Privacy & cookie policy
Privacy Policy
In this privacy policy we will inform you about the processing of your data during the use of our website and during your shopping experience.
The term “your data” means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number.
Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term "personal data".
You can print or save this privacy policy by using your browser’s usual functionality. You can also download and save this privacy policy as a PDF file.
RESPONSIBLE AUTHORITY AND CONTACT DETAILS
The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:
MADELEINE Fashion Ltd.
c/o Francis Clark LLP
Melville Building East
Royal William Yard
Plymouth
PL1 3RP
Telephone: 0333 400 0 400
E-Mail: [email protected]
You can also contact our data protection officer using the above contact details.
Please use the following contact details if you have any questions or requests regarding the protection of your data:
MADELEINE Fashion Ltd.
Woodview Road
Paignton
TQ4 7SR
Tel: 0333 400 0 400
E-Mail: [email protected]
(subsequently referred to as “MADELEINE”, “We” or “Us”)
DATA PROCESSING FOR THE EXECUTION OF THE CONTRACT AND WHEN CONTACTING US
Your order or purchasing data
We will record your order or purchase data if you order from us in our online shop, by phone or by order form.
Order or purchase data includes, for example:
- Your details of purchased items, such as name, size, colour, purchase price, etc.;
- Your payment details
- Your delivery and billing address;
- Your declarations of withdrawal, your complaints and other notifications with regard to your orders or purchases;
- Your order number;
- Your order status, e.g. "Dispatched" or “Returned”;
- Your payment status;
- The details of the service providers involved in the execution of the contract, in the case of shipping companies, for example your consignment number
· You can view your essential order data at any time under "My account".
We process your data so that we can process your order, so that we can send you your order and so that we can process returns, complaints and warranty cases if necessary.
The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.
My account
You can register on our website or create a customer account.
You will need the following information to register:
- Your full name;
- Your address;
- Your email address;
- Password of your choice
You can subsequently log in to "my account" using your e-mail address and password.
We process your data so that you have an overview of your previous orders to make your shopping more convenient and easier, and so that you can manage your personal data and settings.
The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.
You can also order as a guest without registration. We will also save your order history in this case, so that you will have an overview of your previous orders if you subsequently register under "my account".
The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.
Your contact details and notifications
If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions.
The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.
Payment information
We offer you the usual payment methods credit card, debit card, PayPal, etc. Depending on which payment method you select during the order process, we will pass on the payment data collected for the processing of payments to the relevant institution tasked with the payment and, if applicable, to payment service providers we have commissioned or to the selected payment service. Payment and contract processing cannot be carried out without these payment data and payment service providers.
The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.
When paying by credit/debit card, we save your card details pseudonymised for processing the payment transaction. In addition, we will pseudonymise your credit card information to facilitate future payment transactions and for identification purposes based on our legitimate interest in providing our customers with an optimised and efficient purchasing process and to uniquely identify them. You can object at any time to the storage of your card data under the mentioned contact information. We will delete this pseudonymous data as soon as the credit card becomes invalid or you wish us to do so.
The legal basis for the above-mentioned data processing is Article 6(1) (f) of the GDPR.
DATA PROCESSING FOR CUSTOMER RELATIONSHIP MAINTENANCE
Your date of birth
You may tell us your date of birth. Provision of this information is voluntary. We record your date of birth to send you birthday greetings.
The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.
Competitions and surveys
If you participate in one of our surveys, we use your data for market and opinion research. Of course, we only use this data anonymously for statistical purposes. If, in deviation from this, surveys are not carried out anonymously, the personal data will only be collected with your consent.
For example, we conduct customer surveys to determine your satisfaction with us and, for example, to find out your opinion on fashion topics or products. Your participation in customer surveys is, of course, voluntary and we will only invite you to participate if you have agreed to this in advance. In this case, the analysis of the survey results will be pseudonymised instead of anonymised and may still be assigned to you. We will only do this if the analysis purposes require it. This enables us to get to know you better, to create a general profile of your customer group based on the information provided and your preferences, and, for example, to send you information that is better tailored to you. If you take part in a survey, you will be redirected via the participation link to the survey platform of our service provider for customer surveys.
There, your details (geolocation, response times and email address) are processed as part of the customer feedback. Technical data about your end device is only processed to the extent necessary to make the survey technically possible. To prevent multiple participation in a survey, our service provider (e.g. Netigate) sets a cookie.
