Thank you for your interest in our website and our services. For us, data is the basis for excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect, is our number one priority. The following privacy notice is therefore intended to inform you about the processing of your personal data and your rights in this processing in accordance with the European General Data Protection Regulation ("GDPR") and other applicable data protection regulations.
1. General information
1.1 Responsible for the operation of this website is METRO AG, Metro-Straße 1, 40235 Duesseldorf, Germany (hereinafter "METRO", "we" or "us"). METRO attaches great importance to the protection of your personal data.
1.2 If you have any questions about privacy and data protection, you can contact our data protection officer using the following contact details: METRO AG, Data Protection Officer, Metro-Straße 1, 40235 Duesseldorf, Germany, email: email@example.com.
2. Processing of Personal Data and Transfer to Third Parties
2.2 If you contact us (for example via an enquiry at firstname.lastname@example.org), we only collect, process and use the personal data that you have made available to us and that is necessary to process and respond to your enquiry.
2.3 You can register for our information service using a separate form. After you have filled out the relevant registration form and, by doing so, sent us your personal data supplied therein as well as your consent to the use of your data for the purposes selected by you, we will send you a confirmation email. The sending of our information takes place only with your consent and is based on Article 6(1), first sentence, letter a) GDPR. You can opt out of receiving the information at any time via the respective link at the bottom of each message that you receive from us.
The following section takes a closer look at specific cookies.
The data Siteimprove collects and processes from European customers is stored in the EU. The dedicated data centres are located in Germany and Denmark.
3.3. We use Webtrends, a web analytics service of Webtrends EMEA Acquisition ltd. / Webtrends Inc., 851 SW 6th Ave., Suite 1600, Portland Oregon 97206, USA. Webtrends Analytics uses text files which are stored on your device and which allow the analysis of your use of the website.
Among other things, this information is used to evaluate your use of the website and to compile reports on website activities.
The information generated by these cookies is transferred to Webtrends in the USA and stored there.
Access data is recorded anonymously. It is not possible to establish a connection to a visitor. This is done in particular by anonymising the IP address.
- Pingdom Monitoring – monitors the technical functions and availability of our website.
- d.vinci – job portal, where we publish our job offers, which you can also access via our website
- Investis – display of the stock ticker and a mini chart on our website in the Investor Relations section
- SOLR instances (internal search services) – a powerful full-text search technology within our website
4. Provision of personal data and retention periods
The provision of your personal data is voluntary. You are not legally obliged to make your personal data available to us. If you choose not to make your personal data available to us, this has no consequences for you, except that you cannot use our services. Personal data that you make available to us via our website will only be stored until the purpose for which it was processed has been fulfilled or until you tell us to delete your data. We allow you to inspect, modify and delete your data stored with us via a safe procedure, by following the references that you receive from us in all correspondence. Deviating retention periods may, however, result from a legitimate interest of METRO (e.g. to guarantee data security and to prevent misuse). Personal data that we have to store due to legal or contractual retention obligations will be blocked.
4.1 Data storage
In the following we explain how we store your data.
You have to register to use certain functions on our website (registration for events). Your data will be stored in a database in the backend of the website. Passwords are encrypted using “Portable PHP password hashing” and are not stored in plain text in the database. The registration form uses RSA authentication. If you no longer wish to sign in to our website and want your data there deleted, please let us know. Please use the contact information on our website: Our Team
4.4 METROPOLE interface
To register for events, the website provides a link to the METROPOLE database of METRO AG Corporate Public Policy. When you access a registration page or your data management page, the registration form is filled with the data from the database. The registration and your data entries as well as your selection of the information offered will be sent back to the database and confirmed via a confirmation email. Your login information is not stored on the website. With every message from the METRO AG Corporate Public Policy department, you will receive a note on how you can change or delete your data in our database. The data in our database is used exclusively to make our information available to you and for our internal work. It is in no way connected with other services or offers of METRO AG or its sales divisions and subsidiaries. Your data will not be passed on to other company departments or external service providers.
5. Social media
Our website contains simple links to the following social media networks:
- Facebook (operated by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
- Twitter (operated by: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- Google Plus (operated by: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
- XING (operated by: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany)
- LinkedIn (operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- Youtube (operated by: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
In these cases, a transfer of data to the social media operators mentioned only takes place if the corresponding icon (e.g. the "f" of Facebook, the bird symbol of Twitter, the "g+" symbol of Google Plus) is clicked. If you click on one of these icons, a page of the corresponding social media operator opens in a popup window. There, you can publish information about our products according to the regulations of the social media operator.
Furthermore, on some of the sites offered by us freely accessible content from the third-party providers Youtube or Twitter is displayed. We do not transmit personal information to these third parties to display the content. YouTube and Twitter have their own cookie and privacy policies which we do not control. Please inform yourself about the data collected by third-party providers from the respective provider.
6. Your rights
to exercise your rights under the GDPR to
- obtain information about the processing of your personal data and a copy of this data (Art. 15 GDPR),
- rectification of inaccurate and completion of incomplete personal data (Art. 16 GDPR),
- erasure of your personal data and, if these have been made public, that METRO informs other controllers about the erasure request (Art. 17 GDPR),
- restriction of processing of your personal data (Art. 18 GDPR),
- data portability, so that your personal data is transmitted to you in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without any hindrance from METRO (Art. 20 GDPR),
- withdrawal of consent given; the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 GDPR) and
- object to processing of your data (Art. 21 GDPR),
you can contact METRO’s Data Protection Officer (email@example.com) at any time. You also have the right to lodge a complaint with the competent supervisory authority if you consider the data processing to be incompatible with the GDPR (Art. 77 GDPR).
METRO AG Corporate Public Policy
Last amended: May 2018