Privacy Policy

Privacy Policy pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)

Here we provide our Privacy Policy for candidates, customers and suppliers to download.

Privacy Policy mac-jeans.com

1. Data protection declaration - general part

Your data protection is our concern

We appreciate your interest in our company and our products and services and would like you to feel secure when visiting our website, also with regard to the protection of your personal data. We take the protection of your personal data very seriously. Compliance with the provisions of the Federal Data Protection Act is a matter of course for us. We want you to know when we collect which data and how we use it. We have taken technical and organisational measures to ensure that both we and external service providers comply with data protection regulations. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

General information

The following notes provide a simple overview of what happens with your personal data when you visit our website. Personal data is any data by which you can be personally identified. For detailed information on privacy, please check the Privacy Policy listed below this text.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data you enter in a contact form. Other data are automatically collected by our IT systems when you visit our website. These are predominantly technical data (e.g. Internet browser, operating system or time of day of the page view). These data are collected automatically as soon as you enter our website.

What do we use your data for (purpose of the processing)?

Error-free provision of the website, its content and functions
Performance of contractual services and customer care
Answering contact enquiries and communication with users
Marketing, advertising and market research
Security measures

What are your rights with respect to your data?

You have the right to obtain free of charge information about the origin, recipients and purpose of your stored personal data at any time. You also have the right to request the rectification, restriction of processing or erasure of this data. With regard to this or other questions concerning data protection you may contact us at any time at the address provided in the imprint. Furthermore, you may submit a complaint to the competent supervisory authority.

Analysis tools and tools by third-party providers

When you visit our website, your surfing behaviour may be statistically analysed. This is mainly done by way of cookies and so-called analysis programs. Your surfing behaviour is usually analysed anonymously; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using specific tools. Detailed information about this is provided in the Privacy Policy below. You may object to this analysis. We will inform you about the objection options in this Privacy Policy.

Children and young people

Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

Liability

All information contained on this website has been checked with great care. However, we cannot guarantee that the content of our own website is correct, complete and up to date at all times.

Security

We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are obliged to comply with the Federal Data Protection Act and to handle personal data confidentially. When personal data is collected and processed, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Links to other websites

We occasionally refer to the websites of third parties. Although we select these third parties carefully, we cannot assume any guarantee or liability for the accuracy or completeness of the content and data security of third-party websites. This data protection notice also does not apply to linked third-party websites. Therefore, please inform yourself on the websites of the other providers about the data protection information provided there.

2. Name and contact data of the person in charge of the processing

The data controller of the website www.mac-jeans.com is:

MAC Mode GmbH & Co. KGaA Industriestr. 2
93192 Wald/Roßbach
Germany

Phone: +49 (0) 9463 855-0
Fax: +49 (0) 9463 855-199
E-mail: [email protected]

The controller for your purchases on online shopping portals

If you purchase MAC jeans products via online shopping portals - e.g. Amazon, Görtz, eBay or Zalando - the respective online shopping portal is responsible for the data collected and processed there. The data protection information or the imprint of the respective portal apply accordingly. When you make a purchase, MAC receives your order data from the respective portal via an encrypted Internet connection. This usually includes your name, your address and the items ordered. With the transmission of the data from the online shopping portal to MAC, MAC becomes the responsible party for this data for the purpose of dispatch processing. Your data will only be used to process your order and to deliver the ordered goods as quickly as possible. For this purpose, MAC will temporarily create a customer account for you, which will only be used to facilitate and speed up data processing. The processing is necessary for the fulfilment of the contract and is therefore based on Art. 6 para. 1 b) GDPR.

Data protection officer required by law

We have appointed an external Data Protection Officer for our company:

Datenschutz Symbiose GmbH
Dr Marion Herrmann
Hundingstr. 12
95445 Bayreuth
Germany

E-mail: [email protected]

3. Content delivery networks (CDN)

This website uses various content delivery networks to ensure that our website is as error-free and secure as possible. A content delivery network is a network of high-performance servers that cache content at various locations around the world. It provides website content in the shortest possible time and at the same time reduces the load on the web host by distributing the data traffic to various cache servers. In practice, this allows users to access website content without long waiting times. When using this technology, the content delivery networks process various personal data. This may include your IP address, URLs of pages visited, date and time of access, location based on your IP address and the location of the server as well as telemetry data (e.g. mouse clicks, movements and associated browser data). We use the content delivery networks of Google, DataCamp, Amazon Cloudfront, Fastly, Cloudfront and Akamai on our website. For more details, please refer to the explanations below. The use of content delivery networks is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1f GDPR).

Content Delivery Networks in detail:

Cloudflare

We use the "Cloudflare" service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare"). Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via Cloudflare's network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise Internet users, but these are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1f GDPR). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.cloudflare.com/privacypolicy/. Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google Cloud CDN

We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google offers a globally distributed content delivery network. The information transfer between your browser and our website is technically routed via the Google network. This enables us to increase the global accessibility and performance of our website. The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1f GDPR). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://cloud.google.com/terms/eu-model-contract-clause. Further information on Google Cloud CDN can be found here: https://cloud.google.com/cdn/docs/overview?hl=de.

