Privacy policy

Privacy Policy

1. Dat privacy at a glance

General notes

The following notes provide a simple overview of what happens with your personal data when you visit this website. Personal data are any data by which you can be personally identified. For detailed information on privacy, please check our Privacy Policy below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data collection on this website is performed by the website operator. Their contact details can be found in the “Name and contact details of the controller” section of this Privacy Policy.

How do we collect your data?

On the one hand, your data are collected when you provide them to us. They may be data you enter in a contact form.

Our IT systems collect other data automatically or with your consent when you visit our website. These are predominantly technical data (e.g. Internet browser, operating system or time of day of the page view) which are collected automatically as soon as you access our website.

For what purpose do we use your data?

Some data are collected to ensure the error-free presentation of the website. Other data may be used to analyse user behaviour. If contracts can be concluded or initiated via the website, the data provided are also processed for offers, orders and other contractual queries.

What are your rights with respect to your data?

You have the right to obtain free of charge information about the origin, recipients and purpose of your stored personal data at any time. You also have the right to request the rectification or erasure of this data. If you have given your consent to the processing of your data, you may withdraw this consent at any time with effect for the future. Under certain circumstances, you also have the right to request the restriction of processing of your personal data. Furthermore, you may submit a complaint to the competent supervisory authority.

You may contact us at any time with regard to this or other questions concerning data privacy.

Analysis tools and tools from third-party providers

When you visit this website, your surfing behaviour may be statistically analysed. This is done by way of analysis programs.

Detailed information about these analysis programs can be found in the following Privacy Policy.

2. Hosting and content delivery networks (CDN)

We host the contents of our websites with the following providers:

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, DO4 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify records your IP address and information about the end device you use and your browser. Shopify also analyses visitor numbers, visitor sources and customer behaviour and prepares user statistics. When you make a purchase on our website, Shopify additionally records your name, email address, delivery and billing address, payment data and other data in connection with the purchase (e.g. phone number, value of transactions to date, etc.). Shopify stores cookies on your browser for analysis purposes.

You will find details in Shopify’s privacy policy at:

https://www.shopify.com/de/legal/datenschutz?country=de&lang=en

The use of Shopify is based on Art. 6 (1) point (f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in ensuring the most reliable possible presentation of the website. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG), to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Cloudflare

We use the Cloudflare service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).
Cloudflare provides a global content delivery network with DNS. The transfer of information between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyse the data traffic between your browser and our website, serving as a filter between our servers and potentially malicious traffic from the Internet. To this end, Cloudflare may use cookies or other technologies to recognise Internet users. However, these will only be used for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR).
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details and further information about security and data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5666.

Amazon CloudFront CDN

We use the content delivery network Amazon CloudFront CDN. Provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “Amazon”).
Amazon CloudFront CDN is a globally distributed content delivery network. Here the transfer of information between your browser and our website is technically routed via the content delivery network. This allows us to increase the global accessibility and performance of our website.
The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR).
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/.
Further information on Amazon CloudFront CDN is available at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.[SS1.1]
The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5776.

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

jsDelivr CDN

When you visit our website, resources (such as jQuery) are downloaded and “cdn.jsdelivr.net” automatically transmits the following data to jsDelivr/Cloudflare:

IP address
Browser type
Browser version
Time stamp
File requested

The legal basis for this is Art. 6 (1) point (f) GDPR.
Further information can be found at: [jsDelivr Privacy Policy] (https://github.com/jsdelivr/jsdelivr/blob/master/Privacy%20Policy.md).

jQuery CDN
When jQuery (e.g. “code.jquery.com” or “cdn.jsdelivr.net”) is downloaded via a content delivery network (CDN), personal data – especially the IP address – are transmitted to the respective CDN provider.
The legal basis for this is Art. 6 (1) point (f) GDPR.

Unpkg – embedding external scripts via unpkg
To optimise the functionality and load speed of our website, we use the unpkg content delivery network (CDN) to provide JavaScript libraries and other resources.
When you access our website, files from the servers of provider unpkg.com are downloaded. This may result in the transmission of personal data such as IP address, browser information, time stamp and perhaps also usage data to unpkg and/or its infrastructure partners (e.g. Cloudflare). Cookies may also be set to enable the technical provision of the website or for analysis.
Processing is based on Art. 6 (1) point (f) GDPR (legitimate interest in the technically secure and efficient provision of our website).
Further information about data processing by the infrastructure partners involved can be found at:

https://www.cloudflare.com/privacypolicy/
https://github.com/mjackson/unpkg

3. General and mandatory information

Data protection

The operator of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with data protection legislation and this Privacy Policy.

When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This Privacy Policy explains which data we collect and what we use them for. It also explains how and for what purpose this is done.

Please note that the transfer of data on the Internet (e.g. in communication via email) may be vulnerable to security gaps. It is impossible to provide absolute protection of data against access by third parties.

Name and contact details of the controller

The controller for data processing on this website is:

MAC Mode GmbH & Co. KGaA

Industriestraße 2

93192 Wald/Roßbach, Germany

Phone: +49 (0) 94638550

Email: kontakt@mac-jeans.com

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. name, email address, etc.).

Duration of storage

Unless this Privacy Policy specifies a more particular duration of storage, your personal data shall be held by us until the purpose of the data processing no longer exists. If you make a justified request for erasure or withdraw your consent to the processing of your data, your data shall be erased unless we have other lawful reasons for storing your personal data (e.g. retention periods specified by tax or commercial law). In the latter case, the data shall be erased once these reasons no longer exist.

General notes concerning the legal basis for data processing on this website

If you have consented to the processing of your data, we shall process your personal data on the basis of Art. 6 (1) point (a) GDPR or Art. 9 (2) point (a) GDPR, unless special categories of data in accordance with Art. 9 (1) GDPR are being processed. If express consent is provided for the transfer of personal data to a third country, the data shall also be processed on the basis of Art. 49 (1) point (a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), the data shall also be processed on the basis of Section 25 (1) TDDDG. This consent may be withdrawn at any time. If your data are required to perform the contract or to take steps prior to entering into the contract, we shall process your data on the basis of Art. 6 (1) point (b) GDPR. We shall also process your data if this is necessary to comply with a legal obligation on the basis of Art. 6 (1) point (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) point (f) GDPR. The relevant legal basis that applies in each case is described in the following paragraphs of this Privacy Policy.

Data Protection Officer

We have appointed a Data Protection Officer:

Datenschutz Symbiose GmbH

Dr Marion Herrmann

Hundingstraße 12

95445 Bayreuth, Germany

Phone: +49 (0) 921 15111100

Email: datenschutz@mac-jeans.com

Notes concerning the transfer of data to third countries designated as not safe in terms of data protection legislation and to US companies that are not DPF-certified

Some of the tools we use are from companies headquartered in third countries designated as not safe in terms of data protection legislation or are US tools from providers that are not certified in accordance with the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We draw your attention to the fact that a data protection level comparable with that in the EU cannot be guaranteed in third countries designated as not safe in terms of data protection legislation.

We draw your attention to the fact that the USA is designated as a safe third country with a data protection level that is generally comparable with that in the EU. Therefore, the transfer of data to the USA is permissible if the recipient is certified in accordance with the EU-US Data Privacy Framework (DPF) or has provided suitable additional guarantees. This Privacy Policy contains information about the transfer of data to third countries including the data recipients.

