1.1 Controller within the meaning of the GDPR is the Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf (“H.d“, “we“ or “us“). For certain processing activities in connection with the Services, our Affiliates act as the data controller jointly with us. You may find a list of our Affiliates here. Your personal data will only be processed by the Affiliate which is located at your place of business.
1.2 If you have any questions regarding the protection of personal data, you may contact our Data Protection Officer using the following contact details: Hospitality Digital GmbH, Data Protection Officer, Metro-Straße 1, 40235 Düsseldorf, email: email@example.com. The contact details of our Affiliates’ data protection officers can be found here.
2.1 When you access and use our website via your terminal device (this may be your computer, your mobile phone or a comparable internet-enabled terminal device), we process personal data automatically. This includes
• the IP address currently used by your terminal device,
• date and time when the website was accessed,
• the browser type and the operating system of your terminal device;
• the initial website from which you accessed our website and
• the sub-pages visited on our website.
3.1 To enable the website to function properly, we use technically necessary Cookies, for example to store language settings and log-in information. The legal basis for the processing of technically necessary Cookies is Article 6 para. 1 sentence 1 letter f) GDPR. The functionality of our website is a legitimate interest.
3.2 We use analysis Cookies that allow us to track your use of our website, e.g. which third-party website you came from, which sub-pages of our website you visit and which links you clicked on and how often. The data collected about you in this way is pseudonymised by us through technical precautions. After pseudonymization, direct assignment of the data to the User is no longer possible. The data will not be stored together with other personal data. The use of analysis Cookies serves to improve our website and the content offered there. By accepting our "Cookie banner", you consent to the processing of your personal data through analysis Cookies. These personal data are processed on the basis of Article 6 para. 1 sentence 1 letter a) GDPR. We use the following analysis Cookies:
4.1 Accessing our website is initially possible without registering for our Services.
4.2 However, if you wish to use our Services (see in detail our General Terms and Conditions), registration is mandatory. Upon successful registration, an agreement regarding the use of our Services is concluded between you and H.d.
4.3 Please note that registration for our Services is only possible if you have an account on DISH, a platform provided by DISH Plus GmbH, Metro-Straße 1, 40235 Düsseldorf, Germany. You may find information on how DISH processes personal data in the privacy section under www.dish.co.
4.4 Once you have successfully registered on DISH, we will inform you regularly by email, via push notifications (DISH App) and/or SMS about current offers, products and promotions in accordance with the prerequisites of Article 7 Paragraph 3 of the German Unfair Competition Act. This marketing communication can also contain offers, products and promotions which have been made available to us by our marketing partners from the digitalization and catering industries. However, your email address, cell phone number or other personal data will not be transferred on to our marketing partners in this context. The personal data collected within the framework of the registration will only be used for the purpose of sending newsletters / push notifications to your email address and cell phone number /SMS and will only then be processed when you have given your consent to this data processing. Processing will be executed on the basis of Article 6 Paragraph 1 S. 1 Lit. a) GDPR.
4.5 You may object to your cell phone number and email address being utilized for the purposes set out in 4.4. at any time by using the respective unsubscribe function provided. There will not be any other costs for the revocation apart from the transmission costs according to the basic tariffs.
5.1 We will process the personal data that you have provided during the registration process (see Section 4) and any further personal data that you might provide during the term of the contract (for example additional information on your business or the information when you have used the Software) in order to be able to offer the Services to you, especially to provide the Storage Space, the Software, the claiming services, the Sub-Domain and the Consulting Services as well as Additional Services. In case the customer decides to use the claiming service, H.d will transmit information about customer’s business local availability (i.e. details about the local and time-specific availability, e.g. company’s address and opening hours) to third-party providers which may publish this information (see in detail our General Terms and Conditions).
5.2 To provide the Consulting Services to you, the personal data that you have provided during the registration process (see Section 4) and any further personal data that you might provide during the term of the contract will be processed by our Affiliate based at your location of business (see Section 1.1). The Consulting Services include, inter alia, services regarding the initial setup of the Software, the best possible long-term use of the Software (e.g. which features to add) and how such use may improve your overall business situation. Consulting Services may further include the recommendation of additional tools and services to you which correspond to the Software.
