Data protection



Data Protection Policy - Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg for the Website www.ottogroup.com

As of: May 2022

In the following data protection policy, we will inform you about the processing of personal data by Otto (GmbH & Co KG), Werner-Otto-Str. 1-7, 22179 Hamburg (“OTTO” and/or “We” and/or “Controller”) in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG 2018).

Please read our data protection policy carefully. If you have any questions or comments about our data protection policy, please contact us at dtnschtzbftrgtrttgrpcm.

Table of contents

1. Name and Contact Details of Controller Responsible for Processing
2. Contact Details of Data Protection Officer
3. Online Presence and Website Optimization (with cookies)
3.1. Cookies—General Information
3.2 Web Analytics with Matomo
3.3 Intervention Options/Browser Settings
4. Document Requests
5. Contact
6. Social Media Plugins
6.1. Facebook and YouTube
6.2. Twitter
6.3. Instagram
6.4 Xing and LinkedIn
7. Recipients outside of the EU
8. Duration of Data Storage
9. Data processing in connection with registration for and participation in events
10. Otto Group Talent Pool System
11. Your Rights
11.1 Your Rights in Detail

1. Name and Contact Details of Controller Responsible for Processing

This data protection policy applies to data processing by

Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg, Germany
Phone: 040 - 3603 3603
EMail address: dtnschtzbftrgtrttgrpcm 

Represented by Managing Director(s):

Alexander Birken (Chairman)
Dr. Marcus Ackermann
Sergio Bucher
Sebastian Klauke
Petra Scharner-Wolff
Kay Schiebur

for the following websites: www.ottogroup.com.

2. Contact Details of Data Protection Officer

You can reach the Controller’s data protection officer at

Otto (GmbH & Co KG)
Werner-Otto-Straße 1-7
22179 Hamburg, Germany

Email address: dtnschtzbftrgtrttgrpcm 

3. Online Presence and Website Optimization (with cookies)

3.1. Cookies — General Information

3.1.1 Technically Necessary Cookies

This website uses cookies. Cookies are small text files that are generated automatically by your browser and stored on your device (notebook, tablet, smartphone, and suchlike). Information is stored in the cookie relating to the specific device being used. This does not mean, however, that We obtain direct knowledge of your identity. Some of the cookies We use are deleted at the end of the browser session (known as session cookies).

As a rule, it is only permitted by law to store information on devices (desktops, smartphones, tablets, and suchlike) — e.g., by setting cookies — and to access information on devices (tracking) if you have given your prior consent. The legal basis for this is Section 25 para. 1 sentence 1 of the Telecommunications and Telemedia Data Protection Act (TTDSG). Consent is not required if this form of storage/tracking is necessary in order to make the website available. The legal basis for this is Section 25 para. 2 number 2 TTDSG. Necessity is deemed to include assurance of the following functionalities/the achievement of the following objectives:

- To ensure system security
- To enable billing of partners
- To provide the services requested by the website visitor

You do not have the right to object to data processing that is necessary for operation of the website.

You can use the website at www.ottogroup.com without data being tracked or stored on your device that are not necessary in order to make this website available. Only ‘basic tracking’ is therefore enabled on this website.

3.2 Web Analytics with Matomo

We use open source software by the web analytics provider Matomo for the purpose of demand-oriented design and continuous optimization of this website, and in doing so invoke the legal basis provided in Article 6 para. 1 point f) of the General Data Protection Regulation (GDPR), namely our legitimate interest. The Matomo plug-in enables us to store cookies (text files) on your computer that allow us to analyze your use of our website. We will evaluate your use of the website in this regard and compile reports on website activities.

3.3 Intervention Options/Browser Settings

You can set up your browser so that it does not place our cookies on your end device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and also how to clear all already received cookies and how to lock your browser for all others.

Please proceed as follows:

In Internet Explorer:

  1. Select “Internet Options” in the “Extras” menu.
  2. Click on the “Privacy” tab.
  3. Now you can change the security settings for the internet zone. This is where you can set whether and which cookies should be accepted or refused.
  4. Confirm your setting with “OK.”

