Privacy policy
This Privacy Policy outlines the type and scope of processing your personal data is subject to when you visit our website www.mediagroup-obi.de and the rights you are entitled to with regard to this data. Personal data refers to all information pertaining to an identified or identifiable natural person, e.g. name and email address. Processing refers to the collection and storage of this data, along with other forms of processing. We will also provide information on our compliance with statutory data protection regulations, particularly the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable legislation, and how we safeguard your data against unauthorized third-party access.
You can download and save our Privacy Policy as a PDF file by clicking here. The PDF file can be opened using the free version of Adobe Reader (available at www.adobe.de) or a comparable program capable of displaying PDF documents.
A. GENERAL INFORMATION
1. CONTROLLER
The Controller responsible for processing on this website in accordance with Art. 4(7) GDPR is:
OBI First Media Group GmbH & Co. KG, Albert-Einstein-Str. 7-9, 42929 Wermelskirchen, Deutschland, email: mediagroup@obi.de
Further information, contact details and additional legal notices can be found in the Site Notice on our website www.mediagroup-obi.de.
2. QUESTIONS ON PRIVACY / DATA PROTECTION OFFICER
You can contact the Data Protection Officer of OBI First Media Group GmbH & Co. KG using the information below:
OBI – Data Protection
Albert-Einstein-Str. 7-9
42929 Wermelskirchen
Email: datenschutzbeauftragter@obi.de
3. DATA PROTECTION
We have implemented a number of technical and organizational measures to protect our website and other systems to prevent the loss, destruction, access, modification or dissemination of your data by unauthorized parties.
When you transfer personal data on our website, this transfer is protected by the SSL (Secure Socket Layer) security protocol in conjunction with 256-bit encryption. You can check whether your transfer is encrypted by looking for the key or lock symbol in your browser’s address bar. The connection is encrypted with high-grade encryption (AES-256 256 bit) and the key exchange with at least RSA 1024 bit.
When you visit our website, the hosting server will temporarily store data to permit user identification (e.g. your IP address) for the purpose of data and system security. This data will be stored no longer than 14 days. The processing for any personal data collected on the basis of data and system security takes place on the basis of Art. 6(1)(1) lit. f GDPR and our legitimate interest in protecting our systems and preventing misuse.
4. PRINCIPLES GOVERNING THE STORAGE AND DELETION OF PERSONAL DATA
Your personal data is only processed for the period required to satisfy the grounds on which it was collected, or to the extent processing is stipulated by legislation to which we are subject, e.g. retention periods of up to 10 years governed by commercial and tax law. If the grounds on which your data is stored cease to apply, or a statutory retention period comes to an end, the personal data in question will be routinely deleted in line with statutory provisions or the processing thereof limited, e.g. restricted processing in compliance with retention obligations under commercial and tax law. We reserve the right to continue processing data in anonymized form as a precautionary measure.
Personal data processed due to a legal obligation, namely the fulfillment of statutory retention obligations, takes place in accordance with Art. 6(1)(1) lit. c GDPR. If personal data is processed to preserve evidence as per Art. 6(1)(1) lit. f GDPR, the corresponding purposes for processing will cease to apply after expiration of the statutory retention periods, whereby the standard statutory retention period is three years. Any anonymization undertaken likewise takes place on the legal basis of Art. 6(1)(1) lit. f GDPR. Our legitimate interest lies in continuing and improving our services.
Please refer to the information provided in this Privacy Policy for more details on specific retention and deletion periods.
5. DISCLOSURE OF PERSONAL DATA
Customer data is only disclosed to third parties where absolutely necessary for the provision of services or to fulfill the purpose pursued by the collection and storage thereof, your consent has been obtained in advance or on another legal basis.
Categories of third-party recipients of your data are as follows:
(a) Companies that belong to the OBI Group, including franchisees, if certain work is carried out by a company belonging to the OBI Group;
(b) External service providers, e.g. IT service providers, marketing service providers.
These companies have been obliged to protect your personal data and are only permitted to process your personal data on the basis of corresponding legal grounds or a data processing agreement.
We are required to disclose your personal data to the competent government agencies (e.g. tax authorities) or courts if the disclosure thereof is required (i) in accordance with the pertinent legislation or regulations, or (ii) in order to assert, exercise or defend against legal claims.
