Shop
Congratulations!

Congratulations! You have found an Easter egg.
Register now and receive a 15 € voucher code.

weiter

Privacy Policy

Privacy Policy pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)

Here we provide our Privacy Policy for candidates, customers and suppliers to download.

Privacy Policy for candidates (PDF)

Privacy Policy for customers (PDF)

Privacy Policy for suppliers (PDF)

 

 

Privacy Policy mac-jeans.com

1. Privacy statement – general section

We care about your privacy

We welcome your interest in our company, products and services and want you to feel that you and your personal data are safe when you visit our website. We take the protection of your personal data very seriously and are committed to observing the provisions of the Federal Data Protection Act. We want you to know which data we collect and how we use them. We have implemented technical and organisational measures to ensure that we and our external service providers comply with data protection regulations. We draw your attention to the fact that security loopholes may exist when transmitting data via the Internet. It is impossible to provide absolute protection of data against access by third parties.

General notes

The following notes provide a simple overview of what happens with your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on privacy, please check the Privacy Policy listed below this text.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data you enter in a contact form. Other data are automatically collected by our IT systems when you visit our website. These are predominantly technical data (e.g. Internet browser, operating system or time of day of the page view). These data are collected automatically as soon as you enter our website.

What do we use your data for (purpose of the processing)?

  • Error-free provision of the website, its content and functions
  • Performance of contractual services and customer care
  • Answering contact enquiries and communication with users
  • Marketing, advertising and market research
  • Security measures

What are your rights with respect to your data?

You have the right to obtain free of charge information about the origin, recipients and purpose of your stored personal data at any time. You also have the right to request the rectification, restriction of processing or erasure of this data. With regard to this or other questions concerning data protection you may contact us at any time at the address provided in the imprint. Furthermore, you may submit a complaint to the competent supervisory authority.

Analysis tools and tools by third-party providers

When you visit our website, your surfing behaviour may be statistically analysed. This is mainly done by way of cookies and so-called analysis programs. Your surfing behaviour is usually analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using specific tools. Detailed information about this is provided in the Privacy Policy below. You may object to this analysis. We will inform you about the objection options in this Privacy Policy.

Minors

Persons under the age of 18 may not transfer personal data to us without the consent of a parent or legal guardian. We do not request or collect personal data from minors nor do we transfer such data to third parties.

Liability

We check the information on this website with the utmost care. However, we assume no liability for the correctness, completeness or validity of the content of our own websites.

Security

We have implemented technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third-party data processors are obliged to comply with the Federal Data Protection Act and to treat personal data confidentially. When personal data are recorded and processed, they are transferred in encrypted form to prevent their misuse by third parties. We are constantly updating our security measures to reflect advances in technology.

Links to other websites

We may occasionally provide links to third-party websites. Although we select these third parties with care, we cannot assume any warranty or liability for the correctness and completeness of the content and for the data security of third-party websites. Nor does this Privacy Policy apply to linked third-party websites. Therefore, please consult the privacy policies of the respective third parties on their own websites.

 

2. Name and contact data of the person in charge of the processing

The data controller of the website www.mac-jeans.com is:

MAC Mode GmbH & Co. KGaA Industriestr. 2
93192 Wald/Roßbach
Germany

Phone: +49 (0) 9463 855-0
Fax: +49 (0) 9463 855-199
E-mail: kontakt@mac-jeans.com

The controller for your purchases via online shopping portals

When you purchase MAC Jeans products via online shopping portals – such as Amazon, Görtz, eBay or Zalando – the respective online shopping portal is responsible for the data collected and processed there. Accordingly, the privacy policy or imprint of the respective portal applies. When you make a purchase, MAC receives your order data from the respective portal via an encrypted Internet connection. As a rule, these data include your name, address and the items you have ordered. As the online shopping portal transmits the data to MAC, MAC becomes the responsible party for these data for the purpose of shipment processing. Your data will only be used to process your order and deliver the ordered merchandise as quickly as possible. To this end, MAC creates a temporary customer account for you whose sole purpose is to facilitate and speed up order processing. The processing is necessary for the fulfilment of the contract and is therefore based on Art. 6 (1) point (b) GDPR.

Data protection officer required by law

We have appointed an external Data Protection Officer for our company:

Datenschutz Symbiose GmbH
Dr Marion Herrmann
Hundingstr. 12
95445 Bayreuth
Germany

E-mail: datenschutz@mac-jeans.com

 

3. Content delivery networks (CDN)

To ensure that the presentation of our website is as error-free and secure as possible, we use various content delivery networks. A content delivery network is a network of powerful servers that cache content at different locations around the world. In this way it provides website content in a very short time while at the same time relieving the web host by spreading the data traffic over different cache servers. As a result, users are able to access website content without long waiting times. When content delivery networks employ this technology, they process a variety of personal data. This may include your IP address, URLs of web pages accessed, date and time of access, location based on your IP address and the location of the server as well as telemetry data (e.g. mouse clicks, movement patterns and associated browser data). On our website we use the content delivery networks of Google, DataCamp, Amazon Cloudfront, Fastly, Cloudfront and Akamai. For more details, please see the remarks below. The use of content delivery networks is based on our legitimate interest in providing our website in a way that is as error-free and secure as possible (Art. 6 (1) point (f) GDPR).

The individual content delivery networks:

Google Cloud CDN

We use the content delivery network Google Cloud CDN. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google offers a globally distributed content delivery network. The transfer of information between your browser and our website is technically routed via the Google network. This allows us to increase the global accessibility and performance of our website. The use of Google Cloud CDN is based on our legitimate interest in providing our website in a way that is as error-free and secure as possible (Art. 6 (1) point (f) GDPR). The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://cloud.google.com/terms/eu-model-contract-clause. Further information on Google Cloud CDN is available at: https://cloud.google.com/cdn/docs/overview?hl=en.

Order processing

We have signed an order processing (OP) agreement for the use of the above-mentioned service. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Amazon CloudFront CDN

We use the content delivery network Amazon CloudFront CDN. Provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (henceforth “Amazon”). Amazon CloudFront CDN is a globally distributed content delivery network. Here the transfer of information between your browser and our website is technically routed via the content delivery network. This allows us to increase the global accessibility and performance of our website. The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR). The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/. Further information on Amazon CloudFront CDN is available at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

Order processing

We have signed an order processing (OP) agreement for the use of the above-mentioned service. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Akamai Content Delivery Network

We use the content delivery network (CDN) of Akamai Technologies GmbH, Parkring 20, 85748 Garching, Germany (Akamai) to increase the security and delivery speed of our website. A CDN is a network of globally distributed servers that is able to deliver content to website users in an optimised way. For this purpose the following personal data may be processed in Akamai server log files:

  • your IP address
  • URLs of pages visited
  • date and time of access
  • location based on your IP address and the location of the Akamai server
  • telemetry data (e.g. mouse clicks, movement patterns and associated browser data)

The use of Akamai is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR). You have the right to object to the processing. Whether the objection is successful is to be determined by balancing interests. The processing of the data listed in this section is neither legally nor contractually required. Without the processing it is not ensured that the website works properly. Your personal data will be stored by Akamai as long as necessary for the purposes described above. Further information on objection and removal options towards Akamai is available at: https://www.akamai.com/site/en/documents/akamai/akamai-data-protection-addendum.pdf.

Akamai has implemented compliance measures for international data transfers. They apply to all activities worldwide where Akamai processes personal data of natural persons in the EU. These measures are based on the EU’s standard contractual clauses (SCCs). More information is available at: https://www.akamai.com/us/en/multimedia/documents/akamai/akamai-pre-signed-eu-standard-contractual-clauses.pdf.