The legal basis for the processing of your data for the purpose of the invitation as well as for the implementation, creation of the general profile of your customer group and evaluation of the surveys is your consent, which can be revoked at any time, in accordance with Article 6 (1) (a) of the GDPR. If you revoke your consent, we will no longer process your data to conduct customer surveys. Otherwise, we will process your data until your revocation, but for a maximum of 10 years.
In the context of competitions, we use your data for the purpose of conducting the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the aforementioned data processing is Article 6 (1) (b) of the GDPR.
NEWSLETTER AND PROMOTIONAL STRATEGY
Newsletter
If you register for our newsletter, we will use the data you provide to send you our newsletter with your express consent. The newsletter contains current information as well as offers from MADELEINE.
We will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to verify your registration. You can unsubscribe from the newsletter at any time here. Every newsletter also contains a corresponding unsubscribe link. Naturally, a notification sent using the contact details indicated above or in the newsletter (e.g. by e-mail, phone or letter) will also suffice. In this case, please provide us with the e-mail address to be unsubscribed.
The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.
For sending the newsletter, we use the service provider Emarsys Interactive Services GmbH ("Emarsys"), Stralauer Platz 34, 10243 Berlin. Information can be found below under "Information on the use of cookies and comparable technologies" and there under "Emarsys / Scarab".
Object to data collection by Emarsys.
The legal basis for the aforementioned data processing is Article 6 (1) f) GDPR, based on our aforementioned legitimate interest.
If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletter (see above) or deactivate graphics in your e-mail program by default. For more information, see the instructions for Microsoft Outlook and Mozilla Thunderbird. We want to use our newsletter to share content that is as relevant as possible for our customers and to better understand what the readers are actually interested in.
New customer acquisition and marketing existing customers
We augment our customer data with information that we receive from companies selected for acquisition of new customers. The information we receive are only so-called score values from which we can draw no conclusions concerning natural persons. These are calculated from characteristics of consumer behaviour, mail order information, information on the respective housing situation and micro-geographical data. They originate, for example, from household surveys on consumption and lifestyle topics as well as from house valuations. This information helps us distinguish active customers from inactive customers, activate inactive customers, determine the probability that existing customers might be interested in certain products and strengthen customer relationships.
If we haven’t collected your data directly from you, you may find out more information about the source of the data by calling our customer services team at 0333 400 0 400. We will then use the postal address section of the respective catalogue to determine the source of your data.
The legal basis for the aforementioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.
Third-party marketing purposes
We transmit generally published data such as surname, first name, address, date of birth and purchase data for our own and third-party marketing purposes on the basis of legitimate interests to retailers, mail-order companies with an interesting product range and cooperative databases, such as Epsilon Abacus and Experian Limited based on Article 6 (1) (f) of the GDPR.
We will share your data with Experian Limited, Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ, who will use it to create products and services to help organisations better understand the likely characteristics of their customers; communicate with them more effectively; and find others like them across a range of marketing channels. This may mean that you receive advertising that is more relevant to you via direct mail. For more information have a look at www.experian.co.uk/privacy
We work with Epsilon International UK Ltd, a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in travel, charity, clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. (Please note that Epsilon Abacus may transfer your data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.) For more information have a look at: emea.epsilon.com/privacy-policy
If you would like more information, please call us on 0333 400 0 400, email us at [email protected] or write to us at the address below: MADELEINE Fashion Ltd, Woodview Road, Paignton, Devon, TQ4 7SR.
The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR.
Advertising partners
We receive information from selected operators of online advertising networks such as Google or Facebook and data providers who carry out advertising for or together with us (subsequently referred to as "advertising partners").
The information we receive from advertising partners is information and statistics about demographics (such as age, gender, region, etc.), device and access data, and our users’ interests. This information can help us better understand our users, for example in the context of customer structure analyses and user segmentation. We only receive aggregated, encrypted or anonymous data and we cannot assign the data to any particular person, in particular any particular user.
The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on our above-mentioned legitimate interests.
VISITING THIS WEBSITE
Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:
- IP address of the requesting terminal;
- Date and time of the request;
- Address of the web page called up and the requesting web page;
- Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)
The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits (e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.
The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.
