MINDFUL GMBH & CO.KG ("MINDFUL"), operating under the MALUNE trademark, offers high-end ready-to-wear items and accessories for sale on its website www.malune.com, on its mobile version and instagram.
In order to offer for sale, sell and deliver its products, MINDFUL collects personal data from users of its website and its mobile version.
The customer is informed that certain data must be collected by MINDFUL in order to perform its services. If the customer does not wish to disclose this data, MINDFUL will not be able to perform its services.
Who is the data controller?
The data controllers for any personal data we hold about you is MINDFUL GMBH & CO.KG ("MINDFUL"), registered at Neuruppin court and under company register number HRA 3297 NP, having its registered office at Gewerbestrasse 8, 16540 Hohen Neuendorf, Germany.
We are responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected.
Which personal data do we collect?
The personal data that may be collected are as follows:
1.) user account data the data provided by the user when creating an account by filling in the registration form (name, surname, billing and delivery postal addresses, email address, mobile phone number, password for connecting to the customer account)
2.) personal data of the user when entering it in the customer account: date of birth, clothing and shoe size;
3.) transaction data means the data that the user provides when making purchases, information relating to orders placed and returned items such as telephone number, address, e-mail address and information relating to payment method
4.) exchanges with customer service
5.) browsing data refers to the data collected by the publisher while the user is browsing the website and the applications, such as the date, time of connection and/or browsing, browser type, browser language, IP address, location data and geolocation
6.) E-Mail Marketing "E-mail advertising if you subscribe to the newsletter If you subscribe to our newsletter, we will regularly send you our e-mail newsletter based on your consent according to Art. 6 (1) 1 lit. a) GDPR, using the data required or disclosed by you separately for this purpose. You may unsubscribe from the newsletter service at any time. For this purpose you can either send a message to the contact option specified below or use the opt-out link in the newsletter. Upon unsubscription, we will delete your email address unless you have expressly consented to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by the law, of which we inform you in this notice."
The data relating to the payment method (credit card number, expiry date, authorization number, security code) are collected directly by our service providers and Paypal.
Third-party providers of applications, tools, gadgets and plug-ins on our website and mobile application, as well as the networks on which we publish editorial and promotional content (such as Facebook and Instagram) may also use automated, context-based and interest related means to collect user data (interactions with functions and profiling of the online activity). This data is collected directly by such providers and/or third parties and is subject to their policies. To the extent permitted by applicable law, MINDFUL is not responsible for the practices of such service providers and third parties.
Who will process your data?
Your personal data will also be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed for the way in which they manage personal data and may only use your data for the exact purposes that we specify in the contract with them.
The third parties in question belong to the following categories:
Companies such as payment service providers that help us to process your order.
Companies that help us to deliver your purchases such as couriers and parcel delivery companies who deliver your goods and act as Data Controllers for the duration of the delivery process.
Professional service providers, such as email delivery suppliers, IT software providers, marketing and research agencies, analytics companies and website hosts who help us to run our business.
Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
Governmental bodies and regulators to comply with our legal obligations.
Aggregated data that does not identify individuals is shared with internal teams, relevant service providers and brand partners for business planning purposes.
How long do we keep your data?
We keep your personal data for a limited period of time in line with our data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous.
Data transfer outside of the European Union
Some of the third parties listed in the previous section 'Who will process your data?' may be located in countries outside the European Union that nevertheless offer an adequate level of data protection, as established by specific decisions of the European Commission.
The lawful transfer mechanism of your personal data to countries that do not belong to the European Union and that have not been assessed as offering adequate levels of protection will be performed only 1. after Standard Contractual Clauses have been put in place 2. if the transfer is necessary for the purchase of goods offered on our website or for registration on the website or use of services on the website 3. for the management of your requests.
Any natural person using the MALUNE website has the right to exercise the following rights:
- a right of access, rectification and erasure of the data collected
- a right to object to the processing of their data
- a right to the restriction of the processing
- a right to the portability of the data collected the option to formulate instructions relating to the retention, erasure and transmission of his/her personal data after his/her death
Lastly, if MINDFUL detects a violation of personal data likely to create a significant risk to the rights and freedoms of its users, it undertakes to inform the relevant users in the shortest possible time.
Users may exercise all these rights by connecting to their customer account, by contacting customer service at firstname.lastname@example.org
Users must enclose proof of identity with their application.
In case of non-response or unsatisfactory response, users may contact the supervisory authority of their country of residence.
We are committed to taking appropriate technical, physical and organisational measures to protect personal information against unauthorised access, unlawful processing, accidental loss or damage, and unauthorised destruction.
In particular, we use security measures that employ pseudonymisation or encryption of your data to ensure the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them. We have the ability to restore the availability and access to personal data in the event of a physical or technical incident. Furthermore, MINDUFUL undertakes to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to ensure continuous improvement in the safety of processing.