Recipients of personal data

We work with various external entities in the course of our business operations. In some instances, it may be necessary to transfer personal data to these external entities. We only transfer personal data to external entities if this is necessary to perform the contract, if we are legally obliged to do so (e.g. the transfer of data to tax authorities), if we have a legitimate interest in the transfer in accordance with Art. 6 (1) point (f) GDPR or if there is any other legal basis that permits the data transfer. When using processors, we transfer our customers’ personal data only on the basis of a valid processing agreement. In the case of joint processing, a joint processing agreement shall be concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You may withdraw at any time the consent you have already given. The withdrawal of consent does not affect the lawfulness of data processing that has taken place up until the withdrawal of consent.

Right to object to the processing of data in certain cases and to direct marketing (Art. 21 GDPR)

If the data are processed on the basis of Art. 6 (1) point (e) or (f) GDPR, you shall have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data; this includes profiling based on these provisions. The legal basis for processing can be found in this Privacy Policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection in accordance with Art. 21 (1) GDPR).

If your personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object, your personal data shall no longer be processed for the purposes of direct marketing (objection in accordance with Art. 21 (2) GDPR).

Right to complain to the competent supervisory authority

In the event of infringements of the GDPR, the person affected may lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to complain exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process in an automated way based on your consent or in the performance of a contract handed over to you or a third party in a standard, machine-readable format. If you request the direct transfer of data to another processor, this will be done only inasmuch as it is technically feasible.

Information, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to obtain free of charge and at any time information about your stored personal data, about the origin and recipients of these data and about the purpose of the data processing as well as the right to the rectification or erasure of these data, if applicable. You may contact us at any time with regard to this or other questions concerning personal data.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data. You may contact us at any time in this regard. The right to restriction of processing exists in the following cases:

If you contest the accuracy of the personal data stored by us, we usually need some time to review this. For the duration of this review, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of processing instead of erasure.
If we no longer need your personal data for the purposes of the processing but they are required for the establishment, exercise or defence of legal claims, you have the right to request the restriction of processing of your personal data instead of erasure.
If you have objected to processing pursuant to Art. 21 (1) GDPR, your interests must be weighed against our interests. As long as it is not clear who has the overriding interests, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data may, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

For reasons of security and to protect the transfer of confidential content such as orders or enquiries which you submit to us as the website operator, this page uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If the conclusion of a contract against payment results in an obligation to provide us with your payment data (e.g. account number for a direct debit authorisation), these data are required for processing the payment.

Payment transactions using customary methods of payment (Visa/Mastercard, direct debit) take place exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Encrypted communication means that the payment data you transmit to us cannot be read by third parties.

Objection to promotional emails

We herewith object to the use of contact data published in connection with our obligation to post an imprint in order to send advertising and information material that has not been expressly requested. The operators of the websites expressly reserve the right to take legal steps if they receive advertising information materials such as spam emails which have not been requested.

4. Data collection an this website

Cookies

Our website uses cookies. These are small data packets that will not damage your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically erased at the end of your visit. Permanent cookies remain stored on your end device until you erase them yourself or they are erased automatically by your web browser.

The cookies may be placed by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies make it possible to integrate certain third-party services in websites (e.g. cookies for payment services).

Cookies have various functions. Many cookies are a technical necessity. Without them, certain website functions (e.g. the shopping basket or video playback) would not be possible. Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies required for communicating electronically, for providing certain functions that you want (e.g. the shopping basket) or for optimising the website (e.g. cookies to measure the web audience) are essential cookies that are stored on the basis of Art. 6 (1) point (f) GDPR unless a different legal basis is given. The website operator has a legitimate interest in storing essential cookies to ensure the technically error-free and optimised provision of their services. If consent is requested for storing cookies and comparable recognition technologies, processing shall be solely on the basis of this consent (Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG); this consent may be withdrawn at any time.

You can adjust your browser settings so that you are informed when cookies are placed, cookies are only accepted on a case-by-case basis, cookies are excluded in certain cases or in general and cookies are automatically erased when you close your browser. Deactivating cookies may restrict the functions of this website.

This Privacy Policy describes the cookies and services used on this website.

Consent via Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of specific cookies on your terminal or to the use of specific technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, URL: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”). Usercentrics uses Google’s CDN to provide its services (see section 3).

When you enter our website, the following personal data are transferred to Usercentrics:

your consent(s) or the withdrawal of your consent(s)
your IP address
information about your browser
information about your terminal device
time of your visit to the website

Additionally, Usercentrics stores a cookie in your browser so it can properly allocate your consents or their withdrawal. The data collected in this way are stored until you request that we erase them, you erase the Usercentrics cookie yourself or the purpose of the data storage no longer applies. This does not affect mandatory statutory retention periods. Usercentrics is used for obtaining the legally required consents for the use of specific technologies. The legal basis for this is Art. 6 (1) point (c) GDPR.

Order processing

We have concluded an data processing agreement (DPA) with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

GDPR Legal Cookie by Shopify

Our website uses the GDPR Legal Cookie by Shopify to obtain your consent to the storage of specific cookies on your terminal or to the use of specific technologies and to document these in compliance with data protection regulations. The provider of this technology is beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz, Germany (hereinafter referred to as “beeclever”).

When you enter our website, a connection is established to the beeclever servers. In this way, beeclever receives personal data such as the browser used, the IP address and a time stamp. A cookie is then stored in your browser so it can properly allocate your consents or their withdrawal. The data collected in this way are stored until you request that we erase them, you erase the cookie yourself or the purpose of the data storage no longer applies. This does not affect mandatory statutory retention periods. Details can be found at:

https://apps.shopify.com/gdpr-legal-cookie

The GDPR Legal Cookie by Shopify is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) point (c) GDPR.

Order processing

We have concluded an order processing (OP) agreement for the use of the above-mentioned service. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Tools for implementing digital accessibility

Accessibly

In our online shop, we use the Accessibly app from On The Map Marketing / Accessibly, provided via the Shopify App Store. This app helps us to improve the accessibility of our online shop and provide users with additional functions to facilitate use of the website. According to the provider, these include specifically an accessibility widget with selectable display and operating aids as well as background functions to improve the website’s usability.
In the course of using the app, the following personal data in particular may be processed:

IP address
device and browser information
usage data concerning interaction with the accessibility widget
perhaps also other technical connection data that are required to provide and improve the service

The app provides users with functions for the more accessible display and operation of the website. These may include adaptations of the display or other support functions. In this connection, it may be technically necessary to process usage and device data in order to provide the widget, apply the selected settings and ensure service functionality. In its privacy policy, Accessibly describes in general terms the recording of personal data to provide and improve the service.

Processing is performed by the app provider on our behalf. A transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses. In its privacy policy, Accessibly refers in general terms to the processing of personal data in the context of the service. However, this publicly accessibly information does not provide much detail about the specific data categories for each Shopify use scenario.

The legal basis for processing the data is our legitimate interest in accordance with Art. 6 (1) point (f) GDPR in order to improve the accessibility and usability of our online shop and provide our online offering in the most accessible way possible. If, in individual cases, accessing the information on the user’s end device is not absolutely technically necessary, this shall be done only on the basis of the corresponding consent. This legal classification is derived from data privacy law. The product description presents Accessibly as a tool for improving accessibility and WCAG/ADA support.

