Privacy Policy
The protection of your personal data and the assurance of your right to informational self-determination are very important to us. This privacy policy therefore informs you about the type and scope of processing of your personal data by NeS GmbH (hereinafter also referred to as “NeS,” “us,” or “we”). The legal basis is primarily the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telemedia Act (TMG). We reserve the right to change or supplement the contents of this statement at any time and to adapt it to amended legal provisions and case law. The currently published version here is the one that applies.
I. Website Provision and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the visitor’s computer system. The following data is collected:
Website from which you visit us
IP address of the requesting computer, shortened by the last three digits
Name of the requested file
Date and time of page access
Amount of data transferred
Notification whether the page request was successful
Notification why a page request may have failed
Name of your Internet Service Provider (e.g., T-Online, 1&1)
Operating system and browser software of your computer or other devices
These data are also stored in the log files of our system. IP addresses or other data that could identify a user are not affected. There is no storage of this data together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for temporary storage of data is Art. 6(1)(f) GDPR.
3. Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must be stored during the session. This also represents our legitimate interest in data processing according to Art. 6(1)(f) GDPR.
4. Duration of Storage
Data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for website delivery, this occurs when the respective session ends.
5. Right to Object
Collecting data for website delivery and storing data in log files is essential for operating the website. Therefore, users have no right to object.
II. Use of Cookies
1. Description and Use of Data
Our website uses cookies to make your shopping experience smoother and more personalized. Cookies are small text files stored by your browser on your device. Some cookies are temporary (session cookies) and disappear when you close your browser, while others are permanent.
Cookies help us remember things like:
Your session and login information
Your preferences and settings
Security settings
We also use third-party cookies for analytics, so we can improve our website and services. On your first visit, a banner will inform you about cookies and link to our privacy policy.
2. Legal Basis for Data Processing
We process your personal data through cookies only with your consent under GDPR (Art. 6, para. 1a).
3. Purpose of Data Processing
Technically necessary cookies make sure the website functions correctly, remembering features like shopping carts, preferences, and special offers.
Analytics cookies help us understand how you use the site, so we can continuously improve it.
4. Storage Period and Opt-Out
You have full control over cookies. You can block or delete cookies via your browser. Consent can be withdrawn at any time, but some features may not work fully.
5. Cookie Statement
We use cookies to keep our site safe and reliable, improve our services, and show personalized ads. By clicking “Ok”, you agree to our cookie usage. You can change or withdraw your cookie settings anytime in our privacy policy.
III. Registration
1. Description and Scope of Data Processing
On our website, users can register for a central customer account by providing personal information. The data is entered via a form and securely stored. During registration, we collect the following information:
Email addressPasswordFirst name (required for orders)Last name (required for orders)Address (required for orders)Date of birth (required for orders)For business customers, the following additional information is collected:
Company nameVAT ID (instead of salutation, first name, last name, date of birth)At the time of registration, the following information is also stored:
Registration timestamp (date and time)IP addressNewsletter preferences (if selected)Temporary passwordTemporary nicknameBranch (if selected during registration)When placing orders, your purchased items are linked to your customer account. Items saved to your wishlist are also stored in your account. Certain services or offers on our website may be processed by Netto Marken-Discount Stiftung & Co. KG (“Netto”), and account data may be shared with them for this purpose.
2. Legal Basis for Data Processing
The legal basis for processing your data is your consent under Art. 6(1)(a) GDPR.
3. Purpose of Data Processing
Registration is required to provide certain content and services on our website. By registering, you can:
Manage your customer informationParticipate in contests more easilyManage your wishlist4. Retention Period
Data will be deleted once it is no longer needed for the purpose it was collected. This applies to registration data if the account is deleted or modified.
5. Right to Withdraw
You may cancel your registration at any time (Art. 7(3) GDPR). Your stored data can be updated or deleted. You can manage changes and delete your account via your central customer account. To delete your account, you can also contact us at: shop-service@netto-online.de
IV. Order
1.Description and scope of data processing
In our online shop, you can order products for delivery. If you already have a customer account, we will use the information stored there. You may also create a new account during checkout. If you place an order as a guest without creating an account, we will collect and store the data listed in Section III.1. You can also enter a different billing or shipping address (street, postal code, city) during checkout.
