Privacy and data protection information
Privacy information and data protection information of Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg for the otto.business website
The following information on data protection describes the processing of personal data performed by Otto (GmbH & Co. KG), Werner-Otto-Str. 1-7, 22179 Hamburg (“OTTO” and/or “we” and/or “Controller”) in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG 2018)).
Please read our data protection information carefully. Should you have any questions or comments concerning our data protection information, please feel free to contact us at email@example.com.
1. Name and contact information of the controller for processing
This data protection information applies to data processing by
Otto (GmbH & Co KG)
22179 Hamburg Germany
Phone: 040 – 3603 3603
E-mail address: firstname.lastname@example.org
Represented by the managing director(s)
Alexander Birken (chairman)
Dr. Marcus Ackermann
for the otto.business website.
2. Contact data of the data protection officer
You can reach the Controller’s company data protection officer(s) under
Otto (GmbH & Co KG)
22179 Hamburg Germany
E-mail address: email@example.com
3. Online presence and website optimization (by using cookies) including consents
We collect data on otto.business about the behavior of users on said website (tracking data). This includes, among others, data as to which individual sub-pages (item detail pages) were accessed. For this purpose, we may, among others, set cookies in the browser used by the respective user. The collection of tracking data is only permitted with your prior consent (Article 25(1)(1) Telecommunications Telemedia Data Protection Act (TTDSG)). You may give such consent by clicking on the “Accept” button on the cookie banner displayed on this website. However, no consent is required for the processing of such tracking data which is necessary for the content offered on the website (Article 25(2)(2) TTDSG). We can use the information about your usage behavior, among others, for displaying on our website offerings that are of interest to you or to provide you with advertising on other web pages using personalized contents (e.g. retargeting). Insofar as personal data about your usage behavior on otto.business may also be used by other vendors, for instance, for purposes of “enriching one’s own information”, such use will take place in these cases only after you have consented to it in advance. In these cases, the further processing of the data collected on this website regularly takes place under the vendors’ sole responsibility. The vendors may transfer the data to the US as part of this further processing. With regard to the US, the European Court of Justice determined that the US is a country with an inadequate level of data protection. Within this context, there is a particular risk that your data will be processed by American institutions / authorities for control and monitoring purposes without you having an adequate legal remedy against this. Tracking data that we collect and store ourselves are processed by us exclusively in pseudonymized form. This prevents an assignment of the data to your person. If you would like to delete individual cookies set in your browser or find out which service providers / vendors have set cookies in your browser, you can do so or find it out via a “Preference Manager”. You can access such a preference manager, for instance, under www.youronlinechoices.com. In addition, you can set up your browser so that it prevents the setting of cookies or only allows certain types of cookies to be set. For details regarding the option of changing the settings in common browser types (including Google Chrome, Firefox), please go to Item 4.2 of this data protection information.
3.1. Cookies – general information and obligation to consent
3.1.1 Cookies mandatory for technical reasons
In accordance with legal requirements, the storing of information on end devices (desktops, smartphones, tablets or similar) – for e.g. by setting cookies and retrieving information from end devices (tracking) is only permitted with your prior consent. The legal basis for this is Article 25(1)(1) TTDSG. However, such consent need not be given if such storage / retrieval is necessary for the content offered on the website. The legal basis for this is Article 25(2)(2) TTDSG. There is necessity, for instance, when it comes to ensuring the following functionalities / achieving the following purposes:
– allowing and maintaining the login,
– ensuring system security
– allowing partner billing
You, on your part, have no right to object with regard to data processing which is necessary for operating the website.
You may use the otto.business website without data from your end device being retrieved from or stored on your end device for such purposes which are not required for the content offered on this website. For this reason, only “basic tracking” is activated when this website is used – insofar as no further consent is given on your part.
3.1.2 Matomo for measuring basic reach
For the purpose of the needs-based design and continuous optimization of this website and with Article 6(1)(f) GDPR (legitimate interest) as a legal basis, we are using the web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”). Matomo uses so-called cookies (text files) which are stored on your computer and make it possible to analyze your use of the website. Acting on our behalf, Matomo will use this information to analyze your use of the website and to compile reports on website activities. Matomo will process the data collected exclusively on instruction from us and for our purposes.
