Privacy statement

Please note: Only the German original of this privacy statement is legally binding. The English translation is provided for information purposes only and has no legal force.

1. General Information

1.1 Information on the collection of personal data

The information below is collection and processing of your personal data. Your data is collected for various purposes. A description of these purposes, the respective data categories, the categories of data subjects, the legal basis as well as further information can be found under No. 2 of this privacy statement.

1.2 Responsible

Responsible for the present data processing is

 

Galaxus Deutschland GmbH

Schützenstraße 5

22761 Hamburg

 

Phone: +49 (0)40 - 334 614 747

E-mail: galaxus@galaxus.de

Internet: www.galaxus.de

 

1.3 Data protection official

 

Contact our data protection officer here:

 

Mag. Jur. Djoko Lukic (datenschutzbuero.hamburg)

Phone: +49 (0)40 - 414313070

Website: https://datenschutzbuero.hamburg

E-mail: galaxus@datenschutzbuero.hamburg

 

If you wish to contact the data protection officer via encrypted messages, please use the following contact form: https://datenschutzbuero.hamburg/kontakt/

 

1.4 Supervisory authority

The supervisory authority responsible for us is

 

The State Commissioner for Data Protection and Freedom of Information Hamburg

Klosterwall 6 (Block C)

20095 Hamburg

Phone: +49 (0)40 - 4 28 54 - 40 40

E-mail: mailbox@datenschutz.hamburg.de

 

1.5 Your rights

Provided that the respective legal requirements have been met, you are entitled to the following rights:

  • According to Art. 15 GDPR, you have the right to obtain information as to whether personal data was stored or processed by us or contractual partners.
  • According to Art. 16 GDPR, you have the right to the rectification of inaccurate personal data.
  • According to Art. 17 GDPR, you have the right to the erasure of personal data provided that no legal obligation make further storage necessary.
  • In addition, according to Art. 18 GDPR, you have the right to obtain restriction of data processing if, among other things, the accuracy of the data is disputed or you object to their processing according to Art. 21 GDPR.
  • Furthermore, according to Art. 20 GDPR, you have the right to receive the data in a machine-readable format.
  • You may revoke the consents given to us in accordance with Art. 7 III GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • You also have the right to file a complaint to a data protection supervisory authority about the processing of your personal data by us.
  • According to Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data collected in on the basis of Art. 6, paragraph 1, under point e or f.
  • You may object to the processing of your personal data for advertising and data analysis purposes at any time.

In case of revocation or objection, please send an e-mail to widerruf@galaxus.de.

1.6 Data disclosure

1.6.1 Disclosing data within the company group

We are part of a group of companies (Migros) and are supported by the companies affiliated with us. Our parent company, Digitec Galaxus AG, supports us in technical and personnel matters.

Data transmissions to Switzerland are subject to an adequacy decision (commission decision 2002/518/EG, ABl. 2002 L 215, 1) according to Art. 45 I S. 1 GDPR without prior authorisation by the persons concerned.

1.6.2 Data disclosure to US service providers

Your data is also transferred to service providers (Microsoft, Google, zendesk, sendgrid) headquartered in the US. Data transfers to the US are possible under the implementation of the commission decision (2016/1250, ABl. 2016 L 207, 1), provided that the companies have certified for the privacy shield. The US companies commissioned by us process data in line with these requirements. Therefore, according to Art. 45 I S. 1 GDPR, data transfers to these companies are possible without prior consent of those concerned.

1.6.3 Contact details of data recipients

The contact details of the data recipients are as follows:

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052-6399

USA

Privacy statement: https://privacy.microsoft.com/en-us/privacystatement

Website: https://www.microsoft.com/en-us/

 

Google Ireland Limited

Gordon House, Barrow Street

Dublin 4

Irland

Datenschutzerklärung: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631

Website: https://www.google.com/

 

Digitec Galaxus AG

Corporate Communications

Pfingstweidstrasse 60, CH-8005 Zurich

Privacy statement: https://www.galaxus.ch/en/wiki/2791

Website: https://www.galaxus.ch/

 

Migros-Genossenschafts-Bund

Limmatstrasse 152

CH-8031 Zurich

Privacy statement: https://www.migros.ch/de/datenschutz.html

Website: https://www.migros.ch/de/unternehmen/migros-gruppe.html

 

Zendesk Inc.

