Privacy Policy

Privacy Policy of the Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg
Last updated: May 25, 2018


As of May 25, 2018 the uniform requirements of the EU General Data Protection Regulation (GDPR) apply Europe-wide in the area of data protection. The following Privacy Policy informs you about the processing of personal data conducted by the Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg (“OTTO and/or “we” and/or “controller”) in compliance with the GDPR and the German Data Protection Act (BDSG 2018).

Please read our Privacy Policy carefully.
You can request access (Art 15 GDPR, § 34 BDSG 2018) to your personal information we store here or at datenschutzauskunft@otto.de. 

Name and contact information of the controller responsible for processing

This Privacy Policy applies to data processing by the
Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg Germany
Telephone: 01806-303030
Email address: service@otto.de
represented by:
Alexander Birken (Chairman)
Dr. Rainer Hillebrand (Deputy Chairman)
Dr. Marcus Ackermann
Petra Scharner-Wolff
Kay Schiebur
Sven Seidel
Website: www.otto.de

Contact information of the Data Security Officer

You can contact the controller’s in-house Data Security Officer at
Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg Germany
Email: datenschutzbeauftragter@ottogroup.com

3.1 Accessing our websites/applications

Log files

Every time a website/application is accessed, information is sent to the server of our website/application by the respective Internet browser of your particular terminal and temporarily stored in so-called log files. The datasets stored there include the following data, which is stored until it is automatically erased: Date and time of access, name of the accessed page, IP address of the enquiring device, referrer URL (origin URL, from which you accessed our website), the data volume transmitted, loading time as well as product and version information of the respectively used browser and the name of your access provider.
The legal basis for the processing of the IP address is article 6 section 1 letter f) of the GDPR. Our legitimate interest results from
ensuring a trouble-free establishment of the connection,
ensuring the convenient use of our website/application,
analyzing system security and stability.
It is impossible to identify you directly based on this information and we do not use this information to do so.
The data is stored and automatically erased after achieving the aforementioned purposes. The standard periods for erasure comply with the criterion of necessity.


Cookies, tracking, social media plugins
We use so-called tracking tools as well as cookies and social media plugins for our website/application. Which precise methods are involved and how your data is used in that regard is explained in detail below.

Geolocalization

Insofar as you agreed to the so-called geolocalization in your browser or in the operating system or other settings of your respective terminal, we use this function, to be able to offer you individual services based on your current location. We solely process your location data processed in this manner for this function. If you cancel the use, the data is erased.

Online presence and website optimization

Cookies - general Information

We use cookies on various pages, to make your visit to our website appealing and to enable the use of specific functions as well as to statistically record the use of our website. Cookies are small text files, which your browser automatically creates and which are stored on your terminal (laptop, tablet, smartphone or the like), when you visit our website. Cookies do not cause any damage to your terminal, do not contain viruses, Trojans or other malware. Information, which respectively results in connection with the specifically used terminal, is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity in this way.
Most of the cookies we use are erased at the end of the browser session (so-called session cookies). For instance, these enable us to show you the shopping basket from any page, which you can use to see how many items are currently in your shopping basket and how high your current purchase value is. Other cookies remain on your computer and enable us to recognize your computer during your next visit (so-called persistent or permanent cookies). In particular, these cookies serve making our offers and services user-friendly, more effective and safer. Thanks to these files, it is possible to show you information on the page, which is specifically adapted to your interests for example.
Of course, you can adjust the settings in your browser, to prevent our cookies from being stored on your terminal. The help function in the menu bar of most web browsers explains, how you can prevent your browser from accepting new cookies, how you can allow your browser to inform you if a new cookie is received or also, how you can erase all cookies already received and how you can block your terminal for all other Cookies. To do so, please proceed as follows:

Internet Explorer:

  1. Select the item “Internet Options” in the “Extras” menu.
  2. Click the “Privacy” tab.
  3. Now, you can make the security settings for the Internet zone. Here, you can make respective settings as to whether and which cookies are to be allowed or blocked.
  4. You confirm your setting with “OK”.

Firefox:

  1. Select the item Settings in the “Extras” menu.
  2. Click “Privacy”.
  3. In the drop-down menu select the item “accept according to user-defined settings”.
  4. Now, you can make settings as to whether cookies are to be accepted, how long you want to keep these cookies and add exceptions, which websites you always or never want to allow the use cookies 
  5. You confirm your setting with “OK”.