Data processing

Amazon CloudFront CDN

We use the content delivery network Amazon CloudFront CDN. Provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (henceforth “Amazon”). Amazon CloudFront CDN is a globally distributed content delivery network. Here the transfer of information between your browser and our website is technically routed via the content delivery network. This allows us to increase the global accessibility and performance of our website. The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR). The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. You will find details at: https://aws.amazon.com/en/blogs/security/aws-gdpr-data-processing-addendum/. Further information on Amazon CloudFront CDN is available at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

Data processing

Akamai Content Delivery Network

We use the content delivery network (CDN) of Akamai Technologies GmbH, Parkring 20, 85748 Garching, Germany (Akamai) to increase the security and delivery speed of our website. A CDN is a network of globally distributed servers that is able to deliver content to website users in an optimised way. For this purpose the following personal data may be processed in Akamai server log files:

your IP address
URLs of pages visited
date and time of access
location based on your IP address and the location of the Akamai server
telemetry data (e.g. mouse clicks, movement patterns and associated browser data)

The use of Akamai is based on our legitimate interest in providing our website in a way that is as error-free and safe as possible (Art. 6 (1) point (f) GDPR). You have the right to object to the processing. Whether the objection is successful is to be determined by balancing interests. The processing of the data listed in this section is neither legally nor contractually required. Without the processing it is not ensured that the website works properly. Your personal data will be stored by Akamai as long as necessary for the purposes described above. Further information on objection and removal options towards Akamai is available at: https://www.akamai.com/site/en/documents/akamai/akamai-data-protection-addendum.pdf.

Akamai has implemented compliance measures for international data transfers. They apply to all activities worldwide where Akamai processes personal data of natural persons in the EU. These measures are based on the EU’s standard contractual clauses (SCCs). More information is available at: https://www.akamai.com/us/en/multimedia/documents/akamai/akamai-pre-signed-eu-standard-contractual-clauses.pdf.

4. General information on data processing

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection notice. When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data protection notice explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection information, the following applies: The legal basis for obtaining consent is Art. 6 para. 1a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Art. 6 para. 1b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1c GDPR, in the event that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Art. 6 para. 1e GDPR and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1f GDPR.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to promotional e-mails

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Changes and updates to our privacy policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In such cases, we will also adapt our data protection information accordingly. Please therefore note the latest version of our data protection information.

Information about the web server location (Section 13 (1) of the Telemedia Act (TMG))

The data we receive via our website is processed on servers in Germany.

5. Cooperation with processors and third parties

Data transfer upon conclusion of a contract for online shops, retailers and dispatch of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of the data will not take place or will only take place if you have expressly consented to the transmission or if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 para. 1b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If we commission third parties with the processing of data on the basis of a so-called "data processing contract", this is done on the basis of Art. 28 GDPR.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

6. Data collection on our website

Server log files

Your visit to our websites is logged. The provider of the pages automatically collects and stores information in so-called server log files which your browser automatically transmits to us. These are:

browser type and version
operating system used
referrer URL
host name of the accessing computer
time of server request
IP address

As a rule, it is not possible and not intended for us to make a personal reference. This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. This data is only collected for data security purposes and to optimise our website. The data is not analysed in any other way, except for statistical purposes and then generally in anonymised form. No personal surfing profiles or similar are created or processed. In addition, personal data is only stored if you provide it to us voluntarily, e.g. as part of a registration, a survey, a competition, an online application or to fulfil a contract. You will be informed in the respective input and contact forms about the purpose of the data collected there. Such data is transmitted over the Internet in encrypted form.

Cookies

a) What exactly are cookies?

Cookies are text files that are stored on your computer, tablet or mobile phone when you visit a website and are generally used to make websites more effective. Some cookies (session cookies) are automatically deleted after the browser is closed, while others (persistent cookies or tracking codes) are archived on the respective device until a certain expiry date or until your browser's cache is emptied and enable us to identify you as a repeat visitor to our website. Most web browsers automatically accept cookies. However, you can change your browser settings by simply clicking on them if you do not wish this to happen. You can find more information about cookies at www.allaboutcookies.org.

b) Why do we use cookies?

We use cookies to ensure a secure internet environment, to check our website performance and to assess the way our customers use our online services in order to improve the design of our services. For example, we can recognise when a process is too time-consuming and users therefore cancel the ongoing process. With this knowledge, the process steps can be simplified and made more customer-orientated. Improving user-friendliness, traceability for our customers and the online experience. We do not use our cookies to track your internet activity outside the MAC Mode website.

c) What types of cookies are there?

You can delete the cookies stored for our website. In this case, however, your individual data and content, including your cookie settings, will be lost and you will not be recognised as a returning visitor the next time you visit our website.

