Data Privacy Policy
Thank you for your interest in our website and our services. For us, data is the basis for excellent service. However, our most important asset is the trust of our customers. Protecting customer data and using it only in the way our customers expect, is our number one priority. The following privacy notice is therefore intended to inform you about the processing of your personal data and your rights in this processing in accordance with the European General Data Protection Regulation ("GDPR") and other applicable data protection regulations
1. DESCRIPTION OF THE GROUPS OF PERSONS AFFECTED AND THE PERSONAL DATA PROCESSED
CATEGORIES OF PERSONS AFFECTED BY THE PROCESSING (DATA SUBJECTS):
Visitors and users of the online services
(hereinafter also referred to as "users")
TYPES OF DATA PROCESSED:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Contractual data (only insofar as users also have concurrently a contractual relationship with METRO Logistics, in which case contractual object, term, customer category, etc. will then be processed).
- Usage data (e.g. webpages visited, links clicked, interest in content, acess times).
- Meta/communication data (e.g. device information, IP addresses).
Hereinafter, we also refer to this processed data collectively as "personal data".
2. PROCESSING OF SPECIAL CATEGORIES OF DATA (ART. 9 PARA. 1 GDPR)
In principle, no special categories of data are processed, unless this has been provided for processing by the users, e.g. entered in online forms.
3. INTENDED PURPOSE OF THE PROCESSING
METRO LOGISTICS offers logistics services and provides users with continually updated information from the field of logistics.
To the extent that personal data is collected on our webpages, this is on a voluntary basis. For the purposes of marketing and website optimisation, we collect navigation information from website visitors, provided you have consented to this collection in the cookie settings or in another part of our website. This involves data about your end device and your visit to our website, in particular your IP address, referral source (i.e. the source that directed you to our website), the duration of your visit and the pages you opened.
Personal data is collected in the context of the following tasks:
- providing the online service, its content and functions.
- personalised display of website content
- maintenance of inventory and usage data
- acquisition of new customers
- preparation and response to contact enquiries and communication with users
- further services for customers
- provision of contractual performance, service and customer support
- marketing, advertising and market research
- security measures.
4. RELEVANT LEGAL BASIS
Pursuant to Art. 13 GDPR, we inform you of the legal basis of our data processing. Unless the legal basis is specified separately in this Data Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 (a) and Art. 7 GDPR; the legal basis for the processing for the purposes of performing our services and implementing contractual measures as well as of answering questions is Art. 6 para. 1 (b) GDPR; the legal basis for the processing in order to fulfil our legal obligations is Art. 6 para. 1 (c) GDPR; and the legal basis for the processing in order to safeguard our legitimate interests is Art. 6 para. 1 (f) GDPR. In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 (d) GDPR serves as the legal basis.
5. CHANGES AND UPDATES TO THE DATA PRIVACY POLICY
We ask that you inform yourself regularly about the content of our Data Privacy Policy. We adjust the Data Privacy Policy when this is necessitated by changes to the data processing we carry out. We will inform you when cooperation on your part (e.g. consent) or any other individual notification is required due to these changes.
6. SECURITY MEASURES
In accordance with Article 32 GDPR, we take appropriate technical and organisational measures, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate for the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data-related input, disclosure, reliability of availability and separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and the response to the endangerment of the data. Furthermore, we already consider the protection of personal data in the development or selection of hardware, software and processes, in accordance with the principle of data protection by means of technical design and data-protection-compliant presets (Art. 25 GDPR).
- Security measures include, in particular, the encrypted transmission of data between your browser and our server or to the servers of our service providers (e.g. webhosts).
7. COLLABORATION WITH PROCESSORS AND THIRD PARTIES
- If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only carried out on the basis of statutory licence (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for the fulfilment of the contract pursuant to Art. 6 para. 1 (b) GDPR), if you have consented to this, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. the utilisation of contractors, webhosts, etc.).
- Insofar as we engage third parties for the processing of data on the basis of a "data processing contract", this is undertaken on the basis of Art. 28 GDPR.
8. TRANSFER TO THIRD COUNTRIES
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if we do so in the context of the utilisation of third-party services or disclosure/transfer of data to third parties, this is undertaken only when it is for the purposes of fulfilling our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual licence, we process or have the data processed in a third country only if the special conditions of Art. 44 ff. GDPR are met, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised establishment of an EU-compliant level of data protection or compliance with specific, officially recognised contractual obligations ("standard contractual clauses").