5.3 We and our Affiliates also process your data in order to send you contract-related information by email, SMS or conventional mail or to contact you to arrange appointments for on-premises visits which are necessary to provide the Services, especially the Consulting Services (for example to help you with installing the Software).
5.4 The processing of personal data described in this Section 5 is necessary for the performance of the contract and in order to be able to provide the Services. The legal basis is Article 6 para. 1 sentence 1 letter b) GDPR.
6.1 Our Affiliates will process the personal data that you have provided during the registration process (see Section 4) and any further personal data that you might provide during the term to check and verify whether you might already have an existing separate contractual relationship with such Affiliate (for example because you are a METRO/MAKRO customer, such contractual relationship being the “Affiliate Contract”).
6.2 In case of an existing Affiliate Contract, our Affiliate will process your personal data to update and enrich your existing customer master data and contact data to ensure data accuracy.
6.3 Our Affiliate will furthermore process your personal data to optimize the customer relationship with you in order to improve your customer experience. This may include recommendations on how the Services might, at best, integrate with other tools and services you make use of (for example modifications of your menu). For these purposes, our affiliate might merge data it has received under the Affiliate Contract with personal data received in connection with the Services.
6.4 We also use your personal data to analyze your usage of the Services (for example how often you log in to the Software). This enables us to determine which parts of the Services are of particular interest to you.
6.5 The processing of personal data described in this Section 6.1 – 6.4 is necessary (1) for the performance of the contract and in order to be able to provide the Services and (2) for the purposes of legitimate interest pursued by us and our Affiliates. The legal basis is Article 6 para. 1 sentence 1 letter b) GDPR as well as Article 6 para. 1 sentence 1 letter f) GDPR. The processing serves our legitimate interest to improve the service and to offer you the best possible customer experience.
6.6 Your personal data will only be used for direct marketing via email/sms or by other electronic means in case you have consented to such use. In this case the legal basis is Article 6 para. 1 sentence 1 letter a) GDPR.
Together with our Affiliates we decided to jointly provide you with certain Services to facilitate and enhance your business (the responsible Affiliate is determined by the location of your business and can be found in the Annex to these Data Protection Notices). Therefore we are both responsible for the processing of your data describe further above. More information on our joint controllership can be found here.
You can contact us through various channels:
8.1 You can use the contact form on our website to contact us for a request. The personal data you enter in the contact form (your first and last name, your email address and details of the nature of your request are required) will only be processed for the purpose of responding to your enquiry and only if you have clicked on the "Send" button. Your IP address and the time of sending your request will also be stored. Processing is carried out on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
8.2 You can also contact us by telephone or email. In this respect, too, only the personal data required to respond to your enquiry will be processed. Processing is carried out on the basis of Article 6 para. 1 sentence 1 letter a) GDPR.
8.3 You can object to the storage of your data at any time, for example by email to firstname.lastname@example.org. In this case, however, further processing of your request is not possible. Furthermore, the revocation has no effect on the legality of the processing of your data until then.
9.1 To process personal data, we use service providers with whom we have concluded an agreement for order processing in accordance with the legal requirements of Article 28 GDPR, provided that they act as processors. Such service providers support us, for example, in sending emails or in the technical operation and hosting of the website. These service providers can be based both inside and outside the European Union or the European Economic Area. Through contractual agreements with the service providers, we ensure that these personal data are processed in accordance with the requirements of the GDPR, even if the data processing takes place outside the European Union or the European Economic Area in countries where an appropriate level of data protection is otherwise not guaranteed and for which no adequacy decision of the European Commission exists. For further information on the existence of a European Commission adequacy decision and appropriate guarantees and to obtain a copy of these guarantees, please contact our Data Protection Officer at email@example.com.
9.2 In case we transfer our rights and obligations from the agreement of use with you to an Affiliate (for details, please see our relevant GTC), we will transfer to such Affiliate the information required for the further performance of the contract or, respectively, the exercise of legal rights and discharge of duties. The legal basis for this is Article 6(1))
9.3 If necessary to find out if the Software has been abused and a legal prosecution might be necessary or a legal obligation for disclosure exists, personal data are passed on to authorities (in particular prosecution authorities and tax authorities), our legal defense as well as, if necessary, to damaged third parties. A disclosure may also take place if this serves to enforce our General Terms and Conditions or other agreements or is required by a legal or official order or a court order. The legal basis for processing is Article. 6 para. 1 sentence 1 letter f) GDPR, for example if the disclosure is necessary for a legal dispute, or Article 6 para. 1 sentence 1 letter c) GDPR, insofar as a statutory obligation exists. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The personal data collected in connection with the Services will be stored by us until the contract between you and us is terminated (see our General Terms and Conditions in detail). After termination of the contract your customer account and all relating personal data will be deleted. If we are legally obliged to keep certain personal data collected in connection with the Services even after termination of the contract, we will delete this data as soon as the retention periods have expired.
