We, Mutatio Clothing Louis-Ferdinand Mausch and David Victor Jehn GbR, take the protection of your personal data seriously and would like to take this opportunity to inform you about data protection in our company.
As part of our responsibility under data protection law, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") imposed additional obligations on us to protect the personal data of the person affected by processing ( we also address you as a data subject in the following with “customer”, “user”, “you”, “you” or “data subject”).
Insofar as we decide on the purposes and means of data processing either alone or together with others, this primarily includes the obligation to transparently inform you about the type, scope, purpose, duration and legal basis of the processing (see Art. 13 and 14 DS- GMO). With this declaration (hereinafter: "Data protection information") we inform you about the way in which we process your personal data.
1.1 Name and address of the person responsible for processing
The body responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is:
Mutatio Clothing Louis-Ferdinand Mausch and David Victor Jehn GbR
Walderseestraße 56 22605 Hamburg Germany
For more information about our company, please refer to the imprint information on our website:
1.2 Legal basis for data processing
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:
· Art. 6 (1) sentence 1 lit. a DS-GVO ("Consent"): If the person concerned has given to understand voluntarily, in an informed manner and unequivocally by means of a declaration or some other unambiguous confirmatory act, that he is processing the him consent to the personal data concerned for one or more specific purposes;
· Art. 6 (1) sentence 1 lit.b GDPR: If processing is necessary to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures that are carried out at the request of the data subject;
· Art. 6 (1) sentence 1 lit. c GDPR: If the processing is necessary to fulfill a legal obligation to which the person responsible is subject (e.g. a legal storage obligation);
· Art. 6 (1) sentence 1 lit.d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
· Art. 6 (1) sentence 1 lit.e GDPR: If the processing is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible or
· Art. 6 (1) S.1 lit.f GDPR ("Legitimate Interests"): If the processing is necessary to safeguard the legitimate (in particular legal or economic) interests of the person responsible or a third party, unless the conflicting interests or rights of the person concerned predominate (especially if it is a minor).
For the processing operations carried out by us, we indicate the applicable legal basis in the following. Processing can also be based on several legal bases.
1.3 Data deletion and storage duration
For the processing operations carried out by us, we indicate below how long the data is stored by us and when it is deleted or blocked. Unless an express storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. However, storage can take place beyond the specified time if the storage is provided for by statutory provisions to which we as the person responsible are subject (e.g. retention periods in accordance with § 257 HGB, § 147 AO). In this respect, it is blocked and processing is only carried out for this legal purpose for the duration provided therein.
1.4 Data security
We use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. through adequate encryption of our website), taking into account the state of the art , the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and effects) for the data subject. Our security measures are continuously improved in line with technological developments.
1.5 Cooperation with processors
As with almost every company, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). They only act according to our instructions and have been contractually obliged to comply with data protection regulations within the meaning of Art. 28 (3) GDPR.
If personal data is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.
1.6 Requirements for the transfer of personal data to third countries
As part of our business relationships, your personal data can be passed on to third parties or disclosed. These can also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.
The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions are available here: http://ec.europa.eu/justice/data-protection/ international-transfers / adequacy / index_en.html). In other third countries to which personal data may be transferred, however, there may not be a consistently high level of data protection due to the lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct as well as additionally agreed guarantees. Please use the contact details given above if you would like more information on this.
1.7 No automated decision-making (including profiling)
We do not intend to use personal data collected from you for an automated decision-making process (including profiling).
1.8 No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. For you as a customer there is basically no legal or contractual obligation to provide us with your personal data; However, it may be that we are only able to provide certain offers to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products presented by us, you will be informed of this separately.
1.9 Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a special statutory or legal obligation to provide the lawfully processed personal data for third parties, in particular public bodies (Art. 6 (1) S. 1 lit. c GDPR).
