Privacy and data protection information

Privacy information and data protection information of Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg for the otto.business website

The following information on data protection describes the processing of personal data performed by Otto (GmbH & Co. KG), Werner-Otto-Str. 1-7, 22179 Hamburg (“OTTO” and/or “we” and/or “Controller”) in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG 2018)).

Please read our data protection information carefully. Should you have any questions or comments concerning our data protection information, please feel free to contact us at datenschutzbeauftragter@ottogroup.com.

Contents

1. Name and contact information of the controller for processing

2. Contact data of the data protection officer

3. Online presence and website optimization (by using cookies) including consents

3.1. Cookies – general information and obligation to consent

3.1.1 Cookies mandatory for technical reasons

3.1.2 Matomo for measuring basic reach

3.2 Intervention options/browser settings

3.3. Consents to the use of individual online services/the collection of tracking data

3.3.1 Consent to Hubspot

4. Contact

5. Customer account/user account

6. Newsletter

7. Recipient categories

7.1. Processors

7.2. Other third-party partners

8. Recipients outside the EU

9. Duration of data storage

10. Your rights

10.1 Your rights in detail

1. Name and contact information of the controller for processing

This data protection information applies to data processing by

Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg Germany

Phone: 040 – 3603 3603
E-mail address: info-business@otto.de

Represented by the managing director(s)

Alexander Birken (chairman)
Dr. Marcus Ackermann
Sergio Bucher
Sebastian Klauke
Petra Scharner-Wolff
Kay Schiebur

for the otto.business website.

2.  Contact data of the data protection officer

You can reach the Controller’s company data protection officer(s) under

Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg Germany

E-mail address: datenschutzbeauftragter@ottogroup.com

3. Online presence and website optimization (by using cookies) including consents

We collect data on otto.business about the behavior of users on said website (tracking data). This includes, among others, data as to which individual sub-pages (item detail pages) were accessed. For this purpose, we may, among others, set cookies in the browser used by the respective user. The collection of tracking data is only permitted with your prior consent (Article 25(1)(1) Telecommunications Telemedia Data Protection Act (TTDSG)). You may give such consent by clicking on the “Accept” button on the cookie banner displayed on this website. However, no consent is required for the processing of such tracking data which is necessary for the content offered on the website (Article 25(2)(2) TTDSG). We can use the information about your usage behavior, among others, for displaying on our website offerings that are of interest to you or to provide you with advertising on other web pages using personalized contents (e.g. retargeting). Insofar as personal data about your usage behavior on otto.business may also be used by other vendors, for instance, for purposes of “enriching one’s own information”, such use will take place in these cases only after you have consented to it in advance. In these cases, the further processing of the data collected on this website regularly takes place under the vendors’ sole responsibility.  The vendors may transfer the data to the US as part of this further processing.  With regard to the US, the European Court of Justice determined that the US is a country with an inadequate level of data protection. Within this context, there is a particular risk that your data will be processed by American institutions / authorities for control and monitoring purposes without you having an adequate legal remedy against this.  Tracking data that we collect and store ourselves are processed by us exclusively in pseudonymized form. This prevents an assignment of the data to your person.  If you would like to delete individual cookies set in your browser or find out which service providers / vendors have set cookies in your browser, you can do so or find it out via a “Preference Manager”. You can access such a preference manager, for instance, under www.youronlinechoices.com. In addition, you can set up your browser so that it prevents the setting of cookies or only allows certain types of cookies to be set. For details regarding the option of changing the settings in common browser types (including Google Chrome, Firefox), please go to Item 4.2 of this data protection information.

3.1. Cookies – general information and obligation to consent

3.1.1 Cookies mandatory for technical reasons

This website uses cookies. Cookies are small text files which your browser creates automatically and which are stored on your end device (laptop, tablet, smartphone or similar). The cookie stores information which is generated in connection with the specific end device used. However, this does not mean that in this way we directly obtain knowledge about your identity. Some of the cookies we use are erased again at the end of the browser session (so-called session cookies). Other cookies remain on your computer and allow us to recognize your computer during your next visit (so-called permanent or cross-session cookies). These cookies in particular serve to make the content we offer more appealing to you. These files allow us, for instance, to show you special information tailored to your interests on this website.

In accordance with legal requirements, the storing of information on end devices (desktops, smartphones, tablets or similar) – for e.g. by setting cookies and retrieving information from end devices (tracking) is only permitted with your prior consent. The legal basis for this is Article 25(1)(1) TTDSG. However, such consent need not be given if such storage / retrieval is necessary for the content offered on the website. The legal basis for this is Article 25(2)(2) TTDSG. There is necessity, for instance, when it comes to ensuring the following functionalities / achieving the following purposes:

– allowing and maintaining the login,

– ensuring system security

– allowing partner billing

You, on your part, have no right to object with regard to data processing which is necessary for operating the website.