If you have a DeutschlandCard and would like to collect points, you can enter your card number. For items delivered by freight forwarding, we will also collect your phone number to arrange a delivery date. For shipping, we share the following information with our service providers and suppliers:
Title
First and last name
Address (street, postal code, city)
Phone number (for freight delivery)
Your order details
At the time of ordering, the following additional data is also stored:
Timestamp of the order (date and time)
IP address
For payment processing, we collect further data depending on the payment method and forward it to the relevant payment service providers:
PayPal: You will be redirected to PayPal’s website. We transmit your name, address, email address, and order value for authorization.
Purchase on account: Your data will be processed for a credit check (see Section V).
Sofort transfer: We forward your order number and customer number to Sofort GmbH.
Credit card: Payment is handled by our partner Computop. Credit card details (brand, expiry date, card number, CVC) are collected and verified.
Giropay: We send details such as order value, name, address, and email address to Giropay.
Financing: For financing via Consors Finanz, we transmit personal details such as name, date of birth, address, and order value.
2.Legal basis for data processing
The processing of your order data is based on Art. 6 (1) (b) GDPR (performance of a contract). The logging of orders is carried out on the basis of our legitimate interests according to Art. 6 (1) (f) GDPR.
3.Purpose of data processing
Your personal data is used exclusively to process your order. Logging (such as storing IP addresses) helps prevent or detect misuse and fraud. This also constitutes our legitimate interest under Art. 6 (1) (f) GDPR.
4.Duration of storage
Your data is stored as long as necessary to fulfil the contract and any related obligations. It will be automatically deleted at the end of the third year following delivery, unless statutory retention periods require longer storage.
5.Right to object
Collecting order-related data is essential for processing your purchase and therefore cannot be objected to. However, you may object to logging (such as IP address storage) in accordance with Art. 21 (1) GDPR.
V. Credit Check
1. Description and scope of data processing
When paying by invoice, we bear a financial default risk. Therefore, after you apply for purchase on account, we commission a service provider to check your creditworthiness. In the event of a negative result, we reserve the right to refuse the chosen payment method. For this purpose, we transmit the data you provided during the order, namely:
Last name
First name
Billing address (street, postal code, city)
Delivery address (street, postal code, city)
Date of birth
IP address
Customer number (if available)
Email address
Order value
to Unzer E-Com GmbH, Vangerowstraße 18, 69115 Heidelberg.
Unzer E-Com GmbH, which assumes outstanding receivables with a payment guarantee for NeS GmbH as part of a credit check, forwards personal data regarding the application, conclusion, and termination of the contract with NeS GmbH, as well as data on non-contractual or fraudulent behavior, to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden.
The legal bases for these transmissions are Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Transfers under Art. 6 (1) (f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of Unzer E-Com GmbH or third parties, and provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
Data exchange with SCHUFA also serves to fulfill legal obligations to carry out creditworthiness checks of customers (§ 505a and § 506 German Civil Code).
SCHUFA processes this data and also uses it for profiling (scoring) to provide its contractual partners in the European Economic Area, Switzerland, and, where applicable, third countries (if covered by an adequacy decision of the European Commission) with information, including on the creditworthiness of natural persons. Further details on SCHUFA’s activities can be found in the SCHUFA information sheet or online at www.schufa.de/datenschutz
2. Legal basis for data processing
The legal basis is Art. 6 (1) (f) GDPR in conjunction with § 31 (2) BDSG.
3. Purpose of data processing
The processing of personal data is solely for assessing our default risk, as we provide goods or services in advance for invoice and direct debit purchases. This constitutes our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection, unless statutory retention obligations require otherwise.
5. Right to object
Users may object to the storage of their personal data at any time with effect for the future. Objections can be made informally and should be sent to:
NeS GmbH, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Germany
Tel.: +49 (0)89 70066700 (Mon–Fri: 8:00 a.m. – 7:00 p.m., local rate)
Email: shop-service@netto-online.de
6. Additional information (SCHUFA information sheet)
Further details can be found in the additional SCHUFA information sheet, which supplements and completes SCHUFA’s explanation of data processing as a credit reference agency.
