Privacy & cookie policy

Privacy Policy

In this privacy policy we will inform you about the processing of your data during the use of our website and during your shopping experience.

The term “your data” means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number.

Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term "personal data".

You can print or save this privacy policy by using your browser’s usual functionality. You can also download and save this privacy policy as a PDF file.

20211126_MM_UK_Datenschutzhinweise.pdf

RESPONSIBLE AUTHORITY AND CONTACT DETAILS

The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:

MADELEINE Fashion Ltd.
c/o Francis Clark LLP
North Quay House
Sutton Harbour
Plymouth
PL4 0RA

Telephone: 0333 400 0 400
E-Mail: service@madeleine.co.uk

You can also contact our data protection officer using the above contact details.

Please use the following contact details if you have any questions or requests regarding the protection of your data:

MADELEINE Fashion Ltd.
Woodview Road
Paignton
TQ4 7SR

Tel: 0333 400 0 400
E-Mail: service@madeleine.co.uk

(subsequently referred to as “MADELEINE”, “We” or “Us”)

DATA PROCESSING FOR THE EXECUTION OF THE CONTRACT AND WHEN CONTACTING US

Your order or purchasing data

We will record your order or purchase data if you order from us in our online shop, by phone or by order form.

Order or purchase data includes, for example:

Your details of purchased items, such as name, size, colour, purchase price, etc.;
Your payment details
Your delivery and billing address;
Your declarations of withdrawal, your complaints and other notifications with regard to your orders or purchases;
Your order number;
Your order status, e.g. "Dispatched" or “Returned”;
Your payment status;
The details of the service providers involved in the execution of the contract, in the case of shipping companies, for example your consignment number

· You can view your essential order data at any time under "My account".

We process your data so that we can process your order, so that we can send you your order and so that we can process returns, complaints and warranty cases if necessary.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

My account

You can register on our website or create a customer account.

You will need the following information to register:

Your full name;
Your address;
Your email address;
Password of your choice

You can subsequently log in to "my account" using your e-mail address and password.

We process your data so that you have an overview of your previous orders to make your shopping more convenient and easier, and so that you can manage your personal data and settings.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

You can also order as a guest without registration. We will also save your order history in this case, so that you will have an overview of your previous orders if you subsequently register under "my account".

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Your contact details and notifications

If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

Payment information

We offer you the usual payment methods credit card, debit card, PayPal, etc. Depending on which payment method you select during the order process, we will pass on the payment data collected for the processing of payments to the relevant institution tasked with the payment and, if applicable, to payment service providers we have commissioned or to the selected payment service. Payment and contract processing cannot be carried out without these payment data and payment service providers.

The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.

When paying by credit/debit card, we save your card details pseudonymised for processing the payment transaction. In addition, we will pseudonymise your credit card information to facilitate future payment transactions and for identification purposes based on our legitimate interest in providing our customers with an optimised and efficient purchasing process and to uniquely identify them. You can object at any time to the storage of your card data under the mentioned contact information. We will delete this pseudonymous data as soon as the credit card becomes invalid or you wish us to do so.

The legal basis for the above-mentioned data processing is Article 6(1) (f) of the GDPR.

DATA PROCESSING FOR CUSTOMER RELATIONSHIP MAINTENANCE

Your date of birth

You may tell us your date of birth. Provision of this information is voluntary. We record your date of birth to send you birthday greetings.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

Competitions and surveys

If you participate in one of our surveys, we use your data for market and opinion research. Of course, we only use this data anonymously for statistical purposes. If, in deviation from this, surveys are not carried out anonymously, the personal data will only be collected with your consent.

For example, we conduct customer surveys to determine your satisfaction with us and, for example, to find out your opinion on fashion topics or products. Your participation in customer surveys is, of course, voluntary and we will only invite you to participate if you have agreed to this in advance. In this case, the analysis of the survey results will be pseudonymised instead of anonymised and may still be assigned to you. We will only do this if the analysis purposes require it. This enables us to get to know you better, to create a general profile of your customer group based on the information provided and your preferences, and, for example, to send you information that is better tailored to you. If you take part in a survey, you will be redirected via the participation link to the survey platform of our service provider for customer surveys.