Google Chrome:

  1. Click the Chrome menu in the symbol bar of the browser.
  2. Now, select “Settings”.
  3. Click “Show advanced settings”.
  4. Under “Privacy” click “Content settings”.
  5. Under “Cookies”, you can make the following settings for Cookies:
  • Delete cookies
  • Block cookies by default
  • Delete cookies and website data by default after closing the browser
  • Allow cookies from specific websites or domains

However, we would like to point out that in this case, you may not be able to fully use all functions of this Website.

Insofar as it is a matter of personal data in regard to these cookies and/or the information contained therein, the legal basis for data processing is art. 6 section 1 letter f) of the GDPR. At the same time, our interest in optimizing our website is deemed legitimate in terms of the preceding regulation.


Google Analytics

We use Google Analytics, a web analysis service of the Google Inc. (“Google”), for the purpose of a needs-based design and continuous optimization of our website based on article 6 section 1 letter f) of the GDPR. Google Analytics uses so-called “cookies”, text files, which are stored on your computer and enable analyzing your use of the website. In this connection, pseudonymized user profiles are created and cookies are used. The information created by the cookie regarding your use of this website include

  • browser type/version,
  • operating system used,
  • referrer URL (the previous page visited),
  • host name of the accessing computer (IP address),
  • time of server request

On behalf of the operator of this website, Google uses this information, to analyze your use of the website, to compile reports on the website activities and to provide other services to the website operator associated with the use of the website and Internet. The IP address transmitted by your browser in line with Google Analytics is not merged with other Google data. You can prevent the storage of cookies with a corresponding setting in your browser software; however, we would like to point out that in this case, you may not be able to fully use all functions of this website. Furthermore, you can prevent the collection of the data (incl. your IP address) created by the cookie and relating to your use of the website to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link.

Social media plugins

Based on article 6 section 1 letter f) of the GDPR, we use social plugins for the social networks Facebook and Twitter on our website, to raise the awareness of our company using these networks. The underlying promotional purpose is deemed as legitimate interest in terms of the GDPR. The responsibility for operating in compliance with data protection must be ensured by their respective provider.

Please refer to the respective privacy notices of the providers regarding the purpose and scope of data collection and the further processing and use of the data by the respective provider as well as your rights and configuration options in this regard, to protect your privacy. You can find the links below.
By logging off the websites of social networks beforehand as well as deleting stored cookies, you can prevent social networks from allocating information collected about you during your visit to otto.de to your user account at the respective social network. If you do not want social networks to directly allocate data collected via our website to your profile, you have to log off the respective social network before visiting our website.

By logging off the websites of social networks beforehand as well as deleting stored cookies, you can prevent social networks from allocating information collected about you during your visit to otto.de to your user account at the respective social network. If you do not want social networks to directly allocate data collected via our website to your profile, you have to log off the respective social network before visiting our website.

Facebook, YouTube

This website uses Facebook and Google (YouTube) social plugins. These are offered by the US American company Facebook and the Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).
If you visit a site with such a plugin, your browser establishes a connection to Facebook or Google and the content is loaded by these sites. Therefore, your visit to this website can possible be tracked by Facebook and Google, even if you do not actively use the function of the social plugin. If you have a Facebook or Google account, you can use such a plugin and in doing so, share information with your friends. OTTO does not have any influence on the content of the plugins or the transmission of information.
Facebook and Google provide detailed information regarding scope, nature, purpose and further processing of your data on their websites. There, you can also find further information regarding your rights and configuration options, to protect your privacy.
Facebook privacy notice
Google privacy notice

Twitter

Furthermore, this website integrates Twitter functions. These functions are offered by the Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). By using Twitter and the “retweet” function, the websites you visited are linked to your Twitter account and this information is disclosed to other users. At the same time, data is transmitted to Twitter. For this purpose, your Internet browser establishes a direct connection to the Twitter servers and transmits data to Twitter.
We would like to inform you that we do not receive any information regarding the content of the transmitted data or regarding its use by Twitter.
You can find additional information in the Twitter privacy notice.
You can change privacy settings at Twitter in the account settings.

WhatsApp

Moreover, a WhatsApp button (WhatsApp share button) is used on this website. Using this button, you can share content from otto.de via the WhatsApp application on your mobile phone. This button is a hyperlink. The appearance of the button on this website does not mean that personal data is transmitted to the operator of WhatsApp or other third parties. Once you use the WhatsApp button, the operator of WhatsApp knows which content is shared and that the button on this website was used. More information regarding the handling of personal data by the operator of WhatsApp can be found in the privacy notice of the operator.