 

4. General remarks on data processing

Data protection

The operator of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this Privacy Policy. When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done. Please note that data transfer of data on the Internet (e.g. in communication via email) may be vulnerable to security gaps. It is impossible to provide absolute protection of data against access by third parties.

Relevant legal bases

Pursuant to Art. 13 GDPR we are informing you of the legal bases of our data processing. When the legal basis is not specified in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) point (a) and Art. 7 GDPR; the legal basis for the processing in order to perform our services and carry out contractual measures as well as answer enquiries is Art. 6 (1) point (b) GDPR; the legal basis for the processing in order to meet our legal obligations is Art. 6 (1) point (c) GDPR; in cases where the processing is necessary for performing a task that is in the public interest or for the exercise of public authority vested in the controller, the legal basis is Art. 6 (1) point (e) GDPR; and the legal basis for the processing to protect our legitimate interest is Art. 6 (1) point (f) GDPR.

SSL or TLS encryption

For reasons of security and to protect the transfer of confidential content such as orders or enquiries which you submit to us as website operator, this page uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to promotional e-mails

We herewith object to the use of contact data which has been published in connection with our obligation to post an imprint in order to send advertising and information material that has not been expressly requested. The operators of the web pages expressly reserve the right to take legal steps if they receive advertising information materials such as spam e-mails which have not been requested.

Amendments and updates to our Privacy Policy

We reserve the right to amend our security and data protection measures if this is necessitated by advances in technology. In such cases, we will amend our Privacy Policy accordingly. Therefore, please always refer to the current version of our Privacy Policy.

Information about the web server location (Section 13 (1) of the Telemedia Act (TMG))

The data we receive via our website is processed on servers in Germany.

 

5. Cooperation with processors and third parties

Data transfer when concluding contracts for online shops, distributors and shippers

We transfer personal data to third parties only if this is necessary for performing the contract, for example to the company engaged to ship the goods or the bank charged with processing payment. Your data is not transferred for any other purpose unless you explicitly consent to the transfer or on the basis of a legal obligation or of our legitimate interest (e.g. when agents, web hosts, etc. are used). Your data will not be transferred to third parties, for example for advertising purposes, without your express consent. The basis for data processing is Art. 6 (1) point (b) GDPR which permits the processing of data for the performance of a contract or of pre-contractual measures. If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is based on Art. 28 GDPR.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so when using the services of third parties or when disclosing or transferring data to third parties, this happens only if it serves to meet our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process the data or have them processed in a third country only if the special requirements of Art. 44 et seq. GDPR apply. This means that the processing takes place, e.g., on the basis of special guarantees such as the officially recognised determination of a data protection level that is in accordance with that of the EU or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

 

6. Data collection on our website

Server log files

Your visit to our websites is logged. The provider of the pages automatically collects and stores information in so-called server log files which your browser automatically transmits to us. These are: 

  • browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of server request
  • IP address
     

As a general rule, it is not possible for us to establish the user’s identity, nor is this intended. These data are not merged with other data sources. The basis for data processing is Art. 6 (1) point (b) GDPR which permits the processing of data for the performance of a contract or of pre-contractual measures. These data are recorded only for data protection purposes and to help us optimise our website. The data are not evaluated in any way other than in anonymised form for statistical purposes. No personal surfing profile or similar will be recorded or processed. Moreover, personal data will only be stored if you specifically allow this, e.g. through registration, a survey, a competition, an online application or the performance of a contract. The respective input and contact forms provide information about the purposes for recording the data requested there. These data are transmitted in encrypted form via the Internet.

Cookies

a) What exactly are cookies?

Cookies are text files which are stored on your computer, tablet or mobile phone when you visit a website. They are generally used to make websites more effective. Some cookies (session cookies) are automatically erased when you close your browser whereas others (persistent or tracking cookies) are archived on your device until a certain expiry date or until you empty your browser’s cache and enable us to identify you as a repeat visitor to our website. Most Web browsers accept cookies automatically. However, you can change this in your browser settings. You will find more information about cookies at: www.allaboutcookies.org.

b) Why do we use cookies?

We use cookies to ensure a safe Internet environment, to measure the performance of our website and to assess the way our customers use our online services so that we can improve them. For example, we can see if a process is too complex causing the user to abandon the process before completion. This knowledge enables us to simplify the process and make it more customer-friendly, improving user-friendliness, transparency and the customer’s entire online experience. We do not use cookies to track your online activities outside the MAC Mode website.

c) What types of cookies are used?

You can delete the cookies set for our website. However, this will also erase your individual data, content and cookie settings so you will not be recognised as a repeat visitor the next time you access our website.

Purpose of the different types of cookies: Session cookies are erased when you close your browser. They are used to record how users navigate the website and how long they spend there. They store the content of your shopping cart and your customer account information for the duration of your visit and keep your login active during the session.

Persistent cookies or tracking code: These contain no personal data. They record the location from which the website was accessed, the search engine that was used, which links were clicked and which search terms were used and identify the user’s location at the time the website was accessed. They also record the number of visits and the duration of first, current and previous visits. These cookies only register visits to mac-jeans.com and are not activated when visiting other websites.

d) Do you consent to our cookies?

We offer several online features aimed at making your visit to our website as pleasant as possible. However, these features only function with the aid of cookies which will be activated if you consent at the start.

e) Withdrawing consent to the use of cookies

If you do not want us to recognise your computer, you can prevent the storage of cookies on your hard drive by selecting “Do not accept cookies” in your browser settings. Please consult your browser manual to find out how this works. However, you should be aware that some “essential” cookies are required to enable you to smoothly navigate our website and to select, configure and save your products. Moreover, we use these cookies only to monitor the efficiency of our website and track visitor frequency.

Consent query via Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of specific cookies on your terminal or to the use of specific technologies and to document them in compliance with data protection regulations. Provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, URL: https://usercentrics.com/de/ (henceforth “Usercentrics”). Usercentrics uses Google’s CDN to provide its services (see section 3).

When you enter our website, the following personal data are transferred to Usercentrics: 

  • your consent(s) or the revocation of your consent(s)
  • your IP address
  • information about your browser
  • information about your terminal device
  • time of your visit to the website
     

Additionally, Usercentrics stores a cookie in your browser so it can properly allocate your consents or their revocation. The data collected in this way is stored until you request that we erase it, to erase the Usercentrics cookie itself or the purpose of the data storage no longer applies. This does not affect mandatory statutory retention periods. Usercentrics is used for obtaining the legally required consents for the use of specific technologies. The legal basis for this is Art. 6 (1) point (c) GDPR.

Order processing

We have concluded an order processing agreement with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Recording personal data

Personal data are information about your identity. They include, for example, your name, address, telephone number and e-mail address. You do not have to disclose any personal data in order to use our website. In some cases, however, we do need your name, address and some other information in order to provide the services you request. This applies to, for example, sending information material and the goods you have ordered or answering your individual questions. In such cases, we will notify you accordingly. Moreover, we store and process only those data that you provide us voluntarily or automatically. If you are using services, we will normally only record the data we need to provide those services. If we request any additional data, this will be on a voluntary basis. Personal data are processed only to provide the service requested and to protect our own legitimate business interests.

Restricted use

We will only collect, process and use the personal data you provide online for the purposes notified to you. Your personal data will not be transferred to third parties without your explicit consent. We will record personal data and transfer them to government institutions and authorities entitled to receive such information only in the context of the relevant laws or if we are obliged to do so by court order. Our employees and service providers have a duty of confidentiality and must comply with the provisions of the Federal Data Protection Act.

