The controller as defined in the GDPR, other data protection legislation in the member states of the EU and other provisions related to data protection is:
 
CECONOMY AG
Kaistr. 3
40221 Düsseldorf
Germany

Phone: 0211 5408-7000
E-mail: info_at_ceconomy.de

You also have the right to contact our external data protection officer directly if you have any questions about data protection:

By post:
Dr Christian Borchers
c/o datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

By e-mail:
MMS-DSB_at_datenschutz-sued.de

We only collect and use personal data from you to the extent necessary to provide a functional website as well as our content and services. In many cases we will only collect and use your personal data with your consent. An exception will apply in cases where prior consent is not possible on objective grounds and the processing of the data is permitted by statutory stipulations.

The security of your personal data is a high priority for us. We therefore use technical and organisational measures to protect the data of yours that we store to prevent loss or abuse by third parties. In particular, the employees of ours who process the personal data have been subjected to the obligation to maintain data secrecy and are required to comply with it. Your personal data is encrypted during transmission for protection; for example, we use SSL (Secure Socket Layer) for communication via your web browser. This can be identified via the padlock icon that your browser displays when an SSL connection is established. To guarantee lasting protection of your data, the technical security measures are regularly reviewed and updated to the latest standards if required. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

We collect, process and use your personal data for the following purposes: 

• Improving the functionality of the website
• Contact us by telephone or e-mail 
• Provision of telemedia

Your personal data may be processed on the following legal grounds: 

• Art. 6 (1) lit. a) GDPR is the legal basis for processing on the basis of consent obtained from you for a specific processing purpose. 
• Art. 6 (1) lit. c) GDPR applies if we are subject to a legal obligation requiring the processing of personal data, for instance to comply with tax-related obligations.
• Art. 6 (1) lit. d) GDPR applies if the processing of personal data is necessary to protect your vital interests or those of another natural person.
• Art. 6 (1) lit. f) GDPR applies in the case of a legitimate interest on our part, e.g. when deploying service providers in the course of order processing, such as when performing statistical surveys and analyses. Our interest is geared towards the use of a user-friendly, attractive and secure presentation and optimisation of our online offering that both serves our commercial interests and also meets your expectations.

We will only process and store your personal data for the period required to perform the purpose for which it is being stored or if this is required by statute or other legal provisions. If the purpose lapses or is completed, your personal data will be deleted or blocked. If it is blocked, erasure will take place as soon as this is no longer precluded by statutory, constitutional or contractual retention periods, there are no grounds to assume that any erasure will be detrimental to your protectable interests and an erasure does not require disproportionate effort due to the special manner in which it is stored.

Every time it is accessed, our website collects a range of general data and information on the basis of Art. 6 (1) lit. f) GDPR, which is stored temporarily in server log files. A log file is produced during the automatic logging process by the computer system performing the processing. The following may be recorded:

• Access to the website (date, time and frequency)
• How you arrived at the website (previous page, hyperlink etc.)
• Quantity of data transmitted
• Which browser and browser version you use
• The operating system you use
• The Internet service provider you use
• The IP address that your Internet access provider assigns your computer during the connection to the Internet

The collection and storage of this data is required to operate the website, to safeguard its functionality and to deliver the content of our website properly. Additionally, the data helps us optimise our website and guarantee the security of our IT systems. For that reason, the data is stored for a maximum of seven days as a technical precaution.

We also use this data for purposes of advertising, market research and the demand-focused presentation of our services by creating and evaluating user profiles under pseudonyms. We will not do so if you make use of your right to object to this use of your data (see notes on the right to object under ‘Your rights’). 

We use cookies, web analysis services and social media plug-ins on our website. These are covered by a separate privacy policy.

a) Contact
If you contact us by telephone or e-mail, we will store the data you provide to us based on Art. 6 (1) lit. b) GDPR in order to answer your questions. The contact is logged to enable us to provide evidence of the contact in accordance with statutory requirements. We will erase the data generated in this context when we have finished the respective conversation with you and the matter in question has been concluded.

b) Miscellaneous
Based on Art. 6 (1) lit. f) GDPR, we use and store your personal data and technical information to the extent necessary to prevent or track abuse or other unlawful conduct on our website, e.g. to maintain data security in the event of attacks on our IT systems. This is also done if we are legally obliged to do so, for instance due to an official or judicial order, and to preserve our rights and claims as well as legal protection.

When passing on your personal data, we always ensure the highest possible level of security. For that reason, we will only pass your data to carefully selected service providers and partner companies under contractual obligations. Also, we will only forward your data to bodies that are located within the European Economic Area and are thus subject to strict EU data protection laws or are obliged to maintain a corresponding level of protection. No data is transferred to third countries at the present time, nor is this planned for the future.

a) Forwarding to service providers pursuant to Art. 6 (1) lit. b) and f) GDPR
A range of service providers act for us in respect of the operation and optimisation of our website and services and also to manage contracts, e.g. for central IT services or the hosting of our website. We forward the data required to perform the requisite task (e.g. IP address) to these companies.