We may be involved in a merger, acquisition, joint venture, restructuring, the sale of some or all of our assets or shares, financing, the acquisition of all or part of our business or a similar transaction, or any legal proceedings or action in relation to the above activities. We reserve the right to disclose or transfer certain parts or all of your personal data to relevant third parties in relation to these transactions and activities, whereby adequate protection and confidentiality conditions and requirements in line with the pertinent legislation, particularly the GDPR, apply accordingly.
A number of the aforementioned third parties may be located in countries outside the EU/EEA for which the EU commission has not determined an adequate level of data protection. In the event that personal data is transferred to these third countries, we will implement adequate protection measures to ensure that your rights are protected in line with the pertinent data protection regulations. Standard contractual clauses issued by the EU commission will also be concluded for the transfer of personal data (Art. 46(2) lit. c GDPR).
Detailed information on the third parties and transfers of personal data outside the EU/EEA in relation to the specific types of processing we carry out is provided below.
B. VISITS TO OUR WEBSITE, COOKIES
If you only use our website for informational purposes, i.e. you do not use any services involving the provision of your personal data and do not otherwise send us any personal data, we nevertheless collect the data automatically sent to us by your browser if necessary. You can find more information on this in section 1 below.
We also use various technical tools for web analytics, to prepare statistics and to aid our online marketing. You can find more information on this and the use of cookies in sections 2 and 3 below.
TECHNICAL PROVISION OF THE WEBSITE
When you visit our website, we collect the following data which is strictly necessary for us to display our website and ensure the stability and security of our online presence:
- Your IP address;
- The time and date of your query;
- The time difference to Greenwich Mean Time (GMT);
- The content of your query (specific pages);
- Access status/HTTP status code;
- The transferred data volume;
- Referral URL;
- Browser;
- Operating system and its interface;
- Browser software language and version.
This processing takes place on the legal basis of Art. 6(1)(1) lit. f GDPR. Our legitimate interest lies in the provision of a functioning website and its system integrity. We use the aforementioned data in a way that cannot be traced to your person for statistical purposes and to improve our website.
Your IP address is automatically anonymized by the deletion of the last 8 digits after 14 days.
2. STATISTICS, WEB ANALYSIS, PERSONALIZED MARKETING
We create pseudonymous user profiles on the basis of your surfing behavior on our website for marketing purposes, market research and the user-friendly design of our website. You can find more information on this and the use of cookies and similar technology in particular in sections 3 and 4 below. User profiles are not merged with data about the bearer of the pseudonym without your consent.
3. COOKIES AND SIMILAR TECHNOLOGY
We use cookies on our website. Cookies are small text files which are placed and stored on a computer system by a web browser.
Numerous website and servers use cookies. Cookies often contain a cookie ID, a unique identifier for a cookie consisting of a character string that can be assigned to a specific web browser where the cookie is stored by websites and services. These cookies make it possible to differentiate between your individual browser and other browsers containing other cookies. In this way, a unique cookie ID allows a specific browser to be remembered and identified.
Using cookies enables us to make our services more user friendly. Without the use of cookies, these services would not work or only work to a limited extent. We are able to recognize visitors to our website each time they visit our site, making each visit more convenient for the user in question. For example, cookies allow us to ensure that the settings applied to opting in or out of cookies in the cookie banner are saved the next time the user visits our website, meaning the user’s decisions are upheld.
Technology similar to cookies, such as session and local storage, can be used similarly to cookies to store information in your browser. In deviation from cookies, information stored in this manner is not transferred to the hosting server when your visit a website. This storage technology is therefore used when the stored information only needs to be available in your browser to ensure the functionality of the website and the server does not require any knowledge thereof. As a result, this approach reduces the volume of data required for communications between your browser and the server in question. Services we use that employ cookies and technology similar to cookies can be broken down into the following categories. Category 1 (functional services) cookies and services are strictly necessary for the provision of the website. The cookies and services described in categories 2 to 5 help us improve our website, display marketing tailored to your interests and align our website with your interests.
