Data privacy and protection

Here at real.digital, the protection of your personal data is a top priority. This is why we provide this Privacy Policy to inform you about how we protect your privacy when you share your personal information with us. Alongside naturally observing German data protection laws, we would like to use this Privacy Policy to commit ourselves to the responsible use of your data in order to protect your privacy at all times. It is very important to us that you feel comfortable when you visit our website.

In the section “Data Controller”, we begin by providing information on the Data Controller and the Data Protection Officer along with the available contact options. Under “General information on using the website ‘real-digital.de’”, we next provide information on universally applicable notices. Finally, in the section “Rights for Data Subjects”, we provide information about your rights as a Data Subject in accordance with the GDPR.

A. Data Controller
B. General information on using the website “real-digital.de”
C. Rights for Data Subjects

If you have any further questions on the collection, processing or use of your personal data or regarding specific processes, our Data Protection Officer will gladly answer your questions and may be reached using the following contact information:

 

A. Data Controller

 

I. Name and address of the Data Controller

Our Data Controller in accordance with the European General Data Protection Regulation
and other national data protection laws of EU Member States or any other applicable data protection regulations is:

Business address:
real,- Digital Payment & Technology Services GmbH
Habsburgerring 2
50674 Cologne, Germany

Düsseldorf commercial registry no.: HRB 78552

Contact information:
Phone: +49 221 975 979 50
E-mail: jobs@real-digital.de

II. ADDRESS AND CONTACT INFORMATION FOR OUR DATA PROTECTION DIVISION

For any questions relating to the processing or use of your personal data, please contact us by using the following addresses:

By e-mail:
datenschutz@real-digital.de

By post:
real,- Digital Payment & Technology Services GmbH

Data Protection Officer
Habsburgerring 2
50674 Cologne, Germany

 

III. Address and contact information for the Data Protection Officer

 

datenschutz süd GmbH
Dr. Christian Borchers
Wörthstraße 15
97082 Würzburg, Germany
office@datenschutz-sued.de

 

B. General information on using the website “real-digital.de”

 

Generally speaking, anonymous use of our website is possible. When you access our website, some general information is collected automatically. This includes information such as your web browser type, the operating system you use, the domain name of your internet service provider and similar information.

This exclusively concerns information that does not allow any conclusions to be made about your person. Furthermore, this kind of data is generated when you access app content or any other website on the internet. This data is therefore not related to any specific functionality of our website. We exclusively collect this type of information on an anonymous basis for statistical analysis.

We only store your personal data when you share it with us. We need this personal data – such as your name and e-mail address – for example when you sign up to a newsletter or use the function for commenting on posts on our website. We exclusively use the data collected in this manner for the purpose for which you have provided it to us, in particular for sending you the newsletter you have signed up for or in the context of displaying a comment under the name you have entered.

Information on the individual processes:

I. Provision of the website real-digital.de and creation of log files

1. Description and scope of data processing

Every time our website is called, our system automatically collects data and information on the computer system of the calling device. To the extent that your browser settings allow for transmission, the following data is thereby collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
(5) The last website from which the user’s system reached our website

This data is temporarily stored in our system’s log files. No storage of this data in combination with other personal information about the user will occur.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing

The temporary storage of your IP address by the system is necessary for enabling delivery of the website to your device. To make this possible, the user’s IP address must be stored for the duration of the session. The storage of log files occurs to ensure the functionality of our website. We also use this data to optimise our website and to ensure the safety of our information technology systems. For these purposes, our legitimate interest is grounded in data processing in accordance with Art. 6 Para. 1 lit. f) GDPR.

4. Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of this data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of rejection on the part of the user.