There, your details (geolocation, response times and email address) are processed as part of the customer feedback. Technical data about your end device is only processed to the extent necessary to make the survey technically possible. To prevent multiple participation in a survey, our service provider (e.g. Netigate) sets a cookie.

The legal basis for the processing of your data for the purpose of the invitation as well as for the implementation, creation of the general profile of your customer group and evaluation of the surveys is your consent, which can be revoked at any time, in accordance with Article 6 (1) (a) of the GDPR. If you revoke your consent, we will no longer process your data to conduct customer surveys. Otherwise, we will process your data until your revocation, but for a maximum of 10 years.

In the context of competitions, we use your data for the purpose of conducting the competition and notifying you of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the aforementioned data processing is Article 6 (1) (b) of the GDPR.

NEWSLETTER AND PROMOTIONAL STRATEGY

Newsletter

If you register for our newsletter, we will use the data you provide to send you our newsletter with your express consent. The newsletter contains current information as well as offers from MADELEINE.

We will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of the storage is to send you the newsletters and to be able to verify your registration. You can unsubscribe from the newsletter at any time here. Every newsletter also contains a corresponding unsubscribe link. Naturally, a notification sent using the contact details indicated above or in the newsletter (e.g. by e-mail, phone or letter) will also suffice. In this case, please provide us with the e-mail address to be unsubscribed.

The legal basis for the above-mentioned data processing is Article 6(1) (a) of the GDPR.

For sending the newsletter, we use the service provider Emarsys Interactive Services GmbH ("Emarsys"), Stralauer Platz 34, 10243 Berlin. Information can be found below under "Information on the use of cookies and comparable technologies" and there under "Emarsys / Scarab".

Object to data collection by Emarsys.

The legal basis for the aforementioned data processing is Article 6 (1) f) GDPR, based on our aforementioned legitimate interest.
If you do not want the analysis of usage behaviour, you can unsubscribe from the newsletter (see above) or deactivate graphics in your e-mail program by default. For more information, see the instructions for Microsoft Outlook and Mozilla Thunderbird. We want to use our newsletter to share content that is as relevant as possible for our customers and to better understand what the readers are actually interested in.

New customer acquisition and marketing existing customers

We augment our customer data with information that we receive from companies selected for acquisition of new customers. The information we receive are only so-called score values from which we can draw no conclusions concerning natural persons. These are calculated from characteristics of consumer behaviour, mail order information, information on the respective housing situation and micro-geographical data. They originate, for example, from household surveys on consumption and lifestyle topics as well as from house valuations. This information helps us distinguish active customers from inactive customers, activate inactive customers, determine the probability that existing customers might be interested in certain products and strengthen customer relationships.

If we haven’t collected your data directly from you, you may find out more information about the source of the data by calling our customer services team at 0333 400 0 400. We will then use the postal address section of the respective catalogue to determine the source of your data.

The legal basis for the aforementioned data processing is Article (6) (1) (f) of the GDPR, based on our above-mentioned legitimate interest.

Third-party marketing purposes

We transmit generally published data such as surname, first name, address, date of birth and purchase data for our own and third-party marketing purposes on the basis of legitimate interests to retailers, mail-order companies with an interesting product range and cooperative databases, such as Epsilon Abacus and Experian Limited based on Article 6 (1) (f) of the GDPR.

We will share your data with Experian Limited, Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ, who will use it to create products and services to help organisations better understand the likely characteristics of their customers; communicate with them more effectively; and find others like them across a range of marketing channels. This may mean that you receive advertising that is more relevant to you via direct mail. For more information have a look at www.experian.co.uk/privacy

We work with Epsilon International UK Ltd, a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy. (Please note that Epsilon Abacus may transfer your data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.) For more information have a look at: emea.epsilon.com/privacy-policy

If you would like more information, please call us on 0333 400 0 400, email us at service@madeleine.co.uk or write to us at the address below: MADELEINE Fashion Ltd, Woodview Road, Paignton, Devon, TQ4 7SR.

The legal basis for the above-mentioned data processing is Article (6)(1)(f) of the GDPR.

Advertising partners

We receive information from selected operators of online advertising networks such as Google or Facebook and data providers who carry out advertising for or together with us (subsequently referred to as "advertising partners").

