1) General Information
Marc Cain GmbH takes the protection of your personal data and your right to protection of these data very seriously. When you visit the Marc Cain website (www.marc-cain.com) and/or the online shop on the website, Marc Cain will only collect, process and use your personal data in accordance with the principles set out below and in compliance with legal data protection regulations, especially the General Data Protection Regulations (hereinafter: “GDPR”), the Bundesdatenschutzgesetz (German Federal Data Protection Act) and the Telemediengesetz (German Telemedia Act).
The purpose of this privacy notice is to inform you, our existing and potential clients and applicants of how we process your personal data and of what your rights are. Where necessary, this notice will be updated and published on www.marc-cain.com. On that website, you can also find additional information on cookies, web analysis tools and social media.
1.1) Personal data
“Personal data” is defined in Art. 4 (1) GDPR. “Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This includes your name, date of birth, phone number as well as postal and e-mail addresses. But personal data can also be your IP address, the operating system or the browser of your end device, if these data can be used to identify you.
1.2) Data controller
Contact information for the data controller:
Address as above: “c/o Data Controller”, e-mail: [email protected]
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Processing personal data as well as forms and purpose of use
Our website contains a range of features that you can use in a variety of ways. Depending on how you contact us and which features you use, we will process different personal data collected from different sources.
Much of the data we process are entered by you when you use our features or contact us, for example when you register for our website and provide your e-mail or postal address in the process. We also receive technical information and access data that we collect automatically when you visit our website. Such data can include information on what kind of device you are using. Some data we collect through own data analyses (e.g. as part of marketing surveys and click-and-link profiling). We also receive your personal data from third parties, including credit agencies and payment service providers.
Please find below information on the various ways in which we process your personal data as well as on forms and purposes of processing.
2.1) Data processing when you visit our website
When you visit our website www.marc-cain.com, the browser you use on your end device will automatically send information to the server of our website. This information is stored temporarily in a so-called log file. The following information is collected without you doing anything and will be saved until it is deleted automatically:
- IP address of the accessing device;
- Date and time of your access request;
- Name and URL of the accessed file;
- Website from which you access our website (referrer URL);
- Amount of data transmitted;
- Operating system of your device;
- Type and version of your browser, name of your access provider.
We process the information listed above for the following purposes:
- Ensuring smooth access to the website;
- Ensuring comfortable use of our website;
- Analysis of system security and stability;
- Administrative purposes;
- Analyses of user behaviour and aligning our content accordingly.
This information is saved for no more than 14 days and then deleted automatically.
The legal basis for processing the information in the server logfiles is Art. 6 (1) first sentence f) GDPR that permits a processing of personal data for our “legitimate interest”, provided that your basic rights and freedoms or interests do not take precedence. Our legitimate interest is the easy and secure administration of our website and the measurement, analysis and improvement of our website.
We offer our website through the web hosting service provider ScaleCommerce GmbH, Fraunhoferstraße 23A, 10587 Berlin, Germany. The personal data collected on this website are stored on the servers of this web hosting provider. Such data in particular includes IP addresses, contact requests, meta and communication data, contract information, contact data, names, website access information and other data generated by a website. It is in our legitimate interest in terms of Art. 6 (1) f) GDPR to commission a web hosting service.
We have also concluded a data processing contract with ScaleCommerce in which the web hosting provider guarantees to process personal data in accordance with the GDPR and as per our instructions and, especially, to not disclose this data to third parties.
2.2) Contact form
We offer you the option to use a contact form to contact us. When using this form to send us your enquiries, we will need your name, e-mail address, subject and content of your message (mandatory fields marked with an *) to be able to replay to your enquiry. Any further information, such as your postal address or your phone number, is not collected, unless you provide this information voluntarily.
We will only use the information submitted with the contact form to process your enquiry.
You can only submit your query with the contact form when you have agreed to and accepted this Privacy Notice by opting in.
The information you submit to us will not be shared with third parties.
The legal basis is, on the one hand, your consent in terms of Art. 6 (1) sentence 1 a) GDPR and, on the other hand, Art. 6 (1) sentence 1 f) GDPR. Processing your enquiry in due form is a legitimate interest in the sense of the GDPR. If you contact us in connection with a contract you concluded with us, the legal basis for data processing is Art. 6 (1) sentence 1 b) GDPR or in other words, that contract.
You can withdraw your consent to the processing of data for the above purpose free of charge by sending a brief message to this effect to [email protected]. Such withdrawal of consent will not affect the lawfulness of any data processing during the time before you withdrew consent.