VI. Fraud Prevention
1. Description and scope of data processing
As part of the ordering process, we carry out a risk check before the purchase is completed in order to prevent fraudulent activities as effectively as possible. For this purpose, we work with our service provider Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg. The following data is transmitted to Risk.Ident GmbH:
Salutation
First and last name
Address (street, postal code, city, country)
Date of birth
Email address
Phone number (if provided)
Customer account number (if available)
IP address
In addition, the following shopping cart information is transmitted:
Order number
Order value
Payment method
Item details (description / quantity)
2. Legal basis for data processing
The legal basis for this processing is Art. 6 (1) (f) GDPR.
3. Purpose of processing
The processing of personal data is carried out exclusively to detect and prevent fraud during the ordering process. This also represents our legitimate interest according to Art. 6 (1) (f) GDPR.
4. Storage period
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of risk checks, this means that your data is deleted once the check has been completed.
5. Right to object
You may object to the processing of your data for risk checks at any time for reasons arising from your particular situation (Art. 21 (1) GDPR). Simply send an email to shop-service@netto-online.de
VII. Use of your data for marketing purposes
Newsletter
1. Description and scope of data processing
On our website, you can subscribe to a free newsletter. You will receive several emails per week with offers, product information, promotions, contests, and news from Netto Marken-Discount stores and online shop.
During subscription, the following data is collected:
Email address
If voluntarily provided, the following data is also stored:
First name
Last name
Date of birth
Additionally, the following data is collected to verify the time and scope of consent:
Timestamp of subscription (date and time)
IP address
Origin of subscription
Newsletter selection
For new subscriptions after 05.05.2021, usage profiles are created to analyze click behavior and potential purchase behavior in the shop to provide more relevant offers in the future. For subscriptions before 05.05.2021, this occurs only after optional consent.
Subscriptions are done via Double-Opt-In. Data is used exclusively for newsletter delivery and not shared with third parties.
2. Legal basis
Art. 6 (1) (a) GDPR (consent) for newsletter; timestamp recording: Art. 6 (1) (f) GDPR; migration of former Plus newsletter: Art. 6 (1) (f) GDPR.
3. Purpose
Sending newsletters and preventing misuse of services or email addresses.
4. Storage period
Data is deleted once the purpose is achieved or subscription ends.
5. Withdrawal and objection
You can unsubscribe at any time via the link in the newsletter or via info@netto-online.de
6. Responsible entity
Netto Marken-Discount Stiftung & Co. KG, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Tel.: 09471 / 320 0, E-Mail: info@netto-online.de
Recommendation Emails
1. Description and scope of data processing
Based on previous purchases, we may send recommendation emails about our products or services. We use data collected from previous orders.
2. Legal basis
Art. 6 (1) (f) GDPR and § 7 (3) UWG.
3. Purpose
To inform you about relevant products and services based on previous purchases.
4. Storage period
Until the purpose is fulfilled or you object to receiving emails.
5. Withdrawal and objection
You may unsubscribe at any time via the link in the email or by contacting shop-service@netto-online.de or 089/70066700 (Mon-Fri 8–19h, local rate).
Review Requests
1. Description and scope of data processing
After your purchase, we send an email via Ekomi Ltd, Markgrafenstraße 11, 10969 Berlin with a link to submit a product review. Data transmitted:
Email address
Order details
2. Legal basis
Art. 6 (1) (f) GDPR.
3. Purpose
To enable product review submission.
4. Storage period
Data is deleted once it is no longer required for the review process.
5. Withdrawal and objection
You can opt out of receiving review requests at any time via the link in the email or by contacting shop-service@netto-online.de or 089/70066700.
VIII. Merging of Customer Accounts
We offer our customers additional features in a central customer account for both the Netto homepage and the Netto webshop. In certain cases, customers can merge their two separate accounts into a single unified account.
