We, Mey GmbH & Co. KG and its affiliated companies Mey Handels GmbH and Mey Retail GmbH (hereinafter referred to as “Mey”) are delighted that you are interested in our web presence at www.mey.com (hereinafter referred to as “web presence”) and take the requirements associated with protecting and securing your personal data very seriously.
The data protection officer/supervisor:
If you have any questions regarding data protection, or simply require further information, then please get in contact with our data protection officer/supervisor:
Mey GmbH & Co. KG
Data protection officer
Auf Steingen 6
1. PERSONAL DATA
Personal data is defined as all information that can be ascribed to an individual. It includes, for example, name, address, telephone number, email address, goods ordered, payment data and other personal data that may be required to process transactions.
2. COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
Our web presence enables you to gather information on our latest products and fantastic offers and place a direct order for goods via our online shop.
We collect, process and utilise your personal data solely within the framework of our web presence to the extent that you consent to this or that it is permitted by legislation. Data and logfiles are stored in accordance with Article 6(1)(f) GDPR. No transfer of your data to third parties will take place without the relevant legal basis. We collect and process your personal data solely within the framework of utilising our web presence within the following scope and for the following purposes:
a) Visiting our web presence
If our web presence is used for information purposes only, i.e. if you do not register, log in or otherwise transfer information to us in order to use the web presence, we do not collect any personal data, with the exception of data that your browser transfers in order to enable you to visit the web presence. This data includes: IP address, date and time of access, time zone difference to Greenwich Mean Time (GMT), content accessed (actual page), access status/HTTP status code, transferred data volumes, website from which the presence was accessed, browser, operating system and its interface, language and browser software version.
In addition to using our web presence for information purposes only, we offer additional services which may interest you. In order to use these services, you are generally required to enter further personal data, which we will then use to provide the service in question. If the option of entering additional voluntary information is available to you, these fields will be marked accordingly.
b) Use of our online shop
You can log into our online shop and use it to place a direct order for the goods you have selected. If you wish to submit an order to us, you must first enter your personal data, including your title, name, email address, date of birth and address, on the order screen, and select your delivery and payment method. You also have the option to create an account for future purchases, by selecting “Create account and save information” and entering a password on the order screen. If you are already a customer, you can simply log in using your email address and your personal password. If you place an order in our online shop, we will store the data required to fulfil the contract, including information on your payment method. We will also store information entered voluntarily by you.
As far as legally permitted, we will forward your data to the partner companies that assist us in the proper performance of contracts. For their part, these companies are obliged to comply with the applicable data protection regulations; in particular, these companies may only process data in order to complete their tasks on our behalf and only as instructed by us. The processing of data associated with the ordering process complies with Article 6(1)(b) GDPR.
You can change your login data and your customer data in the customer area of the online shop at any time; you can also manage your personal data in this area.
For further information on how we use your data for marketing purposes, please see “Use for marketing purposes”.
Cookies are used and evaluated solely for the purposes of statistical analysis and in order to optimise and design our web presence as required. We primarily use session cookies, which are deleted from your hard drive when you close your internet browser. Session cookies are used, for example, to authenticate your login and to ensure our web presence has a user-friendly design. Persistent cookies are used to save user settings once they have been configured and, in doing so, to make it easier for you to use certain services in the future. The processing of personal data by means of cookies will comply with Article 6(1)(f) GDPR.
d) Data transfer to third parties
Where required in order to provide the various services offered within the scope of the web presence, we will transfer your personal data to third parties in accordance with the prevailing legislation, e.g. in order to fulfil contractual services.
In addition, Mey uses external service providers who, for example, process data on our behalf. These external service providers are carefully selected and commissioned in writing by us. They are bound by our instructions and are regularly monitored by us.
e) Contact requests
If you have any questions about our web presence or the goods or services we offer, or if you wish to get in touch with us for any other reason, we have provided a contact form on our website. Of course, you can also contact us directly using the contact data below. In order to process your contact requests as effectively as possible, we collect, process and use the personal data you have shared with us, such as your title, name, email address and any other data you may have chosen to share.