989 Market Street #300

San Francisco

CA 94102

USA

Privacy statement: https://www.zendesk.com/company/customers-partners/privacy-policy/?_ga=2.122922187.196979010.1583850399-951531470.1583850399

Website: https://www.zendesk.com/?_ga=2.23695354.196979010.1583850399-951531470.1583850399

 

Facebook Inc.

1 Hacker Way

Menlo Park

CA 94025

USA

Privacy statement: https://www.facebook.com/privacy/explanation

Website: https://www.facebook.com/

 

SendGrid UK Limited

6th Floor One London Wall

EC2Y 5EB

UK

Privacy statement: https://sendgrid.com/policies/privacy/website-privacy-policy/

Website: https://sendgrid.com/

 

Klaus D. Meier + Bastian Kröhnke PartG mbB

Semmelweisstr. 19

79576 Weil am Rhein

Privacy statement: https://www.steuerberater-weilamrhein.com/impressum/

Website: https://www.steuerberater-weilamrhein.com/

 

2. The processing of your data

2.1 Data categories

Below, we will inform you about the individual processing activities. The processed data categories are summarised in the following category groups:

  • Login data (LoginD): user name and password, time of login, session data (session ID)
  • Master data (StammD): title, form of address, gender, first name, last name, date of birth
  • Address data (AdressD) : street, house number, address suffix, postal code, town
  • Contact details (KontaktD): e-mail address, phone number
  • Order data (BestellD): ordered products, prices, payment information, delivery dates
  • Newsletter profile data (NutzungDN): time of opening newsletter, content of newsletter, opened links, technical protocol data (IP address, description of computer, browser, etc.)
  • Access protocols (ZugriffD): services/websites used, time of use, previous website visit, computer description, browser type and version, operating system and other technical data

Where other categories of data are processed, which are not mentioned in the above categories, they are mentioned individually in the respective processing activities.

 

2.2 Visiting the website

2.2.1 Data processing purpose

The purpose of the data processing described below is the presentation of our website and the offers available on it.

2.2.2 Data processing

Whenever our website or online shop is used for information purposes, we only collect the personal data your browser transmits to our servers. The data from the category group «ZugriffD» is processed.

2.2.3 Legal basis

The legal basis for the processing of the above data is Art. 6 I lit. f) GDPR. Our legitimate interests are as follows:

  • ensuring that system operation is as error-free as possible,
  • analysing any error functions as well as
  • optimising the contents for a user-friendly presentation.

2.2.4 Storage period

The data collected in the course of these measures is automatically deleted if no longer required.

2.2.5 Origin of the data

The processed data is provided by you.

2.3 Website usage analysis for online offer optimisation

2.3.1 Data processing purpose

To optimise our content, we use Google Analytics on our website.

2.3.2 Data processing

Google uses cookies that analyse how the website is used. This allows Google to collect information about your behaviour on our website and the device used (data from the category group ZugriffD).

Based on this information, Google sends us evaluations. Within the framework of these usage analyses, purchasing behaviour is also assessed and products related to other products are offered in a targeted manner.

2.3.3 Data disclosure

As this analysis is carried out by Google, your data is also passed on to Google.

Our processing activity is actively supported by our parent company, so that the data can also be viewed by the entitled persons of the parent company. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.3.4 Legal basis

The legal basis for this data processing is your consent within the meaning of Art. 6 I lit. a) GDPR, which you have given us via the cookie banner.

2.3.5 Storage period

The data is deleted provided that they are no longer required.

2.3.6 Origin of the data

The processed data is provided by you.

2.4 Order processing

2.4.1 Data processing purpose

We process personal data to meet our claims and to fulfil our obligations arising from the sales contract.

2.4.2 Data processing

For the purpose described, we process the category groups StammD, AdressD, KontaktD, BestellD and ZugriffD.

