Legal Terms

MCM Group consists of MCM Global AG with its registered office at Baarerstrasse 137, 6300 Zug (Switzerland) as the principal company, along with various legal entities including MCM Fashion Group Japan K.K. (“MCM Group”).

This privacy policy is issued on behalf of the MCM Group so when we mention "MCM", "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the MCM Group responsible for processing your data.

MCM is the controller and responsible for this website at www.mcmworldwide.com (“Site”).

MCM recognizes the importance of protecting the privacy of personal and financial information. MCM provides this privacy policy (“Privacy Policy”) to describe how we collect, use, maintain, protect, disclose and process personal data/information that we obtain through the Site from the visitors of the Site (“You”), through the stores or stores operated by other companies within the MCM Group (“Stores”) in e-mail, text and other electronic messages between you and MCM and when you interact with our advertising and applications on third-party sites and services, if those applications or advertising include links to this Privacy Policy. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Site. This policy may change from time to time, so please check this policy periodically for updates.

Personal data or personal information means any information about an individual from which that person can be identified. “Personal information” or “personal data” as defined under applicable laws is used interchangeably in this Privacy Policy. MCM collects certain individually identifiable data that you actively submit such as through the Site or in our stores as well as other information that we collect through cookies and similar tracking technologies.

We may collect personal information when you purchase products, acquire an MCM NFT (non-fungible token), sign-up for a newsletter, register for a customer account, sign-up to our customer card, complete an online survey form, participate in contests or promotions, contact us with an inquiry, or otherwise actively send us personal information on the Site. The personal information may be provided by filling in forms on our Site. MCM may also collect personal information when you submit a customer information card or enter information in a customer data capture application at one of our stores or through other means including information provided to us through social media such as: X, Facebook, Instagram and others. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Site. We may collect data from records and copies of your correspondence including e-mail addresses, if you contact us, responses to surveys that we might ask you to complete for research purposes and details of transactions you carry out through our Site and of the fulfillment of your orders.

Such personal information may include your name, email address(es), billing address(es), delivery address(es), telephone number(s), date of birth, nationality, payment details, credit card information, information and the address of your digital wallet, IP address(es), time and date of your enquiry or registration, purchase history, shopping patterns, and product interests.

Our Site contains links to other websites. When following a link to one of these websites, please be aware that MCM assumes no responsibility for the content or privacy policies and practices of such websites.

MCM encourages you to read the privacy statements of these linked sites; their privacy practices may differ from ours.

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

1. Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
2. Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
3. Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
4. Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter. If you have given us your consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

Your personal information may be processed for the following purposes, which are in our legitimate interest or enable us to perform a contract with you:

1. Processing Purchases and Providing Services:
   • To process your purchases and provide the services and information you request through our Site.
   • To administer your account with us.
   • To ensure our operation, including our IT, our Site, applications and other appliances.
   • To verify and carry out financial transactions related to payments you make.
   • To audit the downloading of data from the Site.
   • To correspond with you to resolve your queries or complaints.
   • To carry out fraud checks in order to pursue our legitimate interests to protect you and ourselves from unauthorized usage of your personal information, i.e. your payment details.
   • To prevent misuse of our services.

   Furthermore, your personal data may be included in MCM Group customer data base, managed by the principal company, MCM Global AG, and processed together with the details of your purchase for the following purposes, which are in our legitimate interest to give you the best and most secure customer experience; provided that you have not objected to the use of your personal information for these purposes:

