Thank you for your interest in our website and our services. For us, data is the basis for excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect, is our number one priority. The following privacy notice is therefore intended to inform you about the processing of your personal data and your rights in this processing in accordance with the European General Data Protection Regulation ("GDPR") and other applicable data protection regulations
1. DESCRIPTION OF THE GROUPS OF PERSONS AFFECTED AND THE PERSONAL DATA PROCESSED
CATEGORIES OF PERSONS AFFECTED BY THE PROCESSING (DATA SUBJECTS):
Visitors and users of the online services
(hereinafter also referred to as "users")
TYPES OF DATA PROCESSED:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Contractual data (only insofar as users also have concurrently a contractual relationship with METRO Logistics, in which case contractual object, term, customer category, etc. will then be processed).
- Usage data (e.g. webpages visited, links clicked, interest in content, acess times).
- Meta/communication data (e.g. device information, IP addresses).
Hereinafter, we also refer to this processed data collectively as "personal data".
2. PROCESSING OF SPECIAL CATEGORIES OF DATA (ART. 9 PARA. 1 GDPR)
In principle, no special categories of data are processed, unless this has been provided for processing by the users, e.g. entered in online forms.
3. INTENDED PURPOSE OF THE PROCESSING
METRO LOGISTICS offers logistics services and provides users with continually updated information from the field of logistics.
To the extent that personal data is collected on our webpages, this is on a voluntary basis. For the purposes of marketing and website optimisation, we collect navigation information from website visitors, provided you have consented to this collection in the cookie settings or in another part of our website. This involves data about your end device and your visit to our website, in particular your IP address, referral source (i.e. the source that directed you to our website), the duration of your visit and the pages you opened.
Personal data is collected in the context of the following tasks:
- providing the online service, its content and functions.
- personalised display of website content
- maintenance of inventory and usage data
- acquisition of new customers
- preparation and response to contact enquiries and communication with users
- further services for customers
- provision of contractual performance, service and customer support
- marketing, advertising and market research
- security measures.
6. SECURITY MEASURES
In accordance with Article 32 GDPR, we take appropriate technical and organisational measures, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate for the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data-related input, disclosure, reliability of availability and separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and the response to the endangerment of the data. Furthermore, we already consider the protection of personal data in the development or selection of hardware, software and processes, in accordance with the principle of data protection by means of technical design and data-protection-compliant presets (Art. 25 GDPR).
- Security measures include, in particular, the encrypted transmission of data between your browser and our server or to the servers of our service providers (e.g. webhosts).
- If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only carried out on the basis of statutory licence (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for the fulfilment of the contract pursuant to Art. 6 para. 1 (b) GDPR), if you have consented to this, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. the utilisation of contractors, webhosts, etc.).
- Insofar as we engage third parties for the processing of data on the basis of a "data processing contract", this is undertaken on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in the context of the utilisation of third-party services or disclosure/transfer of data to third parties, this is undertaken only when it is for the purposes of fulfilling our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual licence, we process or have the data processed in a third country only if the special conditions of Art. 44 ff. GDPR are met, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised establishment of an EU-compliant level of data protection or compliance with specific, officially recognised contractual obligations ("standard contractual clauses").
9. RIGHTS OF THE DATA SUBJECT
- You have the right to confirm as to whether the data in question is processed and information concerning this data, as well as other information and copies of the data in accordance with Art. 15 GDPR.
- In accordance with Art. 16 GDPR, you have the right to request that data pertaining to you is completed or incorrect data pertaining to you is corrected.
- In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, to require a restriction on the processing of the data in accordance with Article 18 GDPR.
- You have the right to request that you receive the data concerning you and which you have provided to us, in accordance with Article 20 GDPR, and to request its transmission to other controllers.
- In addition, in accordance with Art. 77 GDPR, you have the right to submit a complaint to the competent supervisory authorities.
10. RIGHT OF REVOCATION
You are entitled to revoke any consent granted in accordance with Art. 7 para. 3 GDPR with future effect.
11. RIGHT OF OBJECTION
You can object at any time to the future processing of your data in accordance with Art. 21 GDPR. In particular, you can object to the processing for purposes of direct advertising.
