Data Privacy Policy

of METRO LOGISTICS

Thank you for your interest in our website and our services. For us, data is the basis for excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect, is our number one priority. The following privacy notice is therefore intended to inform you about the processing of your personal data and your rights in this processing in accordance with the European General Data Protection Regulation ("GDPR") and other applicable data protection regulations

1. DESCRIPTION OF THE GROUPS OF PERSONS AFFECTED AND THE PERSONAL DATA PROCESSED

CATEGORIES OF PERSONS AFFECTED BY THE PROCESSING (DATA SUBJECTS):

Visitors and users of the online services

(hereinafter also referred to as "users")

TYPES OF DATA PROCESSED:

  • Inventory data (e.g. names, addresses).
  • Contact data (e.g. email, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Contractual data (only insofar as users also have concurrently a contractual relationship with METRO Logistics, in which case contractual object, term, customer category, etc. will then be processed).
  • Usage data (e.g. webpages visited, links clicked, interest in content, acess times).
  • Meta/communication data (e.g. device information, IP addresses). 

Hereinafter, we also refer to this processed data collectively as "personal data".

2. PROCESSING OF SPECIAL CATEGORIES OF DATA (ART. 9 PARA. 1 GDPR)

In principle, no special categories of data are processed, unless this has been provided for processing by the users, e.g. entered in online forms.

3. INTENDED PURPOSE OF THE PROCESSING

METRO LOGISTICS offers logistics services and provides users with continually updated information from the field of logistics.

To the extent that personal data is collected on our webpages, this is on a voluntary basis. For the purposes of marketing and website optimisation, we collect navigation information from website visitors, provided you have consented to this collection in the cookie settings or in another part of our website. This involves data about your end device and your visit to our website, in particular your IP address, referral source (i.e. the source that directed you to our website), the duration of your visit and the pages you opened.

Personal data is collected in the context of the following tasks:

  • providing the online service, its content and functions.
  • personalised display of website content
  • maintenance of inventory and usage data
  • acquisition of new customers
  • preparation and response to contact enquiries and communication with users
  • further services for customers
  • provision of contractual performance, service and customer support
  • marketing, advertising and market research
  • security measures.
4. RELEVANT LEGAL BASIS

Pursuant to Art. 13 GDPR, we inform you of the legal basis of our data processing. Unless the legal basis is specified separately in this Data Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR; the legal basis for the processing for the purposes of performing our services and implementing contractual measures as well as of answering questions is Art. 6 para. 1 (b) GDPR; the legal basis for the processing in order to fulfil our legal obligations is Art. 6 para. 1 (c) GDPR; and the legal basis for the processing in order to safeguard our legitimate interests is Art. 6 para. 1 (f) GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 (d) GDPR serves as the legal basis.

5. CHANGES AND UPDATES TO THE DATA PRIVACY POLICY
We ask that you inform yourself regularly about the content of our Data Privacy Policy. We adjust the Data Privacy Policy when this is necessitated by changes to the data processing we carry out. We will inform you when cooperation on your part (e.g. consent) or any other individual notification is required due to these changes.

6. SECURITY MEASURES
In accordance with Article 32 GDPR, we take appropriate technical and organisational measures, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate for the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data-related input, disclosure, reliability of availability and separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and the response to the endangerment of the data. Furthermore, we already consider the protection of personal data in the development or selection of hardware, software and processes, in accordance with the principle of data protection by means of technical design and data-protection-compliant presets (Art. 25 GDPR).

  • Security measures include, in particular, the encrypted transmission of data between your browser and our server or to the servers of our service providers (e.g. webhosts).
7. COLLABORATION WITH PROCESSORS AND THIRD PARTIES
  • If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only carried out on the basis of statutory licence (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for the fulfilment of the contract pursuant to Art. 6 para. 1 (b) GDPR), if you have consented to this, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. the utilisation of contractors, webhosts, etc.).
  • Insofar as we engage third parties for the processing of data on the basis of a "data processing contract", this is undertaken on the basis of Art. 28 GDPR.
8. TRANSFER TO THIRD COUNTRIES

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in the context of the utilisation of third-party services or disclosure/transfer of data to third parties, this is undertaken only when it is for the purposes of fulfilling our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual licence, we process or have the data processed in a third country only if the special conditions of Art. 44 ff. GDPR are met, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised establishment of an EU-compliant level of data protection or compliance with specific, officially recognised contractual obligations ("standard contractual clauses").