1. Merging Homepage Account and Webshop Account
a. Only Homepage Account Available
If you currently only have a customer account for the Netto homepage (formerly www.netto-online.de), you can continue to log in and use its functions.
b. Only Webshop Account Available
If you currently only have a customer account for the Netto webshop (formerly www.netto-online24.de ), during your first login after integration of new features, you will be asked if you wish to view any previously subscribed Netto newsletters in your account. If you agree, you can easily manage your newsletters in your account. If not, newsletters can only be managed via the homepage.
c. Both Homepage and Webshop Accounts Available
If you have both accounts, you can merge them, provided the same email address was used for registration of both accounts. If agreed, all features will be available in a single central account, providing a full overview of previous information from both accounts. If you do not wish to merge, you can create a new account, but you will not have access to data from the previous accounts. Any existing newsletter subscriptions remain unaffected.
2. Merging Netto App Account and Webshop Account
If you have accounts for both the Netto App and the Netto webshop, these can be merged. You will have access to all functions and a complete overview of previous information. You can also log in with your App account in the webshop and vice versa.
3. Merging Webshop Account and Marktkauf Webshop Account
If you are already registered with the Netto webshop, during registration/login in the Marktkauf webshop (www.marktkauf.de), which is also operated by NeS GmbH, you will be informed that you can log in using your existing Netto webshop account. You can use your account across both shops (Single Sign-On), and data from both shops will be merged.
IX. Contact Form, Email, and Telephone Communication
1.Description and scope of data processing
Our website provides a contact form that can be used for electronic communication. When a user uses this form, the entered data is transmitted to us and stored. This data includes:
Salutation
First name
Last name
Email address
Message
Order number (if relevant to the inquiry)
If voluntarily provided, the following data may also be stored:
Address (street, postal code, city)
Phone number
DeutschlandCard number
Optional information about the product and/or store (product name, number, supplier, purchase date, best-before date, EAN, batch number)
Email attachments
Alternatively, contact can be made via the provided email address. In this case, any personal data sent via email will be stored. You may also contact our customer service by phone, in which case the personal data provided during the call will be stored. Providing data is generally voluntary, but missing information necessary for processing your request may prevent a response. If the request concerns products, data may be shared with the respective supplier/manufacturer. Data is used exclusively to process the request.
2.Legal basis for data processing
The legal basis for processing the data is:
Art. 6 (1) (a) GDPR when the user/caller has given consent
Art. 6 (1) (b) GDPR for inquiries regarding previously purchased/ordered products
Art. 6 (1) (f) GDPR for data transmitted via email
3.Purpose of processing
The processing of personal data via the contact form serves solely to handle your inquiry. In the case of email communication, it is also based on our legitimate interest. Personal data collected during telephone contact is processed only for handling the customer request.
4.Storage period
Data is deleted as soon as it is no longer required for the purpose for which it was collected. For contact form and email data, this is once the conversation with the user has ended. Telephone data is also deleted once the inquiry has been fully processed.
5.Responsible entity
If your inquiry concerns products from Netto stores or other services offered by Netto Marken-Discount Stiftung & Co. KG, this entity is responsible for data processing and will handle your communication.
6.Right to withdraw consent and object
Users may withdraw their consent to the processing of personal data at any time. For email communication, users may object to the storage of their personal data; in such cases, the conversation cannot continue. Withdrawal or objection can be sent informally to shop-service@netto-online.de or, for the topics under point 5, to info@netto-online.de. All stored personal data will be deleted in these cases.
X. Contests / Sweepstakes
1.Description and scope of data processing
When you participate in a contest or sweepstake on our website, we process the personal data you provide, including:
Salutation
First name
Last name
Email address
Phone number (if provided)
Any additional information necessary for participation or prize delivery
The collected data is used to organize the contest, verify participation, contact winners, and deliver prizes.
2.Legal basis for data processing
The legal basis for processing personal data for contest participation is Art. 6 (1) (a) GDPR (consent) and, if relevant for the execution of the contest, Art. 6 (1) (b) GDPR (performance of a contract).
3.Purpose of processing
The purpose is to register your participation, select winners, and contact them for prize delivery.
4.Storage period
Personal data will be deleted once it is no longer necessary for the contest and prize delivery, unless legal requirements mandate longer retention.
5.Right to withdraw consent and object
You may withdraw your consent to the processing of your personal data at any time by contacting shop-service@netto-online.de. In this case, you will no longer be able to participate in the contest, and your data will be deleted.
