Privacy & cookie policy

In this privacy policy we will inform you about the processing of your data during the use of our website and during your shopping experience.

The term "your data" means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number.

Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term "personal data".

You can print or save this privacy policy by using your browser’s usual functionality. You can also download and save this privacy policy as a PDF file by clicking below.

RESPONSIBLE AUTHORITY AND CONTACT DETAILS

The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:

MADELEINE Fashion Ltd.
c/o Francis Clark LLP
North Quay House
Sutton Harbour
Plymouth
PL4 0RA

You can also contact our data protection officer using the above contact details.

Please use the following contact details if you have any questions or requests regarding the protection of your data:

MADELEINE Fashion Ltd.
Woodview Road
Paignton
TQ4 7SR

Tel: 0333 400 0 400
E-Mail: service@madeleine.co.uk

(subsequently referred to as “MADELEINE”, “We” or “Us”)

DATA PROCESSING FOR THE EXECUTION OF THE CONTRACT AND WHEN CONTACTING US

Your order or purchasing data

We will record your order or purchase data if you order from us in our online shop, by phone or by order form.

Order or purchase data includes, for example:

Your details of purchased items, such as name, size, colour, purchase price, etc.;
Your payment details (we never store your card details in our system);
Your delivery and billing address;
Your declarations of withdrawal, your complaints and other notifications with regard to your orders or purchases;
Your order number;
Your order status, e.g. "Dispatched" or “Returned”;
Your payment status;
The details of the service providers involved in the execution of the contract, in the case of shipping companies, for example your consignment number

· You can view your essential order data at any time under "My account".

We process your data so that we can process your order, so that we can send you your order and so that we can process returns, complaints and warranty cases if necessary.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

My account

You can register on our website or create a customer account.

You will need the following information to register:

Your full name;
Your address;
Your email address;
Password of your choice

You can subsequently log in to "my account" using your e-mail address and password.

We process your data so that you have an overview of your previous orders to make your shopping more convenient and easier, and so that you can manage your personal data and settings.

You can also order as a guest without registration. We will also save your order history in this case, so that you will have an overview of your previous orders if you subsequently register under "my account".

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Your contact details and notifications

If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Payment information

We offer you the usual payment methods credit card, debit card, PayPal, etc. Depending on which payment method you select during the order process, we will pass on the payment data collected for the processing of payments to the relevant institution tasked with the payment and, if applicable, to payment service providers we have commissioned or to the selected payment service. Payment and contract processing cannot be carried out without these payment data and payment service providers.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

When paying by credit/debit card, we save your card details pseudonymised for processing the payment transaction. In addition, we will pseudonymise your credit card information to facilitate future payment transactions and for identification purposes based on our legitimate interest in providing our customers with an optimised and efficient purchasing process and to uniquely identify them. You can object at any time to the storage of your card data under the mentioned contact information. We will delete this pseudonymous data as soon as the credit card becomes invalid or you wish us to do so.

The legal basis for the above-mentioned data processing is Article 6(1) (f) of the GDPR.

DATA PROCESSING FOR CUSTOMER RELATIONSHIP MAINTENANCE

Your date of birth

You may tell us your date of birth. Provision of this information is voluntary. We record your date of birth to send you birthday greetings.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Competitions and surveys

If you take part in one of our surveys, we will use your data for marketing and opinion research. Naturally, we will only use this data in an anonymised form for statistical purposes. Personal data will only be collected with your consentif surveys are not conducted anonymously despite the foregoing. The GDPR is not applicable to anonymous surveys.

In exceptional cases, with respect to personal data, the legal basis of the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Regarding competitions, we will use your data for the purpose of conducting the competition and notifying you of the prize. You will find detailed information in the respective competition’s conditions of participation where required.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

NEWSLETTER AND PROMOTIONAL STRATEGY

Newsletter

If you register for our newsletter, we will use the data you provide to send you our newsletter with your express consent. The newsletter contains current information as well as offers from MADELEINE.