Please note, however, that we will no longer be able to process your enquiry as soon as you withdraw consent. If you do not withdraw consent, your data will be deleted after your enquiry ticket was closed.
2.4) Information on us using your personal data when you create a customer account
We will only need your
- e-mail address and
- a password as mandatory information if you wish to create a customer account.
You can add voluntary information (such as name, billing and delivery address, date of birth, phone number and your local Marc Cain store), but none of this information is mandatory.
We process this data to:
- identify you as one of our customers;
- allow you to log into your customer account; and
- for other administrative purposes.
You can log into your customer account with your e-mail address and password at any time. Please treat your personal log in information as confidential; especially, do not give this information to unauthorised third parties. We cannot accept liability for misuse of passwords. Please note that you will remain logged into your account when you close our website unless you actively log out.
Once the customer account was created, you do not need to enter the information again.
By registering as a user, you will have access to the following: Overview over your orders, managing your address details, personal wish list, delivery to Marc Cain store, order history, ordering from the Marc Cain online shop.
You can choose if you want to create a customer account; this is based your consent in terms of Art. 6 (1) sentence 1 a) GDPR.
Customer master data saved in your customer account with your consent in terms of Art. 6 (1) sentence 1 a) GDPR will be stored for future orders until you revoke consent. To revoke consent, please e-mail mailto:[email protected][email protected].
If you revoke consent, we will only save the necessary details about your order if needed to fulfil a contract based on Art. 6 (1) sentence 1 b) GDPR or if and when we are obliged under Art. 6 (1) c) GDPR to save such information for longer due retention and documentation obligations under tax and commercial law.
2.5) Information on us using your personal data when you place and we complete an order
We will process the following mandatory information when you place an order in the Marc Cain online shop on our website or by phone via our hotline, be it as a guest or as a registered customer:
- Your name (first name and surname);
- Your address and delivery address;
- Your e-mail address as mandatory information; and
- any other information you choose to provide, such as your phone number (mandatory when ordering by phone?) or your date of birth
We will also save the order number as well as date and time at which you placed the order.
Any personal details marked as mandatory are required to process your order. If you do not submit this information, it might be that we cannot conclude the contract with you. Any other personal details are entered voluntarily and we will mostly use these to address you personally or in a more customised manner or to improve your service experience, for example through feedback requests (Art. 6 (1) f) GDPR).
In order to ensure that our customers receive the best possible service, we will disclose the details to other companies within the framework of the law, but only for contract performance and only to the necessary extent; such companies can be companies responsible for delivering the goods or the credit institute handling the payment. We will ensure that your details are only processed in accordance with our instructions.
We use the services of payment service providers so that you can pay for your order. These are listed below:
- Adyen N.V., Simon Carmiggeltstraat 6–50, 1011 DJ Amsterdam, the Netherlands
- PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, Luxembourg
- Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
- iDeal: Currence Holding B.V., Beethovenstraat 300 Amsterdam, 1077, the Netherlands.
We usually have our goods delivered by DHL Vertriebs GmbH, Charles-de-Gaulle-Straße 20, 52113 Bonn, Germany.
We sometimes conduct a credit check in individual cases, usually via CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany.
Please see section 3) Disclosure of personal data to third parties for more information.
Your data will not be disclosed to any other third parties, including for advertisement purposes, without your express permission.
Data processing is based on Art. 6 (1) sentence 1 b) GDPR that permits the processing of data to fulfil a contract or to complete pre-contractual measures.
Unless we use your contact details for advertisement purposes (see sections 2.6) and 2.7) below), we will save the details we collected to fulfil the contract until the end of any legal or contractual warranties and guarantees. Once these have expired, we will store the contract information that is required under commercial and tax law in blocked form for the periods specified by law based on Art. 6 (1) c) GDPR. During this period (usually six or ten years after the end of the year in which the contract was concluded), we will only process the data in the event of a review by the financial administration authority.
2.7) E-mail advertisement in terms of sec. 7 (3) Unlauterer Wettbewerbsgesetz, UWG (German Unfair Competition Act) / postal advertising
Within the scope of the legal permission pursuant to sec. 7 (3) UWG in conjunction with Art. 6 (1) sentence 1 f) GDPR and irrespective of subscriptions to our newsletter (unless you have already objected to receiving newsletters at a previous point), we are allowed to use the e-mail address that you entered when ordering products from our online shop for direct advertisement for similar products or services from our own range on a regular basis.
In general, you will only receive product recommendations by e-mail for up to one year after your last purchase or after the last time you used one of our services.
