1) General Information

Marc Cain GmbH takes the protection of your personal data and your right to protection of these data very seriously. When you visit the Marc Cain website (www.marc-cain.com) and/or the online shop on the website, Marc Cain will only collect, process and use your personal data in accordance with the principles set out below and in compliance with legal data protection regulations, especially the General Data Protection Regulations (hereinafter: “GDPR”), the Bundesdatenschutzgesetz (German Federal Data Protection Act) and the Telemediengesetz (German Telemedia Act).

The purpose of this privacy notice is to inform you, our existing and potential clients and applicants of how we process your personal data and of what your rights are. Where necessary, this notice will be updated and published on www.marc-cain.com. On that website, you can also find additional information on cookies, web analysis tools and social media.

1.1) Personal data

“Personal data” is defined in Art. 4 (1) GDPR. “Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This includes your name, date of birth, phone number as well as postal and e-mail addresses. But personal data can also be your IP address, the operating system or the browser of your end device, if these data can be used to identify you.

1.2) Data controller

Marc Cain GmbH
Marc-Cain-Allee 4
D-72744 Bodelshausen
Phone: +49 7471 7090
E-mail: [email protected]
www.marc-cain.com

Contact information for the data controller: 

Address as above: “c/o Data Controller”, e-mail: [email protected]

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. 


2) Processing personal data as well as forms and purpose of use

Our website contains a range of features that you can use in a variety of ways. Depending on how you contact us and which features you use, we will process different personal data collected from different sources.

Much of the data we process are entered by you when you use our features or contact us, for example when you register for our website and provide your e-mail or postal address in the process. We also receive technical information and access data that we collect automatically when you visit our website. Such data can include information on what kind of device you are using. Some data we collect through own data analyses (e.g. as part of marketing surveys and click-and-link profiling). We also receive your personal data from third parties, including credit agencies and payment service providers.

Please find below information on the various ways in which we process your personal data as well as on forms and purposes of processing.

2.1) Data processing when you visit our website

When you visit our website www.marc-cain.com, the browser you use on your end device will automatically send information to the server of our website. This information is stored temporarily in a so-called log file. The following information is collected without you doing anything and will be saved until it is deleted automatically:

  • IP address of the accessing device;
  • Date and time of your access request;
  • Name and URL of the accessed file;
  • Website from which you access our website (referrer URL);
  • Amount of data transmitted;
  • Operating system of your device;
  • Type and version of your browser, name of your access provider.

We process the information listed above for the following purposes:

  • Ensuring smooth access to the website;
  • Ensuring comfortable use of our website;
  • Analysis of system security and stability;
  • Administrative purposes;
  • Analyses of user behaviour and aligning our content accordingly.

This information is saved for no more than 14 days and then deleted automatically. 

The legal basis for processing the information in the server logfiles is Art. 6 (1) first sentence f) GDPR that permits a processing of personal data for our “legitimate interest”, provided that your basic rights and freedoms or interests do not take precedence. Our legitimate interest is the easy and secure administration of our website and the measurement, analysis and improvement of our website.

We also use cookies, tracking and analysis tools as well as social media plug ins on our website. You can find further details in our information notice on cookies, tracking and analysis tools as well as social media under https://www.marc-cain.com/Cookies-Tracking-Analyse-und-Social-Media/

We offer our website through the web hosting service provider ScaleCommerce GmbH, Fraunhoferstraße 23A, 10587 Berlin, Germany. The personal data collected on this website are stored on the servers of this web hosting provider. Such data in particular includes IP addresses, contact requests, meta and communication data, contract information, contact data, names, website access information and other data generated by a website. It is in our legitimate interest in terms of Art. 6 (1) f) GDPR to commission a web hosting service. 

We have also concluded a data processing contract with ScaleCommerce in which the web hosting provider guarantees to process personal data in accordance with the GDPR and as per our instructions and, especially, to not disclose this data to third parties.  

