Data protection information of Otto (GmbH & Co KG), as of: 1 October 2019

In the following data protection information, we will inform you about the processing of personal data by Otto (GmbH & Co. KG) (“Otto,” and/or “we,” and/or the “Controller”) in accordance with the GDPR and the Bundesdatenschutzgesetz (the Federal Data Protection Act (“BDSG 2018”)).

Please read through our data protection information carefully. Should you have any questions or comments concerning our data protection information, please contact us at datenschutzbeauftragter@ottogroup.com.

This data protection information applies to data processing by:

OTTO (GmbH & Co. KG)

Werner-Otto-Strasse 1-7

22179 Hamburg

Germany

Represented by the managing director(s) Alexander Birken (Chair), Dr. Marcus Ackermann, Sebastian Klauke, Petra Scharner-Wolff, Kay Schiebur, Sven Seidel

Tel.: +49 1806-303030

Email: service@otto.de

for the following website www.otto.market; as well as all subdomains

You can reach the company data protection officer(s) of the Controller at:

OTTO (GmbH & Co. KG)

- Data Protection Officer -

Werner-Otto-Strasse 1-7

22179 Hamburg

Germany

E-Mail: datenschutzbeauftragter@ottogroup.com

Each time access is made to websites/applications, information is sent by the respective internet browser on your respective end device to the server of our website/application, and temporarily stored in log data files, the so-called log files. The data sets stored in this way contain the following data which are stored up until automatic erasure: date and time of the retrieval, name of the site retrieved, referrer URL (source URL, from which you arrived at our websites), the data quantity transferred, loading time, and the product and version information of each browser used as well as the name of your access provider.

The legal basis for the processing of the IP address is Article 6(1)(f) GDPR. We have a legitimate interest in

• guaranteeing that connections are established smoothly,
• guaranteeing that our website/application is easy to use,
• evaluating system security and stability.

No immediate inference as to your identity is possible by means of the information; nor do we draw any such inference.

The data are stored and automatically erased after the aforementioned purposes have been achieved. The standard periods for erasure are determined by the criterion of necessity.

In order to provide you with the greatest possible convenience, we offer the long-term storage of your personal data in a password-protected user account.

Setting up a user account is entirely voluntary. After your user account is set up, no new data need be entered. What is more, you can view and change any data stored regarding you in your user account at any time.

Please treat your personal access data confidentially and, in particular, please do not make the data accessible to any unauthorized third parties. Please note that you will automatically remain logged in after you leave our website, unless you logout actively. Your data will be automatically erased after the expiration of the retention duties applicable to us under commercial and tax law. The legal basis for such data processing is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR.

On our websites/applications, we offer you the option of subscribing to our newsletter. In order to be sure that no error has been made when you entered your email address, we use the so-called double opt-in procedure (DOI Procedure): after you have entered your email address in the register field, we send you a confirmation link to the address provided. Only after you click the confirmation link will your email address be included in our newsletter distribution list. The legal basis for such data processing is Article 6(1)(a) GDPR.

Right of withdrawal notice

You can withdraw your consent at any time for the future by emailing your withdrawal to contact@otto.market or sending it by mail to

OTTO Market

OTTO (GmbH & Co. KG)

Werner-Otto-Strasse 1-7

22179 Hamburg

Germany

On various sites, we use cookies in order to make the visit to our website attractive and to enable the use of certain functions, as well as to record statistics about the use of our website. Cookies are small text data files which your browser automatically creates and which are saved on your end device (laptop, tablet, smartphone, and the like) whenever you visit our site. Cookies do not damage your end device; nor do they contain any viruses, Trojan horses, or any other malware. The cookie stores information that ensues in each instance in connection with the specifically used end device. However, this does not mean that we thereby receive any direct knowledge of your identity.

Most of the cookies used by us are deleted again after the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer again during the next visit (so-called permanent or cross-session cookies). These cookies, in particular, serve to make our offer user-friendly, more effective, and more secure.

To be sure, you can set up your browser in such a manner that it does not store our cookies on your hard drive. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, provided that you set up your browser to notify you whenever you receive a new cookie, or how you can delete all of the cookies already received and block any additional ones.

Please proceed as follows

In Internet Explorer:

Select “Internet Options” in the “Tools” menu.
Click on the “Privacy” tab.
Now you can make security adjustments for the internet. Here, you can set whether and which cookies are supposed to be allowed or blocked.
Confirm your setting by clicking on “OK.”

In Firefox:

Click the menu button and choose “Options.”
Click on “Privacy & Security.”
Select the entry “Use custom settings for history” in the drop-down menu.
Now you can set whether cookies ought to be accepted, how long you wish to keep these cookies and make exceptions for the websites that you wish to always or never allow to use cookies.
Confirm your setting by clicking on “OK.”

