Marc Cain GmbH's Data Protection Regulations
Marc Cain GmbH attaches great importance to the protection of your personal data and to your right to informational self-determination. When you visit the Marc Cain website (www.marc-cain.com) and the online shops which are integrated into it, Marc Cain will only collect, process and use your personal in accordance with the principles describes below and in compliance with the GDPR, the Federal Data Protection Act and the Telemedia Act.
1.1) Personal data
Personal data are details about personal or factual circumstances which can be used to establish a reference to your person. Among these are, for example, your name, date of birth, telephone number as well as your postal and email address. But the IP address, operating system and browser of your end-device are also personal data if they can be assigned to you.
1.2) The responsible body for data processing
Marc Cain GmbH
Telefon: +49 7471 7090, E-Mail: firstname.lastname@example.org
Contact details of the Data Protection Officer: Address as above: “FAO Data Protection Officer” email: email@example.com
2) Which sources and data about you do we use?
We process data that we receive from you about your visit to and your use of the website among others. We receive this data directly from you, e.g. when a sales contract is concluded or a new registration or when you use our website for purely informational purposes.
Specifically, we use the following data:
- Personal details (e.g. name, surname and, if applicable, date of birth, title/role/sector)
- Contact information (e.g. address, company, phone number and email)
- Correspondence (e.g. communication with you)
- Advertising and sales data (e.g. products and services such as training in which you are potentially interested)
- If appropriate, video and image captures
- Applicant details
- Credit history data
- Communication data (e.g. IP address of your accessing end device, name and URL of the data files retrieved, date and time of access, quantity of data transferred, etc.)
3) Why are we processing your data (purpose of processing) and what is the legal basis for this?
In the following section, we will inform you about why and on what legal basis we process your data.
3.1) To comply with contractual obligations (Art. 6(1)(b) GDPR)
We process your data to implement our contracts with you, i.e. in particular to fulfil your orders or to carry out pre-contractual steps. The purposes of data processing are governed in detail by the specific product and the contractual documents.
3.2) In the context of balance of interests (Art. 6(1)(f) GDPR)
We may also use your data on the basis of balance of interests to protect the legitimate interests of ourselves or a third party. This is done for the following purposes:
•for general business management and further development of services and products
•for advertising, market and public opinion research
•to assert legal claims and defend in legal disputes
•to prevent and investigate criminal offences
•to carry out a credit check
•for limited storage of data if deletion is not possible or only possible with disproportionately high costs due to the particular way the data is stored
•to safeguard IT security and IT operation
•for building and facility security (e.g. access controls) insofar as in excess of general due diligence obligations
Our interest in the particular processing results from the particular purpose and is otherwise of a commercial nature (efficient task fulfilment, distribution, avoidance of legal risks). Insofar as the specific purpose permits, we will process your data in a pseudonymised or anonymised way.
3.3) Based on your consent (Art. 6(1)(a) GDPR)
If you have given your consent for processing of your personal data, that permission is the legal basis for the processing mentioned there. You can revoke any consent at any time with future effect. This also applies to declarations of consent which you gave to us before the GDPR came into effect, i.e. before 25 May 2018. The revocation only has effect on future processing.
3.4) On the basis of legal requirements (Art. 6(1)c GDPR)
We are subject to a variety of legal obligations i.e. statutory requirements. One of the purposes of data processing is compliance with fiscal inspection and reporting duties.
3.5) Details about the type of processing of your data on our website
3.5.1) Data processing when you visit our website
Our website, or rather our web server, temporarily records every access in a protocol file.
- IP address of the computer making the request
- date and time of access
- name and URL of the accessed file
- quantity of data transferred
- report on whether the retrieval was successful
- identification data of the browser and operating system used
3.5.2) Contact form
If you send queries to us using the contact form on our website, in order to process and answer them, we need your name, email address, the subject and content of your query (required fields marked with *). The legal basis for this is Art 6(1)(b) of the GDPR. The data processing is necessary to carry out a precontractual step which is done at your request since contact forms are also such precontractual steps.
3.5.3) Information about the use of your personal data for the creation of a customer account
We need your email address and a password to open a customer account for you. You can log into your user account at any time, using your email address and password.