2.4.3 Data disclosure

We are supported by the specialist departments at Digitec Galaxus AG in Switzerland in carrying out these processing activities. In addition, parts of our infrastructure are provided by Cloud services provided by Microsoft Corporation (USA). Find more information on data disclosure under No. 1.6 of this privacy statement.

Furthermore, we transmit your data to lawyers and debt collection companies to establish legal claims.

In order to be able to deliver the ordered goods to you, we also transmit your data to transport companies.

2.4.4 Legal basis

We process data to fulfil our contractual obligations. Therefore, the legal basis is Art. 6 I lit. b) GDPR.

2.4.5 Storage period

If the data is no longer required to fulfil its purpose (e.g. by deleting the user account), the data required for the user account will be deleted.

The data we are obliged to keep for tax law reasons will be kept according to the legal deadlines (10 years according to § 147 in the fiscal code of Germany).

2.4.6 Origin of the data

The processed data is provided by you.

2.5 Customer account

2.5.1 Data processing purpose

To enable you to participate in our Community, you may create a personal customer account. Furthermore, the customer account allows for a comfortable execution of orders by permanently saving your data.

2.5.2 Data processing

When a user account is created, the category groups LoginD, StammD, AdressD, KontaktD, BestellD, NutzungsDN and ZugangD are processed.

2.5.3 Legal basis

Creating a user account, e.g. to participate in the Community, is voluntary. Therefore, the legal basis is Art. 6 I lit. a) GDPR. If you would like to place orders, creating a customer account is required for contract processing. In this case, the legal basis is Article 6 I lit. b) GDPR.

2.5.4 Data disclosure

The collected data is stored in the infrastructure of our parent company. See also No. 1.6 of this privacy policy.

 

2.6 Apps for Android and iOS

2.6.1 Data processing purpose

To make it easier for you to use our online shop on mobile platforms (Android and iOS), we provide an app.

2.6.2 Data processing

The apps make the already available online shop available in a separate browser. The data that is processed is the same as the data processed when the online shop is called up via the browser (see No. 2.2 to 2.5 of this privacy statement). Thus, the following data category groups are processed: LoginD, StammD, AdressD, KontaktD, BestellD, NutzungDN and ZugriffD.

Please note that the providers of the App Store (Google and Apple) also process other data (e.g. number of installations, time of use, etc.). To find out what data is involved in these processes, please check with the respective provider.

2.6.3 App authorisations

The apps require different access rights. The access rights and the purpose of the respective data processing are listed below:

 

Photos/Media/Files

(original description in the Google Play Store: «read the contents of your USB storage; modify or delete the contents of your USB storage»)

This authorisation is necessary to enable the upload of profile pictures or image documents.

 

Storage

(original description in the Google Play Store: «read the contents of your USB storage; modify or delete the contents of your USB storage»)

This authorisation is necessary to enable the upload of documents.

 

Miscellaneous

(original description in the Google Play Store: «download files without notification»)

This authorisation allows the download of documents (order confirmations, etc.). Downloads are not carried out without prior consultation. The note «without notification» is incorrect and erroneously displayed by the App Store.

 

Miscellaneous

(original description in the Google Play Store: «view network connections»)

The network connectivity request is necessary to provide the data connection to our online shop.

 

Miscellaneous

(original description in the Google Play Store: «full network access»)

This authorisation is also necessary to realise the network communication with our online shop.

2.6.4 Legal basis

If you use the app to be part of the Community, you do so at your own request. The legal basis is your implied consent according to Art. 6 I lit. a) GDPR. If you would like to place orders by means of the apps, creating a customer account is required for contract processing. In this case, the legal basis is Article 6 I lit. b) GDPR.

2.6.5 Data disclosure

The collected data is stored in the infrastructure of our parent company. See also No. 1.6 of this privacy policy.

2.7 Payments via Paypal

2.7.1 Data processing purpose

The purpose of processing data is to receive payments by the payment service provider Paypal in the course of the contract processing.