9. RIGHTS OF THE DATA SUBJECT
- You have the right to confirm as to whether the data in question is processed and information concerning this data, as well as other information and copies of the data in accordance with Art. 15 GDPR.
- In accordance with Art. 16 GDPR, you have the right to request that data pertaining to you is completed or incorrect data pertaining to you is corrected.
- In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, to require a restriction on the processing of the data in accordance with Article 18 GDPR.
- You have the right to request that you receive the data concerning you and which you have provided to us, in accordance with Article 20 GDPR, and to request its transmission to other controllers.
- In addition, in accordance with Art. 77 GDPR, you have the right to submit a complaint to the competent supervisory authorities.
10. RIGHT OF REVOCATION
You are entitled to revoke any consent granted in accordance with Art. 7 para. 3 GDPR with future effect.
11. RIGHT OF OBJECTION
You can object at any time to the future processing of your data in accordance with Art. 21 GDPR. In particular, you can object to the processing for purposes of direct advertising.
12. COOKIES
We use session and persistant cookies; these are small files that are saved on the devices of the user (please see the last section of this Data Privacy Policy for an explanation of the term and the function). In part, these cookies are for the purposes of security or are necessary for the operation of our online service (e.g. for displaying the website) or to save the user's preference in confirming the cookie banner. We or our technological partners also use cookies for the purposes of marketing or measuring reach; this will be explained to the user in the course of the Data Privacy Policy.
By accepting our "cookie banner", you are consenting to the processing of your personal data by means of cookies. The legal basis for the use of performance & statistic (measurement of reach) cookies as well as marketing cookies is your consent in accordance with Art. 6 para. 1 sentence 1 (a) GDPR. The legal basis for the use of essential cookies and functional cookies is Art. 6 para. 1 sentence 1 (b) GDPR.
You can revoke your consent to the use of cookies at any time with future effect. In addition, you have the option of configuring your settings individually under "cookie settings".
Necessary cookies
__hs_opt_out
This cookie is used not to ask the visitor to accept cookies again.
This cookie is set when you give visitors the choice to opt out of cookies.
It contains the string "yes" or "no".
It expires in 6 months.
__hs_d_not_track
This cookie can be set to prevent the tracking code from sending any information to HubSpot.
It contains the string "yes".
It expires in 6 months.
__hs_initial_opt_in
This cookie is used to prevent the cookie-banner from always displaying when visitors are browsing in strict mode.
It contains the string "yes" or "no".
It expires in seven days.
__hs_cookie_cat_pref
This cookie is used to record the cookie-categories a visitor consented to.
It contains data on the consented categories.
It expires in 6 months.
__hs_gpc_banner_dismiss
This cookie is used when the Global Privacy Control banner is dismissed.
It contains the string "yes" or "no".
It expires in 180 days.
hs_ab_test
This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
It contains the id of the A/B test page and the id of the variation that was chosen for the visitor.
It expires at the end of the session.
<id>_key
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.
The cookie name is unique for each password-protected page.
It contains an encrypted version of the password so future visits to the page will not require the password again.
It expires in 14 days.
hs-messages-is-open
This cookie is used to determine and save whether the chat widget is open for future visits.
It is set in your visitor's browser when they start a new chat, and resets to re-close the widget after 30 minutes of inactivity.
If your visitor manually closes the chat widget, it will prevent the widget from re-opening on subsequent page loads in that browser session for 30 minutes.
It expires in 30 minutes.
hs-messages-hide-welcome-message
This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed.
It expires in one day.
__hsmem
This cookie is set when visitors log in to a HubSpot-hosted site.
It expires in seven days.
hs_langswitcher_choice
This cookie is used to save a visitor’s selected language choice when viewing pages in multiple languages.
It is set when a visitor selects a language from the language switcher and is used as a language preference to redirect them to sites in their chosen language in the future if they are available.
It expires in two years.
__cfruid
This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. Learn more about Cloudflare cookies.
__cf_bm
This cookie is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires in 30 minutes. Learn more about Cloudflare cookies.