The following data will also be stored when a message is sent:
- IP address of the user
- Date and time of the registration
f) Registering for our newsletter
You can register to receive our newsletter, which contains information on fantastic promotions, exclusive discounts and the latest Mey collections, via our web presence. We use what is known as the double opt-in process for registrations to our newsletter. Once you have entered your surname and email address in the form provided, we will send you a confirmation email with a clickable confirmation link. In this confirmation email, you are asked to confirm that you wish to receive the newsletter by clicking on the confirmation link. We will only add your email address to the newsletter distribution list once you have confirmed by clicking on the link. Your email address will be saved until you unsubscribe from the newsletter. It will only be saved for the purpose of being able to send you the newsletter. Article 6(1)(a) GDPR is the legal basis for processing personal data upon registration for the newsletter.
In order for you to receive the newsletter, you must enter your email address, surname and title. Your surname and title are used to personalise the newsletter.
Your consent to have the newsletter sent to you is voluntary and can be revoked with immediate effect at any time. At the end of each newsletter and on our web presence under the heading “Newsletter”, you can find a link which you can use to unsubscribe from the newsletter at any time.
g) Use for marketing purposes
Mey only processes and uses the personal data collected from you for the purposes of advertising or market research and opinion research to the extent permitted by law.
You may revoke your consent to have your personal data processed and used for advertising purposes and for marketing and opinion research at any time.
In such cases, please use the contact information below or send a message via the contact form available on the web presence.
If we obtain your email address when you purchase a product, we are entitled to inform you of similar products sold by us by email, provided you have not requested that we do not use your email address for marketing purposes. You may revoke consent at any time with immediate effect using the contact information below or by sending a message to us via the contact form available on the web presence, without incurring costs other than the costs of communication at the basic rates.
h) Credit assessment and scoring
If we deliver in advance of payment, for example if you make a purchase on account, we may obtain a credit report based on statistical mathematical calculations from Creditreform Boniversum GmbH, Hellersberstraße 11, 41460 Neuss, in order to safeguard our legitimate interests. For this purpose, we send the personal data required for a credit check to Creditreform; we then use the information we receive on the statistical probability of a shortfall in payment to make a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may include probability values (score values) that are calculated based on scientifically recognised mathematical and statistical methods; address data may be factored into these calculations. Your legitimate interests are always taken into account in accordance with legal regulations. You can contest the credit check at any time, and any changes will take immediate effect.
In such cases, please use the contact information below or send a message via the contact form available on the web presence. This may result in us not being able to offer you every possible payment option.
3. USE OF GOOGLE ANALYTICS
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are saved to your computer to analyse your use of the website. The information generated by the cookie concerning your use of this web presence will normally be transferred to a Google server in the USA and saved there. Google Analytics is extended on our web presence by the “anonymizeIp” code in order to guarantee an anonymous collection of IP addresses (known as IP masking). IP anonymisation is activated on this website. Your IP address originating from an EU member state or a contract partner of the European Economic Area will be truncated by Google before transmission. Only in exceptional cases is the full IP address passed on to a Google server in the USA and truncated there.
Google uses this information on our behalf to evaluate your use of the website, to produce reports on website activity, and to provide other services related to the use of the website and of the internet to Mey. Google Analytics will never link the IP address transmitted by your browser to any other Google data.
Although you can adjust your browser software to prevent the installation of cookies, please note that if you do so, you might not be able to make full use of all the features on this web presence. You can also prevent the data collected by the cookie on your use of the website (incl. your IP address) being passed to and processed by Google by Google by downloading and installing the browser plugin available via the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
4. USE OF SOCIAL PLUGINS
Our web presence contains what is known as social plugins (hereinafter referred to as “plugins”) for the following social networks:
• facebook.com, operated by Facebook Ireland Limited Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”);
• twitter.com, operated by Twitter Inc., Attn: Copyright Agent, 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA (“Twitter”); and
• plus.google.com, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The plugins are signified by a Facebook or Twitter logo. If you call up a page of our web presence that contains such a plugin, your browser will establish a direct connection to the servers of Facebook and Twitter and the plugin will be loaded from those servers. When you call up the page, the social network will also be notified that the relevant page on our website has been accessed.