You may use the otto.business website without data from your end device being retrieved from or stored on your end device for such purposes which are not required for the content offered on this website. For this reason, only “basic tracking” is activated when this website is used – insofar as no further consent is given on your part.

3.1.2 Matomo for measuring basic reach

For the purpose of the needs-based design and continuous optimization of this website and with Article 6(1)(f) GDPR (legitimate interest) as a legal basis, we are using the web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”). Matomo uses so-called cookies (text files) which are stored on your computer and make it possible to analyze your use of the website. Acting on our behalf, Matomo will use this information to analyze your use of the website and to compile reports on website activities. Matomo will process the data collected exclusively on instruction from us and for our purposes. 

You may object to data processing by Matomo by clicking here. When you object, Matomo will no longer collect data on this website about the end device you used when making the objection.

3.2. Intervention options/browser settings

You can of course set up your browser so that it does not store our cookies on your end device. The Help function in the menu bar of most web browsers explains how you prevent your browser from accepting new cookies, how you set your browser to notify you when you receive a new cookie or also how you can erase all cookies already received and block any additional ones.

To do so, please take the following steps:

In Internet Explorer / Microsoft Edge:
1. In the “Tools” menu, select “Internet Options”.
2. Click the “Privacy” tab.
3. Now you can select the security settings for the internet zone. Here you can set

    whether and what cookies should be accepted or blocked.
4. Confirm your selection by clicking “OK”.

In Firefox:
1. Click the Menu button and select “Internet options” [Settings].
2. Click on “Privacy & Security”.
3. From the drop-down menu, click on the “Create according to user-defined

    settings” [Go to “Cookies and Site Data]”
4. Here you can select whether to accept cookies, how long you wish to keep these cookies, and add exceptions for websites that should always or never be allowed to use cookies.
5. Confirm your selection by clicking “OK”.

In Google Chrome:
1. Click the Chrome menu button in the top right corner of the browser.
2. Select “Settings”.
3. Click “Show Advanced Settings” [Privacy and security]
4. Under “Privacy”, click “Content settings” [Click “Cookies and other site data]
5. Under “Cookies”, you can select the following settings for cookies: [Here you can select the following settings for cookies]

• Clear cookies
• Clear cookies by default
• Clear cookies and web page data by default when exiting the browser
• Allow exceptions for cookies from certain web pages or domains

If you would like to erase individual cookies set in your browser or find out which service providers / vendors have set cookies in your browser, you can also do this or find it out via a “Preference Manager”. You can access such a preference manager, for instance, under www.youronlinechoices.com.

3.3. Consents to the use of individual online services/the collection of

tracking data

As explained already in Item 3.1 of this data protection information, we collect and process tracking data, partly on the basis of consent. You provide this consent on the website by clicking the “Accept” button reproduced in a banner which is linked to these consent texts. By clicking the “Accept” button, you provide your consent that we may store data on your end device (e.g. by setting cookies) or retrieve data from your end device. Data collected this way (tracking data) are, on the one hand, processed for purposes in which we have a legitimate interest which is not overridden by your interest in not having the data processed further. Detailed explanations regarding these types of further processing can be found in the explanations under Item 7 of this Privacy Policy. By clicking the “Accept” button, you also give your consent to the use of certain advertising functionalities of third-party providers whose use is in itself subject to consent. Data processing which takes place in connection with these advertising functionalities will be described below (Items 3.1.1 to 3.3.1) of this privacy policy). All data processing which is covered by the consent you gave by clicking the “Accept” button has the same purpose, namely that of “advertising”.

Withdrawal of any consent

By clicking here, you can withdraw any consent you gave by clicking on the “Accept” button reproduced in the banner.

3.3.1 Consent to Hubspot

A pixel of HubSpot, Inc. is embedded in this website. With this pixel, information about the use of this website is collected by Otto (GmbH & Co KG) as controller. The following data is collected:

•   Time of visit

•    Number of sessions

•    Domain

•    User token

•    ID

•    Page views.

The purpose of data processing is to analyze the visit to our website and – if you subscribed to our newsletter – to link your visit to our website to your data. HubSpot processes the data exclusively as a processor and therefore does not use it for its own purposes. The legal basis for the data processing described above is Article 6(1)(a) GDPR (consent).

You can withdraw your consent to the use of Hubspot or refuse to give your consent to its use here.

4. Contact

You may contact us in several ways: via e-mail, by phone, by contact form or by mail. When you contact us, we will use the personal data which you make available to us voluntarily within this context exclusively for the purpose of getting in touch with you and being able to process your request.

Article 6(1)(f), Article 6(1)(b), Article 6(1)(c), and Article 6(1)(f) GDPR and Article 6(1)(f) GDPR are the legal basis for this data processing.

5. Customer account/user account

To provide you with maximum comfort, we offer you the permanent storage of your personal data in a password-protected customer account/user account.

