01. Scope of application
The protection of personal data is very important to us. With the following information on data protection, we would like to explain to you which personal data we process for which purposes while you are using our website.
The following information applies to all content under https://techstarter.edeka (hereinafter referred to as “offer” / “website”). This also includes, for example, newsletters or competitions for which you register. The responsible provider for this content is the EDEKA DIGITAL GmbH, New-York-Ring 6, 22297 Hamburg, info.eddi@edeka.de (hereinafter referred to as the “Responsible Party” / “Provider”).
The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter DSGVO) and the Federal Data Protection Act (BDSG).
02. Definitions
Personal data
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Companies of the EDEKA Group
Companies of the EDEKA Group are the EDEKA cooperatives and their members as well as those companies in which the EDEKA cooperatives, individually or jointly, directly or indirectly hold an interest of at least 50%.
03. Types of personal data
Access data
“Access data” is data about each access to the server on which our website is located. Access data includes the date and time of access, URL (address) of the referring website, retrieved file, amount of data sent, the HTTP response code, browser type and version, any browser extensions, width and height of the browser window, color depth, operating system and IP address and, with regard to the use of Google Analytics the UserID (see section 7).
Cookies
We or third-party providers set cookies on the access device, which are small files in which the web browser you use stores information about visited web pages sent by the web server. This can be information about the page visit such as duration, login data, user input or the like.
Input and message data
If you register with techstarter, manage your account, register for the newsletter or contact us, we process the personal data that you enter in the respective form or communicate to us (e.g. last name, first name, e-mail address, telephone number, market name, region). In addition, we process the personal data that you communicate via our platform to the partner company or, conversely, to the merchants.
04. Processing purposes
Access Data
We collect the access data for security reasons for fraud and abuse control as well as for statistical recording of website usage and optimization of our website. The legal basis for the processing is Art. 6 para. 1 sentence 1 f DSGVO. For processing of the IP address by third-party providers, see item 5.
Cookies
On the one hand, cookies serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they can be used to collect statistical data on website usage and to be able to analyze it for the purpose of improving our offers. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it is pointed out that the use and in particular the user comfort of our website will be limited without cookies.
Legal basis for the use of cookies is Art. 6 para 1 a, f DSGVO. For the use of cookies by third-party providers, see item 5.
Analysis and transaction data
We integrate various third-party services and content on our website, from which analysis and transaction data is created and processed using IP addresses and cookies. Details on this can be found under item 5.
The legal basis for the processing of the IP address and the use of cookies is Art. 6 para. 1 a, f DSGVO. The aforementioned data is used to analyze the use of our website and to regularly improve our website, furthermore to increase the attractiveness of the offered content for you and to optimize our offers and to place advertisements on third party sites as well as to be able to perform a cost-benefit analysis of our internet advertisement.
Input and message data
If you enter personal data via our contact form, we will use your personal data to process your request. If you provide us with data by other means, the purpose of the data processing also depends on your request.
The legal basis for the data collection is Art. 6 para. 1 a and f DSGVO. Our legitimate interest for data collection within the meaning of Art. 6 para. 1 f DSGVO follows from the fact that we can not process your request (contact) without your data.
05. Categories of recipients of personal data
With the exception of data processed by third-party providers, our hosting provider processes the data mentioned in section 3 on our behalf. The data is stored on the servers of our hosting provider. With regard to the transfer of information within the EDEKA group, see section 4. With regard to the transfer of data to the Mailjet provider, see section 7. With regard to the use of cookies and the processing of IP addresses by third-party providers, see also section 7 below. In addition, we reserve the right to hand over the data to authorities or the police in the event of suspicion of criminal conduct.
06. Processing duration
Access Data
The access data is stored continuously for security reasons (e.g. for the clarification of misuse or fraud) and deleted if it is no longer required for this purpose.
Cookies and IP addresses processed by third parties
Insofar as third-party providers process data on the basis of cookies and IP addresses, we have no influence on the duration of the processing. You will find the links to the privacy statements of the third-party providers under item 7. There you can inform yourself about the duration of the processing.
Input and message data
We and our hosting provider process the aforementioned data for the duration of our cooperation with you, unless this data is subject to retention periods under tax and commercial law or consent to further processing has been given or another legal reason exists that justifies further processing. We have no influence on how long other companies in the EDEKA group process data. If necessary, please contact them. With regard to data processing by third-party providers, we refer to their data protection declarations, see item 7.
