1. Privacy statement – general section
We care about your privacy.
We welcome your interest in our company, products and services and want you to feel that you and your personal data are safe when you visit our website. We take the protection of your personal data very seriously and are committed to observing the provisions of the Federal Data Protection Act. We want you to know which data we collect and how we use them. We have implemented technical and organisational measures to ensure that we and our external service providers comply with data protection regulations. We draw your attention to the fact that security loopholes may exist when transmitting data via the internet. It is impossible to provide absolute protection of data against access by third parties.
Controller for the website www.mac-jeans.com:
The controller is the body which collects, processes or uses personal data (e.g. name, e-mail address, etc.).
The controller of the data processed during your visit to
MAC Mode GmbH & Co KGaA
Phone: +49 (0) 9463 855-0
Fax: +49 (0) 9463 855-199
The controller for your purchases via online shopping portals:
2. Your e-mails
Your e-mails are forwarded to us without the use of additional encryption technology. It is possible that unauthorised persons may become aware of, falsify or delete personal data and confidential information in transit.
3. Recording personal data
Personal data are information about your identity and include, for example, your name, address, telephone number and e-mail address. You do not have to disclose any personal data in order to use our website. In some cases, however, we do need your name, address and some other information in order to provide the services you request.
This applies to, for example, sending information material and the goods you have ordered or answering your individual questions. In such cases, we will notify you accordingly. Moreover, we store and process only those data that you provide us voluntarily or automatically. If you are using services, we will normally only record the data we need to provide those services. If we request any additional data, this will be on a voluntary basis. Personal data are processed only to provide the service requested and to protect our own legitimate business interests.
4. Restricted use
We will only collect, process and use the personal data you provide online for the purposes notified to you. Your personal data will not be transferred to third parties without your explicit consent.
We will record personal data and transfer them to government institutions and authorities entitled to receive such information only in the context of the relevant laws or if we are obliged to do so by court order. Our employees and service providers have a duty of confidentiality and must comply with the provisions of the Federal Data Protection Act.
5. Erasure of customer data (in the Online Shop)
If you request the erasure of your data, we can only comply with this in full if you have not yet concluded an order with us. We erase the personal data recorded to process orders and stored in our electronic customer system (e.g. data of birth, phone and fax number, e-mail address, credit score) within seven (7) working days. If you are already a customer, we are obliged to retain commercial/business documents and invoices for six (6) and ten (10) years, respectively, pursuant to section 257 HGB (German Commercial Code) and section 147 AO (Fiscal Code). We are therefore unable to immediately erase your personal data that we are required by law to retain. In our system, these data are locked for the duration of the retention period to prevent their active use.
We record and process your personal data (e-mail address) if you register to receive our newsletter. You have given your consent to this by clicking the “Register” button and then the link in the confirmation e-mail.
This website sends newsletters using Inxmail from Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg, Germany. Inxmail is a service used to organise and analyse newsletter mailing. The data you provide in order to receive the newsletter (e.g. e-mail address) are stored on the Inxmail servers in Germany. Inxmail is a co-founder and member of the Certified Senders Alliance (CSA) and a signatory to Germany’s e-mail marketing quality standard. The newsletter we send via Inxmail enables us to analyse the general behaviour of the newsletter recipients. For example, we can analyse how many recipients have opened the newsletter notification and how many clicks there are on which links in the newsletter.
The data are processed on the basis of your consent (Article 6 (1) point (a) GDPR). You may withdraw this consent at any time by cancelling the newsletter. The withdrawal of consent shall not affect the lawfulness of data processing activities that have already taken place. If you do not wish your data to be analysed by Inxmail, you must cancel the newsletter. We provide a link for this purpose in every newsletter notification. You may also cancel the newsletter directly from the website. The same shall apply if you are sent the newsletter without your explicit prior consent on the basis of the exemption contained in section 7 (3) UWG (Unfair Competition Act) due to a prior purchase of goods or services.
The data you provide us for the purpose of receiving the newsletter will be stored until you cancel the newsletter and will then be erased from both our servers and Inxmail’s servers. This shall not affect data that we have stored for other purposes (e.g. e-mail address for your “My MAC” login). We have concluded a processing agreement with Inxmail and, in using Inxmail, comply with the stringent requirements of Germany’s data protection authorities.
7. Shopping cart reminder
If you have already placed goods in your shopping cart but not completed the order, we will use your registered e-mail address to send you a reminder. This serves to protect our legitimate business interests (legal basis). We would like to ensure that you have not abandoned your order due to a problem with the Online Shop or a misunderstanding. The reminder e-mail will contain your data and a reference to the withdrawal of consent if you no longer wish to use this service.