2.2) Contact form

We offer you the option to use a contact form to contact us. When using this form to send us your enquiries, we will need your name, e-mail address, subject and content of your message (mandatory fields marked with an *) to be able to replay to your enquiry. Any further information, such as your postal address or your phone number, is not collected, unless you provide this information voluntarily.

We will only use the information submitted with the contact form to process your enquiry. 

You can only submit your query with the contact form when you have agreed to and accepted this Privacy Notice by opting in.

The information you submit to us will not be shared with third parties.

The legal basis is, on the one hand, your consent in terms of Art. 6 (1) sentence 1 a) GDPR and, on the other hand, Art. 6 (1) sentence 1 f) GDPR. Processing your enquiry in due form is a legitimate interest in the sense of the GDPR. If you contact us in connection with a contract you concluded with us, the legal basis for data processing is Art. 6 (1) sentence 1 b) GDPR or in other words, that contract. 

You can withdraw your consent to the processing of data for the above purpose free of charge by sending a brief message to this effect to [email protected]. Such withdrawal of consent will not affect the lawfulness of any data processing during the time before you withdrew consent. 

Please note, however, that we will no longer be able to process your enquiry as soon as you withdraw consent. If you do not withdraw consent, your data will be deleted after your enquiry ticket was closed. 

2.3) Contact via e-mail, phone, fax or social media platforms

If you contact us via e-mail, phone, fax or social media platforms and require information regarding your order or customer status, we might need you to provide us with personal details such as name, address, company name and e-mail address and, where available, order or invoice number to process your enquiry properly. This information will only be used for verification purposes, to process your enquiry and to deal with any follow-up queries. The information you submit to us will not be shared with third parties.

This means that the data you submit to us will be exclusively processed for pre-contractual measures in terms of Art. 6 (1) sentence 1 b) GDPR. 

We will save the information provided by you until your case is closed, at which point it will be deleted automatically. Apart from the above, we will continue to save your data in accordance with contractual provisions or based on your consent. 

Please note in this regard that any transmission of data via the Internet (e.g. communication by e-mail) is open to potential security breaches. It is not possible to provide absolute protection against access by third parties. 

2.4) Information on us using your personal data when you create a customer account

We will only need your 

  • e-mail address and 
  • a password as mandatory information if you wish to create a customer account. 

You can add voluntary information (such as name, billing and delivery address, date of birth, phone number and your local Marc Cain store), but none of this information is mandatory.

We process this data to:

  • identify you as one of our customers;
  • allow you to log into your customer account; and
  • for other administrative purposes.

You can log into your customer account with your e-mail address and password at any time. Please treat your personal log in information as confidential; especially, do not give this information to unauthorised third parties. We cannot accept liability for misuse of passwords. Please note that you will remain logged into your account when you close our website unless you actively log out. 

Once the customer account was created, you do not need to enter the information again.

By registering as a user, you will have access to the following: Overview over your orders, managing your address details, personal wish list, delivery to Marc Cain store, order history, ordering from the Marc Cain online shop.

You can choose if you want to create a customer account; this is based your consent in terms of Art. 6 (1) sentence 1 a) GDPR. 

Customer master data saved in your customer account with your consent in terms of Art. 6 (1) sentence 1 a) GDPR will be stored for future orders until you revoke consent. To revoke consent, please e-mail mailto:[email protected][email protected].

If you revoke consent, we will only save the necessary details about your order if needed to fulfil a contract based on Art. 6 (1) sentence 1 b) GDPR or if and when we are obliged under Art. 6 (1) c) GDPR to save such information for longer due retention and documentation obligations under tax and commercial law.

2.5) Information on us using your personal data when you place and we complete an order

We will process the following mandatory information when you place an order in the Marc Cain online shop on our website or by phone via our hotline, be it as a guest or as a registered customer:

  • Your name (first name and surname); 
  • Your address and delivery address;
  • Your e-mail address as mandatory information; and
  • any other information you choose to provide, such as your phone number (mandatory when ordering by phone?) or your date of birth

We will also save the order number as well as date and time at which you placed the order.

