Privacy & cookie policy

In this privacy policy we will inform you about the processing of your data during the use of our website and during your shopping experience.

We take your data security seriously and wish to ensure that your privacy is protected. We only process your data within the provisions of the current legal framework. We capture, process and use your data with your consent or based on another legal right or obligation.

The term "your data" means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number.

Purpose, legal basis of processing and personal data categories

In the case of direct or indirect collection of data from you or from third parties, we require and process your data for the following purposes and based on the following legal basis:

- To fulfil the contract within the context of the processing of your order and, if necessary to allow you to return any part of the order to us for a refund. The provision of this data is required in order to process your order completely and thus for the fulfilment of the contract.
- To respond more quickly in case of queries in the context of the fulfilment of the contract (your telephone number and/or email address). The provision of this data is voluntary for the fulfilment of the contract, but facilitates considerably the communication when fulfilling the contract.
- For direct advertising with printed materials we will be using the legal basis of legitimate interest for our own and third party marketing activities (your name, your address, your purchase data).
-To send you relevant e-mail newsletters for our own advertising purposes we will need to use your email address and purchase data. For this we will require your informed consent, which is voluntary.
- We plan to send customer communications and product recommendations via email based on past buying behaviour at www.madeleine.co.uk. We will be relying on our legitimate interest to use this data (your email address, purchase details). Provision of the email address is obligatory when ordering via www.madeleine.co.uk, but you may opt out at any time.

Statistical data which we collect when you visit our website, for example, and which cannot be associated with your person do not fall under the concept of personal data.

You can print or save this privacy policy by using your browser’s usual functionality. You can also download and save this privacy policy as a PDF file by clicking below.

RESPONSIBLE AUTHORITY AND CONTACT DETAILS

The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:

MADELEINE Fashion Ltd.
c/o Francis Clark LLP
North Quay House
Sutton Harbour
Plymouth
PL4 0RA

You can also contact our data protection officer using the above contact details.

Please use the following contact details if you have any questions or requests regarding the protection of your data:

MADELEINE Fashion Ltd.
Woodview Road
Paignton
TQ4 7SR

Tel: 0333 400 0 400
E-Mail: service@madeleine.co.uk

(subsequently referred to as “MADELEINE”, “We” or “Us”)

DATA PROCESSING FOR THE EXECUTION OF THE CONTRACT AND WHEN CONTACTING US

Your order or purchasing data

We will record your order or purchase data if you order from us in our online shop, by phone or by order form.

Order or purchase data includes, for example:

Your details of purchased items, such as name, size, colour, purchase price, etc.;
Your payment details (we never store your card details in our system);
Your delivery and billing address;
Your declarations of withdrawal, your complaints and other notifications with regard to your orders or purchases;
Your order number;
Your order status, e.g. "Dispatched" or “Returned”;
Your payment status;
The details of the service providers involved in the execution of the contract, in the case of shipping companies, for example your consignment number

· You can view your essential order data at any time under "My account".

We process your data so that we can process your order, so that we can send you your order and so that we can process returns, complaints and warranty cases if necessary.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

My account

You can register on our website or create a customer account.

You will need the following information to register:

Your full name;
Your address;
Your email address;
Password of your choice

You can subsequently log in to "my account" using your e-mail address and password.

We process your data so that you have an overview of your previous orders to make your shopping more convenient and easier, and so that you can manage your personal data and settings.

You can also order as a guest without registration. We will also save your order history in this case, so that you will have an overview of your previous orders if you subsequently register under "my account".

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Your contact details and notifications

If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Payment information

We offer you the usual payment methods credit card, debit card, PayPal, etc. Depending on which payment method you select during the order process, we will pass on the payment data collected for the processing of payments to the relevant institution tasked with the payment and, if applicable, to payment service providers we have commissioned or to the selected payment service. Payment and contract processing cannot be carried out without these payment data and payment service providers.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

DATA PROCESSING FOR CUSTOMER RELATIONSHIP MAINTENANCE

Your date of birth

You may tell us your date of birth. Provision of this information is voluntary. We record your date of birth to send you birthday greetings.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Competitions and surveys

If you take part in one of our surveys, we will use your data for marketing and opinion research. Naturally, we will only use this data in an anonymised form for statistical purposes. Personal data will only be collected with your consentif surveys are not conducted anonymously despite the foregoing. The GDPR is not applicable to anonymous surveys.