II. Use of cookies

1. Description and scope of data processing

Our website uses cookies to optimise the ordering process. Cookies are text files stored in or by the internet browser on your device. A cookie can be placed on the user’s operating system when they access a website. This cookie contains a unique sequence of characters that makes it possible to clearly identify the browser when the website is accessed again in the future.
Such cookies are used, for example, to save your shopping cart or wish lists to make your next order more convenient for you. Once your order is completed and when you return to our website, a corresponding cookie will help recognise you as a customer, making repeat orders easier. Most browsers are equipped with functions that can be used to reject cookie placement or to delete the cookies placed by a website once the visit to that site has ended. With cookies disabled, you will not be able to use some of the functions of our website, e.g. in the online shop.
You can also tick the box “Keep me signed in” in your real account, giving you the option on your next visit, depending on the account services you have selected, to access services such as your current total of PAYBACK points or the My Family children’s songs download more quickly without needing to sign in again. In order to access or change your personal data, however, you need to sign in again.
The process is similar for the real mobile app. After you successfully sign in to your user account, the login information is stored in the app and you can enjoy quick access to features such as your current PAYBACK points total, e-coupons or digital shopping vouchers without needing to sign in again. To sign out of your real user account, please use the “Log out” button in your account overview.
We use cookies to make our website more user-friendly. Some elements of our website require the ability to identify the calling browser even after a page change.
These cookies store and transmit data such as the following:
(1) Language settings
(2) Items in a shopping cart
(3) Login information
Our website also uses cookies that enable the analysis of user surfing behaviour.
This enables the transmission of data such as:
(1) Search terms entered
(2) Frequency of page views
(3) Use of website functions
The user data collected in this manner is pseudonymised using technical precautions. This makes it impossible to associate this data with the user accessing the site. This data is not stored together with any other personal data about user.
Users are informed about the use of cookies for analytics purposes in our Privacy Policy. This content also provides information on how users can prevent the storage of cookies using their browser settings.

2. Legal basis for data processing

The legal basis for processing personal data through the use of cookies is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing

The purpose behind the use of technically necessary cookies is to simplify website use on behalf of our users. Some functionalities of our website cannot be provided without the use of cookies. These elements require that the calling browser remains identifiable even after a page change.
We use analytical cookies for the purpose of improving the quality of our website and its contents. Analytical cookies provide us with information about how the website is being used and enable the ongoing optimisation of our services. Details on the exact purpose of use can be found in the section on web analytics.
These purposes also serve our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f) GDPR.

4. Duration of storage / Possibility of objection and removal

Cookies are stored on the user’s device, which forwards them to our site. For this reason, you also have total control over the use of cookies as a user. By changing your browser settings, you can restrict or deactivate the transfer of cookies. Cookies already stored on your device can be deleted at any time. This can also be executed automatically. If you deactivate cookies for our website, you may not be able to use all functionalities of our website to their full extent.

III. Web analytics and partner integration

1. Scope of the processing of personal data

Our website uses the Google Analytics tool to analyse our users’ surfing behaviour.

Detailed description:
Google Analytics
Our website uses Google Analytics. A web analytics service of Google Inc. Google Analytics, which uses cookies. Cookies are text files stored on your device that make it possible to analyse your use of our website.

When individual pages of our website are accessed, in particular the following information is stored:

(1) Two bytes of the IP address of the user’s calling system
(2) Information on the calling system’s operating system
(3) Information on the browser
(4) The accessed web page
(5) The website from which the user has reached the accessed web page (“referrer URL”)
(6) The subpages accessed from the web page being accessed
(7) Time spent on the page
(8) Date and time of your visit to our website

The information on your use of the website generated by these text files is transmitted to and stored on a Google server in the U.S.A. Google uses this information to evaluate your use of our website, to compile reports on website activity for the website operators and to provide further services related to internet and website use. Insofar as this is required by law or third parties process this data on Google’s behalf, Google will also share this information with third parties. This information is used in an anonymised or pseudonymised manner. Further information on this topic is provided by Google.

If you would like to prevent Google Analytics from receiving insights into your user behaviour as described above, you can do so by integrating a deactivation extension in your browser.
For more information on this extension, please see: https://tools.google.com/dlpage/gaoptout/.

2. Legal basis for data processing

The legal basis for data processing under user consent is Art. 6 Para. 1 lit. a) GDPR.
The additional legal basis for the processing of personal user data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing

The processing of personal user data makes it possible for us to analyse our users’ surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also serve our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f) GDPR. The user’s interest in the protection of personal data is sufficiently accounted for through the anonymisation of the IP address.

4. Duration of storage

The data is erased as soon as it is no longer necessary for our recording purposes.

5. Possibility of objection and removal

On our website, we offer users the option of opting out of web analytics. To do so, please follow the links provided. With this option, an additional cookie is placed on your system that signals our system not to store your data. If you delete this cookie from your system, you will need to activate the opt-out option again.