XI. Meat Pre-Order
1.Description and scope of data processing
You have the option to use the meat pre-order service via our website for selected Netto stores. The data entered in the input form is collected and sent by email to the supplier. These data include:
Salutation
First name
Last name
Address (street, postal code, city)
Phone number
Email address
Store
Pickup date
2.Legal basis for data processing
The legal basis for processing the data is Art. 6 (1) (b) GDPR (performance of a contract).
3.Purpose of data processing
The processing of personal data from the input form is solely for the purpose of handling your meat pre-order.
4.Storage period
Data will be deleted once it is no longer needed for the purpose for which it was collected. For the personal data from the input form, this is the case once the pre-ordered meat has been picked up by you at the store.
5.Right to object
The collection of data is mandatory for the processing of the meat pre-order. Therefore, the user has no right to object.
6.Responsible party
The party responsible for data processing in connection with the meat pre-order is Netto Marken-Discount Stiftung & Co. KG, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Tel.: 09471 / 320 0, Email: info@netto-online.de
XII. Sales Carts / Promotional Carts
1.Description and scope of data processing
You have the option to apply via our website for a sublease of a Hähnchengrillwagen. The data you enter in the input form is collected and stored. These data include:
Salutation
First name
Last name
Address (street, postal code, city)
Phone number
Email address
Inquiry message
2.Legal basis for data processing
The legal basis for processing the data is Art. 6 (1) (b) GDPR (performance of a contract).
3.Purpose of data processing
The processing of personal data from the input form is solely for the purpose of handling your sublease request.
4.Storage period
Data will be deleted once it is no longer required for the purpose for which it was collected. For the personal data from the input form, this is the case if a sublease agreement is not concluded.
5.Right to object
The collection of data is mandatory for processing the sublease request. Therefore, the user has no right to object. If the user withdraws the request, all personal data stored during the request will be deleted.
6.Responsible party
The party responsible for data processing in connection with the sublease request is Netto Marken-Discount Stiftung & Co. KG, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Tel.: 09471 / 320 0, Email: info@netto-online.de
XV. WhatsApp
1.Type and purpose of data processing
We process the following data from you:
Phone number
WhatsApp profile name
ZIP code and/or location
The data are processed for the purpose of sending you the current digital Netto brochure for the selected Netto store. The store selection is made either by entering a ZIP code or by using the WhatsApp location feature.
2.Legal basis
The legal basis for processing the above data is your consent according to Art. 6 (1) (a) GDPR. To receive the current Netto brochure regularly, you consent in the WhatsApp chat by either clicking the “START” button or typing the word “START.”
You can revoke your consent at any time for the future by clicking the “STOP” button or sending the message “STOP” in the WhatsApp chat.
3.Recipients of the data
To process the above data, we work with WhatsApp Ireland Limited and other service providers. Some of these providers are located outside the European Union or transfer data to third countries. Please note that third countries outside the EU may treat personal data and its protection differently. Special measures have been taken to ensure adequate security of your data in these countries.
4.Storage period
The above data are used to send digital Netto brochures via WhatsApp until consent is revoked. Any location data provided are deleted daily. After revocation of consent, the data are no longer used and are deleted or anonymized. Automatic deletion also occurs after 6 months of inactivity (if the user no longer participates in the chat).
5.Rights of data subjects
In addition to the right to revoke consent, you have the following rights under the GDPR:
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
You also have the right to lodge a complaint with the competent data protection authority.
6.Responsible party
The responsible party for data processing related to the sending of brochures via WhatsApp is:
Netto Marken-Discount Stiftung & Co. KG, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Tel.: 09471 / 320 0, Email: info@netto-online.de
XIV. Meta Platforms
1.Type and purpose of data processing
We process the following data from you:
Facebook and Instagram profile name
Postal code and/or location
This data is processed for the purpose of sending the current Netto offers for the selected Netto store. The choice of store is based on the entered postal code or via the location function of Meta Platforms.
2.Legal basis
The legal basis for processing the above data is your consent under Art. 6 (1) (a) GDPR. To regularly receive the current Netto offers via Meta Platforms (Messenger and Instagram), you give consent by clicking the “Receive Messages” button or by entering the word “Start.”