Any personal details marked as mandatory are required to process your order. If you do not submit this information, it might be that we cannot conclude the contract with you. Any other personal details are entered voluntarily and we will mostly use these to address you personally or in a more customised manner or to improve your service experience, for example through feedback requests (Art. 6 (1) f) GDPR). 

In order to ensure that our customers receive the best possible service, we will disclose the details to other companies within the framework of the law, but only for contract performance and only to the necessary extent; such companies can be companies responsible for delivering the goods or the credit institute handling the payment. We will ensure that your details are only processed in accordance with our instructions.

We use the services of payment service providers so that you can pay for your order. These are listed below:

  • Adyen N.V., Simon Carmiggeltstraat 6–50, 1011 DJ Amsterdam, the Netherlands
  • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, Luxembourg
  • Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
  • iDeal: Currence Holding B.V., Beethovenstraat 300 Amsterdam, 1077, the Netherlands.

We usually have our goods delivered by DHL Vertriebs GmbH, Charles-de-Gaulle-Straße 20, 52113 Bonn, Germany.

We sometimes conduct a credit check in individual cases, usually via CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany.

Please see section 3) Disclosure of personal data to third parties for more information.

Your data will not be disclosed to any other third parties, including for advertisement purposes, without your express permission. 

Data processing is based on Art. 6 (1) sentence 1 b) GDPR that permits the processing of data to fulfil a contract or to complete pre-contractual measures. 

Unless we use your contact details for advertisement purposes (see sections 2.6) and 2.7) below), we will save the details we collected to fulfil the contract until the end of any legal or contractual warranties and guarantees. Once these have expired, we will store the contract information that is required under commercial and tax law in blocked form for the periods specified by law based on Art. 6 (1) c) GDPR. During this period (usually six or ten years after the end of the year in which the contract was concluded), we will only process the data in the event of a review by the financial administration authority.

2.6) Use of your personal data for sending newsletters

If you have expressly agreed to receive future newsletters from us and have accepted this privacy policy, we will use your e-mail address, your postcode, and your language to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. The postcode is used to send you information about events in your nearest store.

Newsletter dispatch with Mapp: We use Mapp Engage to send newsletters. The provider is Mapp Digital Germany GmbH, Sandstr. 3, D-80335 Munich/Germany. Mapp is a service that can be used to organise and analyse the sending of newsletters, among other things. This service provider processes your personal data only on our behalf and on our instructions. For this purpose, we have concluded an order data processing contract with the service provider, in which it undertakes to process the personal data on our behalf in accordance with the GDPR and, in particular, not to pass it on to third parties.

Newsletter dispatch with Inxmail: We use Inxmail to send newsletters. The provider is Dymatrix Consulting Group GmbH, Lautenschlagerstr. 17, D-70137 Stuttgart/Germany. Inxmail is a service that can be used to organize and analyze the sending of newsletters, among other things. This service provider processes your personal data only on our behalf and on our instructions. For this purpose, we have concluded an order data processing contract with the service provider, in which it undertakes to process the personal data on our behalf in accordance with the GDPR and, in particular, not to pass it on to third parties.

The data you enter for the purpose of subscribing to the newsletter are stored on Inxmail's servers in Germany. If you do not consent to Inxmail analyzing your data, you must unsubscribe from the newsletter.

The processing of your electronic contact data is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. All you need to do is unsubscribe via a link at the end of each newsletter. You can also unsubscribe from the newsletter directly on the website or write to this email address: [email protected]. After unsubscribing, your e-mail address will be deleted from the newsletter mailing list, and you will no longer receive newsletters from us. Data stored by us for other purposes remains unaffected by this.

Data analysis by Inxmail: With the help of Inxmail, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. The recipient responses are also stored and analyzed on INXMAIL's servers in Germany.