Further information about the processing of data can be found in the privacy policy of Accessibly:
https://accessiblyapp.com/privacy-policy/

Server log files

The provider of the pages automatically collects and stores information in so-called server log files which your browser automatically transmits to us. These are:

browser type and version
operating system used
referrer URL
host name of the accessing computer
time of server request
IP address

These data are not merged with other data sources.

The recording of this data is based on Art. 6 (1) point (f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of its website. To this end, the server log files must be recorded.

Contact form

When you send us enquiries via contact form, we will store the information you have supplied in the contact form, including your contact data, for the purpose of processing your enquiry and for any follow-up question that may arise. We will not forward this data without your consent.
This data is processed on the basis of Art. 6 (1) point (b) GDPR if your enquiry relates to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) point (f) GDPR) or on your consent (Art. 6 (1) point (a) GDPR) if it has been requested. This consent may be withdrawn at any time.
The data you entered in the contact form remain with us until you request that we delete them, withdraw your consent to their storage or until the purpose for the data storage no longer applies (e.g. after the processing of your enquiry has been completed). This does not affect statutory provisions, especially those concerning retention periods.

Query by email, telephone or fax

When you contact us by email, telephone or fax, your enquiry including all personal data resulting from this (name, query) is stored and processed by us so we can handle your request. We will not forward this data without your consent.
This data is processed on the basis of Art. 6 (1) point (b) GDPR if your enquiry relates to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) point (f) GDPR) or on your consent (Art. 6 (1) point (a) GDPR) if it has been requested. This consent may be withdrawn at any time.
The data you sent us via contact enquiries remain with us until you request that we delete them, withdraw your consent to their storage or the purpose for the data storage no longer applies (e.g. after the processing of your order has been completed). This does not affect statutory provisions, especially those concerning retention periods.

Registration on this website

You can register on this website to use its additional functions. We will only use the data you provide for the offer or service for which you have registered. On registration, you must provide all the mandatory information. If not, we will decline your registration.
If we make any major changes to the scope of the offer or essential technical changes, we will notify you of this using the email address you provide on registration.
The data you provide on registration are processed for the purpose of implementing the user relationship established by registration and possibly also to initiate further contracts (Art. 6 (1) point (b) GDPR).
The data recorded on registration will be stored by us for as long as you are registered on this website. Thereafter they will be erased. This shall not affect statutory retention periods.

5. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool which enables us to install tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, stores no cookies and does not perform any analyses of its own. It only serves to manage and use the tools that are embedded in it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) point (f) GDPR. The website operator has a legitimate interest in the rapid and uncomplicated integration and administration of various tools on their website. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at:

https://www.dataprivacyframework.gov/participant/5780

Google Analytics

This website uses various functions of Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics enables the website operator to analyse the behaviour of the website visitors. The website operator receives various usage data, such as pages viewed, operating systems used and origin of the user. This data is allocated to the user’s respective terminal device. It is not allocated to a user ID.

Google Analytics also enables us to record your mouse movements, scrolling and clicks. Moreover, Google Analytics uses various modelling approaches in order to augment the datasets collected and employs machine learning technologies for the data analysis.

Google Analytics uses technologies which facilitate user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). As a rule, the information about your use of this website that Google has collected is transferred to and stored on a Google server in the USA.

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://privacy.google.com/businesses/controllerterms/mccs/

https://www.dataprivacyframework.gov/participant/5780

IP anonymisation

Google Analytic IP anonymisation is activated. In the Member States of the European Union and in other States party to the Agreement on the European Economic Area, your IP address will be truncated by Google prior to transfer to the USA. In exceptional cases, the full IP address will be transferred to a Google server in the USA and truncated there. Acting on behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports about website activities and provide the website operator with other services associated with the use of the website and the Internet. The IP address transmitted from your browser by Google Analytics will not be merged with other Google data.

Browser add-on

You can prevent the recording and processing of your data by Google by downloading and installing the browser add-on available at:

https://tools.google.com/dlpage/gaoptout?hl=en-GB

You will find more information about how Google Analytics handles user data in Google’s privacy policy at:

https://support.google.com/analytics/answer/6004245?hl=en

Google Signals

We use Google Signals. When you visit our website, Google Analytics records information such as your location, search history and YouTube history as well as demographic data (visitor data). With the help of Google Signals, these data can be used for personalised advertising. If you have a Google account, the visitor data are then linked to your Google account by Google Signals and used for personalised advertising messages. The data are also used for compiling anonymised statistics regarding the user behaviour of our users.

Order processing

We have concluded a data processing with Google and, in using Google Analytics, comply with the stringent requirements of Germany’s data protection authorities.

Google Analytics ecommerce metrics

This website uses the Google Analytics ecommerce metrics function. This enables the website operator to analyse the purchasing behaviour of website visitors in order to improve online marketing campaigns. The information recorded includes the orders placed, the average order value, shipping costs and the time elapsed between viewing and purchasing a product. These data may be summarised by Google using a transaction ID allocated to the specific user or their device.

Microsoft Advertising

The website operator uses Microsoft Advertising. This is an online advertising program from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising makes it possible to display advertisements in the Bing search engine or on third-party websites when the user enters specific search terms (keyword targeting). Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Microsoft (audience segmentation targeting). As the website operator, we can perform a quantitative assessment of these data, for example, by analysing which search terms resulted in our advertising being displayed and how many views resulted in clicks.

On this website, we use Universal Event Tracking (UET) from Microsoft Advertising. Pseudonymised data are recorded to track which actions you perform on our websites after clicking an advertisement from Microsoft Advertising. UET records your IP address (anonymised), device identification, information about device and browser settings, Microsoft Click ID (stored in a cookie), dwell time on the website, the areas of the website viewed, the advertisement from which you accessed the website and the keywords clicked.

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://learn.microsoft.com/en-gb/compliance/regulatory/offering-eu-model-clauses

https://www.dataprivacyframework.gov/participant/6474

Order processing

Microsoft Clarity

On our website, we use Microsoft Clarity, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). Clarity enables us to analyse user behaviour on our website (e.g. click behaviour, scrolling, interactions) and to create heatmaps and session replays. In this way, we can improve the user friendliness of our website.

Clarity uses cookies and similar technologies to process the personal data of website visitors, especially:

abbreviated IP address
technical information about the browser and end device
usage data (e.g. mouse movements, pages viewed, interactions),
time and duration of the visit

We have configured Clarity so that input fields, sensitive data and personal content are masked or not recorded as standard. Microsoft can also use the information recorded for its own purposes such as product improvement and error analysis.
The legal basis for using Clarity is your consent in accordance with Art. 6 (1) point (a) GDPR, which you may withdraw at any time via our consent management tool.
Data transfer to the USA: Data may also be processed in the USA. Microsoft is certified in accordance with the EU–US Data Privacy Framework (DPF), thereby ensuring an adequate level of data protection in accordance with Art. 45 GDPR. We have also concluded a data processing agreement with Microsoft (Art. 28 GDPR).
Further information about data processing by Microsoft can be found in Microsoft’s privacy policy at: https://privacy.microsoft.com/en-us/privacystatement and in the Clarity privacy policy at: https://learn.microsoft.com/en-us/clarity/.

Matomo

This website uses Matomo, an open-source web analytics service.

