We aim to ensure that you feel safe on our website, so your privacy and the protection of your personal rights are important to us. Therefore, we would ask you to carefully read the summary below about how our website works. You can trust that your data will be processed transparently and fairly, and we will make every effort to handle your data carefully and responsibly.
Controller and data protection officer contact details
The controller for the purposes of the GDPR, other data protection legislation in EU member states and other regulations pertaining to data protection is:
Media-Saturn-Holding GmbH, Wankelstraße 5, 85046 Ingolstadt, Germany
Phone: +49(0) 841 634-0
The data protection officer of the controller can be contacted at: firstname.lastname@example.org
Scope of processing of personal data
We collect and use your personal data only insofar as it is necessary to provide a functioning website, our content and services, for instance when you register on our website, log in to an existing customer account or order products. Your personal data is only collected and used with your consent. An exception to this rule is where prior consent is not possible due to given circumstances and the processing of the data is permitted by statute.
The security of your personal data is of high priority to us. We therefore take technical and organisational measures to protect your data stored by us in order to effectively prevent its loss and its misuse by third parties. Our employees tasked with processing personal data in particular are bound by confidentiality obligations and are required to comply with these. Your personal data is secured by ensuring that it is transmitted in encrypted form; for instance, we use SSL (Secure Sockets Layer) to communicate with your web browser. A padlock symbol will be displayed by your browser so that you can see when an SSL connection has been established. To ensure that your data is protected at all times, the technical security measures undergo regular review and are adapted to new technological standards where necessary. These principles also apply to companies that we commission to process and use data in accordance with our instructions.
Purposes of processing and the legal principles governing how your personal data is processed
We collect, process and use your personal data for the following purposes:
• The establishment and performance of contracts
• The delivery of newsletters
• Marketing activities, such as prize draws
• Customer service and customer support
• Provision of broadcast media services, e.g. for processing orders for the goods and services we offer online
Your personal data may be processed on the basis of the following legal principles:
• Art. 6, para. 1, letter a of the GDPR serves as the legal basis for processing activities for which we acquire your consent for a certain processing purpose.
• Art. 6, para. 1, letter b of the GDPR states that personal data may be processed for the performance of a contract, e.g. when purchasing a product. The same applies to any processing activities that are necessary for the performance of pre-contractual activities such as handling enquiries regarding products or services.
• Art. 6, para. 1, letter c of the GDPR applies in cases where we are bound by a legal obligation that requires personal data to be processed, for instance for compliance with tax obligations.
• Art. 6, para. 1, letter d of the GDPR states that personal data may be processed in order to protect the vital interests of yourself or other natural person.
• Art. 6, para. 1, letter f of the GDPR applies in relation to our legitimate interests, for instance when employing service providers for the purpose of performing orders (e.g. delivery services), when performing statistical surveys and analyses or when logging login attempts. Our interest lies in providing a user-friendly, appealing and secure website and optimising the same in order to both serve our business interests and meet your expectations.
Duration of storage and routine erasure of personal data
We only process and store your personal data for as long as it is necessary to fulfil the purpose for which it is stored or while we are required to do so according to law or regulation. Once the purpose ceases to apply or is fulfilled, your personal data will be erased or restricted. Where data is restricted, the data will be erased as soon as retention periods imposed by law, articles of association or contract no longer prevent this erasure from being performed, as long as there is no reason to assume that erasure would jeopardise your legitimate interests, and provided that this erasure would not involve a disproportionately high amount of effort due to the specific nature of the storage.
Collection of general data and information (log files)
In keeping with Art. 6, para. 1, letter f of the GDPR, our website collects a range of general data and information upon each access that is temporarily stored in a server’s log files. A log file is created as part of the automatic logging performed by the processing computer system. The following data may be collected:
• Access to the website (date, time and frequency)
• How you arrived at the website (referring page, hyperlink, etc.)
• Volume of data sent
• The browser and browser version that you are using
• The operating system that you are using
• The internet service provider that you are using
• The IP address that your internet service provider assigns to your computer when connecting to the internet
The collection and storage of this data is required for the operation of the website in order to provide the website functionality and correctly deliver the content of our website. We also use the data to optimise our website and ensure the security of our IT systems. For this reason, the data is stored for a maximum of seven days as a technical precaution.
We also use this data for the purposes of marketing, market research and structuring our services to meet demand by creating and analysing usage profiles under pseudonyms, albeit only if you have not asserted your right to refuse or withdraw consent for the usage of your data in this fashion (see notes regarding your right to object under “Your rights”). This includes the “Remember me” function that you can also disable in your customer account under “Personal data”.