2.7.2 Data processing data disclosure

Paypal (PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) receives information about the ordered goods as well as the payments you legitimised. Paypal reserves the right to carry out credit checks. The result of the credit check is used by Paypal to decide whether certain payment methods can be offered to the paying party. The credit check is able to take probability values (score values) into account. The calculation of these probability values is carried out on the basis of recognised mathematical procedures. Among other things, address data of the paying party is included in the calculation of these probability values. Further information on data processing can be found in the Paypal privacy statement https://www.paypal.com/va/webapps/mpp/ua/privacy-full

2.7.3 Legal basis

Data processing is carried out to exercise our contractual rights within the meaning of Art. 6 I lit. b) GDPR.

2.8 Accounting and record retention obligation

2.8.1 Data processing purpose

In order to fulfil our accounting obligations within the meaning of § 238 HGB (German commercial code), all business-relevant occurrences are recorded and stored within the meaning of § 147 AO (or § 257 HGB).

2.8.2 Data processing

For accounting purposes, we must be able to record and store the data associated with your purchase (StammD, AdressD, KontaktD, BestellD) and be able to present it in the event of tax audits.

2.8.3 Data disclosure

In the event of official inspections, this data can be viewed by public bodies, such as the tax authorities. We are supported by the law firm Klaus D. Meier + Bastian Kröhnke in terms of tax law and accounting. Therefore, the firm also has access to this data.

Our parent company, which supports us in technical and personnel matters, can also access the data. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.8.4 Legal basis

The legal basis for the present data processing is Art. 6 I lit. c) GDPR in connection with the respective legal provisions (e.g. § 147 AO (fiscal code of Germany) or § 257 HGB).

2.8.5 Storage period

The data is kept for 10 years for tax law reasons (§ 147 AO). Data which we have to keep for reasons of commercial law (§ 257 HGB) will be stored for 6 years.

2.8.6 Origin of the data

The processed data is provided by you.

2.9 Login with Facebook

2.9.1 Data processing purpose

The purpose of the process described below is to simplify the registration procedure to use our online shop.

2.9.2 Data processing

If you have a Facebook profile, you can use it to create a customer account in our online shop and to log in. The plugin called «Facebook» is on the registration page in the «login» field.

Before the registration process and the transfer of the name, profile picture and e-mail address can be transferred from Facebook to us, you must approve the process.

2.9.3 Data disclosure

Facebook will be informed that you are using your Facebook user account to log in to our online shop. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.9.4 Legal basis

The legal basis for this process is Art. 6 I lit. a) GDPR.

2.9.5 Further information

Even if your settings give us access to further information, e.g. your friend list, this information will not be processed by us.

2.9.6 Storage period

The data is deleted provided that they are no longer required.

2.10 Login with Google

2.10.1 Data processing purpose

The purpose of the process described below is to simplify the registration procedure to use our online shop.

2.10.2 Data processing

If you have a Google account, you can use it to create a customer account in our online shop and to log in. The plugin called «Google» is on the registration page in the «login» field.

2.10.3 Data disclosure

Google will be informed that you are using your Google user account to log in to our online shop. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.10.4 Legal basis

By signing up with your Google account, you implicitly agree to the transfer of your name, profile picture and e-mail address. The legal basis for this process is Art. 6 I lit. a) GDPR.

2.10.5 Further information

Even if your settings give us access to further information, this information will not be processed by us.

2.10.6 Storage period

The data is deleted provided that they are no longer required.

2.11 Data processing for communication purposes

2.11.1 Data processing purpose

We process personal data not only for communication within the scope of contractual relationships, but also for other forms of communication.

2.11.2 Data processing

For this purpose, we use the e-mail infrastructure and a ticket system as well as our contact form. The data communicated for this purpose can be of various types (support requests, applications, status requests, etc.), making a uniform categorisation impossible.

2.11.3 Data disclosure

For communication by e-mail, we use communication solutions by Microsoft, sendgrid and Zendesk. If you contact us via social media, the forms of communication offered there are used.

The service providers used in connection with the communication receive the communicated data by means of communication transport.