Matomo enables us to record and analyse data about our visitors’ use of our website. In this way, we can identify when which pages were viewed and from which region. We also record various log data (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain activities (e.g. clicks, purchase transactions, etc.).

The use of this analysis tool is based on Art. 6 (1) point (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise its website and its advertising. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

IP anonymisation

We use IP anonymisation when performing analyses with Matomo. Your IP address will be truncated before the analysis so that it can no longer be assigned to you.

Hosting

We host Matomo solely on our own servers which means that we retain all analytical data and do not transfer them to third parties.

Google Ads

The website operator uses Google Ads. This is an online advertising platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms (keyword targeting). Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Google (audience segmentation targeting). As the website operator, we can perform a quantitative assessment of these data, for example, by analysing which search terms resulted in our advertising being displayed and how many views resulted in clicks.

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://policies.google.com/privacy/frameworks and

https://business.safety.google/controllerterms/

https://www.dataprivacyframework.gov/participant/5780

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Conversion Tracking enables us and Google to identify if the user has performed certain actions. In this way, we can evaluate how frequently buttons on our website are clicked and which products are viewed or purchased especially frequently. This information is used to prepare conversion statistics. We can see the total number of users who have clicked on our ads and which actions they have performed. We do not receive any information that enables us to identify individual users. Google itself uses cookies or other recognition technologies for the purposes of identification.

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.
You will find further information about Google Conversion Tracking in Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Klaviyo

We have integrated Klaviyo on this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA (hereinafter referred to as “Klaviyo”).

Klaviyo is a marketing automation tool for sending emails, SMS and push notifications and for recording customer reviews for e-commerce traders.

For this purpose, Klaviyo stores the email marketing consent. In particular, the following data may be processed: name, phone number, email address, address data, IP address, device identification, usage data (e.g. interaction between a user and Klaviyo’s online system, website or email, browser used, operating system used, referrer URL).

Klaviyo uses a bot defence solution to protect sensitive areas such as registration forms, checkout processes and coupon functions.

The use of Klaviyo is based on Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

Further details can be found in the provider’s privacy policy at:

https://www.klaviyo.com/legal/privacy

https://www.dataprivacyframework.gov/participant/6149

The provider uses standard contractual clauses for the transfer of personal data to third countries. Details are available at:

https://www.klaviyo.com/legal/data-processing-agreement

Order processing

Meta Pixel (formerly Facebook Pixel)

This website uses Meta Pixel to measure conversions from visitor activity. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, however, the data recorded are also transferred to the USA and other third countries.

It allows us to track the behaviour of visitors who are redirected to the provider’s website by clicking an ad on a Meta platform. In this way, we can evaluate the effectiveness of Meta advertising for statistical market research purposes so we can optimise future advertising measures.

The data recorded are anonymised so we as the operator of the website are unable to draw any conclusions as to the identity of users. However, the data are stored and processed by Meta which means it is possible to connect them to users’ profiles on Facebook or Instagram, enabling Meta to use the data for its own advertising purposes in line with Meta’s Data Policy ((https://de-de.facebook.com/about/privacy/)). This enables Meta to display ads on Facebook or Instagram and other advertising channels. As the website operator, we are unable to influence this use of the data.

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

We use the Meta Pixel advanced matching function.

Advanced matching enables us to transfer to Meta various types of data (e.g. place of residence, region, postcode, hashed email address, name, gender, date of birth or phone number) that we collect about our customers and potential customers on our website. This enables us to tailor our advertising campaigns on Facebook and Instagram more precisely to those people who show an interest in our offerings. Advanced matching also enhances the allocation of website conversions and enlarges custom audiences.

Insofar as personal data are collected on our website with the help of the tool described here and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). However, our joint responsibility is limited solely to the collection of the data and its transmission to Meta. The processing of the data by Meta is not part of our joint responsibility. Our joint obligations have been set forth in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the secure implementation of the tool on our website in accordance with privacy laws. Meta is responsible for the data security of the Meta products. You can assert data subject rights (e.g. information requests) concerning the data processed by Facebook or Instagram directly with Meta. If you assert data subject rights with us, we are obliged to pass them on to Meta.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://www.facebook.com/help/566994660333381

Meta’s privacy policy provides additional information about how your privacy is protected at: https://www.facebook.com/about/privacy/.

You can deactivate the audience-based advertising function in the ad settings at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this.

If you do not have a Facebook or Instagram account, you can deactivate use-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance at:

https://www.youronlinechoices.com/uk/your-ad-choices

https://www.dataprivacyframework.gov/participant/4452

Meta Conversion API

We have integrated the Meta Conversion API on this website. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, however, the data recorded are also transferred to the USA and other third countries.

The Meta Conversion API enables us to capture the website user’s interactions with our website and transmit them to Meta in order to improve advertising performance on Facebook and Instagram.

To this end, specifically the time of the visit, the website accessed, your IP address and your user agent plus any other specific data (e.g. products purchased, value of the shopping cart and currency) are recorded. You will find a complete list of the data that can be recorded here: http://developers.facebook.com/docs/marketing-api/conversions-api/parameters

Use of this service is based on your consent according to Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG. This consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://www.facebook.com/help/566994660333381

Meta’s privacy policy provides additional information about how your privacy is protected at: https://www.facebook.com/about/privacy.

If you do not have a Facebook or Instagram account, you can deactivate use-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance at:

https://www.youronlinechoices.com/de/praferenzmanagement/

https://www.dataprivacyframework.gov/participant/4452

Order processing

Frizbit

We use Frizbit on our website, a tool from Frizbit Technologies Ltd. for the automated sending of personalised web push notifications, emails and SMS notifications. Frizbit enables us to contact visitors who have left our website, e.g. after cancelling a shopping basket, in the event of product updates or when campaigns are running.

Frizbit processes the following data:

IP address, browser data, device information
consent to push notifications
visitor behaviour (e.g. products viewed, clicks)
possible email address or phone number (if actively provided)

Frizbit uses cookies or your browser’s local memory for recognition purposes. The consent to use web push notifications is given via your browser’s double opt-in function. You can withdraw your consent at any time via your browser settings.

The legal basis for processing your data is Art. 6 (1) points (a) and (f) GDPR.

The data are processed on the provider’s servers. In this connection, it cannot be ruled out that data may be transferred to third countries (e.g. the USA or UK). This is done on the basis of suitable guarantees in accordance with Art. 46 GDPR.

Further information is available in the provider’s privacy policy at: https://frizbit.com/privacy-policy/

6. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we require an email address and information that enables us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. We do not record any other data or do so only on a voluntary basis. We use these data solely for sending the information requested and do not transfer them to third parties.

The data you provide on the newsletter registration form are processed solely on the basis of your consent (Art. 6 (1) point (a) GDPR). You may withdraw the consent given for storing the data, the email address and their use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The withdrawal of consent shall not affect the lawfulness of data processing activities that have already taken place.

Until you unsubscribe from the newsletter, the data you provide for the purpose of receiving the newsletter will be stored by us or our newsletter service provider; it will be erased from the newsletter distribution list if you unsubscribe or if the purpose no longer exists. In the context of our own legitimate interest in accordance with Art. 6 (1) point (f) GDPR, we reserve the right to erase or block email addresses from our newsletter distribution list.

This shall not affect data that we store for other purposes.

