Data protection declaration MAVI

MAVI Europe AG (hereinafter also called "Mavi") takes the protection of your personal data very seriously and adheres to the legal, in particular data protection regulations.

1. Responsible

Mavi Europe AG is responsible for Art. 4 No. 7 GDPR. You can find contact information about us in our imprint. Our data protection officers can be reached at dataprotectionofficer@mavi.com

2. Data processing on this website

If you visit the website www.mavistore.de ("Website") from Mavi, Mavi Europe AG processes your personal data as described below.

2.1 Server Perocol files

When using this website, Mavi automatically collects information that your browser transmits to us in the server log files. This data is technically necessary for us to display this website and to ensure the stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

• IP address
• Date and time of the request
• Time zone difference to the Greenwich Mean Time (GMT)
• Content of the requirement (specific page)
• Access status/http status code
• amount of data transferred in each case
• Website from which the requirement comes
• Browser, including language and version of the browser software
• Operating system and its surface

For technical reasons, the data is available to the hosting service provider, who is committed to us or binds itself to us.

2.2 Order

If you order goods via our website, we need the data required to process the order. Information that is not required is marked. Unless otherwise stated in this data protection declaration, we only use your data in connection with contract processing and order processing. The legal basis is Art. 6 Para. 1 S. 1 lit. b GDPR.

You also have the option of creating a customer account in which your required data is saved for future orders. To do this, give us your express consent as part of the creation of the customer account. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time.

Your data will be deleted according to data protection according to the statutory retention obligations or if you are no longer necessary for the tasks mentioned.

If you consent to you separately, we also use information about you to send you messages and exclusive offers for advertising purposes. This data processing takes place on the basis of our legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR). You can object at any time by over dataprotectionofficer@mavi.com contact us.

2.3 Provider of payment services

We offer you a variety of payment options on our website. The data required for payment processing is transmitted to the respective service provider.

We are currently working with the following service providers:

• Klarna Bank (Publ) Sveavagen 46, 111 34 Stockholm Sweden
• PayPal (Europe) S.à r.l. et cie, s.c.a., 22-24 Boulevard Royal, L-2449 Luxembourg
• SaferPay, Six Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Further information can be found in the data protection regulations of the respective company ..

The legal basis for the use of our payment service providers is Art. 6 Para. 1 S. 1 lit. b and f Gdpr. Our legitimate interests are to provide you with suitable payment options.

All data we receive in connection with payment processing will be deleted from us after the statutory retention obligations have expired.

2.3 Credit check

In the event of a purchase on account or in installment purchase, Klarna carries out a credit check before the contract is concluded. Mavi and Klarna are legally obliged to do so and we see it as our responsibility to help you make the right financial decisions and to protect you from private over -indebtedness at any time. In a credit check, Klarna verifies her identity based on the information you have given to assess your creditworthiness.

You can find more information here: Klarna credit check

2.5 newsletter

You have the opportunity to register for our newsletter via our website. Our newsletter contains information about us and our offers. Legal 6 para. 1 S. 1 lit. a GDPR.

To register for our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an email to the specified email address, in which we ask you to confirm that you would like the sending of the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify a possible abuse of your personal data. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. f GDPR.

Your email address is mandatory for sending the newsletter. After your confirmation, we save this data for the purpose of sending the newsletter. The legal basis for the processing of your personal data is Art. 6 Para. 1 S. 1 lit. a GDPR.

You can revoke your consent to the sending of the newsletter as well as the associated processing and in this section Processing of your personal data at any time and cancel the newsletter. You can revoke the link provided in each newsletter, by clicking on the left, by email service.EU@mavi.com Or use a message to the contact details given in the imprint.

2.6 Cookies

The websites use cookies. These are information that can be saved and evaluated on your computer. They are needed to be able to use the website in the best possible way.

Further information on the cookies used can be found in the corresponding sections of this guideline.

In addition, the following cookies are used:

• Session cookies required for the operation of our website. These store a so-called session ID, with which various inquiries from your browser can be assigned to the joint session. This allows your computer to be recognized when returning to the website. The session cookies are deleted when they close the browser.
• Consent in tracking cookies: Whether you have agreed to use tracking or not is saved in a cookie with a term of 24 months.

These cookies are technically necessary and are stored on the basis of Section 25 (2) TTDSG (Telecommunications Elemedia Date Protection Act).

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of the cookies when the browser is closed. When deactivating cookies, the functionality of this website can be restricted.

2.7 Google Analytics

These websites use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). These websites use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information about your use of the website is collected, including the browser type and version, operating system used, referrer URL (the previously attended page), IP address and date/time of the request.

