Protection and confidentiality of your data are extremely important to us. 

Privacy Policy

  1. What Is this Privacy Policy about?
  2. Who Are We?
  3. What Is "Personal Data" and What Does "Processing" Mean?
  4. For Whom and for What Purpose Is this Privacy Policy Intended?
  5. Which Personal Data Do We Process and for What Purposes?
  6. To Whom Do We Disclose Personal Data?
  7. When Do We Transfer Your Personal Data Abroad?
  8. Do We Conduct Profiling and Use Automated Decision-Making?
  9. How Do We Protect Your Personal Data?
  10. For How Long Do We Store Your Personal Data?
  11. What Rights Do You Have in Connection with the Processing of Your Personal Data?
  12. What Else Do You Need to Bear in Mind?
  13. Changes to this Privacy Policy
  14. Table: Reasons for data collection; scope, purpose and obligation to provide data; legal basis for processing

 

as of may 25th

1. What Is this Privacy Policy about?

The protection of data is a matter of trust and your trust is important to us. It is for this reason that we have published this Privacy Policy. With a view to the new European General Data Protection Regulation ("GDPR"), it specifies which personal data we process, how we process this data, and for what purposes. Although the GDPR is a European Union Regulation, it is relevant to us. The Swiss Federal Act on Data Protection ("FADP") is heavily influenced by EU law and the future FADP, as amended, will incorporate many of the provisions of the GDPR. In addition, companies outside of the European Union are required to comply with the GDPR in certain circumstances. However, we want to ensure that the high level of protection established by the GDPR is afforded to all individuals whose personal data we process. For this reason, we have decided to align this Privacy Policy, in general, with the GDPR. You can view the GDPR here.

We are committed to providing comprehensive information on the processing of your personal data. This Privacy Policy therefore explains how and why we collect, process, and use your personal data. It is important to us that you understand:

We provide information and guidance on all of these matters below. If you have any questions, please do not hesitate to contact us. Our contact details are included in Section 2.

2. Who Are We?

For each data processing activity, a particular company is responsible for ensuring compliance with data protection provisions. In each case, this is the company that defines whether a certain processing activity (e.g. processing in connection with a service or the use of a website) should take place, for what purposes it is performed, and the general principles that should apply (where such decisions are made jointly by more than one company, the companies may also be jointly responsible). The following company ("we" or "us") is generally responsible for the data processing activities covered by this Privacy Policy:

Delica AG
Hafenstrasse 120
CH-4127 Birsfelden
Switzerland

Tel: +41 800 506 506 (Switzerland)
Mail: info@cafe-royal.com

We have appointed a Data Protection Officer who may be contacted as follows:

Datenschutz Café Royal
datenschutz@cafe-royal.info
+ 41 61 315 77 88 Switzerland

We have also appointed the following company as a representative in the EU and/or the European Economic Area:

M-Industry Germany
Rudolf-Diesel-Strasse 24
D-64625 Bensheim
datenschutz@cafe-royal.info

In certain cases, responsibility does not lie with us, but rather with a different company:
If you contact another Migros Group company (e.g. in contacting Customer Services), this company will be responsible for the relevant data processing activity – unless this Privacy Policy states otherwise in relation to the processing activity concerned.

In certain circumstances, we may disclose your personal data to another Migros Group company or to an external party in order to enable these recipients to process personal data for their own purposes (i.e. not on our behalf). Such parties may also include the authorities. In such cases, the recipient concerned is deemed to be the data controller. Information on such data controllers is provided in the relevant privacy policy of the recipient, which will generally be available on its website.

3. What Is "Personal Data" and What Does "Processing" Mean?

The rules governing the processing of personal data are laid down in data protection legislation. Personal data (or "personal information") means any information relating to an identifiable natural person, i.e. an individual. This may, for example, include the following information:

Information relating to a particular legal entity (e.g. details about a contract with a company) also constitutes personal data.

Certain personal data are afforded special protection under the legislation, including "sensitive personal data" (also referred to as "special categories of personal data"). Such data may include information that discloses an individual's race or ethnic origin, political views, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data allowing the unique identification of an individual, health data and data concerning an individual's sex life or sexual orientation, as well as data concerning criminal convictions and offenses and, in certain circumstances, data relating to social security matters.

