Marion Heinrich GmbH
Website Data Protection Notice
Last revised [14.02.2019]
Marion Heinrich GmbH – see below in Section 7 for Contact Information – (“Marion Heinrich” or “we” or “our”) take data privacy seriously. This Website Data Protection Notice (“Notice”) informs the users of [marion-heinrich.com] (“Website”) how Marion Heinrich, as controller within the meaning of the General Data Protection Regulation (“GDPR”), collects and processes the personal data and other information of such users in connection with their usage of the Website.
Note that for other Marion Heinrich services or other relationships with users, suppliers or customers other privacy terms may apply. This Notice does not apply to third-party sites which may be linked to from this Website.
- Categories of Personal Data, Processing Purposes and Legal Bases
- Consequences When You Do Not Provide Your Data
- Categories of Recipients and International Transfers
- Retention Periods
- Your Rights
- Cookies and other Tracking Technologies
- Questions and Contact Information
1. Categories of Personal Data, Processing Purposes and Legal Bases – What personal data do we process about you and why? What are the legal bases?
- Usage Data: In connection with your visit of the Website we will collect the following information: E.g., details on your browser (such as type, version, language); operating system and interface; website from which you are visiting us (referrer URL); webpage(s) you are visiting on our Website; date and time of accessing our Website and time zone difference; access status/HTTP status code; volume of data transferred; internet protocol (IP) address; whether you are 18 years or older; information gathered via cookies (see below Section 6 for further information on Cookies). Data transmitted to us by your browser is automatically stored in server statistics. These are:
Purposes: Usage Data will be used to provide you access to the website and to maintain or restore the security of the Website, or to detect technical faults and/or errors in the transmission of electronic communications.
- The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6(1)(f) GDPR). Such interests are to provide you with the website as requested by you and to achieve the other purposes as set out above. Additional information on this legal basis and the respective balancing of interest can be requested by contacting us using the details as set out in Section 7.
- The processing is necessary for the performance of a contract (e.g., the usage relationship) to which you are a party or in order to take steps at the request of you prior to entering into a contract (Art. 6(1)(a) GDPR).
(ii) Account and Order Data: If you register an account on our Website and/or order a product or a service, we may process the following data about you: E.g., name; email address; password; billing and shipping address (including company, if applicable), date of birth, payment details (e.g., credit card information); type and amount of product; purchase price, order date; order status; product returns; customer care requests; correspondence; certain communication we receive from you.
Purposes: Account and Order Data will be used for account administration; providing the desired products or services; carry out the contractual relationship, the transaction and the product order; providing customer care services; compliance with legal obligations; defending, establishing and exercising legal claims; providing you with marketing materials (to the extent permitted by applicable law).
The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6(1)(f) GDPR). Such interests are to create and administer your account as requested by you and to achieve the other purposes as set out above. Additional information on this legal bases and the respective balancing of interest can be requested by contacting us using the details as set out in Section 7.
(iii) Newsletter Data: If you request to receive our newsletter, we collect and process the following personal data about you: E.g., name; email address and request to receive marketing emails.
Purposes: Newsletter Data will be used for providing the newsletter and other marketing materials (to the extent permitted by applicable law).
- You have given your consent to the processing of your personal data for one or more specific purposes (Art. 6(1)(a) GDPR). If you have given your consent, you can withdraw this consent at any time as set out in Section 5. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6(1)(f) GDPR). Such interests are to achieve the purposes as set out above. Additional information on this legal basis and the respective balancing of interest can be requested by contacting us using the details as set out in Section 7.
2. Consequences When You Do Not Provide Your Data – What happens if you choose not to provide it?
The provision of your personal data is generally not required by a statutory or contractual obligation. However, the provision of certain of your personal data is necessary to visit our Website, to enter into a contract with us or to receive our services or products as requested by you. In certain cases, the provision of your personal data is voluntary.
Not providing your personal data may result in disadvantages for you – for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
3. Categories of Recipients and International Transfers – Who do we transfer your personal data to and where are they located?
You should expect that we will transfer your personal data to (internal and external) recipients for the processing purposes described above as follows:
- Within Marion Heinrich GmbH.
- With data processors: Certain third party service providers such as IT support providers will receive your personal data to process such data under appropriate instructions (“Processors”) as necessary for the processing purposes described above, such as IT / Website service providers, customer care providers, marketing service providers, or other service providers who support us in maintaining our relationship with you. The Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed. A list with all currently engaged Processors can be found here: Steuerkanzlei Mattern, Fellowtech GmbH, Futura Retail Solutions AG, Paysquare SE Wordline Company, DigiQon, Markus Westenhuber Webdesigner München.
- Other recipients: We may transfer – in compliance with applicable data protection law – personal data to law enforcement agencies, governmental authorities, judicial authorities, legal counsel, courts, external consultants, shipping service providers, payment service providers, or other business partners. In case of a corporate merger or acquisition, personal data may be transferred to the third parties involved in the merger or acquisition.
Any access to your personal data is generally restricted to those individuals that have a need-to-know in order to fulfill their job responsibilities.