Double opt-in and logging

Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering and accepting this privacy policy, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. You will only be added to our newsletter mailing list once you have clicked the "Confirm" button.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as your IP address. The legal basis for this storage is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

This information and your e-mail address will only be stored for the purpose of sending the newsletter and logging the registration process and will be used for advertising purposes by e-mail until you cancel your subscription. This data will not be used for any other purpose or passed on to third parties.

After revocation, we will store your consent data for a reasonable period of time in a blocked form in order to be able to fulfill our obligation to provide evidence and proof in the event of a request for information. The legal basis for this further storage is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.

2.8) Using the live video help system

On our website, you have the opportunity to put any of your questions about our products or processes directly and in person to one of our employees. You can use this function by clicking on the “chat” button at the bottom of the website and selecting “start call”. No video of you will be transmitted during calls, meaning that no data will be collected or saved in this context. Only your name as entered into the chat window and chat messages will be stored as data and for the chat log. The chat and the name you entered in the chat window will only be saved in the so-called RAM (Random-Access Memory) and will be deleted immediately once we or you close the chat conversation head, but by no later than 2 hours after the last message was sent in the chat. We use cookies to operate the chat function. Please see our separate notice on cookies to find out what cookies are and how you can accept or object to these. If you choose to deactivate all cookies, it may be that the website will no longer run the chat function.

Where the data collected in this context can be used to identify a person, they are processed based on our legitimate interest in terms of Art. 6 (1) sentence 1 f) GDPR to offer an effective customer service and to conduct statistical analyses of user behaviour for optimisation purposes.

2.9) Data processing of applications in the hiring process

The information below gives you an overview over how we process your personal information when you apply for a job at Marc Cain.

We process the following data or categories of data when hiring:

  • Applicant master data (first name, surname, title, e-mail address, phone number, address, date of birth, nationality)
  • Qualification information (cover letter, motivation letter, CV, employment history, professional qualifications and skills)
  • Voluntary information, such as a photo of the applicant
  • Additional information depending on the job opening, such as a driver’s licence
  • Communication between you and us in connection with your application
  • Any other publicly available job-related information

We process your data to select personnel to fill vacancies, i.e. to initiate employment.

The legal basis for processing is sec. 26 (1) Federal Data Protection Act. If you have granted us your voluntary permission to process certain data, this consent in terms of Art. 6 (1) sentence 1 a) will be the legal basis for data processing.

In some cases, we process your data to safeguard our legitimate interests, such as asserting, exercising or defending legal claims in connection with the application.

Your data will mainly be processed by our internal Human Resources department.

We use the external service provider Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria, who operates the e-recruiting system Prescreen under the domain name *.jobbase.io where companies post job openings and receive and manage applications. Jobbase.io is the central platform for our applications management. When you use our online form, your personal data will be directly saved by *.jobbase.io. Applications received by post or e-mail will also be entered into the e-recruiting system. 

You can access, edit or update the information you entered into your online application at any time.

If you do not make any changes to your candidate profile, for example completing an open application, starting a new application or editing the information for a current application, your data will be deleted six months after the end of your last active application process.

You can request deletion of your applicant profile and your application documents at any time by e-mail to [email protected]. Once the request for deletion is received, you will be told when exactly the information will be deleted and your data will be deleted automatically according to specific conditions. 

In this role, Prescreen will only process personal data by order of Marc Cain as our contract data processor in terms of Art. 4 no. 8 GDPR.

You can find more information and the privacy policy of Prescreen under (link).

We will save your personal data for as long as we need to when deciding on your application, unless you request deletion before such time. 

If we do not offer you employment, we will usually store your details for six months after completion of the application process where this is necessary to defend any legal claims that are asserted.

If you have applied for multiple roles, your documents will be deleted automatically six months after you have been sent the refusal for your last open application. We will notify you by e-mail that your files have been deleted. 

If we offer you employment, we will store both your application and all information necessary for your employment until you stop working for us. 