2. Improving and Customizing Our Site:
   • To improve and customize our Site, products, services, and business in general by tracking your product preferences, shopping history, and interactions with us and the Site.
3. Customer Relationship Management (CRM):
   • Sending Marketing Communication: To send newsletters and other marketing communications via email, postal mail, and SMS regarding our products, services, initiatives, and events, based on your subscription to our service.
   • Customer Database Registration and Personalization: If you register for our customer database through website registration or by completing the Customer Card, your personal data may be processed along with details of your purchases for the following purposes:
     • Identity Confirmation: To confirm your identity as a registered customer.
     • To provide you with customized customer care services and post-sales assistance, including access to exclusive services and benefits, such as preserving your purchase order history, simplified procedures for product repair and warranty, commercial discounts, and promotional events.
   • Customer Data Profiling: We engage in customer data profiling to provide personalized shopping experiences and enhance customer satisfaction. This includes:
     • Personalization of Shopping Experience: Analyzing your personal data, including purchase history, browsing behavior, demographic information, and preferences, to recommend products, styles, and promotions likely to interest you based on your past interactions with our Site, app, or stores.
     • Targeted Marketing and Advertising: Using your personal data to deliver targeted marketing communication and advertising materials through various channels, including email, social media, online advertisements, and direct mail. These communications are tailored to your interests, preferences, and shopping behavior.
     • Product Recommendations and Suggestions: Providing product recommendations and suggestions that align with your style, size, and preferences by analyzing your browsing and purchase history and demographic information. These recommendations aim to enhance your shopping experience and help you discover new products.
     • Improvement of Services and Offerings: Gaining insights into overall trends, preferences, and behaviors of our customer base through customer data profiling. This information is used to improve our product assortment, marketing strategies, and overall service offerings.
4. Loyalty Program Participation:
   • By participating in our loyalty program, your personal data may be processed to track your interactions with our brand, purchases, and engagement activities, enabling us to provide you with rewards, discounts, and personalized offers based on your loyalty and engagement level.

In addition, we may process your personal information for the following purposes, which are in our legitimate interest:

5. Others:
   • Asserting legal claims and defense in legal disputes and official proceedings
   • Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud).
   • Acquisition and sale of business divisions, companies or parts of companies and other corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations.

MCM may use Cookie* on this Site so that you can use conveniently the services customized for each of you. Cookie is set when you access or log in the page customized for you. MCM also may use Cookie to collect information on tendency as a whole or pattern, etc. of viewing behavior of visitors of this Site contained in Cookie or post advertisements. The information collected is used in order for MCM or service-providing companies to which MCM outsources research and analysis work or advertisement delivery to analyze access tendency and provide better services to you. Neither MCM provides any information by which an individual person can be identified such as name to the service-providing companies nor the service-providing companies use the information collected for any purpose other than the research and analysis work or advertisement delivery.

*Cookie is a small text file to be sent to a user’s computer hard drive by a website in order to keep records. By using Cookie, for instance, when you visit this Site again, you can use this Site more usefully. As the use of Cookie has become industry-standard, many websites use Cookie for the purpose of providing useful functions to users. Cookie is not a tool to violate your privacy or adversely affect your computer. By using Cookie, the computer used by a user is identified but no personal information of the user is identified. If you prefer not to have any information about tendency as a whole or pattern, etc. of your viewing behavior on this Site contained in Cookie collected, you can refuse to receive Cookie by setting so on a browser (Internet browser).

MCM must keep personal information for no longer than necessary for us to fulfil the purposes for which the personal information was collected, unless we are specifically required to keep your personal information longer by applicable law.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

We may share, transfer and receive personal data that we collect from you with other companies within the MCM Group (including joint ventures) and the third-party partners (such as franchisees, licensees, other companies) who promote and sell MCM products and services as permitted by applicable laws or with your consent where required by applicable law. We may also share personal data with selected providers who perform functions on our behalf (as described below), based in any country worldwide.

We may also disclose personal data (such as IP Address, email and phone number) for profiling and marketing purposes as permitted by applicable laws or with your consent where necessary. You may opt out of our sharing your personal data with such affiliates and the third-party partners by contacting us as described below. In addition, if you visit one of the MCM stores in a different jurisdiction, our affiliate may request your consent to access your customer card (including shopping history) in order to better understand your preference and provide you with enhanced customer service.

We may provide personal information to our affiliates and selected third parties that provide services on our behalf to maintain our Site, provide our client communications, manage our customer database, process payment transactions, and provide other services. The personal data that we obtain through this Site may be accessed by these third parties solely on MCM’s behalf, and we generally do not authorize these service providers to make any other use of your personal data. These service providers operate the following services for us:

• Website hosting,
• External customer services,
• Marketing research,
• Payment services,
• Handling orders,
• Shipping orders,
• Organization of email marketing,
• Advertising,
• Digital Analytics.

We may also disclose personal data to financial institutions or other third parties in connection with performing payment transactions. We do not otherwise disclose your personal data to third parties unless required or otherwise allowed by law.