In Google Chrome:

Click on the Chrome menu on the symbols bar of the browser.
Select “Settings.”
Click on “Advanced.”
Under “Privacy and security,” click on “Content settings.”
Under “Cookies” you can make the following settings for cookies:
Delete cookies
Block cookies by default
Delete cookies and website data by default after closing the browser
Allow exceptions for cookies from particular websites or domains

However, we would like to point out that in this event, it is possible that you will not be able to use all of the features of this website in their fullest scope.

Insofar as personal data are involved with these cookies and/or the information contained therein, the legal basis of the data processing is Article 6(1)(f) GDPR. Our interest in optimizing our website is in the course of such to be regarded as legitimate within the meaning of the aforementioned regulatory provision.

For the purpose of the needs-based configuration and ongoing optimization of our websites, we use – upon the basis of Article 6(1)(f) GDPR – Google Analytics, a web analysis service of Google, Inc. (“Google”). Google Analytics uses so-called “cookies,” text data files that are stored on your computer and facilitate an analysis of your use of the website. In this connection, pseudonymized use profiles are created and cookies are used. The information generated by the cookie about your use of this website includes:

• Browser type/version,
• Operating system used,
• Referrer URL (the site previously visited),
• Host name of the accessing computer (IP address),
• Time of the server inquiry

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities, and to render additional services affiliated with the website use and the internet use vis-à-vis the website operator. The IP address transferred by your browser within the framework of Google Analytics is not merged with other data from Google. Using a corresponding setting on your browser software, you can prevent cookies from being stored; however, we would like to point out that in this event, it is possible that you will not be able to use all of the features of this website in their fullest scope. Moreover, you can prevent the recording of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser add-on, particularly with browsers on mobile end devices, you can also prevent the recording by Google Analytics by clicking on this link. An opt-out cookie is set that prevents any future recording of your data when visiting this website. The opt-out cookie is valid only in this browser and only for our website, and is stored on your device. If you delete the cookies in this browser, then you will have to set the opt-out cookie again. You can find additional information about data protection in connection with Google Analytics on the Google Analytics website.

You have the opportunity to contact us in several ways: via email, telephone, or surface mail. If you contact us, then we will use the personal data that you provide us voluntarily in this context, exclusively for the purpose of getting in touch with you and being able to process your inquiry.

Article 6(1)(a), Article 6(1)(b), Article 6(1)(c), and Article 6(1)(f) GDPR establish the legal basis for this data processing.

With the exception of the processing set forth herein, we do not share your data with any recipients having their seat outside the European Union or the European Economic Area. The processing activities set forth under 3.4.2 effectuate a data transfer to the servers of the providers. The data transfer is effected upon the basis of so-called standard contractual clauses of the EU Commission.

Alongside the right to withdrawal of the consents you have given to us, if the respective statutory prerequisites are fulfilled, then you are entitled to the following additional rights:

• the right of access to your personal data stored by us (Article 15 GDPR), in particular, you can obtain access to information on the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or are being disclosed, the envisaged period of storage, and the source of your data, insofar as these were not collected directly from you;
• the right to rectification of inaccurate data or to completion of accurate data (Article 16 GDPR),
• the right to erasure of your data stored with us (Article 17 GDPR), to the extent that we do not have to comply with any statutory or contractual retention periods or other duties or rights by operation of law concerning further storage by us,
• the right to the restriction of processing of your data (Article 18 GDPR), to the extent that the accuracy of the data is contested by you, that the processing is unlawful, but you oppose its erasure; the Controller no longer needs the data, but that you, however, require the data for the establishment, exercise, or defense of legal claims, or have filed an objection to the processing as contemplated under Article 21 GDPR,
• the right to data portability in accordance with Article 20 GDPR, i.e., the right to receive selected data stored with us about you transferred in a commonly used, machine-readable format, or to obtain the transfer to another controller,
• the right to lodge a complaint with a supervisory authority. As a rule, for this purpose you can turn to the supervisory authority at your habitual residence or place of work, or at our company seat.

You can avail yourself of the above rights to which you are entitled with regard to us at datenschutzauskunft@otto.de.

You can avail yourself of your right to data portability under datenschutzauskunft@otto.de.

It is possible under the prerequisites of Article 21(1) GDPR to object to the data processing on grounds relating to the particular situation of the data subject.

The general right to objection above applies to all processing purposes described in this data protection information, which purposes are processed on the basis of Article 6(1)(f) GDPR. In contrast to the special right of objection oriented to data processing for promotional purposes, we are obligated under the GDPR to implement such a general right of objection only if you set forth to us reasons of overarching significance (e.g., a potential risk to life or health).

Insofar as we process data upon the basis of a consent that you have issued, you have the right to withdraw the consent issued at any time. The withdrawal of the consent does not result in the data processing becoming ineffective which has taken place upon the basis of the consent up to the date of the withdrawal.