Deutsche EuroShop

The Shopping Center Company

Privacy Policy for Deutsche EuroShop AG

You will find our Website Cookie Policy here.

Here you will find the data protection notice on the processing of our shareholders’ personal data (160 KB, PDF file).


 

(Version 1.3)


This privacy policy provides details on the processing of your personal data when you visit and use the website of Deutsche EuroShop AG (hereinafter “we” or “us”) and in respect of our marketing activities on our own web pages and on websites operated by third parties and on social media pursuant to the General Data Protection Regulation (hereinafter “GDPR”).

 

1.     Scope, data controller and definitions

 

1.1              Scope

1.       This privacy policy applies to visits to and the use of our website (accessible at www.deutsche-euroshop.com) and to marketing activities on our website, third-party websites and social media occurring in conjunction with these visits and use.

2.       You can access, save and print out this privacy policy free of charge at any time by visiting the link www.deutsche-euroshop.com/privacy

 

1.2              Data controller

Deutsche EuroShop AG

Heegbarg 36

D-22391 Hamburg

Germany

Email: info@deutsche-euroshop.de

Tel.: +49 (0)40 41 35 79-0

 

1.3              Definitions

This privacy policy uses the following terminology which we have defined for easier understanding:

1.       The GDPR is the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

2.       Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (Article 4 (9) GDPR). Recipients may include newsletter service providers that send newsletters on our behalf to the email addresses that we provide.

3.       Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4 (1) GDPR). Personal data may include a person’s name and contact details.

4.       Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the data processing described in this privacy policy, the data controller is Deutsche EuroShop AG (section 1.2).

5.       Processing means any collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data (Article 4 (2) GDPR). Processing may include the collection and use of your contact details to respond to your inquiry.

 

2.     Purpose of and legal basis for processing your personal data

 

2.1.            Processing of your data when you visit our website

When you access this website to find out about our business activities and our investments without actively providing us with information (purely informative usage), we process your personal data. Your personal data is processed for the following purposes and on the following legal bases:

2.1.1.      Processing for the purpose of operating the website and ensuring IT security

1.       When you visit our website, we process your personal data that is required for technical reasons to provide our website to you and to guarantee its stability and security during your visit. We process the following personal data for this purpose:

  • IP address
  • URL requested
  • Date and time of the request
  • Previous URL
  • Notification that the request succeeded
  • Identification of your web browser and operating system
  • The volume of data transmitted
  • Cookies (see 2.1.3)

2.       We process your personal data on the basis of our legitimate interest in providing you with information on our business activities and investments on this website and guaranteeing IT security during your visit to this website, pursuant to Article 6 (1) (f) GDPR.

2.1.2.      Processing for analytical purposes

1.       In some circumstances, when you visit this website, we observe and document the way in which you use the website, for example the way you navigate the website. For this purpose we process the personal data listed in 2.1.1.

2.       The legal basis for our processing of your personal data for this purpose is our legitimate interest in carrying out analyses and using these analyses to improve our website and services for you, and in preventing fraud, pursuant to Article 6 (1) (f) GDPR

2.1.3.      Use of cookies

1.       Cookies are stored on your computer when you use this website. Cookies are small text files that are allocated to the web browser you use and stored on your hard drive and that are used by the body that places the cookie to collect certain information. Cookies are not able to execute programs or transmit viruses to your computer. They are used to improve the overall user experience and effectiveness of the internet offering.

2.       The Deutsche EuroShop AG Cookie Policy applies to the use of this website (see Website Cookie Policy). 

2.2.            Newsletter distribution

1.       You may sign up for our newsletters. When signing up, we require you to enter your email address. We will send a confirmation email to the email address that you provide. Your sign-up is not completed until you click on the link contained in this email.

2.       We process your personal data in this regard for marketing purposes on the basis of your consent as provided for in Article 6 (1) (a) GDPR.

2.3.            Comments and posts

1.       You may leave comments on some of our articles. After moderation, we publish your comments and other posts. We reserve the right not to publish your comments or other posts. We will contact you if we have any queries regarding your comments or other posts, or if we wish to verify their authenticity. Therefore, if you do not provide your email address we may not be able to publish your comment or other post.