Query by e-mail, telephone or fax

When you contact us by e-mail, telephone or fax, your enquiry including all personal data resulting from this (name, query) is stored and processed by us so we can handle your request. We will not forward this data without your consent. This data is processed on the basis of Art. 6 (1) point (b) GDPR if your enquiry relates to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) point (f) GDPR) or on your consent (Art. 6 (1) point (a) GDPR) if it has been requested. The data you sent us via contact enquiries remain with us until you request that we delete them, revoke your consent to their storage or the purpose for the data storage no longer applies (e.g. after the processing of your order has been completed). This does not affect statutory provisions, especially those concerning retention periods. Your e-mails are forwarded to us without the use of additional encryption technology. It is possible that unauthorised persons may become aware of, falsify or erase personal data and confidential information in transit.

Contact form

When you send us enquiries via contact form, we will store the information you have supplied in the contact form, including your contact data, for the purpose of processing your enquiry and for any follow-up question that may arise. We will not forward this data without your consent. This data is processed on the basis of Art. 6 (1) point (b) GDPR if your enquiry relates to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) point (f) GDPR) or on your consent (Art. 6 (1) point (a) GDPR) if it has been requested. The data you entered in the contact form remain with us until you request that we delete them, revoke your consent to their storage or until the purpose for the data storage no longer applies (e.g. after the processing of your enquiry has been completed). This does not affect statutory provisions, especially those concerning retention periods.

Competitions

When competitions are held, personal data are also collected only to the extent necessary. If you wish to participate in our competition, we need your e-mail address as well as your postal address so we can notify you if you win a prize or to send you the prize. When you win the main prize, a photo is typically published along with your name, town and the prize. Other winners will be listed as Mr or Ms and surname plus the first letter of their first name and their town. By participating in the competition you declare your consent to the storage of these data. Legal bases are Art. 6 (1) point (b) GDPR (processing for conducting the competition) and, if the participant consents, Art. 6 (1) point (a) GDPR. You can revoke your consent to the processing of your data at any time. To do so, all you need to do is send us an e-mail (no specific form is necessary). The revocation of consent does not affect the lawfulness of data processing activities that have taken place up until the revocation. The data you entered in the contact form remain with us until you request that we delete them, revoke your consent to their storage or the purpose for the data storage no longer applies (e.g. after the competition has been completed). This does not affect statutory provisions, especially those concerning retention periods.

Data processing (customer and contract data)

We record, process and use personal data only to the extent that this is necessary to establish, define or modify the legal relationship (master data). The basis for this is Article 6 (1) point (b) GDPR which permits the processing of data for the performance of a contract or for implementing pre-contractual measures. We only record, process and use personal data about the utilisation of our website (usage data) to the extent that this is necessary to enable the user to utilise the service or to issue invoices. The customer data recorded will be erased on completion of the order or termination of the business relationship. This shall not affect statutory retention periods.

Shopping cart reminder

If you have already placed goods in your shopping cart but not completed the order, we will use your registered e-mail address to send you a reminder. This serves to protect our legitimate business interests (legal basis). We would like to ensure that you have not abandoned your order due to a problem with the Online Shop or a misunderstanding. The reminder e-mail will contain your data and a reference to the withdrawal of consent if you no longer wish to use this service.

Registration on our website

You can register on our website to use its additional functions or “My MAC”. We will only use the data you provide for the offer or service for which you have registered. On registration, you must provide all the mandatory information. If not, we will decline your registration. If we make any major changes to the scope of the offer or essential technical changes, we will notify you of this using the e-mail address you provide on registration. The data you provide on registration are processed on the basis of your consent (Article 6 (1) point (a) GDPR). You may withdraw this consent at any time. To do so, all you need to do is send us an e-mail (no specific form is necessary). The withdrawal of consent shall not affect the lawfulness of data processing that has already taken place. The data recorded on registration will be stored by us for as long as you are registered on our website. Thereafter they will be erased. This shall not affect statutory retention periods.

Purchasing in the Online Shop

The personal data you provide when you register and data about the type and frequency of your online orders are recorded, stored and used by MAC or third parties that have a contractual relationship with MAC if this is necessary in order to perform the contract. These third parties include companies engaged to ship the goods, banks engaged to manage payments or, in particular, companies engaged to provide customer services and as processors.

Address validation with Endereco

On our website we offer you the possibility to check certain entries in address forms of our webshop for input errors in real time. This is to avoid problems with the delivery of the products you have ordered due to incorrect information. Furthermore, we would like to ensure that your contact details are valid for sending you information about your order or for any necessary queries. For the provision of these functions, we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker. The service provider processes the data exclusively according to our instructions. The legal basis for the transmission, processing and temporary storage of the data with the service provider is Art. 6 para. 1 lit. b GDPR, as it is absolutely necessary for the fulfilment of the contract or for the implementation of pre-contractual measures that some of the data entered by you in the input mask is checked for accuracy. The following data will be processed by the service provider:

  • Address (country, town, postcode, street, house number if applicable)
  • Telephone number

The data will be processed separately by the service provider and will not be merged. The requests are deleted by the service provider as soon as the status of the entered data has been determined and the storage in the webshop has been completed, however, after 30 days at the latest.

Guest accounts

A guest account is a shortened form of registration that allows your order to be processed quickly and securely. Your e-mail address will automatically be used as your user name. We generate a password that is sent directly to this e-mail address. You may use your guest account to access all the benefits of “My MAC” where you can review your order or amend your customer data for future orders.

QR codes

We use QR codes on various occasions. We have the QR codes produced by a service provider. When you scan such a QR code, this scan is recorded by the service provider via an API. The service provider employed for this purpose is Bitly Europe GmbH, located at Am Lenkwerk 13, 33609 Bielefeld, Germany, who uses the tool QR-Code Generator. An order processing agreement has been signed with this service provider. The service provider may process data outside of the EU via sub-service providers. The service provider has contractually committed to entering into suitable contractual agreements with these sub-service providers in order to ensure the protection of the data.

When the QR codes are scanned (e.g. via your smartphone) the following data may be processed: 

  • Number of scans
  • Operating system used
  • Location data (town, country)
     

The data will not be allocated to the respective IP address. The processed data will refer to the respective person only in rare cases and only with the help of additional information. As a rule, this is not personal data within the meaning of Art. 4 (1) GDPR. We collect and process this data in order to improve our online offers and to monitor the success of any promotional campaigns. The data is processed on the legal basis of our legitimate interest as defined in Art. 6 (1) point (f) GDPR. Our legitimate interest consists in the continuous improvement of our online and advertising offers. For certain special services, we use service providers that are specifically obliged to comply with data privacy and non-disclosure provisions in those cases where it is not possible to exclude access to personal data. These categories of data recipients are: data centres, advertising agencies, software developers with access to the platform. To the extent that there is no statutory obligation to store data temporarily, all personal data that are stored in connection with the competition are destroyed after the end of the competition (e.g. non-winners’ data) and after notification of the winners and handover of the prizes (e.g. winners’ data). In the case of recurring competitions (“competition series”), your data will be stored until the end of the competition series or until you withdraw your consent. Recurring competitions are recognisable as such and are identified accordingly.