We generally collect your personal data directly from you, for example when you perform certain actions. This may include instances in which you communicate with us, visit a website, or avail yourself of an offer online or via an app or when you shop with us in an online shop. Personal data may, however, also be collected indirectly, for example when goods are delivered to a different person (e.g. as a gift), other people are mentioned in any communication with us, or through the procurement of additional data from third-party sources (e.g. from social media or mailing list brokers).

We do not necessarily process all the categories of personal data mentioned in this section. Specific information about the personal data processed by us can be found in section 5 and in the table at the end of this Privacy Policy. Depending on the type of processing involved, we will provide additional information by way of a separate privacy policy or notification, especially if a certain data processing activity is not self-explanatory.

Processing“ (or „use“) therefore refers to any use of your personal data. This may include the following actions:

4. For Whom and for What Purpose Is this Privacy Policy Intended?

This Privacy Policy applies to our personal data processing activities in all of our business areas. This also includes the business activities of the brand beluga. It applies to the processing of personal data that has already been collected and personal data that will be collected in future. Additional data protection provisions may also apply to certain services.

Our data processing activities may affect, in particular, the following individuals (so-called "data subjects"):

Further information on data processing activities relating to specific offers may be included in general terms and conditions, terms of participation, and similar provisions.

5. Which Personal Data Do We Process and for What Purposes?

We process a wide range of personal data for different reasons and purposes. Further information is provided in this section and in the table at the end of this Privacy Policy and, in many instances, in the applicable general terms and conditions, conditions of participation, and additional privacy policies. For example, we process personal data, which may include sensitive personal data, in the following situations for the following purposes:

The table at the end of this Privacy Policy provides a more detailed description of the kinds of personal data about you that we collect and process, how this data is used, for what purposes, and on what legal grounds. It also provides information on whether you are obliged to supply your personal data to us.

6. To Whom Do We Disclose Personal Data?

Our employees have access to your personal data to the extent required for the purposes defined and for the performance of the activities of the employees in question. Our employees act in accordance with our instructions and are bound by confidentiality and non-disclosure obligations in handling your personal data.

We may transfer your personal data to third parties if we wish to use their services ("contract data processors"). This primarily concerns services in the following areas:

In selecting contract data processors and by entering into appropriate agreements, we ensure that privacy is safeguarded throughout the processing of your personal data, including when data are processed by third parties. Our contract data processors are under an obligation to process personal data solely on our behalf and in accordance with our instructions.

Furthermore, personal data may be transferred to other companies which may (also) use such data for their own purposes. In such cases, the data recipient is legally responsible as the controller of the data. This would apply in the following circumstances, for example:

7. When Do We Transfer Your Personal Data Abroad?

The recipients of your personal data data section 6 may be located abroad – including outside of the EU or EEA. The countries in question may not have laws in place that afford your personal data the same level of protection as provided in Switzerland or in the EU or the EEA. In transferring your personal data to such a country, we are required to ensure the protection of your personal data in a suitable manner (Articles 46 and 47 of the GDPR). One means of doing so is to conclude data transfer agreements with the recipients of your personal data in third countries that ensure the required level of data protection. These include agreements that have been approved, issued, or adopted by the European Commission and the Federal Data Protection and Information Commissioner, referred to as standard contractual clauses (legal basis set out in Article 46(2) of the GDPR). Data may also lawfully be transferred to recipients that are subject to the US Privacy Shield Program. Please conExamples of the types of agreement generally used can be found here. In exceptional circumstances, the transfer of personal data to countries without appropriate protection is also permitted in other cases, for example on the basis of explicit consent (Article 49(1)(a) of the GDPR), for the performance of a contract with the data subject or the handling of his or her contract application (Article 49(1)(b) of the GDPR), for the conclusion or performance of a contract with somebody else in the interests of the data subject (Article 49(1)(c) of the GDPR), or for the establishment, exercise, or defense of legal claims (Article 49(1)(e) of the GDPR).