8. Registration/contact form
You can register on our website to use its additional functions or “My MAC”. We will only use the data you provide for the offer or service for which you have registered. On registration, you must provide all the mandatory information. If not, we will decline your registration. If we make any major changes to the scope of the offer or essential technical changes, we will notify you of this using the e-mail address you provide on registration.
The data you provide on registration are processed on the basis of your consent (Article 6 (1) point (a) GDPR). You may withdraw this consent at any time by sending us an e-mail (no specific form is required). The withdrawal of consent shall not affect the lawfulness of data processing that has already taken place. The data recorded on registration will be stored by us for as long as you are registered on our website. Thereafter they will be erased. This shall not affect statutory retention periods.
9. Guest accounts
A guest account is a shortened form of registration that allows your order to be processed quickly and securely. Your e-mail address will automatically be used as your user name. We generate a password that is sent directly to this e-mail address. You may use your guest account to access all the benefits of “My MAC” where you can review your order or amend your customer data for future orders.
10. Duration of storage
We store the personal data provided to us via our website only for as long as is necessary to fulfil the purpose for which it was provided. If commercial and fiscal law specify retention periods, some data may be stored for up to ten (10) years.
Moreover, when an order is placed online, the user’s IP address at that time is stored and used separately and in anonymised form for the duration of one (1) year to ensure data security (i.e. to prevent misuse and prosecution).
11. Data processing (customer and contract data)
We record, process and use personal data only to the extent that this is necessary to establish, define or modify the legal relationship (master data). The basis for this is Article 6 (1) point (b) GDPR which permits processing for the performance of a contract or in order to take steps prior to entering into a contract. We only record, process and use personal data about the utilisation of our website (usage data) to the extent that this is necessary to enable the user to utilise the service or to issue invoices. The customer data recorded will be erased on completion of the order or termination of the business relationship. This shall not affect statutory retention periods.
12. Data transfer when concluding contracts for online shops, distributors and shippers
We transfer personal data to third parties only if this is necessary for performing the contract, for example to the company engaged to ship the goods or the bank charged with processing payment. Your data are not transferred for any other purpose unless you explicitly consent to transfer. Your data will not be transferred to third parties, for example for advertising purposes, without your explicit consent. The basis for data processing is Article 6 (1) point (b) GDPR which permits processing for the performance of a contract or in order to take steps prior to entering into a contract.
13. Recording data
Your visit to our websites is logged. The data recorded primarily consist of the IP address currently used by your computer, the date and time, the browser and operating system used by your computer and the pages you viewed. As a general rule, it is not possible for us to establish the user’s identity, nor is this intended.
These data are recorded only for data protection purposes and to help us optimise our website. The data are not evaluated in any way other than in anonymised form for statistical purposes. No personal surfing profile or similar will be recorded or processed.
Moreover, personal data will only be stored if you specifically allow this, e.g. through registration, a survey, a competition, an online application or the performance of a contract. The respective input and contact forms provide information about the purposes for recording the data requested there. These data are transmitted in encrypted form via the internet.
a) What exactly are cookies?
Cookies are text files which are stored on your computer, tablet or mobile phone when you visit a website. They are generally used to make websites more effective. Some cookies (session cookies) are automatically erased when you close your browser whereas others (persistent or tracking cookies) are archived on your device until a certain expiry data or until you empty your browser’s cache and enable us to identify you as a repeat visitor to our website. Most web browsers accept cookies automatically. However, you can change this in your browser settings.
You will find more information about cookies at: www.allaboutcookies.org.
c) What types of cookies are used?
You can delete the cookies set for our website. However, this will also erase your individual data, content and cookie settings so you will not be recognised as a repeat visitor the next time you access our website.
Purpose of the different types of cookies: Session cookies are erased when you close your browser. They are used to record how users navigate the website and how long they spend there. They store the content of your shopping cart and your customer account information for the duration of your visit and keep your login active during the session.
Persistent cookies or tracking code: These contain no personal data. They record the location from which the website was accessed, the search engine that was used, which links were clicked and which search terms were used and identify the user’s location at the time the website was accessed. They also record the number of visits and the duration of first, current and previous visits. These cookies only register visits to mac-jeans.com and are not activated when visiting other websites.
d) Do you consent to our cookies?
We offer several online features aimed at making your visit to our website as pleasant as possible. However, these features only function with the aid of cookies which will be activated if you consent at the start.
If you do not want us to recognise your computer, you can prevent the storage of cookies on your hard drive by selecting “Do not accept cookies” in your browser settings. Please consult your browser manual to find out how this works. However, you should be aware that some ‘essential’ cookies are required to enable you to smoothly navigate our website and to select, configure and save your products. Moreover, we use these cookies only to monitor the efficiency of our website and track visitor frequency.