9. RIGHTS OF THE DATA SUBJECT

  • You have the right to confirm as to whether the data in question is processed and information concerning this data, as well as other information and copies of the data in accordance with Art. 15 GDPR.
  • In accordance with Art. 16 GDPR, you have the right to request that data pertaining to you is completed or incorrect data pertaining to you is corrected.
  • In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, to require a restriction on the processing of the data in accordance with Article 18 GDPR.
  • You have the right to request that you receive the data concerning you and which you have provided to us, in accordance with Article 20 GDPR, and to request its transmission to other controllers.
  • In addition, in accordance with Art. 77 GDPR, you have the right to submit a complaint to the competent supervisory authorities.

10. RIGHT OF REVOCATION

You are entitled to revoke any consent granted in accordance with Art. 7 para. 3 GDPR with future effect.

11. RIGHT OF OBJECTION

You can object at any time to the future processing of your data in accordance with Art. 21 GDPR. In particular, you can object to the processing for purposes of direct advertising.

12. COOKIES

We use session and persistant cookies; these are small files that are saved on the devices of the user (please see the last section of this Data Privacy Policy for an explanation of the term and the function). In part, these cookies are for the purposes of security or are necessary for the operation of our online service (e.g. for displaying the website) or to save the user's preference in confirming the cookie banner. We or our technological partners also use cookies for the purposes of marketing or measuring reach; this will be explained to the user in the course of the Data Privacy Policy.

By accepting our "cookie banner", you are consenting to the processing of your personal data by means of cookies. The legal basis for the use of performance & statistic (measurement of reach) cookies as well as marketing cookies is your consent in accordance with Art. 6 para. 1 sentence 1 (a) GDPR. The legal basis for the use of essential cookies and functional cookies is Art. 6 para. 1 sentence 1 (b) GDPR.

You can revoke your consent to the use of cookies at any time with future effect. In addition, you have the option of configuring your settings individually under "cookie settings".

13. DELETION OF DATA

  1. The data processed by us is deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in the context of this Data Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion is not precluded by statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, in the case of data that must be retained for commercial or tax-related reasons.
  2. According to legal requirements, the data is retained in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual accounts, commercial papers, accounting documents, etc.) as well as for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business papers, documents relevant to taxation, etc.).

14. PROVISION OF CONTRACTUAL PERFORMANCE

  • We process inventory data (e.g, names and addresses as well as contact details of users) and contractual data (e.g., services used, names of contact persons, payment information) for the purposes of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 (b) GDPR. The information indicated in online forms as being mandatory is required for the conclusion of the contract.
  • In the context of the registration and renewed login as well as the utilisation of our online services, we save the IP address and the date/time of the respective user action. This information is saved on the basis of our legitimate interests as well as for the protection of the user against misuse and other unauthorised use. In principle, this data will not be passed on to third parties, unless this is necessary for the pursuit of our claims or is subject to a statutory obligation in accordance with Art. 6 para. 1 (c) GDPR.
  • We process usage data (e.g., the webpages visited on our website, interest in our products) and content data (e.g., information provided in the contact form or user profile) for advertising purposes in a user profile in order to display to the user product suggestions based on the services they used previously, for example.
  • Deletion takes place after the expiry of statutory warranty obligations and similar. The necessity of the retention of the data is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)). Information in the customer account remains until it is deleted.