The information we receive from advertising partners is information and statistics about demographics (such as age, gender, region, etc.), device and access data, and our users’ interests. This information can help us better understand our users, for example in the context of customer structure analyses and user segmentation. We only receive aggregated, encrypted or anonymous data and we cannot assign the data to any particular person, in particular any particular user.

The legal basis for the above-mentioned data processing is Article (6)(1)(a) of the GDPR, based on our above-mentioned legitimate interests.

VISITING THIS WEBSITE

Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:

IP address of the requesting terminal;
Date and time of the request;
Address of the web page called up and the requesting web page;
Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)

The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits (e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.

The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.

Information on the use of cookies and comparable technologies

In order to be able to implement certain technically necessary functions of our website, to be able to trace the use of our offers and to be able to provide content adapted to your wishes for the constant optimisation of the websites, MADELEINE uses cookies. Cookies are small text files that are stored on your hard disk by a website. Cookies do not cause any damage to your computer, they cannot execute programs and cannot contain viruses. Instead of cookies, so-called tracking pixels or comparable common technologies can also be used, which serve to (temporarily) store information on specific users or usage processes (collectively referred to as "cookies" in the following). You can prevent the storage of cookies on your computer at any time by changing the settings of your browser (please use the settings or the help function of your browser). The function of our website may then be restricted under certain circumstances. MADELEINE uses cookies for various purposes. The individual cookies are listed below:

Technically required cookies

The main purpose of these cookies is to enable you to use the functions of the site, e.g. to store form data (e.g. in the frame of the contact form) or to control the display of information (e.g. the cookie banner). The legal basis for data processing in connection with the technically required cookies is Art. 6 para. 1 f) GDPR, based on our legitimate interest in enabling you to use our website conveniently and individually and to make use of it as time-saving as possible. In certain cases, these cookies may also be required for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case processing is carried out in accordance with Art. 6 para. 1 p. 1 b) GDPR. It is not possible to deactivate these technically required cookies.

Partner	Domain	Cookie-Name	Purpose	Running time
MADELEINE	madeleine.co.uk	uac	Old cookie banner - is still set, but no function	1 year
MADELEINE	madeleine.co.uk	mmdtm_extemc	This cookie determines who was the visitor's last campaign contact.	After the session
MADELEINE	madeleine.co.uk	WKQJEkjlawieIQWEOlkasjP	This cookie controls the behaviour of the wishlist.	5 days
MADELEINE	madeleine.co.uk	bZB9zAfQulixfnFK7V3n4S0_	This cookie is set to identify a current session.	After the session
MADELEINE	madeleine.co.uk	JSESSIONID	This cookie is set to identify a current session.	After the session
MADELEINE	madeleine.co.uk	madeleine-uk-cart	Used to save the shopping cart per visitor.	5 months
MADELEINE	madeleine.co.uk	madeleine-uk-wishlist	Used to save the shopping cart per visitor.	5 months
MADELEINE	madeleine.co.uk	Hkmc2	Used to determine the marketing activity that brought a visitor to the shop.	30 days
Picalike	madeleine.co.uk	picalikeSessionId	Is used to display similar articles and to optimise the offer	After the session
Webtrekk	madeleine.co.uk	WT_SaisonVisitor	Cookie to identify the number of visitors within a season.	5 months
Webtrekk	madeleine.co.uk	WT_GJVisitor	Cookie to identify the number of visitors within a business year.	8 months
Webtrekk	madeleine.co.uk	wt_rla	This cookie determines the number of requests that can still be sent.	2 months
Webtrekk	madeleine.co.uk	wt_nv	This cookie stores the information whether the visitor is new or returning.	6 months
Webtrekk	madeleine.co.uk	wt_mcp_sid	This cookie assigns an internal session ID from Marketing Automation.	30 minutes
Webtrekk	madeleine.co.uk	wt_geid	This cookie is used to save information about the device. The cookie only contains information for 3rd party cookies (used for real-time advertising), otherwise it is empty.	After the session

Comfort Cookies

Further cookies serve to make the website and the MADELEINE offer more comfort for you. These cookies enable us to provide you with personalised content and product recommendations, as well as to evaluate your purchase. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the comfort cookies is your consent (Article (6) (1) (a) of the GDPR).

In the event that personal data is transferred to the USA, we will obtain your express consent in accordance with Art. 49 para. 1 sentence 1 a) GDPR via the cookie banner for this data transfer. You will find the associated risks below under "Data transmission to third countries".