15. Analysis tools and advertising
IP anonymisation: We have activated the IP anonymisation function on this website. In the Member States of the European Union and in other States party to the Agreement on the European Economic Area, your IP address will be truncated by Google prior to transfer to the USA. In exceptional cases, the full IP address will be transferred to a Google server in the USA and truncated there. Acting on behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports about website activities and provide the website operator with other services associated with the use of the website and the internet. The IP address transmitted from your browser by Google Analytics will not be merged with other Google data.
Browser add-on: You can prevent the storage of cookies via a setting in your browser software. However, we would like to point out that you may then no longer be able to use all the website’s functions in their entirety. You can also prevent Google from recording and processing the data generated by the cookie in relation to your use of the website (including your IP address) by downloading and installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en
Objection to the recording of data: You can prevent Google from recording and processing the data generated by the cookie in relation to your use of the website (including your IP address) by downloading and installing the browser add-on available here: http://tools.google.com/dlpage/gaoptout?hl=en
You will find more information about how Google Analytics handles user data in Google’s privacy statement at: https://support.google.com/analytics/answer/6004245?hl=en.
Processing: We have concluded a processing agreement with Google and, in using Google Analytics, comply with the stringent requirements of Germany’s data protection authorities.
Demographics in Google Analytics: This website uses the demographics function of Google Analytics which enables reporting on the age, gender and interests of website visitors. These data are taken from Google’s interest-based advertising and third-party visitor data. They cannot be assigned to individual persons. You can deactivate this function at any time in the display settings of your Google account or you can prohibit the recording of your data by Google Analytics as described in “Objection to the recording of data” above.
Bing Ads/Microsoft: Our website uses Bing Ads from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA – “Microsoft”). If you click on an ad displayed by Microsoft Bing Ads, a conversion tracking cookie will be placed on your computer. This cookie has limited validity and cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Microsoft can recognise that you clicked on the ad and were then redirected to our website. The information obtained with the aid of the conversion cookie is used to compile conversion statistics. These show the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. It is not possible to personally identify the user. Processing is based on Article 6 (1) point (f) GDPR which covers the legitimate interest in targeted advertising and analysing the effect and efficiency of this advertising. For reasons associated with your particular circumstances, you may object at any time to this processing of your personal data on the basis of Article 6 (1) point (f) GDPR. You can do this by blocking cookies using the settings in your browser software. However, this may mean that you can then not use all the functions of this website in their entirety. As a result, you will not be included in conversion tracking statistics. Bing is certified in accordance with the EU-US Privacy Shield Framework and thus undertakes to comply with European data protection regulations. You will find more information about data protection and the cookies used by Microsoft Bing at: https://privacy.microsoft.com/en-us/privacystatement.
Clarity: This website uses Clarity from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, https://docs.microsoft.com/en-us/clarity/ (“Clarity”) which is a tool for analysing user behaviour on this website. Clarity tracks mouse movements in particular and produces a visualisation showing which parts of the website users visit especially frequently (heatmaps). Clarity can also record sessions so we can view the use of our website in video format. In addition, it provides us with information about general user behaviour on our website. Clarity uses technologies which facilitate user recognition for analytical purposes (e.g. cookies or device fingerprints). Your personal data are stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. The use of Clarity is based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in effective user analysis. Provided the corresponding consent has been obtained, processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. Further details about data protection at Clarity can be found at: https://docs.microsoft.com/en-us/clarity/faq. We have concluded a processing agreement with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor analyses the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.
etracker: This website uses the etracker analytics service from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. Pseudonymised use profiles can be produced from the data recorded by cookies. Cookies are small text files which are saved in the cache of your internet browser and make it possible to recognise your browser. Without the explicit consent of the data subject, the data recorded by etracker technologies are not used to personally identify visitors to this website and are not merged with the personal data of the user behind the pseudonym. The storage of etracker cookies and the use of this analysis tool is based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise its website and its advertising. Provided the corresponding consent has been obtained (e.g. consent to the storage of cookies), processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. We have concluded a processing agreement with etracker and, in using etracker, comply with the stringent requirements of Germany’s data protection authorities. Further information can be found in etracker’s data protection statement at: https://www.etracker.com/en/data-privacy/.
Facebook Conversion API: The Facebook Conversion API is integrated on this website. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the data recorded may also be transferred to the USA and other third countries. The Facebook Conversion API enables us to capture the website user’s interactions with our website and transmit them to Facebook in order to improve Facebook’s advertising performance. Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Facebook (audience segmentation targeting). As website operators we have no passive or active access to this user data. User analysis is conducted solely by Facebook. On the part of the website operator, data is only sent back by the server in this context. When a visitor lands on our website via a Facebook advert, Facebook assigns a click ID to that user. For the website operator, this is an anonymous data item which does not allow to identify the user. When the user associated with this click ID triggers an event on our website (e.g. a product purchase), the website sends this information back to Facebook along with the value of the purchase and the time of the purchase. Specifically, the following data is transmitted:
- anonymous click ID
- event name (e.g. “AddToCart” or “Purchase”)
- time of event
- conversion value
Facebook utilises this data internally. The responsible entity for the further data processing is Facebook itself. Information about data processing by Facebook is available at https://de-de.facebook.com/about/privacy/. Since this is not personal data for the website operator, no legal basis is required for this processing.