Information on the use of cookies and comparable technologies
In order to be able to implement certain technically necessary functions of our website, to be able to trace the use of our offers and to be able to provide content adapted to your wishes for the constant optimisation of the websites, MADELEINE uses cookies. Cookies are small text files that are stored on your hard disk by a website. Cookies do not cause any damage to your computer, they cannot execute programs and cannot contain viruses. Instead of cookies, so-called tracking pixels or comparable common technologies can also be used, which serve to (temporarily) store information on specific users or usage processes (collectively referred to as "cookies" in the following). You can prevent the storage of cookies on your computer at any time by changing the settings of your browser (please use the settings or the help function of your browser). The function of our website may then be restricted under certain circumstances. MADELEINE uses cookies for various purposes. The individual cookies are listed below:
Technically required cookies
The main purpose of these cookies is to enable you to use the functions of the site, e.g. to store form data (e.g. in the frame of the contact form) or to control the display of information (e.g. the cookie banner). The legal basis for data processing in connection with the technically required cookies is Art. 6 para. 1 f) GDPR, based on our legitimate interest in enabling you to use our website conveniently and individually and to make use of it as time-saving as possible. In certain cases, these cookies may also be required for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 para. 1 p. 1 b) GDPR. It is not possible to deactivate these technically required cookies.
Comfort Cookies
Further cookies serve to make the website and the MADELEINE offer more comfort for you. These cookies enable us to provide you with personalised content and product recommendations, as well as to evaluate your purchase. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the comfort cookies is your consent (Article (6) (1) (a) of the GDPR).
In the event that personal data is transferred to the USA, we will obtain your express consent in accordance with Art. 49 para. 1 sentence 1 a) GDPR via the cookie banner for this data transfer. You will find the associated risks below under "Data transmission to third countries".
You can revoke your consent by calling up the cookie settings and changing the corresponding selection there. You can also access the cookie settings from any page of this website via the footer.
Marketing cookies
We also use cookies for advertising and marketing purposes to enable personalised advertising and to display advertising content on external websites (e.g. Google or Facebook) for our products and offers that you have been interested in on our website or that match content that we think you might find interesting. Also general information about possible interests of users of our website and other interested parties, collected by third parties on other websites, are used in the context of personalised advertising of our content (so-called re-targeting). The information is stored as cookie identifiers. You will not be identified as a person, but the recognition is based solely on the terminal devices you use. If the cookies are deleted, the personalisation of the advertising content is also omitted. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the marketing cookies is your consent (Article (6) (1) (a) of the GDPR).
In the event that personal data is transferred to the USA, we obtain your express consent for this data transfer via the cookie banner in accordance with Art. 49 para. 1 a) GDPR. You will find the associated risks below under "Data transmission to third countries".
You can revoke your consent by calling up the cookie settings and changing the relevant selection there. You can also access the cookie settings from any page of this website via the footer.
Please note that some pages of our website may contain cookies that are not directly related to MADELEINE. If you visit a page with content embedded by third parties, these third parties may have set their own cookies. MADELEINE has no influence on the use of these cookies and cannot access them because of the way cookies work, as cookies can only be accessed by the person who originally set them. For further information, please refer to the websites of the third party concerned.
Information on the individual cookies:
Bing Remarketing / Bing Conversion
We use Bing's technologies to display personalized advertising. Use of these technologies enables Microsoft and its partner sites to serve ads based on previous visits to our or other sites on the Internet.
Category: Marketing
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
For more information, see the Microsoft privacy statement: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy
Cloudflare
Our pages use Cloudflare features. Provider is Cloudflare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA. Cloudflare offers a worldwide distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. Cloudflare is thus able to analyse the data traffic between users and our websites, for example to accelerate the loading time of our pages or to detect and ward off attacks on our services. In addition, Cloudflare may store cookies on your computer for optimisation and analysis purposes. This serves to protect our legitimate interests in the security, performance and reliability of our advertising in accordance with Art. 6 (1) sentence 1 f) GDPR.
We concluded an appropriate order processing agreement with Cloudflare based on the GDPR. The processing of the data is generally carried out in states of the European Union. Insofar as processing in third countries is carried out in specific cases, the data is only processed if the adequacy of the level of data protection in the third country has been established by the EU Commission in accordance with Article 45 GDPR, on the basis of the EU standard contractual clauses or if an adequate level of data protection is ensured in the data recipient by other means
Cloudflare collects statistical data on the use of this website. The access data includes:
- IP address
- Date and time of the request
- Content of the request (specific page)
- Access status/HTTP status code
- Respective data volume transferred
- Website sending the request
- Browser
- Operating system and its interface
- Language and version of the browser software
Cloudflare uses the log data only for statistical evaluations to operate, secure and optimise the offering. Here you can find information on the data collected there and on security & data protection at Cloudflare.