Surveys

a) Types of data and legal basis

Occasionally MAC conducts surveys on its company website. Participation in these surveys is voluntary. Various personal data may be collected and processed during the surveys. The surveys regularly offer expense allowances or prizes. To ensure that the expense allowance or prize can be allocated and delivered to the proper participant (“data subject”), his or her name and email address are collected. These data are processed for the purposes of fulfilling the contract in accordance with Art. 6 (1) point (b) GDPR. During the course of the survey other data may be collected as well. These data are either collected explicitly or entered independently by the data subject in open text fields. Since the data subject has previously entered his or her name and email address, these data may also contain a personal reference to the participant. It is also possible that other sensitive data may be entered for processing by the data subject via the open text fields. MAC will never explicitly collect such sensitive data. Consequently, MAC has no influence on the information that is submitted via the open text fields. The legal basis for the collection and processing of personal data via the survey form is the consent of the data subject in accordance with 6 (1) point (a) GDPR. This consent may be revoked at any time according to Art. 7 (3) GDPR. If the consent is revoked, all personal data which is processed on the basis of this consent will be promptly deleted. However, this also eliminates any outstanding claims to compensation allowances or prizes.

b) Purpose of the processing

Data may be processed in connection with surveys for different purposes (e.g. to determine customer satisfaction, analyse purchasing behaviour or receive feedback on improvement potential). The specific purposes are specially defined for each respective survey and are made available to the data subject in a transparent manner.

c) Duration of storage

Your name and email address which we collect in the course of a survey are only used for the purpose of allocating and delivering prizes or expense allowances. This data is therefore deleted as soon as the prize or expense allowance has been delivered. When the name and email address are deleted, the personal reference of the remaining data is also removed. Consequently, further processing will be anonymised and only serves purposes of analysis. The data will not be sold or passed on to third parties.

d) Recipient of the data (third-country transfer)

The personal data collected in the course of a survey is made available only to MAC employees who need the data in order to perform their duties. To conduct the surveys, MAC uses the software solution SurveyMonkey by the service provider Momentive Europe UC (2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland). The required contractual agreements to ensure data privacy have been concluded with the service provider. Since Momentive Europe UC is a subsidiary of Momentive Inc., which is based in California, USA, the possibility that your personal data is transferred to the USA cannot be excluded. Momentive Europe UC does assure that pertinent contractual agreements have been entered into with all entities to which personal data are transferred. However, due to the broad powers of U.S. security authorities, the possibility that said security authorities access your data cannot be completely excluded. To participate in the survey, you will be redirected to a subpage of SurveyMonkey. This process may enable SurveyMonkey to gain knowledge of your connection data (IP address, log data, browser settings, etc.). Momentive Europe UC is solely responsible for the processing of this data and compliance with the pertinent legal requirements. More information on the data processing by Momentive is provided at: https://www.surveymonkey.com/mp/legal/privacy/.

e) Rights as a data subject

As a data subject, you have the right to information, deletion and blocking of your data processed by us. Moreover, you have the right to object to the processing of the data inasmuch as it is legally based on legitimate interest. Further information on your rights as a data subject is provided at the end of this Privacy Policy.

Duration of storage

We store the personal data provided to us via our website only for as long as is necessary to fulfil the purpose for which it was provided. If commercial and fiscal law specify retention periods, some data may be stored for up to ten (10) years. Moreover, when an order is placed online, the user’s IP address at that time is stored and used separately and in anonymised form for the duration of one (1) year to ensure data security (i.e. to prevent misuse and prosecution).

Erasure of customer data (in the Online Shop)

The data we process will be erased or the processing will be restricted in accordance with Art. 17 and 18 GDPR. If you request the erasure of your data, we can only comply with this in full if you have not yet concluded an order with us. We erase the personal data recorded to process orders and stored in our electronic customer system (e.g. data of birth, phone and fax number, e-mail address, credit score) within seven (7) working days. If you are already a customer, we are obliged to retain commercial/business documents and invoices for six (6) and ten (10) years respectively, pursuant to Section 257 HGB (German Commercial Code) and Section 147 AO (Fiscal Code). We are therefore unable to immediately erase your personal data that we are required by law to retain. In our system, these data are locked for the duration of the retention period to prevent their active use.

 

7. Newsletter

We record and process your personal data (e-mail address) if you register to receive our newsletter. You have given your consent to this by clicking the “Register” button and then the link in the confirmation e-mail. This website sends newsletters using Inxmail from Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg, Germany. Inxmail is a service used to organise and analyse newsletter mailing. The data you provide in order to receive the newsletter (e.g. e-mail address) are stored on the Inxmail servers in Germany. Inxmail is a co-founder and member of the Certified Senders Alliance (CSA) and a signatory to Germany’s e-mail marketing quality standard. The newsletter we send via Inxmail enables us to analyse the general behaviour of the newsletter recipients. For example, we can analyse how many recipients have opened the newsletter notification and how many clicks there are on which links in the newsletter. The data are processed on the basis of your consent (Article 6 (1) point (a) GDPR). You may withdraw this consent at any time by cancelling the newsletter. The withdrawal of consent shall not affect the lawfulness of data processing activities that have already taken place. If you do not wish your data to be analysed by Inxmail, you must cancel the newsletter. We provide a link for this purpose in every newsletter notification. You may also cancel the newsletter directly from the website. The same applies if you are sent the newsletter without your explicit prior consent on the basis of the exemption contained in Section 7 (3) UWG (Unfair Competition Act) due to a prior purchase of goods or services. The data you provide us for the purpose of receiving the newsletter will be stored until you cancel the newsletter and will then be erased from both our servers and Inxmail’s servers. This shall not affect data that we have stored for other purposes (e.g. e-mail address for your “My MAC” login). We have concluded a processing agreement with Inxmail and, in using Inxmail, comply with the stringent requirements of Germany’s data protection authorities.

 

8. Analysis tools and advertising

Processing

We have concluded a processing agreement with Google and, in using Google Analytics, comply with the stringent requirements of Germany’s data protection authorities.

Browser add-on

You can prevent the storage of cookies via a setting in your browser software. However, we would like to point out that you may then no longer be able to use all the website’s functions in their entirety. You can also prevent Google from recording and processing the data generated by the cookie in relation to your use of the website (including your IP address) by downloading and installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en.

Bing Ads/Microsoft

Our website uses Bing Ads from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA – “Microsoft”). If you click on an ad displayed by Microsoft Bing Ads, a conversion tracking cookie will be placed on your computer. This cookie has limited validity and cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Microsoft can recognise that you clicked on the ad and were then redirected to our website. The information obtained with the aid of the conversion cookie is used to compile conversion statistics. These show the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. It is not possible to personally identify the user. Use of this service is based on your consent according to Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. You will find more information about data protection and the cookies used by Microsoft Bing at: https://privacy.microsoft.com/en-us/privacystatement.