Consent can be withdrawn at any time with future effect by clicking the “Unsubscribe” button.
3.Recipients of the data
We process this data in cooperation with Meta Platforms Ireland Limited and other service providers. These providers may be located in countries outside the European Union or transfer data to such countries. Please note that data protection laws in such countries may differ from EU standards. For some countries, there are currently no adequacy decisions from the EU Commission. Special measures have been taken to ensure that the data is processed securely.
4.Storage period
The above data will be used for sending digital Netto offers via Meta Platforms until consent is withdrawn. Any location data provided will be deleted daily. Once consent is withdrawn, the data will no longer be used for sending offers and will be deleted or anonymized. Data is also automatically deleted after 6 months of inactivity.
5.Rights of data subjects
In addition to withdrawing consent, data subjects have the following rights:
Right to access personal data (Art. 15 GDPR)
Right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction (Art. 18 GDPR), and portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR)
To exercise your rights, please contact us using the details below.
6.Responsible party
The responsible party for processing data in connection with sending Netto offers via Meta Platforms (Messenger and Instagram) is:
Netto Marken-Discount Stiftung & Co. KG, Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Tel.: 09471 / 320 0, Email: info@netto-online.de
XVI. Web Analytics
The tracking measures described below are carried out based on Art. 6 (1) (f) GDPR. We use these measures to ensure a targeted design and continuous optimization of our website. Additionally, the tracking measures are used to statistically record website usage and evaluate it to improve our offerings for you. These interests are considered legitimate. Specific purposes and data categories per tracking tool are detailed in the corresponding sections.
1. Google Analytics
For the purpose of targeted design and continuous optimization of our website, we use Google Analytics, a web analytics service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Pseudonymized user profiles are created, and cookies are used.
The information generated by the cookie about your use of this website includes:
Browser type/version
Operating system used
Referrer URL (previously visited page)
Hostname of the accessing device (IP address)
Time of server request
This information is transmitted to a Google server in the USA and stored there. It is used to evaluate website usage, compile reports, and provide other services related to website and internet usage for market research and website optimization. Data may be shared with third parties only if legally required or if these third parties process the data on behalf of Google.
Your IP address is anonymized (IP-masking), so identification is not possible. You can prevent the installation of cookies through your browser settings, but some website functions may not be fully available. You can also block data collection by Google Analytics by installing the browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en
For mobile devices, you can disable Google Analytics using this link: Disable Google Analytics. An opt-out cookie will be set; if deleted, you must click the link again.
More information about privacy and Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en
2. Google Tag Manager
Our website uses Google Tag Manager, which allows website tags to be managed via an interface. Google Tag Manager does not set cookies and does not collect personal data. It merely triggers other tags, which may process data. Any deactivation at domain or cookie level remains effective for all tags implemented through Tag Manager.
3. Facebook Pixel
We use the Facebook Visitor Action Pixel provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For users outside the EU, Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA applies.
The pixel enables the definition of target audiences for Facebook ads based on website visits, interactions, and browsing behavior (“Facebook Ads”). It may also be used to measure the effectiveness of marketing activities.
When you visit our website, the Facebook Pixel is automatically integrated by Facebook. A cookie may be stored on your device. If logged into Facebook, the website visit may be recorded in your profile. For us, the data is anonymous, but Facebook may link it to your profile.
Data processing by Facebook is in accordance with the Facebook Data Policy: https://www.facebook.com/about/privacy
. If you are not a Facebook user, you are not affected.
Legal basis: Art. 6 (1) (a) and (f) GDPR. You can withdraw consent at any time and/or object to processing for advertising purposes.
Data is stored with us until the purposes are achieved, consent is revoked, or objection is raised. For Facebook storage, their privacy policy applies.
XVII. Retargeting / Remarketing on our Website
This website uses retargeting technology. It allows us to show ads on our partners’ websites specifically to internet users who have already shown interest in our shop and products. Studies show that personalized, interest-based advertising is more relevant and engaging than ads without such a personal connection. Retargeting works through a cookie-based analysis of your previous browsing behavior. No personal data is stored. The retargeting and remarketing measures described below are carried out based on Art. 6(1)(f) GDPR.