In exceptional cases, with respect to personal data, the legal basis of the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Regarding competitions, we will use your data for the purpose of conducting the competition and notifying you of the prize. You will find detailed information in the respective competition’s conditions of participation where required.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

NEWSLETTER AND PROMOTIONAL STRATEGY

Newsletter

If you register for our newsletter, we will use the data you provide to send you our newsletter with your express consent. The newsletter contains current information as well as offers from MADELEINE.

We will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to verify your registration. You can unsubscribe from the newsletter at any time here. Every newsletter also contains a corresponding unsubscribe link. Naturally, a notification sent using the contact details indicated above or in the newsletter (e.g. by e-mail, phone or letter) will also suffice. In this case, please provide us with the e-mail address to be unsubscribed.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

For sending the newsletter, we use the service provider Emarsys Interactive Services GmbH ("Emarsys"), Stralauer Platz 34, 10243 Berlin. In our newsletter we use current technologies with which the interactions with the newsletter can be quantified (e.g. opening of e-mail, clicked links). We use this data in pseudonymous form for general statistical evaluations, to optimize and further develop our content, for customer communication and for adjusting personalised advertising. This is done using small graphics embedded in the messages (so-called pixels). You can find the Emarsys Privacy Policy here: www.emarsys.com/en-uk/privacy-policy

We also use "Webextend" as a tracking technology from Emarsys (see above) to make advertising and newsletters appealing to you and tailor them to your interests. This may include, in particular, products and articles that you have viewed, as well as information, for example, about your computer, your surfing history and the time of the website visit. The data that is processed is exclusively pseudonymised. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys to create suitable and interesting newsletters for you. You may object to this use for personalized advertising at any time.

Webextend Opt-Out

If you object to data collection by Emarsys, the domain madeleine.co.uk will set a cookie with the name "emarsys_optout".

If you have given us consent by signing up for our newsletters and thus agreeing to this Privacy Policy, in order to send a review request with regards to your order, we may send your e-mail address to Trustpilot, 1 St Martin’s le Grand, 7th Floor, London, EC1A 4NP (uk.trustpilot.com) for them to process a review request, and review reminder, on our behalf. You can unsubscribe from emails from Trustpilot at the bottom of any email you receive from them.

The legal basis for the above-mentioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

If you do not wish to receive the analysis of usage behaviour, you can unsubscribe from the newsletter (see below) or deactivate graphics in your e-mail program by default. For more information, please consult the instructions for Microsoft Outlook, Gmail and BT Mail. We would like to share content through our newsletter that is as relevant as possible for our customers and better understand what readers are actually interested in.

New customer acquisition and marketing existing customers

We augment our customer data with information that we receive from companies selected for acquisition of new customers. The information we receive are only so-called score values from which we can draw no conclusions concerning natural persons. These are calculated from characteristics of consumer behaviour, mail order information, information on the respective housing situation and micro-geographical data. They originate, for example, from household surveys on consumption and lifestyle topics as well as from house valuations. This information helps us distinguish active customers from inactive customers, activate inactive customers, determine the probability that existing customers might be interested in certain products and strengthen customer relationships.

If we haven’t collected your data directly from you, you may find out more information about the source of the data by calling our customer services team at 0333 400 0 400. We will then use the postal address section of the respective catalogue to determine the source of your data.

The legal basis for the aforementioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

Third-party marketing purposes

We also use and process listed address information for third-party marketing purposes, for this purpose we pass on this data to our group and partner companies. In return, we receive corresponding listed address information, which we use for our own marketing purposes. Naturally, you may object to the use, processing and passing on of your data for advertising purposes at any time by contacting us using the above-mentioned contact details.

