Here you will find the data protection notice on the processing of our shareholders’ personal data (160 KB, PDF file).
1.2 Data controller
Deutsche EuroShop AG
Tel.: +49 (0)40 41 35 79-0
1. The GDPR is the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
2. Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (Article 4 (9) GDPR). Recipients may include newsletter service providers that send newsletters on our behalf to the email addresses that we provide.
3. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR). Personal data may include a person’s name and contact details.
5. Processing means any collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data (Article 4 (2) GDPR). Processing may include the collection and use of your contact details to respond to your inquiry.
2.1. Processing of your data when you visit our website
When you access this website to find out about our business activities and our investments without actively providing us with information (purely informative usage), we process your personal data. Your personal data is processed for the following purposes and on the following legal bases:
2.1.1. Processing for the purpose of operating the website and ensuring IT security
1. When you visit our website, we process your personal data that is required for technical reasons to provide our website to you and to guarantee its stability and security during your visit. We process the following personal data for this purpose:
2. We process your personal data on the basis of our legitimate interest in providing you with information on our business activities and investments on this website and guaranteeing IT security during your visit to this website, pursuant to Article 6 (1) (f) GDPR.
2.1.2. Processing for analytical purposes
1. In some circumstances, when you visit this website, we observe and document the way in which you use the website, for example the way you navigate the website. For this purpose we process the personal data listed in 2.1.1.
2. The legal basis for our processing of your personal data for this purpose is our legitimate interest in carrying out analyses and using these analyses to improve our website and services for you, and in preventing fraud, pursuant to Article 6 (1) (f) GDPR
1. Cookies are stored on your computer when you use this website. Cookies are small text files that are allocated to the web browser you use and stored on your hard drive and that are used by the body that places the cookie to collect certain information. Cookies are not able to execute programs or transmit viruses to your computer. They are used to improve the overall user experience and effectiveness of the internet offering.
2.2. Newsletter distribution
1. You may sign up for our newsletters. When signing up, we require you to enter your email address. We will send a confirmation email to the email address that you provide. Your sign-up is not completed until you click on the link contained in this email.
2. We process your personal data in this regard for marketing purposes on the basis of your consent as provided for in Article 6 (1) (a) GDPR.
2.3. Comments and posts
1. You may leave comments on some of our articles. After moderation, we publish your comments and other posts. We reserve the right not to publish your comments or other posts. We will contact you if we have any queries regarding your comments or other posts, or if we wish to verify their authenticity. Therefore, if you do not provide your email address we may not be able to publish your comment or other post.
2. We process your personal data in this regard for the purpose of supporting your use of the comment function, pursuant to Article 6 (1) (b) GDPR.
2.4. Communication on social media
1. We maintain a presence on various social medial channels (currently Facebook, Twitter, Flickr, Google+, SlideShare and YouTube) on which we regularly publish reports and photographs and other media to inform you about our business activities and investments. You can use the social media channels to react to our posts and communicate with us.
2. When you do this we may process your personal data in our legitimate interest, to respond to your comments, questions and suggestions and to advertise our business activities and investments, pursuant to Article 6 (1) (f) GDPR.
3. Your use of Facebook, Instagram, Twitter, Flickr, Google+, SlideShare and YouTube is governed by the Privacy Policies of the appropriate social media channel. Please see the corresponding privacy policies:
2.5. Social media buttons
1. Our website provides social media buttons (e.g. Facebook, Twitter and Google+ “share” buttons). These are not the vendor’s own social plugins, but dummy buttons. These are only activated and a direct connection created between your browser and the corresponding social media platform when you click on the button. We have therefore deployed a data-minimising solution that does not send unsolicited personal data to social media platforms. When you click on the social media button and not before, the URL of the page that you wish to share is sent to the operator of the social media platform.
2. We process your personal data to increase the range of our offering. Your personal data is processed for the purpose of providing the corresponding social media functionality on the basis of Article 6 (1) (b) GDPR.
3. Please see the corresponding Privacy Policies of the various social media providers for further details:
1. Our website uses YouTube plugins. When you visit our website, a connection is created to the YouTube server informing the YouTube server which of our pages you are visiting. If you have a YouTube account and are logged in on YouTube when visiting our website, your navigation of our website can be directly attributed to your personal profile. We process:
2. You can prevent your navigation of our website from being associated with your personal YouTube profile by logging out of your account first.
3. We process your personal data to increase the range of our offering. Your personal data will be processed in pursuit of our legitimate interest in carrying out marketing activities pursuant to Article 6 (1) (f) GDPR.
2.7. Google Maps
1. This website uses Google Maps to display maps and create travel directions. When using Google Maps, information about your use of our website (including your IP address) may be sent to Google’s servers. If you have a Google account and are logged in there when using our website, this information will be directly associated with your personal profile. We process:
2. You can prevent your navigation of our website from being associated with your personal Google account by logging out of your account first.
3. Your personal data will be processed in pursuit of our legitimate interest in providing directions to our locations through our website pursuant to Article 6 (1) (f) GDPR.
2.8. Provision of reports
You can order individual annual reports for delivery by post through our website and/or request to automatically receive a copy every year. We process your personal data in this regard for marketing purposes on the basis of your consent as provided for in Article 6 (1) (a) GDPR.