As we are supported by the IT department of our parent company in the context of this processing activity, the data can be viewed by the respective authorised parties. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.11.4 Legal basis

Provided that the communication is contractually related to our goods and services, the legal basis is Art. 6 I lit. b) GDPR. In all other cases, our legitimate interest is to be able to communicate with you. In these cases, the legal basis is Art. 6 I lit. f) GDPR.

2.11.5 Storage period

The data is deleted provided that they are no longer required. Commercial letters are deleted after 6 years (§ 257 HGB) and tax-relevant communication contents are deleted after 10 years (§ 147 AO). If the communication content is necessary to exercise legal claims or to defend against them, the data can be stored until it is no longer required for this purpose.

2.11.6 Origin of the data

Provided that you contact us, the data will be provided by you. If we contact you, you will have given us your data in advance.

2.12 Display of embedded videos

2.12.1 Data processing purpose

The purpose of data processing is the presentation of videos on our website to increase the attractiveness of our offer.

2.12.2 Data processing

The videos may be played back on the website. The data processed here is the same information that is collected when the website is displayed (category group ZugriffD). Furthermore, Google uses cookies to provide the website.

YouTube https://www.youtube.com/t/terms
Google http://www.google.com/policies/privacy

2.12.3 Data disclosure

We use the platform YouTube (Google) to display videos. Thus, Google also gains access to the data associated with the display (ZugriffD). If you were previously logged in with your Google account, Google may also associate this information with your Google account.

As we are supported by of our parent company in the context of this processing activity, the data can be viewed by the respective authorised parties.Find more information on data disclosure under No. 1.6 of this privacy statement.

2.12.4 Legal basis

The legal basis for this is our own legitimate interest according to Art. 6 I lit. f) GDPR in providing an interesting offer.

2.12.5 Storage period

The data is deleted provided that they are no longer required.

2.12.6 Origin of the data

The processed data is provided by you.

2.13 E-mail marketing

2.13.1 Data processing purpose

The purpose of data processing is to offer our products by e-mail (newsletter).

2.13.2 Data processing

The distribution of newsletters enables us to determine whether pictures were displayed within the newsletter and thus whether content was perceived. Your e-mail programme will inform you about this usage analysis and give you the possibility to stop the usage analysis. Your name and e-mail address will be processed.

2.13.3 Data disclosure

We use the provider sendgrid for the distribution. As the provider carries out the e-mails and enables the analysis of usage, the provider receives the data linked to this. Find more information on data disclosure under No. 1.6 of this privacy statement.

2.13.4 Legal basis

The legal basis is the consent given by you according to Art. 6 I lit .a) GDPR.

2.13.5 Storage period

The data is deleted provided that they are no longer required.

2.13.6 Origin of the data

The processed data is provided by you.

2.13.7 Revocation

You may revoke your consent at any time for the future. To exercise your right of revocation, please click on the link marked accordingly in the newsletter. Alternatively, you may also send your revocation by e-mail to widerruf@galaxus.de.

2.14 Community

2.14.1 Data processing purpose

We give all customers the opportunity to comment on products and articles. Customers may start their own discussions and use our online shop as a platform for information exchange.

2.14.2 Data processing

The Community features are an integral part of our website. As a result, the data that is processed is the same data that is processed when a website is displayed. Additionally, a login process is required. A contribution is published with the freely selectable user name.

2.14.3 Data disclosure

The collected data is stored at our parent company. See also No. 1.6 of this privacy statement.

2.14.4 Legal basis

If you write contributions, you implicitly agree to the publication of your contribution and the associated data processing. The legal basis of the data processing is Art. 6 I lit. a) GDPR.

In addition, it is in our own legitimate interest according to Art. 6 I lit. f) GDPR to make our website more attractive by means of the Community.

The interests of the persons concerned (right to privacy for free development of personality) must not outweigh our interests (marketing measures for professional activities).

Participants are aware that any comments they write are published. By doing so, participants demonstrate that protection of privacy is not more important to them, and that they agree with the publication. Furthermore, as user names are used, the identification of the person concerned can only happen to a limited extent. The interest of those affected does not predominate.

2.14.5 Storage period

The data is deleted provided that they are no longer required.

2.14.6 Origin of the data

The processed data is provided by you.