Cookie type Purpose: Session cookies are deleted after the browser is closed and are used to record navigation on the website and the time spent on the site. They store the contents of your electronic shopping basket and your customer account information for the duration of your visit to the website and keep your login active during the session.

Persistent cookies or tracking code: These do not contain any personal data. They record from where the site was accessed, which search engine was used, which link was clicked and which search term was selected and localises the user's location at the time the site was accessed. They also record the number of visits and the duration of the first, current and previous visit. These cookies only register visits to mac-jeans.com and are not activated when visiting other websites.

d) Do you consent to our cookies?

We offer you a number of online features designed to make your visit to our website as pleasant as possible. However, these only work with the help of cookies. If you agree to this at the beginning, they will be activated.

e) Revocation of the use of cookies

If you do not want us to recognise your computer, you can prevent cookies from being stored on your hard drive by selecting "Do not accept cookies" in your browser settings. Please refer to your browser manufacturer's instructions to find out how this works in detail. Please note, however, that some 'essential' cookies are indispensable for unhindered navigation on our website and for the selection, design and storage of your products. In addition, these cookies are only used by us to check the efficiency of the website and to record visitor frequency.

Consent request via Usercentrics

This website uses Usercentrics' consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter referred to as "Usercentrics"). Usercentrics uses Google's CDN to provide its services (see point 3).

When you enter our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or the revocation of your consent(s)
• Your IP address
• Information about your browser
• Information about your end device
• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1c GDPR.

Data processing agreement

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Collection of personal data

Personal data is information about your identity. This includes information such as your name, address, telephone number and e-mail address. It is not necessary for you to disclose personal data in order to use our website. In certain cases, however, we need your name and address as well as other details so that we can provide the requested services. The same applies, for example, to the sending of information material and ordered goods or for answering individual questions. Where this is necessary, we will inform you accordingly. In addition, we only store and process data that you provide to us voluntarily or automatically. If you make use of services, we generally only collect the data that we need to provide the services. If we ask you for further data, this is voluntary information. Personal data is processed exclusively to fulfil the requested service and to protect our own legitimate business interests.

Restricted use

We will only collect, process and use the personal data provided by you online for the purposes communicated to you. Your personal data will not be passed on to third parties without your necessary consent. Personal data will only be collected and transferred to state institutions and authorities authorised to receive information within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to comply with the provisions of the Federal Data Protection Act.

Query by e-mail, telephone or fax

When you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1f GDPR) or on your consent (Art. 6 para. 1a GDPR) if this has been requested. The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. Your emails will be forwarded to us without any additional encryption technology. Personal data and confidential messages may be read, falsified or deleted by unauthorised persons during transmission.

Contact form

When you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 para. 1b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1f GDPR) or on your consent (Art. 6 para. 1a GDPR) if this has been requested. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Competitions

In the case of competitions, personal data is also only collected to the extent necessary. In order to participate in our competition, we need your e-mail address and your postal address so that we can notify you if you win or send you the prize. If you win the main prize, a photo will usually be published with your name, location and the prize. Other winners will be named with their title, first letter of their first name and place. By participating in the competition, you consent to the storage of this data. The legal basis is Art. 6 para. 1b GDPR (processing for the realisation of the competition) and, in the case of the participant's consent, Art. 6 para. 1a GDPR. You can withdraw your consent to the processing of your data at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after the competition has ended). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Data processing (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Shopping cart reminder

If you already have goods in your shopping basket and do not place an order, we will use your registered e-mail address to remind you of the shopping basket. This serves to safeguard legitimate interests (legal basis). We want to make sure that it is not due to the online shop itself or a misunderstanding that you have cancelled your order. In the e-mail notification, you will find your data and a note on how to object if you no longer wish to use this service from us.

Registration on our website

You can register on our website in order to use additional functions or "My MAC" on the site. We will only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way. The data entered during registration is processed on the basis of your consent (Art. 6 para. 1a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the cancellation. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Purchase in the online shop

Your personal data provided during registration as well as data about the type and frequency of your online orders are collected, stored and used by MAC and, if necessary, by third parties who are in a contractual relationship with MAC, if this is necessary in the context of contract processing; for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the payment processing or in particular for the implementation of customer service and for the purposes of order data processing to commissioned companies.

Address verification with Endereco

On our website, we offer you the option of checking certain entries in address forms in our web shop for input errors in real time. This is to avoid problems with the delivery of the products you have ordered due to incorrect information. We also want to ensure that your contact details are valid for sending information about your order or for any queries you may have. We use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany, to provide these functions. The service provider processes the data exclusively in accordance with our instructions. The legal basis for the transmission, processing and temporary storage of the data by the service provider is Art. 6 para. 1b GDPR, as it is absolutely necessary for the fulfilment of the contract or for the implementation of pre-contractual measures that some of the data you enter in the input mask is checked for correctness. The following data is processed by the service provider

• Address (country, town, postcode, street, house number if applicable)
• Telephone number
• e-mail-adresses

The data is processed separately by the service provider and is not merged. The enquiries are deleted by the service provider as soon as the status of the data entered has been determined and storage in the web shop has been completed, but at the latest after 30 days.