Clarity

This website uses Clarity. Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (henceforth “Clarity”). Clarity is a tool for analysing user behaviour on this website. Clarity tracks mouse movements in particular and produces a visualisation showing which parts of the website users visit especially frequently (heatmaps). Clarity can also record sessions so we can view the use of our website in video format. In addition, it provides us with information about general user behaviour on our website. Clarity uses technologies which facilitate user recognition for analytical purposes (e.g. cookies or device fingerprints). Your personal data are stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. If your consent has been obtained, the above-mentioned service is solely used on the basis of Art. 6 (1) point (a) GDPR and Section 25 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. If consent has not been obtained, this service is used on the basis of Art. 6 (1) point (f) GDPR; the website operator has a legitimate interest in effective user analysis. Further details about data protection at Clarity can be found at: https://docs.microsoft.com/en-us/clarity/faq. We have concluded an order processing agreement with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

DooFinder

We have integrated the “doofinder, powering results” search technology on this website. The provider is DooFinder S.L., Madrid 28037, Rufino González 23 bis, 1º 1, Spain (henceforth “DooFinder”). DooFinder uses the CDN of DataCamp to provide its services (see section 3). DooFinder enables us to integrate a search function on our website with which you can search our website. To use the search function of DooFinder, your browser must connect to the servers of DooFinder. In this way DooFinder learns that our website has been accessed via your IP address. Further information is available in DooFinder’s privacy policy at https://www.DooFinder.com/de/policies/privacy/. The use of the DooFinder search bar is based on Article 6 (1) point (f) GDPR. As website operators, we have a legitimate interest in an attractive and optimised presentation of our website. This interest is preserved by having an optimised and fast search function within our website. Since DooFinder is a company that is based in the European Union, we may presume that your personal data is ensured an appropriate level of protection. For this reason we regard our interests as predominant. In addition to the strict search function, DooFinder also offers the option of an AI-controlled recommendation function. Here an artificial intelligence analyses your interests based on your behaviour on our website. To this end DooFinder uses pseudonymised user data to collect information on the products with which you interact in our Online Shop. The insights gained from this are used to suggest products on our website to you in which you might be interested. To identify individual users, in this option DooFinder uses so-called “cookies” which are stored on your computer. An individual numerical identifier is stored in these cookies which serves to recognise returning visitors when they visit the website again. The use of the AI-controlled user analysis is solely based on your consent according to Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. We have concluded an order processing agreement with DooFinder. This agreement is required under data protection law and ensures that DooFinder processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Facebook Conversion API

The Facebook Conversion API is integrated on this website. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, the data recorded may also be transferred to the USA and other third countries. The Facebook Conversion API enables us to capture the website user’s interactions with our website and transmit them to Facebook in order to improve Facebook’s advertising performance. Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Facebook (audience segmentation targeting). As website operators we have no passive or active access to this user data. User analysis is conducted solely by Facebook. On the part of the website operator, data is only sent back by the server in this context. When a visitor lands on our website via a Facebook advert, Facebook assigns a click ID to that user. For the website operator, this is an anonymous data item which does not allow to identify the user. When the user associated with this click ID triggers an event on our website (e.g. a product purchase), the website sends this information back to Facebook along with the value of the purchase and the time of the purchase.

Specifically, the following data is transmitted: 

  • anonymous click ID
  • event name (e.g. “AddToCart” or “Purchase”)
  • time of event
  • conversion value
     

Facebook utilises this data internally. The responsible entity for the further data processing is Facebook itself. Information about data processing by Facebook is available at https://www.facebook.com/privacy/policy/. Since this is not personal data for the website operator, no legal basis is required for this processing.

Friendly Captcha

We use Friendly Captcha (hereinafter referred to as “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is used to verify whether the entry of data into this website (e.g., into a contact form) is being processed by a person or an automated program. For this purpose, Friendly Captcha analyzes the behavior patterns of website visitors based on numerous characteristics. For the analysis, Friendly Captcha examines a wide range of information (e.g., anonymized IP address, referrer, time of the visit, etc.). For more related information please visit: https://friendlycaptcha.com/legal/privacy-end-users/.

The storage and analysis of the data occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting the operator’s web presentations against abusive automatic spying and SPAM. In the event that respective consent has been obtained, the data will be processed exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, if the consent comprises the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in the TTDSG (German Telecommunications Act). Such consent may be revoked at any time.

Data processing: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Frizbit

This website uses Frizbit, a multi-channel marketing tool from Frizbit Technology, S.L., Carrer Llacuna 162, 08018 Barcelona, Spain (https://frizbit.com). We use the Frizbit E-Commerce Marketing Automation Platform to increase the number of visits to the website and retain customers. For this purpose, Frizbit generates several persistent cookies with a maximum lifetime of one year which recognise users and analyse their behaviour on the website by assigning a randomly generated ID to each user. The aim is to send targeted push messages to the user’s browser. These messages may be shopping cart reminders or invitations to register for our newsletter. Consent is obtained from the data subject for the use of Frizbit. Data processing by Frizbit is thus based on the consent in accordance with Art. 6 (1) point (a) GDPR.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads makes it possible to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms (keyword targeting). Moreover, targeted advertisements may be displayed on the basis of the user data (e.g. location data and interests) which are available at Google (audience segmentation targeting). As website operators we have no passive or active access to this user data. User analysis is conducted solely by Google. On the part of the website operator, data is only sent back by the server in this context, the so-called Google Ads Conversion Tracking. When a visitor lands on our website via a Google search, Google assigns a click ID to that user. For the website operator, this is an anonymous data item which does not allow to identify the user. When the user associated with this click ID triggers an event on our website (e.g. a product purchase), the website sends this information back to Google along with the value of the purchase and the time of the purchase.

Google Analytics

This website uses various functions of Google Analytics. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables the website operator to analyse the behaviour of the website visitors. The website operator receives various usage data, such as pages viewed, operating systems used and origin of the user. This data is allocated to the user’s respective terminal device. It is not allocated to a user ID. Google Analytics also enables us to record your mouse movements, scrolling and clicks. Moreover, Google Analytics uses various modelling approaches in order to augment the datasets collected and employs machine learning technologies for the data analysis. Google Analytics uses technologies which facilitate user recognition for purposes of analysing user behaviour (e.g. cookies or device fingerprinting). As a rule, the information about your use of this website that Google has collected is transferred to and stored on a Google server in the USA. Use of this service is based on your consent according to Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Analytics Remarketing

Our website uses the functions of Google Analytics Remarketing in connection with the cross-device functions of Google Ads and Google DoubleClick, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This function makes it possible to link the ad target groups produced with Google Analytics Remarketing with the cross-device functions of Google Ads and Google DoubleClick. In this way, you can be shown personalised interest-based advertising messages on one end device (e.g. a tablet or computer) based on your previous use and surfing behaviour on another end device (e.g. mobile phone). If you have given your consent to this, Google will link your Web and app browsing history with your Google account. In this way, the same personalised advertising messages can be displayed on any end device you use to log in to your Google account. To support this function, Google Analytics records users’ Google-authenticated IDs which are temporarily linked with our Google Analytics data in order to define and create target groups for cross-device advertising. You may object to cross-device remarketing/targeting by deactivating personalised ads in your Google account at: https://www.google.com/settings/ads/onweb/. The data recorded in your Google account is merged on the basis of the consent you can grant to or withdraw from Google (Article 6 (1) point (a) GDPR). Data recording processes that are not merged in your Google account (e.g. because you do not have a Google account or you have objected to their merging) are based on Article 6 (1) point (f) GDPR. The website operator’s legitimate interest lies in the anonymised analysis of website visitors for advertising purposes. You will find further information and the data protection provisions in Google’s Privacy Policy at: https://www.google.com/policies/technologies/ads/.

Google Data Studio

We use Google Data Studio which is a data management tool for producing user-defined reports and dynamic dashboards. This draws on the data from Google Analytics and has no interfaces to other data sources (e.g. Google Ads, Attribution 360, BigQuery, Cloud SQL, MySQL, Google Tables, YouTube Analytics, etc.). The web tool does not require any local applications and can be launched from the web. Access is via a browser and the data sources are linked directly via Google Data Studio. You will find further information about the use of Google Data Studio at support.google.com/datastudio/answer/6283323.