2.15 Carrying out prize draws

2.15.1 Data processing purpose

The purpose of data processing is to carry out prize draws to increase the attractiveness of online shop.

2.15.2 Data processing

You take part in prize draws by posting comments on our website. This is why technical data is collected that is necessary for the provision of the website (IP address, protocol data, etc.).

Any comments you publish will be accompanied by your user name.

2.15.3 Data disclosure

The collected data is stored in the infrastructure of our service providers and our parent company.See also No. 1.6 of this privacy statement.

2.15.4 Legal basis

If you write contributions (even if they are only for the purpose of participating in a prize draw), you implicitly agree to the publication of your contribution and the associated data processing. The legal basis of the data processing is Art. 6 I lit. a) GDPR.

In addition, it is in our own legitimate interest according to Art. 6 I lit. f) GDPR to make our website more attractive by means of the Community.

The interests of the persons concerned (right to privacy for free development of personality) must not outweigh our interests (marketing measures for professional activities).

Participants are aware that any comments they write are published. By doing so, participants demonstrate that protection of privacy is not more important to them, and that they agree with the publication. Furthermore, as user names are used, the identification of the person concerned can only happen to a limited extent. The interest of those affected does not predominate.

2.15.5 Storage period

The data is deleted provided that they are no longer required.

2.15.6 Origin of the data

The processed data is provided by you.

2.16 Application procedure

2.16.1 Data processing purpose

The purpose of the processing activity is to carry out application procedures.

2.16.2 Data processing

We only accept applications made through our application portal set up for this purpose https://www.digitec.ch/en/JobOffer

Applicants who contact us by e-mail are referred to this portal. Applications sent in by e-mail will be processed in accordance with the above-mentioned processing activities (data processing for communication purposes) and deleted as quickly as possible. The personal data that you provide us with will be processed. These are, in particular, the following category groups:

  • StammD,
  • AdressD,
  • KontaktD as well as
  • data on your professional career, your education and certificates.

As you are using the website, the data collected during the use of websites is also processed. Find more information under No. 2.2 of this privacy statement.

2.16.3 Data disclosure

The collected data is stored in the infrastructure of our parent company. See also No. 1.6 of this privacy policy.

2.16.4 Legal basis

We carry out application procedures in our own legitimate interest according to Art. 6 I lit. f) GDPR. Our interest here is the maintenance of business activities. For the assumption of a legitimate interest according to Art. 6 I lit. f) GDPR, your interest (right to privacy for the free development of your personality) must not outweigh our interest. As you are applying yourself and providing your documents, you are making clear that the protection of your privacy does not outweigh our interest in the application process.

2.16.5 Storage period

Data of employees will remain stored until they leave the company, provided that this information is necessary for the continuation of employment. Data of rejected applicants will be stored for 6 months to protect against possible claims arising from the AGG (General Act on Equal Treatment).

2.16.6 Origin of the data

The data is provided by you.

2.17 Online marketing through conversion tracking

2.17.1 Data processing purpose

The purpose of conversion tracking is to determine whether our marketing measures are successful.

2.17.2 Data processing

As part of the analytics services provided by Google, conversion tracking allows us to determine which external advertising efforts were successful and resulted in prospective customers clicking on ads.

The information collected in this process is not intended to identify you personally. We only learn how many interested prospective customers clicked on our ads. The hereby

2.17.3 Data disclosure

Since we use Google technology (see also No. 1.6.3) for conversion tracking, the data is also passed on to Google.

2.17.4 Legal basis

The legal basis for conversion tracking is your consent according to Art. 6 I lit. a) GDPR.

2.17.5 Deactivation

You have the option of preventing the data processing on which this usage analysis is based. To do so, it is sufficient to deactivate third-party cookies in your browser. Alternatively, you may also use the plugin provided by Google https://www.google.com/settings/ads/plugin

2.17.6 Storage period

The cookies have a life of 30 days. Therefore, the information stored in these cookies is deleted after 30 days at the latest.

However, you can also delete the cookies yourself using the appropriate browser functions.