We will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to verify your registration. You can unsubscribe from the newsletter at any time here. Every newsletter also contains a corresponding unsubscribe link. Naturally, a notification sent using the contact details indicated above or in the newsletter (e.g. by e-mail, phone or letter) will also suffice. In this case, please provide us with the e-mail address to be unsubscribed.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

For sending the newsletter, we use the service provider Emarsys Interactive Services GmbH ("Emarsys"), Stralauer Platz 34, 10243 Berlin. In our newsletter we use current technologies with which the interactions with the newsletter can be quantified (e.g. opening of e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations, to optimize and further develop our content, for customer communication and for adjusting personalised advertising. This is done using small graphics embedded in the messages (so-called pixels). You can find the Emarsys Privacy Policy here: www.emarsys.com/en-uk/privacy-policy

We also use "Webextend" as a tracking technology from Emarsys (see above) to make advertising and newsletters appealing to you and tailor them to your interests. This may include, in particular, products and articles that you have viewed, as well as information, for example, about your computer, your surfing history and the time of the website visit. The data that is processed is exclusively pseudonymised. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys to create suitable and interesting newsletters for you. You may object to this use for personalized advertising at any time.

Webextend Opt-Out

If you object to data collection by Emarsys, the domain madeleine.co.uk will set a cookie with the name "emarsys_optout".

If you have given us consent by signing up for our newsletters and thus agreeing to this Privacy Policy, in order to send a review request with regards to your order, we may send your e-mail address to Trustpilot, 1 St Martin’s le Grand, 7th Floor, London, EC1A 4NP (uk.trustpilot.com) for them to process a review request, and review reminder, on our behalf. You can unsubscribe from emails from Trustpilot at the bottom of any email you receive from them.

The legal basis for the above-mentioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

If you do not wish to receive the analysis of usage behaviour, you can unsubscribe from the newsletter (see below) or deactivate graphics in your e-mail program by default. For more information, please consult the instructions for Microsoft Outlook, Gmail and BT Mail. We would like to share content through our newsletter that is as relevant as possible for our customers and better understand what readers are actually interested in.

New customer acquisition and marketing existing customers

We augment our customer data with information that we receive from companies selected for acquisition of new customers. The information we receive are only so-called score values from which we can draw no conclusions concerning natural persons. These are calculated from characteristics of consumer behaviour, mail order information, information on the respective housing situation and micro-geographical data. They originate, for example, from household surveys on consumption and lifestyle topics as well as from house valuations. This information helps us distinguish active customers from inactive customers, activate inactive customers, determine the probability that existing customers might be interested in certain products and strengthen customer relationships.

If we haven’t collected your data directly from you, you may find out more information about the source of the data by calling our customer services team at 0333 400 0 400. We will then use the postal address section of the respective catalogue to determine the source of your data.

The legal basis for the aforementioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

Third-party marketing purposes

We transmit generally published data such as surname, first name, address, date of birth and purchase data for our own and third-party marketing purposes on the basis of legitimate interests to retailers, mail-order companies with an interesting product range and cooperative databases, such as Epsilon Abacus and Experian Limited based on Article 6 (1) (f) of the GDPR.

We will share your data with Experian Limited, Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ, who will use it to create products and services to help organisations better understand the likely characteristics of their customers; communicate with them more effectively; and find others like them across a range of marketing channels. This may mean that you receive advertising that is more relevant to you via direct mail. For more information have a look at www.experian.co.uk/privacy

We work with Epsilon International UK Ltd, a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. (Please note that Epsilon Abacus may transfer your data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.) For more information have a look at: emea.epsilon.com/privacy-policy

If you would like more information, please call us on 0333 400 0 400, email us at service@madeleine.co.uk or write to us at the address below: MADELEINE Fashion Ltd, Woodview Road, Paignton, Devon, TQ4 7SR.

The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR.

Advertising partners

We receive information from selected operators of online advertising networks such as Google or Facebook and data providers who carry out advertising for or together with us (subsequently referred to as "advertising partners").

The information we receive from advertising partners is information and statistics about demographics (such as age, gender, region, etc.), device and access data, and our users’ interests. This information can help us better understand our users, for example in the context of customer structure analyses and user segmentation. We only receive aggregated, encrypted or anonymous data and we cannot assign the data to any particular person, in particular any particular user.

The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on our above-mentioned legitimate interests.

VISITING THIS WEBSITE

Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:

IP address of the requesting terminal;
Date and time of the request;
Address of the web page called up and the requesting web page;
Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)

The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits (e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.

The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.