Guest accounts

The guest account is a shortened registration so that you can complete your order quickly and securely. Your e-mail address is automatically used as the user name. You will receive a password generated by us directly to this e-mail address. Of course, you can also use all the advantages of "My MAC" with our guest account and view your order there or change your customer data for future orders.

QR codes

We use QR codes on various occasions. We have the QR codes created by a service provider. When you scan such a QR code, this scan is recorded by this service provider via an API. The service provider used for this is Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld, Germany, with its QR code generator tool. A data processing agreement has been concluded with the service provider used. The service provider may process data outside the EU via subcontractors. The service provider is contractually obliged to enter into suitable contractual agreements with these sub-providers in order to guarantee data protection.

When scanning the QR codes (e.g. via your smartphone), the following data can be processed:

• Number of scans
• Operating system used
• Location data (city, country)

The data is not assigned to the IP address used. The processed data is only personally identifiable in rare cases and only with the help of additional information. As a rule, this is not personal data within the meaning of Art. 4 No. 1 GDPR. We collect and process this data for the purpose of improving our website and to check the success of any advertising campaigns. The processing is based on the legal basis of legitimate interest in accordance with Art. 6 para. 1f GDPR. Our legitimate interest lies in the continuous improvement of our web and advertising services. As part of the provision of the service, we use service companies that are separately bound to confidentiality and data protection for special areas where access to personal data cannot be ruled out. These categories of recipients are Data centres, advertising agencies, software developers with access to the platform. Unless there is a legal obligation to temporarily store data, all personal data stored in connection with the promotion/competition (e.g. non-winner data) will be destroyed after the promotion/competition has ended or after the winners have been notified and the prizes have been handed over (e.g. winner data). In the case of recurring competitions ("competition series"), your data will remain stored until the end of the competition series or your cancellation. The series competitions are recognisable as such and are marked accordingly.

Surveys

a) Data types and legal basis

MAC occasionally conducts surveys on the company website. Participation in these surveys is voluntary. Various personal data may be collected and processed in the surveys. The surveys are regularly linked to expense allowances or prizes. The name and email address of the survey participant ("data subject") are collected so that the expense allowance or prize can be allocated and delivered accordingly. This data is processed for the purpose of contract fulfilment in accordance with Art. 6 para. 1b GDPR. Further data may also be collected in the course of the survey. This data is either explicitly requested or entered independently by the data subject via free text fields. If the name and email address are entered in advance, this data may also be personal data. Sensitive personal data can also be included in the processing by the data subject via the free text fields. Such sensitive data is never explicitly requested by MAC. Accordingly, MAC has no influence on the information entered via the free text fields. The legal basis for the collection and processing of personal data via the survey form is the consent of the data subject in accordance with Art. 6 para. 1a GDPR. Consent can be withdrawn at any time in accordance with Art. 7 para. 3 GDPR. If consent is withdrawn, all personal data processed on the basis of this consent will be deleted immediately. However, this also cancels any outstanding claims to expense allowances or prizes.

b) Purpose of the processing

Data processing through surveys can be carried out for various purposes (e.g. customer satisfaction survey, analysis of purchasing behaviour, feedback on improvement potential). The specific purposes are defined specifically for each survey and made transparently accessible to the data subject.

c) Storage period

Your name and e-mail address, which we collect in the course of a survey, are used exclusively for the allocation and delivery of prizes or expense allowances. This data will therefore be deleted as soon as the prize or expense allowance has been delivered. The deletion of the name and e-mail address also removes the personal reference of the remaining data. Further processing is therefore anonymised and is only used for analysis purposes. The data will not be sold or passed on to third parties.

d) Recipient of the data (third-country transfer)

The personal data collected in the course of a survey will only be made available to MAC employees who need it to fulfil their tasks. MAC uses the software solution SurveyMonkey from the service provider Momentive Europe UC (2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland) to carry out the surveys. The necessary contractual agreements to guarantee data protection have been concluded with the service provider. As Momentive Europe UC is a subsidiary of Momentive Inc., which is based in California, USA, a transfer of your personal data to the USA cannot be ruled out. Although Momentive Europe UC assures you that appropriate contractual agreements have also been concluded with all bodies to which personal data is transferred, the comprehensive powers of US security authorities mean that access to your data by said security authorities cannot be completely ruled out. To complete the survey, you will be redirected to a SurveyMonkey subpage. SurveyMonkey may gain knowledge of your connection data (IP address, log data, browser settings, etc.). Momentive Europe UC is solely responsible for processing this data and complying with legal requirements in this regard. Information on data processing by Momentive can be found here: https://www.surveymonkey.de/mp/legal/privacy/.

e) Rights as a data subject

As a data subject, you have the right to information, deletion and blocking of your data processed by us. In addition, you have the right to object to the processing insofar as this is based on the legal basis of legitimate interest. Further information on your rights as a data subject can be found at the end of this data protection notice.