Needless to say, we understand that not every user of our website and services is interested in every function, which is why we give you the opportunity to opt in or out of the use of certain services when your first visit our website. You can change your preferences at any time in our cookies settings, which you can find here. Category 1 cookies and services are strictly necessary in order to use our website and cannot be deactivated. The use thereof and the corresponding processing of your personal data and data pertaining to you takes place on the legal basis of Art. 6(1)(1) lit. f GDPR. This legal basis also covers the statistical analysis services defined by us as category 2, which you can manually opt out of. Our legitimate interest in both cases lies in maintaining and improving our services and the provision of a functioning and user-friendly website. We only use category 3 and 5 cookies and services after first obtaining your explicit consent. In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
Here you can revoke previously granted consent at any time with future effect in the cookie settings. Revoking your consent does not affect the legality of any processing that takes place on the basis of your consent prior to the revocation.
You can delete any previously placed cookies in your browser. You also have the ability to fully or partially prevent the placement of cookies by configuring the corresponding settings in your browser. However, please keep in mind that deactivating cookies in your browser may mean you are unable to use all of the features of our website, or only to a limited extent.
Category 1: functional services
Functional services ensure functions without which you would not be able to use our website as intended. These services use cookies to ensure that the settings applied to opting in or out of cookies in the cookie banner are saved the next time the user visits our website, meaning the user’s decisions are upheld, for example.
Category 2: statistical
Statistical analysis services collect pseudonymized data on how our website is used on the basis of a randomly generated identifier to improve its appeal, content and functionality. We use various technical methods to this end depending on whether you have consented to the use of cookies or not. Statistical analysis services help us determine whether, how often and how long which subpages of our website are visited and which content is of particular interest to users. We also collect information on the country or region from which our website was accessed, for example, and the percentage of mobile devices that access our website. We use this information to create anonymous, cross-visit statistics to optimize and make the content on our website more tailored to the needs of our users.
Category 3: enhanced statistics
Website visits are recorded as part of enhanced user analytics, enabling tracking of scrolling and mouse movements. Keyboard entries are never recorded. Information that would make it possible to identify the user is likewise hidden.
Category 4: performance measurement
Performance measurement cookies are used to determine the success of marketing measures and optimize them accordingly. In the event that our partners merge information on the performance of marketing measures with other data you have provided or collected by our partners in relation to your use of their services to a partial extent, you can find further information on this in the partner privacy policies linked under section 4.
Category 5: personalization
Personalized cookies are used to display personalized content tailored to your interests on and off this website. In the event that our partners merge information on the performance of marketing measures with other data you have provided or collected by our partners in relation to your use of their services to a partial extent, you can find further information on this in the partner privacy policies linked under section 4.
4. WEB ANALYTICS AND ONLINE MARKETING SERVICES USED ON THIS WEBSITE
We use various web analytics and online marketing services to make our website more user-friendly and appealing. In the event that personal data is collected in relation to these services, depending on the service in question, this takes place either on the legal basis of Art. 6(1)(1) lit. f GDPR, whereby the design of a user-friendly and appealing website serves as our legitimate interest, or on the basis of your explicitly obtained consent to the data processing as per Art. 6(1)(1) lit. a GDPR.
You can object to data processing on the basis of Art. 6(1)(1) lit. f GDPR at any time. Likewise, you can revoke previously granted consent at any time with future effect. Revoking your consent does not affect the legality of any processing that takes place on the basis of your consent prior to the revocation. Please use our cookie settings here to revoke your consent.
For technical reasons, please keep in mind that managing your cookie settings on our website only pertains to the browser you are currently using and you need to configure the corresponding settings separately on other devices or when using different browsers.
You can find detailed descriptions of the individual services below.
i) Webtrekk (category 2: statistical)
OBI uses the services provided by Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin (www.webtrekk.com) to collect statistical data on the use of our website and optimize our website accordingly. To this end, information transmitted by your browser relating to your website visit is collected and analyzed. The data collected includes, but is not limited to: The pages visited, the browser type/version, the browser language settings, the operating system used, the inner resolution of the browser window, the screen resolution, JavaScript activation, Java on/off, cookies on/off, color depth, IP address (instantly anonymized and then deleted), the time of your visit and clicks. Content from the input fields in the form is only stored if it is not personal data for statistical analysis. However, if the data in question is personal data, only the cancellation or successful sending is statistically recorded. In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
You can manage your consent here at any time or revoke it with future effect.