Google Ads: The website operator uses Google Ads. Google Ads is an online advertising platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads makes it possible to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms (keyword targeting). Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Google (audience segmentation targeting). As website operators we have no passive or active access to this user data. User analysis is conducted solely by Google. On the part of the website operator, data is only sent back by the server in this context. When a visitor lands on our website via a Google search, Google assigns a click ID to that user. For the website operator, this is an anonymous data item which does not allow to identify the user. When the user associated with this click ID triggers an event on our website (e.g. a product purchase), the website sends this information back to Google along with the value of the purchase and the time of the purchase. Specifically, the following data is transmitted:
- anonymous click ID
- event name (e.g. “product purchase”)
- value of the purchase, if applicable
- time of the purchase
Google utilises this data internally. The responsible entity for the further data processing is Google. Information about data processing by Google is available at https://policies.google.com/privacy?hl=de&gl=de#intro. Since this is not personal data for the website operator, no legal basis is required for this processing.
Google Data Studio: We use Google Data Studio which is a data management tool for producing user-defined reports and dynamic dashboards. This draws on the data from Google Analytics and has no interfaces to other data sources (e.g. Google Ads, Attribution 360, BigQuery, Cloud SQL, MySQL, Google Tables, YouTube Analytics, etc.). The web tool does not require any local applications and can be launched from the web. Access is via a browser and the data sources are linked directly via Google Data Studio. You will find further information about the use of Google Data Studio at support.google.com/datastudio/answer/6283323.
Google Maps: This website uses Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In order to use the functions of Google Maps, your IP address has to be stored. As a rule, this information will be transferred to and stored on a Google server in the USA. The website operator has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts to ensure a uniform appearance. When Google Maps is accessed, your browser downloads the required fonts to your browser cache so that text and fonts are displayed correctly. As we cannot exclude that data will be recorded for analysis and possibly also marketing purposes on the basis of Google Maps scripts, the map will only be displayed after you have consented to marketing cookies. We do not record or use any data in connection with the use of maps. Google Maps is used in the interest of ensuring the attractive appearance of our online services and to make it easy to locate the places named on our website. This represents a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. Provided the corresponding consent has been obtained, processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You will find further information about how Google handles user data in Google’s privacy statement at https://support.google.com/analytics/answer/6004245?hl=en.
Hotjar: This website uses Hotjar provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (https://www.hotjar.com). It is a tool for analysing user behaviour on this website. Hotjar enables us to record your mouse movements, scrolling and clicks. It can also recognise how long your cursor stays in a certain place. On the basis of this information, Hotjar compiles heatmaps which can be used to identify which areas of the website users prefer to view. We can also see how long you spend on a page and when you leave it. It lets us identify at what point you abandon inputting your data in a contact form (conversion funnels). In addition, Hotjar can be used to request direct feedback from visitors to the website. This function serves to improve the website operator’s offering. Hotjar uses technologies which facilitate user recognition for analytical purposes (e.g. cookies or device fingerprints). The use of this analysis tool is based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise its website and its advertising. Provided the corresponding consent has been obtained (e.g. consent to the storage of cookies), processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. If you would like to deactivate data recording by Hotjar, follow the instructions at https://www.hotjar.com/opt-out. Please note that Hotjar must be deactivated separately in each browser or on each end device. You can find more information about Hotjar and the data it records in Hotjar’s privacy information at https://www.hotjar.com/privacy. We have concluded a processing agreement with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.
Matomo: This website uses Matomo, an open-source web analytics service. Matomo applies technologies which facilitate cross-page user recognition for analytical purposes (e.g. cookies or device fingerprints). The information about the use of this website recorded by Matomo is saved on our server. The IP address is anonymised beforehand. Matomo enables us to record and analyse data about our visitors’ use of our website. In this way, we can identify when which pages were viewed and from which region. We also record various log data (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain activities (e.g. clicks, purchase transactions, etc.). The use of this analysis tool is twofold. One part of the processing is based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise its website and its advertising. In this case data is recorded without using cookies. Therefore visitors are not recognised after a session has ended and no e-commerce reports are generated (shopping cart, product pages, purchase). Only the total purchase value is recorded. The other part of the processing is solely based on your consent according to Article 6 (1) point (a) GDPR and section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). In this variant, cookies are used for cross-session user recognition and e-commerce reporting is activated. If you were redirected to our website via a Google advert, it is also possible that the click ID is transmitted back to Google Ads by the server. This consent may be withdrawn at any time. We use IP anonymisation when performing analyses with Matomo. Your IP address will be truncated before the analysis so that it can no longer be assigned to you. We host Matomo solely on our own servers which means that we retain all analytical data and do not transfer it to third parties.