There is no legal obligation for you to disclose your personal data, but this is necessary for the application process.

2.10) Customer Data Platform

The Customer Data Platform is used to collect and analyse customer information from various sources with the aim of improving customer relationships. We also use the service to provide you with personalised content and product recommendations on our website, by email or in print. Your data is pseudonymised within customer segments. No conclusions are drawn about individual persons. The provider of this technology is Dymatrix Consulting Group GmbH, Lautenschlagerstr. 17, D-70137 Stuttgart/Germany. Data processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR), for the fulfilment of a contract (Art. 6 para. 1 lit. b GDPR), due to a legal obligation (Art. 6 para. 1 lit. c GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). The processed data includes identification data, contact data, purchase history, usage data of our services and, if applicable, other categories of personal data.

3) Disclosure of personal data to third parties

We disclose your data only when permitted by law.

Within Marc Cain GmbH, only those staff members will receive your data who require this information to comply with our contractual and legal obligations or to carry out their respective duties (e.g. sales and marketing).

We may also disclose your data to the following other parties:

  • our contract processors (Art. 28 GDPR), especially regarding IT services, logistics, print services, financial and debt collection service providers who process your data based on our instructions
  • Payment service providers
  • Credit agencies
  • Shipping services 
  • Public authorities and institutions (such as financial authorities), where required by law or an authority

3.1) For making payments

We use the following payment processors and payment service providers to fulfil the contract we concluded with you in terms of Art. 6 (1) sentence 1 b) GDPR. To do so, we may need to disclose your personal information such as name, address, e-mail address, credit card and bank account details to the payment service provider or the service provider may collect these details themselves.

3.1.1) Payment processor Adyen N.V.

After having selected the desired form of payment, the payment will be processed by the payment processor Adyen N.V., Simon Carmiggeltstraat 6–50, 1011 DJ Amsterdam, the Netherlands, and we will disclose the information you enter for the payment and your order details to Adyen and to the payment provider you have selected in accordance with Art. 6 (1) sentence 1 a) GDPR (consent) and Art. 6 (1) sentence 1 b) GDPR (processing for performance of a contract). Your data are disclosed for the sole purpose of completing the payment and only to the necessary extent. You can find more information on the privacy policy of Adyen under the following link: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy/update-statement.

We have also concluded a data processing contract with Adyen N.V. as per Art. 28 GDPR in which Adyen N.V. guarantees to process personal data in accordance with the GDPR and as per our instructions. 

3.1.2) Payment service provider Klarna

When selecting the payment service Klarna, your payment will be processed by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). To allow for processing of the payment, your personal information (first and surname, address, e-mail address and IP address) and your order details (e.g. amount, article, type of delivery) will be disclosed to Klarna for an identity and credit check, provided that you have given your express consent in terms of Art. 6 (1) sentence 1 a) GDPR during the order process. You can find a list of credit agencies that will receive your data as part of this process here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit rating information can include probabilities (so-called scores). Where scores determine the result of the credit check, they are based on a scientifically recognised mathematical-statistical process. Scores are calculated including, but not limited to, information such as your address. Klarna will use this information about the statistical likelihood of you defaulting on payments for a substantiated decision on entering into, fulfilling or terminating a contract.

Within Germany, the credit rating agencies listed in Klarna’s privacy policy can be used for identity and credit checks.

You can revoke consent to this use of your data vis-à-vis Klarna at any time. However, Klarna will have the right to continue to process your personal information where necessary to complete the contractually agreed payment.

Your personal data will be processed in accordance with applicable data protection regulations and as per Klarna’s privacy policy for data subjects domiciled in Germany: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

3.1.3) Payment service provider PayPal

If you would like to pay for your order using PayPal, clicking on “PayPal” will take you to the website of PayPal S.à r.l, et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg, where you will be asked to enter/confirm your login and contact information saved with PayPal. 

