Marc Cain GmbH's Data Protection Regulations
1) General
Marc Cain GmbH attaches great importance to the protection of your personal data and to your right to informational self-determination. When you visit the Marc Cain website (www.marc-cain.com) and the online shops which are integrated into it, Marc Cain will only collect, process and use your personal in accordance with the principles describes below and in compliance with the GDPR, the Federal Data Protection Act and the Telemedia Act.
1.1) Personal data
Personal data are details about personal or factual circumstances which can be used to establish a reference to your person. Among these are, for example, your name, date of birth, telephone number as well as your postal and email address. But the IP address, operating system and browser of your end-device are also personal data if they can be assigned to you.
1.2) The responsible body for data processing
Marc Cain GmbH
Marc-Cain-Allee 4
72744 Bodelshausen
Telefon: +49 7471 7090, E-Mail: [email protected]
Contact details of the Data Protection Officer: Address as above: “FAO Data Protection Officer” email: [email protected]
2) Which sources and data about you do we use?
Specifically, we use the following data:
- Personal details (e.g. name, surname and, if applicable, date of birth, title/role/sector)
- Contact information (e.g. address, company, phone number and email)
- Correspondence (e.g. communication with you)
- Advertising and sales data (e.g. products and services such as training in which you are potentially interested)
- If appropriate, video and image captures
- Applicant details
- Credit history data
- Communication data (e.g. IP address of your accessing end device, name and URL of the data files retrieved, date and time of access, quantity of data transferred, etc.)
3) Why are we processing your data (purpose of processing) and what is the legal basis for this?
In the following section, we will inform you about why and on what legal basis we process your data.
3.1) To comply with contractual obligations (Art. 6(1)(b) GDPR)
We process your data to implement our contracts with you, i.e. in particular to fulfil your orders or to carry out pre-contractual steps. The purposes of data processing are governed in detail by the specific product and the contractual documents.
3.2) In the context of balance of interests (Art. 6(1)(f) GDPR)
3.3) Based on your consent (Art. 6(1)(a) GDPR)
If you have given your consent for processing of your personal data, that permission is the legal basis for the processing mentioned there. You can revoke any consent at any time with future effect. This also applies to declarations of consent which you gave to us before the GDPR came into effect, i.e. before 25 May 2018. The revocation only has effect on future processing.
3.4) On the basis of legal requirements (Art. 6(1)c GDPR)
We are subject to a variety of legal obligations i.e. statutory requirements. One of the purposes of data processing is compliance with fiscal inspection and reporting duties.
3.5) Details about the type of processing of your data on our website
3.5.1) Data processing when you visit our website
Our website, or rather our web server, temporarily records every access in a protocol file.
- IP address of the computer making the request
- date and time of access
- name and URL of the accessed file
- quantity of data transferred
- report on whether the retrieval was successful
- identification data of the browser and operating system used
If you send queries to us using the contact form on our website, in order to process and answer them, we need your name, email address, the subject and content of your query (required fields marked with *). The legal basis for this is Art 6(1)(b) of the GDPR. The data processing is necessary to carry out a precontractual step which is done at your request since contact forms are also such precontractual steps.
3.5.3) Information about the use of your personal data for the creation of a customer account
3.5.2) Information about the use of your personal data for accepting and handling an order
3.5.4) Credit check
Marc Cain transmits personal data collected within the scope of this contractual relationship concerning the application, the performance and the termination of this business relationship, as well as data concerning non-contractual or fraudulent behaviour to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich.
The legal basis for this transfer is Article 6 (1) sentence 1 letter b and letter f of the General Data Protection Regulation (GDPR). The exchange of data with CRIF Bürgel GmbH also serves to fulfil legal obligations to carry out creditworthiness checks (Sections 505a and 506 of the German Civil Code).
CRIF Bürgel GmbH processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland, as well as, where applicable, other third countries (insofar as an adequacy decision of the European Commission exists in respect of these) with information on, among other things, the assessment of the creditworthiness of natural persons. Further information on the activities of CRIF Bürgel GmbH can be found in its information sheet or online at www.crifbuergel.de/de/datenschutz.