Google Analytics uses so -called "cookies", text files that are stored on your computer and that enable an analysis of the use of the website. The information generated by the cookies about your use of these websites is usually transferred to a Google server in the USA and stored there. Since IP anonymization is activated on these websites, Google's IP address is shortened within Member States of the European Union or the European Economic Area (EEA) and only transmitted anonymously. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.  We would like to point out that according to the current legal situation there is not sufficient level of protection in the United States. The data transmission takes place on the basis of the standard contract clauses of the EU Commission, which you can see here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services related to website and internet usage.

The legal basis for the use of Google Analytics is your consent in accordance with Section 25 (1) TTDSG. 1 ttdsg. The data we send and linked with cookies (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose memory has been reached is automatically carried out once a month.

You can prevent the storage of cookies by setting your browser software; However, we would like to point out that in this case you may not be able to use all functions of this website in full.

You can also prevent the data generated by the cookies and related to your use of the website (including your IP address) to Google and the processing of this data by clicking on the link below.
Link: Cookie Preferences

2.8 Affiliate marketing

We use the AWIN affiliate network on our website (www.awin.com, Awin AG, Eichhornstrasse 3, D10785 Berlin). The corresponding conversion trackings are used. If you have reached our website via an advertising medium by one of these affiliate networks, a cookie valid for 90 days will be set. Within this time we and the respective affiliate network can recognize that the user was forwarded to our site. These cookies serve exclusively the purpose of correctly assigning the success of an advertising material and the corresponding billing within the framework of its advertising network. In a cookie, only the information is stored when a certain advertising medium was clicked on by a device. In the tracking cookies, an individual information, but not related to the individual user, is saved with which the partner program of an advertiser (advertiser), the publisher (i.e. on whose website the advertising material was displayed) and the time of the action of the user (click or view) is documented. The corresponding affiliate network also collects information about the end device from which a transaction is carried out, e.g. the IP address, the operating system and the calling browser. 

The legal basis for the processing of your data is your consent (Section 25 (1) TTDSG). If you do not want to take part in tracking, you can object to this use by preventing the installation of cookies by preventing your browser software.

You will then not be included in the conversion tracking statistics.

2.9 GA audiences

These websites are collected and saved by GA Audiences, a web analysis service of the provider Google LLC, whereby this data is created using pseudonymous usage profiles.

GA Audience uses cookies that are saved on your computer and on other devices (e.g. smartphones, tablets, etc.). They make it possible to analyze the use of the devices, sometimes across devices. Google Audience receives access to the cookies created in Google AdWords and Google Analytics.

Through this technology, users who have already visited these websites and online services have already visited targeted advertising on other external sides of the Google partner network. For this purpose, a cookie is set on your computer with which the user behavior can be analyzed when visiting the website and then used for targeted product recommendations and interest -related advertising. If you do not want to receive interest -related advertising, you can deactivate the use of cookies by Google for these purposes by on the instructions https://www.google.de/settings/ads/onweb#display_optout click.

The data is transferred to a server from Google and saved there. Google will also be transferred to third parties if necessary, provided that this is required by law or if third parties process this data on behalf of Google.

The legal basis for data processing is your consent (Section 25 (1) TTDSG). 

You can object to the processing of your data by downloading and installing the browser plugin available under the following link. The link is: https://tools.google.com/dlpage/gaoptout

2.10 Criteo

Crito helps brands, e-commerce websites and other advertisers to advertise their products and services. This integrated technology recognizes the user's device and collects information about its browsing activities on different sides. Crito uses an algorithm to analyze surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so -called publishers).

Crito collects your browser session data and assigns you a cookie detection that identifies every reader after browser/device when criteo is embedded on this page. The UUID represents a sequence of digits and/or letters and is connected to the device/browser of a reader. The created cookie identifier is only created for your currently used device. In the user profiles, Crito summarizes the user interactions (e.g. side visits and clicks) of a browser/device in order to derive the preferences for cookie detection. The comparison with the preferences makes it possible to switch individualized advertising.

You can deactivate the collection on the provider's pages here:
Internet browser: https://www.criteo.com/de/privacy/disable-criteo-services-on-internet-browsers/

Mobile applications: https://www.criteo.com/de/privacy/disable-criteo-services-on-mobile-applications/

Further information and details about Crito and its way of working can be found on the CRITO pages:
https://www.criteo.com/de/privacy/how-we-use-your-data/

Crito is used exclusively with your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time by changing your cookie settings as described above. 

2.11 Dynamic 1001

The Dynamic Tracking System is used to determine the performance of various advertising channels of the Mavi online shop. It is made available by Dynamic 1001 GmbH as a technical and statistical service provider. When you visit the Mavi online shop, data is collected by your browser for statistical evaluation. The data is passed on to Dynamic 1001 GmbH as a technical and statistical service provider. The data is collected via a pixel that is embedded on every web shop page. When contacting the Dynamic servers, general information such as the operating system, the browser used, the associated advertising material, the referrer and the IP address are stored anonymously. The IP address is only used for internal assignments and not passed on to third parties. When ordering, data such as the order number, customer number, shopping cart and the order values ​​are transmitted to Dynamic 1001 GmbH so that a correct commission payment can be made to the advertising partners.