You may object to data processing by Matomo by clicking . When you object, Matomo will no longer collect data on this website about the end device you used when making the objection.
3.1.3 Google Analytics
You can revoke your consent to the data processing described above . The revocation has the effect that Google Analytics will no longer collect any data on the terminal device used by you on the websites mentioned under point 1 when you give your revocation.
3.2. Intervention options/browser settings
You can of course set up your browser so that it does not store our cookies on your end device. The Help function in the menu bar of most web browsers explains how you prevent your browser from accepting new cookies, how you set your browser to notify you when you receive a new cookie or also how you can erase all cookies already received and block any additional ones.
To do so, please take the following steps:
In Internet Explorer / Microsoft Edge:
1. In the “Tools” menu, select “Internet Options”.
2. Click the “Privacy” tab.
3. Now you can select the security settings for the internet zone. Here you can set
whether and what cookies should be accepted or blocked.
4. Confirm your selection by clicking “OK”.
1. Click the Menu button and select “Internet options” [Settings].
2. Click on “Privacy & Security”.
3. From the drop-down menu, click on the “Create according to user-defined
settings” [Go to “Cookies and Site Data]”
5. Confirm your selection by clicking “OK”.
In Google Chrome:
1. Click the Chrome menu button in the top right corner of the browser.
2. Select “Settings”.
3. Click “Show Advanced Settings” [Privacy and security]
4. Under “Privacy”, click “Content settings” [Click “Cookies and other site data]
5. Under “Cookies”, you can select the following settings for cookies: [Here you can select the following settings for cookies]
• Clear cookies
• Clear cookies by default
• Clear cookies and web page data by default when exiting the browser
• Allow exceptions for cookies from certain web pages or domains
If you would like to erase individual cookies set in your browser or find out which service providers / vendors have set cookies in your browser, you can also do this or find it out via a “Preference Manager”. You can access such a preference manager, for instance, under www.youronlinechoices.com.
3.3. Consents to the use of individual online services/the collection of
Withdrawal of any consent
By clicking here, you can withdraw any consent you gave by clicking on the “Accept” button reproduced in the banner.
3.3.1 Consent to Hubspot
A pixel of HubSpot, Inc. is embedded in this website. With this pixel, information about the use of this website is collected by Otto (GmbH & Co KG) as controller. The following data is collected:
• Time of visit
• Number of sessions
• User token
• Page views.
The purpose of data processing is to analyze the visit to our website and – if you subscribed to our newsletter – to link your visit to our website to your data. HubSpot processes the data exclusively as a processor and therefore does not use it for its own purposes. The legal basis for the data processing described above is Article 6(1)(a) GDPR (consent).
You can withdraw your consent to the use of Hubspot or refuse to give your consent to its use .
You may contact us in several ways: via e-mail, by phone, by contact form or by mail. When you contact us, we will use the personal data which you make available to us voluntarily within this context exclusively for the purpose of getting in touch with you and being able to process your request.
Article 6(1)(f), Article 6(1)(b), Article 6(1)(c), and Article 6(1)(f) GDPR and Article 6(1)(f) GDPR are the legal basis for this data processing.
5. Customer account/user account
To provide you with maximum comfort, we offer you the permanent storage of your personal data in a password-protected customer account/user account.
Creation of the customer account is voluntary and takes place either based on your consent within the meaning of Article 6(1)(a) GDPR or for the performance of a contract (management of the customer account/user account) in accordance with Article 6(1)(b) GDPR. Once a customer account has been set up, no further data entry is required. You will also be able to view and change the data stored about you in your customer account at any time.
Opening a customer account for fulfilling the contract is only required if you would like to place orders via our website/application. In this case, Article 6(1)(b) GDPR is the (additional) legal basis for data processing.