Cookies

We use cookies to provide you with basic functions such as a shopping cart, my account or an ordering option. We also use cookies to render the use of our website more user-friendly, safer and more effective. Cookies are small text files that are stored locally on your terminal’s data carrier via your browser. In this respect, a basic distinction is made between two types of cookies: session cookies and permanent cookies. Session cookies are temporary cookies that are automatically deleted once the browser is closed. They are required for our website’s basic functions for example. On the other hand, permanent cookies have a validity period exceeding beyond the validity period of session cookies and which can extend to days or years. Unless you have previously deleted your cookies yourself, permanent cookies will be deleted automatically once the specified validity period has been reached. Permanent cookies are used, among other things, to store your personal settings and decisions, including your objection to recording through our web tracking (opt-out cookie).

Cookies cannot transmit viruses or read your data carrier. Furthermore, cookies can only be read by their owners. It is therefore not possible for other websites to read data from our cookies. Under no circumstances do we store personal data within a cookie.

In addition, MADELEINE places advertising on other websites via advertising partners or advertising networks. These advertising partners use so-called third party cookies which are set by madeleine.co.uk with their visit. Third-party cookies can only be read by the respective advertising partner. Their purpose is the performance assessment and apportionment of the advertising measures we use between the respective advertising partner and MADELEINE.

You can determine at any time how your browser should handle cookies in your browser settings. For example, you can generally allow or prohibit cookies, or even only prohibit cookies from third party providers. However, the exact setting options depend on the browser used. For more information, see your browser’s help function. Please note, however, that some basic functions require cookies, such as the use of the shopping cart or the storage of your objection to data collection through our web tracking (opt-out cookie).

Analyses, product recommendations, web tracking and personalised advertising

We use cookies and comparable technologies to analyse usage behaviour and evaluate the associated data in order to improve our website. The data collected may include in particular the terminal device’s IP address, the date and time of access, a cookie’s identification number, the device identification of mobile devices and technical information about the browser and the operating system. However, the data collected will only be stored pseudonymously, so that no direct conclusions can be drawn about persons.

We also use cookies and similar technologies for advertising purposes. When you order from us, buy something or interact with our website, we know, among other things, which products, product types, styles and topics you are interested in. For example, if you put products on your wish list, search for products or repeatedly visit a specific area of the online shop. This helps us to permanently improve your shopping experience and to render it customer-friendly and individualised for you. The information transmitted and automatically generated from you will be used to design advertising tailored to you and your interests. We will also use your data in connection with data analyses and market research.

The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on consent to a demand-oriented design, continuous optimisation of our website and to providing you with personalised advertising.

We would like to explain these technologies and the providers used for them in more detail in the following section.

You will find opportunities to object to our analysis and advertising measures below. In the following descriptions of the technologies we use, you will also find information on the possible objections regarding our analysis and advertising measures by means of a so-called opt-out cookie.

Product recommendations

Personalised product recommendations are displayed on our website using technologies and services of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany ("Webtrekk") based on your usage behaviour.

For more information about Webtrekk and the opt-out option, please see web tracking below in this Privacy Policy.

Web tracking

Webtrekk Analytics

For more information about Webtrekk and the opt-out option, please see web tracking below in this Privacy Policy. Our website uses technologies and services or Webrekk GmbH, Robert-Koch-Platz 4, 10115, Berlin, Germany ("Webtrekk") to collect and send data to Webtrekk for marketing and optimisation purposes. Cookies will also be used for this purpose. Data will only be recorded in pseudonymous form. IP addresses will not be stored, but will be used once for the purpose of geo-localisation (up to city level) and then discarded.

You can find more information on this in Webtrekk's privacy notices.

AdClear campaign tracking

We use the services of AdClear GmbH, Robert-Koch-Platz 4, 10115 Berlin ('AdClear') to collect statistical data for campaign tracking and thus to optimize the offer for our customers. Cookies are also used for this purpose. Data will only be recorded in pseudonymous form.

You can find more detailed information on this in AdClear’s privacy notices.

Web tracking opt-out

If you object to data collection by Webtrekk Analytics and AdClear campaign tracking, the domain madeleine.co.uk will set a cookie with the name "omniture_optout".

Personalised Advertising

Bing Ads

Our website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") Microsoft uses cookies and similar technologies to display advertisements relevant to you. Use of these technologies enables Microsoft and its partner sites to display ads based on previous visits to our website or other websites on the Internet. The data arising in this context can be transferred by Microsoft to a server in the USA for evaluation and stored there. Microsoft has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

You can find out more information on this in Microsoft's privacy statement.

