Back Back

Privacy & cookie policy

In this privacy policy we will inform you about the processing of your data during the use of our website

The term "your data" means personal data. Personal data is information with which we can identify you either directly or in combination with other data. These include, for example: your name, address, e-mail address, telephone number, customer number or order number. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person, is not covered by the term "personal data".

You can print or save this privacy policy by using your browser’s usual functionality.


The responsible authority within the meaning of the EU General Data Protection Regulation ("GDPR") is:

Im Pinderpark 7
90513 Zirndorf
Telephone: +49 911 25509980

(subsequently referred to as “MADELEINE”, “We” or “Us”)
You can also contact our data protection officer using the above contact details.


Your contact details and notifications If you contact us we will process your telephone number, your mobile phone number and/or your e-mail address exclusively for communication with you, e.g. so that we can contact you in case of queries regarding your order. The provision of information is voluntary. However, if no information is provided, we cannot contact you if you have any questions. The legal basis for the above-mentioned data processing is Article 6(1) (b) of the GDPR.


Every time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. These are, in particular:

  • IP address of the requesting terminal;
  • Date and time of the request;
  • Address of the web page called up and the requesting web page;
  • Information about the browser used and the terminal’s operating system (e.g. Windows 10, Linux, iOS)

The data processing is necessary to enable the website visit and to guarantee our systems’ permanent functionality and security. This data will also be temporarily stored in internal log files for the purposes described above in order to produce statistical data on the use of our website, to further develop our website with regard to our visitors’ usage habits(e.g. if the proportion of mobile devices with which the pages are accessed increases), and to generally maintain our website administratively.

The legal basis for the above-mentioned data processing is Article 6(1)(b) of the GDPR.


We will only pass on the data we collect if:

  • you have given your express consent pursuant to Article 6(1)(a) of the GDPR;
  • disclosure under Article 6(1)(a) of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
  • we are statutorily bound to disclosure under Article 6(1)(c) of the GDPR; or
  • this is legally permissible and is required under Article 6(1)(b) of the GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures implemented at your request.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular datacentres that store our website and databases, IT service providers who maintain our system, consulting companies, suppliers, transporters, postal service providers. If we pass on data to service providers, they may only use the data for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational safeguards in place to protect the rights of the persons concerned and are regularly monitored by us.

We partially host our systems at MS Direct AG, Fürstenlandstrasse 35, CH-9001 St. Gallen, a company based in Switzerland. The EU Commission has certified that Switzerland has an adequate level of data protection (Switzerland (2000/518/EC)).

We transmit your payment data encrypted within the group to TriStyle Mode GmbH for purposes of the group-wide internal control system as well as taxation documentation and disclosure obligations within the scope of the VAT tax group to TriStyle Mode GmbH on the basis of legitimate interest acc. Article 6 (1)(f) of the GDPR.

Furthermore, data may be disclosed in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.


In principle, we only store personal data for as long as necessary to fulfil the contractual or statutory obligations for which we have collected the data. Subsequently, we will immediately delete the data unless we need it until the end of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention obligations.

For evidentiary purposes, we must keep contract data for another three years from the end of the year in which the business relationship with you ends. Any claims shall lapse at this point in time after the statutory period of limitation at the earliest.

We still have to store some of your data for accounting reasons even after that. We are obliged to do so on the basis of statutory documentation obligations that may arise under German law. The periods specified therein for retention of documents range from two to ten years.


You have the following legal data protection rights under the respective legal provisions:

  • Right to information (Article 15 of the GDPR);
  • Right of cancellation/erasure/right to be forgotten 17 of the GDPR);
  • Right to rectification (Article 16 of the GDPR);
  • Right to restriction of processing (Article 18 of the GDPR);
  • Right to data portability (Article 20 of the GDPR).
You can contact us at any time using the above-mentioned contact details to assert your rights described here.

You also have the right to lodge a complaint with our lead data protection supervisory authority. The lead supervisory authority with jurisdiction for Germany is the BayLDA ( Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.

Right of revocation and the right to object
In accordance with Section 7(2) of the GDPR, you have the right to revoke your consent with respect to us at any time. As a result, we will not continue processing data based on this consent in the future. In the event of such a revocation, the legality of the processing carried out on the basis of the consent until the revocation shall not be affected.

If we process your data on the basis of legitimate interest pursuant to Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your data and to give us reasons arising from your particular situation and which you believe demonstrate that your interests worthy of protection outweigh our legitimate interest. Regarding objections to data processing for direct marketing purposes, you have a general right of objection to which we will give effect without any reasons being required.

If you would like to assert of your right of revocation or objection, sending us an informal message through the above-mentioned contact details will suffice.

Data security
We use the TLS (Transport Layer Security) encryption protocol, also better known by the prior designation SSL (Secure Sockets Layer) to protect the security of your information during transmission. This applies among other things to your orders, the newsletter registration, my account or our contact form. We do not support older versions of the SSL protocol, which is why our servers do not accept SSL connections with some older browsers. We therefore recommend that you use a current browser version.

Changes to the privacy policy
We may update this privacy policy from time to time, for example when we adapt our website or when statutory provisions change.

Version: Juli 2021