2.18 Remarketing through the Google Marketing Platform

2.18.1 Data processing purpose

To increase the attractiveness of our offer, we use the analysis methods of the Google Marketing Platform.

2.18.2 Data processing

Cookies are used to identify which products or content you are interested in. When you leave our online shop, the offers and contents that are interesting for you are advertised on external sites.

2.18.3 Data disclosure

Since we use Google technology (see also No. 1.6.3) for this data processing, the data is also passed on to Google.

2.18.4 Legal basis

The legal basis for the existing data processing is your consent according to Art. 6 I lit. a) GDPR.

2.18.5 Deactivation

You have the option of preventing the data processing on which this usage analysis is based. To do so, it is sufficient to deactivate third-party cookies in your browser. Alternatively, you may also use the plugin provided by Google https://www.google.com/settings/ads/plugin

2.18.6 Storage period

The cookies have a life of 24 months. Therefore, the information stored in these cookies is deleted after 24 months at the latest.

However, you can also delete the cookies yourself using the appropriate browser functions.

2.19 Affiliate or network marketing

2.19.1 Data processing purpose

The purpose of the present processing activity is the marketing of our products and services.

2.19.2 Data processing

Our advertising partner (Tradedoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich, https://www.tradedoubler.com/en/privacy-policy/) operates a service for publishing advertisements. The advertisements are published within the distribution network of our advertising partner.

The processed data is stored in the cookies of the website visitors.

2.19.3 Data disclosure

For the invoicing of marketing services rendered, our advertising partners document all successful advertising measures. The data collected in this process are the order value, the order number, the click ID of the buyer (tduid) and any voucher code. Both sales and the display of the linked contents are considered successful advertising measures. As in the operation of the website, technically essential information of the website visitor is processed (category group ZugriffD).

Since the affiliates publish the advertisements, they also record technically necessary information.

 

2.19.4 Legal basis

The legal basis for the present data processing is our own legitimate interest in the marketing of our products and services according to Art. 6 I lit. f) GDPR.

2.19.5 Deactivation

You have the option of preventing the data processing on which this usage analysis is based. To do so, it is sufficient to deactivate cookies in your browser. Alternatively, you may also use the opt-out provided by tradedoubler: http://publisher.tradedoubler.com/include/functions/optout.html

2.20 Use of tracking pixels for advertising platforms

2.20.1 Data processing purpose

The purpose of data processing is to optimise the marketing measures by transferring website usage analyses to marketing platforms.

2.20.2 Data processing

Tracking pixels are used to record website usage. Tracking pixels are graphic elements that are integrated into the provider's website and are loaded from an external provider's server when a website is visited. The server of the external provider registers this loading process and recognises various information on the user (data category ZugriffD):

  • the operating system used,
  • the browser used,
  • the time of access,
  • the visit duration,
  • the visitor’s IP address.

In addition, the click numbers and thus the attractiveness of individual pages can be recorded in this way.

The information collected by these methods is stored in so-called cookies or locally, in similarly functioning text files, in the end devices of the website visitors.

2.20.3 Data disclosure

The data is forwarded to the following marketing partners:

Connexity Affiliate of Connexity, Inc., 2120 Colorado Ave., Suite 400, Santa Monica, CA 90404, Vereinigte Staaten

Die Datenschutzerklärung von Connexity finden Sie unter https://connexity.com/de/datenschutzhinweise/.

 

shopping24 Affiliate of shopping24 Gesellschaft für multimediale Anwendungen mbH, Poßmoorweg 2, 22301 Hamburg, Deutschland

Die Datenschutzerklärung von shopping24 finden Sie unter https://www.s24.com/datenschutzbestimmungen/ 

 

billiger.de Affiliate of solute GmbH Zeppelinstraße 15 D-76185 Karlsruhe

Datenschutzerklärung: https://company.billiger.de/ger/datenschutz/

 

Criteo DPO  32 Rue Blanche 75009 Paris - Frankreich

Datenschutzerklärung: https://www.criteo.com/de/privacy/corporate-privacy-policy/

 

idealo internet GmbH Zimmerstraße 50 10888 Berlin, Deutschland

Datenschutzerklärung: https://www.idealo.de/preisvergleich/Datenschutz.html

 