Retention period for placed cookies:
- Session cookie (for session recognition, duration: one session)
- Persistent cookie (for recognizing new/returning visitors: 24 months)
- Opt-out cookie (for objecting to the use of data for commercial purposes: 99 years)
If you do not grant your consent to data collection through cookies, server-based fingerprinting is performed on the basis of the IP address and user agent transmitted by your device, whereby data collection is solely limited to one website visit. Your IP address and user agent are only temporarily processed during your visit and not stored thereafter. Data collection over several visits or devices does not take place in this regard, even if the same IP address and user agent are used for a subsequent visit to our website. In addition, no cookies are stored or read on your device. The use of Webtrekk for the aforementioned takes place on the legal basis of Art. 6(1)(1) lit. f GDPR. Our legitimate interest in this regard lies in designing a user-friendly and appealing website. You can learn more about the data protection terms of Webtrekk by clicking the link below: https://www.webtrekk.com/privacy-notice.html.
If you do not consent to the analysis of your data by Webtrekk on the sole basis of individual website visits as described above, you can object to this processing at any time by clicking here.
ii) Hotjar (category 3: enhanced statistics)
We use Hotjar, a web analytics tool provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar enables us to pseudonymously record interactions by randomly selected individual visitors to our website. This creates a log file that records information such as mouse movements and clicks, which we use to improve our website. Hotjar also analyzes information on your operating system, browser, incoming and outgoing links, geographical origin along with the resolution and type of device accessing our website for statistical purposes. Hotjar also offers visitors the opportunity to provide anonymous feedback in feedback polls, whereby visitors can voluntary give their opinion on our website. The data collected is not personal in nature and it stored by Hotjar Ltd. but not passed on to any other third parties. You can find more information on the features offered and data usage by Hotjar at https://www.hotjar.com/privacy (see category “Passive Collection”). The cookies are saved on your device for 365 days.
In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
You can manage your consent here at any time or revoke it with future effect.
iii) Google Ads Conversion Tracking (category 4: (Performance measurement)
We use the Google service “Google Ads” on our website and, in relation thereto, “Google Conversion Tracking” provided by Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google Conversion Tracking sets a cookie when you click on an ad placed by Google Ads; the corresponding Google Conversion Tracking cookies are valid for 90 days. If you visit certain pages of our website, we and Google will be able to track you clicking on a certain ad and being forwarded to our website on the basis of the aforementioned cookie. Data collected by these cookies is used to create conversion statistics; in particular, to verify the total number of visitors that have clicked on a certain ad and been forwarded to a page containing a conversion tracking tag. However, conversion statistics do not contain the any information that would enable them to personally identify the website user. You can learn more about the data protection terms of Webtrekk by clicking the link below: http://www.google.de/policies/privacy/.
A contract containing EU standard contractual clauses has been concluded with Google to ensure an adequate level of data protection for the transfer of personal data to third countries.
In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
You can manage your consent here at any time or revoke it with future effect.
iv) Google Ads Remarketing (category 5: personalization)
This website uses the remarketing function provided by Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). This feature enables us to display interest-based ads to website visitors within the Google ads network. The website visitor’s browser stores cookies, i.e. text files stored on your computer that enable the provider to recognize you when you visit websites that belong to the Google ads network. Ads can be displayed to the user on these pages that are related to content the user previously viewed on websites that use the Google Remarketing feature. According to Google, the company does not collect any personal data in the process. The aforementioned cookies are erased after 13 months.
A contract containing EU standard contractual clauses has been concluded with Google to ensure an adequate level of data protection for the transfer of personal data to third countries.
In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
You can manage your consent here at any time or revoke it with future effect.
v) LinkedIn Analytics and LinkedIn Ads (category 5: personalization)
We use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) on our website. LinkedIn is a subsidiary of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
The LinkedIn Insight Tag creates a cookie when you visit this website; the corresponding cookie is valid for 30 days. Data collected by this cookies is used to create conversion statistics; in particular, to verify the total number of visitors that have clicked on a certain LinkedIn ad and subsequently had an interaction relevant to conversion measurement on this website. However, conversion statistics do not contain the any information that would enable them to personally identify the website user. LinkedIn Insight Tags are used on this website in order to display interest-based ads on LinkedIn.