07. Third Party Services
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses cookies, which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyse user behaviour across devices.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be traced back to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Usage conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
Use of Mailchimp
The techstarter newsletter is sent via “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The data described above is stored on MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use this information to optimise or improve its own services, e.g. to technically optimise the dispatch and display of the newsletter or for economic purposes to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them or to pass them on to third parties.
You can find MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy
Statistical collection and evaluations
The newsletters contains a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information such as information about your browser and your system as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of MailChimp to observe individual users. Rather, the analyses serve us to recognise the reading habits of our users and to adapt our content accordingly or to send other content according to the interests of our users.
Use of Mailjet
The sending of newsletters and email updates is carried out by Mailjet SAS, 13-13 bis, Rue de l’Aubrac, 75012 Paris, France (“Mailjet”), with whom we have agreed on a contractual processing (Art. 28 DSGVO). Mailjet may analyse your data for quality assurance purposes and to improve the quality of its own service. Your data will be used in pseudonymous form, i.e. without allocation to individual persons. These statistical surveys and analyses are carried out on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO. Mailjet’s privacy policy applies: https://www.mailjet.de/privacy-policy/
Use of Pipedrive
For the purpose of contact management, we use the customer relationship management system of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (“Pipedrive”). Through the contact form, we collect contact information from EDEKA merchants such as name, email address, phone number, store name, region. The servers of Pipedrive that we use are located within the European Union. The legal basis is Art. 6 para. 1 lit. f) DSGVO.
Further information on data processing and data protection by Pipedrive can be found here:
https://www.pipedrive.com/en/privacy
Use of Zapier
For the integration of different tools we use Zapier, a service of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA. Zapier makes it possible to link different web applications with each other, transfer data and thus realise process automation. If personal data is processed in the tools that are linked by Zapier, this personal data is also processed by Zapier when automating workflows. Zapier is used for process automation in order to optimise workflows and minimise errors. In order to provide the service, data is transferred to the USA.
The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.
08. Voluntariness of the data provision
The provision of personal data when visiting our website is neither legally or contractually required nor necessary for the conclusion of a contract. You are also not obliged to provide the personal data when visiting our website. With regard to the use of cookies, we refer you to sections 4 and 6 of our data protection declaration.
09. Right of objection
You have the right to object at any time to the personal data processed on the basis of Article 6 (1) sentence 1 f DSGVO, provided that there are grounds for the objection arising from your particular situation. However, your personal data will be further processed if there are compelling legitimate grounds to further process the data that override the interests, rights and freedoms of your person, or if the processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object at any time, without giving reasons, to the processing of personal data for the purpose of such marketing (Article 21 DSGVO).
For objection and deactivation options with regard to the use of third-party solutions, see section 7. and the links to the privacy statements of the third-party providers there.
10. Further data subject rights
In the event that you have given your consent, you have the right to revoke it. We would like to point out that a revocation does not change the lawfulness of the processing granted until the revocation (no retroactive effect of the revocation).
You have the right, within the scope of the DSGVO, to receive information free of charge upon request about the personal data we hold about you (Art. 15 DSGVO).
Furthermore, in accordance with the DSGVO, you have the right to rectification (Art. 16 DSGVO), deletion (Art. 17 DSGVO), restriction (Art. 18 DSGVO) and transfer (Art. 20 DSGVO) of your personal data.
You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Art. 77 DSGVO).
You can exercise your rights under the GDPR by email or in writing. You can find the contact details of the provider and the responsible person within the EU below.
Contact details
Provider as responsible entity: EDEKA DIGITAL GmbH, Management: Christoph Diekmeyer, New-York-Ring 6, 22297 Hamburg, Telefon: +49 40 6377 – 0, Telefax: +49 40 6377 – 4010, E-Mail: info.eddi@edeka.de
You can reach our data protection officer at datenschutz.eddi@edeka.de or our postal address with the addition „der Datenschutzbeauftragte“.
Data protection supervisory authority: Free and Hanseatic City of Hamburg, The Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Tel.: 040 / 428 54 – 4040, Fax: 040 / 428 54 – 4000, E-Mail: mailbox@datenschutz.hamburg.de
Status: May 2021