Storage duration

Personal data provided to us via our website will only be stored until the purpose for which it was entrusted to us has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data may be up to 10 years. In addition, when an online order is placed, the IP address of the customer at the time of the order is anonymised to ensure data security (i.e. to prevent misuse and for criminal prosecution) and stored and used separately for a period of one year.

Deletion of customer data (in the online shop)

The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If you send us a deletion request, we can only fulfil this request in full if you have not yet completed any orders with us. We will delete the personal data stored in our electronic customer system that was collected to process orders, such as date of birth, telephone number, fax number, email address and credit rating data, within 7 working days. If you are already a customer, we are subject to retention periods of 6 or 10 years (§ 257 HGB, § 147 AO) for commercial or business documents and invoices. Your personal data that must be retained by law cannot yet be deleted. This data is blocked in our system for the duration of the retention period so that the data records can no longer be actively used.

7. Newsletter

We collect and process your personal data (e-mail address) when you subscribe to our newsletter. You have given your consent to this by clicking on the Subscribe button and then on the link in the confirmation email. This website uses Inxmail to send newsletters. The provider is Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg/GERMANY. Inxmail is a service that can be used to organise and analyse the sending of newsletters. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on Inxmail's servers in Germany. Inxmail is a co-founder and member of the Certified Senders Alliance (CSA) and a signatory to the e-mail marketing quality standard. Our newsletters sent with Inxmail enable us to analyse the general behaviour of newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. The data processing takes place on the basis of your consent (Art. 6 para. 1a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation. If you do not want Inxmail to analyse your data, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website. The same applies if the newsletter is sent without your prior express consent on the basis of the exception in Section 7 (3) UWG due to a previous sale of goods or services. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the Inxmail servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the "My MAC" login area) remain unaffected by this. We have concluded a contract with Inxmail for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Inxmail.

8. Shopping experience and marketing (analysis tools and advertising)

Bing Ads/Microsoft

We use Bing Ads from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on our website. When you click on an advert placed by Microsoft Bing Ads, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognise that you have clicked on the ad and have been redirected to this page. Information obtained with the help of the conversion cookie is used to create conversion statistics. We find out the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, it is not possible to personally identify these users. The use of this service is based on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. You can find more information on data protection and the cookies used by Microsoft Bing at: https://privacy.microsoft.com/de-de/privacystatement

Clarity

This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity"). Clarity is a tool for analysing user behaviour on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our website. Clarity uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1a GDPR and § 25 TDDDG. Consent can be revoked at any time. If consent has not been obtained, this service is used on the basis of Art. 6 (1f) GDPR; the website operator has a legitimate interest in effective user analysis. Further details on Clarity's data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq. We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

DooFinder

We have integrated search technology "doofinder, powering results" on this website. The provider is DooFinder S.L., Madrid 28037, Rufino González 23 bis, 1º 1, Spain (hereinafter "DooFinder"). DooFinder uses DataCamp's CDN to provide its services (see point 3). DooFinder enables us to integrate a search function on our website with which you can search our website. In order to use the DooFinder search function, the browser you use must connect to the DooFinder servers. As a result, DooFinder becomes aware that our website has been accessed via your IP address. Further information can be found in DooFinder's privacy policy at https://www.DooFinder.com/de/policies/privacy/. The DooFinder search bar is used on the basis of Art. 6 (1f) GDPR. As the website operator, we have a legitimate interest in an attractive and optimised presentation of our website. These interests are safeguarded by a functionally optimised and fast search function within our website. As DooFinder is a company based within the European Union, an appropriate level of protection of your personal data can be assumed. We therefore consider our interests to be predominant. In addition to the pure search function, DooFinder also offers the option of an AI-driven recommendation function. Here, an artificial intelligence analyses your interests based on your behaviour on our website. To do this, DooFinder uses pseudonymised usage data to collect information about which products you interact with in our online shop. The insights gained from this are used to suggest products on our website that may be of interest to you. To identify individual users, DooFinder uses so-called "cookies" in this variant, which are stored on your computer. This stores an individual number identifier that is used to recognise returning visitors when they visit the website again. The AI-controlled user analysis is used exclusively on the basis of your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. We have concluded a data processing agreement (DPA) with DooFinder. This is a contract prescribed by data protection law, which ensures that DooFinder processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Friendly Captcha

We use Friendly Captcha (hereinafter referred to as "Friendly Captcha") on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is used to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated programme. To do this, Friendly Captcha analyses the behaviour of the website visitor based on various characteristics. Friendly Captcha evaluates various information for the analysis (e.g. anonymised IP address, referrer, visit time, etc.). Further information on this can be found at: https://friendlycaptcha.com/legal/privacy-end-users/.