We may share your personal data where necessary with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Upon request, we will provide you with details of any of your personal data we store, where we collected the data, the recipients or categories of recipients to which these data have been transferred to, and the purpose of the collection. You can also have your personal data rectified, deleted, or restricted from further processing by us at any time.

If the processing is based on our legitimate interests, you are entitled to object to the processing of data at any time. In this case, we will only execute the processing if we can demonstrate compelling legitimate grounds which override your interest regarding the exclusion of your data from the processing or the processing is carried out to establish, exercise or defend legal claims.

If the processing of your data is based on your consent, you are entitled to revoke your consent at any time with effect for the future. In this case, we will cease processing your data, unless we are entitled to further processing of your data by law.

If you supplied personal information to us, we will, upon request, provide you with it in a machine-readable form in order to use such data with other service providers.

If you believe that the processing of your data infringes data protection laws, you are entitled to lodge a complaint with a supervisory authority.

You can help MCM maintain the accuracy of your personal information by updating the settings in My Account where you may change your name, billing & shipping addresses, title, date of birth, phone number, email address, view your order history, or your content preferences. If at any time you wish to update your information or preferences or you prefer to stop receiving communication from MCM, feel free to update your preferences in My Account. For technical concerns and troubleshooting your personal information, please contact our customer service at any time. The contract information, including the email address, is provided in the CONTACT US section below. If you are registered with us and would like to delete your registration and personal details from our database, you can contact us through our customer service via the CONTACT US page on our Site. Please keep your personal data accurate, current, and complete by regularly updating your personal account or by contacting us as specified below.

Your personal data will be processed by electronic or automated means and computerized tools, or manually and on hard copy, as appropriate, and exclusively for the purposes for which the data have been collected. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. MCM [and hired third parties related to transaction and fulfilment only] stores your information internally in controlled, secure environments.

Unfortunately, the Internet is not 100% secure. As such, though we do our best to protect your personal information, we cannot guarantee that your use of our Site will be completely safe. The safety and security of your information also depend on you, and we strongly encourage you to exercise caution when using the Internet, as we are not responsible for the circumvention of any privacy settings or security measures in relation to the Site. A username and password may be needed to access certain areas of our Site. It is your responsibility to protect your username and password. If you think your password has been compromised, you should immediately change it. We also urge you to be cautious when sharing information in public areas of our Site, such as message boards; please keep in mind that any information you share in public areas may be viewed by any user of the Site.

Our Site is not intended for children under 18 years of age. No one under age 18 or under the age legally considered a minor or child in the country/region from which you are accessing this Site (the “Legal Minors”) may provide any personal information to or on the Site. We do not knowingly collect personal information from children under 18 or the Legal Minors. If you are under 18 or the Legal Minors, do not use or provide any information on this Site or on or through any of its features/register on the Site, make any purchases through the Site, use any of the interactive or public comment features of this Site or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 or from Legal Minors without verification of parental consent, we will delete that information to the most admissible legal extent. If you believe we might have any information from or about a child under 18 or Legal Minors, please contact us on the email address or postal address detailed below in the CONTACT US section.

MCM reserves the right to occasionally make changes to our Privacy Policy or practices. We will post the updated policy on our Site, and thus we encourage you to review this page from time to time, particularly each time you use the Site.

To execute your rights or if you have any questions, comments or suggestions regarding the information practices described in this Privacy Policy, please contact us by contact.jp@mcmworldwide.com via post at: MCM Fashion Group Japan K.K. Online Store Customer Service, Ginza Kyokai-do Building 8th Fl., 4-2-1 Ginza, Chuo-ku, Tokyo, 104-0061, Japan.

The Appendix is supplementary to the above Privacy Policy and may apply to you if your personal information was collected in the corresponding Jurisdiction or if you have engaged with MCM Group from the jurisdiction.