The legal basis for the processing of personal data using cookies is your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke this consent as described above by changing your cookie settings.

In addition, you can delete already stored cookies in your browser settings at any time. If you do this, you may not be able to fully use all functions of the website.

2.12 Retargeting

Cookies are used on our website to enable retargeting campaigns of The Reach Group GmbH (Am Karlsbad 16, 10785 Berlin, Germany). The stored data within the cookies is only an encrypted, pseudonymized user ID. Adping technology used uses a shortened and crashed IP addresses for evaluating the geographical region, the access speed and the Internet provider. In addition, the time of the visit, the IDS of the products that have been considered, searched for or bought, are saved the URLs of the pages under consideration, possible search terms and/or the IDs of the categories accessed in order to deliver more relevant advertising content. IP or browser data is stored exclusively in Germany and for anonymous production of visitor statistics and assignment of transactions. A conclusion to concrete persons, the exact address, place of whereabouts or further personal data is never possible. There is no explicit transfer of IP data to third parties. All information also has a maximum expiry date of 90 days, from which your browser automatically deletes the stored data. You can prevent the storage of the cookies by setting your browser software. You can also prevent the data generated by the cookie and prevent data related to your use of the website by activating the optout function under the following link:

https://hal9000.redintelligence.net/privacy/8lcfmzhxc8d6/

Further information on the data protection of The Reach Group GmbH can be found at https://trg.de/datenschutzerklarung/

This contradiction applies as long as the associated optout cookie is not deleted. This cookie is set for the domain, per browser and user of a computer. If you access our website from several devices and browsers, you must therefore separate and contradict on each of these devices and in any browser of data acquisition.

2.13 Fatmedia

We use the re and pretargeting function of the Fatmedia.io (a brand of ad-shot LLC) on our websites.

This enables us to address visitors to our website in a targeted manner by being used for visitors to the website personalized, interest -related advertisements.

Fatmedia.io cookies uses to carry out the analysis of the website usage, which forms the basis for the creation of interest -related advertisements.

There is no storage of personal data from visitors to the website. If the user visits Another website, he is displayed advertisements that are very likely to take into account previously accessed product and information areas or contain a high level of relevance for the user.

Here is our opt-out link: http://analytics.fatmedia.io/opt-out

2.14 DoubeClick

The online marketing tool DoubleClick from Google uses this website. DoubleClick uses cookies to switch relevant ads for users and improve reports on campaign performance. With the help of a cookie ID, Google records which ads are switched into which browsers and can prevent them from being displayed several times. In addition, DoubleClick can use Cookie IDS actions that relate to advertising requests (conversions), e.g. B. when a user sees a double click display and later calls the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal data.

Thanks to the marketing tools used, your browser automatically builds up a direct connection to the Google server. We have no influence on the scope and further use of the data collected by the use of this tool by Google and therefore inform you to our knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with Google's service, Google can assign the visit to your Google account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will charge and save your IP address.

In addition, the DoubleClick Floodlight cookies used enable us to understand whether you can carry out certain actions on our website after you have seen or clicked on a double-click on another platform on Google or on another platform. DoubleClick uses this cookie to find out how you interacted on our websites and to send you targeted advertising later.

You can prevent participation in this tracking process in different ways:

• With a corresponding setting of your browser software, in particular the suppression of third-party cookies, no advertisements from third-party providers receive
• By deactivating the cookies for conversion tracking by adjusting your browser so that cookies are blocked by the domain Googleadservices.com, https://adssettings.google.comwhereby This setting will be deleted when you delete your cookies
• By deactivating the interest -related ads of the providers, which are part of the self -regulatory campaign "About Ads", via the link http://www.aboutads.info/choiceswhereby. This setting will be deleted when you delete your cookies
• Due to the permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin
• By a corresponding cookie setting. We would like to point out that in this case you may not be able to use all functions of this offer fully.

The legal basis for data processing is your consent (Section 25 (1) TTDSG). To revoke your consent, click here: Cookie Preferences

According to Google, the data collected will also be transmitted to the USA. According to the current legal situation, there is no reasonable level of protection. The data transmission takes place on the basis of the standard contract clauses of the EU Commission, which you can see here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

More information about DoubleClick can be found at https://www.google.de/doubleclick as well as data protection on Google General: https://policies.google.com/privacy

2.15 Web Fonts from Google

Our website uses so -called web fonts for the uniform representation of certain fonts made available by Google. When you call up one page, your browser loads the fonts required directly from Google to display your device correctly. Your browser establishes a connection to Google's servers in the USA. This gives Google knowledge that our website is accessed via your IP address.

