Privacy policy of Marc O’Polo Einzelhandels GmbH

At MARC O’POLO, your satisfaction is always our top priority and protecting your privacy is an important part of our job. We therefore collect, process and use your personal data only in accordance with the principles described below and in compliance with the applicable data protection laws, especially the European General Data Protection Regulation (GDPR).

The controller pursuant to Article 4(7) GDPR for the website https://www.marc-o-polo.com and the online store on it (hereinafter referred to as the ‘website’) is MARC O’POLO Einzelhandels GmbH, Hofgartenstrasse 1, 83071 Stephanskirchen, Germany, service@marc-o-polo.com (hereinafter referred to as ‘MARC O’POLO’ or ‘we’).

You can contact our Data Protection Officer by e-mail (datenschutz@marc-o-polo.com) or at our postal address, stating ‘Data Protection Officer’.

If you are under the age of 16, please obtain permission from a parent or guardian before you provide personal data to MARC O’POLO.

We process the personal data of various people in connection with the presentation and marketing of our goods. These people include the following in particular:

  • Visitors to our website www.marc-o-polo.com

  • Customers on our online shop

  • Subscribers to our newsletter

  • Participants in the MARC O’POLO MEMBERS customer loyalty scheme

  • Subscribers to our postal marketing

  • Participants in our competitions

Section A of this privacy policy contains information about the controller responsible for processing your personal data as well as the data protection officer of the controller.

Sections B to F contain information about the processing of your personal data.

Section G provides more details about the use of cookies or similar technology.

Section H contains information about your rights with regard to the processing of your personal data.

The definitions of the data protection terminology used in this privacy policy are the same as in the General Data Protection Regulation. You can find more detailed information about this in section I.

Contents page
J. Information about the terminology from the General Data Protection Regulation used in this data protection information
  1. Information about the terminology from the General Data Protection Regulation used in this data protection information
K. Status and changes to this privacy policy
  1. Status and changes to this privacy policy

A - Information about the controller

Name and contact details of the controller

Marc O’Polo Einzelhandels GmbH
Hofgartenstraße 1, 83071 Stephanskirchen
E-Mail: service@marc-o-polo.de
Telephone: 00 800 10221022 (free service hotline)
Fax: +49 (0) 231 96677889

Contact details of the data protection officer of the controller

Hofgartenstraße 1, 83071 Stephanskirchen
Data protection officer
E-Mail: dataschutz@marc-o-polo.com
Telephone: 00 800 10221022 (free service hotline)

B - Information about the processing of the personal data of visitors to our website www.marc-o-polo.com

Use of the website for informational purposes (using essential cookies)

When you use the website for informational purposes, the browser you are using on your device will send certain information such as your IP address to the server of our website for technical reasons. We process this information in order to provide the content you access on the website. Additionally, the information is stored temporarily in a server log file in order to guarantee the security of the IT infrastructure used to provide the website.

For the purpose of providing the search tools on our website, the data you enter into our search tools shall be processed temporarily on our web server.

Information about consent you have granted is stored in cookies (🡪section H) on your device in order to provide the administrative features for consent relating to our website (e.g. consent to the use of certain cookie-based technologies). During your visit to our website, the cookies and the information stored therein can be accessed in order to determine whether you have given your consent and to what. Additionally, for the purpose of providing your chosen language, data are processed temporarily on our web server in order to provide you with the website content you access in the language you have chosen.

More detailed information about this is available below:

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you visit the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access.Data are stored in server log files in a format which makes it possible to identify the data subjects for up to six weeks unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Search tool data.Data you enter into the search tools on our website. This includes all of the information you enter as search strings in each search box on the website.Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access.Data are stored in server log files in a format which makes it possible to identify the data subjects for up to six weeks unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Opt-in dataData relating to consent you have granted with regard to our website. This includes your consent and potentially your individual selection regarding the use of cookie-based technologies. These data are stored in cookies on your device (section H).Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to take consent to cookies on this website into consideration.We store these data temporarily on our systems while the website is being made available. The data are stored permanently in your browser. (section G.III. for information about how long the cookies remain valid.)
Language selection data Data which are stored in order to provide the language selection feature. This includes the language you select.Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access in the language you have chosen.We store these data temporarily on our systems while the website is being made available. The data are stored locally and permanently in the user’s browser for up to two weeks.
2. Details about the processing of personal data
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
To provide the website content accessed by the user: Data are processed temporarily on our web server for this purpose.HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user.Hosting provider.
To provide the search tools on our website: The data you enter into our search tools are processed temporarily on our web server for this purpose.Search tool data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website search tools accessed by the user.Hosting provider.
To provide the administrative tool for granting consent with regard to the website. Certain features of our website require your consent (e.g. the use of certain cookie-based technology). We provide an administrative tool for granting consent with regard to the website so you can grant and withdraw your consent. For this purpose, information about consent you have granted is stored in cookies (section G) on your device. During your visit to our website, the cookies and the information stored therein can be accessed in order to determine whether you have given your consent and to what.Opt-in data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in administrating the consent granted by the user with regard to this website.Hosting provider.
To provide the language selection feature on the website: For this purpose, data are processed temporarily on our web server in order to provide you with the website content you access in the language you have chosen. Language selection data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user in the language selected by the user. Hosting provider.
To guarantee the security of the IT infrastructure used to provide the website, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks): Data are stored temporarily in log files on our web server and evaluated for this purpose.HTTP data, Search tool data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the website, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks).Hosting provider.
Analysis of user behaviour based on empirical values with the interaction of user consent via the cookie banner. For this purpose, only signals are sent to Google to record the interaction with the displayed content banner and to use these for behaviour modelling. HTTP data, opt-in data No automated decision-making takes place. Article 6(1)(f) of the General Data Protection Regulation (balancing of interests). Our legitimate interest is the dynamic adaptation of tag behaviour while maintaining the user's data protection settings. Google
3. Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations
RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany) Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. ABOUT YOU has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.

Use of marketing technology and advertising networks (using marketing cookies)

If you have consented to marketing purposes in the data privacy and cookie settings, we shall use marketing technology from various providers (Google, Microsoft, Criteo, Mediards, Stylight, Esome, Awin, Daisycon, Tracdelight, Tectumedia, Outbrain, Usemax, Emarsys, Facebook, Pinterest) for the following purposes:

● Evaluation of user actions (conversion tracking), segmentation of visitors and evaluation of campaign performance

● Strategic targeting of users of the website for advertising purposes (retargeting), including settling accounts with our retargeting partners for ad placement

● The participation of our website in various advertising networks (affiliate networks) in order to advertise our products in the most effective way possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners

● Evaluation of the effectiveness of our Facebook adverts and creation of target groups for our Facebook adverts by means of the Facebook pixel

● Collection and evaluation of how users use our website in order to tailor our newsletters to the interests of each subscriber

In some cases, we and the provider of the marketing technology are jointly responsible for the collection of data with this marketing technology on our website. Any further processing of the data by the provider in question for its own purposes or for the purposes of third parties is the sole responsibility of that provider. You can find information about whether we are jointly responsible with each provider and references to the privacy policies of the providers below.

We and each provider use cookies for this purpose (🡪section H Marketing).

More detailed information about this is available below:

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Google Double Click (Floodlight), Google Ads Conversion Pixel, Google Ads Remarketing, Microsoft Advertising, Criteo, Mediards, Esome, Awin, Daisycon, Tracdelight, Tectumedia, Outbrain, Usemax.
Google Double Click (Floodlight) Microsoft Advertising Criteo Mediards Esome Awin Daisycon Tracdelight Tectumedia Outbrain HTTP data. Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS; e.g. Google Double Click for Google Double Click HTTP data) for technical reasons when each web tracking tool is used on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking or send you personalised adverts (where this is the purpose of the web tracking tool in question). 12 months.
Google Double Click (Floodlight) Microsoft Advertising Criteo Mediards Esome Awin Daisycon Tracdelight Tectumedia Outbrain Cookie data. Data which are stored in cookies for each web tracking tool (e.g. Google Double Click for Google Double Click cookie data) on your device. This includes a unique ID (e.g. UUID) which enables Google, for example, to recognise returning visitors – although we are unable to associate it with any individual user – as well as the following parameters: Partner identification number such as of our advertising partner Google, page type (e.g. order confirmation page, product details page, basket), product numbers of the viewed products, order number, order value, URL of the page(s) visited, names/prices of the viewed products, number of products in the basket, currency, website language setting, general location information, user agent data (browser type, device, screen size, e-mail programs, server). As part of the UUID generation process, the IP address is collected and transmitted to a geographical storage location. The last octet of the IP address is removed. ( section G.III. for more detailed information about the content of the cookies.) Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking or send you personalised adverts (where this is the purpose of the web tracking tool in question). Neither we nor the provider in question store the cookies themselves. However, the data in the cookies are factored into each set of profile data (e.g. Google Double Click profile data for Google Double Click; see below). ( section G.III. for information about how long the cookies remain valid.)
Google Double Click (Floodlight) Microsoft Advertising Criteo Mediards Esome Awin Daisycon Tracdelight Tectumedia Outbrain profile data. Data which are generated by each web tracking tool (e.g. Google Double Click for Google Double Click cookie data) and stored separately in pseudonymised user profiles for each web tracking tool This includes information about how you use the website, especially the pages you open, the frequency of visits and the time spent on the visited pages, allocated to each visitor’s unique visitor ID contained in each set of cookie data (e.g. Google Double Click cookie data for Google Double Click), the origins of the user (i.e. through which advertising partners or campaigns a user has arrived at the website) as well as bounce rate, transactions and sales. Generated by the provider in question (e.g. Microsoft for Microsoft Advertising).-We do not store these data. The partner is responsible for storing these data.
Facebook and Pinterest
Facebook, HTTP data. Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS; e.g. Google Double Click for Google Double Click HTTP data) for technical reasons when each web tracking tool is used on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking or send you personalised adverts (where this is the purpose of the web tracking tool in question). We do not store these data. The partner is responsible for storing these data.
Facebook pixel, Pinterest pixel, Cookie data. Data which are stored in cookies on the user’s device for each tracking pixel (e.g. the Facebook pixel for Facebook). This includes a unique ID which makes it possible to recognise returning visitors. Additionally, we incorporate the following information into the cookies through our data layer in order to help the provider of each tracking pixel display the right adverts for each user: ● Order value (OrderValue) ● Purchased products (Product Ids) ● Viewed products (Product Ids) ● Searched products (Product Ids) ● Page type (what page the user was on, e.g. category or confirmation page, product detail page, search results page). ( section G.III. for more detailed information about the content of the cookies.) Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, the tracking pixels might not function properly or at all. We do not collect or store these data ourselves. The provider of each tracking pixel (e.g. Facebook for the Facebook pixel) is responsible for collecting and processing these data. ( section G.III. for information about how long the cookies remain valid.)
Facebook pixel, Pinterest pixel, Event data. Data collected by each provider through its tracking pixel (e.g. Facebook for the Facebook pixel). These data include actions (also known as events) which take place on the website. This includes, for example, the completion of a purchase, registration, the addition of payment information, initiation of the checkout process, the addition of products to the basket or a wish list, searches and the viewing of content. This also includes information (parameters) associated with each recorded event. This information includes, for example, the value of purchases. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, the tracking pixels might not function properly or at all. We do not collect or store these data ourselves. The provider of each tracking pixel (e.g. Facebook for the Facebook pixel) is responsible for collecting and processing these data. We do not know how long the data are stored.
Facebook pixel, Pinterest pixel, Analytics data. Data which the provider of each tracking pixel (e.g. Facebook for the Facebook pixel) generates separately on the basis of the information collected by each tracking pixel. This includes information about the effectiveness of advertisements through the provider in question and the allocation of users to target groups for advertisements through the provider. Using the collected information, the provider in question can potentially generate other data for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by the provider. Generated independently by each provider.-Each provider merely provides us with aggregated and anonymised data. We cannot associate these data with a natural person. The provider in question is responsible for collecting and processing personal data. We do not know how long the data are stored.
Emarsys eMarketing Systems AG
Emarsys HTTP dataLog data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when the Emarsys web tracking tool is used. The following data are collected: - Browser and version number - Operating system - Referrer URL - IP address (encrypted and truncated) - Session and cookie IDs - Country Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking with Emarsys. One year.
Emarsys cookie dataData which are stored in Emarsys cookies for the web tracking tool on your device. Fundamentally, the cookies collect the two following types of information: Information about the service - IP address - Browser - Cookie identifiers - Pseudonymised identifiers (external IDs or an encrypted e-mail address) from visitors who are logged in. Information about surfing habits - itemIDs taken into consideration - itemIDs added to the basket - itemIDs purchased Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking or send you personalised adverts (where this is the purpose of the web tracking tool in question). The typical expiry date is one year with the exception of the session cookie which is erased at the end of every session. ( section G.III. for information about how long the cookies remain valid.)
Emarsys profile dataThe Emarsys database regularly updates data which it has collected during visitor sessions. The pseudonymised identifiers for these sessions are allocated to the identifier keys stored in the contact database of Emarsys. In the case of an external identifier, the key is entered into a user-defined field generated by MARC O‘POLO. If the identifier is hashed Emarsys e-mails, the key is stored in the fields PredictUserID and PredictSecret in the contact database. Generated by Emarsys.The Web Extend JavaScript commands capture and record website activity in our database for an indefinite period of time.
2. Details about the processing of personal data
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
Evaluation of user actions (conversion tracking) by means of Google Double Click / Google Ads Conversion Pixel / Google Ads Remarketing
Evaluation of user actions (conversion tracking). The behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in a pseudonymised format to make it possible to recognise you on the website or partner websites in future. Pseudonymised user profiles are derived from this information. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to gauge how effectively a targeted group of people are moved to perform desired actions. We use the web tracking tool Google Double Click which is provided by Google for this purpose. The web tracking tool uses cookies for these purposes. (section G.III. for detailed information about the purposes of the cookies.) Google Double Click HTTP data, Google Double Click cookie data, Google Double Click profile data. No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Google LLC.
Strategic targeting of users of the website for advertising purposes (retargeting), including settling accounts with our retargeting partners for ad placement by means of Google Double Click / Google Ads Conversion Pixel / Google Ads Remarketing / Microsoft Advertising / Criteo Pixel / Mediards / Tectumedia/ Outbrain/ Pinterest
Strategic targeting of users of the website for advertising purposes (retargeting) through various retargeting partners, including settling accounts with each retargeting partner for ad placement. The behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in pseudonymised format with a unique ID assigned by each retargeting partner so they can be recognised on our website and on websites which display adverts from each retargeting partner (i.e. publisher), as well as on websites operated by each of our retargeting partners. Pseudonymised user profiles are derived from this information and stored by the retargeting partner in question together with the unique ID assigned by that retargeting partner. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to make a user who has already shown interest in a website or product aware of the website or product again in order to increase the relevance of adverts and in turn the click and conversion rate (e.g. the order rate). We use web tracking tools from the following retargeting partners on our website for this purpose: ● Google (Google Double Click / Google Ads Conversion Pixel / Google Ads Remarketing) ● Microsoft (Microsoft/Bing Advertising) ● Criteo (Criteo Pixel) ● Mediards (tr.mediards.com) ● Tectumedia The information obtained from each web tracking tool is also used by the retargeting partner to evaluate the adverts which direct users to our website through it so as to be able to measure, in pseudonymised format, the number of visits to our website through those adverts and the purchases made in this way for billing purposes. Using this information, each retargeting partner is also able to stop displaying adverts to users who have already purchased the product in question. In this process, we only learn the total number of users who have clicked on a certain advert from our retargeting partners and were then redirected to a page on our website (conversion page). No personal information relating to the identity of the user is shared. Additionally, the web tracking tool from our retargeting partner Mediards uses the collected data as part of predictive targeting. On the basis of the user and his or her preferences, Mediards creates statistical twins in order to make them aware of our website and products that might potentially be of interest. The web tracking tool uses cookies for these purposes. (section G.III. for detailed information about the purposes of the cookies.) In this context, we and each retargeting partner are responsible for processing personal data with regard to the data protection regulations. Additionally, for more information from our retargeting partners about the processing of personal data, please see their privacy policies: ● Google: https://policies.google.com/privacy?hl=us ● Microsoft Ads: https://privacy.microsoft.com/en-us/privacystatement ● Criteo: https://www.criteo.com/privacy/ ● Mediards: https://www.mediards.de/#datenschutz ● Tectumedia: https://www.tectumedia.com/privacy-policy/ ● Outbrain: https://www.outbrain.com/legal/privacy#privacy-policy ● Pinterest: https://policy.pinterest.com/en/privacy-policy On request, we are happy to provide you with the key details of the agreement between us and each retargeting partner (for contact information, see section A.I.). For Google: Google Double Click HTTP data Google Double Click cookie data Google Double Click profile data For Microsoft: Microsoft Advertising HTTP data Microsoft Advertising cookie data Microsoft Advertising profile data For Criteo: Criteo HTTP data Criteo cookie data Criteo profile data For Mediards: Mediards HTTP data Mediards cookie data Mediards profile data For Tectumedia: Tectumedia HTTP data Tectumedia cookie data Tectumedia profile data For Outbrain: Outbrain HTTP data Outbrain cookie data Outbrain profile data For Pinterest: Pinterest HTTP data Pinterest cookie data Pinterest profile data No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).For Google: Google Ireland Limited For Microsoft: Microsoft Ireland Operations Limited For Criteo: Criteo SA For Mediards: mediards GmbH For Tectumedia: Tectumedia GmbH For Outbrain: Outbrain UK Ltd. For Pinterest: Pinterest Europe Ltd.
Facebook pixel
Evaluation of the effectiveness of our Facebook adverts and creation of target groups for our Facebook adverts: The Facebook pixel captures the actions of users on our website (e.g. making a purchase) and reports the actions to Facebook. If you are registered with a Facebook service, Facebook might be able to link the visit with your account. Even if you are not registered or logged into Facebook, it is possible that Facebook will gain access to and store your IP address and other identifiers. On the basis of the information it collects, Facebook provides us with aggregated, anonymised measurements relating to our Facebook adverts. In particular, we can tell whether users who see our Facebook adverts perform certain actions on our website, e.g. making a purchase (these are known as conversions). Additionally, on the basis of the information it collects, Facebook enables us to reach people who have visited our website or carried out a certain action on our website through Facebook adverts within six months of their last visit to our website and optimise our types of target group (audiences). Such adverts can be shown to the users of our website when they visit the social network Facebook or other websites which also use this method. Facebook also enables us to create ‘lookalike audiences’ on the basis of the information collected by Facebook so we can show our Facebook adverts to people who have similar characteristics to the users of our website. Facebook merely provides us with aggregated and anonymised assessments or other information generated on the basis of the collected data. We cannot attribute the information provided to us to any natural person. Facebook is responsible for collecting and processing personal data. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility. For information about how Facebook processes personal data, see the Facebook privacy policy at https://www.facebook.com/about/privacy/. Facebook pixel HTTP data, Facebook pixel cookie data, Facebook pixel event data, Facebook pixel analytics data.We do not use automated decision-making within our own sphere of responsibility. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility, especially with regard to automated decision-making. Legal grounds for facilitating the collection of personal data by Facebook on our website: Point (a) of Article 6(1) GDPR (consent). We do not process personal data within our own sphere of responsibility. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility, especially with regard to the legal grounds on which Facebook processes the data. Facebook Ireland Limited
Evaluation of the activity of users of our website for the purposes of Facebook or third parties: Facebook can also use the information collected by the Facebook pixel for its own purposes or the purposes of third parties, e.g. to create target groups for other clients who wish to display adverts. Facebook is responsible for collecting and processing personal data. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility. For information about how Facebook processes personal data, see the Facebook privacy policy at https://www.facebook.com/about/privacy/. Facebook pixel HTTP data, Facebook pixel cookie data, Facebook pixel event data, Facebook pixel analytics data.We do not use automated decision-making within our own sphere of responsibility. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility, especially with regard to automated decision-making. Legal grounds for facilitating the collection of personal data by Facebook on our website: Point (a) of Article 6(1) GDPR (consent). We do not process personal data within our own sphere of responsibility. We have no knowledge of the details of how Facebook processes the data within its own sphere of responsibility, especially with regard to the legal grounds on which Facebook processes the data. Facebook Ireland Limited
Esome container (conversion tracking with Facebook)
Evaluation of user actions (conversion tracking), segmentation of visitors and evaluation of campaign performance: For the purposes of evaluating user actions (conversion tracking), the behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in a pseudonymised format to make it possible to recognise you on the website in future. Pseudonymised user profiles are derived from this information. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to gauge how effectively a targeted group of people are moved to perform desired actions. We use the web tracking tools provided by Facebook which we embed into our website using the tag manager of our advertising partner Esome. Facebook is jointly responsible with us. Strategic targeting of users of the website for advertising purposes (retargeting) through various retargeting partners, including settling accounts with each retargeting partner for ad placement. The behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in pseudonymised format with a unique ID assigned by the retargeting partner (Facebook) so they can be recognised on our website and on websites which display adverts from each retargeting partner (i.e. publishers), as well as on websites operated by each of our retargeting partners. The web tracking tools use cookies for these purposes. (section G.III. for detailed information about the purposes of the cookies.)Esome HTTP data, Esome cookie data, Esome profile data.No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Esome advertising technologies GmbH For Facebook: Facebook Ireland Limited
Participation in the advertising networks of Awin, Daisycon (only relevant to our Dutch store) and Tracdelight
The participation of our website in various advertising networks (affiliate networks) in order to advertise our products in the most effective way possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners: We participate in the advertising networks of the following advertising partners: ● Awin (formerly Affilinet) ● Daisycon (only for the Dutch store on our website) ● Tracdelight Tracking pixels from our advertising partners are incorporated into our website so our website can participate in each advertising network. Cookies from our advertising partners are also used in this context. (section G.III. for detailed information about the purposes of the cookies.) The tracking pixels enable our advertising partners to collect information about how users use our website. The information obtained in this way is used to evaluate adverts which link to our website from the advertising partner in question so as to be able to measure, in pseudonymised format, the number of visits to our website through those adverts for billing purposes. Additionally, our advertising partners capture the actions of users on our website and analyse this behaviour in a pseudonymised format. Users of the website are tagged in pseudonymised format so they can be recognised on our website as well as other websites which participate in the advertising network in question. Pseudonymised user profiles are derived from this information. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to determine the interests of a user on the basis of his or her surfing behaviour in order to allocate the user to specific target groups for advertising. This way, the advertising partner in question can show the user more relevant, interest-based and in turn more interesting adverts. In this context, we and each advertising partner are responsible for processing personal data with regard to the data protection regulations. Additionally, for more information from our advertising partners about the processing of personal data, please see their privacy policies: ● https://www.awin.com/gb/privacy ● https://www.daisycon.com/en/Privacy/ ● https://www.tracdelight.io/datenschutz/ On request, we are happy to provide you with the key details of the agreement between us and the other controllers (for contact information, see section A.I.). For Awin: Awin HTTP data, Awin cookie data, Awin profile data: For Daisycon: Daisycon HTTP data, Daisycon cookie data, Daisycon profile data: For Tracdelight: Tracdelight HTTP data, Tracdelight cookie data, Tracdelight profile data No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).For Awin: AWIN AG For Daisycon: Daisycon B.V. For Tracdelight: tracdelight GmbH
Emarsys eMarketing Systems AG
Collection and evaluation of how users use the website in order to tailor our newsletters and direct mail to the interests of each subscriber. Your activity shall only be captured and evaluated by the Emarsys analytics tool if ● you have consented to marketing in our data privacy and cookie settings and ● have subscribed to our newsletter (--> section D) and ● are a participant in our customer loyalty scheme (--> section E). In this case, a user profile shall be generated from your user behaviour and click data in order to derive your interest in our products from it. In order to send you personalised content (newsletters or direct mail), we shall store these interests as data categories (e.g. the last category clicked on or products added to the basket, but no unique click paths) in the customer profile that we have for you as a participant in our customer loyalty scheme. We use cookies for these purposes. (section G.III. for detailed information about the purposes of the cookies.) Emarsys HTTP data Emarsys profile data Emarsys cookie data Online user profile data (--> section E) No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Emarsys eMarketing Systems AG
Adverts on partner websites As described above, we use your user profile and the categories of data added to your customer profile to display adverts and carry out strategic advertising campaigns on partner websites that are part of the Google Display Network and Facebook. With such lists of customers, for example, we can show you the same content in adverts on a partner website that you have already received in one of our newsletters. These lists also enable us to exclude you from certain advertising campaigns on our partner websites, such as if you have already purchased products from the category in question. We compare our customer profiles with Google Ads and Facebook for this purpose. We send your cryptographically hashed e-mail address to Google and Facebook who then perform a comparison with hashed e-mail addresses belonging to their users. If you have created a Google/Facebook account with the e-mail address you used to create your customer account with us, Google/Facebook will add you to our customer list in order to display adverts as described above. The encrypted e-mail addresses are then deleted immediately. As Google and Facebook do not provide us with information about who has actually been added to the customer list and who has actually been shown each advert, we are unable to determine whether you have an account with Google/Facebook. Based on the customer lists generated by Google/Facebook, we are also able to create customer lists containing similar customer groups with similar characteristics. If, for example, there are characteristics such as interests in cooking or sports, new customers are sought in these areas and are then shown an advert via the marketing channels described above. The processing only takes place if web tracking by Emarsys is used in line with the criteria described in the preceding row. Emarsys profile data Customer master data (only e-mail address), segment profile data (--> section E) No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Emarsys eMarketing Systems AG Cryptographically hashed e-mail addresses: Facebook Google
3. Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations
RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Google Double Click / Google Ads Conversion Pixel / Google Ads Remarketing
Google LLC
Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Joint) controller.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Google has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Microsoft Advertising
Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 (Joint) controller.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Microsoft has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Criteo
Criteo SA 32 Rue Blanche, 75009 Paris, France (Joint) controller.EU.
Tectumedia
Tectumedia GmbH Eichhornstrasse 3 10785 Berlin, Germany (Joint) controller.EU.
mediards
mediards GmbH Im Mediapark 8, 50670 Cologne, Germany. (Joint) controller. EU.
Facebook
Facebook Ireland Limited 4 GRAND CANAL SQUARE, D2 Dublin, Ireland (Joint) controller.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Facebook has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Esome container (conversion tracking with Facebook)
Esome advertising technologies GmbH(Joint) controller. EU.
Daisycon (only relevant to our Dutch store)
Daisycon B.V. Alnovum Gebäude, P.J. Oudweg 5, 1315 CH Almere, Netherlands. (Joint) controller.EU.
Awin
AWIN AG Eichhornstrasse 3, 10785 Berlin, Germany.(Joint) controller.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. AWIN AG has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Tracdelight
tracdelight GmbH Arabellastrasse 23, 81925 Munich, Germany. (Joint) controller.EU.
Emarsys eMarketing Systems AG
Emarsys eMarketing Systems AG Hans-Fischer-Str. 10, 80339 Munich, Germany Processor.EU and UK.
Outbrain
Outbrain UK Limited 5th Floor, The Place 175 High Holborn, London, WC1V 7AA, UK (Joint) controller.EU, UK and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Outbrain has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Pinterest
Pinterest Europe Limited, based at 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland,(Joint) controller.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Pinterest has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.

Use of web analytics technologies (using analytics cookies)

If you have consented to analytical purposes in the data privacy and cookie settings we shall use web analytics technologies for the following purpose:

● To improve the website, including through A/B testing (a comparison of user behaviour on different versions of our website)

● to reach website targets more effectively (e.g. increase the number of page views) and

● to calculate the remuneration of advertising partners (affiliates)

we use the web analytics technologies Google Analytics, Google Optimize and Triple A from Artefact. We use cookies for this purpose (🡪section H Analytics).

More detailed information about this is available below:

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Google Analytics, TripleA, Google Optimize, HTTP data. Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when a web analytics tool (e.g. Google Analytics) is used on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Additionally, links from our advertising partners on our website can contain certain parameters with which we can determine the origins of our users more effectively (e.g. the identification numbers of certain advertising media or campaigns) Visitors can also be categorised in A/B tests with Google Optimize. While an A/B test is being carried out, one user sees a different version of the website to another user. However, this happens randomly and is not personalised. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web analytics with the web analytics tool in question. For Google Analytics: IP anonymisation is active on this website for the web analytics tool Google Analytics. This means that the IP address sent by your browser for technical reasons is truncated (the last octet of the IP address is deleted) in order to anonymise it before it is stored. We shall store the other data for 38 months. For TripleA: 30 days. For Google Optimize: 30 days.
Google Analytics, TripleA, Google Optimize, Cookie data. Data which are stored in cookies for the web analytics tool (e.g. Google Analytics) on your device. This includes a unique ID in each case which makes it possible to recognise returning visitors. (section G.III. for more detailed information about the content of the cookies.) Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web analytics with the web analytics tool in question. For Google Analytics: 38 months. For TripleA: 30 days. For Google Optimize: 30 days. (section G.III. for information about how long the cookies remain valid.)
Google Analytics, TripleA, Google Optimize, profile data. Data which are generated by each web analytics tool (e.g. Google Analytics) and stored separately in pseudonymised user profiles for each web analytics tool. This includes information about how you use the website, especially page visits, the frequency of visits, the time you spend on pages you visit and the origin of the visitor (i.e. which promotional partners or initiatives brought the user to the website), allocated to the unique user ID of each visitor contained in the Google Analytics cookie data. Google Optimize is MARC O’POLO’s A/B testing tool. With Google Optimize, the collected data are used to allocate you to a test group when you visit. Generated independently.For Google Analytics: 38 months. For TripleA: 30 days. For Google Optimize: 30 days.
2. Details about the processing of personal data
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
Google Analytics and Optimize as well as Artefact TripleA
To improve the website such as with A/B testing using Google Optimize, to reach website targets more effectively (e.g. increase the number of page views) and to calculate the remuneration of advertising partners (affiliates). The behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in a pseudonymised format to make it possible to recognise you on the website in future. Pseudonymised user profiles are derived from this information. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to investigate where users come from (e.g. from which advertising partners and advertising campaigns), what sections of the website are visited and how often sub-pages and categories are viewed, including for how long. This way, we can improve our website by tailoring it to the needs of our users, control campaigns more effectively and calculate how much remuneration is due to our advertising partners (affiliates). We use the following web analytics tools for this purpose: ● Google Analytics and Google Optimize from Google ● The analytics tool TripleA from Artefact We use Google Optimize to conduct A/B testing in this regard. This is a method of comparing different versions of our website in order to determine which version performs better. This method of testing enables us to show various website users different versions of the same page automatically and evaluate details relating to user behaviour on these different versions. The results enable us to determine what version works better. The web analytics tools use cookies for these purposes. (section G.III. for detailed information about the purposes of the cookies.) For Google Analytics: Google Analytics HTTP data, Google Analytics cookie data, Google Analytics profile data. For Google Optimize: Google Optimize HTTP data, Google Optimize cookie data, Google Optimize profile data. For Triple A: TripleA HTTP data, TripleA cookie data, TripleA profile data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in improving the website, reaching website targets more effectively (e.g. increasing the number of page views) and calculating the remuneration of advertising partners (affiliates). For Google Analytics and Optimize: Google Ireland Limited For Artefact TripleA: Artefact GmbH.
3. Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations
RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Google Analytics and Google Optimize
Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Google has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Artefact Triple A
Artefact Germany GmbH Philosophenweg 21, 47051 Duisburg, Germany. Processor.EU.-

Use of personalisation technologies (use of personalisation cookies)

If you have consented to personalisation purposes in the cookie settings, we shall use personalisation technology for the following purposes:

● To display personalised content in the online store

● Insert containing personalised content for print advertising

We use cookies for this purpose (🡪 section H Personalisation).