For setting up a customer account, you need to provide a password of your choice in addition to the data requested when placing an order. Together with your e-mail address, this will provide access to your customer account. Please treat your personal access data confidentially and especially do not make it available to unauthorized third parties. Please note that you will remain logged in automatically even after you exited our website unless you specifically log out. You have the option of deleting your customer account at any time. Please note, however, that this does not simultaneously delete that data shown in your customer account once you have placed an order with us. Your data will be erased automatically after expiration of the retention requirements applicable to us under commercial and tax laws. Article 6(1)(c) GDPR and Article 6(1)(f) GDPR are the legal basis for this data processing.
Our website gives you the option to sign up for our e-mail newsletters. A newsletter will be sent only after you consented to receiving it and gave us your e-mail address.
To make sure that no errors occurred when the e-mail address was entered, we use the so-called double opt-in method (DOI method):
After you entered your e-mail address in the registration field and gave your consent to receipt of the newsletter, we will send you a confirmation link to the e-mail address entered. Your e-mail address will not be included in our distribution list for sending the newsletter until you clicked on this confirmation link.
The legal basis for this data processing is Article 6(1)(a) GDPR.
Notice of right of withdrawal
You may withdraw your consent at any time with future effect by sending a message to firstname.lastname@example.org or using the cancellation option at the end of each newsletter.
7. Recipient categories
We deploy processors in the course of processing your data. A processor is a natural or legal person, agency, public authority, or any other body that processes personal data on behalf of a data controller. Processors do not use the data for their own purposes, but process the data exclusively for the controller.
7.2. Other third-party partners
In addition, we may use other third-party partners as required for the performance of services and achievement of various purposes. We transfer personal data to these third-party partners if this is necessary within the scope of service provision.
The legal basis for this data transfer is Article 6(1)(b)(f) GDPR.
8. Recipients outside the EU
With the exception of processing in regard to which we inform of the possibility of transferring data to recipients based outside the EU in this data protection information, we do not share your data with any recipients based outside the European Union or the European Economic Area. The data is transferred based on so-called standard contractual clauses of the EU commission.
9. Duration of data storage
How long the data collected about you will be stored depends on the purpose for which we process the data. Storage will continue as long as it is necessary for achieving the intended purpose. Insofar as we have to store certain data categories for a specific period of time due to legal obligations (e.g. obligations under tax law), storage of the data after their storage is no longer necessary for achieving the respective purpose will continue exclusively for the purpose of meeting the legal obligation. In these cases, access to this data is blocked.
10. Your rights
In connection with the processing of personal data by us, you are entitled to rights of the data subject. You have, for instance, the right to assert access to information regarding your data stored by us. You may also withdraw consents you gave us and object to individual instances of data processing. You also have the right to rectification of incorrect data and may demand that we transfer to you certain data in a common electronic format. Furthermore, you have the right to erasure of your data stored with us. In this regard, please note that, for legal reasons, we may be obligated to continue storing the data despite assertion of your right to erasure of the data. Furthermore, we may, in individual constellations, have an interest in continuing storage of your data that outweighs your interest in their erasure (e.g. if we still have outstanding receivables against you).
10.1. Your rights in detail
Besides the right to withdraw the consents you have given us, you are entitled to the following additional rights provided that the respective legal prerequisites have been met:
• the right of access to your personal data stored with us (Article 15 GDPR), in particular, you can obtain access to information on the purposes of the processing, the category of the personal data concerned, the categories of recipients to whom your data were or are being disclosed, the envisaged period of storage, the source of your data, insofar as these were not collected directly from you;
• the right to rectification of incorrect data or completion of correct data (Article 16 GDPR);
• the right to erasure of your data stored with us (Article 17 GDPR), unless we have to comply with statutory or contractual retention periods or other legal duties or rights concerning further storage (e.g. if we still have outstanding receivables against you);
• the right to restriction of processing of your data (Article 18 GDPR), to the extent that the accuracy of the data is contested by you, that the processing is unlawful, but you oppose its erasure; the controller no longer needs the data, but you require the data for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;
• the right to data portability (Article 20 GDPR), i.e. the right to receive selected data stored with us about you transmitted in a commonly used, machine-readable format, or to request transmission to another controller;
• the right to lodge a complaint with a supervisory authority. For this purpose, you may usually turn to the supervisory authority at your habitual residence or place of work, or where our company seat is located.
You may assert the aforementioned rights to which you are entitled against us under email@example.com.