You can revoke your consent by calling up the cookie settings and changing the corresponding selection there. You can also access the cookie settings from any page of this website via the footer.

Partner	Domain	Cookie-Name	Purpose	Running time
Survey Monkey	surveymonkey.de	__hstc	Visitor tracking cookie.	13 months
Survey Monkey	surveymonkey.de	cdp_seg	This cookie helps track visitor behaviour for segmentation.	90 days
Survey Monkey	surveymonkey.de	hubspotutk	This cookie is set to track the identity of a visitor. It is passed to HubSpot when the form is submitted and used when deduplicating contacts.	13 months
Survey Monkey	surveymonkey.de	_hjid	This cookie is set when the visitor lands on a page with the Hotjar script. It is used to keep the Hojar Usier ID which is unique to this page in the browser. This ensures that frequent visits to the same page will associate the behaviour with the same user ID.	1 year
Survey Monkey	surveymonkey.de	gdpr_consent	This cookie is set when the visitor has given his consent to the setting of cookies.	1 year

Marketing cookies

We also use cookies for advertising and marketing purposes to enable personalised advertising and to display advertising content on external websites (e.g. Google or Facebook) for our products and offers that you have been interested in on our website or that match content that we think you might find interesting. Also general information about possible interests of users of our website and other interested parties, collected by third parties on other websites, are used in the context of personalised advertising of our content (so-called re-targeting). The information is stored as cookie identifiers. You will not be identified as a person, but the recognition is based solely on the terminal devices you use. If the cookies are deleted, the personalisation of the advertising content is also omitted. We only use these cookies if you agree to this use. The legal basis for the data processing in connection with the marketing cookies is your consent (Article (6) (1) (a) of the GDPR).

In the event that personal data is transferred to the USA, we obtain your express consent for this data transfer via the cookie banner in accordance with Art. 49 para. 1 a) GDPR. You will find the associated risks below under "Data transmission to third countries".

You can revoke your consent by calling up the cookie settings and changing the relevant selection there. You can also access the cookie settings from any page of this website via the footer.

Please note that some pages of our website may contain cookies that are not directly related to MADELEINE. If you visit a page with content embedded by third parties, these third parties may have set their own cookies. MADELEINE has no influence on the use of these cookies and cannot access them because of the way cookies work, as cookies can only be accessed by the person who originally set them. For further information, please refer to the websites of the third party concerned.