The data is stored and analysed on the basis of Art. 6 (1f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data processing: We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Frizbit

This website uses Frizbit. Frizbit is a multi-channel marketing tool from the company Frizbit Technology, S.L. in Carrer Llacuna, 162, 08018 Barcelona, Spain (website: https://frizbit.com). We use the Frizbit E-Commerce Marketing Automation Platform to increase the number of visits to the website and to increase customer loyalty. For this purpose, Frizbit generates several persistent cookies with a maximum duration of one year, which serve to recognise the user and analyse their usage behaviour on the website. This is done by assigning a randomly generated ID to the respective user. The aim of this user recognition is the targeted sending of push messages directly in the browser. These push messages may include shopping basket reminders or invitations to register for our newsletter. Consent is obtained from the data subject for the use of Frizbit. Data processing by Frizbit is therefore based on consent in accordance with Art. 6 para. 1 a) GDPR.

Google services

The provider of Google services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/. You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de

Certification for the EU-US Data Privacy Framework (DPF)
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin for deactivating Google cookies
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Storage duration
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

We use the following Google services.

G1) Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads makes it possible to display adverts in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we have no insight into or access to this user data. The user analysis is carried out exclusively by Google. On the part of the website operator, only a server-side return of data takes place in this context, the so-called Google Ads Conversion Tracking. If the visitor comes to our website via a Google search, Google assigns the user a click ID. For the website operator, this is an anonymous date that cannot be used to identify the user. If the bearer of this click ID triggers an event on our website (e.g. a purchase of goods), the website sends this information back to Google together with the value of the purchase of goods and the time of the purchase.

G2) Google Ads Remarketing/Google Ads Customer Match

This website uses the functions of Google Ads Remarketing. With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have a Google account, you can object to personalised advertising by clicking on the following link: https://adssettings.google.com/anonymous?hl=en. The use of this service is based on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Target group formation with customer matching
Among other things, we use Google Ads Remarketing customer matching to create target groups. Here, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

G3) Google Analytics

This website uses functions of the web analysis service Google Analytics. Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/

G4) Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google Ads and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you sign in with your Google account. To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account by following this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account is based solely on your consent, which you can give or withdraw from Google (Art. 6 (1a) GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes. Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/

G5) Google Data Studio

We use the data management tool Google Data Studio to visually create customised reports and dynamic dashboards. We use the data from Google Analytics and no other interfaces to data sources (such as Google Ads, Attribution 360, BigQuery, Cloud SQL, MySQL, Google Sheets, YouTube Analytics, etc.). The web tool does not require a local application and can be started via the web. It is accessed via a browser and the data sources are connected directly via Google Data Studio. Further information on using Google Data Studio can be found at: support.google.com/datastudio/answer/6283323.

G6) Google DoubleClick

This website uses functions of Google DoubleClick. DoubleClick is used to show you interest-based adverts throughout the Google advertising network. With the help of DoubleClick, the adverts can be targeted to the interests of the respective viewer. For example, our adverts can be displayed in Google search results or in advertising banners linked to DoubleClick. In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and assign the websites visited, clicks and other information on user behaviour to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is summarised in a pseudonymous user profile in order to display interest-based advertising to the user concerned. The use of this service is based on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. Further information on how to object to the adverts displayed by Google can be found at the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

G7) Google Maps

This site uses the map service Google Maps. With the help of this service, we can integrate map material on our website. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required Google fonts into your browser cache in order to display texts and fonts correctly. Since we cannot rule out the collection of data for analysis and possibly also marketing purposes through scripts when using Google Maps, the map is only enabled after consent to the marketing cookies. We do not collect or use any data in connection with the use of the map. Processing is carried out exclusively on the basis of Art. 6 para. 1a GDPR; consent can be revoked at any time.

G8) Google Signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.

G9) Google Tag Manager

We use the Google Tag Manager. Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States. The processing is carried out exclusively on the basis of Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Specifically, the following data is transmitted:

• Anonymous Click-ID
• Event name (e.g. "Purchase of goods")
• Value of the purchase, if applicable
• Time of purchase

Google uses this data internally. Google is responsible for further data processing. Information about data processing by Google can be found at https://policies.google.com/privacy?hl=de&gl=de#intro. As this is not personal data for the website operator, no legal basis is required for this processing.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com). Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain place. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors. We can also determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings. Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting). Hotjar also uses Cloudfront's CDN to provide its services (see point 3). This analysis tool is used exclusively on the basis of Art. 6 para. 1a GDPR; consent can be revoked at any time. If you wish to deactivate data collection by Hotjar, go to the following page and follow the instructions there: https://www.hotjar.com/opt-out. Please note that Hotjar must be deactivated separately for each browser or end device. For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy. We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Matomo

This website uses the open source web analysis service Matomo. Matomo uses technologies that enable the cross-page recognition of the user to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage. With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This allows us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The use of this analysis tool is divided into two parts. Part of the processing is carried out on the basis of Art. 6 para. 1f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. Data is collected without the use of cookies. This means that visitors cannot be recognised beyond one session and no e-commerce reports are recorded (shopping basket, product pages, purchase). Only the total purchase value is recorded. The other part of the processing is based exclusively on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. In this variant, cookies are used to recognise users across sessions and e-commerce reporting is activated. If you were redirected to our website via a Google ad, the click ID may also be returned to Google Ads on the server side. Consent can be revoked at any time. We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you. We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