Conversant

Our website uses the services of Conversant Media, Oxford House, 182 Upper Richmond Road, Putney, London, SW15 2SH ("Conversant"). Conversant collects anonymised statistical information to show you personalised advertising. Third-party cookies are used for this purpose. Further information, as well as the corresponding opt-out possibility to deactivate internet-based advertising provided by Conversant can be found at https://www.conversantmedia.com/legal/privacy#YOUR_CHOICES.

Furthermore, we will share certain data collected from our dealings with you with Conversant based on legitimate interest. This data could include name, surname, address, date of birth and purchase details. We share this data with Conversant so they can serve personalised ads, providing you have not opted-out. Please note that your data may be transferred outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.

Criteo

Our website uses the services of Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") for personalised advertising. Criteo will use third-party cookies while you are surfing our website. This allows us to display our advertising to visitors interested in our products on partner websites, apps and emails. Re-targeting technologies use cookies or advertising IDs and display advertising based on your previous browsing behaviour.

You may prevent the use of cookies by opting out on Criteo’s website. Alternatively, you can prevent interest-based advertising by setting your browser accordingly (as described above) or visit the following websites:

http://optout.networkadvertising.org/?c=1#!/

http://www.youronlinechoices.com/

We may exchange information such as technical identifiers from your registration information on our website or our CRM system with reliable advertising partners. This will link your devices and/or environments and offers you a seamless user experience with the devices and environments you use.

You can find more information on this in Criteo’s privacy policy.

Facebook Fan Page and Pixel

We operate a fan page on the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") in joint responsibility to communicate, among others, with prospects and followers, and through our products and services inform. For customers from the European Economic Area and Switzerland Facebook products are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

For marketing purposes, our website uses so-called remarketing tags (also known as "Facebook pixels") of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). When you visit our website, these tags will establish a connection between your browser and a Facebook server. Facebook will receive the information that our website has been accessed with your IP address. Facebook has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA. Facebook uses this information to provide us with statistical and anonymous data about the general use of our website and the effectiveness of our Facebook advertising ("Facebook ads").

Facebook may also link the information we collect from your visit to us to your member account and use it for the targeted insertion of Facebook ads if you are a Facebook member and Facebook has been allowed to do this through your account's privacy settings. You can view and change your Facebook profile’s privacy settings at any time. If you are not a Facebook member, you can stop Facebook from processing your information by clicking the "Facebook" opt-out button on the TRUSTe Website.

If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

You can find more information on this in Facebook’s privacy policy.

Facebook social plug-ins can be blocked in all common browsers by using so-called browser add-ons. For more information about social plug-ins, see: facebook.com/help/plugins

Google

Our website uses services and technologies for users who are habitually resident in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and all other users of Google LLC (" Google "), 1600 Amphitheater Parkway Mountain View, CA 94043, USA. In the event that personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield

See Google’s privacy policy for more information. In particular, we use the following services and technologies from Google:

Google DoubleClick

Our website uses DoubleClick by Google. DoubleClick uses cookies and similar technologies to display ads relevant to you. Use of DoubleClick allows Google and its partner sites to display ads based on previous visits to our website or other websites on the Internet. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and stored there.

You may refuse the use of cookies by selecting the appropriate settings on your browser (as described above). However, please note that if you do this you may not be able to use this website's full functionality. You can also prevent Google from collecting the data generated by the cookie and relating to the use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: Browser plug-in. As an alternative to the browser plug-in or within the browsers on mobile devices, you can disable the "personalised advertising" button in Google Setttings for advertising. In this case, Google will only display general advertising that has not been selected based on the information collected about you.

Google Remarketing

Our website uses Google Remarketing, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA ("Google"). This service uses cookies and similar technologies to display personalised advertising messages on websites that work with Google. Cookies and similar technologies are also used to perform the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and stored there. Google has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

If you use a Google Account, depending on the settings in your Google Account, Google may link your Google web and app browsing history to your Google Account and use information from your Google Account to personalise ads. if you don't want this association with your Google Account, you have to log out of Google before you access our contact page.

As described above, you can configure your browser to reject cookies, or you can prevent the collection of data generated by the cookies and related to your use of this website and the processing of this data by Google by accessing the ad preferences and setting the personalisation buttons to "Off". Alternatively, you can opt out of processing by visiting the TRUSTe website and clicking the Google Opt-out button.