In your user account, you can specify your name, billing and delivery address, phone number and the Marc Cain store near you. As a registered user you gain access to the following functions: overview of your orders, management of your addresses, personal wish-list, delivery to Marc Cain branches, order history, ordering in the Marc Cain online shop (see separate section on this).
Creating a user account expedites transacting your orders with us. Your phone number information is only used to contact you in the event of queries about your order.
The legal basis for this data processing is Art. 6(1)(1)(f) of the GDPR which permits processing of personal data in the context of the “legitimate interests” of the person responsible provided that your fundamental rights and freedoms or interests do not outweigh them. Our legitimate interest is in the easier usability of the functions on our website and improvement in our customer service.
3.5.2) Information about the use of your personal data for accepting and handling an order
Marc Cain uses your personal data which you have specified on our website during the actual purchase procedure, especially your name (first name and surname), address, shipping address, phone number, email address, credit card number, date of birth and your account details, insofar as is necessary to process and bill your order.
Consequently, collection, saving and disclosure is done for the purpose of fulfilling the order and on the basis of Art. 6(1)(1)(b) of the GDPR).
The personal data which are identified as required fields are necessary for realisation of your order. Should this data not be disclosed, it is possible that the order cannot be concluded. Further potential personal data input is voluntary and is used by us in particular for the purpose of being able to address you in a more personal and/or individual manner or perhaps to increase the level of service to you by enabling queries (Art. 6(1)(f) GDPR).
Your payment data will be transmitted to the appropriate payment service provider depending on the means of payment you have selected. Data disclosure is done for the purpose of fulfilling the order and on the basis of Art. 6(1)(1)(b) of the GDPR). The payment service provider bears the responsibility for the payment data.
If you want to pay for your order using Paypal, when you click on “PayPal”, you will come to the website of PayPal S.à r.l, et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg, where you will be requested to input and/or confirm the login and contact data which you have on file at PayPal.
3.5.4) Credit check
Marc Cain transmits certain information which you have given to us in the course of the order process to carefully selected service providers which check your creditworthiness. The data transmitted to these companies includes your first name, surname, postal address and date of birth. These service providers check for the presence of negative marks against your creditworthiness. Independently of this, Marc Cain will also transmit personal data about claims while complying with the existing statutory conditions for this.
3.5.5) Use of your personal data to send newsletters
If you have expressly consented to this, Marc Cain will collect and use your personal data, in particular your email address, postal code and your language, to send you newsletters by email. The postal code is used to communicate information about events in your nearest store to you.
Marc Cain uses specialist service providers for this to which the necessary personal data are transmitted. These service providers only process your personal data on behalf of and under instruction from Marc Cain.
The legal basis for processing this data is Article 6 (1) (a) of GDPR. We process this data with your consent. You can revoke the consent you have given at any time and unsubscribe from the newsletter. This can be done via the link which is in every newsletter, by writing to the contact details given in the imprint or by email to info@marc-cain.
We hereby notify you that we evaluate your user behaviour when we send you the newsletter. For this evaluation, the email we send contains what are called web beacons or tracking pixels which presents as a pixel image file which is saved on our website. The communication data and the web beacons are linked to your email address and your individual ID for this evaluation. In this way we can determine whether a newsletter news item has been opened. We can also identify whether and which links in the newsletter have been clicked on. All the links in the email are what is known as tracking links with which your clicks can be counted. This data is only collected in pseudonymised form, so the IDs are not linked with your other personal data. A direct reference to a particular individual is thus precluded. The legal basis for the use of tracking measure is Art. 6(1)(1)(f) of the GDPR which permits processing of personal data in the context of our legitimate interests provided that your fundamental rights and freedoms or interests do not outweigh them. Our legitimate interest is in being able to analyse the use of our email newsletter and regularly improve it.
3.5.7) Data processing for applications and application procedures
Marc Cain collects and processes the personal data of applicants for the purpose of handling the application process. The processing is carried out electronically. The legal basis for this is Art. 26(1) BDSG [Federal Data Protection Act] and Art. 6(1)(b) GDPR.