IV. Social plug-ins

1. Scope of the processing of personal data

Our website uses so-called social plug-ins from the companies listed below. These plug-ins make it possible for your to share content on the respective social media networks directly from our website or apps:
● Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, U.S.A. These plug-ins are marked with the Facebook logo or the notation “social plugin by Facebook” or “Facebook social plugin”.

● Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103. These plug-ins are marked with a Twitter logo, for example in the form of a blue “Twitter bird”.
● XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany. These plug-ins are marked with the Xing logo, for example in the form of a stylised “X”.

To improve the protection of your data when you visit our website, the plug-ins are integrated into the site using a so-called “two-click solution”. This integration guarantees that no connection with Facebook, Google or Twitter servers is established when one of our web pages is accessed that contains this kind of plug-in. Your browser will not establish a direct connection to Google, Facebook or Twitter servers until you specifically activate the plug-ins and thereby provide your consent to data transmission. The content of the plug-in will then be transmitted directly to your browser by the respective provider and integrated into the page.

2. Legal basis for data processing

The legal basis for data processing under user consent is Art. 6 Para. 1 lit. a) GDPR.

The additional legal basis for the processing of personal user data is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing/ Duration of storage / Possibility of objection and removal

For information on the scope and purposes of data collection and the further use and processing of the data by these providers as well as on your corresponding rights and settings options for the protection of your privacy, please see the privacy policies of these providers.

http://www.facebook.com/policy.php
https://twitter.com/privacy
https://www.xing.com/privacy

V. Newsletter

1. Description and scope of data processing

Our website offers the possibility to subscribe to our free newsletter. During registration, the data entered in the sign-up screen is transmitted to us.
(1) E-mail address
(2) where identifiable, the campaign from which the user has reached the called website
(3) Date and time of registration

If you register for our free newsletter on our website, we will regularly notify you via e-mail about current e-commerce topics, campaigns, etc. To process your registration, we require your e-mail address. If you provide us with further information we will use this, for example, to address you personally or to select your preferred real store.

After you submit the registration form, you will receive a confirmation e-mail from us (double opt-in). Your registration will not become effective until you have clicked on the link in this e-mail. If you do not confirm your registration, your data will be erased. You can unsubscribe from our newsletter at any time. To do so, please use the unsubscribe link that is provided with every e-mail.

2. Legal basis for data processing

The legal basis for data processing under user consent following newsletter registration by the user is Art. 6 Para. 1 lit. a) GDPR.

3. Purpose of data processing

Collection of the user’s e-mail address is for the purpose of delivering the newsletter. The collection of any other personal data during the registration process serves to prevent misuse of the services or the provided e-mail address.

4. Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address is stored for at least as long as their newsletter subscription is active. Afterwards, the addresses remain in the newsletter database for a period of 30 days before being deleted in order to prevent misuse of discount offers through repeated subscription and unsubscription to the newsletter.

5. Possibility of objection and removal

The newsletter subscription may be cancelled by the registered user at any time. Please use the link provided with every e-mail to unsubscribe from the newsletter completely. This also enables revocation of consent to the storage of the personal data collected during the registration process.

VI. Use of the comment function

1. Description and scope of data processing

Insofar as you make use of the option to comment posts on our site, we will store the name and e-mail address you provide to us for this purpose by entering this information in the respective screen. This information will be stored in compliance with applicable data protection laws and serves, in particular, to facilitate the provision of services or contact in cases of misuse.

2. Legal basis for data processing

The legal basis for processing personal data through the use of cookies is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing

The collection of personal data serves to prevent misuse of the services or the provided e-mail address.

4. Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Possibility of objection and removal

You are free to object to the storage of this data, in particular via e-mail to datenschutz@real.de.

VII. Use of the application tool

1. Scope of the processing of personal data

Finally, you can also use our website to apply for employment at our company. Here we collect the following data through the “Apply” screen:

(1) First name
(2) Last name
(3) E-mail address
(4) CV (if uploaded)
(5) Salary expectations

This information is then considered during the application process.

2. Legal basis for data processing

The legal basis for data processing under user consent following activation of the button by the user is Art. 6 Para. 1 lit. a) GDPR.

3. Purpose of data processing

The collection of this data serves to process the respective user’s application during the application process.

4. Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Possibility of objection and removal

You can object to the further processing of your data at any time. To do so, simply write to us at jobs@real-digital.de.