Right to object
If you no longer wish to receive advertisements for similar products and services per e-mail, you can object to this use of your e-mail address with effect for the future at any time, without incurring any costs other than transmission fees at the general rates.
You only need to click on the unsubscribe link at the end of every e-mail or simply send an e-mail to [email protected]. Once you communicate your objection, the e-mail address in question will no longer be used for further advertisement-based data processing.
Irrespective of whether you have signed up for our newsletter or not, we will send you - our customer - regular advertisements by post for products or services you might find interesting, unless you have already objected to such advertisement in the past.
We will use your postal address that you entered when ordering goods through our online shop.
The legal basis for sending advertisement by post is our legitimate interest in terms of Art. 6 (1) sentence 1 f) GDPR.
Right to object
If you no longer wish to receive advertisements by post, you can object to this with effect for the future at any time, without incurring any costs other than transmission fees at the general rates.
To revoke consent, please e-mail [email protected].
Where we use external contract processors for direct marketing, these are contractually bound in accordance with Art. 28 GDPR.
2.8) Using the live video help system
Where the data collected in this context can be used to identify a person, they are processed based on our legitimate interest in terms of Art. 6 (1) sentence 1 f) GDPR to offer an effective customer service and to conduct statistical analyses of user behaviour for optimisation purposes.
2.9) Data processing of applications in the hiring process
The information below gives you an overview over how we process your personal information when you apply for a job at Marc Cain.
We process the following data or categories of data when hiring:
- Applicant master data (first name, surname, title, e-mail address, phone number, address, date of birth, nationality)
- Qualification information (cover letter, motivation letter, CV, employment history, professional qualifications and skills)
- Voluntary information, such as a photo of the applicant
- Additional information depending on the job opening, such as a driver’s licence
- Communication between you and us in connection with your application
- Any other publicly available job-related information
We process your data to select personnel to fill vacancies, i.e. to initiate employment.
The legal basis for processing is sec. 26 (1) Federal Data Protection Act. If you have granted us your voluntary permission to process certain data, this consent in terms of Art. 6 (1) sentence 1 a) will be the legal basis for data processing.
In some cases, we process your data to safeguard our legitimate interests, such as asserting, exercising or defending legal claims in connection with the application.
Your data will mainly be processed by our internal Human Resources department.
We use the external service provider Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria, who operates the e-recruiting system Prescreen under the domain name *.jobbase.io where companies post job openings and receive and manage applications. Jobbase.io is the central platform for our applications management. When you use our online form, your personal data will be directly saved by *.jobbase.io. Applications received by post or e-mail will also be entered into the e-recruiting system.
You can access, edit or update the information you entered into your online application at any time.
If you do not make any changes to your candidate profile, for example completing an open application, starting a new application or editing the information for a current application, your data will be deleted six months after the end of your last active application process.
You can request deletion of your applicant profile and your application documents at any time by e-mail to [email protected]. Once the request for deletion is received, you will be told when exactly the information will be deleted and your data will be deleted automatically according to specific conditions.
In this role, Prescreen will only process personal data by order of Marc Cain as our contract data processor in terms of Art. 4 no. 8 GDPR.
We will save your personal data for as long as we need to when deciding on your application, unless you request deletion before such time.
If we do not offer you employment, we will usually store your details for six months after completion of the application process where this is necessary to defend any legal claims that are asserted.
If you have applied for multiple roles, your documents will be deleted automatically six months after you have been sent the refusal for your last open application. We will notify you by e-mail that your files have been deleted.
If we offer you employment, we will store both your application and all information necessary for your employment until you stop working for us.
There is no legal obligation for you to disclose your personal data, but this is necessary for the application process.
3) Disclosure of personal data to third parties
We disclose your data only when permitted by law.
Within Marc Cain GmbH, only those staff members will receive your data who require this information to comply with our contractual and legal obligations or to carry out their respective duties (e.g. sales and marketing).
We may also disclose your data to the following other parties:
- our contract processors (Art. 28 GDPR), especially regarding IT services, logistics, print services, financial and debt collection service providers who process your data based on our instructions
- Payment service providers
- Credit agencies
- Shipping services
- Public authorities and institutions (such as financial authorities), where required by law or an authority
3.1) For making payments
We use the following payment processors and payment service providers to fulfil the contract we concluded with you in terms of Art. 6 (1) sentence 1 b) GDPR. To do so, we may need to disclose your personal information such as name, address, e-mail address, credit card and bank account details to the payment service provider or the service provider may collect these details themselves.
