Special offer has been added to 
Special offer has been added to

Data Protection Notices

1. General Information a) Introduction Thank you for your interest in our website and our online services. Data is the basis for us to provide an excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect from us is our highest priority. Therefore the following data protection notices are designed to inform you about the processing of your personal data and your rights regarding this processing according to the General Data Protection Regulation (“GDPR”) and the Act to Adapt Data Protection Law to Regulation 2016/679 and to Implement Directive 2016/680 (hereinafter referred to as “DSAnpUG-EU”). b) Controller We, the METRO AG, Metro-Strasse 1, 40235 Düsseldorf, Germany are the controller according to the GDPR and therefore responsible for the data processing explained herein. c) Data Protection Officer You can contact our data protection officer at any time by using the following contact details: METRO AG, Data Protection Officer, Metro-Strasse 1, 40235 Germany, E-Mail: datenschutz@metro.de. 2. Processing of Personal Data During Your Use of Our Website Your visit to our website and use of our online services will be logged. The IP address currently used by your terminal device (for example your computer or your mobile phone), date and time, the browser type and operating system of your terminal device and the pages accessed are recorded. This data is collected for the purposes of data security and to optimize and to improve our online services. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter f) GDPR. It is in our legitimate interest to protect our website and to improve our services. Any other processing of the data, with the exception of for statistical purposes in anonymous form, is only carried out within the scope of this data protection notices. Beyond that, personal data is only stored if you provide it to us of your own account, e.g. as part of a registration or for the performance of a contract. We have taken appropriate technical precautions to ensure that the data is encrypted during the login process for registration or other services, i.e. protected from unauthorized access. Further information, in particular about the technologies we use, may be found below. a) Business Owner Account Registration If you wish to present your business and want to provide a special offer to consumers, you can create a customer account on our website by using the link. If you fill out the registration form and submit your personal data to us, you will receive an E-Mail to the E-Mail Address you have given us. To finish the account registration, you need to click the link “activate account” within this E-Mail and then chose a password. With your user name and password, you will be able to log into your account to use it. The personal data that you typed into the registration form will only be processed for the purpose of creating and maintaining your business owner account. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter b) GDPR. The provision of your personal data is voluntary. You are neither obliged to provide your personal data to us, nor is this provision necessary to fulfill a statutory or contractual requirement or a requirement necessary to enter into a contract. If you do not provide your personal data to us, this will not result in any consequences for you, except that we will not be able to register a business owner account for you. When you register for an Own Business Day Account we will match your data with our data of existing METRO Customers. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter f) GDPR. It is in our legitimate interest to find out, if and to which extent our existing customers participate in Own Business Day. Your personal data will only be stored until you deactivate your account. You can delete your account after you have logged into your account. If you delete your account, your personal data will be deleted without undue delay, unless we are legally obliged to retain your information. Please note that you will not be able to use your business owner account anymore, after it has been deactivated. b) Own Business Day Communication If you wish, you can subscribe for Own Business Day Communication once you have created a user account. We will provide marketing information and other relevant information related to Own Business Day participation as well as get in contact for the performance of participation feedback surveys also via e-mail, SMS, fax, telephone and social media as far as you have provided these contact details. If you have consented to our Own Business Day Communication, since Own Business Day is a recurring event, we will send you email newsletters about this year’s event as well as for Own Business Day events in upcoming years until you withdraw your consent. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. We use optivo® broadmail for sending newsletters. optivo® broadmail is a service of optivo GmbH (Wallstraße 16, 10179 Berlin). If you open a newsletter, a so-called tracking pixel is used when opening it. This saves the following data in optivo® broadmail: e-mail address, newsletter, date and time of opening. Links in our newsletters contain tracking information that enables us to determine which links were of particular interest to you if you clicked on them. The following data is stored in optivo® broadmail via the tracking link: e-mail address, newsletter, link, date and time. Your personal data will only be stored until you unsubscribe for the newsletter by clicking the link “unsubscribe”, which is provided in below each newsletter you receive from us. If you unsubscribe, your personal data will be deleted without undue delay. Please note that you will not receive newsletters or vouchers from us anymore, after your personal data have been deleted. c) Contact Form You can use the contact form on our website (www.website.de/contactform), to contact us for any request. The personal data that you typed into the contact form will only be processed for the purpose of answering your request and only if you have given your consent to the data processing. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. d) Cookies and Tracking In order to make your visit to our website more appealing and to enable the use of certain functions, we use so-called “cookies” on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies to recognize your browser on your next visit (persistent cookies). You can set your browser in such a way that you are informed about the setting of cookies separately and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. For more information, see the help function of your Internet browser. If cookies are not accepted, the functionality of our website may be limited. In the following we will deal with specific cookies. We distinguish between necessary cookies and promotional cookies. Necessary cookies are required for proper operation of our website. Rejecting these cookies will change your user experience while browsing our website and certain services on our website will therefore not be usable. Promotional cookies are described hereinafter. By accepting our “cookie-banner”, you consent to the processing of data through these cookies. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. 1) Adobe Analytics We use Adobe Analytics, a service of Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Republic of Ireland; "Adobe"). This service uses "cookies", which are stored on your terminal device and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address, your wholesale store, your customer number and the number of the person entitled to purchase) is transmitted to Adobe servers in Ireland, where it is anonymized and then transmitted in anonymous form to servers in the USA for further processing and stored there. Adobe uses this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services relating to website and Internet use. Where required to do so by law, or where such information is processed on Adobe's behalf, such information may be transferred to third parties. Under no circumstances will your IP address be associated with other Adobe data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The data collection by Adobe can be contradicted at any time with effect for the future. You can find out more about the revocation at http://www.adobe.com/privacy/opt-out.html. 2) Google Analytics We also use Google Analytics, a web analysis service provided by Google Inc. "("Google"). Google Analytics also uses cookies. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. However, Google will previously shortened your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en 3) Google AdWords As an AdWords customer we use Google Conversion Tracking. This is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google AdWords is used to display pages from metro.de on Google in the advertising space area. If you access our website via a Google ad, Google Adwords sets a cookie on your end device ("conversion cookie"). This cookie expires after 30 days. It is not used for personal identification. If the cookie has not expired when you visit certain pages, we and Google can see that someone clicked on the ad and was forwarded to our page. Each AdWords customer receives a different cookie. Cookies can therefore not be traced through the websites of AdWords customers. The information collected by the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that could personally identify users. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the "googleadservices.com" domain. 4) Doubleclick by Google With Doubleclick by Google we use a service of Google Inc. to show relevant ads to you. Cookies that do not contain any personal information are used for this purpose. Doubleclick cookies use a pseudonymous identification number assigned to your browser to check whether ads are displayed and clicked on. This enables Google and its partner sites to serve ads based on previous visits to METRO Cash & Carry pages or other websites. The information generated by Doubleclick cookies is transmitted to and stored by Google on servers in the United States of America. Google complies with the data protection provisions of the US and EU "Privacy Shield" agreement and is certified for the "Privacy Shield". The data will only be transferred to third parties within the framework of legal regulations or order data processing If you agree to the storage of cookies, but do not wish to use Doubleclick cookies, you can do so under the following link: https://www.google.com/settings/ads/onweb/ to download and install a browser plug-in that disables Doubleclick by Google service. 5) Facebook Pixel We use Facebook Pixel, a tool operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd, 4 Grand Ca-nal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), on our website for the analysis, optimization and economic operation of the website. With the help of Facebook Pixel, Facebook is able to determine the visitors of our website as a target group for the presentation of Facebook ads. Accordingly, we use Facebook Pixel to display the Facebook ads we post only to Facebook users who have shown an interest in our website. This means that with the help of Facebook Pixel we want to make sure that our Facebook ads correspond to the potential interest of the users and are not annoying. We can also use Facebook Pixel to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion" or "visitor interaction"). In this case, the processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. Facebook Pixel is deployed by Facebook directly when you visit our website and can store a cookie on your device. If you then log in to Facebook or visit Facebook while being logged in, the visit to our website will be recorded in your profile. The data collected about you is anonymous to us, so it does not provide us with any information about the identity of the users. However, Facebook stores and processes the data so that a connection to the respective user profile is possible. This means that user profiles can be created from the processed data. Facebook processes the data in accordance with Facebook's Privacy Policy. You can find more information on how Facebook Pixel works and in general on how Facebook ads are displayed in Facebook's Privacy Policy: https://www.facebook.com/policy. 