We offer a two-level solution to enable you to decide when your data is collected. When you visit our web presence, the plugins are deactivated as standard; they will not send any information to the social networks unless you activate them. Before you can use the plugins, you must activate them by clicking on them. The plugin will remain active until you deactivate it or delete your cookies. For further information on cookies, see our cookie information (under “Cookie use”).
After activation, a direct connection is established with the server of the relevant social network. The content of the plugin is passed by the social networks directly to your browser, which then integrates it into the website. By clicking on the plugin, you grant consent for the social network to collect data on you. Once the plugin is activated, the social network can collect data on you, regardless of whether or not you actually interact with the plugin. If you are logged into a social network, the social network will be able to link your visit to this web presence, particularly your IP address and the URL, to your user account. The social network will not be able to link any visits to other Mey web presences unless you also activate the relevant plugin on those pages. If you are a member of a social network and you do not want the social network to link data collected on you during your visit to our web presence to your stored membership data, you must log out of the relevant social network before activating the plugin.
We have no control over the scope of the data collected on you by social networks via their plugins. For information on the purpose and extent of data collection and the further processing and use of data by the relevant social networks, as well your rights and turn-off options for the protection of your personal privacy, please refer to the data protection information provided by the social networks:
Twitter privacy statement: http://twitter.com/privacy
Google privacy statement: https://www.google.de/intl/de/policies/privacy/ or http://www.google.com/intl/de/+/policy/+1button.html
Personal data exchanged between you and Mey is transmitted via encrypted connections that correspond with the current state of the art. The data transmission in the access protected area is protected from illegal data access by third parties using TLS (Transport Layer Security). You can identify these encryption methods by the fact that the key symbol will appear in the lower menu bar of your browser window and the address begins with “https://www.”. We also employ technical and organisational security measures to protect your personal data maintained by us against accidental or intentional manipulation, loss, destruction and prevent access to such data by unauthorised persons. Mey uses a firewall system to prevent unauthorised access.
Our data processing and security measures are adapted to the current situation and requirements in line with the latest technology, and are subject to ongoing development. Our employees are required to maintain data confidentiality in accordance with Section 5 BDSG.
We are happy to share information relating to you as an individual that is held by Mey, free of charge. If you would like your data to be corrected, blocked or deleted, if you have questions or suggestions on data protection and data security, we would be happy to assist you. You may also revoke any consent you have provided for the further use of your personal data at any time and with immediate effect.
In such cases, please email firstname.lastname@example.org, refer to the contact information above or send a message via the contact form available on the web presence.
7. RIGHTS OF THE DATA SUBJECT
If Mey processes your personal data, you are the data subject according to Article 4(1) GDPR and have the following rights vis-à-vis Mey:
7.1 Right of access
Under Article 15 GDPR, you have the right to ask us to confirm whether or not we are processing personal data that concerns you. If we are processing your personal data, you can ask us for the following information:
- the purposes of the processing
- the categories of your personal data that we are processing
- the recipients or categories of recipients to whom we have disclosed or will disclose your personal data
- (where possible), the envisaged period for which we will store your personal data, or, if this is not possible, the criteria used to determine that period
- the existence of the right to request the correction or deletion of the personal data concerning you or the existence of the right to restrict our processing or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- any available information about the source of the data if the personal data has not been obtained from you
- the existence of automated decision-making, including profiling, (Article 22(1) and (4) GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences for you with regard to such processing
- You have the right to request information about whether or not personal data concerning you is being transferred to a third country or to an international organisation. In this context, you have the right to be informed about the appropriate safeguards under Article 46 GDPR relating to the transfer
7.2 Right to correction
Under Article 16 GDPR, you have the right to ask us to correct inaccurate personal data concerning you and/or have this data completed.