3.1.1) Payment processor Adyen N.V.
We have also concluded a data processing contract with Adyen N.V. as per Art. 28 GDPR in which Adyen N.V. guarantees to process personal data in accordance with the GDPR and as per our instructions.
3.1.2) Payment service provider Klarna
When selecting the payment service Klarna, your payment will be processed by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). To allow for processing of the payment, your personal information (first and surname, address, e-mail address and IP address) and your order details (e.g. amount, article, type of delivery) will be disclosed to Klarna for an identity and credit check, provided that you have given your express consent in terms of Art. 6 (1) sentence 1 a) GDPR during the order process. You can find a list of credit agencies that will receive your data as part of this process here:
The credit rating information can include probabilities (so-called scores). Where scores determine the result of the credit check, they are based on a scientifically recognised mathematical-statistical process. Scores are calculated including, but not limited to, information such as your address. Klarna will use this information about the statistical likelihood of you defaulting on payments for a substantiated decision on entering into, fulfilling or terminating a contract.
You can revoke consent to this use of your data vis-à-vis Klarna at any time. However, Klarna will have the right to continue to process your personal information where necessary to complete the contractually agreed payment.
3.1.3) Payment service provider PayPal
If you would like to pay for your order using PayPal, clicking on “PayPal” will take you to the website of PayPal S.à r.l, et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg, where you will be asked to enter/confirm your login and contact information saved with PayPal.
By using this payment service provider, you agree to the transmission of your personal data as required for processing the payment to PayPal. These data include the IP address, first name, surname, address, e-mail address or any other information that might be required to process the payment. PayPal may disclose the personal data to third parties where a contract to this effect was concluded or where it is required to comply with contractual obligations.
The legal basis for processing personal data is Art. 6 (1) sentence 1 f) GDPR. Using PayPal makes it easier for our customers to pay for the goods they order from us. Using PayPal also helps to prevent fraud.
Right to objection and deletion
If you do not agree to your personal data being processed for these purposes, you can prevent the installation of the cookies by selecting the corresponding settings in your browser. Such revocation has no effect on personal data that must be processed, used or transmitted to make the payment.
3.1.4) Payment service provider iDEAL
iDEAL is a payment service of the Dutch payment provider Currence Holding B.V., Beethovenstraat 300 Amsterdam, 1077, the Netherlands and works as follows: When you, the customer, select iDEAL as payment method, you will also have to select the name of your bank and will be referred to the bank’s website. Your bank will tell you the invoice amount and will ask you to enter your account number. This is followed by a two-step authentication process, consisting of a password and debit card. Your bank will then authenticate the transaction in real time and will debit the amount to your account immediately. If the funds available are insufficient, the transaction will be stopped. We will then receive confirmation of payment from your bank. You will also receive a payment confirmation by being automatically redirected from the website of your bank back to our website. However, the payment will be made into an interim account of your bank and is not credited to us until a certain period - up to one week - has passed.
This allows you to make a direct payment without having to disclose any personal data to us. This information remains solely with your bank as an online banking transaction.
3.2 About credit checks
In connection with this contract, we transmit personal data regarding the request of, completion and termination of this business relationship as well as information about non-contractual or fraudulent behaviour to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany. The legal basis for such disclosure are Art. 6 (1) b) and f) GDPR. We also exchange information with CRIF Bürgel GmbH to comply with legal obligations regarding credit checks (sec. 505a and 506 Bürgerliches Gesetzbuch, BGB (German Civil Code)).
CRIF Bürgel GmbH processes the data they receive and also stores them to create profiles (Scoring) in order to provide its clients in the European Economic Area and Switzerland as well as in any third countries (if an adequacy decision was made by the European Commission for the country in question) with information, including for the assessment of creditworthiness of natural persons. You can find more information on the activities of CRIF Bürgel GmbH in their information leaflet or online under www.crifbuergel.de/de/datenschutz.
The legal basis is Art. 6 (1) b) and f) GDPR. This is permissible as a way to protect your identity and to prevent attempted fraud at our expense. Our enquiry and its result will be saved in your customer account for the duration of the contract. During the order process, we will also check your credit history so that only the payment methods that you can use will be displayed to you.
3.3. Shipping your order
To ship your orders, we will communicate your delivery address and your e-mail address to our shipping provider, usually DHL Vertriebs GmbH, Charles-de-Gaulle-Straße 20, 52113 Bonn, Germany, for the sole purpose of shipping the goods and advising you of the delivery. The shipping provider is subject to postal privacy regulations.