More detailed information about this is available below:

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Adnymics GmbH
Adnymics HTTP dataLog data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when the web tracking tool Adnymics is used on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking with Adnymics. We do not store these data. The partner is responsible for storing and anonymising these data.
Adnymics cookie dataData which are stored in cookies for the web tracking tool Adnymics on your device. This includes a unique ID which allows Adnymics to recognise logged-in customers who return as well as a product code. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking with Adnymics. We do not store the cookies themselves or the information in the cookies. (section H.III. for information about how long the cookies remain valid.)
Adnymics profile dataData which we generate through the web tracking tool Adnymics and are stored in user profiles. This includes information about how you use the website, especially the pages you open, the frequency of visits and the time spent on the visited pages, allocated to each user’s unique ID contained in the Adnymics cookie data and to their customer account if they are a participant in the customer loyalty scheme. Generated independently.-We shall store these data for as long as you remain part of the customer loyalty scheme. We shall also store the data in an anonymised format.
epoq
epoq HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when the web tracking tool is used on the website. These data include your IP address, device, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking with epoq. So-called IP anonymisation is activated for the use of the web tracking tool epoq on this website. This means that the IP address transmitted by the browser for technical reasons is anonymised by shortening the IP address (by deleting the last octet of the IP address) before it is stored. We do not store the other data; these data are only stored in epoq cookies in your browser (see ‘epoq cookie data’ below).
epoq cookie data.Data which are stored in cookies for the web tracking tool on your device. This includes a unique ID which makes it possible to recognise returning visitors. This also includes information about the types of page you visit (e.g. an order confirmation page, a product details page or a basket), article numbers of the viewed products and the number of products in the basket. (section G.III. for detailed information about the content of the cookies.) Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out web tracking with epoq. We do not store the cookies themselves or the information in the cookies. (section G.III. for information about how long the cookies remain valid.)
epoq profile data.Data which we generate through the web tracking tool and are stored in pseudonymised user profiles. This includes information about how you use the website, especially the pages you open, the frequency of visits and the time spent on the visited pages, allocated to each user’s unique visitor ID contained in the epoq cookie data. Generated independently.-Erased after 1 year.
Saiz
Saiz-HTTP-DataLog data that is technically generated when using the Saiz size advisor tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address and the date and time of the request. Users of the website.Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to offer you size advice.90 days
Saiz-Cookie-DataData stored in cookies for the Saiz size advisor tool on the user's terminal device. This includes a unique ID for (re-)recognising the users of the size advisor tool. (🡪 Section G.III. for more detailed information on the contents of the cookies used). Users of the website.Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to offer you size advice.We do not store the cookies themselves or the information contained in the cookies. (🡪 Section H.III. for information on the validity period of the cookies used).
Fit advisor dataData collected when you use the Size Advisor Tool: This includes information you provide when using the size advisor tool: Age, gender, size in cm, bust measurement if applicable, hip measurement if applicable, waist measurement if applicable, weight, body type and body shape information and IP address.Users of the fit advisor.Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to offer you any size advice.90 days.
AB Tasty SAS
AB Tasty HTTP dataLog data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when the A/B testing tool is used on the website. This includes your IP address, the type and version of your browser, the number of pages you have viewed, the number of visits, the sequence of your visit, the duration of your visit, interactions such as adding and removing products to and from a basket, records of how you use individual websites etc. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to optimise or personalise the website for you. The IP address is shared with AB Tasty and converted into a location. AB Tasty does not store the IP address; it merely uses it to identify the location. We do not store the other data; these data are only stored in AB Tasty cookies in your browser (see ‘AB Tasty cookie data’ below). Additionally, we shall store these anonymised data in order to evaluate them for statistical purposes.
AB Tasty cookie dataData which are stored in cookies for the web tracking tool AB Tasty on your device. This includes a unique ID for recognising (return) visitors, test and variant IDs and a time stamp. (section H.III. for more detailed information about the content of the cookies.) Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to optimise or personalise the website for you. 13 months or the data are stored temporarily in your browser for the duration of each session.
2. Details about the processing of personal data
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
Adnymics GmbH
The click and purchasing behaviour of users is recorded and analysed in order to make it possible to generate a parcel insert with personalised product recommendations for the user if an order is placed, provided that you are a participant in our customer loyalty scheme and were logged into your customer account when you placed the order. We shall use your user behaviour to generate a user profile in order to determine what products might be of interest to you. In order to send you personalised parcel inserts along with your order, we shall store these interests as data categories (e.g. the last category clicked on or products added to the basket, but no unique click paths) in the customer profile that we have for you as a participant in our customer loyalty scheme (section E). We use cookies for these purposes. (section H.III. for detailed information about the purposes of the cookies.) Adnymics HTTP data, Adnymics cookie data, Adnymics profile data.No automated decision-making takes placePoint (a) of Article 6(1) GDPR (consent).Adnymics GmbH
epoq
To show the user product recommendations at specific points in the online store. The behaviour of users on our website is captured and analysed in a pseudonymised format. Users of the website are tagged in a pseudonymised format to make it possible to recognise you on our website in future. Pseudonymised user profiles are derived from this information. The pseudonymised user profiles are not merged with data relating to the bearer of the pseudonym. The objective of the process is to make a user who has already shown interest in a website or product aware of the product again on our website in order to increase the relevance of adverts and in turn the click and conversion rate (e.g. the order rate). Epoq provides a variety of analyses. (section G.III. for detailed information about the purposes of the cookies.) epoq HTTP data, epoq cookie data, epoq profile dataNo automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).epoq
To advertise to users on the basis of their location The location of users on our website is captured and analysed in a pseudonymised format. The location information can be used to enrich weather data, for example. epoq HTTP data, epoq cookie data, epoq profile dataNo automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).epoq
SAIZ
Provision of the size advisor tool on the website: Sizes for certain categories of clothing are recommended to the user of our size advisor tool after one-time entry of his data based on real cutting data provided by MARC O'POLO Saiz Form. For this purpose, including to ensure the security of the IT infrastructure used for the provision of the size advisor tool, data is processed pseudonymously temporarily on our web server in order to provide you with the size advisor tool. For this purpose, information about your use of the Size Advisor Tool is stored in cookies (🡪 Section H) on your terminal device. If you wish, you can delete the data stored in cookies by us and in your end device yourself at any time via our cookie banner. You can find Saiz's privacy policy here: https://www.saiz.io/datenschutz Saiz HTTP data, Saiz Cookies data, Size Advisor dataNo automated decision-making takes place Point (a) of Article 6(1) GDPR (consent).Saiz GmbH
AB Tasty
To optimise the website for a better user experience. It is technically necessary to collect the data and use the tool in order to ensure that we are able to continuously optimise features, depictions and the transparency of necessary notices for visitors to our store. Users are shown a version with the optimisations in order to determine whether that version is more useful to them. AB Tasty HTTP data, AB Tasty cookie dataNo automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).AB Tasty
3. Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations
RecipientRole of the recipientTransfer to third countries and/or to international organisations Adequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Adnymics GmbH
adnymics GmbH Denisstr. 1b 80335 Munich, Germany Processor.EU.-
Epoq
Epoq epoq internet services GmbH ⋅ Willy-Brandt-Straße 3 ⋅ 76275 EttlingenProcessor.EU
SAIZ
SAIZ GmbH Nostiltzstr. 23, 10961 Berlin Processor.EU-
AB Tasty
AB TASTY SAS 3 impasse de la Planchette 75003 Paris, France Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. AB Tasty has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.

Use of online contact forms

On the website, we provide you with the means of contacting us via contact forms. We process the information you provide in the contact forms in order to process your enquiry, such as the availability of certain products. Additionally, we might store the information as evidence for the purposes of filing, exercising or defending against legal claims or in order to comply with statutory storage obligations, especially those imposed by tax and commercial law.

When you use the contact forms on the website, the browser you are using on your device will send certain information such as your IP address to the server of our website for technical reasons. We process this information in order to provide the contact forms on the website and ensure the security of the IT infrastructure used to provide the form.

More detailed information about this is available below:

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Contact form HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you access contact forms on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Contact form data.Data which you share with us in contact forms on the website. This includes the information you send us in each contact form on the website. It can include the following data in particular: Your name, date of birth, address, phone number, e-mail address and the content of your enquiry. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to process your enquiry. Data shall be stored until we finish handling your enquiry. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
2. Details about the processing of personal data
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
Provision of our contact forms on the website. HTTP data are processed temporarily on our web server for this purpose. Contact form HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user. Hosting provider.
To guarantee the security of the IT infrastructure used to provide the form, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Data are stored temporarily in log files on our web server and evaluated for this purpose. Contact form HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the form, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting provider.
To process your enquiry.Contact form data.No automated decision-making takes place.Where your enquiry concerns a contract to which you are party or steps prior to entering into a contract: Point (b) of Article 6(1) GDPR (performance of a contract or in order to take steps prior to entering into a contract). Otherwise: Point (f) of Article 6(1) GDPR (balance of interests). In this case, we have a legitimate interest in processing your enquiry. Customer service provider.
Storage and processing to serve as evidence for the purposes of filing, exercising or defending against legal claims.Contact form data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in filing, exercising or defending against legal claims. Customer service provider.
Storage of data in order to comply with statutory storage obligations, especially those imposed by tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB). Contact form data.No automated decision-making takes place.Point (c) of Article 6(1) GDPR (compliance with a legal obligation).Customer service provider.
3. Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations
RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider. (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. ABOUT YOU has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Customer service provider (currently: Ströer X GmbH, Georgiring 3, 04103 Leipzig, Germany) Processor.EU.-

C. Information on the processing of personal data of customers of our online store

Information on the processing of personal data of customers of our online store

You can use our MARC O’POLO online stores on our website, different versions of which are available for different countries at country-specific URLs (e.g. www.marc-o-polo.com/de-de/ for Germany; hereinafter referred to as ‘national stores’). For an overview of the individual national stores, see section 1.1 of part A of our GTC. The national stores are hereinafter referred to collectively as ‘online store’.

In order to provide various features in our online store, to conclude, execute and rescind purchase contracts, to send e-mails with advertisements for similar products in line with the criteria of Section 7(3) of the German Act against Unfair Competition (UWG), to guarantee the security of the IT architecture used to provide the online store, to manage and enforce our purchase price claims, to provide the review tool, to perform fraud and credit checks during and after the completion of the order, to carry out customer surveys for market research purposes and as evidence, and to comply with statutory storage obligations, we process various types of personal data when you use our online store, e.g. the data you send to us in the order form.

You can place orders in our online store as a guest or with a customer account. In the German national store, you can only use our customer account if you participate in the MARC O’POLO MEMBERS customer loyalty scheme. For information about how the personal data of participants in the customer loyalty scheme are processed, including how the customer account is used, see section E of this privacy policy.

More detailed information about this is available below:

Information on the processing of personal data of customers of our online store

1. Information about the personal data we process
Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you visit the online store on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the online store.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Basket data.Data relating to products you add to your basket in the online store. These include article names and numbers, quantity, size, colour, price and currency. Users of the online store.Must be provided in order to enter into a purchase contract. No obligation to make the data available exists. If you do not provide the data, you will not be able to purchase any items from our online store. Before completing an order: We store and process these data temporarily while the website is being made available (e.g. in order to show the contents of your basket). The data are stored temporarily in your browser for the duration of each session. After completing an order: Data are stored until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Contact details.Data you share with us during the order process for the purpose of contacting you to process your order. The data can include the following information in particular: Title, name, surname, postal address, phone number and e-mail address. Users of the online store.The data marked as mandatory in the order process must be provided in order to enter into a contract. No obligation to make the data available exists. If you do not provide the data, you will not be able to enter into a contract. Data are stored until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Shipping data.Data you share with us during the order process for the purpose of shipping the items you have ordered. This includes your chosen delivery method as well as any delivery address you provide that does not match your billing address. Users of the online store.Must be provided in order to enter into a purchase contract. No obligation to make the data available exists. If you do not provide the data, you will not be able to purchase any items from our online store. We shall store the data until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Payment data.Data you share with us for the purpose of paying for the items you have ordered. These data depend on the payment method you select. Depending on the payment method, these data include, for example, your IBAN number, BIC number or billing address. Users of the online store.The data marked as mandatory in the order process must be provided in order to enter into a contract. No obligation to make the data available exists. If you do not provide the mandatory data, you will not be able to enter into a contract. Data are stored until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Order data.Information about your order. This includes information about the items you have purchased (article names and numbers, price, currency, order number), the store version you used, the date and time of each purchase, the chosen payment method and delivery method and the status of your order. Generated independently.-Data are stored until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Customer data.Data we process in our internal customer management system for the purpose of administrating our accounts receivable from purchases. In particular, this includes information about currently open items, incoming payments, dunning levels, ongoing collection processes and returns. Payment service provider, collection agency, generated independently.-Data are stored until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Transaction e-mail data.Information from transaction e-mails which we send in order to process or cancel your order (e.g. order confirmations). This information includes the content, date and time of the transaction e-mails. Generated independently.-Data are stored until your order is fully processed. In particular, this also encompasses the potential cancellation of the order. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Order and return values.Any reasons given for a return.Users of the online store.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to take the reasons for the return into consideration when we calculate and evaluate the rate of returns. We do not store the reasons for returns on our systems. We store the rate of returns that we calculate for 24 months.
Order and return values.Total order value and the total price of the returned items, as well as your contact information, which we need in order to calculate your rate of returns. In order to calculate your rate of returns, we calculate the percentage of your returns based on the total order value which you reach by placing orders in our online store. Generated independently.-We do not store the reasons for returns on our systems. We store the rate of returns that we calculate for 24 months.
Review data.Information you provide to us when you review products. This includes your e-mail address and a username which you are free to pick. Users of the online store.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the review feature on the website. Data shall be stored for as long as your review remains published on our website. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Data relating to creditworthiness.Information about the creditworthiness of our customers. In particular, this includes the credit information provided by credit agencies on the basis of insolvency and outstanding debt register data held by the local courts and reports from creditors or representatives of creditors about breaches of contract in connection with payments. Credit agencies.-We shall store the data until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Data relating to creditworthiness.Additionally, this includes information we have generated about the punctual settlement of our claims and findings we obtain from past fraud and credit checks, e.g. limits on your purchases.Generated independently.-We shall store the data until your order is fulfilled, i.e. until the goods are dispatched. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Market research data.Information we obtain through customer surveys for market research purposes in order to analyse the satisfaction of our customers in a pseudonymised manner, for example, and improve the content of our website. Users of the online store.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out surveys or analyses for market research purposes. We shall store these pseudonymised data for up to 38 months. Additionally, we shall store these anonymised data in order to evaluate them for internal statistical purposes.
Advert management data.Information about consent you have granted to advertising as well as any objections to advertising. This includes the object, date and time of the declaration of consent, the IP address of the device used to grant the consent as well as the object, date and time of any withdrawal of consent or objection to processing of personal data for advertising purposes. Users of the online store.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to take your consent or objections to advertising into consideration. We shall store these data for as long as we have your consent or as long as we carry out advertising without consent on the basis of the information sent to you about that advertising in each case. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you withdrew your consent or we ended the advertising measure in question, or until the end of any ongoing legal disputes.
Virtual sample data.Virtual fitting room information that we collect based on your consent within the session. This includes the subject, date and time of consent, the IP address of the terminal device used for consent, and the subject, date and time of any revocation of consent or objection to the processing of personal data for advertising purposes.Users of the online store.Provision is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to provide you with the virtual fitting. We store this data for the duration of a session.