We share the following personal data with the following third parties:

For sending your order and maintaining the customer relationship we share your name and address with third parties such as suppliers, freight forwarders and postal service providers.
We share publically available data or certain data collected from our dealings with you based on legitimate interest. This data could include name, surname, address, date of birth and purchase details. We share this data with distributors, mail order companies with an interesting range of products and cooperative databases such as Epsilon Abacus.
We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. (Please note that Epsilon Abacus may transfer your data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission. If you would like more information, please call us on 0333 400 0 400, email us at service@madeleine.co.uk or write to us at the address below: MADELEINE Fashion Ltd, Woodview Road, Paignton, Devon, TQ4 7SR).
The data shared with third parties will be used by them exclusively for the fulfilment of their obligations or duties or for direct marketing.

The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR, based on our legitimate interest

Advertising partners

We receive information from selected operators of online advertising networks such as Google or Facebook and data providers who carry out advertising for or together with us (subsequently referred to as "advertising partners").

The information we receive from advertising partners is information and statistics about demographics (such as age, gender, region, etc.), device and access data, and our users’ interests. This information can help us better understand our users, for example in the context of customer structure analyses and user segmentation. We only receive aggregated, encrypted or anonymous data and we cannot assign the data to any particular person, in particular any particular user.

The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR, based on our above-mentioned legitimate interests.

VISITING THIS WEBSITE

Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:

IP address of the requesting terminal;
Date and time of the request;
Address of the web page called up and the requesting web page;
Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)

The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits (e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.

The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.

Cookies

We use cookies to provide you with basic functions such as a shopping cart, my account or an ordering option. We also use cookies to render the use of our website more user-friendly, safer and more effective. Cookies are small text files that are stored locally on your terminal’s data carrier via your browser. In this respect, a basic distinction is made between two types of cookies: session cookies and permanent cookies. Session cookies are temporary cookies that are automatically deleted once the browser is closed. They are required for our website’s basic functions for example. On the other hand, permanent cookies have a validity period exceeding beyond the validity period of session cookies and which can extend to days or years. Unless you have previously deleted your cookies yourself, permanent cookies will be deleted automatically once the specified validity period has been reached. Permanent cookies are used, among other things, to store your personal settings and decisions, including your objection to recording through our web tracking (opt-out cookie).

Cookies cannot transmit viruses or read your data carrier. Furthermore, cookies can only be read by their owners. It is therefore not possible for other websites to read data from our cookies. Under no circumstances do we store personal data within a cookie.

In addition, MADELEINE places advertising on other websites via advertising partners or advertising networks. These advertising partners use so-called third party cookies which are set by madeleine.co.uk with their visit. Third-party cookies can only be read by the respective advertising partner. Their purpose is the performance assessment and apportionment of the advertising measures we use between the respective advertising partner and MADELEINE.

You can determine at any time how your browser should handle cookies in your browser settings. For example, you can generally allow or prohibit cookies, or even only prohibit cookies from third party providers. However, the exact setting options depend on the browser used. For more information, see your browser’s help function. Please note, however, that some basic functions require cookies, such as the use of the shopping cart or the storage of your objection to data collection through our web tracking (opt-out cookie).

Analyses, product recommendations, web tracking and personalised advertising

We use cookies and comparable technologies to analyse usage behaviour and evaluate the associated data in order to improve our website. The data collected may include in particular the terminal device’s IP address, the date and time of access, a cookie’s identification number, the device identification of mobile devices and technical information about the browser and the operating system. However, the data collected will only be stored pseudonymously, so that no direct conclusions can be drawn about persons.

We also use cookies and similar technologies for advertising purposes. When you order from us, buy something or interact with our website, we know, among other things, which products, product types, styles and topics you are interested in. For example, if you put products on your wish list, search for products or repeatedly visit a specific area of the online shop. This helps us to permanently improve your shopping experience and to render it customer-friendly and individualised for you. The information transmitted and automatically generated from you will be used to design advertising tailored to you and your interests. We will also use your data in connection with data analyses and market research.

The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on consent to a demand-oriented design, continuous optimisation of our website and to providing you with personalised advertising.

We would like to explain these technologies and the providers used for them in more detail in the following section.

You will find opportunities to object to our analysis and advertising measures below. In the following descriptions of the technologies we use, you will also find information on the possible objections regarding our analysis and advertising measures by means of a so-called opt-out cookie.

Product recommendations

Personalised product recommendations are displayed on our website using technologies and services of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany ("Webtrekk") based on your usage behaviour.