If Marc Cain enters into an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If Marc Cain does not enter into an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Another legitimate interest in this sense would be, for example, a burden of proof in legal proceedings under the General Equal Treatment Act (GETA).
4) Who receives my data?
Your data will only be transferred when a legal basis permits it. Within Marc Cain GmbH, your data is received by those departments which require it to meet our contractual and statutory obligations or to fulfil their particular tasks (e.g. Sales and Marketing).
Moreover, the following departments can receive your data:
•processors employed by us (Art. 28 GDPR), in particular in the field of IT service provision, logistics, printing services, finance and collection service providers which receive your data to process for us, subject to our instructions
•payment service providers
•public agencies and institutions (e.g. tax authorities) in the presence of a statutory or official obligation
5) How long will my data be stored?
Where necessary, we process your personal data for the duration of the business relationship, which also includes the initiation and performance of a contract. In addition, we are subject to various retention and documentation obligations, which arise from, e.g. the Code of Commercial Law (HGB). The retention periods for the storage of documents stipulated there are between two to ten years. Finally, the storage period is also assessed based on the statutory limitation periods, which in accordance with Sections 195 et seq. of the German Civil Code (BGB), for example, are usually three years, however, they can be up to thirty years in certain cases.
6) Is data transmitted to a third country or to an international organisation?
We transmit data to countries outside the European Economic Area - EEA (third countries) only to the extent that this is required to handle your orders or is prescribed by law or to the extent that you have provided your consent. For transmissions in the context of using tracking and analysis tools as well as social media components, please refer to the declaration on our website ttps://www.marc-cain.com/Cookies-Tracking-Analyse-und-Social-Media/..
7) What are my data protection rights?
If the statutory conditions according to Art. 15 et seq. of the GDPR are present, you have the following rights (known as Rights of Data Subjects) in regard to the personal data stored by us:
•you can at any time demand information from us about whether and what category of personal data we store about you, to what purpose this data is processed and which recipients or categories of recipients receive these, if applicable. Furthermore, you can enquire about the other information about your personal data listed in Art. 15 GDPR (Right of Access).
•according to the statutory requirements, you also have a right to rectification (Art. 16 GDPR), a right of erasure (Art. 17 GDPR) and a right to restriction of processing (blocking) (Art. 18 GDPR) of your personal data.
•according to Art. 20 of the GDPR, you also have the right to receive the personal data concerning you which you have provided to us from us in a commonly used and machine-readable format; you can also transmit this personal data to other controllers or have it transmitted (Right of Data Portability).
•you are also entitled to revoke the consents you have given at any time.
Right to object If your personal data is processed on the basis of legitimate interests in accordance with Art.6(1)(1)(f) of the GDPR, in accordance with Art.21 GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation, or if your objection is against direct marketing. If the latter is the case, you have a general right to object which shall be addressed by us without a particular situation being stated. You can direct your objection to firstname.lastname@example.org or to our above address.
You can contact us at email@example.com at any time to assert your data subject rights. Furthermore, you have the right to lodge a complaint to a Data Protection Supervisory Authority if you consider that the processing of the personal data concerning you violates Data Protection Law.
8) Do I have an obligation to provide my data?
Within the scope of our business relationship, you are only obliged to provide the personal data required to create, implement and terminate a business relationship or where we have a legal obligation to collect such data. Without this data, we will usually have to decline to conclude the contract or to handle your order, or will no longer be able to implement an existing contract and possibly have to terminate the same.
9) To what extent does automated decision making take place in individual cases?
In general, we do not use automated decision-making to enter into or perform business relationships in accordance with Art. 22 GDPR. If we do use such procedures in individual cases, we will inform you separately about this to the legally required extent.
10) To what extent is my data used for profile formation?
We automatically process your data to some extent with the aim of evaluating certain personal aspects (known as “profiling” according to Art. 4(4) GDPR). For example, we use profiling to establish your potential interest in our products and services. This evaluation is made using statistical procedures using current and past customer data. We use the results to help us address you in a way which is more targeted way and more suited to your requirements.
11) Amendments to this data protection declaration
We reserve the right to amend this data protection declaration in future. This means that you should look at the data protection declaration regularly when you visit our website.