Creation of the customer account is voluntary and takes place either based on your consent within the meaning of Article 6(1)(a) GDPR or for the performance of a contract (management of the customer account/user account) in accordance with Article 6(1)(b) GDPR. Once a customer account has been set up, no further data entry is required. You will also be able to view and change the data stored about you in your customer account at any time.

Opening a customer account for fulfilling the contract is only required if you would like to place orders via our website/application. In this case, Article 6(1)(b) GDPR is the (additional) legal basis for data processing.

For setting up a customer account, you need to provide a password of your choice in addition to the data requested when placing an order. Together with your e-mail address, this will provide access to your customer account. Please treat your personal access data confidentially and especially do not make it available to unauthorized third parties. Please note that you will remain logged in automatically even after you exited our website unless you specifically log out. You have the option of deleting your customer account at any time. Please note, however, that this does not simultaneously delete that data shown in your customer account once you have placed an order with us. Your data will be erased automatically after expiration of the retention requirements applicable to us under commercial and tax laws. Article 6(1)(c) GDPR and Article 6(1)(f) GDPR are the legal basis for this data processing.

6. Newsletter

Our website gives you the option to sign up for our e-mail newsletters. A newsletter will be sent only after you consented to receiving it and gave us your e-mail address.

To make sure that no errors occurred when the e-mail address was entered, we use the so-called double opt-in method (DOI method):

After you entered your e-mail address in the registration field and gave your consent to receipt of the newsletter, we will send you a confirmation link to the e-mail address entered.  Your e-mail address will not be included in our distribution list for sending the newsletter until you clicked on this confirmation link.

The legal basis for this data processing is Article 6(1)(a) GDPR.

Notice of right of withdrawal

You may withdraw your consent at any time with future effect by sending a message to info-business@otto.de or using the cancellation option at the end of each newsletter.

7. Recipient categories

7.1. Processors

We deploy processors in the course of processing your data. A processor is a natural or legal person, agency, public authority, or any other body that processes personal data on behalf of a data controller. Processors do not use the data for their own purposes, but process the data exclusively for the controller.

7.2. Other third-party partners

In addition, we may use other third-party partners as required for the performance of services and achievement of various purposes. We transfer personal data to these third-party partners if this is necessary within the scope of service provision.

The legal basis for this data transfer is Article 6(1)(b)(f) GDPR.

8. Recipients outside the EU

With the exception of processing in regard to which we inform of the possibility of transferring data to recipients based outside the EU in this data protection information, we do not share your data with any recipients based outside the European Union or the European Economic Area. The data is transferred based on so-called standard contractual clauses of the EU commission.

9. Duration of data storage

How long the data collected about you will be stored depends on the purpose for which we process the data. Storage will continue as long as it is necessary for achieving the intended purpose. Insofar as we have to store certain data categories for a specific period of time due to legal obligations (e.g. obligations under tax law), storage of the data after their storage is no longer necessary for achieving the respective purpose will continue exclusively for the purpose of meeting the legal obligation. In these cases, access to this data is blocked.

10. Your rights

In connection with the processing of personal data by us, you are entitled to rights of the data subject. You have, for instance, the right to assert access to information regarding your data stored by us. You may also withdraw consents you gave us and object to individual instances of data processing. You also have the right to rectification of incorrect data and may demand that we transfer to you certain data in a common electronic format. Furthermore, you have the right to erasure of your data stored with us. In this regard, please note that, for legal reasons, we may be obligated to continue storing the data despite assertion of your right to erasure of the data. Furthermore, we may, in individual constellations, have an interest in continuing storage of your data that outweighs your interest in their erasure (e.g. if we still have outstanding receivables against you).

10.1. Your rights in detail

Besides the right to withdraw the consents you have given us, you are entitled to the following additional rights provided that the respective legal prerequisites have been met:

the right of access to your personal data stored with us (Article 15 GDPR), in particular, you can obtain access to information on the purposes of the processing, the category of the personal data concerned, the categories of recipients to whom your data were or are being disclosed, the envisaged period of storage, the source of your data, insofar as these were not collected directly from you;

• the right to rectification of incorrect data or completion of correct data (Article 16 GDPR);

• the right to erasure of your data stored with us (Article 17 GDPR), unless we have to comply with statutory or contractual retention periods or other legal duties or rights concerning further storage (e.g. if we still have outstanding receivables against you);

• the right to restriction of processing of your data (Article 18 GDPR), to the extent that the accuracy of the data is contested by you, that the processing is unlawful, but you oppose its erasure; the controller no longer needs the data, but you require the data for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;

• the right to data portability (Article 20 GDPR), i.e. the right to receive selected data stored with us about you transmitted in a commonly used, machine-readable format, or to request transmission to another controller;

• the right to lodge a complaint with a supervisory authority. For this purpose, you may usually turn to the supervisory authority at your habitual residence or place of work, or where our company seat is located.

You may assert the aforementioned rights to which you are entitled against us under datenschutzbeauftragter@ottogroup.com.

September 2022

Scroll to Top