Google Retargeting
We work with Google, a company specialized in retargeting technology. On this website, Google collects anonymized information about visitors’ browsing behavior for advertising purposes and stores it in cookies on your device. Google analyzes the data with an algorithm and shows personalized product recommendations and banners on other websites. These data cannot be used to personally identify you.
If you do not want to see personalized banners, you can opt out. Click the symbol/button (“i”) on any ad banner to visit Google’s website and learn about the retargeting system. You can opt out there, which sets an opt-out cookie on your device to stop future personalized ads. This must be done on the device where you want the opt-out to apply, and the opt-out cookies must not be deleted.
Google AdSense
This website also uses Google AdSense to display ads. Google AdSense uses cookies and web beacons (invisible graphics) to analyze usage. Information about website use (including your IP address) and ad delivery is sent to Google servers in the USA and may be shared with Google partners. Google does not combine your IP with other stored data. You can prevent cookie installation in your browser settings, but some website functions may be limited.
Kupona Retargeting
We work with KUPONA GmbH. Retargeting technologies collect anonymized browsing data for advertising and store it in cookies on your device. Personalized banners may be displayed on other websites, but no personal identification is possible. You can opt out via the “i” symbol on the banner, which sets an opt-out cookie on your device.
Peerius
Peerius Ltd technologies collect data to optimize marketing and offer a personalized service based on products you viewed in our shop. No additional personal data is stored or shared. Cookies allow us to recognize your browser on return visits. You can delete cookies after visiting or configure your browser to block cookies if you do not want a personalized experience.
ChannelPilot
We use ChannelPilot Solutions GmbH, which stores information via cookies such as browser type/version, referrer URL, IP address, and request time. Data is stored on ChannelPilot servers in Germany, and IP addresses are anonymized after a short period (usually max 24 hours). Data helps evaluate marketing channel performance. To prevent data collection, set your browser to block cookies or use the opt-out option at www.channelpilot.de/optout. The opt-out cookie applies only to the browser where it was set.
XVIII. Social Plugins
Facebook Social Plugins
Our website uses social plugins (“Plugins”) from the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” icon) or labeled as “Facebook Social Plugin.” A list and appearance of the Facebook Social Plugins can be found here: http://developers.facebook.com/plugins.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the webpage. Therefore, we have no influence over the extent of the data collected by Facebook through this plugin.
Through the plugin, Facebook receives information that you visited the corresponding page of our website. If you are logged into Facebook, Facebook can associate your visit with your Facebook account. If you interact with the plugins, for example by clicking the “Like” button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there.
Even if you are not a Facebook member, Facebook may still collect and store your IP address. For information on the purpose and scope of data collection, further processing and use of the data by Facebook, and your rights and privacy settings, please refer to Facebook’s privacy policy: http://www.facebook.com/policy.php.
If you are a Facebook member and do not want Facebook to collect data about you through our website and link it to your Facebook account, please log out of Facebook before visiting our website.
XVIII. Embedding External Content
We use external dynamic content to optimize the presentation and offerings of our website. When you visit our website, a request is automatically sent via API to the server of the respective content provider, transmitting certain log data (e.g., your IP address). The dynamic content is then delivered to our website and displayed there.
We use external content for the following functionalities:
1.Embedding YouTube Videos
We have embedded videos from YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”) on our website. When playing these videos, log data is transmitted to YouTube’s servers in the USA. This processing is based on our legitimate interest in optimally marketing our offerings under Art. 6(1)(f) GDPR. YouTube is certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveMore information: https://policies.google.com/privacy?hl=en
2.Google Maps
We use Google Maps to provide you with an interactive map. When displaying the map, data including your IP address and location is transmitted to Google’s servers in the USA. This processing is based on our legitimate interest in optimally marketing our offerings under Art. 6(1)(f) GDPR. Google is certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. More information: https://policies.google.com/privacy?hl=en
3.reCAPTCHA
To protect your inquiries via online forms, we use Google’s reCAPTCHA service. The verification determines whether the input is provided by a human or abusively by automated systems. Your input, including your IP address and other required data, is sent to Google for processing. Within the EU or EEA, your IP is truncated before transmission; in exceptional cases, the full IP may be sent to the USA and truncated there. Google uses this data to evaluate service usage. The IP address transmitted via your browser is not merged with other Google data. Privacy information: www.google.com/intl/en/policies/privacy/. Google is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. Legal basis: Art. 6(1)(f) GDPR.