Shopware: The e-commerce system we use is Shopware from shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany. In addition to the information in our Privacy Statement, you will find information about the processing of personal data by shopware AG at https://docs.shopware.com/en/shopware-5-en/tutorials-and-faq/gdpr. When you add products to your shopping cart, our website places cookies on your end device so that you can continue the order process even if you have to reload the website. When you place an order, the personal data you enter in the order form is transferred to us by your browser and stored in our IT systems. We also store your IP address and the time of your order. We use the personal data you enter to process your order. This processing is lawful because it is necessary to perform the contract in accordance with Article 6 (1) point (b) GDPR. We store your IP address and the time of the order to ensure the security of our IT systems. This also constitutes our legitimate interest which is why processing in accordance with Article 6 (1) point (f) GDPR is permissible. The personal data you enter will be stored for as long as is necessary to perform the contract. We do not merge these personal data with other data sources. We only transfer data to third parties if this is necessary to perform the contract (e.g. to payment services, IT service providers, shippers). No transfer to a third country or international organisation is intended. You are not obliged to provide these personal data but it will not be possible to place an order in our Online Shop if you do not do so.
Sovendus: This website uses the marketing tool Sovendus (Sovendus GmbH, Hermann-Veit-Strasse 4, 76135 Karlsruhe, Germany). Sovendus helps us to provide you with suitable voucher and benefit offers. To this end we transmit personal data to Sovendus. This data is the pseudonymised and encrypted hash value of your email address and your IP address. The purpose of this transmission is to check a possible advertising objection and to ensure data security. Additionally, for accounting purposes we transmit the pseudonymised order number, session ID, voucher code and time stamp to Sovendus. This data transfer is based solely on your consent in accordance with Art. 6 (1a) GDPR. This consent may be withdrawn at any time. If you are interested in a voucher offer, if there is no advertising objection to your email address and you click on the voucher banner shown only in this case, we will transmit your form of address, name, postcode and email address to Sovendus in encrypted form to prepare the voucher. The purpose of this transfer is to send you the voucher you requested and thus to fulfil the contract in accordance with Art. 6 (1b) GDPR. Once the data required to produce the voucher has been processed, you will receive an email with the voucher code at the email address indicated by you. More information on the way data is processed by Sovendus is available at: https://online.sovendus.com/online-datenschutzhinweise/
Trusted Shops: The Trusted Shops Trustmark is embedded on this website as evidence of our Trusted Shops certification and to offer users Trusted Shops membership when they place an order. This serves to protect our overriding legitimate interests in the optimal marketing of our offer as shown by a balance of interests (Article 6 (1) point (f) GDPR). The Trustmark and the services it represents are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When you click on the Trustmark, the web server automatically saves a server logfile containing your IP address, the date and time of the call, the data volume transferred and the querying provider (access data) and documents the call. These access data are not analysed and will be overwritten automatically at the latest seven (7) days after the end of your visit to the website. Other personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after placing an order or have already registered to use the service. In this case, the contractual agreement between you and Trusted Shops applies. Provided you have given us your explicit consent to do so while you are placing your order or after you have placed it in accordance with Article 6 (1) point (a) GDPR, we will transfer your e-mail address to the rating platform operated by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany (www.trustedshops.de) so it can send you a reminder to rate our service. You can withdraw your consent at any time by notifying the Data Processing Officer or the rating platform.
YouTube with enhanced privacy: This website incorporates videos from YouTube which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use YouTube in enhanced privacy mode which, according to YouTube, means that YouTube does not store any information about visitors to this website before they view the video. However, it does not necessarily prevent the transfer of data to YouTube’s partners. For example, irrespective of whether you view a video or not, YouTube establishes a link to the Google DoubleClick network. As soon as you start a YouTube video on this website, a link is established to YouTube’s servers. The YouTube server is notified which of our pages you have visited. If you have logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out from your YouTube account. When you start a video, YouTube also places cookies on your end device or uses comparable recognition technology (e.g. device fingerprinting). In this way, YouTube acquires information about the visitors to this website. It uses this information to record video statistics, improve user-friendliness and prevent attempted fraud, for example. Starting a YouTube video may also trigger further data processing activities over which we have no influence. We use YouTube in the interest of providing an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. If the corresponding consent was obtained, processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. You will find further information about data privacy at YouTube at https://policies.google.com/privacy?hl=en.