Details about the processing of personal data

Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
To provide our online store features on the website. HTTP data are processed temporarily on our web server for this purpose. HTTP data, basket data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user. Hosting provider.
Conclusion and fulfilment of purchase contracts concluded through the online store. In particular, this encompasses processing the payment, sending the goods you ordered and sending transaction e-mails to notify you of the status of your order. As a participant in our customer loyalty scheme, we can add parcel inserts to your parcel which we generate on the basis of your activity on our website, provided that you have consented to personalisation in our data privacy and cookie settings (section B.IV) Basket data, contact data, shipping data, payment data, order data, transaction e-mail data. We use the following data to generate personalised parcel inserts: No automated decision-making takes place.Point (b) of Article 6(1) GDPR (performance of a contract or in order to take steps prior to entering into a contract).Hosting provider, Arvato SE, parcelLab, system and service e-mail service provider, shipping service provider, payment service provider.
To check your order using general features such as order volume, a delivery address that differs from the billing address or your status as a new or existing customer. A pre-selection of payment methods to offer you is generated on the basis of an automated check in order that we can avoid a default risk to the greatest possible extent. In order to make the order process flow as well as possible, this check takes place before you select a payment method Contact data, basket data, shipping data.Automated decision-making takes place on the basis of the following logic: The order check begins after you enter your contact and shipping data and click on ‘Continue’, before we display certain payment methods for your order. We use predefined rules to examine whether there is a default risk to the order and whether we should only offer secure payment methods, i.e. no purchases on account. Firstly, we check your contact and shipping details to ensure that they match the address(s) you have given. We also analyse the value of the order. In particular, we examine whether you have reached your maximum order limit or are placing an order as a new customer. Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in minimising default risks and improving the customer experience in the order process.Hosting provider.
Provision of ‘purchase on account’ as a payment method. On our behalf, our service provider Infoscore Consumer Data GmbH (Rheinstrasse 99, 76532 Baden-Baden; ‘Infoscore’) performs a credit check if you select the payment method ‘purchase on account’. Contact data, basket data, shipping data, order data, customer data, order and return values, credit data.Automated decision-making takes place on the basis of the following logic: The credit check begins after you consent to the credit check by clicking on ‘Place order now’ to complete your order. Infoscore sends your contact and shipping data to the credit agency in order to obtain credit information from that credit agency. The credit information contains a credit score which is calculated on the basis of a scientifically recognised mathematical-statistical process and can be used to assess credit risk. Infoscore determines the default risk on the basis of the score provided by the credit agency. Infoscore then sends us the results of the fraud and credit checks in an automated manner for us to interpret on the basis of predefined rules and determine whether the order can be fulfilled with the chosen payment method. If the criteria of the check cannot be evaluated sufficiently, you shall be redirected back to the payment methods and will only be able to select a secure payment method (not ‘purchase on account’). Consent (point (a) of Article 6(1) GDPR).Infoscore Consumer Data GmbH, credit agency.
To perform a fraud check after you place your order in order to avoid a default risk to the greatest possible extent. On the basis of largely automated checks, we decide to what extent we can fulfil your order as it has been submitted. The fraud check is performed on our behalf by Infoscore Consumer Data GmbH (Rheinstrasse 99, 76532 Baden-Baden; ‘Infoscore’). Contact data, basket data, shipping data, order data, customer data, order and return values.Automated decision-making takes place on the basis of the following logic: The fraud check begins after you click on ‘Place order now’ to complete your order. Infoscore uses predefined rules to examine whether there is a default risk to the order and whether we should only offer secure payment methods, i.e. no purchases on account. Firstly, Infoscore checks your contact and shipping details to verify your age and ensure that the address(s) you have given are correct. Infoscore also analyses the number and size of the orders within a certain period of time. In particular, it checks the extent to which your contact and shipping data have been used for past orders, e.g. whether different e-mail addresses have been provided for the same billing address within a short period of time. Additionally, Infoscore checks the information we have generated about the punctual settlement of our claims and findings we have obtained from past fraud checks, e.g. limits on your purchases. In particular, Infoscore checks whether the maximum order limit has been reached, checks your rate of returns from the order and return values and uses our customer data to determine whether there are any outstanding items, dunning levels or ongoing collection processes, and if so, on what scale. In order to calculate your rate of returns, we calculate the percentage of your returns based on the total order value which you reach by placing orders in our online store. Infoscore assesses the default risk on the basis of the checks described above. Infoscore then sends us the results of the fraud check in an automated manner for us to interpret on the basis of predefined rules and determine whether the order can be fulfilled with the chosen payment method. If the criteria of the check cannot be evaluated sufficiently, you shall be redirected back to the payment methods and will only be able to select a secure payment method (not ‘purchase on account’). Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in minimising default risks to the greatest possible extent.Infoscore Consumer Data GmbH.
To send e-mails with adverts for similar products of ours to customers who have provided us with their e-mail address while placing an order in the online store and to whom it was made clear when their e-mail address was collected that they can object to this use of their e-mail address at any time, at no additional cost beyond the basic-rate costs for communication. We also refer to this right to object whenever we use the e-mail address, i.e. in every product recommendation e-mail. With regard to advertising similar products of ours, we use the information about your previous purchases in the transaction e-mail data in order to ensure that you only receive adverts which match your interests. Contact data, transaction e-mail data, advert management data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in using the e-mail address to send direct marketing for similar products of ours, in line with the criteria of Section 7(3) UWG. Emarsys Interactive Services GmbH
To carry out customer surveys for market research purposes and pseudonymised analyses of market research data in order to develop and improve the content of our website. Market research data.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in the development and improvement of our website.Survey agency.
To guarantee the security of the IT infrastructure used to provide the online store, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Data are stored temporarily in log files on our web server and evaluated for this purpose. HTTP data, basket data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the online store, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting provider.
Administration and enforcement of our purchase price claims.Contact data, customer data.No automated decision-making takes place.Point (b) of Article 6(1) GDPR (performance of a contract).Collection agencies.
To rescind purchase contracts if they are cancelled or for other reasonsContact data, shipping data, payment data, order data, transaction e-mail data, customer data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in the rescission of purchase contracts. Delivery company.
To provide the review feature. For this purpose, the data you provide and your review are checked and then published on our website. The review shall only be published under your chosen username. We shall notify you of the publication by e-mail. Review data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website features accessed by the user. Hosting provider.
Storage and processing to serve as evidence for the purposes of filing, exercising or defending against legal claims.HTTP data, contact data, payment data, order data, basket data, shipping data, transaction e-mail data, customer data, creditworthiness data, review data, advert management dataNo automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in filing, exercising or defending against legal claims. Hosting provider.
Storage of data in order to comply with statutory storage obligations, especially those imposed by tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB). Contact data, payment data, order data, basket data, shipping data, transaction e-mail data, customer data, review data.No automated decision-making takes place.Point (c) of Article 6(1) GDPR (compliance with a legal obligation).Hosting provider.
To send a reminder about product availability.E-mail address (contact data), advert management dataNo automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent). Hosting provider.
Providing the possibility of a virtual fitting. By clicking "I agree" you grant Fittingbox access to use your webcam. Virtual sample data.There is no automated decision making.Article 6(1)(a) of the General Data Protection Regulation (consent).Fitting box.

Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider. (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. About you has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Payment service providerController.EU.-
Delivery companyController.EU.-
parcelLab GmbH Schillerstr. 23a, 80336 Munich, Germany. Processor.EU.-
Arvato SE An der Autobahn 22, 33333 Gütersloh, Germany. Processor.EU.-
Infoscore Consumer Data GmbH part of Arvato Financial Services Rheinstrasse 99, 76532 Baden-Baden Processor.EU.-
Credit agency (currently: Informa Solutions GmbH part of Experian Ltd., Rheinstrasse 99, 76532 Baden-Baden, Germany). Controller.EU.-
Collection agency (currently: Germany and Netherlands: Paigo GmbH, Forderungsmanagement GmbH & Co. KG, Rheinstrasse 99, 76532 Baden-Baden Austria: infoscore austria GmbH, Weyringergasse 1, 1040 Vienna Switzerland: infoscore Inkasso AG, Ifangstrasse 8, 8952 Schlieren). Processor. Processor. Processor. EU. EU. Switzerland. Adequacy decision from the European Commission for personal data in Switzerland: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000D0518&from=EN
Emarsys eMarketing Systems AG Hans-Fischer-Strasse 10 80339 Munich, Germany Processor.EU and UK.-
Survey agency (currently: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) Processor.EU.-
Fittingbox S.A. 209 Rue de l'Innovation 31670 Labège FrancePerson responsible.EU-

D. Information about the processing of personal data of subscribers to our email newsletter

Information about the processing of personal data of subscribers to our email newsletter

You can subscribe to our e-mail newsletter on the website. The newsletter provides information about new outfits and current product trends and also tells you about our special events, promotions and competitions. Likewise, we make it possible for you to subscribe to our newsletter on the social networks such as Facebook and Instagram directly.

Through your orders from our online store (🡪section C) or as part of our MARC O’POLO MEMBERS programme (🡪section E), we can tailor the content of the newsletter (where we have such data) precisely to you (e.g. based on your purchase history or Memberry points). If, in addition to your newsletter subscription, you have consented to marketing in our data privacy and cookie settings (🡪section B.II), we will add even more customised content to the newsletter (e.g. about products in your basket or which we recommend based on the product category you viewed most recently).

When you subscribe to the newsletter, certain information such as your e-mail address shall be collected. We process this information in order to confirm your subscription and to deliver the newsletter. Additionally, we shall store this information to serve as evidence for the purposes of filing, exercising or defending against legal claims. If you also participate in customer surveys, we shall process the data collected through the survey for market research purposes.

When you use the form on the website to subscribe to and unsubscribe from our newsletter, the browser you are using on your device will send certain information such as your IP address to the server of our website for technical reasons. We shall process this information in order to provide the form on the website to subscribe to and unsubscribe from our newsletter.

More detailed information about this is available below:

Information about the personal data we process

Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Newsletter form HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you open the form for subscribing to and unsubscribing from our newsletter on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Newsletter subscription data.Data we collect when you subscribe to the newsletter. This includes the following information: E-mail address, first name and surname and potentially your title, whether you would like to receive the newsletter with content for men or women. Newsletter subscribers.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to send you the newsletter. We shall store these data for as long as you remain subscribed to our newsletter. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes.
Newsletter opt-in data.Log data which are generated for technical reasons when you subscribe to and unsubscribe from the newsletter. This includes the date and time of your subscription to the newsletter, the date and time the subscription e-mail was sent as part of the double opt-in procedure, the date and time your subscription was confirmed as part of the double opt-in procedure, the IP address of the device used to confirm the subscription and the date and time you unsubscribe from the newsletter, if applicable.Newsletter subscribers.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to send you the newsletter.We shall store these data for as long as you remain subscribed to our newsletter. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes.
Market research dataInformation we obtain through customer surveys for market research purposes in order to analyse the satisfaction of our customers in a pseudonymised manner, for example, and improve the content of our website. Newsletter subscribers.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out surveys or analyses for market research purposes. We shall store these pseudonymised data for up to 38 months. Additionally, we shall store these anonymised data in order to evaluate them for internal statistical purposes.
Segment profile dataInformation we collect from your click behaviour in order to send personalised newsletters such as a basket abandonment e-mail (products you have added to your basket but not purchased). Your click behaviour shall only be collected if you also consent to marketing cookies in the cookie banner. (section E.I. for more detailed information about the personal data we process.) Newsletter subscribers.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out personalisation based entirely on click behaviour. One year.
Basket abandonment data.Information from click data which is sent to remind you about products that are still in your basket. This includes products you have added to your basket and similar products. (section B.II.1 for more detailed information about the content of the cookies.) Generated independently.-We store these data as part of your click history for one year.

Details about the processing of personal data

Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
To provide the form on the website to subscribe to and unsubscribe from our newsletter: Newsletter form HTTP data are processed temporarily on our web server for this purpose. Newsletter form HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user. Hosting provider, e-mail newsletter provider, system and service e-mail provider.
To provide a form which enables you to subscribe to our newsletter on social networks.Newsletter form HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the content accessed by the user on social networks. Transmission service provider, e-mail newsletter provider, system and service e-mail provider.
To guarantee the security of the IT infrastructure used to provide the form, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks): Data are stored temporarily in log files on our web server and evaluated for this purpose. Newsletter form HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the form, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting provider, e-mail newsletter provider, system and service e-mail provider.
Double opt-in procedure to confirm the subscription: For this purpose, we send an e-mail asking you to confirm the e-mail address you provided when you registered. A subscription will only be activated when the subscriber confirms the e-mail address by clicking on the confirmation link in the e-mail. Newsletter subscription data, newsletter opt-in data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in documenting your consent to receive the newsletter for legal reasons. System and service e-mail provider.
To send the newsletter to the e-mail address provided by the subscriber. The newsletter contains information about the products and services of Marc O’Polo Einzelhandels GmbH (e.g. clothing, footwear and accessories, bags, children’s fashion, living or the MARC O’POLO MEMBERS scheme including cross-channel services), including information about currently trending products, special events, invitations to take part in customer surveys, special offers or competitions. We shall use your name to address you in person and control gender-specific content in our newsletter. Through your orders from our online store (section C) or as part of our MARC O’POLO MEMBERS programme (section E), we can tailor the content of the newsletter (where we have such data) precisely to you (e.g. based on your purchase history or Memberry points). If, in addition to your newsletter subscription, you have consented to marketing in our data privacy and cookie settings (section B.II), we will add even more customised content to the newsletter (e.g. about products in your shopping basket or which we recommend based on the product category you viewed most recently). If we also have your consent to marketing, we can then send you a newsletter about products you have added to your basket but not ordered (these are known as basket abandonment e-mails). Newsletter subscription data, newsletter opt-in data. We also use the following categories of data for personalisation purposes: - The categories you most recently viewed, clicked on and added to your basket - The products you most recently viewed, clicked on and added to your basket - Your last purchase, the total price in your basket, the number of products and the products you purchased. No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent). If, when you subscribed to the newsletter, you did not consent to the personalisation of newsletter content, the content shall be personalised on the basis of point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in tailoring the newsletter to your interests. (However, content is only personalised as described herein on the basis of your surfing habits on our website if you consent to marketing in our data privacy and cookie settings in addition to subscribing to the newsletter (section B.II).) E-mail newsletter provider, communication agency.
To carry out customer surveys for market research purposes and pseudonymised analyses of market research data in order to develop and improve the content of our website. Market research data.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in the development and improvement of our website.Survey agency.
Storage and processing to serve as evidence for the purposes of filing, exercising or defending against legal claims.Newsletter subscription data, newsletter opt-in data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in filing, exercising or defending against legal claims. E-mail newsletter provider, system and service e-mail provider.

Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider ● Hosting CRM currently: Microsoft Ireland Operations Ltd (South County Business Park, Dublin, D18, Ireland) ● Hosting online store currently: (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor.EU and USA. EU and USA. There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Microsoft has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR. There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. ABOUT YOU has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
E-mail newsletter provider Emarsys eMarketing Systems AG Hans-Fischer-Strasse 10 80339 Munich, Germany Processor.EU and UK.-
System and service e-mail provider (currently: Amazon SES, Amazon Web Services EMEA SARL, 5 rue Plaetis, Luxembourg, L-2338, Luxembourg). Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Amazon has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Survey agency (currently: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) Processor.EU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. SurveyMonkey has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Communication agency (currently: Defacto relations GmbH, Am Pestalozziring 1-2, 91058 Erlangen, Germany). Processor. Germany (EU)-
Transmission service provider from social networks Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA Processor.USA (‘Google’).There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Zapier has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.

E. Information on the processing of personal data of participants in the customer loyalty scheme

Information about the processing of personal data of participants in the customer loyalty scheme

We operate the MARC O’POLO MEMBERS customer loyalty scheme (the ‘Customer Loyalty Scheme’). In connection with the operation of the Customer Loyalty Scheme, we process the personal data of participants in the Customer Loyalty Scheme, especially in order to provide the web applications in the online store in which the participants can provide their data to register for the Customer Loyalty Scheme, to carry out the double opt-in procedure, to operate a customer database, to provide the services of the Customer Loyalty Scheme as described in part C of the GTC and on the website, to carry out customer surveys, to send advertising by post, to send Customer Loyalty Scheme communications by post, e-mail or phone, to guarantee IT security in the online store, as evidence or in order to comply with statutory storage obligations. Where you have consented to this, we shall also process your data in order to send personalised promotional content on the channels you have selected, to carry out a personalised analysis of your affinity with MARC O’POLO products and to show you personalised banner adverts.

Brick-and-mortar stores which are operated by us or our sales partners participate in the Customer Loyalty Scheme (participating brick-and-mortar stores are hereinafter referred to collectively as ‘Physical Stores’). An overview of our current Physical Stores is available in our store finder at www.marc-o-polo.com/stores. You can use the store finder to display the closest stores to a given location or post code. The Physical Stores which are participating in the Customer Loyalty Scheme have graphic icons next to them in the overview of your search results in the store finder. Additionally, our German national store participates in the Customer Loyalty Scheme and is available online at www.marc-o-polo.com/de-de/ or in the Physical Stores through an end device (the version of the German national store that is available in the Physical Stores through an end device is referred to below as the ‘Store Version’). The Physical Stores and the German national store, including the Store Version, are also referred to collectively as ‘Participating Stores’ below.

More detailed information about this is available below:

Information about the personal data we process

Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Customer master dataMandatory data which you provide when you register for the Customer Loyalty Scheme: Title, first name, surname, date of birth, postal address, e-mail address, password. If you have received a preliminary customer card (a pre-card) in a Physical Store, also: Customer card number and the Physical Store where you provisionally registered.Participants in the customer loyalty scheme. The customer master data must be provided in order to participate in the Customer Loyalty Scheme. If you do not provide these mandatory details, you will be unable to participate in the Customer Loyalty Scheme. We shall store these data for as long as you remain part of the customer loyalty scheme. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of four years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
We shall set the Physical Store where you joined the Customer Loyalty Scheme as your favourite store in your customer account. We shall also use your postal address to determine the closest Physical Store and factory outlet to your home and store this information in our customer database. Additionally, we assign a personal member number to every participant in the Customer Loyalty Scheme. Generated independently.-
Registration log dataLog data which we collect when you register for the Customer Loyalty Scheme. These data include: The country, language and date of your registration as well as the Participating Store where you registered.Generated independently.-We shall store these data for as long as you remain part of the Customer Loyalty Scheme. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of four years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes.
Participant detailsInformation the participant provides in the customer account or when placing an order in the German national store. This includes your contact data (first name and surname), your phone number, your date of birth, your e-mail address, your billing and delivery addresses and payment methods, your preferred channels of communication and promotional content, your favourite store, whether or not you want to collect points as part of the Customer Loyalty Scheme and the wish list you have created in the German national store.Participants in the Customer Loyalty Scheme.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide certain features of the customer account or tailor our adverts on the basis of your participant details. We shall store these data for as long as you remain part of the Customer Loyalty Scheme. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Purchase history Information about your purchases if you identify yourself as a participant in the Customer Loyalty Scheme when you make a purchase in a Physical Store or when you enter your log-in details in the German national store. This includes information about the items you have purchased (article name, article number, quantity, size, colour, price, currency, payment method and number of points collected) as well as the location (online store or country, city and branch for Physical Stores) and date of each purchase and the delivery status.Participating stores-We shall store these data for as long as you remain part of the Customer Loyalty Scheme. Additionally, we shall store these anonymised data in order to evaluate them for internal statistical purposes.
Article dataInformation about your choice of products which we require in order to provide the extended ordering and reservation options described in the GTC. This includes information about each of your chosen items (article number, colour, size, price) and the transaction number. Generated independently.-We shall store these data as part of your purchase history if you have joined the Customer Loyalty Scheme. Additionally, we shall store these anonymised data in order to evaluate them for internal statistical purposes.
Customer service enquiry data Information you share with us in your customer service enquiries by phone or via the online contact form, e.g. the subject and background of your enquiry.Participants in the Customer Loyalty Scheme.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to personalise our adverts and purchasing advice on the basis of the data. We shall store these data for as long as you remain part of the Customer Loyalty Scheme. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of four years from the end of the year in which you left the scheme or until the end of any ongoing legal disputes.
HTTP dataLog data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you visit the online store: IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit.Participants in the Customer Loyalty Scheme.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Online user profile dataData we generate with your consent using marketing technology from Emarsys (--> section B.II) and personalisation technology from Adnymics (--> section B.IV) and allocate to your customer profile. These include data relating to how you use the website, especially pages you visit, the frequency of your visits, the time you spend on pages you open, information about articles you have viewed and/or added to your basket or the wish list in your customer account, technical data about the device you are using (especially your browser version and device number), as well as your (click) responses to our adverts. Generated independently.-We shall store these data for as long as you remain part of the Customer Loyalty Scheme.
Service usage dataInformation about the nature and scope of the services you use as part of the Customer Loyalty Scheme, especially the extended ordering and reservation options you use and the vouchers you redeem. Generated independently-We shall store these data for as long as you remain part of the customer loyalty scheme.
Segment profile data Allocation to participant segments which we generate by analysing customer master data, participant details, purchase history, customer service enquiry data, online user profile data and service usage data. This includes the following segment categories: Purchase activity (lead, new, active, inactive, lost), willingness to make a payment (zero, basic, full return, good, top, unknown), purchase frequency (zero order, single order, slow shopper, medium shopper, heavy shopper), discount affinity, channel preference, product preference, last purchase category. Generated independently.-We shall store these data for as long as you remain part of the customer loyalty scheme.
Market research dataInformation we obtain through customer surveys for market research purposes in order to analyse the satisfaction of our participants in a pseudonymised manner, for example, and improve the content of our scheme. Participants in the Customer Loyalty Scheme.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to carry out surveys or analyses for market research purposes. We shall store these pseudonymised data for up to 38 months. Additionally, we shall store these anonymised data in order to evaluate them for internal statistical purposes.
Advert management dataInformation about consent you have granted to advertising as well as any objections to advertising. This includes the object, date and time of the declaration of consent, the IP address of the device used to grant the consent as well as the object, date and time of any withdrawal of consent or objection to processing of personal data for advertising purposes. Participants in the Customer Loyalty Scheme.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to take your consent or objections to advertising into consideration. We shall store these data for as long as we have your consent or as long as we carry out advertising without consent on the basis of the information sent to you about that advertising in each case. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you withdrew your consent or we ended the advertising measure in question, or until the end of any ongoing legal disputes.

Details about the processing of personal data

a) Processing of personal data on a legal basis
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
To provide the web applications in the online store so you are able to send us your data to register for the Customer Loyalty Scheme.HTTP data, customer master data, registration log data.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in providing the website content accessed by the participant.Hosting service provider, online store developer
To operate a customer database in which we administrate and update customer master data and participant details.Customer master data, participant details.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in operating a structured customer database in order to optimise our administration of customer data.Hosting service provider, communication agency.
To provide the extended ordering and reservation options. In connection with the reservation and collection options for items you have selected in the German national store as described in sections 2.4.1 and 2.4.2 of part C of the GTC, we shall share the article data required to hold the articles (article number, colour, size, transaction number, article price) and the customer master data required to identify and notify you with the Physical Store that is holding the article(s) you want. We shall then notify you by e-mail that your articles are being held. If you make use of the option described in section 2.4.4 of part C of the GTC to place online orders in the German national store using a device in the Physical Stores, the employees in the Physical Stores will be able to see the customer master data and participant details in your customer account for the purposes of assisting you with your order and/or logging into your customer account. Article data, customer master data, participant details.No automated decision-making takes place.Performance of a contract (point (b) of Article 6(1) GDPR).Physical Stores.
To provide the features of the customer account and a user-friendly ordering process in the German national store. We shall use the e-mail address and password you provided during the registration process as log-in details for your customer account. You can manage your customer master data, participant details, advertising preferences and wish list with ease in your customer account. If you are logged in to your customer account when you place an order in the German national store, the information requested during the order process (e.g. your billing address) shall automatically be filled in with the data stored in the customer database in order to make the ordering process even more convenient for you. On the basis of your purchase history, we provide you with an overview of your previous purchases in participating stores in your customer account and display the processing and delivery status of orders you have placed in the German national store. Customer master data, participant details, purchase history, HTTP data, payment data. No automated decision-making takes place.Performance of a contract (point (b) of Article 6(1) GDPR).Hosting service provider, online store developer.
To record your purchase history in participating stores in order to calculate your voucher points and display the points in your customer account.Purchase history, customer master data.No automated decision-making takes place.Performance of a contract (point (b) of Article 6(1) GDPR).Participating stores.
To calculate your points and issue and post the voucher obtained with the points.Customer master data, purchase history.No automated decision-making takes place. Performance of a contract (point (b) of Article 6(1) GDPR).Mail service provider, communication agency.
To provide a customer hotline where you can check your current points and ask about other information, e.g. relating to your membership, special events and offers or new collections. The employees on the customer hotline can access your data in the customer database so as to be able to offer you the best possible advice.All data described in section E.1.No automated decision-making takes place.Performance of a contract (point (b) of Article 6(1) GDPR).Customer service provider.
To send information about the elements of the Customer Loyalty Scheme as well as relevant, personalised adverts for our own offers (e.g. information about MARC O‘POLO, product information, newsletters, invitations to take part in customer surveys, exclusive offers or invitations to take part in competitions, events and offers from participating stores) by post. We use the postal address you provided when you registered for the Customer Loyalty Scheme or added as your billing address in your customer account for this purpose. We use the title and name you provided when you registered in order to address you personally and show gender-specific content in our promotional material. We use your date of birth to send you personalised birthday wishes and information tailored to your age. We use the store in which you registered, stores near to the address you provided (if you have done so) or your favourite store in your customer account to send you invitations to events and offers in connection with the store. We use your participant details, purchase history, service usage data and segment profile data to send you content tailored to your personal preferences. Customer master data, segment profile data, Advert management data. No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in using the postal address for direct marketing.Mail service provider, lettershop, communication agency.
To provide information by post, e-mail or phone, where the information is necessary to the Customer Loyalty Scheme or the services performed in connection with it (‘Scheme Communication’). In particular, the Scheme Communication encompasses e-mails, phone calls and information by post in order to confirm your registration, notifications about your points or information about the organisational processing of your purchases or services you have utilised, e.g. notifications about receipt of an order or reservation in a Physical Store, handling complaints or till errors, information about the tailoring and alternation service or in order to arrange exclusive shopping dates.Customer master data, participant details, article data.No automated decision-making takes place.Performance of a contract (point (b) of Article 6(1) GDPR).Physical Stores, system and service e-mail provider, lettershop, mail service provider, communication agency.
To carry out customer surveys for market research purposes and pseudonymised analyses of market research data in order to develop and improve the content and features of the Customer Loyalty Scheme. Market research data.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in the development and improvement of the Customer Loyalty Scheme.Survey agency, hosting service provider, online store developer.
To guarantee the security of the IT infrastructure used to provide the online store, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Data are stored temporarily in log files on our web server and evaluated for this purpose. HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the online store, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting service provider, online store developer.
Storage to serve as evidence for the purposes of filing, exercising or defending against legal claims.Customer master data, e-mail opt-in data, registration log data, participant details, customer service enquiry data, Advert management data. No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in filing, exercising or defending against legal claims.Customer service provider
Accurate accounting and storage in order to comply with contractual and legal storage obligations, especially under tax and commercial law.Customer master data, participant details.No automated decision-making takes place.To comply with a legal obligation (point (c) of Article 6(1) GDPR), especially to meet the legal requirements of proper accounting and legal storage obligations, especially under tax and commercial law. Additionally, the legal ground is the performance of a contract to which the data subject is party (point (b) of Article 6(1) GDPR). Customer service provider
b) Processing of personal data on the basis of your consent
Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
To send information about the elements of the Customer Loyalty Scheme as well as relevant, personalised adverts for our own offers (e.g. information about MARC O‘POLO, product information, newsletters, invitations to take part in customer surveys, exclusive offers or invitations to take part in competitions, events and offers from participating stores) through the communication channels selected by the participant (post, e-mail, SMS, WhatsApp or by phone). For this purpose, we use the current information we have stored in our customer database. You can select or modify the channels of communication at any time in your customer account. We use the title and name you provided when you registered in order to address you personally and show gender-specific content in our promotional material. We use your date of birth to send you personalised birthday wishes and information tailored to your age. We use the store in which you registered, stores near to the address you provided (if you have done so) or your favourite store in your customer account to send you invitations to events and offers in connection with the store. We use your participant details, purchase history, online user profile data, service usage data and segment profile data to send you content tailored to your personal preferences. Additionally, we shall send you reminder e-mails if you do not complete orders in the online store or there are still articles on your wish list in the customer account. Customer master data, participant details, online user profile data, purchase history, service usage data, segment profile data. No automated decision-making takes place.Consent (point (a) of Article 6(1) GDPR).E-mail service provider, survey agency, lettershop, mail service provider, communication agency.
To individually analyse Customer Loyalty Scheme participants’ affinity with MARC O‘POLO products in order to personalise adverts and tailor them to the interests of the participants. We use various analytical methods which enable us to personalise the adverts in the most effective manner possible and tailor them to your personal interests which we derive from all of the information stored in our customer database. We also evaluate findings we obtain from the marketing and personalisation technology of Emarsys and Adnymics (--> section B.II and B.IV) which we use on our website. By personalising adverts, we want to make sure that you mainly receive information that we consider particularly interesting to you. Online user profile data, segment profile data, Order and returns data (--> section C.1). No automated decision-making takes place.Consent (point (a) of Article 6(1) GDPR).Survey agency.

Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting service provider ● Hosting CRM currently: Microsoft Ireland Operations Ltd (South County Business Park, Dublin, D18, Ireland) ● Hosting online store currently: (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor EU and USA. EU and USA. There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Microsoft has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR. There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. ABOUT YOU has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
E-mail service provider (currently: Emarsys eMarketing Systems AG, Hans-Fischer-Str. 10, 80339 Munich, Germany). Processor.Germany (EU)-
System and service e-mail provider (currently: Amazon SES, Amazon Web Services EMEA SARL, 5 rue Plaetis, Luxembourg, L-2338, Luxembourg) ProcessorEU and USA.There is no adequacy decision from the European Commission in the sense of Article 45(3) GDPR. Amazon has standard contractual clauses (SCC) which have been adopted in accordance with Article 46 GDPR.
Physical Stores / participating stores (where these are operated by sales partners) An overview of our currently participating Physical Stores is available in our store finder at www.marc-o-polo.com/stores. You can use the store finder to display the closest stores to a given location or post code. The Physical Stores which are participating in the Customer Loyalty Scheme have graphic icons next to them in the overview of your search results in the store finder. Processors, where they assist with the services of the Customer Loyalty Scheme described in part C of the GTC and on the website, especially the extended ordering and reservation options described in section 2.4.1, 2.4.2 and 2.4.4 of part C of the GTC or Scheme Communication. The Physical Stores are the controllers with regard to the collection and transfer of your purchase history to us. Germany (EU)-
Survey agency (currently: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) ProcessorDublin (Ireland) – European Union (EU)-
Customer service provider (currently: Ströer X GmbH, Georgiring 3, 04103 Leipzig). Processor.Germany (EU)-
Mail service provider (currently: Deutsche Post AG (Charles-de-Gaulle-Str. 20, 53113 Bonn, Germany) and UPS, United Parcel Service (Deutschland S.à r.l. & Co. OHG, Görlitzer Str. 1, 41456 Neuss, Germany). ControllerGermany (EU)-
Lettershops (currently: optilyz GmbH, Neue Schönhauser Str. 19, 10178 Berlin and Elanders GmbH, Anton-Schmidt-Str. 15, 71332 Waiblingen). Processor. Processor. EU. EU.- -
Communication agency (currently: Defacto relations GmbH, Am Pestalozziring 1-2, 91058 Erlangen, Germany). Processor.Germany (EU)-
Online store developer: MOBIZCORP EUROPE LTD. Viernheim office, August-Bebel-Strasse 26 68519 Viernheim Germany Processor.Germany (EU)-
E-mail sender: Emarsys eMarketing Systems AG, Hans-Fischer-Str. 10, 80339 Munich, Germany Processor.Germany (EU)-

F. Information about the processing of personal data of users of our customer service

Information about the processing of personal data of users of our customer service

On the website, we provide you with the means of contacting our customer service via a contact form or chat. Furthermore, we provide you with the means of speaking with a customer service employee on our customer hotline or contacting our customer service by e-mail.

We process the information you provide to our customer service in order to process your enquiry, such as questions about an order. Additionally, we might store the information as evidence for the purposes of filing, exercising or defending against legal claims or in order to comply with statutory storage obligations, especially those imposed by tax and commercial law. If you are a verified participant in our Customer Loyalty Scheme, we shall also store these data for 12 months from the date on which your enquiry was closed so as to be able to take it into consideration if you make any further enquiries.

Where necessary in order to process your enquiry, we shall also make use of any other information we might already have in connection with your orders in the online shop (section C) or your participation in our Customer Loyalty Scheme (section E).

When you use the contact forms / chat on the website, the browser you are using on your device will send certain information such as your IP address to the server of our website for technical reasons. We process this information in order to provide the contact forms / chats on the website and ensure the security of the IT infrastructure used to provide them.

In order to measure the quality of our customer service, we generate aggregated evaluations of the nature of an enquiry and of the time taken to process each one. With your consent, we shall also record your phone conversations with our customer service staff and evaluate these recordings in order to improve our customer service.

More detailed information about this is available below:

Information about the personal data we process

Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you access contact forms or chats on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referring URL) and the date and time of your visit.Users of the website.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
E-mail dataLog data which are generated for technical reasons when e-mails are received. This includes the date and time of the e-mail, the e-mail address, IP addresses and information about the servers involved in the e-mail correspondence. Users for e-mail correspondenceThe provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, you will be unable to contact us by e-mail. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to seven days unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Enquiry data.Data you share with our customer service in contact forms on the website, in chat, by phone or by e-mail in connection with enquiries. This includes the information you send us over the channel of communication in question. It can include the following data in particular: Your name, date of birth, address, phone number, e-mail address and the content of your enquiry. Customer service users.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to process your enquiry. Data shall be stored until we finish handling your enquiry. If you become a verified participant in our Customer Loyalty Scheme, we shall also store the data as customer service enquiry data for up to 12 months (section E). We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of 12 months from the date on which your enquiry was closed or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
This includes our own documentation of your enquiry such as summaries of the communication between you and us, phone logs and, in the case of enquiries in writing (i.e. the contact form and e-mail), our assessment of the nature and urgency of the enquiry.Generated independently.-
Phone dataThis includes log data such as your phone number and the duration of the call. Customer hotline users.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, you will be unable to contact us by phone. We shall store the data for as long as necessary in order to achieve the purposes described below.
Phone recording dataThis includes the recording of the phone calls between you and our customer service as well as documentation of your consent and the transcript of the conversation which is automatically generated from the recordingsCustomer hotline users.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we cannot use the data to improve our customer service. We shall store the data for as long as necessary in order to achieve the purposes described below.

Details about the processing of personal data

Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipients
To provide our contact and chat forms on the website and receive enquiries on these channels. HTTP data are processed temporarily on our web server for this purpose. HTTP data, Enquiry data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user. CRM service provider Also for the contact form: Hosting provider.
To guarantee the security of the IT infrastructure used to provide the form, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Data are stored temporarily in log files on our web server and evaluated for this purpose. HTTP data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the form, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting provider.
To provide a customer hotline and receive enquiries by phone. Log data are processed temporarily on our systems for this purpose. Phone data, Enquiry data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing a customer hotline so as to offer personal advice. Customer service provider.
To provide an e-mail system in order to make it possible to contact our customer service and receive enquiries by e-mail. Log data are processed temporarily on our systems for this purpose. E-mail data, Enquiry data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing an e-mail system in order to make it possible to contact our customer service. E-mail service provider
To measure the quality of our customer service: We generate aggregated evaluations of the nature of an enquiry and of the time taken to process each one in order to determine how long it takes on average for our customer service staff to process each type of enquiry. These aggregated evaluations do not contain any personal data relating to our customers. Phone data, enquiry data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in measuring the quality of our customer service. . CRM service provider, customer service provider
To process your enquiry. If you are a verified customer, we can retrieve stored data concerning you in order to process the enquiry. For example, this might be your purchase history in order to process a return. In the case of written enquiries (i.e. the contact form and e-mail), we perform an automated evaluation of the nature and urgency of enquiries in order to prioritise the order in which we process them. For this reason, our system identifies certain key words in the enquiry in order to evaluate the nature of the enquiry (e.g. a question about an order or advice about a product) and its urgency on the basis of the ‘mood’ of the wording. Enquiry data Depending on the enquiry in question, potentially also the following data concerning your orders, even if you check out as a guest: Contact details, Shipping data, Order data, Customer data, Transaction e-mail data, Order and return values, Advert management data (for more details, see section C.1) Depending on the enquiry in question, potentially also the following data concerning your participation in our Customer Loyalty Scheme: Customer master data, Participant details, Purchase history, Article data, Customer service enquiry data, Service usage data, Segment profile data, Advert management data (for more details, see section E.1) No automated decision-making takes place.Where your enquiry concerns a contract to which you are party or steps prior to entering into a contract: Point (b) of Article 6(1) GDPR (performance of a contract or in order to take steps prior to entering into a contract). Otherwise: Point (f) of Article 6(1) GDPR (balance of interests). In this case, we have a legitimate interest in processing your enquiry efficiently. Customer service provider, CRM service provider
To record and evaluate telephone calls in order to improve our customer service: With your consent, we record your phone calls with our customer service and automatically convert the audio recordings into transcripts. We evaluate these transcripts automatically – and in some cases manually – and use the findings to train our customer service employees. We do not process any personal data relating to our customers for such training. Phone recording dataNo automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Customer service provider
Storage and processing to serve as evidence for the purposes of filing, exercising or defending against legal claims.Enquiry data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in filing, exercising or defending against legal claims. Customer service provider.
Storage of data in order to comply with statutory storage obligations, especially those imposed by tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB). Enquiry data.No automated decision-making takes place.Point (c) of Article 6(1) GDPR (compliance with a legal obligation).Customer service provider.

Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRole of the recipientTransfer to third countries and/or to international organisationsAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider. (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor.EU.-
CRM service provider (currently: Microsoft Ireland Operations Ltd, South County Business Park, Dublin, D18, Ireland) Processor.EU.-
Customer service provider (currently: Ströer X GmbH, Georgiring 3, 04103 Leipzig, Germany) Processor.EU.-
E-mail service provider (currently: Emarsys eMarketing Systems AG, Hans-Fischer-Strasse 10, 80339 Munich, Germany) Processor.EU.-

G. Information about the processing of personal data of participants in our competitions

Information about the processing of personal data of participants in our competitions

From time to time, we offer the chance to participate in various competitions on our website and potentially other channels (e.g. postcards). We shall process the information you provide in each participation form (which may be auto-completed for subscribers to reminder e-mails) in order to execute the competition in question and award each prize in accordance with the relevant terms and conditions of participation which you have accepted.

In some competitions, we also give you the chance to subscribe to reminder e-mails in which we notify you about our competitions, as described in more detail in each subscription form. We shall process the information obtained in this manner in order to confirm your subscription and send the reminder e-mails.

We shall also store the information obtained in connection with your participation in competitions or subscription to reminder e-mails as evidence for the purposes of filing, exercising or defending against legal claims, and potentially to comply with statutory storage obligations, especially those imposed by tax or commercial law.

When you participate in competitions or subscribe to reminder e-mails on our website (e.g. competition or registration forms), the browser you are using on your device will send certain information such as your IP address to the server of our website for technical reasons. We process this information in order to provide the forms on the website. Additionally, the information is stored temporarily in a server log file in order to guarantee the security of the IT infrastructure used to provide the website. When you use forms like this on our website, you are often also given the opportunity to subscribe to our newsletter. For more detailed information about how your personal data are processed in connection with the newsletter, see section D of this privacy policy.

Below you will find more detailed information about how your personal data are processed in connection with your participation in competitions and subscription to reminder e-mails on our website:

Details about the processing of personal data

Categories of personal data we processPersonal data in the categoriesSources of dataObligation to make the data availableDuration of storage
Form HTTP data.Log data which are generated by the Hypertext Transfer Protocol Secure (HTTPS) for technical reasons when you open forms in order to participate in a competition or subscribe to competition reminder e-mails on the website. These data include your IP address, the type and version of your browser, your operating system, the page you visited, the page you were on previously (referrer URL) and the date and time of your visit. Competition participants (only when they enter the competition using a form on our website, e.g. competition or registration forms).The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to provide the website content you wish to access. Data are stored in server log files in a format which makes it possible to identify the data subjects for up to six weeks unless a security incident occurs (e.g. a denial-of-service attack). If a security incident does occur, server log files shall be stored until the security incident has been overcome and fully investigated.
Participant form data. Data you share with us in the participation form for a competition. This includes the information you provide to us in each participation form and we need in order to execute the competition in accordance with the terms and conditions of participation that you have accepted. The specific data that we ask for depend on the competition in which you are participating. We normally collect your name and e-mail address at the very least. We also collect other data depending on the type of competition, and will provide you with information about such data in each participation form. Competition participants.You must provide these data in order to participate in a competition. No obligation to make the data available exists. If you do not provide the data, you will be unable to participate in the competition. Data shall be stored until the end of the competition in question. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Winner data.Additional data you share with us because you have won a competition. This includes information we need in order to award the prize such as your full name, address, clothes or shoe size and whether or not you have accepted the prize. Winners of a competition.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to deliver your prize. Data shall be stored until the end of the competition in question. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Prize data.Data about the prizes won by each winner. This includes information about what winner won which prize. Generated independently.-Data shall be stored until the end of the competition in question. Additionally, we shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you shared the data with us or until the end of any ongoing legal disputes. Furthermore, we shall store the data for longer if we are subject to a statutory storage obligation, especially under tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB).
Reminder e-mail subscription data. Data we collect when you sign up for any reminder e-mails about our competitions. This includes the following information: E-mail address, title, first name, surname. Subscribers to reminder e-mails.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the mandatory information, we will be unable to send you reminder e-mails. We shall store these data for the period of time indicated in the subscription form for the reminder e-mail in question. This period of time normally matches the period of time indicated in the terms and conditions of participation for the competition in question. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you left the scheme or in which the period of reminder e-mails ended, or until the end of any ongoing legal disputes.
Reminder e-mail opt-in data.Log data which are generated for technical reasons when you subscribe to and unsubscribe from reminder e-mails. This includes the date and time of your subscription to the reminder e-mail, the date and time the subscription e-mail was sent as part of the double opt-in procedure, the date and time your subscription was confirmed as part of the double opt-in procedure, the IP address of the device used to confirm the subscription and the date and time you unsubscribe from the reminder e-mails, if applicable. Subscribers to reminder e-mails.The provision of data is not required by law or by a contract and is not necessary for the conclusion of a contract. No obligation to make the data available exists. If you do not provide the data, we will be unable to send you any reminder e-mails. We shall store these data for the period of time indicated in the subscription form for the reminder e-mail in question. This period of time normally matches the period of time indicated in the terms and conditions of participation for the competition in question. We shall store these data as evidence for the purposes of filing, exercising or defending against legal claims for a transition period of three years from the end of the year in which you left the scheme or in which the period of reminder e-mails ended, or until the end of any ongoing legal disputes.