Google DoubleClick

This website uses various functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (henceforth “DoubleClick”). DoubleClick is used to show you interest-related advertisements in Google’s entire advertising network. With the help of DoubleClick, the advertisements can be targeted towards the interests of the respective viewer. For instance, our advertisements can be shown in Google search results or in web banners that are linked with DoubleClick. To be able to show viewers interest-based advertising, DoubleClick must recognise the respective viewer and allocate to him or her websites visited, clicks and other information regarding his or her user behaviour. To this end DoubleClick employs cookies or comparable recognition technologies (e.g. device fingerprinting). The collected information is compiled into a pseudonymous user profile so the respective user can be shown interest-based advertising. Use of this service is based on your consent according to Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). This consent may be withdrawn at any time. For further information on how to object the advertisements displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Google Signals

We use Google Signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other information. With the help of Google Signals, these data can be used for personalised advertising. If you have a Google account, the visitor data are then linked to your Google account by Google Signals and used for personalised advertising messages. The data are moreover used for compiling anonymised statistics regarding the user behaviour of our users.

Google Tag Manager

We use the Google Tag Manager. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool with whose help we can install tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, stores no cookies and does not perform any analyses of its own. It only serves to manage and use the tools that are embedded in it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States. Processing takes place solely on the basis of Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), to the extent that consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of TTDSG. This consent may be withdrawn at any time.

Specifically, the following data is transmitted: 

  • anonymous click ID
  • event name (e.g. “product purchase”)
  • value of the purchase, if applicable
  • time of the purchase
     

Google utilises this data internally. The responsible entity for the further data processing is Google. Information about data processing by Google is available at https://policies.google.com/privacy?hl=en&gl=de#intro. Since this is not personal data for the website operator, no legal basis is required for this processing.

Hotjar

This website uses Hotjar provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (https://www.hotjar.com). It is a tool for analysing user behaviour on this website. Hotjar enables us to record your mouse movements, scrolling and clicks. It can also recognise how long your cursor stays in a certain place. On the basis of this information, Hotjar compiles heatmaps which can be used to identify which areas of the website users prefer to view. We can also see how long you spend on a page and when you leave it. It lets us identify at what point you abandon inputting your data in a contact form (conversion funnels). In addition, Hotjar can be used to request direct feedback from visitors to the website. This function serves to improve the website operator’s offering. Hotjar uses technologies which facilitate user recognition for analytical purposes (e.g. cookies or device fingerprints). Hotjar uses the CDN of Cloudfront to provide its services (see section 3). These analysis tools are used solely on basis of Art. 6 (1) point (a) GDPR; consent may be withdrawn at any time. If you would like to deactivate data recording by Hotjar, follow the instructions at https://www.hotjar.com/opt-out. Please note that Hotjar must be deactivated separately in each browser or on each end device. You can find more information about Hotjar and the data it records in Hotjar’s privacy policy at https://www.hotjar.com/privacy. We have concluded an order processing agreement with the above-mentioned provider. This agreement is required under data protection law and ensures that the processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

Innkeepr

Insofar as you have given your consent to the use of advertising / tracking cookies, this website uses Innkeepr, a web analytics service provided by Innkeepr UG Senefelderstr. 35, D-09126 Chemnitz. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse a user's activities across devices. Innkeepr uses cookies, which are stored on your computer and enable an analysis of your use of our website. We store the information collected in this way exclusively on our server in Germany. We use Innkeepr without collecting IP addresses or hardware specifications. A direct personal reference of collected data is therefore excluded. The legal basis for the use of Innkeepr is your consent in accordance with Art. 6 para. 1a DSGVO and § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future. You can find more information on revoking your consent in this privacy policy under the section "Cookies".

IP anonymisation

We have activated the IP anonymisation function on this website. In the Member States of the European Union and in other States party to the Agreement on the European Economic Area, your IP address will be truncated by Google prior to transfer to the USA. In exceptional cases, the full IP address will be transferred to a Google server in the USA and truncated there. Acting on behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports about website activities and provide the website operator with other services associated with the use of the website and the Internet. The IP address transmitted from your browser by Google Analytics will not be merged with other Google data.

Matomo

This website uses Matomo, an open-source web analytics service. Matomo applies technologies which facilitate cross-page user recognition for analytical purposes (e.g. cookies or device fingerprints). The information about the use of this website recorded by Matomo is saved on our server. The IP address is anonymised beforehand. Matomo enables us to record and analyse data about our visitors’ use of our website. In this way, we can identify when which pages were viewed and from which region. We also record various log data (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain activities (e.g. clicks, purchase transactions, etc.). The use of this analysis tool is twofold. One part of the processing is based on Article 6 (1) point (f) GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise its website and its advertising. In this case data is recorded without using cookies. Therefore visitors are not recognised after a session has ended and no e-commerce reports are generated (shopping cart, product pages, purchase). Only the total purchase value is recorded. The other part of the processing is solely based on your consent according to Article 6 (1) point (a) GDPR and Section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). In this variant, cookies are used for cross-session user recognition and e-commerce reporting is activated. If you were redirected to our website via a Google advert, it is also possible that the click ID is transmitted back to Google Ads by the server. This consent may be withdrawn at any time. We use IP anonymisation when performing analyses with Matomo. Your IP address will be truncated before the analysis so that it can no longer be assigned to you. We host Matomo solely on our own servers which means that we retain all analytical data and do not transfer it to third parties.

Pinterest

To enable us to target and optimise our Pinterest campaigns and measure their conversion, we use a Pinterest tag on the basis of Article 6 (1) point (a) GDPR (and possibly also Article 6 (1) point (f) GDPR). This is an individual code snippet which Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”) embeds in our website. In this way, we can ensure that the Pinterest ads we initiate are displayed only to those Pinterest users who have shown interest in our offer and that the ads correspond to users’ potential interest and are not perceived as a nuisance. In addition, we can track the actions of Pinterest users after they have viewed or clicked one of our Pinterest ads. This helps us measure the conversion of a campaign for statistical, market research and accounting purposes. The following information is processed: device information (e.g. type, brand), operating system used, IP address of the device used, time our offer was accessed, type and content of the campaign, reaction to a campaign (e.g. clicking a button). The data recorded in this way are anonymised and do not permit us to identify a user. Pinterest uses the CDN of Fastly and Akamai to provide its services (see section 3). Processing for behavioural and interest-based advertising purposes is a recognised legitimate interest (Article 6 (1) point (f) GDPR and possibly also Article 6 (1) point (a) GDPR) as described in GDPR Recital 47. The data are stored in accordance with statutory retention periods and then erased automatically. If you log into your Pinterest account after visiting our website or you visit our website while you are logged in, it is therefore possible that these data will be stored and processed by Pinterest which is why we are notifying you of this here. Pinterest could possibly merge these data with your Pinterest account and use them for its own advertising purposes. Further information can be found in Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy. You may object to this processing of your data at any time by either deactivating “Personalization” in your account privacy settings or by activating your browser’s “Do not track” feature.

Shopware

The e-commerce system we use is Shopware from shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany. In addition to the information in our Privacy Policy, you will find information about the processing of personal data by Shopware AG at https://docs.shopware.com/en/shopware-5-en/tutorials-and-faq/gdpr. When you add products to your shopping cart, our website places cookies on your end device so that you can continue the order process even if you have to reload the website. When you place an order, the personal data you enter in the order form is transferred to us by your browser and stored in our IT systems. We also store your IP address and the time of your order. We use the personal data you enter to process your order. This processing is lawful because it is necessary to perform the contract in accordance with Article 6 (1) point (b) GDPR. We store your IP address and the time of the order to ensure the security of our IT systems. This also constitutes our legitimate interest which is why processing in accordance with Art. 6 (1) point (f) GDPR is permissible. The personal data you enter will be stored for as long as is necessary to perform the contract. We do not merge these personal data with other data sources. We only transfer data to third parties if this is necessary to perform the contract (e.g. to payment services, IT service providers, shippers). No transfer to a third country or international organisation is intended. You are not obliged to provide these personal data but it will not be possible to place an order in our Online Shop if you do not do so.