Criteo OneTag
We use Criteo to display personalised advertising on partner websites, in apps and emails. Retargeting technologies use cookies or ad IDs and display ads based on your past browsing behaviour. We may use information such as technical share identifiers from your registration information on our website or CRM system with trusted advertising partners. This allows us to link your devices and/or environments and provide you with a seamless user experience with the devices and environments you use Category: Marketing Provider: Criteo SA, 32 Rue Blanche, 75009 Paris, France For more information, please refer to Criteo's privacy policy: https://www.criteo.com/privacy/
Emarsys / Scarab
We use Emarsys for sending the newsletter. We use commercially available technologies in our newsletter to measure interactions with the newsletter (e.g. opening of the email, links clicked on). We use this data in a pseudonymous form for general statistical evaluations, for the optimisation and further development of our content, for customer communication and for the delivery of personalised advertising. This is done by means of small graphics embedded in the messages (so-called pixels).
Furthermore, we use "Webextend" as an analysis technology from Emarsys to make advertising and newsletters appealing to you and to tailor them to your interests. In particular, this may include products and articles that you have viewed in our offer, as well as information about your computer, your surfing history and the time of your visit to the website. The data that is processed is exclusively pseudonymised. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys to create suitable and interesting newsletters for you. You can object to this use for personalised advertising at any time. Category: Marketing Provider: Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin Further information can be found in the Emarsys privacy policy: https://www.emarsys.com/de/datenschutzrichtlinie/
Facebook Pixel / Facebook Custom Audience
We use the technologies of Facebook for marketing purposes, so-called remarketing tags. When you visit our website, these tags create a connection between your browser and a Facebook server. Facebook thereby receives the information that our website was called up with your IP address.
Category: Marketing
Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Processed data: Facebook user ID, IP address, browser information, non-confidential custom data, referrer URL, location information
You can find further information in the Facebook privacy policy: https://www.facebook.com/policies/cookies/
Further information on the joint responsibility of Facebook and MADELEINE can be found at
https://www.facebook.com/legal/terms/page_controller_addendum
Google Ads Conversion Tracking
We use Ads Conversion Tracking to record and analyse customer actions defined by us (e.g. clicking on an ad, page views, downloads).
If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website.
You can configure your browser to reject cookies. You can also set your browser to reject cookies in Google's advertising preferences by clicking the disable "Personalised advertising" option. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en
Google Ads Remarketing
We use ads remarketing to display individualised advertising messages for our products on Google's partner websites. If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website. You can configure your browser to reject cookies. You can also select to disable "Personalised Ads" in Google's advertising preferences. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: pages visited, IP address, duration of visit
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en
Google Global Site Tag
We use the Google Site Tag to control and manage the Google tools we use.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: The Google Site Tag does not use cookies and does not collect any personal data.
For more information, please refer to the Google Privacy Notice: https://policies.google.com/technologies/cookies?hl=en
Stylight
Stylight tracking is used to identify a user who has clicked on one of the products listed in Stylight and to attribute a conversion to that user in order to measure the success of the campaign.
Category: Marketing
Provider: Stylight GmbH, Nymphenburger Str. 86, 80636 Munich, Germany. For further information, please see the Stylight privacy policy:
https://about.stylight.com/privacy-policy
reCaptcha
We use Google reCaptcha to prevent automated software (so-called bots) from carrying out abusive activities on our website. This means that it is checked whether the entries made are actually from a human being.
Category: Technically required
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: referrer, IP address, input behaviour (e.g. answering the reCaptcha question, input speed in form fields, order of selection of input fields, browser type, browser plug- ins, browser size and resolution, date, language setting, display instructions).
For more information, please refer to the Performance Media privacy policy: https://www.performance-media.de/datenschutz/
Usercentrics Consent Management Platform
We use the Usercentrics tool to display the cookie banner and to store, manage and document your selection of cookies. In connection with Usercentrics, a cookie is used to store your selection of cookie settings for the MADELEINE Website.
Category: Technically required
Provider: Usercentrics GmbH, Sonnenstrasse 23, 80331 Munich
Processed data: Date and time of the visit, device information, browser information, anonymous IP address, opt-in and opt-out data.
Further information can be found in the Usercentrics data protection information: https://usercentrics.com/privacy-policy/
Webtrekk
We use Webtrekk technologies to analyse the use of our website and to optimise offers.
Category: Marketing
Provider: Mapp Digital Germany GmbH, Dachauer Str. 63, 80335 Munich. (formerly Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin)
Data used: Browser type/version, Browser language, Operating system used, Browser window resolution, Javascript activation, Java on/off, Cookies on/off, Referrer URL (the previously visited page), IP address, Time of access, Clicks, Form contents.