Once your name has been removed from our newsletter distribution list, your email address may be stored in a blacklist by us or our newsletter service provider if this is necessary to prevent you receiving future mailings. The data on the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) point (f) GDPR). There is no time limit on inclusion in the blacklist. You may object to the storage of your data if your interest overrides our legitimate interest.

Sending newsletters to existing customers

When you order goods or services from us and provide your email address for this purpose, we may then use this email address to send newsletters, provided we have informed you of this in advance. In such cases, the newsletter will only be used to send direct advertising for our own similar products or services. You may cancel this newsletter at any time using the link provided in each newsletter. In this case, the legal basis for sending the newsletter is Art. 6 (1) point (f) GDPR in conjunction with Section 7 (3) of the German Unfair Competition Act (UWG).

Klaviyo

We use the services of Klaviyo, Inc. (“Klaviyo”) to send newsletters and analyse user behaviour in our online shop for our own advertising and market research purposes. For example, we may analyse how many recipients have opened the newsletter notification and how many clicks there are on which links in the newsletter.

The data you provide in order to receive the newsletter (e.g. email address, order details and customer details) are stored on Klaviyo’s servers in the USA. These data will be stored until you unsubscribe from the newsletter and will then be erased from both our servers and Klaviyo’s servers. This shall not affect data that we have stored for other purposes (e.g. the email address for your “My MAC” login).

7. Add-ons and tools

Google Fonts

This page uses Google Fonts provided by Google to ensure the uniform appearance of fonts. When a page is accessed, your browser downloads the required fonts to your browser cache so that text and fonts are displayed correctly.

To this end, the browser you use must connect to Google’s servers. In this way, Google learns that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 (1) point (f) GDPR. The website operator has a legitimate interest in the uniform appearance of the typeface on its website. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

If your browser does not support Google Fonts, one of your computer’s standard fonts will be used.
Further information about Google Fonts can be found at: https://developers.google.com/fonts/faq and in Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5780.

Google Maps

This website uses Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service enables us to embed map material on our website.

In order to use the functions of Google Maps, your IP address must be stored. As a rule, this information will be transferred to and stored on a Google server in the USA. The website operator has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts to ensure a uniform appearance. When Google Maps is accessed, your browser downloads the required fonts to your browser cache so that text and fonts are displayed correctly.

Google Maps is used in the interest of ensuring the attractive appearance of our online services and to make it easy to locate the places named on our website. This represents a legitimate interest within the meaning of Art. 6 (1) point (f) GDPR. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at:

https://privacy.google.com/businesses/gdprcontrollerterms/ and

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

You will find further information about how Google handles user data in Google’s privacy policy at https://policies.google.com/privacy?hl=en

Friendly Captcha

We use Friendly Captcha on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha verifies whether the data provided on this website (e.g. in a contact form) has been input by a human being or an automated program. To this end, Friendly Captcha analyses the behaviour of website visitors on the basis of various parameters. In this analysis, Friendly Captcha evaluates various items of information (e.g. anonymised IP address, referrer, dwell time, etc.). Further information can be found at: https://friendlycaptcha.com/legal/privacy-end-users/

Storage and analysis of the data are based on Art. 6 (1) point (f) GDPR. The website operator has a legitimate interest in protecting their website from improper automated spying and spam. If consent has been requested, processing shall be solely on the basis of Art. 6 (1) point (a) GDPR and Section 25 (1) TDDDG, to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TDDDG. This consent may be withdrawn at any time.

Powerful Contact Form Builder

On our website, we use the Powerful Contact Form Builder app from PowerfulForm.com (hereinafter referred to as “PowerfulForm”) to provide user-friendly contact forms. You can use these forms to send us questions.

In this connection, the following data (if provided) are processed:

forename, surname
email address
phone number
message content

The data submitted are processed on the provider’s servers and forwarded to us to respond to your question. According to the provider, data may be transferred to third countries outside the EU/EEA.

The legal basis for processing the data is Art. 6 (1) point (b) GDPR concerning the taking of steps prior to entering into the contract and Art. 6 (1) point (f) GDPR concerning our legitimate interest in efficient communication with potential customers or Art. 6 (1) point (a) GDPR concerning your voluntary consent.

Further information about the processing of data by PowerfulForm can be found in the provider’s privacy policy at: https://powerfulform.com/privacy-policy

Freshdesk

We process customer queries using Freshdesk, a cloud-based support tool from Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA.

When you communicate with us – e.g. by email, a contact form or phone – your personal data such as your name, email address, phone number and the content of your query are processed and stored in Freshdesk tickets. This serves to ensure the efficient processing and documentation of support queries.

The legal basis for processing your data is Art. 6 (1) point (b) GDPR concerning contractual queries and Art. 6 (1) point (f) GDPR concerning our legitimate interest in the structured provision of support.

The data are processed by Freshworks as the processor. A transfer of data to the USA cannot be ruled out. This is based on standard contractual clauses in accordance with Art. 46 GDPR and supplementary data protection measures.

Further information about data processing by Freshworks can be found at: https://www.freshworks.com/privacy/

S: Store Locator

On our website, we use the Storeify Store Locator, a tool from Storeify Apps (a provider headquartered in Vietnam). The app displays our stationary locations on an interactive map using Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Calling the page with the embedded map transfers information – especially your IP address and possibly also location data (if authorised by your browser) – to Google servers. This may result in data being transferred to the USA. According to its own information, Google may process these data to optimise its services.

The legal basis for processing data is Art. 6 (1) point (f) GDPR concerning our legitimate interest in the attractive and user-friendly presentation of our locations.

If you do not want your data to be processed by Google, you may prevent the use of external content in your browser settings or via our consent tool.

Further information can be found in Google’s privacy policy at https://policies.google.com/privacy.

Geo IP Redirect

We use the Geo IP Block & Redirect app from ZendApps (EasyLocation), provided via the Shopify App Store, for location-based redirection and optimisation of the user experience.

This app recognises users’ geographical location on the basis of the IP address and facilitates redirection to country-specific language versions and shops. Optionally, access from certain countries can be blocked (geoblocking).

The following information is processed:

IP address
browser language settings
identified geolocation (country, region)

These data are analysed in real time in order to take the appropriate redirection decision. As far as is currently known, the app does not permanently store personal data.

The legal basis is Art. 6 (1) point (f) GDPR concerning our legitimate interest in the optimal provision of country-specific content and the protection against unauthorised access.

The data are processed on the app provider’s servers. A transfer of personal data to third countries outside the EU/EEA cannot be ruled out. Protection may be provided by standard contractual clauses in accordance with Art. 46 GDPR.

More information on the way data are processed by the provider is available at: https://arcafy.com/privacy-policy-geo-ip-block-redirect-supreme/.

Address Ninja

In our online shop, we use the Address Ninja app from Magical Apps, provided via the Shopify App Store. This app supports us in the automatic verification and validation of address data during the checkout process and in blocking potentially invalid or incorrect addresses.
The following personal data may be processed when verifying address data:

forename and surname
street and number
postcode, town, country
perhaps also phone number and email address
IP address (to protect against misuse)

On the basis of defined validation rules, the app reviews the address data provided during the checkout process, identifies invalid, incomplete or impermissible address data and restricts or blocks the order process accordingly. The goal is to avoid invalid orders, delivery problems and improper use, improve the quality of address data and improve the reliability of the order process.