Taboola, Inc. 16 Madison Square West 7th Floor New York, New York 10010

Datenschutzerklärung: https://policies.taboola.com/de/datenschutzerklaerung/

 

Twitter International Company Z. Hddn.: Data Protection Officer One Cumberland Place, Fenian Street Dublin 2, D02 AX07 IRLAND

Datenschutzerklärung: https://twitter.com/de/privacy

 

Snapchat Affiliate of Fieldfisher (Germany) LLP Am Sandtorkai 68 20457 Hamburg

Datenschutzerklärung: https://www.snap.com/de-DE/privacy/privacy-policy

 

2.20.4 Legal basis

The legal basis for the existing data processing is your consent according to Art. 6 I lit. a) GDPR.

3. Cookies used

3.1.1 What are cookies?

Cookies are files that are stored in your computer by websites, such as our website. These files may contain information on the use of the website. Cookies are used to store login processes, for example. This means you do not have to authenticate yourself again after an initial login when you revisit the website.

3.1.2 What are transient cookies?

Transient cookies are automatically deleted when you close the browser. These particularly include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

3.1.3 What are persistent cookies?

Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

3.1.4 Refusing and deleting cookies

You have the option to configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that this could mean that you may not be able to use all functions of this website.

Furthermore, you can delete the cookies in the security settings of your browser at any time.

3.1.5 Cookies in use

Below, there is an overview table of the cookies used:

Domain

Coookie name

Cookie purpose

Cookie lifespan

galaxus.de

bm_sv

Provision of essential functions of the website.

1 day

galaxus.de

DisplayedMarketingTeasers

Provision of essential functions of the website.

16 days

galaxus.de

.sum

Provision of essential functions of the website.

30 years

galaxus.de

LoggedInUserId

Provision of essential functions of the website. / Storage of information on user profile.

1 day

galaxus.de

.z

Provision of essential functions of the website.

30 years

galaxus.de

RecentlyVisitedProducts_

Marketing / Storage of last displayed functions.

29 days

galaxus.de

AKA_A2

This cookie is required for the cache function. A cache is used by the website to optimise the response time between the visitor and the website. The cache is normally stored in the visitor's browser.

1 day

galaxus.de

AMP_TOKEN

Ensures visitor browsing security by preventing cross-site request forgery. This cookie is essential for the security of the website and the visitor.

1 day

galaxus.de

_gid

Marketing / Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

1 day

galaxus.de

_ga

Marketing / Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

2 years

galaxus.de

g_affinity

Provision of essential functions of the website.

deleted after the session

galaxus.de

_fbp

Marketing / Used by Facebook to display advertising products.

3 months

galaxus.de

_gcl_au

Marketing / Used by Google AdSense to experiment with advertising effectiveness on websites that use their services.

3 months

galaxus.de

ak_bmsc

This cookie is used to distinguish between humans and bots. This is advantageous for the website to generate valid reports on the use of it.

1 day

Google DoubleClick

IDE

Used by Google DoubleClick to register and report the user's actions on the website after viewing or clicking on one of the provider's ads. The purpose is to measure the effectiveness of an advertisement and to display targeted advertising to the user.

1 year

Google DoubleClick

test_cookie

Used to check whether the user's browser supports cookies.

1 day

YouTube

PREF

Registers a unique ID, which is used by Google to keep statistics about how visitors use YouTube videos on different websites.

8 months

YouTube

VISITOR_INFO1_LIVE

Attempts to estimate user bandwidth on pages with integrated YouTube videos.

179 days

YouTube

YSC

Registers a unique ID to keep statistics of YouTube videos the user has watched.

Deleted after the session

YouTube

APISID

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

CONSENT

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

LOGIN_INFO

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

s_gl

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

SAPISID

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

SIDCC

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

SIDCC

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

YouTube

SSID

These cookies allow YouTube to collect usage information for videos hosted by YouTube

1 day

 

4. Encryption

To prevent unauthorised access to your personal data by third parties, the connection is encrypted using TLS technology.

 

Date 15.04.2020

Version 1.3.