The use of Google Webfonts is required to ensure a uniform typeface on our website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the data protection regulations of Google: https://www.google.com/policies/privacy

2.16 Web Fonts from Adobe Typekit

Our website uses so -called web fonts from Adobe Typek to present certain fonts. The provider is the Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you call up our pages, your browser loads the fonts you need directly from Adobe to present your device correctly. Your browser establishes a connection to Adobe's servers in the USA. This gives Adobe knowledge of your IP address when you call up our website. When providing the fonts, Adobe does not save cookies.

You can find information at:
https://www.adobe.com/de/privacy/eudatatransfers.html

The use of Adobe Typekit Web Fonts is required to ensure a uniform typeface on our website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

For more information about Adobe Typekit webwrits, see: https://www.adobe.com/de/privacy/policies/typekit.html

You can find Adobe's data protection regulations at:
https://www.adobe.com/de/privacy/policy.html


3. further data processing

3.1 Facebook

We are also represented on the social network Facebook and process data from the active users there to communicate with you and offer information about us. We would like to point out that user data outside the European Union can be processed. This can result in risks for users because it can be more difficult, for example, to enforce their rights.

Together with the operator of Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), we are responsible for the survey (but not for further processing) of data from visitors to our Facebook page (known as "fan page"). This data includes information about the type of content that users look at or with which you interact, or about the actions you execute (see under "Things you and others do and provide" in the Facebook data directive: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings, language settings Cookie data; As explained in the Facebook data directive, Facebook also collects and uses information to offer page operators analysis services. For this we have made a special agreement with Facebook. You can view the essential content of this agreement here: https://www.facebook.com/legal/controller_addendum

User data are usually processed for market research and advertising purposes. User profiles can be created from the usage behavior and the resulting interests. These can be used, for example, to switch advertisements inside and outside of Facebook that probably correspond to the interests of the users. For this purpose, cookies are usually placed on the user's computer, which serve to store the behavior and interests of the user. In addition, data can also be saved in the user profiles regardless of the devices used by the users (especially if the users are members of Facebook and have registered there). The processing of the personal data of the users is based on our legitimate interests on effective information from users and communication with the users in accordance with Art. 6 Para. 1 letter f GDPR. If the users are asked by the respective providers for consent to data processing (i.e. explain their consent, for example, by ticking a box or confirming a button), the legal basis of processing is Art. 6 Para. 1 letter a GdPR or § 25 TTDSG.

A detailed description of the respective processing and opt-out options can be found in the general data protection regulations of Facebook at: https://www.facebook.com/policy

3.2 Instagram

We are also represented on the social network Instagram and process data from the users active there to communicate with you and offer information about us. We would like to point out that user data outside the European Union can be processed. This can result in risks for users because it can be more difficult, for example, to enforce their rights.

Together with the operator of Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), we are responsible for the survey (but not the further processing) of data from visitors to our Facebook page (known as "fan page"). This data includes information about the type of content that users look at or with which you interact, or about the actions you execute (see under "Things you and others do and provide" in the Instagram data directive: https://help.instagram.com/5195225107875), as well as information about the devices used by the users (e.g. IP addresses, Operating system, browser type, language settings, cookie data; 

User data are usually processed for market research and advertising purposes. User profiles can be created from the usage behavior and the resulting interests. These can be used, for example, to switch advertising inside and outside Instagram, which probably corresponds to the interests of the users. For this purpose, cookies are usually placed on the user's computer, which serve to store the behavior and interests of the user. In addition, data can also be saved in the user profiles regardless of the devices used by the users (especially if the users are a member of Instagram and have registered there). 

For a detailed presentation of the respective processing and the opposition options (opt -out), we refer to the data protection declarations and information from Instagram. The search for information and the assertion of user rights can also be made most effective there.

The processing of the personal data of the users is based on our legitimate interests on effective information from users and communication with the users in accordance with Art. 6 Para. 1 letter f GDPR. If the users are asked by the respective providers for consent to data processing (i.e. explain their consent, for example, by ticking a box or confirming a button), the legal basis of processing is Art. 6 Para. 1 letter a GdPR or § 25 TTDSG. 

A detailed description of the respective processing and opt-out options can be found in the general data protection regulations of Instagram at: https://help.instagram.com/519522125107875

4. Your rights

You have the following rights towards us regarding the personal data relating to you:

• Right to information,
• Right to correction,
• Right to deletion,
• Right to restriction of processing,
• Right to object to the processing,
• Right to data portability.

To assert this right, please contact our data protection officer at dataprotectionofficer@mavi.com Your rights are generally free of charge for you.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

May 2023