We use technical and organizational measures to ensure that User‘s personal data are protected against loss, incorrect changes or unauthorized access by third parties. To ensure secure data transmission, the transmission of data is done exclusively via “Secure Socket Layer (SSL)”.
As a data subject within the meaning of the GDPR, you are entitled to the following rights:
• The right to obtain information on data processing and a copy of the data processed (right of access, Article 15 GDPR),
• the right to request the rectification of inaccurate data or the completion of incomplete data (right of rectification, Article 16 GDPR),
• the right to request the deletion of personal data and, if the personal data have been published, the information to other data controllers on the request for deletion (right of erasure, Article 17 GDPR),
• the right to request the restriction of data processing (right to restriction of processing, Art. 18 GDPR),
• the right to receive personal data in a structured, commonly used and machine-readable format and to request the transfer of such data to another controller (right to data portability, Article 20 GDPR),
• the right to object to data processing in order to prevent it (right of objection, Article 21 GDPR),
• the right to obtain information about the essential aspects of the joint data controllership agreement where roles and responsibilities of each joint Data Controller regarding the processing of personal data and the mechanisms and procedures for the exercise of the data subjects rights in terms of data protection are regulated (Article 26 para.2 GDPR),
• the right to withdraw your consent at any time in order to prevent the processing of data based on your consent. The withdrawal has no influence on the legality of the processing on the basis of the consent before the withdrawal (right of revocation, Article 7 GDPR) as well as
• the right to object to certain data processing measures (Article 21 GDPR).
You also have the right to lodge a complaint with a supervisory authority if you believe that data processing infringes the GDPR (right of appeal to a supervisory authority, Article 77 GDPR).
Status: November 2019
|METRO Cash & Carry Österreich GmbH||A1 Telekom Austria AG||MAKRO Cash & Carry Belgium NV||METRO C&C Zagreb d.o.o.|
|Metro Platz 1||Lassallestraße 9||Nijverheidsstraat 70||Jankomir 31|
|2331 Vösendorf||1020 Wien||2160 Wommelgem||10090 Zagreb - Susedgrad|
|MAKRO Cash & Carry CR s.r.o.||METRO Cash & Carry France SAS||METRO Deutschland GmbH||paytec GmbH|
|Jeremiásova 7/1249||5 rue des Grands Prés||Metro-Straße 8||Gewerbestr. 52|
|15500 Praha 5||92024 Nanterre Cedex||40235 Düsseldorf||82211 Herrsching|
|METRO Kereskedelmi Kft.||METRO Italia Cash and Carry S.p.A.||MAKRO Cash & Carry Nederland B.V.||MAKRO Cash and Carry Polska S.A.|
|Budapark, Keleti 3||Via XXV Aprile, 23||De Flinesstraat 9||Al. Krakowska 61|
|2041 Budaörs||20097 San DonatoMilanese||1114 AL Amsterdam-Duivendrecht||02-183 Warszawa|
|MAKRO Cash & Carry Portugal, S.A.||METRO Cash & Carry Romania srl||METRO Cash & Carry OOO||METRO Cash & Carry Slovakia, s.r.o.|
|Rua Quinta do Paizinho, 1||51 N Theodor Pallady Blvd||Leningradskoye Shosse, 71 G, bld 2||Senecká cesta 1881|
|Portela de Carnaxide||Building C6, Frame A, Sector 3||125445 Moscow||900 28 Ivanka Pri Dunaji|
|MAKRO España||METRO Grosmarket Bakirköy Alisveris||METRO C&C Ukraine Ltd.|
|Paseo Imperial, 40||Hizmetleri Ticaret Sirketi Ltd. Sti.||43, Petra Grygorenka Street|
|28005 Madrid||Kocman Caddesi||02140 Kiev|
|34540 Günesli-Bakirköy (Istanbul)|