By using this payment service provider, you agree to the transmission of your personal data as required for processing the payment to PayPal. These data include the IP address, first name, surname, address, e-mail address or any other information that might be required to process the payment. PayPal may disclose the personal data to third parties where a contract to this effect was concluded or where it is required to comply with contractual obligations.

The legal basis for processing personal data is Art. 6 (1) sentence 1 f) GDPR. Using PayPal makes it easier for our customers to pay for the goods they order from us. Using PayPal also helps to prevent fraud.

Right to objection and deletion

If you do not agree to your personal data being processed for these purposes, you can prevent the installation of the cookies by selecting the corresponding settings in your browser. Such revocation has no effect on personal data that must be processed, used or transmitted to make the payment.

You can find the privacy policy of PayPal under the following link: https://www.PayPal.com/de/webapps/mpp/ua/privacy-full.

3.1.4) Payment service provider iDEAL

iDEAL is a payment service of the Dutch payment provider Currence Holding B.V., Beethovenstraat 300 Amsterdam, 1077, the Netherlands and works as follows: When you, the customer, select iDEAL as payment method, you will also have to select the name of your bank and will be referred to the bank’s website. Your bank will tell you the invoice amount and will ask you to enter your account number. This is followed by a two-step authentication process, consisting of a password and debit card. Your bank will then authenticate the transaction in real time and will debit the amount to your account immediately. If the funds available are insufficient, the transaction will be stopped. We will then receive confirmation of payment from your bank. You will also receive a payment confirmation by being automatically redirected from the website of your bank back to our website. However, the payment will be made into an interim account of your bank and is not credited to us until a certain period - up to one week - has passed. 

This allows you to make a direct payment without having to disclose any personal data to us. This information remains solely with your bank as an online banking transaction. 

You can find the privacy policy of iDEAL under the following link: https://www.ideal.nl/en/disclaimer-privacy-statement/.

3.2 About credit checks

In connection with this contract, we transmit personal data regarding the request of, completion and termination of this business relationship as well as information about non-contractual or fraudulent behaviour to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany. The legal basis for such disclosure are Art. 6 (1) b) and f) GDPR. We also exchange information with CRIF Bürgel GmbH to comply with legal obligations regarding credit checks (sec. 505a and 506 Bürgerliches Gesetzbuch, BGB (German Civil Code)). 

CRIF Bürgel GmbH processes the data they receive and also stores them to create profiles (Scoring) in order to provide its clients in the European Economic Area and Switzerland as well as in any third countries (if an adequacy decision was made by the European Commission for the country in question) with information, including for the assessment of creditworthiness of natural persons. You can find more information on the activities of CRIF Bürgel GmbH in their information leaflet or online under www.crifbuergel.de/de/datenschutz.

The legal basis is Art. 6 (1) b) and f) GDPR. This is permissible as a way to protect your identity and to prevent attempted fraud at our expense. Our enquiry and its result will be saved in your customer account for the duration of the contract. During the order process, we will also check your credit history so that only the payment methods that you can use will be displayed to you.

3.3. Shipping your order

To ship your orders, we will communicate your delivery address and your e-mail address to our shipping provider, usually DHL Vertriebs GmbH, Charles-de-Gaulle-Straße 20, 52113 Bonn, Germany, for the sole purpose of shipping the goods and advising you of the delivery. The shipping provider is subject to postal privacy regulations.

The legal basis for such disclosure are Art. 6 (1) b) and f) GDPR. 

3.4. Other purposes

Apart from the above, we will only disclose your personal data to third parties, if:

  • you have granted your express consent in terms of Art. 6 (1) sentence 1 a) GDPR;
  • they must be disclosed pursuant to Art. 6 (1) sentence 1 f) GDPR to assert, exercise or defend legal claims and if there is nothing to suggest that you have an overriding protectable interest in not having your personal details disclosed; and
  • if we are legally obliged to disclose such information pursuant to Art. 6 (1) sentence 1 c) GDPR.