Duration of storage

Data stored at Google at user and event level that is linked to user identifier (e.g. user ID) or advertising identifiers (e.g. DoubleClick cookies, Android advertising ID) are anonymised or erased after 14 months. For pertinent details, please see this link: https://support.google.com/analytics/answer/7667196?hl=en.

Trusted Shops and integration of the Trustbadge/ other widgets

Trusted Shops widgets are integrated on this website to display of the Trusted Shops services (e. g. seal of approval, collected ratings) as well as to offer Trusted Shops products to shoppers after an order has been placed. This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 Para. 1f GDPR, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Köln ("Trusted Shops"), with whom we are jointly responsible for data protection pursuant to Art. 26 GDPR. Within the scope of this data protection notice, we inform you in the following about the essential contractual contents in accordance with Art. 26 (2) GDPR. Within the framework of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops preferably in case of data protection questions and for asserting your rights using the in the privacy policy (https://www.trustedshops.co.uk/imprint/) contact options given. Irrespective of this, however, you can always contact the responsible person of your choice. Your enquiry will then, if necessary, be passed on to the other responsible person for a response.

1. Data processing when integrating the Trustbadge/ other widgets

The trust badge is provided by a US CDN provider (content delivery network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be accessed for the USA here: https://commission.europa.eu/system/files/2023-07/Adequacy decision EU-US Data Privacy Framework_en.pdf. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). Further information is available at here: https://www.dataprivacyframework.gov/s/. Where service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.

2. Data processing after order completion

If you have given your consent , the trust badge accesses order information stored in your terminal equipment (order total, order number, product purchased if applicable) and email address after the order is completed and your email address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 Para. 1 GDPR. This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing takes place in accordance with the contractual agreement between you and Trusted Shops: https://www.trustedshops.com/tsdocument/BUYER_AUTO_PROTECTION_TERMS_en.pdf. If you are not yet registered for the services or do not give your consent to automatic recognition via the trust badge, you will subsequently be given the opportunity to register manually for the use of the services or to conclude the protection within the scope of your possibly already existing user agreement. For this purpose, the Trustbadge accesses the following information stored in the terminal device you use after you have completed your order: Order total, order number and email address. This is necessary so that we can offer you buyer protection. The data is only transmitted to Trusted Shops if you actively decide to take out buyer protection by clicking on the correspondingly designated button in the so-called trust card. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 Para. 1b GDPR, in order to be able to complete your registration for buyer protection and secure the order and, if necessary, to be able to subsequently send you evaluation invitations by email.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission.which is available for the USA at https://commission.europa.eu/system/files/2023-07/Adequacy decision EU-US Data Privacy Framework_en.pdf and for Israel at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32011D0061. Service providers from the USA are generally certified under the EU-U.S. Data Privacy Framework (DPF). For more information, please are available here: https://www.dataprivacyframework.gov/s/. Where service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

Source: Trusted Shops, text variant 3, Status: 15.08.2023

 

9. Add-ons and tools

Google Maps

This website uses Google Maps. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In order to use the functions of Google Maps, your IP address has to be stored. As a rule, this information will be transferred to and stored on a Google server in the USA. The website operator has no influence on this data transfer. If Google Maps is activated, Google can use Google Fonts to ensure a uniform appearance. When Google Maps is accessed, your browser downloads the required Google fonts to your browser cache so that text and typefaces are displayed correctly. As we cannot exclude that data will be recorded for analysis and possibly also marketing purposes on the basis of Google Maps scripts, the map will only be displayed after you have consented to marketing cookies. We do not record or use any data in connection with the use of maps. Data is processed solely on the basis of Art. 6 (1) point (a) GDPR; consent may be withdrawn at any time. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You will find further information about how Google handles user data in its Privacy Policy: https://policies.google.com/privacy?hl=en.

Loqate

In order to ensure that no incorrect address data is stored in our system and to guarantee secure delivery of marketing emails to the recipient, we use the " Address Capture" and "Email Address Validation" services of GB Group PLC, The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB, United Kingdom ("Loqate") for appropriate data validation. Your address and e-mail address (no other personal data will be processed) are checked for validity directly during entry via the online interface and by Loqate. If an error is detected when entering your address, an alternative address or the correct spelling of your address will be suggested to you. Via the interface, your data will be checked against Loqate's database, which is located in the UK. Once the email address has been validated, the data is deleted immediately, or after 30 days at the latest. The address validation records will be deleted after 30 days at the latest. The processing of your data itself is based on Art. 6 para. 1f GDPR. Our legitimate interest is to ensure that valid data is retained and that the smooth processing of customer enquiries and orders can be guaranteed. For the United Kingdom, the Commission has adopted a corresponding adequacy decision under Article 45 para 1 GDPR, which legitimises the transfer to or processing of your data in the United Kingdom. We have concluded a data processing agreement (DPA based on SCC) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. If Loqate processes personal data in the USA, this is done on the basis of so-called standard contractual clauses in accordance with Art. 46 para. 2c) GDPR, as well as further measures to protect your data. Further information on data protection at Loqate can be found at: https://www.loqate.com/en-gb/products-services-privacy-notice/.

YouTube with enhanced privacy

This website incorporates videos from YouTube which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use YouTube in enhanced privacy mode which, according to YouTube, means that YouTube does not store any information about visitors to this website before they view the video. However, it does not necessarily prevent the transfer of data to YouTube’s partners. For example, irrespective of whether you view a video or not, YouTube establishes a link to the Google DoubleClick network. As soon as you start a YouTube video on this website, a link is established to YouTube’s servers. The YouTube server is notified which of our pages you have visited. If you have logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out from your YouTube account. When you start a video, YouTube also places cookies on your end device or uses comparable recognition technology (e.g. device fingerprinting). In this way, YouTube acquires information about the visitors to this website. It uses this information to record video statistics, improve user-friendliness and prevent attempted fraud, for example. Starting a YouTube video may also trigger further data processing activities over which we have no influence. We use YouTube in the interest of providing an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) point (f) GDPR. If the corresponding consent was obtained, processing shall be solely on the basis of Article 6 (1) point (a) GDPR; this consent may be withdrawn at any time. You will find further information about privacy at YouTube at https://policies.google.com/privacy?hl=en.

 

10. Payment methods on our website

We use third-party payment services on our website. When you make a purchase from us, your payment data (e.g. name, amount of payment, bank account details, credit card number) are processed by the payment service provider for the purpose of processing the payment. These transactions are covered by the respective contractual provisions and privacy policy of the respective provider. Payment services are used on the basis of Article 6 (1) point (b) GDPR (processing for the performance of a contract) and in the interest of ensuring that the payment transaction is as smooth, convenient and secure as possible (Article 6 (1) point (f) GDPR). If your consent is requested for certain actions, Article 6 (1) point (a) GDPR shall provide the legal basis for data processing; this consent may be withdrawn at any time.

We use the following payment services/payment service providers on this website:

American Express

This payment service is provided by American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (henceforth “American Express”). American Express may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on the Binding Corporate Rules. You will find details at: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. Further information about the American Express privacy policy is available at: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

iDEAL

This payment service is provided by iDEAL, a service for payment systems. Service provider is the Dutch company Currence B.V., Gustav Mahlerplein 33-35, Amsterdam, Noord-Holland 1082 MS, Netherlands. Select iDEAL as the payment method and your bank. You will then be redirected to the online banking area of your bank. Please enter your bank details and confirm the transaction. You will receive confirmation of your payment and are then redirected to your shopping cart at mac-jeans.com. Your PIN and the TAN are not visible to MAC or third parties. The data will not be stored. You can learn more about the data processed when using iDEAL in the privacy policy at: https://www.ideal.nl/en/disclaimer-privacy-statement/.

