01. Scope of application
The protection of personal data is very important to us. With the following information on data protection, we would like to explain to you which personal data we process for which purposes while you are using our website.
The following information applies to all content under https://techstarter.edeka (hereinafter referred to as “offer” / “website”). This also includes, for example, newsletters or competitions for which you register. The responsible provider for this content is the EDEKA DIGITAL GmbH, New-York-Ring 6, 22297 Hamburg, firstname.lastname@example.org (hereinafter referred to as the “Responsible Party” / “Provider”).
The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter DSGVO) and the Federal Data Protection Act (BDSG).
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Companies of the EDEKA Group
Companies of the EDEKA Group are the EDEKA cooperatives and their members as well as those companies in which the EDEKA cooperatives, individually or jointly, directly or indirectly hold an interest of at least 50%.
03. Types of personal data
“Access data” is data about each access to the server on which our website is located. Access data includes the date and time of access, URL (address) of the referring website, retrieved file, amount of data sent, the HTTP response code, browser type and version, any browser extensions, width and height of the browser window, color depth, operating system and IP address and, with regard to the use of Google Analytics the UserID (see section 7).
We or third-party providers set cookies on the access device, which are small files in which the web browser you use stores information about visited web pages sent by the web server. This can be information about the page visit such as duration, login data, user input or the like.
Input and message data
If you register with techstarter, manage your account, register for the newsletter or contact us, we process the personal data that you enter in the respective form or communicate to us (e.g. last name, first name, e-mail address, telephone number, market name, region). In addition, we process the personal data that you communicate via our platform to the partner company or, conversely, to the merchants.
04. Processing purposes
We collect the access data for security reasons for fraud and abuse control as well as for statistical recording of website usage and optimization of our website. The legal basis for the processing is Art. 6 para. 1 sentence 1 f DSGVO. For processing of the IP address by third-party providers, see item 5.
Analysis and transaction data
We integrate various third-party services and content on our website, from which analysis and transaction data is created and processed using IP addresses and cookies. Details on this can be found under item 5.
Input and message data
If you enter personal data via our contact form, we will use your personal data to process your request. If you provide us with data by other means, the purpose of the data processing also depends on your request.
The legal basis for the data collection is Art. 6 para. 1 a and f DSGVO. Our legitimate interest for data collection within the meaning of Art. 6 para. 1 f DSGVO follows from the fact that we can not process your request (contact) without your data.
05. Categories of recipients of personal data
06. Processing duration
The access data is stored continuously for security reasons (e.g. for the clarification of misuse or fraud) and deleted if it is no longer required for this purpose.
Cookies and IP addresses processed by third parties
Insofar as third-party providers process data on the basis of cookies and IP addresses, we have no influence on the duration of the processing. You will find the links to the privacy statements of the third-party providers under item 7. There you can inform yourself about the duration of the processing.
Input and message data
We and our hosting provider process the aforementioned data for the duration of our cooperation with you, unless this data is subject to retention periods under tax and commercial law or consent to further processing has been given or another legal reason exists that justifies further processing. We have no influence on how long other companies in the EDEKA group process data. If necessary, please contact them. With regard to data processing by third-party providers, we refer to their data protection declarations, see item 7.
07. Third Party Services
Use of Google Analytics
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We use the User ID function. The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyse user behaviour across devices.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be traced back to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Usage conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection declaration: http://www.google.de/intl/de/policies/privacy.
Use of Mailchimp
The techstarter newsletter is sent via “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The data described above is stored on MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use this information to optimise or improve its own services, e.g. to technically optimise the dispatch and display of the newsletter or for economic purposes to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them or to pass them on to third parties.
Statistical collection and evaluations
The newsletters contains a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information such as information about your browser and your system as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of MailChimp to observe individual users. Rather, the analyses serve us to recognise the reading habits of our users and to adapt our content accordingly or to send other content according to the interests of our users.
Use of Mailjet
Use of Pipedrive
For the purpose of contact management, we use the customer relationship management system of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (“Pipedrive”). Through the contact form, we collect contact information from EDEKA merchants such as name, email address, phone number, store name, region. The servers of Pipedrive that we use are located within the European Union. The legal basis is Art. 6 para. 1 lit. f) DSGVO.
Further information on data processing and data protection by Pipedrive can be found here:
Use of Zapier
For the integration of different tools we use Zapier, a service of Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA. Zapier makes it possible to link different web applications with each other, transfer data and thus realise process automation. If personal data is processed in the tools that are linked by Zapier, this personal data is also processed by Zapier when automating workflows. Zapier is used for process automation in order to optimise workflows and minimise errors. In order to provide the service, data is transferred to the USA.
The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) DSGVO. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.
08. Voluntariness of the data provision
09. Right of objection
You have the right to object at any time to the personal data processed on the basis of Article 6 (1) sentence 1 f DSGVO, provided that there are grounds for the objection arising from your particular situation. However, your personal data will be further processed if there are compelling legitimate grounds to further process the data that override the interests, rights and freedoms of your person, or if the processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object at any time, without giving reasons, to the processing of personal data for the purpose of such marketing (Article 21 DSGVO).
For objection and deactivation options with regard to the use of third-party solutions, see section 7. and the links to the privacy statements of the third-party providers there.
10. Further data subject rights
In the event that you have given your consent, you have the right to revoke it. We would like to point out that a revocation does not change the lawfulness of the processing granted until the revocation (no retroactive effect of the revocation).
You have the right, within the scope of the DSGVO, to receive information free of charge upon request about the personal data we hold about you (Art. 15 DSGVO).
Furthermore, in accordance with the DSGVO, you have the right to rectification (Art. 16 DSGVO), deletion (Art. 17 DSGVO), restriction (Art. 18 DSGVO) and transfer (Art. 20 DSGVO) of your personal data.
You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Art. 77 DSGVO).
You can exercise your rights under the GDPR by email or in writing. You can find the contact details of the provider and the responsible person within the EU below.
Provider as responsible entity: EDEKA DIGITAL GmbH, Management: Christoph Diekmeyer, New-York-Ring 6, 22297 Hamburg, Telefon: +49 40 6377 – 0, Telefax: +49 40 6377 – 4010, E-Mail: email@example.com
You can reach our data protection officer at firstname.lastname@example.org or our postal address with the addition „der Datenschutzbeauftragte“.
Data protection supervisory authority: Free and Hanseatic City of Hamburg, The Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Tel.: 040 / 428 54 – 4040, Fax: 040 / 428 54 – 4000, E-Mail: email@example.com
Status: May 2021