4) Protection of data through encryption

SSL and TLS encryption 

For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us - the website operator - the website uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in the browser line. 

When SSL or TLS encryption is activated, data that you transmit to us cannot be accessed by third parties. 

Encrypted payment processes on this website 

If and when you have to enter payment information (such as account number for direct debit) after having concluded a contract with payment obligations, this information is required to process the payment. 

Any payments using standard payment methods (Visa/MasterCard, direct debit) are only ever processed via encrypted SSL or TLS connections. You can recognise an encrypted connection by the address line of the browser changing from “http://" to “https://" and by the lock symbol in the browser line. 

When communication is encrypted, payment data that you transmit to us cannot be accessed by third parties. 

Apart from the above, we take suitable technical and organisational action to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We improve our safety measures in accordance with technological progress.

5) How long will my data be stored?

Where necessary, we will process your personal data for the duration of our business relationship, including the preparation and performance of a contract. Furthermore, we are subject to various retention and documentation obligations as specified by, amongst others, the Handelsgesetzbuch, HGB (German Commercial Code). According to those provisions, retention and documentation periods vary between two and ten years. Ultimately, how long your data is stored for is also determined by statutory limitation periods, for example pursuant to sec. 195 et seq. BGB; this is usually three years but can be up to thirty years in particular cases.

6) Is information transferred to a third country or an international organisation?

We will only transfer your data into countries outside the European Economic Area – EEA (third countries) if necessary to complete your order, required by law or if you have agreed to us doing so. To learn more about transmission in connection with tracking and analysis tools and social media components on our website, please see our notice under https://www.marc-cain.com/Tracking.

7) What are my rights under data protection law?

Where the legal requirements specified in Art. 15 et seq. GDPR are met, you have the following rights regarding your personal data that we save (so-called data subject rights):

  • You can at any time demand information as to whether and what categories of personal data we store about you, for what purpose we process these and which categories of recipients receive personal data. You can also request access to these personal data as regulated in Art. 15 GDPR (right to access).
  • Where legal requirements are met, you are also entitled to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and to have processing of your personal data restricted (blocked) (Art. 18 GDPR).
  • Furthermore, Art. 20 GDPR grants you the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format; you may also transfer your personal data or have it transferred to a third party (right to data portability).
  • You may also revoke any consent you granted at any time.

Right to object

Where we process your personal data based on a legitimate interest in terms of Art. 6 (1) sentence 1 letter f) GDPR, Art. 21 GDPR gives you the right to object to the processing of your personal data on grounds resulting from your specific situation or if you are objecting to direct marketing. In the latter case, you have a general right to object that we will honour without proof of specific circumstances.

You can file your objection with [email protected] or by letter to the address given above.

To assert your rights as a data subject, you can contact us at any time by writing to [email protected]

  • Furthermore, you have the right to file a complaint with the data protection supervisory authority if you are of the opinion that the processing of your personal data violates data protection law. You can find a list of data protection officers and their contact details under the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

8) Am I obliged to disclose information?

To do business with us, you will only have to provide those personal data that are needed to initiate, complete and terminate a business relationship or the data that we are by law required to collect.

Usually, we will have to refuse conclusion of a contract or completion of an order if you do not provide this information, or an already existing contract can no longer be completed and may need to be terminated early.

9) Are automated decisions made in individual cases?

We generally do not use automated systems to make decisions regarding business relationships in terms of Art. 22 GDPR. If we do use such systems in individual cases, we will notify you hereof separately in advance, if and when required by law.

10) To what extent will my data be used to create profiles?

We process some of your data automatically with the goal of evaluating personal aspects (so-called ‘profiling’ in terms of Art. 4 no. 4 GDPR). For example, we use profiling to determine your potential interest in our products and services. Such analysis is based on statistical procedures based on present and past customer information. We will use the results to send you more targeted messages.

11) Amending this privacy notice

We reserve the right to amend this privacy notice in the future. Please be sure to check the privacy notice on a regular basis when you visit our website.