7.3 Right to deletion
Under Article 17 GDPR, you have the right to ask us to delete your personal data without undue delay. We are obliged to delete your data without undue delay if one of the following grounds applies:
- your personal data is no longer required for the purposes for which it was collected or otherwise processed
- you withdraw your consent and this consent had been our basis for the processing under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing
- you object to the processing under Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing under Article 21(2) GDPR
- your personal data has been unlawfully processed
- your personal data must be deleted in order to comply with a legal obligation in Union or Member State law to which we are subject
- your personal data has been collected in relation to the provision of information society services referred to in Article 8(1) GDPR
- If we have made your personal data public and if, according to Article 17(1) GDPR, we are obliged to delete this personal data, we, taking account of the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers that are processing the personal data that you, the data subject, have requested they delete any links to, or copies or replications of, your personal data
- for exercising the right to freedom of expression and information
- for compliance with a legal obligation to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
- for reasons of public interest in the area of public health (Article 9(2)(h) and Article 9(3) GDPR)
- for archiving purposes that are in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR if the abovementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- in order to establish, exercise or defend legal claims
7.4 Right to restrict processing
Under Article 18 GDPR, you are entitled to request the restriction of the processing of your personal data in the following circumstances:
- if you contest the accuracy of your personal data for a period that enables us to verify the accuracy of the personal data
- if the processing is unlawful and you oppose the deletion of the personal data and request a restriction of the use of the personal data instead
- if we no longer need your personal data for the purposes of the processing, but you require this data in order to establish, exercise or defend legal claims, or
- if you have objected to the processing according to Article 21(1) GDPR and it has not yet been established whether our legitimate grounds override yours
- If the processing of your personal data has been restricted, this data shall, with the exception of storage, only be processed if you have consented, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest for the Union or a Member State. If processing has been restricted under the abovementioned conditions, we shall inform you before the restriction is lifted.
7.5 Right to be informed
If you have asserted your right to ask us to correct, delete or restrict the processing, under Article 19 GDPR we are obliged to communicate this fact to each recipient to whom we have disclosed your personal data, unless this proves impossible or involves disproportionate effort. You have the right to ask us to inform you about these recipients.
7.6 Right to data portability
Under Article 20 GDPR, you have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format. Additionally, you have the right to transmit this data to another controller without hindrance from us, if:
- the processing is based on consent (Article 6(1)(a) GDPR or Article 9(2)(a) GDPR) or a contract under Article 6(1)(b) GDPR, and
- the processing is carried out by automated means.
- In exercising this right, you also have the right to have your personal data transmitted directly from us to another controller, if this is technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
7.7 Right to object
Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data under Article 6(1)(e) or (f) GDPR at any time; this also applies to the profiling based on these provisions. We shall then no longer process your personal data unless we can demonstrate compelling legitimate grounds for our processing which override your interests, rights and freedoms, or the processing is used in order to establish, exercise or defend legal claims.
7.8 Right to withdraw consent according to data protection regulations
You have the right at any time to withdraw the consent that you have provided to us under data protection regulations. The withdrawal of consent shall not affect the lawfulness of the processing based on the consent provided until such withdrawal.
7.9 Automated individual decision-making including profiling
Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision
- is necessary for the conclusion or the performance of a contract between you and us
- is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
- is based on your explicit consent
7.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider our processing of your personal data to be in violation of the GDPR.
8. DELETION OF DATA
Your data is stored for the period of time necessary to provide our services, or for as long as required for legal or regulatory reasons.
If the provision of the websites involves data processing, this data will be deleted when the respective session has ended. If personal data is stored in logfiles, this data will be deleted within seven days at the latest. There may be additional storage if users’ IP addresses have been deleted or modified beforehand so that a correlation to the visiting client is no longer possible.
For questions regarding the collection, processing or use of personal data, the disclosure, correction, blocking or deletion of data, please contact in writing:
Mey Handels GmbH
Auf Steingen 6
Customer-Service: +49 (0) 7431 / 706 5111
Fax: +49 (0) 7431 / 706 5222