2.       We process your personal data in this regard for the purpose of supporting your use of the comment function, pursuant to Article 6 (1) (b) GDPR.

2.4.            Communication on social media

1.       We maintain a presence on various social medial channels (currently Facebook, Twitter, Flickr, Google+, SlideShare and YouTube) on which we regularly publish reports and photographs and other media to inform you about our business activities and investments. You can use the social media channels to react to our posts and communicate with us.

2.       When you do this we may process your personal data in our legitimate interest, to respond to your comments, questions and suggestions and to advertise our business activities and investments, pursuant to Article 6 (1) (f) GDPR.

3.       Your use of Facebook, Instagram, Twitter, Flickr, Google+, SlideShare and YouTube is governed by the Privacy Policies of the appropriate social media channel. Please see the corresponding privacy policies:

2.5.            Social media buttons

1.       Our website provides social media buttons (e.g. Facebook, Twitter and Google+ “share” buttons). These are not the vendor’s own social plugins, but dummy buttons. These are only activated and a direct connection created between your browser and the corresponding social media platform when you click on the button. We have therefore deployed a data-minimising solution that does not send unsolicited personal data to social media platforms. When you click on the social media button and not before, the URL of the page that you wish to share is sent to the operator of the social media platform.

2.       We process your personal data to increase the range of our offering. Your personal data is processed for the purpose of providing the corresponding social media functionality on the basis of Article 6 (1) (b) GDPR.

3.       Please see the corresponding Privacy Policies of the various social media providers for further details:

2.6.            YouTube

1.       Our website uses YouTube plugins. When you visit our website, a connection is created to the YouTube server informing the YouTube server which of our pages you are visiting. If you have a YouTube account and are logged in on YouTube when visiting our website, your navigation of our website can be directly attributed to your personal profile. We process:

  • Your IP address;
  • The URL of the web page being accessed;
  • Date and time of the request

2.       You can prevent your navigation of our website from being associated with your personal YouTube profile by logging out of your account first.

3.       We process your personal data to increase the range of our offering. Your personal data will be processed in pursuit of our legitimate interest in carrying out marketing activities pursuant to Article 6 (1) (f) GDPR.

4.       Please see the YouTube Privacy Policy for further details on the processing of your data: 

2.7.            Google Maps

1.       This website uses Google Maps to display maps and create travel directions. When using Google Maps, information about your use of our website (including your IP address) may be sent to Google’s servers. If you have a Google account and are logged in there when using our website, this information will be directly associated with your personal profile. We process:

  • Your IP address;
  • The URL of the web page being accessed;
  • Date and time of the request

2.       You can prevent your navigation of our website from being associated with your personal Google account by logging out of your account first.

3.       Your personal data will be processed in pursuit of our legitimate interest in providing directions to our locations through our website pursuant to Article 6 (1) (f) GDPR.

4.       Please see the Google Maps Privacy Policy for further details on the processing of your data: 

2.8.            Provision of reports

You can order individual annual reports for delivery by post through our website and/or request to automatically receive a copy every year. We process your personal data in this regard for marketing purposes on the basis of your consent as provided for in Article 6 (1) (a) GDPR.

2.9.            Google reCaptcha

We use the Google Inc. (Google) reCAPTCHA service to protect your orders sent via the web form. This query is used to determine whether the order form has been submitted by a human or has been misused by an automated, computer-based process. The reCAPTCHA query transmits your IP address and further data that may be required by Google for the service to Google. Your inputs are transmitted to Google for this purpose, where they are processed further. Within the Member States of the European Union or another Signatory State to the Agreement on the European Economic Area, your IP address will be truncated by Google before transmission. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. Google will use this information on behalf of the operator of this website to evaluate your use of the service. The IP address transmitted from your web browser in the reCAPTCHA process will not be merged with other data held by Google. This data is covered by Google’s variant data protection provisions. Further information about Google’s privacy policies can be found at: https://www.google.com/intl/en/policies/privacy/. Some of the functions on this website will not work without the reCAPTCHA function. While the use of reCAPTCHA is not required by law or contract, we want to effectively protect you and ourselves against fraud.