Klarna

This payment service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (henceforth “Klarna”). Klarna offers various payment options including payment by instalments. If you choose Klarna as the means of payment (Klarna Checkout), Klarna will request certain personal data from you. Klarna uses cookies to optimise Klarna Checkout. You will find details about Klarna’s use of cookies at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf. You will find further information about the privacy policy of Klarna at: https://www.klarna.com/uk/privacy/.

Mastercard

This payment service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (henceforth “Mastercard”). Mastercard may transfer personal data to its parent company in the USA. The transfer of data to the USA is based on Mastercard’s Binding Corporate Rules. You will find details at https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

Mollie

This payment service is provided by Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (henceforth “Mollie”). Mollie enables us to integrate different payment methods on our website. You will find further details in Mollie’s privacy policy at: https://www.mollie.com/gb/privacy.

PayPal

This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (henceforth “PayPal”). The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. You will find details about PayPal’s privacy policy at: https://www.paypal.com/myaccount/privacy/privacyhub.

Sofortüberweisung (instant transfer)

This payment service is provided by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (henceforth “Sofort GmbH”). Sofort GmbH provides us with real-time confirmation of payment so we can immediately start fulfilling our obligations. If you choose to use Sofortüberweisung, you transfer the PIN and a valid TAN for your online banking account to Sofort GmbH which, after logging in, automatically checks your account balance and then transfers the amount owed to us using the TAN you have provided. It then sends us confirmation of the transaction. After logging in, Sofortüberweisung also automatically checks the transactions on your account, your overdraft limit and the existence and balance of any other accounts. In addition to your PIN and TAN, your payment and personal data are also transferred to Sofort GmbH. The personal data include your forename and surname, address, phone number(s), e-mail address, IP address and any other data that may be needed to process the payment. It is necessary to transfer these data in order to establish your identity beyond doubt and prevent any attempted fraud. You will find details about payment using Sofortüberweisung at: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

VISA

This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (henceforth “VISA”). The United Kingdom is designated a safe third country in terms of data protection. This means that the level of data protection there is equivalent to that in the European Union. VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. Further information about the VISA privacy policy is available at: https://www.visa.co.uk/legal/privacy-policy.html.

 

11. Our social media presence

a) Data processing by social media

We maintain publicly accessible social media profiles, details of which are provided below. As a rule, social media such as Facebook and Twitter can analyse user behaviour in detail if you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). When you access our social media offerings, a large number of processing activities are triggered which are relevant to data privacy. If you are logged into your social media account and visit our social media presence, the operator of the social media platform can connect this visit with your user account. However, it is also possible for your personal data to be recorded even if you are not logged in or do not have an account on the relevant social media platform. In these cases, data are recorded via cookies placed on your end device or by recording your IP address. The operators of social media platforms can use these data to create user profiles based on your preferences and interests. In this way, they can show you interest-based ads outside the respective social media platform. If you have an account on that social media platform, the interest-based ads will be shown on all the devices you use or have used to log into the platform. Please also note that we are unable to track all processing activities on social media platforms. Depending on the provider, other processing activities may be carried out by the operators of the social media platforms. You will find details in the terms of use and privacy policy of the respective social media platform.

b) Legal basis

Our social media offerings are intended to ensure the broadest possible Internet presence. This is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR. The analytical processes initiated by social media networks may be based on deviating legal bases which the operators of these networks must disclose (e.g. consent within the meaning of Article 6 (1) point (a) GDPR).

c) Controller and assertion of rights

When you visit one of our social media offerings (e.g. on Facebook), we and the operator of the social media platform are the joint controllers of the data processing activities triggered by this visit. Generally speaking, you may assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) against both us and the operator of the social media platform (e.g. Facebook). Please note that, although we and the operator of the social media platform are joint controllers, we cannot fully influence the data processing activities of the social media platform operator. Our options are largely dictated by the policies of the respective service provider.

d) Duration of storage

The data we record directly via our social media presence will be erased from our systems as soon as the purpose for which it was stored no longer exists, you request us to erase this data or you withdraw your consent to storage. The cookies stored on your end device will remain until you erase them. This does not affect statutory provisions, especially those concerning retention periods. We have no influence on the duration of storage of the data stored by the operators of social media for their own purposes. You can obtain details directly from the operators of social media platforms (e.g. in their privacy policies, see below).

e) Details of social media platforms

Facebook

We have a Facebook profile. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data recorded are also transferred to the USA and other third countries. We have concluded a joint controller agreement (Controller Addendum) with Facebook which defines which data processing activities we and Facebook are responsible for when you visit our Facebook page. You can view this agreement at https://www.facebook.com/legal/terms/page_controller_addendum. You can modify the ad settings in your user account by clicking the following link and logging in: https://www.facebook.com/settings?tab=ads. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at: www.facebook.com/legal/EU_data_transfer_addendum and de-de.facebook.com/help/566994660333381. You will find details in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

Instagram

We have an Instagram profile. This service is provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at: www.facebook.com/legal/EU_data_transfer_addendum, help.instagram.com/519522125107875 and de-de.facebook.com/help/566994660333381. You will find details about the way Instagram handles your personal data in its privacy policy https://help.instagram.com/519522125107875.

LinkedIn

We have a LinkedIn profile. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate these cookies, please go to https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details are available at: www.linkedin.com/legal/l/dpa and www.linkedin.com/legal/l/eu-sccs. You will find details about the way LinkedIn handles your personal data in its privacy policy https://www.linkedin.com/legal/privacy-policy.

Pinterest

We have a Pinterest profile. This service is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. You will find details about the way Pinterest handles your personal data in its privacy policy: https://policy.pinterest.com/en/privacy-policy.

XING

We have a XING profile. This service is provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. You will find details about the way XING handles your personal data in its privacy policy https://privacy.xing.com/en/privacy-policy.

YouTube

We have a YouTube profile. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You will find details about the way YouTube handles your personal data in its privacy policy https://policies.google.com/privacy?hl=en.

 

12. Your rights as a data subject (data subject rights)

Information, restriction/blocking, erasure

Within the framework of the applicable legal provisions, you have the right to obtain free of charge and at any time information about your stored personal data, about the origin and recipients of these data and the purpose of the data processing as well as the right to their rectification, restriction/blocking or erasure of these data, if applicable. With regard to this or other questions concerning personal data you may contact us at any time at the address provided in the imprint.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You may withdraw at any time the consent you have already given. To do so, all you need to do is send us an e-mail (no specific form is necessary). The revocation of consent does not affect the lawfulness of data processing that has taken place up until the revocation.

Right to data portability

You have the right to have data which we process in an automated way based on your consent or in the performance of a contract handed over to you or a third party in a standard, machine-readable format. If you request the direct transfer of data to another processor, this will be done only inasmuch as it is technically feasible.

Right to complain to the competent supervisory authority

In case of complaints, suggestions or questions, please contact our Data Protection Officer.

In the event of any breaches of data privacy law, the person affected may submit a complaint to a supervisory authority. The data protection supervisory authority responsible for our company is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
E-mail: poststelle@lda.bayern.de

You will find a list of the data protection officers and their contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

 

MAC Mode GmbH & Co. KGaA
Wald/Roßbach, 06.10.2023

Viewed
to top

10€ voucher

for newsletter registration

Subscribe to our newsletter now and get exclusive promotions, news and trends.



To registration