Details about the processing of personal data

Purpose of the processing of personal dataCategories of personal data we processAutomated decision-makingLegal grounds and legitimate interestsRecipient
Only when they enter the competition using a form on our website, e.g. competition or registration forms: To provide (potentially auto-completed) forms for participation in a competition and the form for subscribing to reminder e-mails on the website: Data are processed temporarily on our web server for this purpose. If you have subscribed to a reminder e-mail and opened the participation form by clicking on the participation link in your reminder e-mail, we shall auto-complete the participation form with the data you provided when you subscribed to the reminder e-mail. For this purpose, we attach a randomly generated (hash) value to the participation links so as to be able to associate it with your reminder e-mail subscription data. You can make changes to the data at any time before you submit the participation form. Form HTTP data, potentially reminder e-mail subscription data. No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in providing the website content accessed by the user. Hosting provider.
Only when they enter the competition using a form on our website, e.g. competition or registration forms: To guarantee the security of the IT infrastructure used to provide the competition participation forms and reminder e-mail subscription forms, especially to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks): Data are stored temporarily in log files on our web server and evaluated for this purpose. Form HTTP data,No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in guaranteeing the security of the IT infrastructure used to provide the forms, especially so as to identify, combat and document disruptions in a legally sound manner (e.g. DDoS attacks). Hosting provider.
To register for each competition and determine the winners of each competition in accordance with the terms and conditions of participation that you have accepted.Participant form data, prize data.Winners are drawn at random. The prize draw is performed automatically with no human intervention. Point (b) of Article 6(1) GDPR (performance of a contract or in order to take steps prior to entering into a contract).Hosting provider.
To notify winners and provide the prizes in accordance with the terms and conditions of participation that you have accepted.Participant form data, winner data, prize data.No automated decision-making takes place. Point (b) of Article 6(1) GDPR (performance of a contract or in order to take steps prior to entering into a contract).Potentially the delivery company.
Double opt-in procedure to confirm a subscription to reminder e-mails: For this purpose, we send an e-mail asking you to confirm the e-mail address you provided when you registered. A subscription will only be activated when the subscriber confirms the e-mail address by clicking on the confirmation link in the e-mail. Reminder e-mail subscription data, reminder e-mail opt-in data.No automated decision-making takes place.Point (f) of Article 6(1) GDPR (balance of interests). We have a legitimate interest in documenting your consent to receive reminder e-mails for legal reasons. Hosting provider.
To send reminder e-mails to people who have signed up for reminder e-mails. We use the optional information you provide when you register in order to address you by name in the reminder e-mails. Reminder e-mail subscription data, reminder e-mail opt-in data.No automated decision-making takes place.Point (a) of Article 6(1) GDPR (consent).Hosting provider.
Storage and processing to serve as evidence for the purposes of filing, exercising or defending against legal claims.Participant form data, winner data, prize data, reminder e-mail subscription data, reminder e-mail opt-in data.No automated decision-making takes place.Balance of interests (point (f) of Article 6(1) GDPR). We have a legitimate interest in filing, exercising or defending against legal claims.-
Storage of data in order to comply with statutory storage obligations, especially those imposed by tax or commercial law. Depending on the nature of the documents, we may be obliged to store the data for six or ten years in accordance with tax and commercial law (Section 147 AO and Section 257 HGB). Participant form data, winner data, prize data.No automated decision-making takes place.Compliance with a legal obligation (point (c) of Article 6(1) GDPR).-

Details about the recipients of personal data and the transfer of personal data to third countries and/or international organisations

RecipientRole of the recipientHeadquarters of the recipientAdequacy decision or appropriate or adequate guarantees for transfers to third countries and/or international organisations
Hosting provider (currently: ABOUT YOU GmbH, Domstrasse 10, 20095 Hamburg, Germany). Processor.EU-
Delivery company Arvato distribution GmbH, Carl-Bertelsmann-Str. 32, 33330 Gütersloh, Germany Processor.EU-
System and service e-mail provider (currently: Amazon SES, Amazon Web Services EMEA SARL, 5 rue Plaetis, Luxembourg, L-2338, Luxembourg). Processor.EU-

H. Information about the use of cookies

General information about cookies

We use cookies in connection with our website and the products and services provided on our website. We use the processing and storage features of the browser on your device and collect information from your browser cache. More detailed information about this is available below.

Session cookiesCookies which are erased automatically when you close your browser.
Persistent cookiesCookies which remain on your device for a period of time after you close your browser.
Cookies whose sole purpose is to transmit a communication over an electronic communications network.
Cookies which are exempt from consent Cookies which are strictly necessary in order to provide an information society service explicitly requested by the subscriber or user (‘strictly necessary cookies’).
Cookies which require consentCookies for all other purposes than those described above.
First-party cookiesCookies which are stored and read by the operator of the website as the controller or by a processor engaged by the operator of the website.
Third-party cookiesCookies which are stored and read by other controllers than the operator of the website who are not acting as processors on behalf of the operator of the website.

Administration of the cookies used on this website

1. Consent to the use of cookies and administration of cookies through the privacy and cookie settings

Where the use of certain cookies requires the consent of the user, we shall only use those cookies when you use the website if you have previously consented to it. For information about whether the use of a cookie requires consent, see the information about the cookies used on this website in section G.III of this privacy policy.

When you visit our website, a cookie banner will appear in which you can click on a button to consent to the use of cookies on this website. By clicking on the designated button, you can consent to the use of all cookies described individually in section G.III of this privacy policy. Alternatively, you can click on the button Cookie Settings to make a custom selection of cookies and make changes to your selection at a later date. Likewise, we shall store your consent and any individual selection of cookies you make in the form of a cookie (an opt-in cookie) on your device in order to determine whether you have already granted consent if you visit the website again in future. The opt-in cookie has a limited validity period of six months.

Strictly necessary cookies cannot be deactivated using the cookie administration tool on this website. However, you can deactivate such cookies at any time through your browser settings.

2. Administration of cookies through browser settings

You can also manage the use of cookies in your browser settings. Different browsers provide different means of configuring the cookie settings in the browser. For example, you can find more detailed information about this at https://www.allaboutcookies.org/manage-cookies/

However, please note that some of the features of the website might no longer work properly or at all if you deactivate all cookies in your browser.

Cookies used on this website

1. Essential cookies for use of the website for informational purposes.

These cookies do not require consent.

NameFirst party / third partyPurpose and contentPeriod of validity
About You Cloud
privacyFirst partyThis cookie is necessary to provide the administrative tool for granting consent with regard to the website (section B.I). This cookie stores information about whether you have granted consent and on what dates in order to activate the relevant tools and cookies in line with your consent. Two weeks if you have not consented to all cookie settings. Six months otherwise
ai_sessionFirst partyThis cookie is linked with Microsoft Application Insights which collects statistical usage and telemetry data for applications developed on the basis of the Azure cloud platform. It is a unique, anonymous cookie for identifying sessionsOne day
ai_userFirst partyThis cookie is linked with Microsoft Application Insights which collects statistical usage and telemetry data for applications developed on the basis of the Azure cloud platform. It is a unique, anonymous cookie for identifying sessionsOne day
csmopbFirst partyThis cookie stores your basket. Necessary for store functionalityFour weeks
csmcgFirst partyThis cookie stores the customer segment of the MARC O’POLO customer.Four weeks
csmopatFirst partyCookie storage checkout authentication token in order to obtain customer dataFour weeks
csmoprFirst partyA cookie which Reco stores (Dynamic Yield or Amazon Web Services)Six months
csmoprsFirst partyA cookie which stores the Reco session (DY or AWS)Session
csmopwFirst partyA cookie which stores information about your wish listFour weeks
csmtcFirst partyA cookie which stores your chosen main categories (men and women)Four weeks
csmiaFirst partyA cookie which checks whether you are logged into your accountFour weeks
csmabFirst partyCookie for AB test assignment (eShop and/or DY)Four weeks
csmabs First Party Cookie for the AB-Test assignment four weeks
langFirst partyA cookie which identifies the user languageFour weeks
privacy-opt-out-performanceFirst partyThis cookie contains information about the approval ratings of the selected categoriesFour weeks
customerStubFirst partyA cookie which recognises customers at the checkout in order to show returning customers an auto-completed registration form. Is only activated at the checkout and not on the store pageSix weeks

2. Marketing cookies for the use of marketing technology and advertising networks

These cookies require your consent.

Google Ads remarketing cookies These cookies are used by the web tracking tool Google Ads Remarketing which strategically targets users of the website for the purposes of (re)targeting (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
NID SID DIE IDE ANID DSID FLC AID TAID exchange_uid __gads gac First partyThese cookies are used by the Google Ads remarketing pixel, a web tracking tool which strategically targets users of the website (this is known as (re)targeting; see section B). We have incorporated the Google Ads remarketing pixel into our store; when a visitor visits our store, the pixel is loaded and it stores a cookie (tag) in the user’s browser to tag that user. Information is stored in the cookie depending on what pages of the store the customer has visited; if, for example, the customer has viewed various products, this information is stored so product adverts can be shown to the customer on other websites. In this case, the product IDs are stored in the cookie. In general, we add the product ID, the price, the page type and the number of products to the cookies for this reason. Besides the cookie settings on our website, the user can deactivate personalised advertising from Google in general: https://adssettings.google.com/authenticated Persistent: 60 days
Microsoft Advertising These cookies are used by the web tracking tool Microsoft Advertising which strategically targets users of the website for the purposes of (re)targeting ( section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
MUID MUIDB Third partyThese cookies are used by the Google Ads remarketing pixel, a web tracking tool which strategically targets users of the website (this is known as (re)targeting; see section B). We have incorporated the Google Ads remarketing pixel into our store; when a visitor visits our store, the pixel is loaded and it stores a cookie (tag) in the user’s browser to tag that user. Information is stored in the cookie depending on what pages of the store the customer has visited; if, for example, the customer has viewed various products, this information is stored so product adverts can be shown to the customer on other websites. In this case, the product IDs are stored in the cookie. In general, we add the product ID, the price, the page type and the number of products to the cookies for this reason. Besides the cookie settings on our website, the user can deactivate personalised advertising from Microsoft Ads in general: https://support.microsoft.com/en-us/microsoft-edge/microsoft-edge-browsing-history-for-personalized-advertising-and-experiences-37aa831e-6372-238e-f33f-7cd3f0e53679 One year
Criteo cookies These cookies are used by the web tracking tool Criteo which strategically targets users of the website for the purposes of (re)targeting (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
ASP.NET_SessionidThird partyThe session ID is used to identify a browser on the server unequivocally.Session
r.ackThird partyA cookie which is mainly used for Safari.1 hour
uidThird partyIdentifies users for the purposes of remarketing (displaying dynamic banners with the most important product-specific recommendations on the basis of statistical data and data collected through surfing)One year
optoutThird partyOpt-out cookie. Enables the user to opt out of the Criteo service.Five years
uicThird partyIdentifies the context of the user, e.g. what stage of the purchase process the user is in, if the user has viewed one or more products or if a product has been added to the basket. It enables us to evaluate, for example, how likely the user is to make a purchase on the basis of his or her browser history and actions on the website.Six months
evtThird partyEvent cookie. This contains information about the last page visited on our website. It is used in the product recommendation during the banner display process.Six months
udcThird partyDynamic inventory selection. It contains a list of sellers where the user is profitable and supports tagging and de-tagging functionality. Criteo works with a very large number of sellers in Germany. A seller usually has one or more websites on which Criteo displays its adverts. De-tagging a user means that a user who, for example, has purchased a product is de-tagged for that product.Six months
acdcThird partyAdvanced Criteo data collection. It contains (optional) additional data in connection with the user, e.g. whether the user is visiting the website from a mobile or stationary end device. It is used to improve campaign performance continuously.Six months
zdiThird partyPassback loop detection. This registers how often a user triggers a passback in a zone of a publisher. Publishers are a variety of marketers within our network where we display adverts for our customers.Six months
eidThird partyExternal ID. This contains the user ID of our publishers/marketers. It is used to sell our mid-market inventory. We have a variety of marketers in our network. If it is not used, it is our policy to re-sell the inventory we have purchased.Six months
optThird partyThe opt cookie contains information about whether a user has opted out of our service or the service of one of the marketers on our network and therefore no longer wishes to receive personalised adverts.One year
Mediards cookies These cookies are used by the web tracking tool Mediards which strategically targets users of the website for the purposes of (re)targeting (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
Tr.mediards.com mdrds Third partyThis cookie stores the following: · PageLanguageCode (dede) · Product IDs · OrderID · OrderValue · Currency and · the page URL. 90 days
Facebook pixel cookies These cookies are used on our website for the Facebook pixel (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
c_userFirst partyIs used together with the xs cookie to authenticate your identity with Facebook (user ID).90 days
datrFirst partyBrowser ID and time stamp Identifies the browser for the purposes of security and website integrity, including account restoration and the identification of potentially compromised accounts. Persistent: Two years
sbFirst partyBrowser ID and time stamp Identifies the browser for the purposes of log-in authentication Persistent: Two years
wdFirst partyScreen or window dimensions Makes it possible to optimise the display on the user’s monitor Persistent: Seven days
xsFirst partySession ID, creation time, authentication value, secure session status, caching group ID. Is used together with the C_user cookie to authenticate the identity of the user with Facebook.Persistent: 90 days
Esome container (conversion tracking with Facebook) These cookies are used by the web tracking tool Facebook which is incorporated into the website by means of the Esome container to evaluate user actions (conversion tracking), segment visitors and evaluate campaign performance (see section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
Activate Agent segmentationFirst partyEach of these cookies may store the following: · Time stamp · Unique ID to recognise returning visitors 365 days
Facebook audiencesFirst party365 days
Daisycon cookies, only NL These cookies are used by the advertising network operated by Daisycon to advertise our products as effectively as possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
PHPSESSIDThird partyGuarantees the unique nature of the visitor and measures whether the click generates a transaction for the advertiser during the session.One year
DCI, PDC Third partyGuarantees the unique nature of the visitor and measures whether the click generates a transaction for the advertiser during a 30-minute session.One year
ci_{program_ID} , ca_{program_ID} , si_{program_ID}Third partyMeasures whether the click generates a transaction for the advertiser.One year
__cfduid Third partyThis cookie uses the service Cloudflare to capture secure Internet traffic. It is placed for the advertiser when you click and is retrieved with the conversion pixel. One year
Awin These cookies are used by the advertising network operated by Awin to advertise our products as effectively as possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
bIdThird partyDefines a browser-specific ID in order to identify a new click in the same browser.One year
aw***** (Although the cookie name is different for every advertiser, the letters are ‘aw’ followed by an ID representing the advertiser, e.g. aw1001.) Third partyActivates when you click on one of our links. It stores IDs for referring websites, adverts you click on, groups of adverts to which the advert belongs, the time you clicked on it, the ID of the type of advert, the ID of the product and all references which the referring website adds to the click.30 days
AWSESSThird partyStores when you see an advert in order to ensure that we do not always show you the same advert. An ID for the advert you have seen. Expires at the end of the session when you close your browserSession
awpv***** (Although the cookie name is different for every advertiser, the letters are ‘aw’ followed by an ID representing the advertiser, e.g. awpv1001.) Third partyActivates when you see an advert. Stores an ID for the website on which the advert is displayed and the time when you saw the advert.24 hours
_aw_m_***** (Although the cookie name is different for every advertiser, the letters are ‘aw’ followed by an ID representing the advertiser, e.g. _aw_m_1001.) Tracking cookies which are used by the advertiser for AWIN in the advertiser’s domain. Third partyActivates when you click on one of our links. It stores IDs for referring websites, adverts you click on, groups of adverts to which the advert belongs, the time you clicked on it, the ID of the type of advert, the ID of the product and all references which the referring website adds to the click.30 days
Tracdelight cookies These cookies are used by the advertising network operated by Tracdelight to advertise our products as effectively as possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
Click cookies (parameters: revenue, OID, publisher advertising space, click time, transaction time) td.oo34 First partyThe cookie contains a randomly generated ID which tracdelight links with the information from the affiliate link (publisher, advertiser, product).Persistent: 30 days.
Google Ads conversion pixel cookies These cookies are used the Google Ads conversion pixel, a web tracking tool which evaluates user actions (conversion tracking) (see section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
Conversion AID DSID TAID First partyThese cookies are used the Google Ads conversion pixel, a web tracking tool which evaluates user actions (conversion tracking) (see section B.II). They contain placeholders for the following information: · Unique ID to recognise returning visitors · Page type (e.g. order confirmation page, product details page, basket), · Order number · Net basket price (excluding delivery costs, excluding VAT, excluding payment costs, excluding vouchers) · Product numbers and prices The conversion pixel stores the purchasing and surfing habits of users. This includes the following information: · What product the customer purchased and at what price · What pages the customer navigated to · What was the total price of products in the basket This information is used to gauge the success of the adverts (e.g. whether the use of banners and videos generated revenue). Additionally, these data are used to pseudonymised customers and add them to retargeting lists in order to show them personalised adverts or exclude them from campaigns (e.g. excluding men from a campaign for women). (see also ‘Google Ads remarketing cookies’ above) Persistent: 60 days
Doubleclick/Floodlight These cookies are used by the web tracking tool Doubleclick/Floodlight which strategically targets users of the website for the purposes of (re)targeting and conversion tracking (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
DSIDThird party Campaign optimisation.14 days
IDEThird partyContains a randomly generated user ID. Google can use this ID to recognise the user across various websites and domains and show personalised adverts.One year
vscr_vidThird party Campaign optimisation.One year
_fbpThird party Campaign optimisation.30 days
Tectumedia These cookies are used by the web tracking tools Google, Display.me, Mervellousmachine, mpnrs.com and Doubleclick which are incorporated into the website by means of the Tectumedia container (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
dsply_nth_3749Third partyCampaign optimisation.One year
dsply_nin_3793Third partyCampaign optimisation.One year
dsply_dlkl_3793Third partyCampaign optimisation.Six months
dsply_ost_3749Third partyCampaign optimisation.One year
dsply_ost_3793Third partyCampaign optimisation.Six months
dsply_kc_3749Third partyCampaign optimisation.One year
dsply_kc_3793Third partyCampaign optimisation.One year
dsply_dlkl_3749Third partyCampaign optimisation.One year
dsply_vidThird partyCampaign optimisation.One year
ataThird partyCampaign optimisation.One year
Outbrain These cookies are used by the advertising network operated by Outbrain to advertise our products as effectively as possible, including displaying personalised, interest-based adverts and paying for the advertising campaigns with our promotional partners (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
OBUIDThird partyContains the pseudonymised user ID of the user and is used to track user actions, e.g. to click on an advert, conversion tracking or to carry out retargeting campaigns.Three months
AUIDThird partyContains the pseudonymised user ID of the user and is used to track user actions on mobile devices, e.g. to click on an advert, conversion tracking or to carry out retargeting campaigns.90 days
Pinterest These cookies are used on our website for the Pinterest Pixel (section B.II). At the time this privacy policy was generated, the following cookies were used for this purpose. In the meantime, our advertising partner might have added new cookies or modified the purposes, content and durations of storage of its cookies within its own field of responsibility. Therefore, for more information, please also refer to the privacy policy of our advertising partner; a link can be found in section B.II.
_pin_unauthFirst partyUsed by Pinterest to track how users use the services.One year
_pinterest_sessThird party. www.pinterest.comThe Pinterest login cookie is used to store the log-in status of a user in a browser. It is updated when a user logs into Pinterest (or logs out). This cookie contains the Pinterest ID of the user (a random pseudonymised integer) as well as the user’s authentication token (if the user is logged into Pinterest).Session
_pinterest_ct, _pinterest_ct_mw, _pinterest_ct_rtThird party. www.pinterest.comThese are identical in terms of content; they only contain a user ID and the time stamp that was generated for the cookie.One year
Emarsys eMarketing Systems AG
scarab.visitorFirst partyBrowser-ID – Identifies the browser for the purposes of log-in authenticationOne year
cdvThird partyBrowser-ID – Identifies the browser for the purposes of log-in authenticationOne year
scarab.profileFirst partyInformation about the user profile, searched products etc. as well as script performance metrics (load/run speed etc.) – these cookies are encryptedOne year
xpThird partyInformation about the user profile, searched products etc. as well as script performance metrics (load/run speed etc.) – these cookies are encryptedOne year
scarab.mayAdd & scarab.mayViewedFirst partySession cookies which we use to track click paths and articles in the basket.Duration of the web session
sThird partySession cookies which we use to track click paths and articles in the basket.Duration of the web session