3.5.5) Use of your personal data to send newsletters
If you have expressly consented to this, Marc Cain will collect and use your personal data, in particular your email address, postal code and your language, to send you newsletters by email. The postal code is used to communicate information about events in your nearest store to you.
Marc Cain uses specialist service providers for this to which the necessary personal data are transmitted. These service providers only process your personal data on behalf of and under instruction from Marc Cain.
The legal basis for processing this data is Article 6 (1) (a) of GDPR. We process this data with your consent. You can revoke the consent you have given at any time and unsubscribe from the newsletter. This can be done via the link which is in every newsletter, by writing to the contact details given in the imprint or by email to [email protected]
We hereby notify you that we evaluate your user behaviour when we send you the newsletter. For this evaluation, the email we send contains what are called web beacons or tracking pixels which presents as a pixel image file which is saved on our website. The communication data and the web beacons are linked to your email address and your individual ID for this evaluation. In this way we can determine whether a newsletter news item has been opened. We can also identify whether and which links in the newsletter have been clicked on. All the links in the email are what is known as tracking links with which your clicks can be counted. This data is only collected in pseudonymised form, so the IDs are not linked with your other personal data. A direct reference to a particular individual is thus precluded. The legal basis for the use of tracking measure is Art. 6(1)(1)(f) of the GDPR which permits processing of personal data in the context of our legitimate interests provided that your fundamental rights and freedoms or interests do not outweigh them. Our legitimate interest is in being able to analyse the use of our email newsletter and regularly improve it.
3.5.7) Data processing for applications and application procedures
4) Who receives my data?
5) How long will my data be stored?
Where necessary, we process your personal data for the duration of the business relationship, which also includes the initiation and performance of a contract. In addition, we are subject to various retention and documentation obligations, which arise from, e.g. the Code of Commercial Law (HGB). The retention periods for the storage of documents stipulated there are between two to ten years. Finally, the storage period is also assessed based on the statutory limitation periods, which in accordance with Sections 195 et seq. of the German Civil Code (BGB), for example, are usually three years, however, they can be up to thirty years in certain cases.
6) Is data transmitted to a third country or to an international organisation?
We transmit data to countries outside the European Economic Area - EEA (third countries) only to the extent that this is required to handle your orders or is prescribed by law or to the extent that you have provided your consent. For transmissions in the context of using tracking and analysis tools as well as social media components, please refer to the declaration on our website ttps://www.marc-cain.com/Cookies-Tracking-Analyse-und-Social-Media/..
7) What are my data protection rights?
Widerspruchsrecht
Right to object If your personal data is processed on the basis of legitimate interests in accordance with Art.6(1)(1)(f) of the GDPR, in accordance with Art.21 GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation, or if your objection is against direct marketing. If the latter is the case, you have a general right to object which shall be addressed by us without a particular situation being stated. You can direct your objection to [email protected] or to our above address.
You can contact us at [email protected] at any time to assert your data subject rights. Furthermore, you have the right to lodge a complaint to a Data Protection Supervisory Authority if you consider that the processing of the personal data concerning you violates Data Protection Law.
8) Do I have an obligation to provide my data?
Within the scope of our business relationship, you are only obliged to provide the personal data required to create, implement and terminate a business relationship or where we have a legal obligation to collect such data. Without this data, we will usually have to decline to conclude the contract or to handle your order, or will no longer be able to implement an existing contract and possibly have to terminate the same.
9) To what extent does automated decision making take place in individual cases?
In general, we do not use automated decision-making to enter into or perform business relationships in accordance with Art. 22 GDPR. If we do use such procedures in individual cases, we will inform you separately about this to the legally required extent.
10) To what extent is my data used for profile formation?
We automatically process your data to some extent with the aim of evaluating certain personal aspects (known as “profiling” according to Art. 4(4) GDPR). For example, we use profiling to establish your potential interest in our products and services. This evaluation is made using statistical procedures using current and past customer data. We use the results to help us address you in a way which is more targeted way and more suited to your requirements.
11) Amendments to this data protection declaration
We reserve the right to amend this data protection declaration in future. This means that you should look at the data protection declaration regularly when you visit our website.