Meta services (formerly Facebook services)

The provider of the following services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Data processing agreement or joint responsibility agreement
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Certification for the EU-US Data Privacy Framework (DPF)
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

M1) Meta Conversion API (formerly Facebook Conversion API)

The Facebook Conversion API is integrated on this website. However, the data collected may also be transferred to the USA and other third countries. Facebook Conversion API enables us to record the website visitor's interactions with our website and pass them on to Facebook in order to improve advertising performance on Facebook. Furthermore, targeted adverts can be displayed based on the user data available on Facebook (e.g. location data and interests) (target group targeting). As the website operator, we have no insight into or access to this user data. The user analysis is carried out exclusively by Facebook. On the part of the website operator, only a server-side return of data takes place in this context. If the visitor comes to our website via a Facebook advert, Facebook assigns the user a click ID. For the website operator, this is an anonymous date that cannot be used to identify the user. If the bearer of this click ID triggers an event on our website (e.g. a purchase of goods), the website sends this information back to Facebook together with the value of the purchase of goods and the time of the purchase.

Specifically, the following data is transmitted:

• Anonymous Click-ID
• Event name (e.g. "AddToCart" or "Purchase")
• Event time
• Conversion value

Facebook further utilises this data internally. Facebook itself is responsible for further data processing. Information about data processing by Facebook can be found at https://de-de.facebook.com/about/privacy/. As this is not personal data for the website operator, no legal basis is required for this processing.

M2) Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel from Facebook/Meta to measure conversions. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. We use the advanced matching function within the meta pixel.
Advanced matching enables us to transmit various types of data (e.g. place of residence, state, postcode, hashed email addresses, name, gender, date of birth or telephone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation enables us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended synchronisation improves the allocation of website conversions and expands custom audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/. You can also deactivate the remarketing function "Custom Audiences" in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Pinterest

In order to use our Pinterest campaigns as needed, to further optimise them and to measure their conversion, we use a Pinterest tag, an individual code snippet from Pinterest Inc, 635 High Street, Palo Alto, CA, USA, ("Pinterest") which is integrated into our website, on the basis of Art. 6 para. 1a GDPR (additionally Art. 6 para. 1f GDPR if applicable). This allows us to ensure that the Pinterest ads we initiate are only displayed to Pinterest users who have shown an interest in our offer. In this way, we want to ensure that our Pinterest ads correspond to the potential interest of the respective user and do not annoy them. On the other hand, we can track the actions of Pinterest users after they have seen or clicked on one of our Pinterest ads. This helps us to measure the conversion of the respective campaign for statistical, market research and billing purposes. The following information is processed during use Device information (e.g. type, brand), operating system used, IP address of the device used, time of access to our offer, type and content of the campaign and the reaction to the respective campaign (e.g. clicking on a button). The data collected in this way is anonymous to us and does not allow us to draw any conclusions about the identity of the respective user. Pinterest uses the CDN from Fastly and Akamai to provide its services (see point 3). This processing for behavioural and interest-based advertising purposes is to be regarded as our recognised legitimate interest according to Recital 47 of the GDPR (Art. 6 para. 1f GDPR and additionally Art. 6 para. 1a GDPR). The data is stored in accordance with the statutory retention periods and then automatically deleted. If you log into your Pinterest account after visiting our website or visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, which we would like to inform you about. Pinterest may be able to link this data to your Pinterest account and also use it for its own advertising purposes. Further information can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy. You can object to this special data processing at any time by either deactivating the relevant settings in your Pinterest account under "Customisation" or by activating the "Do Not Track" setting in your browser.

Shopware

The eCommerce system used is Shopware, from shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany. In addition to the information in our privacy policy, you will find information on the processing of personal data by Shopware AG at https://docs.shopware.com/de/shopware-5-de/tutorials-und-faq/dsgvo. When you add products to your shopping basket, our website places cookies on your device to enable you to continue with your order even if you have to reload the website in the meantime. When you place an order, the personal data entered in the order form is also transmitted to us by your browser and stored in our IT systems. Your IP address and the time of the order are also stored. The processing of the personal data entered by you serves the purpose of being able to fulfil an order. This processing is lawful because it is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1b GDPR. The storage of the IP address and time of the order serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted in accordance with Art. 6 para. 1f GDPR. The personal data you enter will be stored for as long as necessary to fulfil the contract. We do not merge this personal data with other data sources. Data will only be passed on to third parties if this is necessary for the fulfilment of the contract (e.g. to payment service providers, IT service providers, shipping companies). A transfer to a third country or to an international organisation is not intended. You are not obliged to provide this personal data, but it is not possible to place an order in our online shop without providing it.