Partner	Domain	Cookie-Name	Purpose	Running time
Bing Remarketing Conversion	bing.com	_uetsid	This cookie is set by Bing in order to assign a unique session ID to a visit.	1 day
Bing Remarketing Conversion	bing.com	_uetvid	This cookie is set by Bing in order to assign a unique session ID to a visit.	3 weeks
Bing Remarketing Conversion	bing.com	MUID	This cookie is set by Bing, and we use Bing technologies to display personalised advertising. The use of these technologies enables Microsoft and its partner websites to display advertisements based on previous visits to our or other websites on the Internet.	1 year
Epsilon Intl UK Ltd	dotomi.com	DotomiSync	This cookie is set to limit the RTB synchronization frequency.	1 year
Epsilon Intl UK Ltd	dotomi.com	DotomiUser	Epsilon Intl UK Ltd tracking cookie. Manages, among other things, the cookie level profile and retargeting	13 months
Epsilon Intl UK Ltd	dotomi.com	DotomiSession_3256	This cookie helps to assign a session ID	After the session
Epsilon Intl UK Ltd	dotomi.com	DotomiTest	Epsilon Intl UK Ltd tracking cookie. The cookie is set to check whether the browser accepts 3rd party cookies.	1 day
Criteo	criteo.com	criteo_localstorage_check	Cookie used to check whether Criteo can store cookies.	Deleted after writing
Criteo	criteo.com	criteo_write_test	Cookie used to check whether Criteo can store cookies.	Deleted after writing
Criteo	criteo.com	cto_tld_test	Cookie used to check whether Criteo can store cookies.	Deleted after writing
Criteo	criteo.com	criteo_cookie_perm	This cookie helps Criteo to manage the tracking solution.	1 year
Criteo	criteo.com	cto_bundle	This cookie helps Criteo to manage the tracking solution.	13 months
Criteo	criteo.com	cto_clc	This cookie helps Criteo to manage the tracking solution.	13 months iOS ≥ 11.2, 24 hours otherwise.
Criteo	criteo.com	r.ack	This cookie helps Criteo to manage the tracking solution.	1 hour
Criteo	criteo.com	cto_bundle	This cookie helps Criteo to manage the tracking solution.	13 months
Criteo	criteo.com	eid	External ID used for selling over the Criteo network.	6 months
Criteo	criteo.com	cto_axid	Helps to share the Criteo Shopper Graph with the website operator	390 days
Criteo	criteo.com	cto_pxsig	Helps to share the Criteo Shopper Graph with the website operator	1 hour
Criteo	criteo.com	cto_optout	With this cookie, Criteo can identify the deactivated users.	5 years
Criteo	criteo.com	opt	Opt out for individual advertisers, publishers or temporarily.	1 year
Criteo	criteo.com	optout	Optout cookie. Allows the user to opt out of Criteo.	5 years
Criteo	criteo.com	zdi	Passback loop detection. It is counted how often the user gets to a certain zone / publisher.	6 months
Criteo	criteo.com	uid	User ID in the Criteo network.	1 year
DoubleClick Floodlight	doubleclick.net	IDE	Is used to display adlicious personalised advertising via our service provider.	1 year
DoubleClick Floodlight	doubleclick.net	RUL	Used by DoubleClick to determine if the website advertisement was properly displayed. This is done to make the marketing efforts more efficient.	1 year
emarsys	emarsys.com	scarab.visitor	This cookie records the visitor ID, which identifies the visitor during the sessions.	1 year
emarsys	emarsys.com	scarab.profile	This cookie collects information about the user profile, products that were searched for, etc. It also collects performance metrics of our scripts - how quickly they load and run, etc.	1 year
emarsys	emarsys.com	scarab.mayAdd	Session cookies that we use to track click behaviour and the items that are placed in the shopping cart.	After the session
emarsys	emarsys.com	scarab.mayViewed	Session cookies that we use to track click behaviour and the items that are placed in the shopping cart.	After the session
Facebook	facebook.com	_fbp	This cookie identifies browsers in order to provide analysis services for advertising and websites	90 days
Facebook	facebook.com	_fbc	They serve the same purposes as cookies that are set in Facebook's own domain, namely personalising content (including advertisements), measuring advertisements, creating analysis and providing a safer experience	not specified
Facebook	facebook.com	dpr	This cookie is set in order to provide the best possible user experience, taking into account the screen size of the device used.	7 days
Facebook	facebook.com	wd	This cookie is set in order to provide the best possible user experience, taking into account the screen size of the device used.	7days
Facebook	facebook.com	c_user	Is used to verify your account and to determine when you are logged in so that we can make it easier for you to access the Facebook products and provide you with the right user experience and suitable functions	1 year
Facebook	facebook.com	xs	Is used to verify your account and to determine when you are logged in so that we can make it easier for you to access the Facebook products and provide you with the right user experience and suitable functions	365 days
Facebook	facebook.com	dbin	Used to keep your account, data and Facebook products safe	not specified
Facebook	facebook.com	sb	Used to keep your account, data and Facebook products safe	not specified
Facebook	facebook.com	oo	Used to help you unsubscribe from seeing ads from Facebook based on your activity on third party websites	5 years
Facebook	facebook.com	fr	Used by Facebook to display a range of advertising products, such as real-time bids from third party advertisers.	90 days
Facebook	facebook.com	csrf	To combat activities that violate our policies or otherwise impair our ability to deliver the Facebook products	not specified
Google	google.com	_ga	Analysis cookie from Google Analytics to distinguish users which is used to collect data on the number of visits and the user journey.	2 years
Google	google.com and local variations, e.g. google.de	ANID	Used to facilitate the selection and delivery of advertisements, including: Limiting the number of times an advert is shown to a user. Advertising mute, advertising metering and personalised advertising	13 months
Google	google.com	_gid	This cookie is used to distinguish visitors.	1 day
Google	google.com	1P_JAR	Detects whether the browser can accept 3rd party cookies by setting the time stamp for the analysis	30 days
Google	google.com/ads google.com/ads/measurement googleadservices.com	AID	Used for cross-device measurement of advertising campaigns when users are logged in.	13 months
Google	google.com/ads google.com/ads/measurement googleadservices.com	TAID	Used for cross-device measurement of advertising campaigns when users are logged in.	14 days
Google	Set on 1st party property by Google	_gcl_aw	Used to measure clicks and the performance of advertising campaigns	90 days
Google	google.com	NID	Is used to remember logged out users and for the following purposes: to prevent fraud and abuse, to display advertisements, for personalised advertising, advertising measurement, User preferences, product improvements and analysis	6 months
Google	google.com	_gcl_au	Is used to measure success via Google.	90 days
Stylight	stats-bq.stylight.net	Uuid	Assigns a unique user ID that allows Stylight to measure the success of advertising campaigns.	28 Days