8. Do We Conduct Profiling and Use Automated Decision-Making?

Profiling“ refers to a procedure during which personal data is processed on an automated basis in order to assess, analyze, or predict personal aspects, for example an individual's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. We often conduct profiling, for example in analyzing shopping behavior, selecting job applicants or evaluating contractual partners, etc.

Automated decision-making“ refers to any decision that is made on an automated basis, i.e. with no relevant human influences, and may have negative legal implications or other similar adverse consequences for you. We will provide separate information on any automated decision-making deployed by us in specific cases, insofar as such information is legally required.

9. How Do We Protect Your Personal Data?

We take appropriate technical measures (e.g. encryption, pseudonymization, record keeping, access restrictions, data backups) and organizational measures (e.g. instructions issued to employees, confidentiality agreements, audits) in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. In general, however, security risks cannot be completely ruled out; certain residual risks are unavoidable in most cases.

10. For How Long Do We Store Your Personal Data?

We store your personal data in a personalized form for as long as it is required for the specific purpose for which it was collected. In the case of contracts, personal data is stored for at least the duration of the contractual relationship. We also store personal data if we have a legitimate interest in storing it. This may apply, for example, if we require personal data for the purpose of enforcing rights or defending against claims, for archiving purposes, to ensure IT security, or if limitation periods apply in respect of any contractual or non-contractual claims. In many case, a limitation period of ten years will apply, for example, while in other cases a five-year or one-year limitation period may apply. We also store your personal data if it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data. Shorter retention periods apply for other data, for example for recordings from CCTV or for recordings of certain online processes (log data). In certain cases, we will also ask for your consent if we want to store your personal data for longer periods (e.g. for job applications that we wish to keep on file). At the end of the periods specified, we will erase or anonymize your personal data.

11. What Rights Do You Have in Connection with the Processing of Your Personal Data?

You may object to the processing of your personal data at any time and are generally free to withdraw your consent to any data processing activity. A right to object exists, in particular, with respect to data processing relating to direct advertising (e.g. advertising emails).

You also have the following rights:

Right to information

SYou have the right to transparent, easy-to-understand, and comprehensive information with respect to how we process your personal data and what rights you have with regard to the processing of your personal data. We meet this obligation by providing this Privacy Policy. If you would like further information, please do not hesitate to contact us (section 2 ).

Right of access

You have the right to request access to any personal data stored and processed by us at any time free of charge. You therefore have the opportunity to check what personal data about you we process and that we use this data in accordance with the applicable data protection provisions. In certain cases, the right of access may be restricted or excluded, in particular:

or

if the providing full access would involve disproportionate effort.

Right to rectification

You have the right to have inaccurate or incomplete personal data rectified and to be informed about such rectification. In such cases, we will inform the recipients of the affected data about the changes, unless this is impracticable or involves disproportionate effort.

Right to erasure

You have the right to have your personal data erased. You can request the erasure of your personal data if:

In such cases, we will inform the recipients of the affected data about the erasure, unless this is impracticable or involves disproportionate effort.

In certain cases, the right to have personal data erased may be excluded, especially if the processing activity is required:

Right to restriction of processing

Under certain conditions, you have the right to request that the processing of your personal data is restricted. This may mean, for example, the personal data is (temporarily) no longer processed or that published personal data is (temporarily) removed from a website. In such cases, we will inform the recipients of the affected data about the changes, unless this is impracticable or involves disproportionate effort.

Right to data portability

You have the right to receive personal data that you have provided to us in a readable format, free of charge, if:

Depending on the circumstances, your personal data may be transferred to you personally or directly to the third-party provider.

Right to lodge a complaint

You have the right to lodge a complaint to a competent supervisory authority with respect to the manner in which your personal data is processed.

In principle, you have the right to withdraw consent previously given at any time. Data processing activities performed in the past on the basis of your consent will, however, not become unlawful due to you withdrawing consent.