6) Sizmek We use Sizmek to provide cross-device interest based advertising. Sizmek is operated by Sizmek inc., 401 Park Avenue S, 10016 New York City, USA and enables us to deliver relevant and targeted advertising based on your interests and your usage of our website. We also use Sizmek to measure the success of our advertising efforts (through interactions and clicks for example). Sizmek uses cookies and similar technologies, like pixels and static device identifiers, to analyze your usage and interactions. The data collected by Sizmek does not enable us to identify you personally. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. For further information please visit Sizmek’s privacy policy at https://www.sizmek.com/privacy-policy. To withdraw your consent, you can use the opt-out tool by Sizmek, which you can find at: https://www.sizmek.com/privacy-policy/optedout/#options 7) Taboola We use Taboola to provide content tailored to your usage. Taboola is a service provided by Taboola, Inc., 1115 Broadway, 7th Floor, New York, NY 10010, USA. Taboola enables us to provide user-specific recommendations for content and ads based on surfing behaviour and customer interests in order to improve the user-friendliness of our website. The user profiles are created using pseudonyms, they are not merged with the data on the bearer of the pseudonym and do not allow any conclusions as to the identity of a specific user. Taboola uses cookies to collect the necessary information. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. For further information please visit Taboola’s privacy policy at https://www.taboola.com/privacy-policy, where you can use their opt-out tools under “User Choices” to withdraw your consent. 8) Google Maps Our website uses the Google Maps plugin to show the location of the businesses that participate in Own Business Day. This service is offered by Google. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter f) GDPR. It is in our legitimate interest to provide you with a map of special offers around a certain area. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and setting options for the protection of your privacy can be found in Google's data protection information at https://www.google.com/policies/privacy/partners/?hl=de e) Links to Social Media Providers / Social Plugins Our website uses social plugins from the following social networks (hereinafter referred to as "social networks"): Facebook (operated by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) Google Plus (Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) In the interest of the most comprehensive protection of your data we use technical solutions that ensure that data transfer via social plugins to the respective provider of the social network does not take place without prior activation of the social plugins by you. Social plugins are deactivated initially and do not establish contact with Facebook servers or other operators of social networks without activation. If you activate these deactivated plug-ins by clicking on the "Activate Social Media" button on our website, you thereby declare your consent to the transmission of the personal data described in this section to the social networks. In this case, the processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. After activation, the social plugins establish a connection to the respective social network. With a further click you can then send a recommendation within the respective social network. If you are already logged in to a social network while you are visiting our websites, no further login dialog may be displayed. The consent can be cancelled at any time by clicking on the "Deactivate Social Media" button. If you activate the social plugins that are deactivated by default, a connection is established with the social network servers. Each social plugin then transmits data to the respective social network. We have no influence on the amount of data that the respective social network collects with the help of the social plugin. As far as we know, social networks receive information about which of our websites you have visited currently and previously. With each activated social plugin, a cookie with a unique identifier is set each time the relevant website is called. This enables the social network to create a profile of your usage behavior. It cannot be ruled out that such a profile can be assigned to you even if you register with the social network for the first time at a later date. If you are already logged in to a social network when you visit our websites, the operator of this social network may be able to assign the visit to your personal account as soon as you activate the social plug-ins. When using social plugin functions (e.g. "Like" button, making a comment or "Tweets"), the information about this is transmitted directly from your browser to the corresponding social network and stored there. The same applies when calling up a website of a social media operator by clicking on the corresponding icon button. If you are not a member of a social network, the social networks may still receive and store your IP address and information about the browser and operating system you are using after you activate the social plugins. For the scope and purpose of the collection, processing and use of the data by social networks and information on rights and recruitment options for the protection of your privacy, please refer to the data protection information. Our websites also contains simple links to Facebook, Google Plus and Twitter. In this case, a data transfer to the social media operators mentioned only takes place when the corresponding icon button (e.g. the "f" of Facebook, the bird symbol of Twitter, the "+1" symbol of Google Plus) is clicked. If you click on such an icon button, a