Establishing contact

You have several options of contacting us. Via email, phone or by post. When you contact us, we solely use the personal data you voluntarily make available to us in this context for the purpose of being able to contact you and process your enquiry.
The legal basis for this data processing is art. 6 section 1 letter a), art. 6 section 1 letter b), art. 6 section 1 letter c) of the GDPR as well as art. 6 sec. 1 letter f) of the GDPR.

Comments

When users leave comments or other posts at otto-newsroom.de, their IP addresses are stored for 7 or 14 days based on our legitimate interests in terms of art. 6 section 1 letter f) of the GDPR. This is done for our own safety, in the event that someone leaves illegal content (insults, prohibited political propaganda, etc.) in the comments or Posts.

Other content from users

You have the option of publishing your own content at various places at otto.de (e.g. comments, etc.). If you leave a comment, recommendation or review regarding items, we process the personal data you voluntarily enter in line with the comment or review. As a basic principle, you can publish content at otto.de using a pseudonym and/or your first and abbreviated last name.
The legal basis for this data processing is art. 6 section 1 letter a), art. 6 section 1 letter b) as well as art. 6 sec. 1 letter f) of the GDPR. Furthermore, our Terms of Use apply to the posting of own content, which you can access here.

 

Recipients outside the EU

 

With the exception of the types of processing described, we do not pass your data on to recipients based outside the European Union or the European Economic Area. The types of processing stated include data transmission to the servers of the providers of tracking or targeting technologies we commission. These servers are located in the USA. Data transmission takes place based on so-called standard contract terms of the EU Commission as well as in compliance with the principles of the so-called Privacy Shield.

 

Your rights

 

Outline
In addition to your right to revoke your consent given to us, you also have the following rights if the respective legal requirements are met:

  • the right of access to your personal data (art. 15 GDPR) stored by us, in particular you can request information regarding the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned duration of storage, the origin of your data, provided that it was not collected directly from you;
  • the right to rectification of incorrect or incomplete accurate data (art. 16 GDPR),
  • the right to the erasure of your data stored by us (art. 17 GDPR), insofar as we are not required to comply with any legal or contractual retention periods or other legal duties or rights for further storage,
  • the right to the restriction of processing your data (art. 18 GDPR), insofar as you contest to the accuracy of the data, the processing is unlawful but you object to its erasure; the controller no longer requires the data however, you require it to assert, exercise or defend against legal claims or you have objected to the processing in accordance with art. 21 of the GDPR, If you purchase products/services from partners via otto.de, the aforementioned rights apply accordingly against our partners. If you want to assert the aforementioned rights against our partners, please contact the respective partner directly.
  • the right to data portability according to art. 20 of the GDPR, i.e. the right to receive your selected personal data we store in a commonly used, machine-readable format or to request the transmission of said data to another controller
  • the right to lodge a complaint with a supervisory authority. Normally, you can contact the supervisory authority at your usual place of residence or work for this purpose or contact our headquarters.


You can assert the previously stated rights you have against us at datenschutzauskunft@otto.de. You can assert your right to data portability in your customer account.

Additionally, you can request information pertaining to the personal data we store here.


Right to object

Under the conditions laid down in art. 21 sec. 1 of the GDPR, data processing can be objected to for reasons resulting from the special situation of the data subject.
The preceding general right to object applies to all processing purposes described in this Privacy Policy, which are processed based on article 6 section 1 letter f) of the GDPR. Contrary to the special right to object aimed at data processing for promotional purposes, according to the GDPR, we are only obligated to implement such a general right to object if you give us reasons of paramount importance (e.g. possible danger to life or health).


Right of revocation

Insofar as we process data based on your given consent, you have the right to revoke this consent at any time. The revocation of this consent does not result in the data processing, which was conducted based on your consent up to the time of revocation, becoming ineffective.

 

Data security

 

All of your transmitted personal data including your payment data is transferred using the generally common and secure standard SSL (Secure Socket Layer). SSL is a secure and tested standard, which is used for online banking for instance. Among other things, you can recognize a secure SSL connection by the “s” attached to http (i.e. https://...) in the address bar of your browser or by the small lock icon in the lower section of your browser.