16. QR codes
We use QR codes on various occasions. We have the QR codes produced by a service provider. When you scan such a QR code, this scan is recorded by the service provider via an API.
The service provider employed for this purpose is Bitly Europe GmbH, located at Am Lenkwerk 13, 33609 Bielefeld, Germany, who uses the tool QR-Code Generator. An order processing agreement has been signed with this service provider.
The service provider may process data outside of the EU via sub-service providers. The service provider has contractually committed to entering into suitable contractual agreements with these sub-service providers in order to ensure the protection of the data.
When the QR codes are scanned (e.g. via your smartphone) the following data may be processed:
- Number of scans
- Operating system used
- Location data (town, country)
The data will not be allocated to the respective IP address.
The processed data will refer to the respective person only in rare cases and only with the help of additional information. As a rule, this is not personal data within the meaning of Art. 4 (1) GDPR.
We collect and process this data in order to improve our online offers and to monitor the success of any promotional campaigns. The data is processed on the legal basis of our legitimate interest as defined in Art. 6 (1) point (f) GDPR. Our legitimate interest consists in the continuous improvement of our online and advertising offers.
If you enter a competition, we process your data (name, contact details) for the purpose of performing the contract. The legal basis for this is Article 6 (1) point (b) GDPR. It is not possible to process your entry without the correct information. This could mean that we are unable to contact you if you win. We only ever record the personal data you provide voluntarily and will never record personal data without your knowledge. Personal data are processed only to the extent necessary and strictly in accordance with statutory requirements. If special conditions apply to a specific competition or additional data are required, we will inform you of this as part of the entry process.
When you enter a competition, you allow us to use certain data (e.g. e-mail address, age, postal address) in order to run the competition. If we need to transfer your data to third parties in connection with the provision of our services or for organisational processes, we will only transfer those data that are absolutely essential for the specific purpose. These third parties are obliged to comply with the data privacy and non-disclosure provisions. In accordance with GDPR, service providers that process data on our behalf are not third parties within the meaning of the previous paragraph. They are obliged to comply with data privacy and non-disclosure provisions and to act on our instructions in their activity on our behalf.
For certain special services, we use service providers that are specifically obliged to comply with data privacy and non-disclosure provisions in those cases where it is not possible to exclude access to personal data. These categories of data recipients are: data centres, advertising agencies, software developers with access to the platform.
To the extent that there is no statutory obligation to store data temporarily, all personal data that are stored in connection with the competition are destroyed after the end of the competition (e.g. non-winners’ data) and after notification of the winners and handover of the prizes (e.g. winners’ data).
You may exercise your rights to access, rectification and erasure of the data at any time. Simply contact us via one of the options given below. If you want us to erase your data but we are still required by law to retain these data, we will restrict access to (lock) your data. The same applies in the case of an objection. You may exercise your right to data portability provided we or the recipient have the technical means to enable this. You may submit a complaint to the data protection authorities at any time.
This website uses Hypertext Transfer Protocol Secure (https). Communication between your browser and our server is encrypted.
We reserve the right to modify this supplementary Data Privacy Statement in the future. We will notify you of any such changes via a message on the competition landing page.
(a) Types of data and legal basis
Occasionally MAC conducts surveys on its company website. Participation in these surveys is voluntary. Various personal data may be collected and processed during the surveys. The surveys regularly offer expense allowances or prizes. To ensure that the expense allowance or prize can be allocated and delivered to the proper participant (“data subject”), his or her name and email address are collected. These data are processed for the purposes of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR.
During the course of the survey other data may be collected as well. These data are either collected explicitly or entered independently by the data subject in open text fields. Since the data subject has previously entered his or her name and email address, these data may also contain a personal reference to the participant. It is also possible that other sensitive data may be entered for processing by the data subject via the open text fields. MAC will never explicitly collect such sensitive data. Consequently, MAC has no influence on the information that is submitted via the open text fields.
The legal basis for the collection and processing of personal data via the survey form is the consent of the data subject in accordance with 6 (1) (a) GDPR. This consent may be revoked at any time according to Art. 7 (3) GDPR. If the consent is revoked, all personal data which is processed on the basis of this consent will be promptly deleted. However, this also eliminates any outstanding claims to compensation allowances or prizes.
(b) Purpose of the processing
Data may be processed in connection with surveys for different purposes (e.g. to determine customer satisfaction, analyse purchasing behaviour or receive feedback on improvement potential). The specific purposes are specially defined for each respective survey and are made available to the data subject in a transparent manner.
(c) Duration of storage
Your name and email address which we collect in the course of a survey are only used for the purpose of allocating and delivering prizes or expense allowances. This data is therefore deleted as soon as the prize or expense allowance has been delivered.
When the name and email address are deleted, the personal reference of the remaining data is also removed. Consequently, further processing will be anonymised and only serves purposes of analysis. The data will not be sold or passed on to third parties.