12. What Else Do You Need to Bear in Mind?

The "GDPR" requires that the applicable legal basis for data processing activities is specified. The processing of personal data is allowed, in particular, if:

The processing of sensitive personal data (see section 3) is subject to more stringent restrictions. Such processing is, for example, permitted:

The transfer of data abroad is also only permitted under certain conditions. Information in this regard can be found in section 7.

In the a table at the end of this Privacy Policy, you can find further information with respect to the legal basis typically applying to the relevant data processing activities. However, due to the complexity of many data processing activities, it cannot be ruled out that in certain circumstances other legal grounds may also apply.

The GDPR also requires that you are provided with information on whether you are obliged to supply personal data or whether this is necessary for the conclusion of a contract and what the consequences of not providing this data would be. Generally speaking, there is no obligation to disclose personal data to us unless you have entered into a contractual relationship with us that establishes such an obligation. We will, however, be required to collect and process any personal data that is necessary or legally prescribed for the purposes of commencing and performing a contractual relationship and meeting related obligations. Otherwise, it will not be possible for us to conclude or continue the contract in question. The processing of certain data is also mandatory in relation to the use of websites. Although you can prevent cookies from being saved (further information in this regard can be found in this Privacy Policy), the recording of certain data, although generally not of a personal nature, such as your IP address, cannot be prevented for technical reasons.

Under certain circumstances, you may wish or be required to transfer personal data of third parties to us. Please note that in such cases you are required to inform the data subjects about the transfer of this data and about this Privacy Policy and to ensure that the personal data in question is accurate.

13. Changes to this Privacy Policy

This Privacy Policy may be updated over time, especially if we change our data processing activities or if new legal provisions become applicable. We will actively inform individuals whose contact details are registered with us of any material changes, provided that we can do this without disproportionate effort. Generally speaking, however, the version of the Privacy Policy in effect at the time at which the data processing activity in question commences is applicable.

14. Reasons for data collection; scope, purpose and obligation to provide data; legal basis for processing

14.1 Communication
14.2 Purchase of goods and use of services
14.3 Visits to our website
14.4 Online offers and apps
14.5 Information and direct marketing
14.6 Participation in competitions, prize draws, and similar events
14.7 Participation in customer events
14.8 Contact with our company as a business partner
14.9 Administration
14.10 Corporate transactions
14.11 Job applications
14.12 Compliance with legal requirements
14.13 Exercising rights

In this table, you can find detailed information on the individual processing purposes, the personal data processed to this end, the applicable legal basis, and any obligation to disclose relevant personal data to us. Please note that in many cases it is not possible to provide an exhaustive list.

14.1 Reason for data collection: Communication

Processed personal data

We collect and process personal data if you contact us or we contact you in writing, electronically, or by phone, for example if you contact Customer Services and if you send us an email or letter or call us, but also e.g. if you leave a comment on our website. In such cases, we process contact and communication details. This includes, in particular, the following personal data:

The exact scope of the personal data is largely dependent on the content of the communication. If you transfer sensitive personal data to us, we will also process this. Telephone conversations with us may be recorded. In such cases, you will be informed accordingly in advance.

Processing purpose and obligation to provide personal data

In particular, we process personal data in this context for the following purposes:

in this case, you are generally under no obligation to provide us with specific information. Often, however, we can only respond to you, handle your concerns, and communicate with you if we process certain information as a minimum. If you do not want us to record telephone conversations, you can cut off the telephone call at any time and correspond with our Customer Services in another way (e.g. via email).

Legal basis

If communication is initiated by you, we will deem this to constitute consent to the processing of your personal data (Article 6(1)(a) and, where applicable, Article 9(2)(a) of the GDPR). The processing performed by way of Customer Services and through communication is in many cases also in our legitimate interest (Article 6(1)(f) of the GDPR), as this allows us to communicate with customers and other individuals, improve the quality of our services, prevent errors in our processes, and achieve a high level of customer satisfaction

14.2 Reason for data collection: Purchase of goods and use of services

Processed personal data

If we make supplies to you, for example if you purchase goods or services from us, we will process personal data relating to your shopping and payment patterns. This includes, in particular, the following personal data, which may be sensitive:

However, the foregoing is subject to you shopping online, using a bonus or loyalty card, or identifying yourself in some other manner. In our stores, however, you can generally also shop without us knowing your name.