Google Tag-Manager

Our website uses Google Tag-Manager. The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in our website’s source code to record, for example, predefined usage data. The Google-Tag-manger comes without the use of cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect data. Some of the data will be stored on a Google server in the USA. If deactivation has been carried out at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

For more information, please refer to the additional information from Google on the Tag-Manager.

Rakuten

Our website participates in affiliate programs of Rakuten Marketing Europe Limited (“Rakuten”), a service for the inclusion of advertisements in the form of text links, image links, banners or forms on third-party websites.

In case you reach our website via such an ad, a so-called web beacon (invisible graphic) is integrated here. Through this, information such as your IP address and purchases made by you can be evaluated via the order number (order ID) on this page.

The information collected through cookies and web beacons on the use of this website (your IP address and the order ID) are transmitted to Rakuten for billing purposes and stored there. This information may be passed on by Rakuten to contractors of Rakuten. However, Rakuten will not merge your IP address with other data you have stored.

Further information can be found in Rakuten’s rakutenmarketing/com/privacy

The legal basis for the processing of your data is Article 6 (1) f) of the GDPR, based on our legitimate interest in including interest-based and target group-oriented advertising on third party websites.

Social Media

The social media pages, Facebook, Twitter, Pinterest, Instagram, and YouTube linked to our website lead to the respective company’s online presence with the respective provider. If you do not have your own account with the provider or are not logged in there, no personal data will be transferred when you visit the provider site via our link. The relevant privacy notices and opt-out options are as follows:

Facebook

Facebook.com is operated by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). Facebook has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

For settings options for protecting your privacy on Facebook, please refer to Facebook's privacy notices at https://www.facebook.com/policy or at https://www.facebook.com/help/568137493302217.

Facebook social plug-ins can be blocked in all common browsers by using so-called browser add-ons. For more information about social plug-ins, see https://www.facebook.com/help/443483272359009.

Twitter

Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). Twitter has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

The link to Twitter’s privacy policy can be found here: Twitter’s privacy notices.

Pinterest

Pinterest is operated by Pinterest Inc., 635 High Street, PALO ALTO, CA, USA ("Pinterest"). The link to Pinterest’s privacy policy can be found here: Pinterest’s privacy notices.

Instagram

Instagram is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. The link to Instagram’s privacy policy can be found here: Instagram’s privacy notices.

Customer Surveys

SurveyMonkey

To survey our customers, we use the SurveyMonkey tool provided by SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland ("SurveyMonkey"), which collects your IP address and answers to survey questions. Participation in the polls is voluntary.

If you participate, your answers will only be provided to us in the form of statistics and will not be merged with your customer account.

After the evaluation of the survey, we delete the survey data from SurveyMonkey. Within 90 days, this data will be permanently deleted from the systems of SurveyMonkey.

The legal basis of the processing is our legitimate interest in conducting customer surveys in accordance with Article 6 (1) f) of the GDPR.

In the event that data is transferred to the United States, SurveyMonkey has submitted to the EU-US Privacy Shield.

Further information can be found in SurveyMonkey's privacy policy: Surveymonkey’s privacy notices.

DATA RECIPIENTS

We will only pass on the data we collect if:

you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
disclosure under Article 6(1)(a) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.

We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).

We transmit your payment data encrypted within the group to TriStyle Mode GmbH for purposes of the group-wide internal control system as well as taxation documentation and disclosure obligations within the scope of the VAT tax group to TriStyle Mode GmbH on the basis of legitimate interest acc. Article 6 (1)(f) of the GDPR.

Furthermore, data may be disclosed in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

RETENTION PERIOD

In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.

For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.

We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under UK law. The periods specified therein for retention of documents range from two to ten years.

YOUR RIGHTS

You have the following legal data protection rights under the respective legal provisions:

Right to information (Article 15 of the GDPR);
Right of cancellation/erasure/right to be forgotten 17 of the GDPR);
Right to rectification (Article 16 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to data portability (Article 20 of the GDPR).

You can contact us at any time using the above-mentioned contact details to assert your rights described here.

You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for the UK is the ICO (https://ico.org.uk/). Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

Right of revocation and the right to object

In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until the revocation shall not be affected.

If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest. Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.

If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.

Data security

We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.

Changes to the privacy policy

We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.

Version: August 2019