For more information about Webtrekk and the opt-out option, please see web tracking below in this Privacy Policy.

Web tracking

Webtrekk Analytics

For more information about Webtrekk and the opt-out option, please see web tracking below in this Privacy Policy. Our website uses technologies and services or Webrekk GmbH, Robert-Koch-Platz 4, 10115, Berlin, Germany ("Webtrekk") to collect and send data to Webtrekk for marketing and optimisation purposes. Cookies will also be used for this purpose. Data will only be recorded in pseudonymous form. IP addresses will not be stored, but will be used once for the purpose of geo-localisation (up to city level) and then discarded.

You can find more information on this in Webtrekk's privacy notices.

AdClear campaign tracking

We use the services of AdClear GmbH, Robert-Koch-Platz 4, 10115 Berlin ('AdClear') to collect statistical data for campaign tracking and thus to optimize the offer for our customers. Cookies are also used for this purpose. Data will only be recorded in pseudonymous form.

You can find more detailed information on this in AdClear’s privacy notices.

Web tracking opt-out

If you object to data collection by Webtrekk Analytics and AdClear campaign tracking, the domain madeleine.co.uk will set a cookie with the name "omniture_optout".

Personalised Advertising

Bing Ads

Our website uses Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") Microsoft uses cookies and similar technologies to display advertisements relevant to you. Use of these technologies enables Microsoft and its partner sites to display ads based on previous visits to our website or other websites on the Internet. The data arising in this context can be transferred by Microsoft to a server in the USA for evaluation and stored there. Microsoft has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

You can find out more information on this in Microsoft's privacy statement.

Conversant

Our website uses the services of Conversant Media, Oxford House, 182 Upper Richmond Road, Putney, London, SW15 2SH ("Conversant"). Conversant collects anonymised statistical information to show you personalised advertising. Third-party cookies are used for this purpose. Further information, as well as the corresponding opt-out possibility to deactivate internet-based advertising provided by Conversant can be found at https://www.conversantmedia.com/legal/privacy#YOUR_CHOICES.

Furthermore, we will share certain data collected from our dealings with you with Conversant based on legitimate interest. This data could include name, surname, address, date of birth and purchase details. We share this data with Conversant so they can serve personalised ads, providing you have not opted-out. Please note that your data may be transferred outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.

Criteo

Our website uses the services of Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo") for personalised advertising. Criteo will use third-party cookies while you are surfing our website. This allows us to display our advertising to visitors interested in our products on partner websites, apps and emails. Re-targeting technologies use cookies or advertising IDs and display advertising based on your previous browsing behaviour.

You may prevent the use of cookies by opting out on Criteo’s website. Alternatively, you can prevent interest-based advertising by setting your browser accordingly (as described above) or visit the following websites:

http://optout.networkadvertising.org/?c=1#!/

http://www.youronlinechoices.com/

We may exchange information such as technical identifiers from your registration information on our website or our CRM system with reliable advertising partners. This will link your devices and/or environments and offers you a seamless user experience with the devices and environments you use.

You can find more information on this in Criteo’s privacy policy.

Facebook Pixel

For marketing purposes, our website uses so-called remarketing tags (also known as "Facebook pixels") of the social network Facebook, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). When you visit our website, these tags will establish a connection between your browser and a Facebook server. Facebook will receive the information that our website has been accessed with your IP address. Facebook has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA. Facebook uses this information to provide us with statistical and anonymous data about the general use of our website and the effectiveness of our Facebook advertising ("Facebook ads").

Facebook may also link the information we collect from your visit to us to your member account and use it for the targeted insertion of Facebook ads if you are a Facebook member and Facebook has been allowed to do this through your account's privacy settings. You can view and change your Facebook profile’s privacy settings at any time. If you are not a Facebook member, you can stop Facebook from processing your information by clicking the "Facebook" opt-out button on the TRUSTe Website.

If you disable data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

You can find more information on this in Facebook’s privacy policy.