Further information can be found in Webtrekk's privacy policy: https://www.webtrekk.com/privacy-notice.html
Social Media
We operate a fan page on the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") in joint responsibility, in order to be able to communicate with interested parties and followers and to inform them about our products and services. For customers from the European Economic Area and Switzerland, Facebook products are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
We may receive statistics from Facebook regarding the use of our fan page by Facebook/fan page users which help us to learn about the interactions with our page (e.g. information on the number, names, interactions such as likes or comments, as well as summarised demographics and other information or statistics based on certain parameters about our company and the services offered on our fan page). For more information about the nature and scope of these statistics, please refer to the Facebook Page Statistics Notice and the respective responsibilities in the Facebook Page Insights supplement.
The legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR as well as Art. 6 para. 1 p. 1 f) GDPR based on our aforementioned legitimate interest.
We have no influence on data that is processed by Facebook on its own responsibility according to the Facebook terms of use. However, we would like to point out that when you visit the fan page, data about your usage behaviour is transferred from Facebook and the fan page to Facebook. Facebook itself processes the above-mentioned information to create more detailed statistics and for its own market research and advertising purposes, over which we have no influence. You can find more detailed information on this in Facebook's privacy policy.
If we have personal data of users when operating the fan page, users have the rights mentioned in this privacy policy. Should users wish to assert additional rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures upon request if users make use of their rights. We are happy to support users in asserting their rights as far as we are able and forward user requests to Facebook.
Other
We maintain further online presences in social networks to communicate with customers and interested parties and to inform them about our products and services.
User data is generally processed for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers will be stored on the users' computers. On the basis of these user profiles, advertisements are then placed, for example, within social networks but also on third-party websites.
The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR, based on our legitimate interest in effective information of and communication with users. The legal basis for data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The following links will also provide you with further information on the respective data processing and the possibilities of objection.
We would like to point out that data protection requests can be made most efficiently to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.
Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). The link to Twitter’s privacy policy can be found here: Twitter’s privacy notices.
Pinterest is operated by Pinterest Inc., 635 High Street, PALO ALTO, CA, USA ("Pinterest"). The link to Pinterest’s privacy policy can be found here: Pinterest’s privacy notices.
Instagram is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The link to Instagram's privacy policy can be found here: Instagram's Privacy Policy.
YouTube
YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The privacy policy can be found under Privacy Policy: https://policies.google.com/privacy
DATA RECIPIENTS
We will only pass on the data we collect if:
- you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
- disclosure under Article 6(1)(f) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
- we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
- this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.
Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.
We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).
We transmit your payment data encrypted within the group to TriStyle Mode GmbH for purposes of the group-wide internal control system as well as taxation documentation and disclosure obligations within the scope of the VAT tax group to TriStyle Mode GmbH on the basis of legitimate interest acc. Article 6 (1)(f) of the GDPR.
For economic reasons, we pass on your data to donation organisations. The legal basis for this is Art. 6 para. 1 f) GDPR, based on our legitimate economic interest.
In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement (the legal basis for this data processing is, depending on the individual case, Art. 6 para. 1 c) or f) GDPR).
Transfer of data to countries outside the EEA
As explained in this privacy policy, we use services whose providers are partly located in so-called third party countries (such as the USA), i.e. countries whose data protection level does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequate decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your express consent (Art. 49 para. 1 a) GDPR) or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures (Art. 49 para. 1 b) GDPR).
If a transfer to a third country is envisaged and no adequacy finding or suitable guarantees have been provided, it is possible and there is a risk that authorities in the third country in question (e.g. secret services) may gain access to the transferred data in order to record and analyse it and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when you obtain your consent via the cookie banner.
RETENTION PERIOD
In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.
For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.
We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under UK law. The periods specified therein for retention of documents range from two to ten years.
YOUR RIGHTS
You have the following legal data protection rights under the respective legal provisions:
- Right to information (Article 15 of the GDPR);
- Right of cancellation/erasure/right to be forgotten (Article 17 of the GDPR);
- Right to rectification (Article 16 of the GDPR);
- Right to restriction of processing (Article 18 of the GDPR);
- Right to data portability (Article 20 of the GDPR).
You can contact us at any time using the above-mentioned contact details to assert your rights described here.
You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for the UK is the ICO (https://ico.org.uk/). Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.
Right of revocation and the right to object
In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until revocation shall not be affected.
If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest.
Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.
If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.
Data security
We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.
Changes to the privacy policy
We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.
Version: August 2023