3. Analytics cookies for web analytics technologies

These cookies require your consent.

Artefact Triple A cookies
meta_{ID KAMPAGNE}, ({ID KAMPAGNE} stands for an identification number which represents the corresponding market (e.g. Germany or Austria).) First partyThese cookies are used by the web analytics tool Google Analytics to capture and analyse user behaviour on our website in order to improve the website (see section B). They contain placeholders for the following information: · Country code, e.g. AT, DE, CH · Unique ID to recognise returning visitors · Order number Persistent: 30 days.
meta[RF1] _{ID KAMPAGNE}s ({ID KAMPAGNE} stands for an identification number which represents the corresponding market (e.g. Germany or Austria).) First party· Net basket price (excluding delivery costs, excluding VAT, excluding payment costs, excluding vouchers) · Number of products in the basket · Product numbers · Product categories · Size of the products · Status as new or existing customer · Payment method (invoice, cash on delivery, credit card, PayPal, iDeal) · Whether or not a voucher has been used, voucher code, type and value · Whether or not the user has subscribed to the newsletter · Gender Transient.
Google Analytics cookies These cookies are used by the web analytics tool Google Analytics to capture and analyse user behaviour on our website in order to improve the website (see section B).
_gaFirst partyThis cookie contains a unique visitor ID and is used to tell users apart.Persistent: Two years.
_gidFirst partyThis cookie contains a unique visitor ID and is used to tell users apart.Persistent: 24 hours.
_gatFirst partyThis cookie is used to throttle the demand rate.Transient.
__utmaFirst partyThis cookie stores the number of visits by every visitor and the date and time of the first visit, earlier visits and the current visit.Persistent: Two years.
__utmtFirst partyThis cookie is used to throttle the demand rate.Transient.
__utmbFirst partyThis cookie is used to track how long a visitor spends on a website, i.e. when the visit starts and ends. The cookie stores the time when a visitor accesses a page. Transient.
__utmcFirst partyThis cookie is used to track how long a visitor spends on a website, i.e. when the visit starts and ends. The cookie stores the time when a visitor leaves a page. Persistent: 30 minutes.
__utmvFirst partyThis cookie stores the visitor category to which a user belongs.Persistent: Two years.
__utmzFirst partyThis cookie stores the source or campaign which explains how a user has arrived on the website.Persistent: Six months.
dw_dntFirst partyControls client-side JavaScript for Commerce Cloud tracking featuresSession
dw_dntFirst partyControls client-side JavaScript for Commerce Cloud tracking featuresSession
__cq_dntFirst partySFCC RecoSession
__cq_segFirst partySFCC Reco predictive sorting1 month
dwac_*First partyStores data for analytical purposes.Session
Google Optimize
_gaexpYour domain (First party) Is used for trial purposes to check whether the browser allows cookies. Does not contain any identifying features.90 days
_opt_utmcYour domain (First party) This cookie stores information about the marketing campaign through which a user has arrived at the website most recently.24 hours
_opt_awcidYour domain (First party) Contains a randomly generated user ID. Google can use this ID to recognise the user across various websites and domains and show personalised adverts.24 hours
_opt_awmidYour domain (First party) This cookie is used when a user clicks on a Google advert to arrive at the website. It contains information about the person from whose customer account the advert was served.24 hours
_opt_awgidYour domain (First party) This cookie is used when a user clicks on a Google advert to arrive at the website. It contains information about the advertising campaign to which the advert belongs.24 hours
_opt_awkidYour domain (First party) This cookie is used when a user clicks on a Google advert to arrive at the website. It contains information about the selection criteria under which the advert was served, e.g. what keyword was typed into Google.24 hours

4. Personalisation cookies for personalisation technologies

These cookies require your consent.

adnymics GmbH
AWSALBThird partyThe click and buying behaviour of users is analysed so a parcel insert containing personalised product recommendations can be generated for each user if an order is placed.13 months
AWSALBCORSThird party13 months
Epoq-Cookies
eqeFirst partyThe epoq recommendation tool is used to optimise our website in order to make your visit to the site a personal experience through tailored recommendations and content. We use the page content the user has accessed to recommend comparable or related products or other content that may be relevant to them.Persistent: 30 days
eqsidFirst partySession
__cfduidFirst partyPersistent: 365 days
Saiz
ARRAffinitySameSiteFirst partyThe ARRAffinitySameSite cookie is used to evenly distribute usage requests of the widget so that the SAIZ widget always loads quickly.20 Minutes
AB Tasty
AB TastyFirst partyThe AB Tasty cookie is used to send test data (user ID, test and variant IDs and time stamps).13 months
ABTastySessionFirst partyThe AB Tasty session cookie is used to send information about the start, duration and end of the session. Session-based
Fittingbox
LastSessionUuid First PartyThis ID is used to track whether the user had already started the Virtual Try On module before.Session-based
fitstateFirst PartyThis cookie identifies whether the user is using a photo or the camera mode for Virtual Try On. Session-based
dataPrivacyTermsAcceptedFirst Party The user has accepted the privacy notice.30 minutes
dataPrivacyTermsAnswerExpiration_dateFirst PartyPeriod during which you can use Virtual Try On indefinitely without a privacy notice reappearing. 30 minutes

I. Information on the rights of data subjects

Information about the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

● Right of access (Article 15 GDPR)

● Right to rectification (Article 16 GDPR)

● Right to erasure (‘right to be forgotten’) (Article 17 GDPR)

● Right to restriction of processing (Article 18 GDPR)

● Right to data portability (Article 20 GDPR)

● Right to object (Article 21 GDPR)

● Right to withdraw consent (Article 7(3) GDPR)

● Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

If you wish to exercise your rights, you can contact us using the information provided in section A.

For information about any particular methods and mechanisms that make it easier for you to exercise your rights, especially your rights to data portability and to object, please refer to the information about how personal data are processed in sections B to F of this privacy policy.

Below you will find more detailed information about your rights with regard to the processing of your personal data:

Right to rectification

As a data subject, you have a right to rectification in line with the requirements of Article 16 GDPR.

In particular, this means that you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you, as well as the right to have incomplete personal data completed.

For full details about your right to rectification, please refer to Article 16 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right of access

As a data subject, you have a right to access information in line with the requirements of Article 15 GDPR.

In particular, this means that you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If this is the case, you also have a right to information about these personal data and to the information set out in Article 15(1) GDPR. In particular, this information includes the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipient to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15(1) GDPR).

For full details about your right of access, please refer to Article 15 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to erasure (‘right to be forgotten’)

As a data subject, you have a right to erasure (‘right to be forgotten’) in line with the requirements of Article 17 GDPR.

This means that you have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase personal data without undue delay where one of the grounds set out in Article 17(1) GDPR applies. For example, this can be the case when personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17(1) GDPR).

Where we have made the personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data (Article 17(2) GDPR).

In an exceptional case, the right to erasure (‘right to be forgotten’) does not apply to the extent that the processing is necessary for the reasons set out in Article 17(3) GDPR. For example, this can be the cast where the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (b) and (e) of Article 17(3) GDPR).

For full details about your right to erasure, please refer to Article 17 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to restriction of processing

As a data subject, you have a right to restriction of processing in line with the requirements of Article 18 GDPR.

This means that you have the right to obtain from us restriction of processing if one of the criteria set out in Article 18(1) GDPR is met. This can be the case, for example, if you contest the accuracy of the personal data. In this case, processing shall be restricted for a period enabling us to verify the accuracy of the personal data (point (a) of Article 18(1) GDPR).

Restriction means the marking of stored personal data with the aim of limiting their processing in the future (Article 4(3) GDPR).

For full details about your right to restriction of processing, please refer to Article 18 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to data portability

As a data subject, you have a right to data portability in line with the requirements of Article 20 GDPR.

This means that you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR, and the processing is carried out by automated means (Article 20(1) GDPR).

For information about whether processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR, please refer to the information about the legal grounds on which processing is based in sections B to F of this privacy policy.

In exercising your right to data portability, you also have the right to have the personal data transmitted directly from us to another controller, where technically feasible (Article 20(2) GDPR).

For full details about your right to restriction of processing, please refer to Article 20 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to object

As a data subject, you have a right to object in line with the requirements of Article 21 GDPR.

We shall expressly make you aware of your right to object when we first communicate with you at the very latest.

More detailed information about this is available below:

Right to withdraw consent

If processing is based on consent in accordance with point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, you, the data subject, have the right to withdraw your consent at any time pursuant to Article 7(3) GDPR. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. We shall make you aware of this before you grant consent.

For information about whether processing is taking place on the basis of consent in accordance with point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, please refer to the information about the legal grounds on which processing is based in sections B to F of this privacy policy.

J. Information about the terminology from the General Data Protection Regulation used in this data protection information

Information about the terminology from the General Data Protection Regulation used in this data protection information

The definitions of the terminology used in this privacy policy are the same as in the General Data Protection Regulation.

For full details about the definitions in the General Data Protection Regulation, please refer to Article 4 GDPR at http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Below you will find more detailed information about the most important key terms of the General Data Protection Regulation on which this privacy policy is based:

● ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

● ‘Data subject’ is the identified or identifiable natural person to whom personal data relate;

● ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

● ‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

● ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

● ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

● ‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

● ‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

● ‘International organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

● ‘Third country’ means a country that is not a Member State of the European Union (EU) or European Economic Area (EEA);

● ‘Special categories of personal data’ means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

K. Status and changes to this privacy policy

Status and changes to this privacy policy

This privacy policy is dated 01/03/2021.

Due to technical advancements and/or changes to statutory and/or official requirements, it might become necessary to amend this privacy policy.

The current version of the privacy policy is always available at www.marc-o-polo.com.