time of access, Clicks, Form contents.
Further information can be found in Webtrekk's privacy policy: https://www.webtrekk.com/privacy-notice.html

Personalised Advertising

Conversant

Our website uses the services of Conversant Media, Oxford House, 182 Upper Richmond Road, Putney, London, SW15 2SH ("Conversant"). Conversant collects anonymised statistical information to show you personalised advertising. Third-party cookies are used for this purpose. Further information, as well as the corresponding opt-out possibility to deactivate internet-based advertising provided by Conversant can be found at: https://www.conversantmedia.com/legal/privacy#YOUR_CHOICES.

Furthermore, we will share certain data collected from our dealings with you with Conversant based on legitimate interest. This data could include name, surname, address, date of birth and purchase details. We share this data with Conversant so they can serve personalised ads, providing you have not opted-out. Please note that your data may be transferred outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.

Rakuten

Our website participates in affiliate programs of Rakuten Marketing Europe Limited (“Rakuten”), a service for the inclusion of advertisements in the form of text links, image links, banners or forms on third-party websites.

In case you reach our website via such an ad, a so-called web beacon (invisible graphic) is integrated here. Through this, information such as your IP address and purchases made by you can be evaluated via the order number (order ID) on this page.

The information collected through cookies and web beacons on the use of this website (your IP address and the order ID) are transmitted to Rakuten for billing purposes and stored there. This information may be passed on by Rakuten to contractors of Rakuten. However, Rakuten will not merge your IP address with other data you have stored.

Further information can be found in Rakuten’s privacy policy here: https://rakutenadvertising.com/legal-notices/services-privacy-policy/

The legal basis for the processing of your data is Article 6 (1) f) of the GDPR, based on our legitimate interest in including interest-based and target group-oriented advertising on third party websites.

Social Media

Facebook

We operate a fan page on the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") in joint responsibility, in order to be able to communicate with interested parties and followers and to inform them about our products and services. For customers from the European Economic Area and Switzerland, Facebook products are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We may receive statistics from Facebook regarding the use of our fan page by Facebook/fan page users which help us to learn about the interactions with our page (e.g. information on the number, names, interactions such as likes or comments, as well as summarised demographics and other information or statistics based on certain parameters about our company and the services offered on our fan page). For more information about the nature and scope of these statistics, please refer to the Facebook Page Statistics Notice and the respective responsibilities in the Facebook Page Insights supplement.

The legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR as well as Art. 6 para. 1 p. 1 f) GDPR based on our aforementioned legitimate interest.

We have no influence on data that is processed by Facebook on its own responsibility according to the Facebook terms of use. However, we would like to point out that when you visit the fan page, data about your usage behaviour is transferred from Facebook and the fan page to Facebook. Facebook itself processes the above-mentioned information to create more detailed statistics and for its own market research and advertising purposes, over which we have no influence. You can find more detailed information on this in Facebook's privacy policy.

If we have personal data of users when operating the fan page, users have the rights mentioned in this privacy policy. Should users wish to assert additional rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures upon request if users make use of their rights. We are happy to support users in asserting their rights as far as we are able and forward user requests to Facebook.

Other

We maintain further online presences in social networks to communicate with customers and interested parties and to inform them about our products and services.
User data is generally processed for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers will be stored on the users' computers. On the basis of these user profiles, advertisements are then placed, for example, within social networks but also on third-party websites.
The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR, based on our legitimate interest in effective information of and communication with users. The legal basis for data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The following links will also provide you with further information on the respective data processing and the possibilities of objection.
We would like to point out that data protection requests can be made most efficiently to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.

Twitter

Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). The link to Twitter’s privacy policy can be found here: Twitter’s privacy notices.

Pinterest

Pinterest is operated by Pinterest Inc., 635 High Street, PALO ALTO, CA, USA ("Pinterest"). The link to Pinterest’s privacy policy can be found here: Pinterest’s privacy notices.

Instagram

Instagram is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The link to Instagram's privacy policy can be found here: Instagram's Privacy Policy.

YouTube

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The privacy policy can be found under Privacy Policy: https://policies.google.com/privacy

DATA RECIPIENTS

We will only pass on the data we collect if:

you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
disclosure under Article 6(1)(f) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.

We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).

We transmit your payment data encrypted within the group to TriStyle Mode GmbH for purposes of the group-wide internal control system as well as taxation documentation and disclosure obligations within the scope of the VAT tax group to TriStyle Mode GmbH on the basis of legitimate interest acc. Article 6 (1)(f) of the GDPR.

For the delivery of orders we work together with external shipping service providers (e.g. Royal Mail). These shipping service providers receive the following data from us to execute the respective order:
- your name
- your delivery address
- Your e-mail address, so that the delivery service provider can inform you by e-mail about the expected delivery date and you can choose a different delivery location. You can object to the forwarding of your e-mail address at any time at service@madeleine.co.uk for the future.

The legal basis for this is Art. 6 para. 1 b, f) GDPR, based on our legitimate economic interest.

For economic reasons, we pass on your data to donation organisations. The legal basis for this is Art. 6 para. 1 f) GDPR, based on our legitimate economic interest.

In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement (the legal basis for this data processing is, depending on the individual case, Art. 6 para. 1 c) or f) GDPR).

Transfer of data to countries outside the EEA

As explained in this privacy policy, we use services whose providers are partly located in so-called third party countries (such as the USA), i.e. countries whose data protection level does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequate decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your express consent (Art. 49 para. 1 a) GDPR) or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures (Art. 49 para. 1 b) GDPR).
If a transfer to a third country is envisaged and no adequacy finding or suitable guarantees have been provided, it is possible and there is a risk that authorities in the third country in question (e.g. secret services) may gain access to the transferred data in order to record and analyse it and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when you obtain your consent via the cookie banner.

RETENTION PERIOD

In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.
For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.

We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under UK law. The periods specified therein for retention of documents range from two to ten years.

YOUR RIGHTS

You have the following legal data protection rights under the respective legal provisions:

Right to information (Article 15 of the GDPR);
Right of cancellation/erasure/right to be forgotten (Article 17 of the GDPR);
Right to rectification (Article 16 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to data portability (Article 20 of the GDPR).

You can contact us at any time using the above-mentioned contact details to assert your rights described here.

You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for the UK is the ICO (https://ico.org.uk/). Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

Right of revocation and the right to object

In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until revocation shall not be affected.

If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest.

Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.

If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.

Data security

We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.

Changes to the privacy policy

We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.

Version: October 2020