Information on the individual cookies:

Bing Remarketing / Bing Conversion

We use Bing's technologies to display personalized advertising. Use of these technologies enables Microsoft and its partner sites to serve ads based on previous visits to our or other sites on the Internet.
Category: Marketing
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
For more information, see the Microsoft privacy statement: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy

Criteo OneTag

We use Criteo to display personalised advertising on partner websites, in apps and emails. Retargeting technologies use cookies or ad IDs and display ads based on your past browsing behaviour. We may use information such as technical share identifiers from your registration information on our website or CRM system with trusted advertising partners. This allows us to link your devices and/or environments and provide you with a seamless user experience with the devices and environments you use Category: Marketing Provider: Criteo SA, 32 Rue Blanche, 75009 Paris, France For more information, please refer to Criteo's privacy policy: https://www.criteo.com/privacy/

Emarsys / Scarab

We use Emarsys for sending the newsletter. We use commercially available technologies in our newsletter to measure interactions with the newsletter (e.g. opening of the email, links clicked on). We use this data in a pseudonymous form for general statistical evaluations, for the optimisation and further development of our content, for customer communication and for the delivery of personalised advertising. This is done by means of small graphics embedded in the messages (so-called pixels).
Furthermore, we use "Webextend" as an analysis technology from Emarsys to make advertising and newsletters appealing to you and to tailor them to your interests. In particular, this may include products and articles that you have viewed in our offer, as well as information about your computer, your surfing history and the time of your visit to the website. The data that is processed is exclusively pseudonymised. If you enter your e-mail address, the data will be merged with the data from the newsletter tool Emarsys to create suitable and interesting newsletters for you. You can object to this use for personalised advertising at any time. Category: Marketing Provider: Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin Further information can be found in the Emarsys privacy policy: https://www.emarsys.com/de/datenschutzrichtlinie/

Facebook Pixel / Facebook Custom Audience

We use the technologies of Facebook for marketing purposes, so-called remarketing tags. When you visit our website, these tags create a connection between your browser and a Facebook server. Facebook thereby receives the information that our website was called up with your IP address.
Category: Marketing
Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Processed data: Facebook user ID, IP address, browser information, non-confidential custom data, referrer URL, location information
You can find further information in the Facebook privacy policy: https://www.facebook.com/policies/cookies/
Further information on the joint responsibility of Facebook and MADELEINE can be found at
https://www.facebook.com/legal/terms/page_controller_addendum

Google Ads Conversion Tracking

We use Ads Conversion Tracking to record and analyse customer actions defined by us (e.g. clicking on an ad, page views, downloads).
If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website.
You can configure your browser to reject cookies. You can also set your browser to reject cookies in Google's advertising preferences by clicking the disable "Personalised advertising" option. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en

Google Ads Remarketing

We use ads remarketing to display individualised advertising messages for our products on Google's partner websites. If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads, depending on the settings on your Google Account. If you don't want this association with your Google Account, you'll need to sign out of Google before you can visit our website. You can configure your browser to reject cookies. You can also select to disable "Personalised Ads" in Google's advertising preferences. In this case, Google will only display general ads that are not selected based on information collected about you.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: pages visited, IP address, duration of visit
You can find further information in Google's privacy policy: https://policies.google.com/technologies/cookies?hl=en

Google Global Site Tag

We use the Google Site Tag to control and manage the Google tools we use.
Category: Marketing
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: The Google Site Tag does not use cookies and does not collect any personal data.
For more information, please refer to the Google Privacy Notice: https://policies.google.com/technologies/cookies?hl=en