Data Disclosure and Sharing MCM may use all items of personal information obtained from you (including name, address, phone number and e-mail address, etc.) to the extent of the purpose of use set forth in Section 3 jointly with MCM Group. In such case, MCM is fully responsible for management of personal information to be jointly used. Please click on the MCM Group in reference to the list of the companies under the MCM Group.:

• Additional Information on the Transfer to Outside Japan

  MCM may use personal information obtained from you jointly with MCM Group companies located outside Japan as set forth in Section 6 or MCM Group companies may outsource processing of your personal information in part to service providers located outside Japan. In such case, your personal information is to be transferred to third-party countries outside a country in which you reside. For the purpose to protect your personal information without fail, MCM Group companies take appropriate security management measures and ensure protection of your personal information at the processing service providers and manage and oversee the providers as appropriate, in accordance with the applicable laws and regulations. All of the third parties (including MCM Group companies) who receive Personal Information handle the information in compliance with GDPR. Please acknowledge the transfer of your personal information before using the services. Among the third-party countries to which your personal information may be transferred, the countries designated in Article 28 of the Act on the Protection of personal information as the “third parties located outside Japan” and details of their schemes are as follows:

• Commission to Proximity Insight LLC., Acquia Inc., and Wunderkind Corporation.

  (1) United States of America

  (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

  • (i) The country has no comprehensive law or regulation for the scheme but as major laws specific to respective fields, it has the Electronic Communications Privacy Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act and so on.
  • (ii) The country is a member country of CBPR scheme of APEC.
  • (iii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

• Commission to SAP Korea Ltd

  (1) Republic of Korea

  (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

  • (i) The country has the Personal Information Protection Act as a comprehensive law for the protection of personal information.
  • (ii) The country is a member country of CBPR scheme of APEC.
  • (iii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

• Commission to Salesforce.com Singapore Pte Ltd.

  (1) Singapore

  (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

  • (i) The country has the Personal Data Protection Act as a comprehensive law for the protection of personal information.
  • (ii) The country is a member country of CBPR scheme of APEC.
  • (iii) The country has the Code of Criminal Procedure as a scheme likely to have a material effect on the rights and interest of a data subject in the following respects:
    • If a police officer who has a position at or higher than a certain level deems it necessary to investigate, interrogate, try or execute procedures under the Code of Criminal Procedure, the police officer is entitled to issue a “written order” requiring provision of information or access to such information.
    • With respect to access to personal information held by a business operator under the said Act, for instance, there are no provisions for (i) approval from an independent agency for making the access, (ii) restrictions on handling/security management of information obtained, (iii) ensuring transparency on making the access, or (iv) restrictions on schemes of overseeing, inspection or screening in order to secure legal compliance in making the access.

• Joint Use among MCM Group Companies
  • Hong Kong

    (1) Hong Kong

    (2) The information appropriately and reasonably obtained about the region’s scheme to protect personal information is as follows:

    • (i) The region has the Personal Data (Privacy) Ordinance as a comprehensive law for protection of personal information.
    • (ii) The obligations of business operators, etc. or the rights of a data subject in response to the OECD Privacy Guideline Eight Principles are set forth in the ordinance listed in the above (i).
    • (iii) The region has the Hong Kong National Security Law as a scheme likely to have a material effect on the rights and interest of a data subject in the following respects:
      • When the national security department of the Hong Kong Special Administrative Region Police Force processes a criminal offense case which disturbed the national security, answers to questions and disclosure of information materials may be required.
      • With respect to access to personal information held by a private business operator under the said Law, for instance, there are no provisions for (i) restrictions on handling/security management of information obtained, (ii) ensuring transparency on making the access or (iii) remedy for rights, etc. violated by illegal access.

  • Taiwan

    (1) Taiwan

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows. The country has the Personal Data Protection Act as a comprehensive law for protection of personal information.

    • (i) The country is a member country of CBPR Scheme of APEC.
    • (ii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

  • China

    (1) People’s Republic of China

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has the Personal Information Protection Law of People’s Republic of China as a comprehensive law for protection of personal information.
    • (ii) The obligations of business operators, etc. or the rights of a data subject in response to the OECD Privacy Guideline Eight Principles are set forth in the law listed above (i).
    • (iii) The scheme likely to have a material effect on the rights and interests of a data subject is as follows:

      The Personal Information Protection Law, the Cyber Security Law of People’s Republic of China (hereinafter the “Cyber Security Law”) and the Data Security Law of People’s Republic of China (hereinafter the “Data Security Law”) set forth schemes for obligations to retain personal information intra regionally (including schemes to substantially impose obligations to retain personal information intraregional by restricting transfer of personal information extra regionally).