2.9. Google reCaptcha
We use the Google Inc. (Google) reCAPTCHA service to protect your orders sent via the web form. This query is used to determine whether the order form has been submitted by a human or has been misused by an automated, computer-based process. The reCAPTCHA query transmits your IP address and further data that may be required by Google for the service to Google. Your inputs are transmitted to Google for this purpose, where they are processed further. Within the Member States of the European Union or another Signatory State to the Agreement on the European Economic Area, your IP address will be truncated by Google before transmission. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. Google will use this information on behalf of the operator of this website to evaluate your use of the service. The IP address transmitted from your web browser in the reCAPTCHA process will not be merged with other data held by Google. This data is covered by Google’s variant data protection provisions. Further information about Google’s privacy policies can be found at: https://www.google.com/intl/en/policies/privacy/. Some of the functions on this website will not work without the reCAPTCHA function. While the use of reCAPTCHA is not required by law or contract, we want to effectively protect you and ourselves against fraud.
1. If you have questions about Deutsche EuroShop AG and our business activities and investments, you can contact our Investor & Public Relations department. You may contact us by telephone, social media, in writing or using the contact form on our website. We will process your personal data in accordance with your query. Where necessary, we may also use personal data that has been stored in our system from other data processing.
2. Your personal data (e.g. contact information) will be processed, according to your query, for the purpose of pursuing, executing or carrying out a contract with you on the basis of Article 6 (1) (b) GDPR, to comply with our legal obligations towards you on the basis of Article 6 (1) (c) GDPR and/or on the basis of our legitimate interest in responding to your query on the basis of Article 6 (1) (f) GDPR.
2.11. Compliance audits and measures and internal auditing
1. Your personal data may be processed in Germany and abroad in the scope of audits carried out within Deutsche EuroShop AG.
2. Such processing of your data may also take place if we carry out compliance programmes and measures to identify and correct misconduct within the company.
3. Your personal data may also be processed as part of this data processing. We process your personal data in this regard for the purpose of meeting our statutory obligations, pursuant to Article 6 (1) (c) GDPR. Furthermore, we process your personal data for the purpose of our legitimate interest in auditing the workflows and efficiency of Deutsche EuroShop AG, correcting misconduct and preventing fraud, and to enforce or defend our rights, pursuant to Article 6 (1) (f) GDPR.
1. We store your personal data for as long as necessary and to the extent that it is required for the purposes (section 2) for which it is being processed.
2. If your personal data is no longer necessary for the processing purposes, we will only store your personal data while you are able to make claims against us or we against you (for example a statutory retention period of typically three years starting with the end of the year in which the claim arises, pursuant, for example, to Sections 195, 199 of the German Civil Code (BGB)).
3. Furthermore, we will store your personal data for as long as and to the extent that we are required to do so by the law.
1. In the scope of our business activity we use external IT service providers that provide us with platforms, databases, tools, etc., for our services (e.g. our website, a range of contact options or marketing measures) and that process personal data on our behalf. We select external services providers with care and conclude written contracts with them. They are bound by our instructions and we check them on a regular basis. All systems in which your personal data is stored and to which external service providers have access are protected by password and only accessible to a restricted group of people who require access to the data for purposes authorised by you. In this context, where data is transferred to and processed by external service providers we ensure within the statutory provisions that the data is processed, used and transferred in accordance with this policy.
2. The use of Google reCAPTCHA may involve the transfer of your personal data to the USA. Your personal data will be transferred in pursuit of our legitimate interest in fraud prevention pursuant to Article 6 (1) (f) GDPR.
3. In conjunction with the use of social media buttons, your personal data is transferred to the USA for the purpose of providing the corresponding social media functionality on the basis of Article 6 (1) (b) GDPR.
4. In conjunction with the use of YouTube, your personal data is transferred to the USA in pursuit of our legitimate interest in carrying out marketing activities pursuant to Article 6 (1) (f) GDPR.
5. In conjunction with the use of Google Maps, your personal data is transferred to the USA in pursuit of our legitimate interest in showing route directions on our website pursuant to Article 6 (1) (f) GDPR.
7. In order to carry out audits in some circumstances we may transfer your personal data in order to meet our legal obligations on the basis of Article 6 (1) (c) GDPR and in our legitimate interest in auditing the workflows and efficiency of Deutsche EuroShop AG, correcting misconduct and preventing fraud, and/or to enforce or defend our rights, pursuant to Article 6 (1) (f) GDPR.
8. We will only transfer your personal data if and to the extent that a legal obligation to transfer requires us to do so. Data is transferred pursuant to Article 6 (1) (c) GDPR.
1. If you have granted your consent for us to process your personal data, you are entitled to withdraw such consent at any time. The withdrawal of consent shall apply to the future. The legality of the processing of your personal data shall remain unaffected up to the time of withdrawal. Please submit your withdrawal in writing, by telephone or email to
Deutsche EuroShop AG
Tel.: +49 (0)40 41 35 79-0
2. If you withdraw your consent, we will process the personal data concerning you which we collected in connection with this in order to respond to your enquiry. Your personal data will be processed in order to comply with a legal obligation based on Article 6 (1) (c) GDPR.
1. In accordance with the GDPR, you may at any time request that we
2. If you have an enquiry regarding one of the issues addressed in section 1, please send it
3. If you assert your rights towards us, we will process your personal data which we collected in connection with this in order to respond to your inquiry. Your personal data will be processed in order to comply with a legal obligation based on article 6 (1) (c) GDPR.
4. Without prejudice to your rights as defined in section 7, you have the right to lodge a complaint with the data protection authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR).
Here you will find the data protection notice on the processing of our shareholders’ personal data
(70 KB, PDF file).