We may also evaluate information about in-store and online purchases and behavior and combine this with other personal data, for example with non-personalized statistical data and other personal data that we have collected about you. We may also check your credit rating in connection with the contract. To this end, we will normally consult information from specialist companies known as credit reference agencies. If you shop online, please also note the provisions of this Privacy Policy under "Use of online offers".

Processing purpose and obligation to provide personal data

In this case, we will process your data, in particular, for the following purposes:

You are not obliged to disclose personal data to us when making purchases. However, it is not possible to place orders, purchase services or purchase certain goods without us processing personal data. We must also process the personal data required for the purposes of online shopping.

Legal basis

We process such data on the basis that we are permitted to process personal data for the purpose of dealing with contract requests and performing contracts (Article 6(1)(b) of the GDPR). The processing also serves legitimate interests (Article 6(2)(f) of the GDPR), for example when delivering goods to third parties (e.g. for gifts), and the evaluation of information about your shopping behavior allows us to gear our services towards your needs and interests in a more accurate and targeted manner and to expand and improve our offers. This is important to us, as it enables us to compete successfully in the market. Any processing activities involving sensitive data will generally be based on your explicit consent (Article 9(2)(a) of the GDPR).

14.3 Reason for data collection: Visits to our website

Processed personal data

Technical data: Each time our website is visited, certain data is automatically collected by us for technical reasons and stored in log files. This includes, for example, the following data:

Cookies: We store cookies depending on the functionality. Cookies are small files that your browser creates automatically and that are saved on your end device (tablet, PC, smartphone, etc.) when you visit our website. Firstly, we use session cookies in which a unique identification number is stored, a so-called session ID, as well as information about the origin and storage period of the cookie. These cookies are deleted following any visit to our website. We use such cookies, for example, to enable shopping baskets to be saved. Secondly, we use permanent cookies that also remain stored once the browser session has been completed. Such cookies are used to recognize a visitor upon a later visit.

Some cookies also originate from third-party companies. This will apply, for example, if we use functions on our website that are provided by third parties. This affects analysis services, which also work with cookies; information in this regard can be found in this table under "Visits to our website (analyses)".

TTechnical data and cookies often do not contain any personal data. It is often not possible for us to assign the information collected in this way to a particular person.

Analysis of user behavior: On our website, we use Google Analytics, an analysis service of Google, Inc. in the US. Google Analytics uses cookies that enable analysis of website usage. This means that information about your behavior on our website and the end device (tablet, PC, smartphone, etc.) used for this purpose will be saved. This includes, for example, the following usage data:

This information is saved on a Google server in the US. Provided you have activated the IP anonymization function, your IP address will, however, be abbreviated in the EU or EEA. The full IP address is only transmitted to the US in exceptional circumstances. In the US, Google is bound by theUS Privacy Shield Program. Google Analytics also makes it possible to assign dates, sessions and interactions across several end devices to a pseudonym user ID, allowing the activities of an unnamed user on different devices to be analyzed. Further information can be found under the Terms of Service or the Privacy Policy of Google.

We use similar services of other providers. Such providers often do not receive any personal data, but they may record the usage of the relevant website by the user, for example through the use of cookies and other technologies. These records may be combined with similar information from other websites. The behavior of a particular user can thus be recorded across several websites and several end devices. The provider concerned may also use this data for its own purposes, for instance for personalized promotions on its own website and other websites that it provides with advertisements. If a user is registered with the provider, the provider may be able to attribute usage data to the individual concerned. It will generally obtain the consent of the data subject for such purpose and allow him or her to withdraw such consent in accordance with its requirements. Such personal data is processed by the provider under its own responsibility and in accordance with its own data protection provisions.

Processing purpose and obligation to provide personal data

We process your personal data in this context for the following purposes:

Collecting the data specified is not mandatory but is required in many cases for the purpose of using the website and certain functions. However, you can configure your end device to display a message before a new cookie is created. This means you can also reject cookies. Furthermore, you can delete cookies from your end device. You also have the option to prevent the recording of data created by the cookie (incl. your IP address) and the processing of this data by downloading and installing an appropriate browser add-on. The rejection or deactivation of cookies may, however, mean that you are unable to use all of the website's functions.