2.10.        Service

1.       If you have questions about Deutsche EuroShop AG and our business activities and investments, you can contact our Investor & Public Relations department. You may contact us by telephone, social media, in writing or using the contact form on our website. We will process your personal data in accordance with your query. Where necessary, we may also use personal data that has been stored in our system from other data processing.

2.       Your personal data (e.g. contact information) will be processed, according to your query, for the purpose of pursuing, executing or carrying out a contract with you on the basis of Article 6 (1) (b) GDPR, to comply with our legal obligations towards you on the basis of Article 6 (1) (c) GDPR and/or on the basis of our legitimate interest in responding to your query on the basis of Article 6 (1) (f) GDPR.

2.11.        Compliance audits and measures and internal auditing

1.       Your personal data may be processed in Germany and abroad in the scope of audits carried out within Deutsche EuroShop AG.

2.       Such processing of your data may also take place if we carry out compliance programmes and measures to identify and correct misconduct within the company.

3.       Your personal data may also be processed as part of this data processing. We process your personal data in this regard for the purpose of meeting our statutory obligations, pursuant to Article 6 (1) (c) GDPR. Furthermore, we process your personal data for the purpose of our legitimate interest in auditing the workflows and efficiency of Deutsche EuroShop AG, correcting misconduct and preventing fraud, and to enforce or defend our rights, pursuant to Article 6 (1) (f) GDPR.

2.12.        Virtual conferences

1.       You can communicate with Deutsche EuroShop AG via virtual conferences (e.g. Microsoft Teams) or take part in events such as online meetings and webinars. If we wish to record communications with you, we will inform you in advance and – where necessary – ask for your consent. You can usually display a virtual background or dial in by phone.     

2.      To this end, we process your personal data (e.g. your name, your email address and your spoken word) on the basis of our legitimate interests in being able to communicate with you digitally pursuant to Article 6 (1) (f) GDPR.

 

3.     Retention and erasure of your personal data
 

1.       We store your personal data for as long as necessary and to the extent that it is required for the purposes (section 2) for which it is being processed. 

2.       If your personal data is no longer necessary for the processing purposes, we will only store your personal data while you are able to make claims against us or we against you (for example a statutory retention period of typically three years starting with the end of the year in which the claim arises, pursuant, for example, to Sections 195, 199 of the German Civil Code (BGB)).

3.       Furthermore, we will store your personal data for as long as and to the extent that we are required to do so by the law. 
 

4.     Categories of recipient of your personal data

 

1.       In the scope of our business activity we use external IT service providers that provide us with platforms, databases, tools, etc., for our services (e.g. our website, a range of contact options or marketing measures) and that process personal data on our behalf. We select external services providers with care and conclude written contracts with them. They are bound by our instructions and we check them on a regular basis. All systems in which your personal data is stored and to which external service providers have access are protected by password and only accessible to a restricted group of people who require access to the data for purposes authorised by you. In this context, where data is transferred to and processed by external service providers we ensure within the statutory provisions that the data is processed, used and transferred in accordance with this policy.

2.       The use of Google reCAPTCHA may involve the transfer of your personal data to the USA. Your personal data will be transferred in pursuit of our legitimate interest in fraud prevention pursuant to Article 6 (1) (f) GDPR. The conclusion of the standard contractual clauses for the transfer of personal data to non-EU countries ensures an adequate level of protection for your personal data.

3.       In conjunction with the use of Microsoft Teams, your personal data may be transferred to the USA in pursuit of our legitimate interest in communicating with you digitally on our website pursuant to Article 6 (1) (f) GDPR. The conclusion of the standard contractual clauses for the transfer of personal data to non-EU countries ensures an adequate level of protection for your personal data.

4.       In conjunction with the use of YouTube, your personal data is transferred to the USA in pursuit of our legitimate interest in carrying out marketing activities pursuant to Article 6 (1) (f) GDPR. The conclusion of the standard contractual clauses for the transfer of personal data to non-EU countries ensures an adequate level of protection for your personal data.

5.       In conjunction with the use of Google Maps, your personal data is transferred to the USA in pursuit of our legitimate interest in showing route directions on our website pursuant to Article 6 (1) (f) GDPR. The conclusion of the standard contractual clauses for the transfer of personal data to non-EU countries ensures an adequate level of protection for your personal data.