Stylight

Stylight tracking is used to identify a user who has clicked on one of the products listed in Stylight and to attribute a conversion to that user in order to measure the success of the campaign.
Category: Marketing
Provider: Stylight GmbH, Nymphenburger Str. 86, 80636 Munich, Germany. For further information, please see the Stylight privacy policy:
https://about.stylight.com/privacy-policy

reCaptcha

We use Google reCaptcha to prevent automated software (so-called bots) from carrying out abusive activities on our website. This means that it is checked whether the entries made are actually from a human being.
Category: Technically required
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: referrer, IP address, input behaviour (e.g. answering the reCaptcha question, input speed in form fields, order of selection of input fields, browser type, browser plug- ins, browser size and resolution, date, language setting, display instructions).
For more information, please refer to the Performance Media privacy policy: https://www.performance-media.de/datenschutz/

SurveyMonkey

We use the SurveyMonkey tool to survey our customers. Participation in the surveys is voluntary. If you participate, your responses are provided to us only in the form of statistics and are not aggregated with your account. We delete the survey data from SurveyMonkey after the survey has been analysed. Within 90 days, this data will also be permanently deleted from SurveyMonkey's systems.
Category: Comfort
Provider: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland
Processed data: IP address, answers
You can find further information in the picalike privacy policy: https://www.picalike.com/privacy-policy/

Usercentrics Consent Management Platform

We use the Usercentrics tool to display the cookie banner and to store, manage and document your selection of cookies. In connection with Usercentrics, a cookie is used to store your selection of cookie settings for the MADELEINE Website.
Category: Technically required
Provider: Usercentrics GmbH, Sonnenstrasse 23, 80331 Munich
Processed data: Date and time of the visit, device information, browser information, anonymous IP address, opt-in and opt-out data.
Further information can be found in the Usercentrics data protection information: https://usercentrics.com/privacy-policy/

Webtrekk
We use Webtrekk technologies to analyse the use of our website and to optimise offers.
Category: Marketing
Provider: Mapp Digital Germany GmbH, Dachauer Str. 63, 80335 Munich. (formerly Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin)
Data used: Browser type/version, Browser language, Operating system used, Browser window resolution, Javascript activation, Java on/off, Cookies on/off, Referrer URL (the previously visited page), IP address, Time of access, Clicks, Form contents.
Further information can be found in Webtrekk's privacy policy: https://www.webtrekk.com/privacy-notice.html

Personalised Advertising

Epsilon, formerly also known as Conversant

Our website uses the services of Epsilon Intl UK Ltd, formerly also known as Conversant, 2nd floor, 2 Television Centre, 101 Wood Lane, London, England W12 7FR ("Epsilon"). Epsilon collects anonymised statistical information to show you personalised advertising. Third-party cookies are used for this purpose. Further information, as well as the corresponding opt-out possibility to deactivate internet-based advertising provided by Epsilon can be found at: https://www.epsilon.com/emea/privacy-policy.

Furthermore, we will share certain data collected from our dealings with you with Epsilon based on legitimate interest. This data could include name, surname, address, date of birth and purchase details. We share this data with Epsilon so they can serve personalised ads, providing you have not opted-out. Please note that your data may be transferred outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard contractual clauses issued by the EU Commission.

Social Media

Facebook

We operate a fan page on the social network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") in joint responsibility, in order to be able to communicate with interested parties and followers and to inform them about our products and services. For customers from the European Economic Area and Switzerland, Facebook products are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We may receive statistics from Facebook regarding the use of our fan page by Facebook/fan page users which help us to learn about the interactions with our page (e.g. information on the number, names, interactions such as likes or comments, as well as summarised demographics and other information or statistics based on certain parameters about our company and the services offered on our fan page). For more information about the nature and scope of these statistics, please refer to the Facebook Page Statistics Notice and the respective responsibilities in the Facebook Page Insights supplement.

The legal basis for this data processing is Art. 6 para. 1 p. 1 b) GDPR as well as Art. 6 para. 1 p. 1 f) GDPR based on our aforementioned legitimate interest.