This information is used, in particular, in order to better understand the use of our website and to improve its content, functionality, and retrievability. For example, this data allows us to see the sites from which most of our users access our website, which pages are visited the most, and on which page most visitors leave our website.We may also evaluate this personal data and combine this with other personal data, for example to non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services.

You can prevent the use of Google Analytics by installing a browser add-on. SYou can also set an opt-out cookie by clicking here. An opt-out cookie prevents any future recording. However, it only applies for the browser in question. In order to prevent recording across several end devices, you need to implement the opt-out on all devices and browsers used. If you delete your cookies in a browser, the opt-out cookie will also be removed.

You also have the option to withdraw any consent issued to providers (information in this regard can be found in the left-hand column) or to object to their processing activities, for example those performed by Google via https://adssettings.google.com.

Legal basis

The processing of log files and cookies for the stated purposes is in our legitimate interest (Article 6(1)(f) of the GDPR). Some cookies are required, for example, in order to save individual settings or provide shopping baskets. Such customization is also in the interests of visitors to our websites. The analysis of the use of our websites also represents a legitimate interest.

The processing purposes specified are in our legitimate interest (Article 6(1)(f) of the GDPR). Our webpages are a very important tool for us in terms of customer communication and -acquisition. It is key for us that we keep our websites functional, attractive, and personal.

14.4 Reason for data collection: Online offers and apps

Processed personal data

Online offers: We will also process personal data when you use online offers provided by us – even if you do not purchase any goods or services in the process. For example, if you register with us, we will process contact details and data relating to the offer concerned. In particular, this may include the following personal data:

If you register with us via Facebook Connect or another login of a third-party provider (e.g. Google or LinkedIn), we may obtain access to certain data saved by the provider in question, for example your user name, profile picture, date of birth, gender, and other information. Information in this regard can be found in the privacy policy of the relevant provider.

Apps: We may also make mobile applications (apps) available. In this case, we will collect and process personal data when you install an app, when you use the app and the available functions, and when you update the app. In particular, this data includes the following information:

Depending on the type of offer, we may process additional data comprising the following personal data, which may also include sensitive personal data:

We may evaluate this personal data and combine this with other information, for example with non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services. Further information can be found in the terms and conditions of use, where applicable, and in this table under "Visits to our website". If you shop with us in an online shop, you can find additional information under "Purchase of goods and use of services".

Processing purpose and obligation to provide personal data

We process your personal data in connection with online offers and apps for the following purposes:

The use of online offers is voluntary. If you opt to make use of an online offer, this is generally not possible without processing relevant personal data (e.g. the provision of mandatory data in online forms).

Legal basis

As a general rule, it is only possible to take up online offers if you accept the applicable terms and conditions of use. This means that you enter into a contract with us. The processing of personal data is permitted for the performance of the contract (Article 6(1)(a) of the GDPR).

The processing also serves legitimate interests (Article 6(1)(f) of the GDPR). This allows us to gear our services to your needs and interests in a more precise and targeted manner and also expand and improve our offers. This is essential to allowing us to compete successfully in the market. Depending on the functions of the online offer, we may ask you for further consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR).

14.5 Reason for data collection: Information and direct marketing

Processed personal data

If you register for an electronic newsletter and other electronic notifications, we will process, in particular, the following personal data:

We can also process data about your use and response to such notifications. This includes, in particular, the following personal data:

We may also evaluate your personal data and combine this with other personal data, for example to non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services.

Processing purpose and obligation to provide personal data

We process your personal data so that we can send you electronic notifications, including messages of a promotional nature. We process personal data with respect to your use of and response to the notifications in order to get to know you better and to enable us to gear our offers to your needs in a more targeted manner.

Such data processing is optional for you. However, if you do not provide us with your personal data and, in particular, your email address, we will not be able to offer you this service. You can withdraw your consent for electronic newsletters at any time by deregistering from this service. This is possible via a link in every electronic newsletter or by sending an email to info@cafe-royal.com.