page of the corresponding social media operator opens in a popup window. There you can publish information about our products according to the regulations of the social media operator. f) Data Recipients We are part of the METRO Group, which is internationally active. To achieve the purposes mentioned above under 2.a) and b), we use service providers, i.e. as data processors according to Art. 28 GDPR, for example our service providers for cloud hosting, platform and maintenance services, for the sending of e-mails and SMS, for customer service and for contact by telephone or for personalized advertising. These are external service providers and also service providers within the METRO Group, like METRO Group shared service centers, which are located in countries within and outside the European Union (EU) and the European Economic Area (EEA) (i.e. the international data center of the METRO Group, which is operated by the METRO-NOM GmbH). We ensure i.e. by contractual regulations, that these service providers process personal data in accordance with European data protection law to guarantee a high data protection level, even if personal data are transferred into a country, in which another data protection level is common and for which no adequacy decision of the Commission of the EU exists. Another transfer of personal data to other recipients is not performed, except where we are obliged to do so by law. For more information about appropriate safeguards for the international data transfer or a copy of them, please contact our data protection officer via e-mail under: datenschutz@metro.de. g) Mandatory/Voluntary Data Provision and Retention Period The provision of your personal data is voluntary. You are neither obliged to provide your personal data to us, nor is this provision necessary to fulfill a statutory or contractual requirement (unless you register as a business owner, in this case the provision of the data mentioned under section 2.c) is necessary for the performance of the contract). If you do not provide your personal data to us, this will not result in any consequences for you, except that you will not be able to use our services. Personal data provided to us via our website will only be stored until the purpose for which they were processed has been fulfilled. Since Own Business Day is a recurring event, we will store your Business Owner Account registration data in order to make future registrations easier for you. Insofar as retention periods under commercial and tax law have to be observed, the storage period for certain data can be up to 10 years. Deviating storage periods may also arise due to a legitimate interest of METRO (e.g. to guarantee data security, to prevent misuse or to prosecute criminal offenders). Data that we have to store due to legal, statutory or contractual storage obligations will be blocked. h) Transfer of Data into Third Countries We may transfer your data to parties based in states outside the European Union (EU) or the European Economic Area (EEA) (“third countries”) who are acting as processors on our behalf (e.g. IT service providers or data centers). If there is no decision of the EU Commission regarding an adequate level of data protection in the country concerned, we conclude contracts in accordance with EU data protection rules, which ensure that your rights and freedoms are adequately protected and safeguarded. Alternatively, the data transfer is based on Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield. We will be happy to provide you with the relevant, detailed information upon request. We do not otherwise transfer your personal data to countries outside the EU or the EEA or to international organizations. i) Automated Decision Making/Profiling We do not use automated decision making or profiling (an automated analysis of your personal circumstances). 3. Your Rights As a data subject, you can contact our data protection officer at any time with a formless notification under the contact dates mentioned above under 1. c) to exercise your rights according to the GDPR. These rights are the following: • The right to receive information about the data processing and a copy of the processed data (right to access, Art. 15 GDPR), • The right to demand the rectification of inaccurate data or the completion of incomplete data (right to rectification, Art. 16 GDPR), • The right to demand the erasure of personal data and, in case the personal data have been made public, the information towards other controllers about the request of erasure (right to erasure, Art. 17 GDPR), • The right to demand the restriction of the data processing (right to restriction of processing, Art. 18 GDPR), • The right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller (right to data portability, Art. 20 GDPR), • The right to object the data processing in order to stop it (right to object, Art. 21 GDPR), • The right to withdraw a given consent at any time to stop a data processing that is based on your consent. The withdrawal will not affect the lawfulness of the processing based on the consent before the withdrawal (right to withdraw consent, Art. 7 GDPR). • The right to lodge a complaint with a supervisory authority if you consider the data processing to be an infringement of the GDPR (right to lodge a complaint with a supervisory authority, Art. 77 GDPR). Information about your right to Object pursuant to art. 21 GDPR You have the right to object at any time to the processing of your data on the basis of art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or art. 6 para. 1 e GDPR (data processing in the public interest), if there are reasons to object arising from your particular situation. This also applies to profiling based on this provision within the meaning of art. 4 No. 4 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling and applicable reasons for the processing, which out-weigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection can be made without formality and should be addressed to the contact details at the beginning of these Data Protection Notices.