1.10 Your rights
You can assert your rights as a data subject with regard to your processed personal data at any time using the contact details given above. As a data subject, you have the right:
To request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal , the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
To request the correction of incorrect data or the completion of your data stored by us immediately in accordance with Art. 16 GDPR;
To request the deletion of your data stored by us in accordance with Art. 17 GDPR, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend of legal claims is necessary;
To request the restriction of the processing of your data in accordance with Art. 18 GDPR if you dispute the correctness of the data or the processing is unlawful;
· In accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible ("data portability");
· To object to the processing in accordance with Art. 21 GDPR, provided that the processing is carried out on the basis of Art. 6 (1) S. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct mail, we ask you to explain the reasons why we should not process your data as we have done when you exercise such an objection. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue the processing;
According to Art. 7 Para. 3 DS-GVO your consent given once (also before the validity of the DS-GVO, i.e. before May 25, 2018) - that is, your voluntary, informed and unequivocally confirmed consent Action made understandable that you consent to the processing of the personal data concerned for one or more specific purposes - to revoke us at any time, if you have given such. As a result, we are no longer allowed to continue the data processing based on this consent in the future and
To complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us: [responsible data protection supervisory authority: https: //www.bfdi. bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html], [Rethkoppel 32a, 22399 Hamburg Germany], email: email@example.com.
1.11 Changes to the data protection information
As part of the further development of data protection law and technological or organizational changes, our data protection information is regularly checked for any need for adjustments or additions. You will be informed about changes in particular at [www.mutatio-clothing.com]. These data protection notices are as of [03/29/2021].
2. Visit our website
2.1 Personal data processed
When you visit our website, your personal data may be processed. When using the website for information purposes, we collect, store and process the following categories of personal data. A so-called log data set (so-called server log files) is temporarily stored on our web server as log data. This consists of:
The page from which the page was requested (so-called referrer URL)
· The name and URL of the requested page
· The date and time of the call
The description of the type, language and version of the web browser used
The IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established
· The amount of data transferred
· The operating system
The message as to whether the call was successful (access status / http status code)
· The GMT time zone difference
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection on the legal basis of Art. 6 (1) S. 1 lit.f GDPR. In consideration of your personal rights, our legitimate interest in ensuring a technically error-free, stable and, above all, a secure website outweighs this.
2.2 Duration of data processing
Your data will only be processed for as long as is necessary to achieve the processing purposes mentioned above; the legal bases specified in the context of the processing purposes apply accordingly. With regard to the use and storage duration of cookies, please refer to section 2.5.1.
Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of the services for us in accordance with the respective order.
2.3 Transfer of personal data to third parties
The following categories of recipients, who are usually processors, may have access to your personal data (see also Section 1.6):
Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 (1) S. 1 lit. b or lit. f DS-GVO, insofar as it is not a contract processor;
Government agencies / authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 (1) S. 1 lit. c GDPR;
· Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Article 6 Paragraph 1 Clause 1 lit. b or lit. f GDPR.
For the guarantee of an adequate level of data protection when the data is passed on to third countries, see section 1.7. In addition, we will pass on your personal data to third parties if you have given your express consent in accordance with Art. 6 Para. (1) S. 1 lit.
Cookies can contain data that enable the device used to be recognized. In some cases, however, cookies only contain information about certain settings that cannot be related to a person. However, cookies cannot identify a user directly.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is again made between cookies:
Technical cookies: These are absolutely necessary in order to move around the website, to use basic functions and to guarantee the security of the website; they do not collect information about you for marketing purposes, nor do they store which websites you have visited;
Performance cookies: These collect information about how you use our website, which pages you visit and e.g. B. Whether there are errors in website use; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and to find out what interests our users;
Advertising cookies, targeting cookies: These are used to offer website users needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
2.4.3 Social Media Plugins
We do not use any directly active social media plugins on our website. If our websites contain symbols from social media providers (Instagram, TikTok, Youtube, Twitter), we only use them for passive linking to the pages of the respective providers.
[KPR1] Possibly. separately (e.g. if predefined as such by the hosting provider by default, but can also be integrated into the data protection declaration.