      • - Since passing security inspections conducted by authorities may be required by these laws when transferring personal information extra regionally, there is a risk that a business operator cannot respond to a data subject’s demand for disclosure sufficiently. However, the obligations to retain personal information intraregional under these laws may not be applied to personal information obtained through transfer from a business operator located outside the country.
      • - There are schemes under which business operators are required to cooperate with the government in its information gathering activities and the rights and interests of a data subject are likely to be materially affected as follows:
        
        (a) Cyber Security Law

        - The law requires network operators to provide technical support and cooperation to public security agencies and national security agencies in their activities for maintenance and protection of national safety and criminal investigation.

        - With respect to access to personal information held by private business operators under the law, for instance, there are no provisions for the followings:

        • Restrictions on and procedures for making the access;
        • Making the access to the extent necessary to achieve the purposes specified by laws and regulations (or legitimate purposes not inconsistent with the above purposes);
        • Approval from independent agencies for making the access;
        • Restrictions on handling/security management of information obtained; and
        • Ensuring transparency on making the access.
        
        
        (b) Data Security Law

        - The law requires relevant organizations and individual persons to provide cooperation to public security agencies and national security agencies in their duties to inspect data as necessary for maintenance and protection of national safety and criminal investigation.

        - With respect to access to personal information held by business operators under the law, for instance, there are no provisions for the followings:

        • Restrictions on making the access;
        • Making the access to the extent necessary to achieve the purposes specified by laws and regulations (or legitimate purposes not inconsistent with the above purposes); and
        • Ensuring transparency on making the access
        
        
        (c) National Intelligence Law of People’s Republic of China

        - The law requires relevant institutions, organizations and citizens to provide support, assistance and cooperation to intelligence departments of public security agencies, national security agencies and military in their national intelligence activities as necessary.

        - With respect to access to personal information held by business operators under the law, for instance, there are no provisions for the followings:

        • Restrictions on and procedures for making the access;
        • Making the access to the extent necessary to achieve the purposes specified by laws and regulations (or legitimate purposes not inconsistent with the above purposes);
        • Approval from independent agencies for making the access;
        • Restrictions on handling/security management of information obtained; and
        • Ensuring transparency on making the access.

  • Singapore

    (1) Singapore

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has the Personal Data Protection Act as a comprehensive law for the protection of personal information.
    • (ii) The country is a member country of CBPR Scheme of APEC.
    • (iii) The country has the Code of Criminal Procedure as a scheme likely to have a material effect on the rights and interest of a data subject in the following respects:
      • If a police officer who has a position at or higher than a certain level deems it necessary to investigate, interrogate, try or execute procedures under the Code of Criminal Procedure, the police officer is entitled to issue a “written order” requiring provision of information or access to such information.
      • With respect to access to personal information held by a business operator under the said Act, for instance, there are no provisions for (i) approval from an independent agency for making the access, (ii) restrictions on handling/security management of information obtained, (iii) ensuring transparency on making the access, or (iv) restrictions on schemes of overseeing, inspection or screening in order to secure legal compliance in making the access.

  • Switzerland

    (1) Swiss Confederation

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has the Federal Data Protection Act and the Regulations under Federal Data Protection Act as comprehensive laws and regulations.
    • (ii) The country is certified to achieve an adequate level of protection by EU.
    • (iii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

  • United States of America

    (1) United States of America

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has no comprehensive law or regulation for the scheme but as major laws specific to respective fields, it has the Electronic Communications Privacy Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act and so on.
    • (ii) The country is a member country of CBPR scheme of APEC.
    • (iii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

  • Canada

    (1) Canada

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has the personal information Protection and Electronic Documents Act and the Privacy Act as comprehensive laws.
    • (ii) The country’s private sectors are certified to achieve the adequate level of protection by EU and the country is a member of CBPR Scheme of APEC.
    • (iii) The country has no scheme likely to have a material effect on the rights and interests of a data subject.

  • Republic of Korea

    (1) Republic of Korea

    (2) The information appropriately and reasonably obtained about the country’s scheme to protect personal information is as follows:

    • (i) The country has the Personal Information Protection Act as a comprehensive law for the protection of personal information.
    • (ii) The country is a member country of CBPR scheme of APEC.
    • (iii) The country has no scheme likely to have a material effect on any rights and interests of a data subject.