Processing is performed by the app provider on our behalf. A transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses.
The legal basis for processing is our legitimate interest in accordance with Art. 6 (1) point (f) GDPR in order to avoid the provision of incorrect delivery addresses, reduce delivery problems and ensure the reliability of the order process.

Uploadly

In our online shop, we use the Uploadly file upload app from Inspon Tech / WEILAND ENTERPRISES LTD, provided via the Shopify App Store. This app enables our customers to upload files, images or other documents in connection with an order and to link these to the respective order. The app helps us to process individualised or personalised orders.
It may use the following personal data:

files (e.g. images, documents and other product-related uploads) uploaded by users
any personal data that may be contained in the uploaded files
technical connection data required for provision of the upload function

The app provides upload fields on our product pages that customers can use to upload files from their end device or, depending on the function used, via external services. The uploaded files are linked to the respective order and are available to us for further processing. The goal is to facilitate the transmission of product-related files and simplify the processing of personalised orders. The provider describes the app as a solution for uploading images, files and photos related to orders and linking these to the respective order.

Processing is performed by the app provider on our behalf. According to the provider, the uploaded files and associated data are processed by service providers such as DigitalOcean, MongoDB, IONOS SE and Dropbox. In this connection, a transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. The provider states that, depending on the service provider used, the data are stored in data centres in the EU or the USA. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses.

The legal basis for processing is our legitimate interest in accordance with Art. 6 (1) point (f) GDPR in order to enable the upload of files provided by the customer for individualised orders and ensure the reliability and efficiency of our order process. If processing is necessary for the performance of a contract or of pre-contractual measures in connection with a specifically requested individualisation, Art. 6 (1) point (b) GDPR may additionally apply.
Further information about the processing of data can be found in the privacy policy of Uploadly:
https://www.inspon.com/privacy-uploadly.

Omnibus Insight

In our online shop, we use the Omnibus Insight: Price History app from Amasty, provided via the Shopify App Store. This app supports us in implementing the provisions of the European Omnibus Directive / pricing requirement by tracking price changes for products and variants and displaying the lowest price for a given period – usually the last 30 days – on the product website. The app describes its function explicitly as price tracking and display of the lowest price over 30 days or a user-defined period.
In particular, the following data may be processed:

product data
variant data
prices and price changes
information about Shopify Markets or market-specific pricing
technical connection data required for provision of the upload function

The app automatically tracks price changes for products and variants, updates the respective lowest price in real time and displays this on the product pages via a widget. According to the provider, the app also supports Shopify Markets and regional pricing logic. The purpose of the processing is the legally certain and transparent presentation of price reductions and the fulfilment of statutory information obligations to our customers.
Processing is performed by the app provider on our behalf. According to the provider’s publicly accessible information, Amasty’s privacy policy or Amasty’s app-specific privacy policy for Shopify apps shall apply. A transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses. The publicly accessible sources describe Amasty’s data protection rules in general terms but do not provide particularly granular information about each processing step for Omnibus Insight. Therefore, in the event of doubt, this passage should be compared with the contract documents and/or the data processing agreement (DPA).

The legal basis of processing is Art. 6 (1) point (c) GDPR where it serves the legal obligation to ensure transparent pricing and additionally Art. 6 (1) point (f) GDPR where it serves our legitimate interest in the legally certain, transparent and efficient display of prices reductions. Classification as a tool to comply with the Omnibus/pricing requirements derives directly from the app’s product description.

Further information about the processing of data by the provider can be found in the privacy policy of Amasty and/or in the app-specific privacy statement: https://guide.amasty.com/sf/privacy-policy-omnibus-insight.

Stoq: Back In Stock, PreOrder

In our online store, we use the “Stoq: Back In Stock, PreOrder” app from Artos Software (available via the Shopify App Store). The app helps us add interested customers to waiting lists for currently unavailable products, send automatic notifications when items become available again, and, upon request, provide pre-order functionality. According to the app description, notifications can be sent via email or SMS, and wish list and reminder features can be used.
In particular, the following personal data may be processed:

First and last name
Email address
Phone number
Physical address
Geolocation data
IP address
Browser and operating system information

Additionally, the app may access store data such as customer, product, order, and online store data to the extent necessary for setting up and using the features. These data categories result from the app’s access permissions listed in the Shopify App Store.

The app allows customers to sign up for notifications about sold-out products via a “Notify me when available” button. As soon as a product becomes available again, automatic messages can be sent via email or SMS. In addition, the provider describes additional features such as waiting lists, wishlist notifications, reminder messages, multilingual notifications, and synchronization with Klaviyo. The purpose of the processing is to inform interested parties about the availability of products, prevent lost sales, and make the ordering process more user-friendly.

The processing is carried out on behalf of the app provider. In its privacy policy, the provider specifically lists the name and email address provided during account creation, as well as usage data regarding the use of the application. Additionally, data may be shared with third-party providers to the extent that they assist the provider in delivering the service. The transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out in this context. In the absence of an adequacy decision by the European Commission, data transfer takes place on the basis of appropriate safeguards pursuant to Art. 46 GDPR, in particular through the conclusion of so-called standard contractual clauses. In case of doubt, the specific scope of the processing should additionally be compared with the General Terms and Conditions (GTC) or the provider’s contractual documents.

The legal basis for the processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR to provide customers with a notification feature for temporarily unavailable products, to better gauge demand for products, and to reduce lost sales opportunities. To the extent that the notifications are based on an explicit request by the data subject, the processing also serves to provide the specifically requested feature. The app is explicitly described in the Shopify App Store as a solution for back-in-stock alerts, waiting lists, and email and SMS notifications.
For more information on data processing by the provider, please refer to Stoq’s privacy policy:
https://www.stoqapp.com/policy

Mipler Reports

In our online shop, we use the Mipler – Advanced Reports app from Mipler, provided via the Shopify App Store. This app supports us in preparing and evaluating individual reports concerning various areas of our online shop, particularly orders, products, customers, inventories, taxes and commercial performance indicators. According to the provider, information such as datapoints from the Shopify shop – for example, metafields, tags and other shop properties – can be included in user-defined reports.
In particular, the following personal data may be processed:

order data
customer data
product and master data
tax and financial data
metafields, tags and other data fields used in the shop
technical use and connection data, to the extent they are required for the provision of the service

The app accesses available data in the Shopify shop in order to prepare individual evaluations, analyses and reports. According to the description in the Shopify App Store, Mipler can be used particularly to prepare, visualise and export sales, financial, tax, customer and inventory reports. Reports can also be imported directly to Google Sheets. The purpose of the processing is the commercial evaluation of our shop, the optimisation of internal processes and the preparation of individually configurable reports for operational, commercial and analytical purposes.

Processing is performed by the app provider on our behalf. In its privacy policy, Mipler states that personal data may be processed when using the website, SaaS services and the Shopify app. These include in particular device information such as browser data, IP address, time zone and cookie information as well as other information concerning the use of the service. The publicly accessible privacy statement is formulated in general terms for websites, SaaS services and Shopify apps so therefore does not describe every detailed processing step of the reporting app. Therefore, a transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses.

The legal basis for processing is our legitimate interest in accordance with Art. 6 (1) point (f) GDPR in order to perform a structured evaluation of business data, optimise internal processes and prepare commercially relevant reports concerning our online shop. If the processing of individual data categories is relevant for the performance of a contract or for compliance with statutory retention and verification obligations, further legal bases may apply. However, the provider describes the app itself as a reporting and analytical tool for Shopify data.
Further information about the processing of data can be found in the privacy policy of Mipler: https://mipler.com/privacy/.