By accepting our "cookie banner", you are consenting to the processing of your personal data by means of cookies. The legal basis for the use of performance & statistic (measurement of reach) cookies as well as marketing cookies is your consent in accordance with Art. 6 para. 1 sentence 1 (a) GDPR. The legal basis for the use of essential cookies and functional cookies is Art. 6 para. 1 sentence 1 (b) GDPR.
13. DELETION OF DATA
- According to legal requirements, the data is retained in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual accounts, commercial papers, accounting documents, etc.) as well as for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business papers, documents relevant to taxation, etc.).
14. PROVISION OF CONTRACTUAL PERFORMANCE
- We process inventory data (e.g, names and addresses as well as contact details of users) and contractual data (e.g., services used, names of contact persons, payment information) for the purposes of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 (b) GDPR. The information indicated in online forms as being mandatory is required for the conclusion of the contract.
- In the context of the registration and renewed login as well as the utilisation of our online services, we save the IP address and the date/time of the respective user action. This information is saved on the basis of our legitimate interests as well as for the protection of the user against misuse and other unauthorised use. In principle, this data will not be passed on to third parties, unless this is necessary for the pursuit of our claims or is subject to a statutory obligation in accordance with Art. 6 para. 1 (c) GDPR.
- We process usage data (e.g., the webpages visited on our website, interest in our products) and content data (e.g., information provided in the contact form or user profile) for advertising purposes in a user profile in order to display to the user product suggestions based on the services they used previously, for example.
- Deletion takes place after the expiry of statutory warranty obligations and similar. The necessity of the retention of the data is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)). Information in the customer account remains until it is deleted.
- When contacting us (via the contact form or by email), the user's information will be processed for the purposes of processing and settling the enquiry in accordance with Art. 6 para. 1 (b) GDPR.
- The user's information may be saved in our customer relationship management system and marketing automation platform ("CRM & Marketing System").
- We use the "HubSpot" CRM, registration and marketing automation system of the provider HibSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin) on the basis of our legitimate interests (efficient and fast processing of user enquiries, applications and optimisation of our online services). To this end, we have concluded a contract with HubSpot contained clauses in which HubSpot undertakes to process user data only according to our instructions and to comply with the EU standard of data privacy. Further information on HubSpot's data privacy guidelines can be found here: https://legal.hubspot.com/de/dpaand https://legal.hubspot.com/de/privacy-policy
- We delete the enquiries as soon as they are no longer required. We review the necessity of retention of the data every two years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)).
16. COMMENTS AND POSTS
17. COLLECTION OF ACCESS DATA AND LOGFILES
- On the basis of our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR, we collect data on every access to the server on which this service is located (server logfiles). The access data includes the name of the webpages retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum period of seven days and is then deleted. Data which must be furtehr retained for evidential purposes is excluded from this deletion until the respective incident is clarified conclusively.
18. ONLINE PRESENCE IN SOCIAL MEDIA
- We maintain an online presence in social networks and platforms in order to communicate there with active customers, interested parties and users and to enable us to inform them there about our services. When the respective networks and platforms are accessed, the terms and conditions and the data processing guidelines of their respective operators apply.
19. NEWSLETTER & EMAIL MARKETING AUTOMATION
- The distribution of the newsletter and performance measurement are on the basis of the consent of the recipient in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in connection with Section 7 para. 2 (3) of the German Fair Trade Practices Act (UWG) or on the basis of the statutory licence pursuant to Section 7 para. 3 UWG.
- The logging of the subscription process is on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR and serves as evidence of consent to the receipt of the newsletter.
- Termination/revocation – You can terminate your subscription to the newsletter at any time, i.e. revoke your consent. A link to unsubscribe from the newsletter is contained at the end of every newsletter. If the user has only subscribed to the newsletter and terminates this subscription, their personal data will be deleted.
20. INTEGRATION OF SERVICES AND CONTENT OF THIRD PARTIES
- Within our online service, we use third-party content or service offerings, based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online service within the meaning of Art. 6 para. 1 (f) GDPR), in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content are aware of the IP address of the user, since the content could not be sent to the user's browser without the IP address. This means that the IP address is essential for the display of this content. We make every effort to use only such content whose respective providers use the IP address only for the provision of the content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information on the use of our online service, for example, and also linked to this sort of information from other sources.
- The following provides an overview of third parties and their content, together with links to their data privacy policies containing further information on the processing of data and possible objections (opt-outs), which have in part been mentioned here already:
DATA PROTECTION OFFICER
METRO LOGISTICS Germany GmbH