Some of these companies perform data processing on our behalf and are therefore required only to use the data provided in accordance with our instructions. In this case we are responsible by law for adequate data protection provisions at the companies commissioned by us. For that reason we agree concrete data security measures with these companies and monitor them regularly.

b) Passing-on to other third parties in accordance with Art. 6 (1) lit. c) and f) GDPR
Finally, we will pass your data to third parties or public authorities in accordance with applicable data protection legislation if we are legally required to do so under an official or judicial order or if we are entitled to, e.g. because this is required to prosecute criminal acts or to protect and assert our rights and claims.

Naturally, you have rights pertaining to the collection of your data, and we explain these below. If you have general questions about data protection at MediaMarktSaturn or if you would like to exercise your rights* under the GDPR, a simple message will suffice. You can use the following contact details:

By post:
MediaMarktSaturn Retail Group GmbH
- Data Protection Department -
Media-Saturn-Straße 1
85053 Ingolstadt

By e-mail:
datenschutz_at_mediamarktsaturn.com

*For your own protection, when asserting your rights (e.g. requests for information or deletion requests), we are obliged to obtain any further information that may be necessary to confirm your identity, e.g. to prevent personal data from being disclosed to unauthorized persons or to delete such data.

If identification is not possible, we must refuse to process such requests if there is any doubt about your identity.

In addition, you also have the right to contact our external data protection officer directly with any questions regarding data protection:

By post:
Dr. Christian Borchers
c/o datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

By e-mail:
MMS-DSB_at_datenschutz-sued.de

a) Right to be informed
You have the right to request information from us about the personal data stored relating to your person. 

b) Right of rectification
You have the right to demand immediate rectification and/or completion of the personal data relating to you. 

c) Right to restrict processing
You have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data or the processing is unlawful, you have rejected its erasure and we no longer need the data, but you require it to assert, pursue or defend legal claims or you have raised an objection to the processing.

d) Right of erasure 
You have the right to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

e) Right of notification
If you have asserted your right of correction, erasure or restriction of processing, we will notify all recipients to whom you have disclosed the relevant personal data of the correction or erasure of the data or restriction of the processing, unless this turns out to be impossible or would involve disproportionate effort.

f) Right to data portability
You have the right for the personal data that you have provided to us to be passed to you or a third party in a structured, standard and machine-readable format. If you request the direct transfer of the data to a different controller, this will only be done if it is technically feasible.

g) Right to object
If your personal data is being processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f) GDPR, you have the right to raise an objection to the processing under Art. 21 GDPR. 

h) Right to revoke consent
You have the right to withdraw your consent to the collection of data at any time with future effect. This has no bearing on the data collected up to the point at which the revocation takes effect. Please understand that for technical reasons the implementation of your revocation may take some time and you may still receive messages from us during this time.

i) Right to complain to a supervisory authority
If the processing of your personal data breaches data protection law or if your claims under data protection law are otherwise infringed, you can complain to a supervisory authority.

Personal data that we are required to store due to statutory, constitutional or contractual retention periods will be blocked instead of being erased. This prevents it being used for other purposes.

Our website contains links to other companies’ websites. We are not responsible for the data protection provisions on external websites that you can access via these links. Please inform yourself about the privacy policies of these external websites there.

To guarantee that our privacy policy always complies with the latest statutory provisions, we reserve the right to make changes at any time. This also applies in the event that the privacy policy needs to be amended due to new or revised offerings or services. 

The controller as defined in the GDPR, other data protection legislation in the member states of the EU and other provisions related to data protection is:

CECONOMY AG
Kaistr. 3
40221 Düsseldorf
Germany

Phone: 0211 5408-7000
E-mail: info_at_ceconomy.de

For questions related to this data privacy notice or for other questions regarding the processing of your personal data, you may contact the controller’s data protection officer under: datenschutz_at_ceconomy.de.

For circulating mailings as part of our corporate communication and the creation and maintenance of related mailing lists, CECONOMY AG processes the following information: name, email-address, address and potentially additional information such as telephone numbers.

The data processing is legitimated by article 6 para. 1 lit a) and f) GDPR and is based on your consent and / or CECONOMY’s legitimate interests regarding an efficient and appropriate corporate communication.

Personal data will be stored for as long as it is necessary for the purposes of corporate communication or will be deleted prior to that should you have informed us that you do not wish to receive mailings any longer.

You have a right to information about your personal data. Additionally, under certain conditions, you have the right to correction or deletion of your personal data, to restriction of processing and of data transferability, as well as a right to object to the processing.

You have the right to complain to the abovementioned Data Protection Officer of CECONOMY AG or the responsible supervisory authority. The supervisory authority responsible for CECONOMY AG is

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(The North Rhine-Westphalia Commissioner for Data protection and Freedom of Information)
Postbox 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle_at_ldi.nrw.de