Analytics Cookies
These are non-essential cookies controlled by the cookie banner. If you're a visitor to a site supported by HubSpot, you can opt out of these cookies by not giving consent.
__hstc
The main cookie for tracking visitors.
It contains the domain, hubspotutk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
It expires in 6 months.
hubspotutk
This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
It expires in 6 months.
__hssc
This cookie keeps track of sessions.
This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
It expires in 30 minutes.
__hssrc
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
It expires at the end of the session.
Functionality cookies
Chatflow-Cookie
This is the cookie used for the chatflows tool. If you're a visitor, this allows you to chat with a representative on the site.
messagesUtk
This cookie is used to recognize visitors who chat with you via the chatflows tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser.
With the Consent to collect chat cookies setting turned on:
-
If you chat with a visitor who later returns to your site in the same cookied browser, the chatflows tool will load their conversation history.
-
The messagesUtk cookie will be treated as a necessary cookie.
When the Consent to collect chat cookies setting is turned off, the messagesUtk cookie is controlled by the Consent to process setting in your chatflow.
HubSpot will not drop the messagesUtk cookie for visitors who have been identified through the Visitor Identification API. The analytics cookie banner will not be impacted.
This cookie will be specific to a subdomain and will not carry over to other subdomains.
It expires after 6 months.
Advertisement cookies
Advertisement cookies are ad pixel cookies (such as Facebook, LinkedIn and Google) that you can opt to install using the HubSpot ads tool.
13. LÖSCHUNG VON DATEN
1. Die von uns verarbeiteten Daten werden nach Maßgabe der Art. 17 und 18 DSGVO gelöscht oder in ihrer Verarbeitung eingeschränkt. Sofern nicht im Rahmen dieser Datenschutzerklärung ausdrücklich angegeben, werden die bei uns gespeicherten Daten gelöscht, sobald sie für ihre Zweckbestimmung nicht mehr erforderlich sind und der Löschung keine gesetzlichen Aufbewahrungspflichten entgegenstehen. Sofern die Daten nicht gelöscht werden, weil sie für andere und gesetzlich zulässige Zwecke erforderlich sind, wird deren Verarbeitung eingeschränkt. D.h. die Daten werden gesperrt und nicht für andere Zwecke verarbeitet. Das gilt z.B. für Daten, die aus handels- oder steuerrechtlichen Gründen aufbewahrt werden müssen.
2. Nach gesetzlichen Vorgaben erfolgt die Aufbewahrung insbesondere für 6 Jahre gemäß § 257 Abs. 1 HGB (Handelsbücher, Inventare, Eröffnungsbilanzen, Jahresabschlüsse, Handelsbriefe, Buchungsbelege, etc.) sowie für 10 Jahre gemäß § 147 Abs. 1 AO (Bücher, Aufzeichnungen, Lageberichte, Buchungsbelege, Handels- und Geschäftsbriefe, Für Besteuerung relevante Unterlagen, etc.).
13. DELETION OF DATA
- The data processed by us is deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in the context of this Data Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion is not precluded by statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, in the case of data that must be retained for commercial or tax-related reasons.
- According to legal requirements, the data is retained in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual accounts, commercial papers, accounting documents, etc.) as well as for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business papers, documents relevant to taxation, etc.).
14. PROVISION OF CONTRACTUAL PERFORMANCE
- We process inventory data (e.g, names and addresses as well as contact details of users) and contractual data (e.g., services used, names of contact persons, payment information) for the purposes of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 (b) GDPR. The information indicated in online forms as being mandatory is required for the conclusion of the contract.
- In the context of the registration and renewed login as well as the utilisation of our online services, we save the IP address and the date/time of the respective user action. This information is saved on the basis of our legitimate interests as well as for the protection of the user against misuse and other unauthorised use. In principle, this data will not be passed on to third parties, unless this is necessary for the pursuit of our claims or is subject to a statutory obligation in accordance with Art. 6 para. 1 (c) GDPR.
- We process usage data (e.g., the webpages visited on our website, interest in our products) and content data (e.g., information provided in the contact form or user profile) for advertising purposes in a user profile in order to display to the user product suggestions based on the services they used previously, for example.
- Deletion takes place after the expiry of statutory warranty obligations and similar. The necessity of the retention of the data is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)). Information in the customer account remains until it is deleted.