We have no influence on data that is processed by Facebook on its own responsibility according to the Facebook terms of use. However, we would like to point out that when you visit the fan page, data about your usage behaviour is transferred from Facebook and the fan page to Facebook. Facebook itself processes the above-mentioned information to create more detailed statistics and for its own market research and advertising purposes, over which we have no influence. You can find more detailed information on this in Facebook's privacy policy.

If we have personal data of users when operating the fan page, users have the rights mentioned in this privacy policy. Should users wish to assert additional rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures upon request if users make use of their rights. We are happy to support users in asserting their rights as far as we are able and forward user requests to Facebook.

Other

We maintain further online presences in social networks to communicate with customers and interested parties and to inform them about our products and services.
User data is generally processed for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers will be stored on the users' computers. On the basis of these user profiles, advertisements are then placed, for example, within social networks but also on third-party websites.
The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR, based on our legitimate interest in effective information of and communication with users. The legal basis for data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The following links will also provide you with further information on the respective data processing and the possibilities of objection.
We would like to point out that data protection requests can be made most efficiently to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.

Twitter

Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). The link to Twitter’s privacy policy can be found here: Twitter’s privacy notices.

Pinterest

Pinterest is operated by Pinterest Inc., 635 High Street, PALO ALTO, CA, USA ("Pinterest"). The link to Pinterest’s privacy policy can be found here: Pinterest’s privacy notices.

Instagram

Instagram is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The link to Instagram's privacy policy can be found here: Instagram's Privacy Policy.

YouTube

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The privacy policy can be found under Privacy Policy: https://policies.google.com/privacy

DATA RECIPIENTS

We will only pass on the data we collect if:

you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
disclosure under Article 6(1)(f) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.

We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).

We transmit your payment data encrypted within the group to TriStyle Mode GmbH for purposes of the group-wide internal control system as well as taxation documentation and disclosure obligations within the scope of the VAT tax group to TriStyle Mode GmbH on the basis of legitimate interest acc. Article 6 (1)(f) of the GDPR.

For the delivery of orders we work together with external shipping service providers (e.g. Royal Mail). These shipping service providers receive the following data from us to execute the respective order:
- your name
- your delivery address
- Your e-mail address, so that the delivery service provider can inform you by e-mail about the expected delivery date and you can choose a different delivery location. You can object to the forwarding of your e-mail address at any time at service@madeleine.co.uk for the future.

The legal basis for this is Art. 6 para. 1 b, f) GDPR, based on our legitimate economic interest.

For economic reasons, we pass on your data to donation organisations. The legal basis for this is Art. 6 para. 1 f) GDPR, based on our legitimate economic interest.

In addition, data may be passed on in connection with official enquiries, court orders and legal proceedings if this is necessary for legal prosecution or enforcement (the legal basis for this data processing is, depending on the individual case, Art. 6 para. 1 c) or f) GDPR).

Transfer of data to countries outside the EEA

As explained in this privacy policy, we use services whose providers are partly located in so-called third party countries (such as the USA), i.e. countries whose data protection level does not correspond to that of the European Union. Insofar as this is the case and the European Commission has not issued an adequate decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your express consent (Art. 49 para. 1 a) GDPR) or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures (Art. 49 para. 1 b) GDPR).
If a transfer to a third country is envisaged and no adequacy finding or suitable guarantees have been provided, it is possible and there is a risk that authorities in the third country in question (e.g. secret services) may gain access to the transferred data in order to record and analyse it and that the enforceability of your data subject rights cannot be guaranteed. You will also be informed of this when you obtain your consent via the cookie banner.

RETENTION PERIOD

In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.
For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.

We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under UK law. The periods specified therein for retention of documents range from two to ten years.

YOUR RIGHTS

You have the following legal data protection rights under the respective legal provisions:

Right to information (Article 15 of the GDPR);
Right of cancellation/erasure/right to be forgotten (Article 17 of the GDPR);
Right to rectification (Article 16 of the GDPR);
Right to restriction of processing (Article 18 of the GDPR);
Right to data portability (Article 20 of the GDPR).

You can contact us at any time using the above-mentioned contact details to assert your rights described here.

You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for the UK is the ICO (https://ico.org.uk/). Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

Right of revocation and the right to object

In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until revocation shall not be affected.

If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest.

Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.

If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.

Data security

We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.

Changes to the privacy policy

We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.

Version: January 2022