(ii) International transfers
You should expect that the recipients above which will receive or have access to your personal data, are located inside or outside the European Economic Area (“EEA”).
- For recipients located outside of the EEA, some are certified under the EU-U.S. Privacy Shield and others are located in countries with adequacy decisions pursuant to Art. 45 GDPR. Those recipients are located in the USA (if certified under the EU-U.S. Privacy Shield) and [insert other adequacy countries of recipients], and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective.
- Other recipients are located in countries which do not adduce an adequate level of protection from a European data protection law perspective (in particular, the USA (if not certified under the EU-U.S. Privacy Shield), [insert other third countries of recipients not covered by an adequacy decision]). We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law.
With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as binding corporate rules (Art. 46(2)(b), 47 GDPR), standard data protection clauses adopted/approved by the European Commission or by a supervisory authority (Art. 46(2)(c) or (d) GDPR), approved codes of conduct together with binding and enforceable commitments of the recipient (Art. 46(2)(e) GDPR), or approved certification mechanisms together with binding and enforceable commitments of the recipient (Art. 46(2)(f) GDPR).
You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below.
4. Retention Periods – How long do we keep your personal data?
Your personal data will be retained as long as necessary to provide you with the services and products requested. Once you have terminated the contractual relationship with us and/or you have deleted your account, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which Marion Heinrich is subject – e.g., taxation purposes).
Personal data will in principle be deleted 2 years after the last interaction and contact between you and Marion Heinrich. However, we will retain your contact details and interests in our products or services for a longer period of time if Marion Heinrich is allowed to send you marketing materials. Also, we typically erase contracts, communications, and business letters containing personal data, or we redact personal data from such documents, 10 years after their termination or creation, as such data may be subject to statutory retention requirements, which often require retention of up to 10 years.
We may also retain your personal data on a need to know basis only after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
5. Your Rights – What rights do you have and how can you assert your rights?
Right to withdraw your consent: If you have given your consent regarding certain types of processing activities (in particular regarding the receipt of certain direct marketing communications), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. You can withdraw your consent as follows [insert clear, easy instructions].
Additional data privacy rights: Pursuant to applicable data protection law, you have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data. Below please find further information on your rights to the extent that the GDPR applies. Please note that these rights might be limited under the applicable (local) data protection law.
(i) Right to request access to your personal data: As provided by applicable data protection law, you have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You also have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
(ii) Right to request rectification: As provided by applicable data protection law, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(iii) Right to request erasure (right to be forgotten): As provided by applicable data protection law, you have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
(iv) Right to request restriction of processing: As provided by applicable data protection law, you have the right to obtain from us and we may be obliged to restrict the processing of your personal data. In this case, the respective personal data will be marked and may only be processed by us for certain purposes.
(v) Right to request data portability: As provided by applicable data protection law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those personal data to another entity without hindrance from us, where the processing is carried out by automated means and is based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR.
(vi) Right to object:
Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us, and we are required to no longer process your personal data. Such right to object especially applies if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for certain types of direct marketing.
If you have a right to object and if you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below.
Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
To exercise your rights, please contact us as stated under Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority in the relevant Member State (e.g., the place where you reside, work, or of an alleged infringement of the GDPR).
Some of our website uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can block and/or manage many ad cookies using the following services:
In this section we inform you about the use of Google Analytics on our website.
This website uses functions of the web analysis service Google Analytics together with the supplement Tagmanager as well as Double Click depending on the campaign. It is based on our legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO to provide our interested parties and customers with suitable information and product recommendations. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
However, if IP anonymisation is activated on this website, your IP address will be truncated by Google in advance within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator in connection with website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
The legally appropriate level of data protection is guaranteed by Google through an EU-US Privacy Shield certification visible to every person.
Google Analytics cookies are automatically deleted after a specified period of time.
You can easily enable or disable Google’s personalized advertising in your advertising preferences. These settings are stored in your Google Account (if you’re signed in) or in your browser (if you’re not signed in).
Alternatively, you can install a browser plug-in to disable personalized advertising. https://support.google.com/ads/answer/7395996
If you use this browser plug-in, you will still see as many ads as before on the websites you visit. Only personalized advertising is disabled. As a result, the ads are no longer tailored to your interests.
We have integrated the font service Google Fonts into our website. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To apply the font, requests to the Google Fonts API are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. Requests for CSS assets are cached for one day. This allows us to update a stylesheet to refer to a new version of a font file when it is updated, and ensures that all websites that use fonts hosted by the Google Fonts API use the most current version of each font within 24 hours of each release. The font files themselves are cached for one year.
Legal basis for the integration are our legitimate interests according to art. 6 para. 1 lit. f DSGVO to improve the performance, maintainability and accessibility of our site. The possibility that we forward from our offer to the offer of another provider is provided by law according to § 13 Abs. 5 TMG.
The legally appropriate level of data protection is guaranteed by Google through an EU-US Privacy Shield certification for every person visible.
We have integrated the map service Google Maps into our website. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). With regard to data processing, an agreement has been concluded with Google.