Legal basis

We deem your registration for an electronic newsletter to represent consent to the processing of the named personal data for the specified purposes (Article 6(1)(a) of the GDPR). We also have a legitimate interest in advertising directly and analyzing your response to such advertisements. Both are important to us so that we can be successful on the market.

14.6 Reason for data collection: Participation in competitions, prize draws, and similar events

Processing purpose and obligation to provide personal data

We collect and process personal data if you participate in competitions, prize draws, and similar events (each referred to as an "event"). The scope of the processed personal data may vary from event to event. This information includes, in particular, the following personal data:

Further information in this regard can be found in the relevant terms of participation.

We may also evaluate your personal data and combine this with other personal data, for example with non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services.

Processing purpose and obligation to provide personal data

We will process your personal data in connection with events in order to conduct the relevant event and to enable us to notify the winner. We may also use your name and contact details for advertising purposes. Participation in such events is voluntary but is not possible without the processing of personal data.

Legal basis

By taking part in an event, you provide consent to the processing of your personal data for this purpose (Article 6(1)(a) of the GDPR). The processing also serves legitimate interests (Article 6(1)(f) of the GDPR). This allows us to gear our services towards your needs and interests in a more precise and targeted manner and also expand and improve our offers. This is important to us, as it enables us to compete successfully in the market.

14.7 Reason for data collection: Participation in customer events

Processed personal data

We will process personal data if we invite you to customer events (e.g. promotional events, sponsorship events, cultural and sporting events). This includes, in particular, the following personal data, which may also constitute sensitive information:

We may also evaluate your personal data and combine this with other personal data, for example with non-personalized statistical data and other personal data that we have collected about you in order to extrapolate information about your preferences and interest in certain products or services.

Processing purpose and obligation to provide personal data

In particular, we process your personal data so that we can invite you to our events and also to find out which customer events may be of interest to you. This allows us to draw your attention to customer events that we hope may be of interest to you in a targeted manner. Participation in such events is voluntary but is not possible without the processing of personal data.

Legal basis

We process your personal data after you have provided us with your consent (Article 6(1)(a) of the GDPR) in order to inform you about relevant customer events or if you have registered for one of our customer events. The processing activities specified are in our legitimate interest (Article 6(1)(f) of the GDPR), as they allow us to contact you personally and get to know you better. This This allows us to gear our services towards your needs and interests in a more precise and targeted manner and also expand and improve our offers. This is important to us, as it enables us to compete successfully in the market.

14.8 Reason for data collection: Contact with our company as a business partner

Processed personal data

If you work for a company that supplies goods or services to us, purchases goods or services from us, or cooperates with us in some other way, we may, for example, process the following personal data about you:

We will process other personal data, which may include sensitive data, when reviewing whether we want or are able to work with your company (e.g. in the course of performing security checks). If you work at our premises, we will also process other contact details, e.g. the following information:

We will generally inform you separately about such processing activities or request your consent.

Processing purpose and obligation to provide personal data

In particular, the processing of personal data serves the following purposes:

Legal basis

The processing specified is in our legitimate interest (Article 6(1)(f) of the GDPR), as it allows us to use and sell goods and services. We also have a legitimate interest in preventing abuse and ensuring an adequate level of security. The provision of customer care is also in our legitimate interest. If we have a contract directly with you or you wish to conclude a contract directly with us, we will process your personal data for the purpose of concluding and performing the contract concerned (Article 6(1)(b) of the GDPR). To the extent that we process sensitive personal data for the specified purposes, we will generally do so for the purposes of enforcing, exercising or defending legal rights or on the basis of your explicit consent (Article 9(1)(a) and 9(1)(f) of the GDPR).

14.9 Reason for data collection: Administration

Processed personal data

In the course of performing internal administrative and management operations, we will process personal data, which may include sensitive personal data, about our customers, business partners, and third parties, for example for IT management purposes.