If you are logged into LinkedIn, you can opt-out of this data collection at any time by clicking on the link below: https://www.linkedin.com/psettings/enhanced-advertising.
You can learn more about the data protection terms of LinkedIn by clicking the link below:
https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
If you exercise your ability to object to personalized marketing on LinkedIn, this does not in any way limit your right to revoke consent previously granted to us.
In this case, your personal data is processed on the legal basis of your consent as per Art. 6(1)(1) lit. a GDPR.
You can manage your consent here at any time or revoke it with future effect.
C. DATA SUBJECT RIGHTS
- Right of access (Art. 15 (1) and (2) GDPR): You are entitled to obtain information on the personal data we have stored pertaining to your person..
- Right to rectification (Art. 16 GDPR) and erasure, Art. 17 GDPR: You may demand the we rectify incorrect personal data and, subject to statutory requirements, erase your personal data.
- Right to restriction of processing 18 GDPR): You are entitled to request that we restrict the processing of your personal data, subject to statutory requirements.
- Right to data portability (Art. 20 GDPR): If you have disclosed personal data to us for the performance of contractual measures or on the basis of your consent, you reserve the right, subject to statutory requirements, to receive the personal data you have disclosed in a structured, conventional machine-readable format or request the transfer of your data to another controller.
- Right to withdraw consent (Art. (7)(3) GDPR): If you grant us your consent to processing, this consent can be revoked at any time with future effect. This shall not affect the legality of any processing concluded prior to the withdrawal of your consent.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You also reserve the right to lodge a complaint with the competent supervisory authority if you have reason to suspect that processing of your personal data may violate the pertinent law. To do so, you can contact the supervisory authority with jurisdiction over your address or the data supervisory authority with jurisdiction over our business in North Rhine-Westphalia. The data supervisory authority responsible for OBI GmbH & Co. Deutschland KG and OBI E-Commerce GmbH is: LDI– North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information,.
2-4, 40213 Düsseldorf,
Additional information on your right to object to processing as per Art. 21(1)(2) GDPR
You reserve the right to lodge an objection to the processing of your personal data at any time for grounds pertaining to your personal situation on the legal basis of Art. 6(1) lit. e or f GDPR; this also applies to any profiling that takes place on the basis of these provisions. If you lodge an objection, we shall no longer process your personal data, unless we are able to provide compelling and legitimate grounds for continued processing that override your interests, rights and liberties, or the processing takes place in order to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, insofar as it is related to the direct advertising in question.
If you exercise your right to object to the processing of your personal data for direct advertising purposes, we will add your name to a blacklist to ensure your objection is complied with.
D. CONTACT
We provide a contact form on our website for you to use to contact us, send messages or get in touch with a query. If you get in touch with us, we store and process the data you disclose (your email address, name and phone number, if necessary) along with your query to respond to your questions.
Depending on the content of your query, this processing takes place on the legal basis of Art. 6(1)(1) lit. b and f GDPR. Our legitimate interests in this regard lies in the efficient and structured collection and processing of customer queries along with quality assurance. We delete the collected data once its storage is no longer required for the above purposes, e.g. once the customer query has been closed, or restrict processing to comply with statutory retention periods.
Personal data collected in relation to your query is deleted as soon as it is no longer required, subject to any (further) statutory retention periods. We check whether continued storage remains necessary on a monthly basis. As a rule, we are required to maintain copies of our business correspondence for a 6-year period, starting at the end of the respective year. This storage takes place on the legal basis of Art. 6(1) lit. c GDPR (fulfillment of a legal obligation).
You can contact us or our Data Protection Officer at any time to exercise your rights as a data subject or ask any general questions related to data protection:
OBI First Media Group GmbH & Co. KG, Albert-Einstein-Str. 7-9, 42929 Wermelskirchen, Deutschland, email: mediagroup@obi.de
Data Protection Officer contact information: OBI – Data Protection, Albert-Einstein-Str. 7-9, 42929 Wermelskirchen, datenschutzbeauftragter@obi.de
More information and contact information along with further legal notices can be found in the site notice on www.mediagroup-obi.de.