Channable

In our online shop, we use the Channable app from ProductImpulse B.V. / Channable, provided via the Shopify App Store. This app supports us in the central preparation, optimisation and management of product data for various sales channels, marketplaces and advertising platforms. According to the provider, Channable can be used particularly to manage product feeds, marketplace listings, orders and advertising campaigns based on product data on multiple channels.

In particular, the following data may be processed:

product data
variant and inventory data
prices and market-specific product information
order information if marketplace or order management functions are used
technical connection and usage data
access data and account information in connection with linked third-party platforms, provided the user gives their consent

The app allows us to import product data from our Shopify shop, apply them in rules-based processing, adapt them for different countries and channels and transfer them to marketplaces and advertising platforms. Channable additionally describes functions for managing product listings, synchronising inventories in real time, processing marketplace orders and optimising advertising campaigns based on product data. The purpose of the processing is the central management and optimisation of our product data for external sales channels, the reduction of manual effort and support for consistent multichannel selling.
Processing is performed by the app provider on our behalf. In its privacy policy, Channable states that, in particular, contact and billing data, log data such as IP address, browser type, time stamps and usage information, and data from third-party services authorised by the user may be processed in connection with the service. A transfer of personal data to servers outside the European Union (third-country processing) cannot be ruled out. If no adequacy decision has been taken by the EU Commission, the data transfer takes place on the basis of suitable guarantees in accordance with Art. 46 GDPR, especially the conclusion of standard contractual clauses.

The legal basis for processing is our legitimate interest in accordance with Art. 6 (1) point (f) GDPR in order to structure product data efficiently across multiple channels, keep our offerings on external sales channels updated and optimise our sales and marketing processes. If Channable is also used specifically for processing orders from marketplaces, Art. 6 (1) point (b) GDPR may also apply. Classification as a feed, listing, order and campaign management tool is derived from the official app and integration description.
Further information about the processing of data can be found in the privacy policy of Channable: https://www.channable.com/privacy-policy.

Swish

In our online shop, we provide a wishlist function using the Swish app. The provider of this app is Appmate, 5/15 Bent Street, Coffs Harbour, NSW 2450, Australia.

This function enables you to save products in a personal wishlist so that you can find or share these products at a later point in time. Depending on the user, the following data are processed:

products added to the wishlist
for logged-in customers: assignment of the wishlist to your customer account
for guests: storage via cookies or local browser data (UUID, session ID, etc.)

The data are processed by Shopify systems and may also be transferred to the app provider’s servers in Australia. In accordance with Art. 45 GDPR, Australia is a third country with no adequacy decision. For this reason, data are transferred on the basis of standard contractual clauses in accordance with Art. 46 GDPR.

The legal basis for processing the data is Art. 6 (1) point (b) GDPR concerning the taking of steps prior to entering into the contract in respect of customer accounts and Art. 6 (1) point (f) GDPR concerning our legitimate interest in an improved user experience.

Further information is available in the provider’s privacy policy at: https://swish.app/legal/privacy-policy

Shopify Flow

In our online shop, we use the Shopify Flow app, an automation tool from Shopify International Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. The app is used to prepare and implement automated customer communication, inventories and notifications.

In the course of this automation, the following personal data may be processed:

customer master data (e.g. name, email address, phone number)
order and payment information
delivery address and shipping status
IP address and device information used

The actual data processed depend on the workflow used. All workflows are configured individually by us as the shop operator.

Data are processed only in the context of the existing Shopify infrastructure and in accordance with the existing data processing agreement with Shopify. Data may be transferred to third countries (e.g. Canada or the USA) and are protected on the basis of suitable guarantees in accordance with Art. 46 GDPR.

The legal basis for processing is Art. 6 (1) point (f) GDPR (legitimate interest), especially relating to the increased efficiency of internal processes, the avoidance of errors and the improvement of service quality. In cases requiring automated processes for the performance of a contract, processing is based on Art. 6 (1) point (b) GDPR.

Further information about data processing by Shopify can be found at: https://www.shopify.com/legal/privacy

8. Customer communication and reviews

Hello Charles

We use the Hello Charles app from Charles GmbH, Gartenstraße 86-87, 10115 Berlin, Germany for direct communication with our customers. The app enables us to send personalised messages, order information and service notifications via WhatsApp. Charles functions as a platform between our Shopify shop system and WhatsApp.

If you have consented to communication via WhatsApp, we process the following data via Charles:

name (if provided)
phone number
content of your message (text, perhaps also media)
order information (e.g. article, order number, status)
time of interaction

Communication is based solely on your express consent in accordance with Art. 6 (1) point (a) GDPR, for example, via active initiation of a WhatsApp chat or opt-in via a contact form. You may withdraw your consent at any time with effect for the future, e.g. by sending us a message saying “STOP” via WhatsApp or email.

The data are processed by Charles GmbH as the processor in accordance with Art. 28 GDPR. Sending messages via WhatsApp is also performed in compliance with the guidelines of the WhatsApp Business API, operated by Meta Platforms Ireland Ltd., Dublin, Ireland.

Note on data processing by WhatsApp:

Please note that the use of WhatsApp involves the processing of personal data, especially metadata such as the IP address, device information and user behaviour. We have no influence on this processing. Further information can be found in the WhatsApp privacy policy.

Further information about data processing by Charles can be found at: https://www.hello-charles.com/privacy-policy

Communication via WhatsApp

Among other things, we use the WhatsApp instant messaging service for communicating with our customers and other third parties. This is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is via end-to-end (peer-to-peer) encryption to prevent WhatsApp or other third parties from gaining access to the content of the communications. However, WhatsApp retains access to metadata that may be created during the communication process (e.g. sender, recipient and time). We also draw your attention to the fact that, according to its own statement, WhatsApp shares the personal data of its users with its parent company Meta, which is headquartered in the USA. Further information about the processing of data can be found in the privacy policy of WhatsApp at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in the fastest and most effective communication with customers, potential customers and other business and contractual partners (Art. 6 (1) point (f) GDPR). If consent has been requested, data processing shall be solely on the basis of this consent, which may be withdrawn at any time with effect for the future.

The content of the communications exchanged between you and us via WhatsApp remains with us until you request that we delete it, withdraw your consent to its storage or the purpose for the data storage no longer applies (e.g. after the processing of your enquiry has been completed). This does not affect statutory provisions, especially those concerning retention periods.
The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/7735.
We use the WhatsApp Business variant.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.whatsapp.com/legal/business-data-transfer-addendum.
We have set up our WhatsApp accounts in such a way that there is no automatic reconciliation of data with the address book on the smartphone used.
We have concluded a data processing agreement (DPA) with the above-mentioned provider.

Reviews.io

After the goods have been dispatched, you will receive an email from us asking you to rate our performance. This email contains a link to Reviews.io where you can submit your rating. The terms and conditions and data protection provisions of Reviews.io shall apply. Further information can be obtained from the provider at: https://www.reviews.io/front/user-privacy-policy

9. E-commerce and payment providers

Processing of customer and contract data

We record, process and use personal customer and contractual data to establish, define and modify our contractual relationship. We only record, process and use personal data about the utilisation of this website (usage data) to the extent that this is necessary to enable the user to utilise the service or to issue invoices. The legal basis for this is Art. 6 (1) point (b) GDPR.