4.Idealo
Our website displays the logo of our partner Idealo (idealo internet GmbH, Ritterstraße 11, 10969 Berlin). When accessing our site, your browser automatically transmits certain information to Idealo’s server, temporarily stored in a server log file for 7 days. The following data is collected automatically:
IP address of the requesting device
Date and time of access
Name and URL of the retrieved file
Referrer URL
Browser and operating system information, and access provider
Temporary storage of your IP is necessary to deliver the website and ensure functionality, optimize the website, and maintain IT security. These data are not stored together with other personal data. Legal basis: Art. 6(1)(f) GDPR.
XIX. Age Verification
1. Description and Scope of Data Processing
When ordering an item subject to age verification (e.g., alcoholic beverages), we conduct an age verification. During the checkout process, after selecting the payment method, an input form for age verification is displayed. Alternatively, age verification can also be performed via the customer account. Only the result of this verification is stored in the customer account.
The following data is collected:
ID number
2. Legal Basis for Data Processing
The legal basis for processing personal data for age verification is Art. 6(1)(b) and (c) GDPR.
3. Purpose of Data Processing
The data is processed to comply with legal obligations under youth protection laws when an item is ordered that may only be sold to persons above a certain age.
4. Retention Period
Only the information that age verification has been successfully completed is stored in the customer account. For guest orders without a customer account, only the result of the age verification is stored. Verification must be performed again for each relevant order if no customer account exists to store the verification result. Data is deleted once it is no longer required for the purposes of collection. Legal retention obligations remain unaffected.
5. Right to Object
Age verification is mandatory for certain products that may only be sold to persons above a specific age. Therefore, there is no right to object in this context.
XX. Rights of the Data Subject
Data Transfer to Third Countries
Personal data will not be transferred to third countries (outside the EU/EEA), unless explicitly stated in the privacy policy.
Provision of Data
Providing personal data is required for using certain features of the website, such as receiving store offers or participating in contests, if specifically indicated.
Right to Object
You have the right to object at any time to the processing of personal data based on Art. 6(1)(f) GDPR if there are reasons related to your particular situation, unless there are compelling legitimate grounds for processing.
If we process personal data for direct marketing purposes, you can object at any time without giving reasons to the processing of your personal data for such advertising (Art. 21 GDPR). Please send your objection via email to shop-service@netto-online.de
XXI. Contact Information
Data Controller:
NeS GmbH
Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Germany
Phone: 089-70066700 (Mon–Fri 08:00–19:00, local rate)
Email: shop-service@netto-online.de
Data Protection Authority:
Bavarian State Office for Data Protection Supervision
Promenade 18, 91522 Ansbach, Germany
Mailing Address: P.O. Box 1349, 91504 Ansbach
Phone: +49 (0)981 180093-0
Fax: +49 (0)981 180093-800
Email: poststelle@lda.bayern.de
Where specifically indicated, the responsible entity is:
Netto Marken-Discount Stiftung & Co. KG
Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Germany
Phone: 09471 / 320 0
Fax: 09471 / 320 149
Email: info@netto-online.de
Corporate Data Protection Officer of Netto Marken-Discount Stiftung & Co. KG:
Mr. Björn Scheppan
Industriepark Ponholz 1, 93142 Maxhütte-Haidhof, Germany
Phone: 09471/320-0
Email: datenschutzbeauftragter@netto-online.de
Data Protection Authority (again for reference):
Bavarian State Office for Data Protection Supervision
Promenade 18, 91522 Ansbach, Germany
Mailing Address: P.O. Box 1349, 91504 Ansbach
Phone: +49 (0)981 180093-0
Fax: +49 (0)981 180093-800
Email: poststelle@lda.bayern.de
Version Date: 20.12.2022