(d) Recipient of the data (third-country transfer)
The personal data collected in the course of a survey is made available only to MAC employees who need the data in order to perform their duties.
To conduct the surveys, MAC uses the software solution SurveyMonkey by the service provider Momentive Europe UC (2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland). The required contractual agreements to ensure data privacy have been concluded with the service provider. Since Momentive Europe UC is a subsidiary of Momentive Inc., which is based in California, USA, the possibility that your personal data is transferred to the USA cannot be excluded. Momentive Europe UC does assure that pertinent contractual agreements have been entered into with all entities to which personal data are transferred. However, due to the broad powers of U.S. security authorities, the possibility that said security authorities access your data cannot be completely excluded.
To participate in the survey, you will be redirected to a subpage of SurveyMonkey. This process may enable SurveyMonkey to gain knowledge of your connection data (IP address, log data, browser settings, etc.). Momentive Europe UC is solely responsible for the processing of this data and compliance with the pertinent legal requirements. More information on the data processing by Momentive is provided at: https://www.surveymonkey.com/mp/legal/privacy/.
(e) Rights of the data subject
As a data subject, you have the right to information, deletion and blocking of your data processed by us.
Moreover, you have the right to object to the processing of the data inasmuch as it is legally based on legitimate interest. Further information on your rights as a data subject are provided at the end of this Privacy Notice.
19. Purchasing in the Online Shop
The personal data you provide when you register and data about the type and frequency of your online orders are recorded, stored and used by MAC or third parties that have a contractual relationship with MAC if this is necessary in order to perform the contract. These third parties include companies engaged to ship the goods, banks engaged to manage payments or, in particular, companies engaged to provide customer services and as processors.
20. Payment services
We use the following payment services/payment service providers on this website:
This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Sofortüberweisung (instant transfer)
This payment service is provided by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (“Sofort GmbH”). Sofort GmbH provides us with real-time confirmation of payment so we can immediately start fulfilling our obligations. If you choose to use Sofortüberweisung, you transfer the PIN and a valid TAN for your online banking account to Sofort GmbH which, after logging in, automatically checks your account balance and then transfers the amount owed to us using the TAN you have provided. It then sends us confirmation of the transaction. After logging in, Sofortüberweisung also automatically checks the transactions on your account, your overdraft limit and the existence and balance of any other accounts. In addition to your PIN and TAN, your payment and personal data are also transferred to Sofort GmbH. The personal data include your forename and surname, address, phone number(s), e-mail address, IP address and any other data that may be needed to process the payment. It is necessary to transfer these data in order to establish your identity beyond doubt and prevent any attempted fraud. You will find details about payment using Sofortüberweisung at: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
This payment service is provided by iDEAL, a service for payment systems. Service provider is the Dutch company Currence B.V., Gustav Mahlerplein 33-35, Amsterdam, Noord-Holland 1082 MS, Netherlands. Select iDEAL as the payment method and your bank. You will then be redirected to the online banking area of your bank. Please enter your bank details and confirm the transaction. You will receive confirmation of your payment and are then redirected to your shopping cart at mac-jeans.com. Your PIN and the TAN are not visible to MAC or third parties. The data will not be stored.
This payment service is provided by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (“American Express”).
American Express may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on the Binding Corporate Rules. Details are available at: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.
This payment service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (“Mastercard”).
Mastercard may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on Mastercard’s Binding Corporate Rules. Details are available at: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (“VISA”).
The United Kingdom is designated a safe third country in terms of data protection. This means that the level of data protection there is equivalent to that in the European Union.
VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
21. Registration/creditworthiness/information to credit agencies
Germany: In order to check your creditworthiness, obtain information for assessing the risk of default by statistical methods based on address data and verify your address (deliverability check), we transfer your data (name, address and possibly date of birth) to infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany (“ICD”). Article 6 (1) points (b) and (f) GDPR provide the legal basis for transferring this data. Data may only be transferred on the basis of these provisions if it is necessary to protect the legitimate interests of our company or third parties and this is not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Austria: In order to check your creditworthiness, obtain information for assessing the risk of default by statistical methods based on commercial and address data and verify your address (deliverability check), we transfer your data (name, address and possibly e-mail address and date of birth) to Credify Informationssysteme GmbH, Gumpendorfer Straße 21, 1060 Vienna, Austria. Article 6 (1) points (b) and (f) GDPR provide the legal basis for transferring this data. Data may only be transferred on the basis of these provisions if it is necessary to protect the legitimate interests of our company or third parties and this is not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Our legitimate interest lies in requesting information about our customers’ creditworthiness and verifying their address as a way of better assessing any risk associated with our advance performance. You will find detailed information about data processing by Credify Informationsdienstleistungen GmbH within the meaning of Article 14 GDPR on the company’s website at www.credify.at/datenschutz.