6.       Data is transferred to the extent that it is required for the purposes stated in this Privacy Policy or if you have consented to transfer. Your personal data is transferred pursuant to Article 6 (1) (a), (b) and (f) GDPR.

7.       In order to carry out audits in some circumstances we may transfer your personal data in order to meet our legal obligations on the basis of Article 6 (1) (c) GDPR and in our legitimate interest in auditing the workflows and efficiency of Deutsche EuroShop AG, correcting misconduct and preventing fraud, and/or to enforce or defend our rights, pursuant to Article 6 (1) (f) GDPR.

8.       We will only transfer your personal data if and to the extent that a legal obligation to transfer requires us to do so. Data is transferred pursuant to Article 6 (1) (c) GDPR.

 

5.     Legitimate interest and right to object

 

1.       We process your personal data as set out in section 2 above in pursuit of our legitimate interests, in particular in providing you with information on our business activities and investments through this website and ensuring IT security for your visit to this website, conducting analysis and, on the basis of this analysis, improving our web presence and services for you, and in preventing fraud, responding to your comments, questions and suggestions and in advertising our business activity and investments, providing you with directions on our website, answering your queries, carrying out marketing measures, checking the workflows and efficiency in Deutsche EuroShop AG, correcting misconduct, preventing fraud and enforcing and/or defending our rights. Information on the weighing up of interests can be obtained from

2.       You have the right at any time, for reasons relating to your personal situation, to object to the processing of your personal data which we process on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. We will cease processing your data for this/these purpose(s), unless our legitimate interests override your interests or processing is for the establishment, exercise or defence of legal claims. Please send your inquiry to:

info@deutsche-euroshop.de.

3.       If you object to the data processing, we will process your personal data which we collected in connection with this in order to respond to your inquiry. Your personal data will be processed in order to comply with a legal obligation based on article 6 (1) (c) GDPR.

 

6.     Consent and withdrawal of consent


1.       If you have granted your consent for us to process your personal data, you are entitled to withdraw such consent at any time. The withdrawal of consent shall apply to the future. The legality of the processing of your personal data shall remain unaffected up to the time of withdrawal. Please submit your withdrawal in writing, by telephone or email to

Deutsche EuroShop AG
Heegbarg 36
22391 Hamburg
Germany
Tel.: +49 (0)40 41 35 79-0
Email: info@deutsche-euroshop.de

2.       If you withdraw your consent, we will process the personal data concerning you which we collected in connection with this in order to respond to your enquiry. Your personal data will be processed in order to comply with a legal obligation based on Article 6 (1) (c) GDPR.
 

7.     Your rights

 

1.       In accordance with the GDPR, you may at any time request that we

  • provide you with information about the personal data concerning you that we process (Article 15 GDPR), rectify personal data concerning you that are inaccurate (Article 16 GDPR) and/or erase (Article 17 GDPR), restrict (Article 18 GDPR) and/or hand over (Article 20 GDPR) any personal data we have stored concerning you. 

2.       If you have an enquiry regarding one of the issues addressed in section 1, please send it

3.       If you assert your rights towards us, we will process your personal data which we collected in connection with this in order to respond to your inquiry. Your personal data will be processed in order to comply with a legal obligation based on article 6 (1) (c) GDPR.

4.       Without prejudice to your rights as defined in section 7, you have the right to lodge a complaint with the data protection authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR).

 

8.     Changes to this privacy policy

 

1.       This privacy policy (available free of charge from www.deutsche-euroshop.de/datenschutz) including the cookie information of Deutsche EuroShop AG (available free of charge fromwww.deutsche-euroshop.com/privacy) is applicable in its current version (see date and version of the privacy policy). 

2.       We retain the right to modify and add to the content of this privacy policy. The updated privacy policy shall apply as soon as it becomes valid (see date and version of the privacy policy). 

3.       We will inform you on our website of these changes and additions and, where these changes and additions relate to services with active email addresses, will also send an email. You will be granted the opportunity to view, print and save the modified privacy policy free of charge.  
 

You will find our Website Cookie Policy here.

Here you will find the pdf data protection notice on the processing of our shareholders’ personal data
(70 KB, PDF file).