VIII. Misuse of our website

1. Description and scope of data processing

Insofar as it serves to clarify misuse of our platform, is necessary for prosecution or required to fulfil our statutory obligation to disclosure, personal data will be forwarded to the proper authorities – in particular law enforcement agencies and tax authorities – to our legal counsel or to injured third parties. Forwarding of personal data may also occur where this serves the enforcement of our General Terms and Conditions or other agreements or is required by a legal or other official regulation or a court order.

2. Legal basis for data processing

The legal basis for processing is Art. 6 Para. 1 lit. f) GDPR.

3. Purpose of data processing

This data processing is absolutely necessary to ensure the security of our IT systems and processes and to comply with legal and official requirements. For these purposes, our legitimate interest is grounded in data processing in accordance with Art. 6 Para. 1 lit. f) GDPR.

4. Duration of storage

The data is erased as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Possibility of objection and removal

The processing of data in cases of misuse is absolutely necessary to prevent the misuse of the services provided or the impairment of our rights of those of third parties. There is therefore no possibility of rejection on the part of the user.

 

C. Rights for Data Subjects

 

If we process your personal data, then you are a Data Subject according to the GDPR, and you are fundamentally entitled to the following rights insofar as no exceptions apply:

1. Right to information

You, as a Data Subject, have the right to demand confirmation from the Data Controller regarding whether personal data about you is being processed; if this is the case, you have the right to information on this personal data as well as to the information listed individually in Art. 15 GDPR.

2. Right to rectification

Furthermore, you are also entitled to the right to demand the Data Controller to rectify incorrect information about you without delay or to complete incomplete personal data (Art. 16 GDPR).

3. Right to restriction of processing

Data subjects are further entitled to the right to demand the Data Controller to restrict processing for the duration of investigation by the Data Controller if one of the conditions listed in Art. 18 GDPR applies, such as when the Data Subject has lodged objection to data processing.

4. Right to erasure

Finally, as a Data Subject you have the right to demand the data controller to erase the personal information about you without delay if one of the reasons listed in detail in Art. 17 GDPR applies, such as when the data is no longer needed for the purposes of collection (right to erasure).

5. Right to notification

If you have asserted your right to the rectification, erasure or restriction of processing by the Data Controller, then the Data Controller is obligated to notify all recipients to whom it has disclosed your personal data regarding this rectification or erasure of the data or restriction of its processing except in cases where this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the Controller.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the Data Controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another Controller without hindrance from Data Controller you have provided this data to, insofar as:
(1) Processing is based on consent in accordance with Art. 6 Para. 1 lit. a) GDPR or Art. 9 Para. 2 lit. a) GDPR or on a contractual agreement in accordance with Art. 6 Para. 1 lit. b) GDPR, and
(2) the processing is carried out by automated means
In exercising your right, you further have the right to have the personal data transmitted directly from one Data Controller to another as long as this is technically feasible. The rights and freedoms of others shall not be adversely affected thereby.
The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object

You have the right to object to the processing of your personal data on the basis of Art. 6 Para. 1 lit. e) or f) GDPR for reasons arising from your particular situation at any time; this also applies to profiling based on these provisions.
In such cases, the Data Controller will no longer process the personal data unless they demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms as a Data Subject, or for the establishment, exercise or defence of legal claims.
When your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for this form of marketing at any time, which includes profiling related to direct marketing.
If you object to data processing for direct marketing purposes, then your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revoke declaration of consent under data protection law

You have the right to revoke your declaration of consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing that is based on consent granted prior to this withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal consequences for you or significantly affects you in a similar way. This does not apply when the decision
(1) is necessary for entering into, or performing, a contract between you and the Data Controller,
(2) is authorised by Union or Member State law to which the Data Controller is subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
These decisions, however, shall not be based on the special categories of personal data referred to in Art. 9 Para. 1 GDPR unless Art. 9 Para. 2 lit. a) or g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in nos. (1) and (3) above, the Data Controller must implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests – at least the right to obtain human intervention on the part of the Controller, to express their point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, every Data Subject has the right to lodge a complaint with a supervisory authority if the Data Subject considers that the processing their personal data infringes Art. 77 GDPR. The Data Subject is free to exercise this right in the Member State of their habitual residence, place of work or place of the alleged infringement. The supervisory authority for (name of state) is:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf, Germany
Phone: +49 211 384 240
Fax: +49 211 384 2410
E-mail: poststelle@ldi.nrw.de

For any other questions, please feel free to contact our Data Protection Officer.