Cookies, web analysis services and social media
Processing of personal data when making contact, upon registration and when submitting guest orders
a) Making contact
Based on Art. 6, para. 1, letters c and f of the GDPR, we use and store your personal data and technical information where necessary to prevent or investigate misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This may also be done on the basis of orders by public authorities or courts of law, insofar as we are required to do so by law, and also to preserve our rights and interests and to enable a legal defence on our part.
Transmission of personal data to third parties
When transmitting your personal data, we ensure that the level of security is always as high as possible, which is why your data is only transmitted to service providers and partner companies that are carefully selected beforehand and bound by contractual obligations. We also only transmit your data to bodies which are located within the European Economic Area and are thus subject to strict EU data protection legislation or which are bound by a corresponding security standard. Transmission of data to third countries is not currently performed or planned.
a) Transmission among companies affiliated with the Group in accordance with Art. 6, para. 1, letter b of the GDPR
We transmit your personal data for the conclusion and performance of contracts relating to the performance of deliveries and services on our website to companies affiliated with the Group within Germany to be stored in central databases and for internal Group billing and accounting purposes. This is necessary in particular for you to be able to use all of our services. If you wish to collect your order at a retail outlet, the retail outlet that you have selected will be notified of your order and will process it. If you contact a retail outlet or our customer hotline in the event of questions, complaints or returns, they will also gain access to your order data to enable them to address your concern.
b) Transmission to other third parties in accordance with Art. 6, para. 1, letters c and f of the GDPR
Finally, we may transmit your data to third parties or government bodies under current data protection legislation if we are legally required to do so (e.g. on the basis of an order of a public authority or court of law) or if we are entitled to do so (e.g. because it is necessary for the investigation of criminal activity or to assert and enforce our rights and interests).
Of course, you have rights in connection with the collection of your data, which we are pleased to inform you about here. If you wish to make use of any of the following rights free of charge, simply send us a message. You can use the following contact details without incurring any costs other than those charged by your communications provider for transmitting the message:
By email: email@example.com
By post: Media-Saturn-Holding GmbH, Wankelstraße 5, 85046 Ingolstadt, Germany
For your own security, we reserve the right to acquire further information needed to confirm your identity when responding to an existing enquiry. If identification is not possible, we also reserve the right to refuse to respond to your enquiry.
a) Right to information
You have the right to demand information from us on the personal data stored about you.
b) Right to rectification
You have the right to demand immediate rectification and/or completion of the personal data stored about you.
c) Right to restrict processing
You have the right to demand that processing of your personal data be restricted if you dispute the accuracy of the data stored about you, if processing is unlawful and we no longer require the data, but you do not wish the data to be deleted and require it to assert, exercise or defend legal entitlements, or if you have disclosed your objection to its processing.
d) Right to erasure
You have the right to demand erasure of your personal data stored by us, unless the retention of the data is necessary for freedom of expression, for freedom of information, for compliance with a legal obligation, for reasons in the public interest, for asserting or defending against legal claims or for exercising legal rights.
e) Right to information
If you have asserted your right to rectification, to erasure or to place restrictions on processing, we will notify all recipients of the your personal data of how this data has been rectified, erased or is now subject to restrictions on processing, unless it is impossible to do so or involves disproportionate effort.
f) Right to data portability
You have the right to have a copy of the data that you have provided us with sent to you or a third party in a structured, standardised and machine-readable format. If you demand that the data be sent directly to another data controller, this will only be done if it is technically feasible.
g) Right to object
If your personal data is being processed on the basis of legitimate interests in accordance with Art. 6, para. 1, letter f of the GDPR, you have the right to object to processing at any time in accordance with Art. 21 of the GDPR.
h) Right to withdraw consent
You have the right to withdraw your consent for the collection of data at any time with future effect. The data collected until the withdrawal takes legal effect remains unaffected by this. We hope that you understand that it may take some time to process your withdrawal for technical reasons and that you may continue to receive messages from us during this time.
i) Right to submit a complaint to a regulatory authority
If the processing of your personal data violates data protection legislation or if your data protection rights have been violated in any other way, you may submit a complaint to the regulatory authority.
The quickest, easiest and most convenient way to exercise your rectification and erasure rights is to log into your customer account and edit or delete the data stored therein directly. Please note that once your data is erased, you will no longer have access to the services of our product partners through our website. This may also include re-downloading services. Therefore, please backup your data before asserting your right to erasure. Data that we are required to store in accordance with statutory obligations, articles of association or contractual retention requirements will be restricted instead of being erased in order to prevent its usage for other purposes.
Links to the websites of other companies
Our website contains links to the websites of other companies. We are not responsible for the data security precautions of other websites accessible via these links. Please enquire through these external websites about their respective privacy policies.
Version: May 2018, Version 2.0