In Firefox:

  1. Select “Settings” in the “Extras” menu.
  2. Click on “Privacy.”
  3. In the drop-down menu, select “User-defined settings.”
  4. Now you can set whether cookies should be accepted, how long to retain these cookies, and add exceptions for websites that should always or never be allowed to place cookies.
  5. Confirm your setting with “OK.”

In Google Chrome:

  1. Click on the Chrome menu in the browser toolbar.
  2. Now select “Settings.”
  3. Click on “Display extended settings.”
  4. Click on “Content settings” under “Privacy.”
  5. You can use “Cookies” to adjust the following settings for cookies:
  • Clear cookies
  • Block all cookies
  • Clear cookies and website data every time you close the browser
  • Allow exceptions for cookies from certain websites or domains


If you want to clear individual cookies placed in your browser or want to learn what service provider/company placed cookies in your browser, you can do or learn this via a “preference manager.” This can be found, for example, at www.youronlinechoices.com.

4. Document Requests

Should you request documents on our website (e.g., an annual report), We will use the data specified by you for this purpose exclusively to send these documents.

The legal basis for this processing is Article 6, para. 1 point f) GDPR.

5. Contact

You have the opportunity to enter into contact with us in multiple ways. By email, phone, or mail. If you contact us, We will use the personal data that you have voluntarily provided to us in this context solely for the purpose of contacting you and processing your request.

The legal basis for this data processing consists of Article 6 (1) (a), Article 6 (1) (b), Article 6 (1) (c) GDPR and Article 6 (1) (f) GDPR.

6. Social Media Plugins

On our website, We use social plugins provided by the social networks Facebook, YouTube, Pinterest, Twitter, Instagram, and WhatsApp to publicize our company. This is done on the basis of Article 6 (1) (f) GDPR. The commercial purpose behind this is to be viewed as a legitimate interest within the meaning of the GDPR. Responsibility for operation in conformity with data protection must be guaranteed by the respective provider.

You will find the purpose and scope of the data collection and the further processing and use of data by the respective provider and your rights and setting options in this regard to protect your private sphere in the respective data protection or privacy policies of each provider that We link to in the following.

By logging out of social networks beforehand and clearing cookies that have been placed, you can prevent social networks from assigning the information collected about you to your user account with the respective social network during your visit to this website. If you do not want social networks to directly assign the data collected via our website to your profile, you must log out of the corresponding social networks before visiting our website.

6.1. Facebook and YouTube

This website uses social plugins from Facebook and YouTube (Google). These are services offered by the U.S. companies Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).

If you visit a page that contains such a plugin, your browser will connect to Facebook or YouTube and these sites will load the content. Your visit to this website can be tracked by Facebook and YouTube as a result, even if you do not actively use the function of the social plugin. If you have an account at Facebook or YouTube, you can use such a social plugin and share the information with your friends. We have no influence on the content of the plugins and the transmission of information.

On their websites, Facebook and Google provide detailed information on the scope, type, purpose, and further processing of your data. You will also find additional information on your rights and setting options for the protection of your private sphere here.
You can find Facebook’s privacy policy here and Google’s privacy policy here .

6.2. Twitter

This website has also integrated functions of Twitter. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). The use of Twitter and the “retweet” function mean that the websites you have visited are linked with your Twitter account and announced to other users. Data are also transferred to Twitter. Your internet browser will establish a direct connection to the servers of Twitter and transfer data to Twitter.

We would like to point out that We do not receive any information about the content of the transmitted data or their use by Twitter. You will find more information in Twitter’s privacy policy here.

You can change your data protection settings for Twitter here in the account settings.

6.3. Instagram

This website also has integrated plugins provided by the network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”). You will recognize the Instagram plugin by the “Instagram” button on our page.

If you click on the “Instagram” button while you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile. This lets Instagram associate your visit to our website with your user account. We would like to point out that We do not receive any information about the content of the transmitted data and their use by Instagram. You can find additional information on Instagram’s privacy policy here.