Trusted Shops and integration of the trust badge/other widgets

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in optimised marketing by enabling secure shopping in accordance with Art. 6 para. 1f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with which we are jointly responsible under data protection law in accordance with Art. 26 GDPR. In the context of this data protection notice, we inform you below about the essential contents of the contract in accordance with Art. 26 para. 2 GDPR. Within the framework of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops in case of data protection questions and to assert your rights, preferably using the contact options provided in the data protection information (https://www.trustedshops.de/impressum-datenschutz/#datenschutz). Irrespective of this, you can always contact the controller of your choice. If necessary, your enquiry will then be forwarded to the other responsible party for a response.

1. data processing when integrating the trust badge/other widgets

The trust badge is provided by a US CDN provider (content delivery network). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available here for the USA: https://commission.europa.eu/system/files/2023-07/Adequacy decision EU-US Data Privacy Framework_en.pdf. Service providers from the USA are generally certified under the EU-US Data Privacy Framework (DPF). Further information can be found here: https://www.dataprivacyframework.gov/s/. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee. When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to your person. The anonymised data is used in particular for statistical purposes and for error analysis.

2. data processing after order completion

If you have given your consent, the Trustbadge accesses the order information stored in your end device (order total, order number, product purchased if applicable) and email address after the order has been completed and your email address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops together with the order information in accordance with Art. 6 (1) GDPR. This serves to check whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops: https://www.trustedshops.com/tsdocument/BUYER_AUTO_PROTECTION_TERMS_en.pdf.

After registration for the Basic, (main target market) and the Trusted Shops carry the seal of approval. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then be given the opportunity to register manually for the use of the services or to conclude the protection as part of your existing user contract. For this purpose, the Trustbadge accesses the following information, which is stored in the end device you are using, after you have completed your order: Order total, order number and email address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops if you actively decide to take out buyer protection by clicking on the correspondingly labelled button in the so-called Trustcard. If you decide to use the services, the further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 para. 1b GDPR in order to complete your registration for buyer protection and to secure the order and, if necessary, to be able to send you evaluation invitations by e-mail afterwards.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which is available for the USA at https://commission.europa.eu/system/files/2023-07/Adequacy decision EU-US Data Privacy Framework_en.pdf and for Israel at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32011D0061. Service providers from the USA are generally certified under the EU-US Data Privacy Framework (DPF). Further information can be found here: https://www.dataprivacyframework.gov/s/. If the service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

Source: Trusted Shops, text variant 3, status: 15/08/2023

9. Further plug-ins and tools

YouTube with extended data protection

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1a GDPR; the consent can be revoked at any time. Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de

10. Means of payment on our website

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 para. 1b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.

We use the following payment services/payment service providers on this website:

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as "American Express"). American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. Further information can be found in the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

iDEAL

The provider of this payment service is iDEAL, a service for payment systems. The service provider is the Dutch company Currence B.V., Gustav Mahlerplein 33-35, Amsterdam, Noord-Holland 1082 MS, Netherlands. Select iDEAL and your bank as the payment method. You will then be forwarded directly to your bank's online banking area. Please enter your bank details here and confirm the transaction. Your payment will be confirmed and you will then be redirected back to your mac-jeans.com shopping basket. Your PIN and TAN cannot be recognised by MAC or third parties. The data will not be saved. You can find out more about the data processed through the use of iDEAL in the privacy policy at https://www.ideal.nl/en/disclaimer-privacy-statement/.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). Klarna offers various payment options (e.g. instalment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf. You can find details on this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard"). Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

Mollie

The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, the Netherlands (hereinafter referred to as "Mollie"). With the help of Mollie, we can integrate various payment methods on our website. Details can be found in Mollie's privacy policy: https://www.mollie.com/de/privacy

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Instant bank transfer (“Sofortüberweisung”)

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have decided in favour of the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud. For details on payment with Sofortüberweisung, please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA"). The United Kingdom is considered a secure third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

11. Our social media presence

a) Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below. Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in. Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

b) Legal basis

Our social media presence is intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 (1f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1a GDPR).

c) Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook). Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

d) Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it or revoke your consent to its storage. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policies, see below).

e) Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and de-de.facebook.com/help/566994660333381. Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum, help.instagram.com/519522125107875 and de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.linkedin.com/legal/l/dpa and www.linkedin.com/legal/l/eu-sccs. Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Pinterest

We have a profile on Pinterest. The operator is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Details on how they handle your personal data can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de

12. Your rights as a data subject (data subject rights)

Information, restriction/blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, restriction/blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of personal data.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible..

Right to lodge a complaint with the competent supervisory authority (complaints office)

If you have any complaints, suggestions or questions, please contact our data protection officer.

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with a supervisory authority. Our competent data protection supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
E-mail: [email protected]

A list of data protection officers of the federal states and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

MAC Mode GmbH & Co. KGaA
Wald/Roßbach, 06.10.2023

Privacy Policy

Never miss news and special deals again. In addition you will receive a one-time 10€ voucher for our shop on mac-jeans.com.

Never miss news and special deals again.
In addition you will receive a one-time 10€ voucher for our shop on mac-jeans.com.