When a page with an integrated map is called up, your IP address, information about the browser you are using and its settings and screen resolution are transmitted. In addition, Google uses various cookies for settings, security, processes, advertising, session status and analytics. If you are logged into your Google account, you enable Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your account before visiting our website.
The legal basis for the integration of the map is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to provide you with attractive information on our locations and to facilitate the planning of your journey to us. The possibility that we forward from our offer to the offer of another provider is provided by law according to § 13 Abs. 5 TMG.
Google’s legally appropriate level of privacy protection is guaranteed by an EU-US Privacy Shield certification that can be viewed by any person.
If you contact us for a request via a contact form by e-mail, post or fax or by contacting us, the information you provide or the notes we take will be processed for the purpose of processing the request and for possible follow-up questions and, if necessary, forwarded to the responsible person. This is done on the basis of your consent pursuant to Art. 6 Para. 1 lit. a DSGVO or to fulfil the contract pursuant to Art. 6 Para. 1 lit. b DSGVO.
Post, fax, e-mails and social media contributions and messages that you have not publicly transmitted to us, as well as our notes on telephone calls, are checked at least every two years to see whether the storage of your enquiries is still necessary for follow-up questions. If your data is no longer required, its processing will be limited and it will still be stored in accordance with the statutory storage obligations.
If you have communicated with us via social media or by means of a public comment function with the knowledge of the public or parts thereof, you can decide on the duration of the publication yourself or ask us for deletion. If, after deletion, we still have copies of the data, these will be limited in processing and retained in accordance with the statutory storage obligations.
If you use our mobile services, the basis is your consent according to Art. 6 para. 1 lit. a DSGVO, we may process your mobile phone number, the brand and model of your mobile phone, the operating system used and data about your network operator. We record the language selected on your device, the language selected in the app and the country. We need this information to provide you with the features and services of our mobile services and to manage them. Our mobile services also access your location in order to show you the nearest shop. In addition, we link your mobile phone number with a unique identifier in order to conduct market research and statistically analyze the use of our app within the framework of our legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO.
With a separate consent, we can also use your data for advertising SMS, voice messages or market studies.
Your personal data will be deleted with your revocation or in the event of a justified objection. However, if this data is still subject to legal retention periods, your data will be limited in processing until the expiry of the periods.
Newsletter and marketing communication
We offer you the opportunity to register for newsletters and fashion updates. The basis for this data processing is your consent in accordance with Art. 6 Para. 1 lit a DSGVO. In accordance with your wishes, we will inform you of this marketing communication by telephone, e-mail, SMS and/or letter post. This includes notifications of new products, features and improvements, special offers, upgrade opportunities, contests, interesting events and unique marketing promotions. You can unsubscribe from these updates if you wish.
We may also ask you if you would like to receive further marketing communications at a promotional event or when you attend an event sponsored by us. Our flagship boutiques may also disclose your personal information to us for marketing purposes through transmission.
All marketing content subscribed to comes exclusively from us.
You have the right by means of revocation to ask us not to use your personal data for marketing purposes without affecting the legality of the processing carried out on the basis of your consent until revocation. In principle, we offer you the possibility at any time to unsubscribe from any of the services for which you have registered or to update the associated settings if you wish to change your mind. You will find detailed instructions on how to unsubscribe in every direct marketing communication from us. Alternatively, you may unsubscribe from direct communication at any time by means of a notice in a form indicated in the contact details of the person responsible.
If you have consented to the processing of your data, we will restrict the processing of this data after your revocation and delete it after expiry of the statutory retention periods. The same applies in the event of a justified objection.
We maintain a Facebook page offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook) at https://www.facebook.com/pages/Marion-Heinrich/880080252048074 and an Instagram profile offered by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA (Instagram) at https://www.instagram.com/marion_heinrich
We respect the data sovereignty of each person and refrain from integrating active Facebook elements (e.g. Likebutton) outside our offers.
The data processing is based on your consent, Art. 6 para. 1 lit. a DSGVO, our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, to exercise our freedom of expression pursuant to Art. 5 Para. 1 GG, to choose optimal channels for addressing customers and to offer you a wide range of contact options within the meaning of § 5 Para. 1 No. 2 TMG.
In our social media channels, we create content for you and view the posts and interactions of the community on this site and profiles. We reserve the right to disclose, block or delete, if necessary, contributions and requests that violate the rights of third parties or that constitute a criminal offence or misdemeanour by transmitting them to the relevant authority or the violated third party.
We also receive statistics from Facebook and Instagram and Instagram about content views, posts, and interactions.
Links to other websites
Our website contains links to other websites. As a rule, the linked websites have their own data protection declarations where you can inform yourself accordingly. We have no influence on whether their operators comply with the data protection regulations.
7. Questions and Contact Information
If you have any questions about this Notice or if you want to exercise your rights as stated above in Section 5, please contact us at:
Residenz Street 18
80333 Munich, Germany
Phone +49 (0)89 29 25 26
Fax +49 89 291 604 16
Management: Marion Heinrich-Benz, Ulrich Berz
You can also contact our data protection officer at firstname.lastname@example.org .