The customer data recorded are erased upon completion of the contract or termination of the business relationship and expiration of any existing mandatory retention periods. This shall not affect statutory retention periods.

Data transfer when concluding contracts for online shops, distributors and shippers

When you order goods from us, we transfer your personal data to the transport company used for delivery and to the payment service provider used for processing payments. Only those data are provided that are necessary to enable the respective service provider to fulfil their task. The basis for this is Art. 6 (1) point (b) GDPR which permits processing for the performance of a contract or in order to take steps prior to entering into a contract. If you have provided consent in accordance with Art. 6 (1) point (a) GDPR, we will transfer your email address to the transport company contracted for delivery so that it can inform you by email of your order’s shipping status. You can withdraw your consent at any time.

Payment services

We use third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, amount of payment, bank account details, credit card number) are processed by the payment service provider for the purpose of processing the payment. These transactions are covered by the respective contractual provisions and privacy policy of the respective provider. Payment services are used on the basis of Art. 6 (1) point (b) GDPR (processing for the performance of a contract) and in the interest of ensuring that the payment transaction is as smooth, convenient and secure as possible (Art. 6 (1) point (f) GDPR). If your consent is requested for certain actions, the processing of data shall be based on Art. 6 (1) point (a) GDPR. Consent may be withdrawn at any time with effect for the future.

We use the following payment services on this website:

Mollie

This payment service is provided by Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (hereinafter referred to as “Mollie”). Mollie enables us to integrate different payment methods on our website. You will find details in Mollie’s privacy policy at: https://www.mollie.com/legal/privacy.

Riverty

This payment service is provided by Riverty GmbH, Gütersloher Straße 123, 33415 Verl, Germany (hereinafter referred to as “Riverty”). Riverty enables us to offer certain methods of payment (e.g. payment by invoice or payment by instalments) on our website. You will find details in Riverty’s privacy policy at: https://www.riverty.com/en/privacy-policy/.

Klarna

This payment service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as “Klarna”). Klarna offers various payment options (including payment by instalments). If you choose Klarna as the means of payment (Klarna Checkout), Klarna will request certain personal data from you. Klarna uses cookies to optimise Klarna Checkout. You will find details about Klarna’s use of cookies at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You will find further information about Klarna’s privacy policy at: https://www.klarna.com/de/datenschutz/.

giropay

This payment service is provided by paydirekt GmbH, Stephanstraße 14–16, 60313 Frankfurt am Main (hereinafter referred to as “giropay”).
You will find details in giropay’s privacy policy at: https://www.paydirekt.de/agb/index.html.

American Express

This payment service is provided by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as “American Express”).
American Express may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on the Binding Corporate Rules. You will find details at: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.
Further information about the American Express privacy policy is available at: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

This payment service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).
Mastercard may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on Mastercard’s Binding Corporate Rules. You will find details at: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).
The United Kingdom is designated a safe third country in terms of data protection. This means that the level of data protection there is equivalent to that in the European Union.
VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information about the VISA privacy policy is available at: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

PayPal

This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full
You will find details in PayPal’s privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, DO4 XN32, Ireland (hereinafter referred to as “Shopify Payment”).
You will find details in Shopify Payment’s privacy policy at: https://www.shopify.com/de/legal/datenschutz?country=de&lang=en

10. Our social media presence

These privacy policies apply for the following social media offerings:

https://www.facebook.com/macjeansofficial/?locale=de_DE
https://www.instagram.com/macjeans_official/?hl=de
https://www.linkedin.com/company/macmode/
https://www.youtube.com/channel/UCgmuC9Cixv4_cu0sT3CvnrQ

Data processing by social media platform operators
We maintain publicly accessible social media profiles, details of which are provided below.
As a rule, social media platforms such as Facebook and X can analyse user behaviour in detail if you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). When you access our social media offerings, a large number of processing activities are triggered which are relevant to data privacy. These are described below:

If you are logged into your social media account and visit our social media presence, the operator of the social media platform can connect this visit with your user account. However, it is also possible for your personal data to be recorded even if you are not logged in or do not have an account on the relevant social media platform. In these cases, data are recorded via cookies placed on your end device or by recording your IP address.

The operators of social media platforms can use these data to create user profiles based on your preferences and interests. In this way, they can show you interest-based ads outside the respective social media platform. If you have an account on that social media platform, the interest-based ads will be shown on all the devices you use or have used to log into the platform.

Please also note that we are unable to track all processing activities on social media platforms. Depending on the provider, other processing activities may be carried out by the operators of the social media platforms. You will find details in the terms of use and privacy policy of the respective social media platform.

Legal basis
Our social media offerings are intended to ensure the broadest possible Internet presence. This is a legitimate interest within the meaning of Art. 6 (1) point (f) GDPR. The analytical processes initiated by social media networks may be based on deviating legal bases which the operators of these networks must disclose (e.g. consent within the meaning of Art. 6 (1) point (a) GDPR.

Controller and assertion of rights
When you visit one of our social media offerings (e.g. on Facebook), we and the operator of the social media platform are the joint controllers of the data processing activities triggered by this visit. Generally speaking, you may assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) against both us and the operator of the social media platform (e.g. Facebook).

Please note that, although we and the operator of the social media platform are joint controllers, we cannot fully influence the data processing activities of the social media platform operator. Our options are largely dictated by the policies of the respective service provider.

Duration of storage
The data we record directly via our social media offering will be erased from our systems as soon as you request us to erase this data, you withdraw your consent to storage or the purpose for storing data no longer exists. The cookies stored on your end device will remain until you erase them. This does not affect statutory provisions, especially those concerning retention periods.
We have no influence on the duration of storage of the data stored by the operators of social media for their own purposes. You can obtain details directly from the operators of social media platforms (e.g. in their privacy policies, see below).

Your rights
You have the right to obtain free of charge information about the origin, recipients and purpose of your stored personal data at any time. You also have the right to objection, the right to data portability and the right to complain to the competent supervisory authority. You may also request the rectification, blocking, erasure and, in certain circumstances, restriction of processing of your personal data.

Details of social media platforms

Facebook

We have a Facebook profile. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as “Meta”). According to Meta, the data recorded are also transferred to the USA and other third countries.
We have concluded a joint controller agreement (Controller Addendum) with Meta which defines which data processing activities we and Meta are responsible for when you visit our Facebook page. You can view this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.
You can modify the ad settings in your user account by clicking the following link and logging in: https://www.facebook.com/settings?tab=ads.
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.
You will find details in Facebook’s privacy policy at: https://www.facebook.com/about/privacy/.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/4452.

Instagram

We have an Instagram profile. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as “Meta”).
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.
You will find details about how Instagram handles your personal data in its privacy policy at: https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

We have a LinkedIn profile. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate these cookies, please go to: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
You will find details about how LinkedIn handles your personal data in its privacy policy at: https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5448.

YouTube

We have a YouTube profile. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You will find details about how YouTube handles your personal data in its privacy policy at: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the EU-US Data Privacy Framework (DPF). This agreement between the European Union and the USA aims to ensure compliance with European data protection standards when data are processed in the USA. Every DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5780.

MAC Mode GmbH & Co. KGaA
Wald / Roßbach, 25 February 2026