You will find detailed information about ICD within the meaning of Article 14 GDPR, i.e. information about the business purpose, the purpose of data retention, the data recipients, the right to request access, the right to erasure or rectification, etc. in the annex or at https://www.experian.de/content/dam/marketing/emea/germany/de/assets/Informationsblatt-Art-14-2021-06-24-.pdf.
22. Embedding third-party services and content
It is possible that third-party content such as YouTube videos, Google Maps material, RSS feeds or graphics from other websites may be embedded on this website. This requires that the providers of this content (“third-party providers”) are aware of a user’s IP address, without which it is not possible to send content to the user’s browser. The IP address is essential for displaying this content. We make every effort to use only content whose providers require the IP address solely for delivering the content. However, we have no influence on whether third-party providers store the IP address, e.g. for statistical purposes. To the extent that we are aware of this, we notify the user accordingly.
Persons under the age of 18 may not transfer personal data to us without the consent of a parent or legal guardian. We do not request or collect personal data from minors nor do we transfer such data to third parties.
We check the information on this website with the utmost care. However, we assume no liability for the correctness, completeness or validity of the content of our own websites.
We have implemented technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third-party data processors are obliged to comply with the Federal Data Protection Act and to treat personal data confidentially. When personal data are recorded and processed, they are transferred in encrypted form to prevent their misuse by third parties. We are constantly updating our security measures to reflect advances in technology.
26. Information about the web server location (section 13 (1) of the Telemedia Act (TMG))
The web server is located in Germany.
28. Links to other websites
29. Our social media presence
(a) Data processing by social media
We maintain publicly accessible social media profiles, details of which are provided below. As a rule, social media such as Facebook and Twitter can analyse user behaviour in detail if you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). When you access our social media offerings, a large number of processing activities are triggered which are relevant to data privacy. If you are logged into your social media account and visit our social media presence, the operator of the social media platform can connect this visit with your user account. However, it is also possible for your personal data to be recorded even if you are not logged in or do not have an account on the relevant social media platform. In these cases, data are recorded via cookies placed on your end device or by recording your IP address. The operators of social media platforms can use these data to create user profiles based on your preferences and interests. In this way, they can show you interest-based ads outside the respective social media platform. If you have an account on that social media platform, the interest-based ads will be shown on all the devices you use or have used to log into the platform.
(b) Legal basis
Our social media offerings are intended to ensure the broadest possible internet presence. This is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. The analytical processes initiated by social media networks may be based on deviating legal bases which the operators of these networks must disclose (e.g. consent within the meaning of Article 6 (1) point (a) GDPR.
(c) Controller and assertion of rights
When you visit one of our social media offerings (e.g. on Facebook), we and the operator of the social media platform are the joint controllers of the data processing activities triggered by this visit. Generally speaking, you may assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) against both us and the operator of the social media platform (e.g. Facebook).
Please note that, although we and the operator of the social media platform are joint controllers, we cannot fully influence the data processing activities of the social media platform operator. Our options are largely dictated by the policies of the respective service provider.
(d) Duration of storage
The data we record directly via our social media offering will be erased from our systems as soon as the purpose for which it was stored no longer exists, you request us to erase this data or you withdraw your consent to storage. The cookies stored on your end device will remain until you erase them. This does not affect statutory provisions, especially those concerning retention periods. We have no influence on the duration of storage of the data stored by the operators of social media for their own purposes. You can obtain details directly from the operators of social media platforms (e.g. in their privacy policies, see below).
(e) Details of social media platforms
30. Right of access, right to rectification/erasure and right to object (rights of data subject)
If you have any questions about the recording and use of your personal data by MAC Mode, we will be pleased to provide you this information free of charge and without undue delay at any time. We will be pleased to help if you would like your data to be rectified, locked or erased or if you have any complaints, wish to request access or have any general questions about data protection. Please write to MAC Mode GmbH & Co KGaA, Industriestr. 2, 93192 Wald/Roßbach, Germany, or send an e-mail to firstname.lastname@example.org, citing “data privacy” as the reference.
31. Information about the Data Protection Officer
Our external Data Protection Officer is:
Datenschutz Symbiose GmbH
Dr. Marion Herrmann
Phone: +49 (0) 921 151111-09
32. Right to complain to a supervisory authority
In the event of any breaches of data privacy law, the person affected may submit a complaint to the relevant supervisory authority. This is the Data Protection Officer for the state in which our company has its registered office. The supervisory authority for our company is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 (0) 981 180093 0
Fax: +49 (0) 981 180093 800
You will find a list of the data protection officers and their contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
MAC Mode GmbH & Co KGaA
Wald / Roßbach, 02 November 2022