Processing purpose and obligation to provide personal data

We will process such personal data, in particular, for the following purposes:

These purposes may relate to us or companies affiliated to us. Data will be processed, in particular, for the purpose of assessing and, where applicable, executing the relevant transactions. It may also be necessary to file reports with the authorities both at home and abroad.

Legal basis

Processing for the specified purposes may be required for the performance of contracts (Article 6(1)(b) of the GDPR). This is in our legitimate interest (Article 6(1)(f) of the GDPR). To the extent that we process sensitive personal data, such processing activities will normally be based on your explicit consent (Article 9(2)(a) of the GDPR).

14.10 Reason for data collection: Corporate transactions

Processed personal data

In certain circumstances, we may review transactions or execute transactions involving the sale or purchase of companies, parts of companies, or other assets, or the creation of encumbrances. In this context, the scope of personal data processing will depend on the purpose and stage of the transaction, and may also include sensitive personal data. In certain circumstances, such information may be disclosed to, or collected by, potential contracting partners, to the extent permitted by law. In the event that we sell receivables, we will, for example, transfer information to the purchaser regarding the reason for and amount of the receivable and, where applicable, regarding the credit rating and behavior of the debtor.

Processing purpose and obligation to provide personal data

Data will be processed, in particular, for the purpose of assessing and, where applicable, executing the relevant transactions. It may also be necessary to file reports with the authorities both at home and abroad.

Legal basis

Processing for the specified purposes may be required for the performance of contracts (Article 6(1)(b) of the GDPR). This is in our legitimate interest (Article 6(1)(f) of the GDPR).

To the extent that we process sensitive personal data, such processing activities will normally be based on your explicit consent (Article 9(2)(a) of the GDPR).

14.11 Reason for data collection: Job applications

Processed personal data

If you apply for a position with us, we will process your contact details and the information transmitted to us (e.g. the application, family status, résumé, knowledge and skills, interests, references, qualifications, certificates). Such information may include sensitive personal data, such as dates of birth or details of trade union membership. During the job application process, other personal data may also be required depending on the position and job profile.

Processing purpose and obligation to provide personal data

We will process your personal data in order to assess your suitability for the position concerned and talk to you about potential employment, and, where applicable, for the purposes of preparing and concluding a contract. Subject to your consent, we will also, where applicable, keep your application on file if we decide not to recruit you, or you decide not to take a job, in the event that another position becomes vacant at a later date. Although providing the personal data specified is optional we are unable to process an application without the personal data required for this purpose.

Legal basis

If you apply for a position with us, we will process your personal data with a view to a possible contract (Article 6(1)(a) of the GDPR). In submitting your application, you will also be deemed to have consented to such processing activities (Article 6(1)(a) and Article 9(2)(a) of the GDPR).

14.12 Reason for data collection: Compliance with legal requirements

Processed personal data

In certain circumstances, we may be required or wish to process personal data in order to comply with legal obligations. We may, for example, receive and process complaints and reported irregularities, or the authorities may request documents containing your name and contact details or conduct an investigation in relation to us. We may also conduct internal investigations during which your personal data may also be processed.

Processing purpose and obligation to provide personal data

We process this personal data for the following purposes:

Legal basis

Processing for the specified purposes is required for compliance with legal obligations and is in our legitimate interests (Article 6(1)(c) and (f) of the GDPR).

14.13 Reason for data collection: Safeguarding rights

Processed personal data

We will process personal data for the purpose of safeguarding our rights, for example to enforce our rights both in or out of court and before national or foreign authorities or to defend against any claims. For example, we may seek clarification as to the prospects of success in relation to legal proceedings or submit documents to an authority. The authorities may also require us to disclose documents that contain personal data. In addition to the contact details of data subjects, we may process other personal data, depending on the circumstances, such as information on events that led to or could give rise to a dispute. Such information may include sensitive personal data.

Processing purpose and obligation to provide personal data

We will process this personal data for the following purposes:

Legal basis

Processing for the specified purposes may be required for the performance of contracts (Article 6(1)(b) of the GDPR). Such processing is in our legitimate interest and, where applicable, in the legitimate interests of third parties (Article 6(1)(f) and Article 9(2)(f) of the GDPR).