Google

Our website uses services and technologies of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

See Google’s privacy policy for more information. In particular, we use the following services and technologies from Google:

Google DoubleClick

Our website uses DoubleClick by Google. DoubleClick uses cookies and similar technologies to display ads relevant to you. Use of DoubleClick allows Google and its partner sites to display ads based on previous visits to our website or other websites on the Internet. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and stored there.

You may refuse the use of cookies by selecting the appropriate settings on your browser (as described above). However, please note that if you do this you may not be able to use this website's full functionality. You can also prevent Google from collecting the data generated by the cookie and relating to the use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: Browser plug-in. As an alternative to the browser plug-in or within the browsers on mobile devices, you can disable the "personalised advertising" button in Google Setttings for advertising. In this case, Google will only display general advertising that has not been selected based on the information collected about you.

Google Remarketing

Our website uses Google Remarketing, a service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA ("Google"). This service uses cookies and similar technologies to display personalised advertising messages on websites that work with Google. Cookies and similar technologies are also used to perform the analysis of website usage, which forms the basis for the creation of interest-based advertisements. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and stored there. Google has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

If you use a Google Account, depending on the settings in your Google Account, Google may link your Google web and app browsing history to your Google Account and use information from your Google Account to personalise ads. if you don't want this association with your Google Account, you have to log out of Google before you access our contact page.

As described above, you can configure your browser to reject cookies, or you can prevent the collection of data generated by the cookies and related to your use of this website and the processing of this data by Google by accessing the ad preferences and setting the personalisation buttons to "Off". Alternatively, you can opt out of processing by visiting the TRUSTe website and clicking the Google Opt-out button.

Google Tag-Manager

Our website uses Google Tag-Manager. The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in our website’s source code to record, for example, predefined usage data. The Google-Tag-manger comes without the use of cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect data. Some of the data will be stored on a Google server in the USA. If deactivation has been carried out at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

For more information, please refer to the additional information from Google on the Tag-Manager.

Social Media

The social media pages, Facebook, Twitter, Pinterest, Instagram, Google+ and YouTube linked to our website lead to the respective company’s online presence with the respective provider. If you do not have your own account with the provider or are not logged in there, no personal data will be transferred when you visit the provider site via our link. The relevant privacy notices and opt-out options are as follows:

Facebook

Facebook.com is operated by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). Facebook has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

For settings options for protecting your privacy on Facebook, please refer to Facebook's privacy notices at https://www.facebook.com/policy or at https://www.facebook.com/help/568137493302217.

Facebook social plug-ins can be blocked in all common browsers by using so-called browser add-ons. For more information about social plug-ins, see https://www.facebook.com/help/443483272359009.

Twitter

Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). Twitter has signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

The link to Twitter’s privacy policy can be found here: Twitter’s privacy notices.

Pinterest

Pinterest is operated by Pinterest Inc., 635 High Street, PALO ALTO, CA, USA ("Pinterest"). The link to Pinterest’s privacy policy can be found here: Pinterest’s privacy notices.

Instagram

Instagram is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. The link to Instagram’s privacy policy can be found here: Instagram’s privacy notices.

Google+ and YouTube

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). An overview of the Google plug-ins and their appearance can be found here: https://developers.google.com/+/plugins

YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA ("YouTube"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Google and its subsidiary YouTube have signed up to the EU-US Privacy Shield in the event that personal data is transferred to the USA.

Google and YouTube’s privacy notices can be found here: Google’s privacy notices.

DATA RECIPIENTS

We will only pass on the data we collect if:

you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
disclosure under Article 6(1)(a) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.

We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).

Furthermore, data may be disclosed in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

RETENTION PERIOD

In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.

For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.

We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under UK law. The periods specified therein for retention of documents range from two to ten years.

YOUR RIGHTS

You have the following legal data protection rights under the respective legal provisions:

Right to information (Article 15 of the GDPR);
Right of cancellation/erasure/right to be forgotten 17 of the GDPR);
Right to rectification (Article 16 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to data portability (Article 20 of the GDPR).

You can contact us at any time using the above-mentioned contact details to assert your rights described here.

You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for the UK is the ICO (https://ico.org.uk/). Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

Right of revocation and the right to object

In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until the revocation shall not be affected.

If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest. Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.

If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.

Data security

We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.

Changes to the privacy policy

We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.

Version: September 2018