15. COMMUNICATION
- When contacting us (via the contact form or by email), the user's information will be processed for the purposes of processing and settling the enquiry in accordance with Art. 6 para. 1 (b) GDPR.
- The user's information may be saved in our customer relationship management system and marketing automation platform ("CRM & Marketing System").
- We use the "HubSpot" CRM, registration and marketing automation system of the provider HibSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Am Postbahnhof 17, 10243 Berlin) on the basis of our legitimate interests (efficient and fast processing of user enquiries, applications and optimisation of our online services). To this end, we have concluded a contract with HubSpot contained clauses in which HubSpot undertakes to process user data only according to our instructions and to comply with the EU standard of data privacy. Further information on HubSpot's data privacy guidelines can be found here: https://legal.hubspot.com/de/dpaand https://legal.hubspot.com/de/privacy-policy
- Our registration service allows visitors to our website to learn more about our company, download content and provide their contact details and other information. This information is saved on servers of our HubSpot software partner. We can use this information to contact visitors to our website and to determine which services offered by our company are of interest to them. All information collected by us is subject to this Data Privacy Policy. We use all information collected exclusively for the purposes of optimising our marketing.
- We delete the enquiries as soon as they are no longer required. We review the necessity of retention of the data every two years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of retention obligations under commercial law (6 years) and tax law (10 years)).
16. COMMENTS AND POSTS
Users can leave comments and make posts only after prior registration. This requires consent for the saving and use of the data as well acceptance of our Data Privacy Policy.
17. COLLECTION OF ACCESS DATA AND LOGFILES
- On the basis of our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR, we collect data on every access to the server on which this service is located (server logfiles). The access data includes the name of the webpages retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
- Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum period of seven days and is then deleted. Data which must be furtehr retained for evidential purposes is excluded from this deletion until the respective incident is clarified conclusively.
18. ONLINE PRESENCE IN SOCIAL MEDIA
- We maintain an online presence in social networks and platforms in order to communicate there with active customers, interested parties and users and to enable us to inform them there about our services. When the respective networks and platforms are accessed, the terms and conditions and the data processing guidelines of their respective operators apply.
- Unless otherwise specified in our Data Privacy Policy, we will process the users' data when they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
19. NEWSLETTER & EMAIL MARKETING AUTOMATION
- The distribution of the newsletter and performance measurement are on the basis of the consent of the recipient in accordance with Art. 6 para. 1 (a), Art. 7 GDPR in connection with Section 7 para. 2 (3) of the German Fair Trade Practices Act (UWG) or on the basis of the statutory licence pursuant to Section 7 para. 3 UWG.
- The logging of the subscription process is on the basis of our legitimate interests in accordance with Art. 6 para. 1 (f) GDPR and serves as evidence of consent to the receipt of the newsletter.
- Termination/revocation – You can terminate your subscription to the newsletter at any time, i.e. revoke your consent. A link to unsubscribe from the newsletter is contained at the end of every newsletter. If the user has only subscribed to the newsletter and terminates this subscription, their personal data will be deleted.
20. INTEGRATION OF SERVICES AND CONTENT OF THIRD PARTIES
1. Use of SalesViewer technology
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.
The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://secure-web.cisco.com/1CRVpmLNUCKVWv_v6r3Usdyr8-483I73yp8xFJAGvjOvJo-F70jMEK-SJ65PgCy0XGrmhIUamY88jv-V9L-n-Uw55py5fbD48dLweh2GDktlCL6veXi3P2vejrlKq0nWwP2AxV1dPvLjsBr0hncS4FnpqNW-r2CidxVDo6GtYZevJsQCpOSdpGDPLJ6DjHuIgqKNvOmq_nlXjPQMmVhArm-MdQsdYk3DY1klEb-XECcq_YbXYT1sEMt-yawcDmfPR7jV9VOIEPULVInrUsRO6FCvsYHzEj-nOPVgqfLNTJdj97XbZeCILQSPKNPospx18rbtKDXyxUqjK6OZM4HLeuw/https%3A%2F%2Fwww.salesviewer.com%2Fopt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
21. DATA PROTECTION OFFICER
METRO LOGISTICS Germany GmbH
Schlüterstraße 1
40235 Düsseldorf
Germany