Data Protection Notices
1. General Information
Thank you for your interest in our website and our online services. Data is the basis for us to provide an excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect from us is our highest priority. Therefore the following data protection notices are designed to inform you about the processing of your personal data and your rights regarding this processing according to the General Data Protection Regulation (“GDPR”) and Swiss data protection laws.
We, the METRO International AG, Neuhofstrasse 4, 6340 Baar, Switzerland are the controller according to the GDPR and therefore responsible for the data processing explained herein.
c) Data Protection Officer
You can contact our data protection officer at any time by using the following contact details:
- METRO International AG, Data Protection Officer, Neuhofstrasse 4, 6340 Baar, Phone: +41 41 768 72 52, E-Mail: firstname.lastname@example.org.
2. Processing of Personal Data During Your Use of Our Website
Your visit to our website and use of our online services will be logged. The IP address currently used by your terminal device (for example your computer or your mobile phone), date and time, the browser type and operating system of your terminal device and the pages accessed are recorded. This data is collected for the purposes of data security and to optimize and to improve our online services. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter f) GDPR. It is in our legitimate interest to protect our website and to improve our services. Any other processing of the data, with the exception of for statistical purposes in anonymous form, is only carried out within the scope of this data protection notices. Beyond that, personal data is only stored if you provide it to us of your own account, e.g. as part of a registration, a survey, an online application or for the performance of a contract. We have taken appropriate technical precautions to ensure that the data is encrypted during the login process for registration or other services, i.e. protected from unauthorized access. Further information, in particular about the technologies we use, may be found below.
b) Contact Form
You can use the contact form on our website:
to contact us for any request. The personal data that you typed into the contact form will only be processed for the purpose of answering your request and only if you have given your consent to the data processing. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR.
c) Customer Account Registration
If you wish, you can create a customer account on our website by using the link. A customer account is not mandatory to use our online shop, but if you create a customer account, you will not have to send us your personal data at every time you are using our online shop. If you fill out the registration form and submit your personal data to us, you will receive a user name and a password from us by E-Mail to the E-Mail Address you have given us. To finish the account registration, you need to click the link “activate account” within this E-Mail. With your user name and password, you will be able to log into your account to use it. The personal data that you typed into the registration form will only be processed for the purpose of creating and maintaining your customer account and only if you have given your consent to the data processing. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR. The provision of your personal data is voluntary. You are neither obliged to provide your personal data to us, nor is this provision necessary to fulfill a statutory or contractual requirement or a requirement necessary to enter into a contract. If you do not provide your personal data to us, this will not result in any consequences for you, except that we will not be able to register a customer account for you. Your personal data will only be stored until you deactivate your account. You can deactivate your account by clicking the link “deactivate account”, which you find in the account menu after you have logged into your account. If you deactivate your account, your personal data will be deleted without undue delay. Please note that you will not be able to use your customer account anymore, after it has been deactivated.
d) Cookies and Tracking
In order to make your visit to our website more appealing and to enable the use of certain functions, we use so-called “cookies” on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies to recognize your browser on your next visit (persistent cookies). You can set your browser in such a way that you are informed about the setting of cookies separately and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. For more information, see the help function of your Internet browser. If cookies are not accepted, the functionality of our website may be limited. In the following we will deal with specific cookies.
We distinguish between necessary cookies and promotional cookies. Necessary cookies are required for proper operation of our website. Rejecting these cookies will change your user experience while browsing our website and certain services on our website will therefore not be usable.
Promotional cookies are described hereinafter. By accepting our “cookie-banner”, you consent to the processing of data through these cookies. The processing is legally based on Art. 6 paragraph 1 sentence 1 letter a) GDPR.
d1) Google Analytics
e) Data Recipients
We are part of the METRO Group, which is internationally active. To achieve the purposes mentioned above under 2.a) and b), we use service providers, i.e. as data processors according to Art. 28 GDPR, for example our service providers for cloud hosting, platform and maintenance services, for the sending of e-mails and SMS, for customer service and for contact by telephone or for personalized advertising. These are external service providers and also service providers within the METRO Group, like METRO Group shared service centers, which are located in countries within and outside the European Union (EU) and the European Economic Area (EEA) (i.e. the international data center of the METRO Group, which is operated by the METRO Systems GmbH). We ensure i.e. by contractual regulations, that these service providers process personal data in accordance with European data protection law to guarantee a high data protection level, even if personal data are transferred into a country, in which another data protection level is common and for which no adequacy decision of the Commission of the EU exists. Another transfer of personal data to other recipients is not performed, except where we are obliged to do so by law. For more information about appropriate safeguards for the international data transfer or a copy of them, please contact our data protection officer via e-mail under: email@example.com.
f) Mandatory/Voluntary Data Provision and Retention Period
The provision of your personal data is voluntary. You are neither obliged to provide your personal data to us, nor is this provision necessary to fulfill a statutory or contractual requirement for the performance of the contract). If you do not provide your personal data to us, this will not result in any consequences for you, except that you will not be able to use our services. Personal data provided to us via our website will only be stored until the purpose for which they were processed has been fulfilled. Insofar as retention periods under commercial and tax law have to be observed, the storage period for certain data can be up to 10 years. Deviating storage periods may also arise due to a legitimate interest of METRO (e.g. to guarantee data security, to prevent misuse or to prosecute criminal offenders). Data that we have to store due to legal, statutory or contractual storage obligations will be blocked.
3. Your Rights
As a data subject, you can contact our data protection officer at any time with a formless notification under the contact dates mentioned above under 1. c) to exercise your rights according to the GDPR. These rights are the following:
- The right to receive information about the data processing and a copy of the processed data (right to access, Art. 15 GDPR),
- The right to demand the rectification of inaccurate data or the completion of incomplete data (right to rectification, Art. 16 GDPR),
- The right to demand the erasure of personal data and, in case the personal data have been made public, the information towards other controllers about the request of erasure (right to erasure, Art. 17 GDPR),
- The right to demand the restriction of the data processing (right to restriction of processing, Art. 18 GDPR),
- The right to receive the personal data concerning the data subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller (right to data portability, Art. 20 GDPR),
- The right to object the data processing in order to stop it (right to object, Art. 21 GDPR),
- The right to withdraw a given consent at any time to stop a data processing that is based on your consent. The withdrawal will not affect the lawfulness of the processing based on the consent before the withdrawal (right to withdraw consent, Art. 7 GDPR).
- The right to lodge a complaint with a supervisory authority if you consider the data processing to be an infringement of the GDPR (right to lodge a complaint with a supervisory authority, Art. 77 GDPR)