15. COMMUNICATION
  • When contacting us (via the contact form or by email), the user's information will be processed for the purposes of processing and settling the enquiry in accordance with Art. 6 para. 1 (b) GDPR.
  • The user's information may be saved in our customer relationship management system and marketing automation platform ("CRM & Marketing System").
  • We use the "HubSpot" CRM, registration and marketing automation system of the provider HibSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin) on the basis of our legitimate interests (efficient and fast processing of user enquiries, applications and optimisation of our online services). To this end, we have concluded a contract with HubSpot contained clauses in which HubSpot undertakes to process user data only according to our instructions and to comply with the EU standard of data privacy. Further information on HubSpot's data privacy guidelines can be found here: https://legal.hubspot.com/de/dpaand  https://legal.hubspot.com/de/privacy-policy
  • Our registration service allows visitors to our website to learn more about our company, download content and provide their contact details and other information. This information is saved on servers of our HubSpot software partner. We can use this information to contact visitors to our website and to determine which services offered by our company are of interest to them. All information collected by us is subject to this Data Privacy Policy. We use all information collected exclusively for the purposes of optimising our marketing.
  • We delete the enquiries as soon as they are no longer required. We review the necessity of retention of the data every two years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)).

 16. COMMENTS AND POSTS

Users can leave comments and make posts only after prior registration. This requires consent for the saving and use of the data as well acceptance of our Data Privacy Policy.

17. COLLECTION OF ACCESS DATA AND LOGFILES

  • On the basis of our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR, we collect data on every access to the server on which this service is located (server logfiles). The access data includes the name of the webpages retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
  • Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum period of seven days and is then deleted. Data which must be furtehr retained for evidential purposes is excluded from this deletion until the respective incident is clarified conclusively.

18. ONLINE PRESENCE IN SOCIAL MEDIA

  • We maintain an online presence in social networks and platforms in order to communicate there with active customers, interested parties and users and to enable us to inform them there about our services. When the respective networks and platforms are accessed, the terms and conditions and the data processing guidelines of their respective operators apply.
  • Unless otherwise specified in our Data Privacy Policy, we will process the users' data when they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

 19. NEWSLETTER & EMAIL MARKETING AUTOMATION

  • The distribution of the newsletter and performance measurement are on the basis of the consent of the recipient in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in connection with Section 7 para. 2 (3) of the German Fair Trade Practices Act (UWG) or on the basis of the statutory licence pursuant to Section 7 para. 3 UWG.
  • The logging of the subscription process is on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR and serves as evidence of consent to the receipt of the newsletter.
  • Termination/revocation – You can terminate your subscription to the newsletter at any time, i.e. revoke your consent. A link to unsubscribe from the newsletter is contained at the end of every newsletter. If the user has only subscribed to the newsletter and terminates this subscription, their personal data will be deleted.

20. INTEGRATION OF SERVICES AND CONTENT OF THIRD PARTIES
  • Within our online service, we use third-party content or service offerings, based on our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online service within the meaning of Art. 6 para. 1 (f) GDPR), in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content are aware of the IP address of the user, since the content could not be sent to the user's browser without the IP address. This means that the IP address is essential for the display of this content. We make every effort to use only such content whose respective providers use the IP address only for the provision of the content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags enable information such as visitor traffic on the pages of this website to be analysed. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information on the use of our online service, for example, and also linked to this sort of information from other sources.
  • The following provides an overview of third parties and their content, together with links to their data privacy policies containing further information on the processing of data and possible objections (opt-outs), which have in part been mentioned here already:
    1. External fonts of Google, LLC., https://www.google.com/fonts ("Google Fonts"). Google Fonts are integrated by means of server call at Google (generally in the US). Data privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.
    2. Maps of the "Google Maps" service from the third-party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
    3. Videos of the "YouTube" platform from the third-party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data privacy policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.
    4. We use the functions of the XING network. Provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland. Each time one of our pages containing the Xing functions is accessed, a connection is made with the Xing servers. To the best of our knowledge, personal data is not saved. In particular, no IP addresses are saved, nor is usage behaviour analysed. Data privacy policy: https://www.xing.com/app/share?op=data_protection.
    5. External code of the JavaScript framework “jQuery” provided by the third-party provider jQuery Foundation, https://jquery.org.

 DATA PROTECTION OFFICER

METRO LOGISTICS Germany GmbH
Schlüterstraße 1
40235 Düsseldorf
Germany

datenschutz@metro-logistics.de