The legal basis for such disclosure are Art. 6 (1) b) and f) GDPR.
3.4. Other purposes
Apart from the above, we will only disclose your personal data to third parties, if:
- you have granted your express consent in terms of Art. 6 (1) sentence 1 a) GDPR;
- they must be disclosed pursuant to Art. 6 (1) sentence 1 f) GDPR to assert, exercise or defend legal claims and if there is nothing to suggest that you have an overriding protectable interest in not having your personal details disclosed; and
- if we are legally obliged to disclose such information pursuant to Art. 6 (1) sentence 1 c) GDPR.
4) Protection of data through encryption
SSL and TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us - the website operator - the website uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in the browser line.
When SSL or TLS encryption is activated, data that you transmit to us cannot be accessed by third parties.
Encrypted payment processes on this website
If and when you have to enter payment information (such as account number for direct debit) after having concluded a contract with payment obligations, this information is required to process the payment.
Any payments using standard payment methods (Visa/MasterCard, direct debit) are only ever processed via encrypted SSL or TLS connections. You can recognise an encrypted connection by the address line of the browser changing from “http://" to “https://" and by the lock symbol in the browser line.
When communication is encrypted, payment data that you transmit to us cannot be accessed by third parties.
Apart from the above, we take suitable technical and organisational action to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We improve our safety measures in accordance with technological progress.
5) How long will my data be stored?
Where necessary, we will process your personal data for the duration of our business relationship, including the preparation and performance of a contract. Furthermore, we are subject to various retention and documentation obligations as specified by, amongst others, the Handelsgesetzbuch, HGB (German Commercial Code). According to those provisions, retention and documentation periods vary between two and ten years. Ultimately, how long your data is stored for is also determined by statutory limitation periods, for example pursuant to sec. 195 et seq. BGB; this is usually three years but can be up to thirty years in particular cases.
6) Is information transferred to a third country or an international organisation?
We will only transfer your data into countries outside the European Economic Area – EEA (third countries) if necessary to complete your order, required by law or if you have agreed to us doing so. To learn more about transmission in connection with tracking and analysis tools and social media components on our website, please see our notice under https://www.marc-cain.com/Tracking.
7) What are my rights under data protection law?
Where the legal requirements specified in Art. 15 et seq. GDPR are met, you have the following rights regarding your personal data that we save (so-called data subject rights):
- You can at any time demand information as to whether and what categories of personal data we store about you, for what purpose we process these and which categories of recipients receive personal data. You can also request access to these personal data as regulated in Art. 15 GDPR (right to access).
- Where legal requirements are met, you are also entitled to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and to have processing of your personal data restricted (blocked) (Art. 18 GDPR).
- Furthermore, Art. 20 GDPR grants you the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format; you may also transfer your personal data or have it transferred to a third party (right to data portability).
- You may also revoke any consent you granted at any time.
Right to object
Where we process your personal data based on a legitimate interest in terms of Art. 6 (1) sentence 1 letter f) GDPR, Art. 21 GDPR gives you the right to object to the processing of your personal data on grounds resulting from your specific situation or if you are objecting to direct marketing. In the latter case, you have a general right to object that we will honour without proof of specific circumstances.
You can file your objection with d[email protected] or by letter to the address given above.
To assert your rights as a data subject, you can contact us at any time by writing to [email protected].
- Furthermore, you have the right to file a complaint with the data protection supervisory authority if you are of the opinion that the processing of your personal data violates data protection law. You can find a list of data protection officers and their contact details under the following link:
8) Am I obliged to disclose information?
To do business with us, you will only have to provide those personal data that are needed to initiate, complete and terminate a business relationship or the data that we are by law required to collect.
Usually, we will have to refuse conclusion of a contract or completion of an order if you do not provide this information, or an already existing contract can no longer be completed and may need to be terminated early.
9) Are automated decisions made in individual cases?
We generally do not use automated systems to make decisions regarding business relationships in terms of Art. 22 GDPR. If we do use such systems in individual cases, we will notify you hereof separately in advance, if and when required by law.
10) To what extent will my data be used to create profiles?
We process some of your data automatically with the goal of evaluating personal aspects (so-called ‘profiling’ in terms of Art. 4 no. 4 GDPR). For example, we use profiling to determine your potential interest in our products and services. Such analysis is based on statistical procedures based on present and past customer information. We will use the results to send you more targeted messages.
11) Amending this privacy notice
We reserve the right to amend this privacy notice in the future. Please be sure to check the privacy notice on a regular basis when you visit our website.