6.4 Xing und LinkedIn

This website also has integrated plugins provided by the social networks LinkedIn, of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA and Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany. You can find information about data protection in the privacy policies of here and Xing here.

7. Recipients outside of the EU

With the exception of processing operations for which We provide information about the possibility of transmitting data to recipients based outside of the EU in this data protection policy, We do not transmit your data to recipients based outside of the European Union or the European Economic Area. Data are transmitted on the basis of so-called standard contractual clauses of the EU Commission.

8. Duration of Data Storage

The duration for storing data collected on you depends on the purpose for which We process the data. These data are stored as long as they are required for the achievement of the pursued purpose. If We are required to store certain categories of data for a specific period of time due to legal obligations (e.g., tax obligations), the continued storage of the data after such are no longer necessary for the achievement of the respective purpose will be exclusively for the purpose of fulfilling the legal obligation. In this case, the data will be restricted for access.

9. Data processing in connection with registration for and participation in events

On this website you have the possibility of registering for events in order to participate in them. If you would like to participate in an event, the details of the participating persons necessary for that purpose will be collected. As a rule, they consist of your first name, last name, address, and contact details (e.g. email address). If you would like to register a minor for the event, this is only possible if you are authorized to register as their parent or guardian and participation of minors is planned. If you provide further personal data, we will process any personal data that you voluntarily provide here exclusively in connection with the event.

The legal basis for such data processing is Article 6(1) (b), (f) GDPR.

10. Otto Group Talent Pool System

In certain cases we may offer you the opportunity for inclusion in the Otto Group Talent Pool system. The purpose of the Otto Group Talent Pool system is to identify, retain and promote Talent, as well as to secure succession by actively promoting Talents' Otto Group-internal mobility. If you have consented to the disclosure of your personal data to other Otto Group companies and have thus opted to store your data within the Otto Group Talent Pool system, we will transmit the data you have provided as part of the profiling process to Otto (GmbH & Co KG) (hereinafter referred to as "OTTO"), which will store it in the Otto Group Talent Pool system. With regard to including you in the internal Otto Group Talent Pool system as well as the provision of this same system, we are jointly responsible alongside Otto (GmbH & Co KG) and the other Otto Group companies that participate in this system. We are primarily responsible for gathering, transmitting and registering your data, while OTTO holds responsibility for storing your data and providing the Otto Group Talent Pool system. After Otto (GmbH & Co KG) has transmitted your data to the companies participating in the Otto Group Talent Pool system, the Group companies process this data as "data controllers", as defined by applicable data-protection law, e.g. for the purpose of establishing contact. A potential application process will then normally take place directly via the respective company's processes.

Data processing takes place based on your consent (as defined under Article 6 (1) (a) GDPR). You may revoke your consent here at any time.

With regard to data processing, we and OTTO are available to you as central contacts with joint responsibility, each in our own area of influence. Please contact yrnxtmvttgrpcm at any time with enquiries regarding data protection, or to assert your rights as "data subject". You can also assert your rights against us. If you contact us, we will coordinate in accordance with the agreement on joint responsibility in order to respond to your request and to ensure your rights as data subject are upheld.

11. Your Rights

You are entitled to the rights of data subjects in connection with our processing of personal data. You have the right, for example, to receive information about the data We have stored on you. You can also revoke consent granted to us and object to individual cases of data processing. You also have the right to have incorrect data corrected and to request that We provide you with certain data in a standard electronic format. Furthermore, you have a right to erasure of the data stored on you. Please remember in this regard that We may be obligated for legal reasons to continue to store the data despite your assertion of your right to erasure. Furthermore, in some situations, We have an interest in the ongoing storage of your data such that this interest outweighs your interest in their erasure (e.g., if We still have outstanding claims against you).

11.1 Your Rights in Detail

You have the right to revoke the consent you have given to us and are entitled to the following rights if the legal requirements are met in the individual case:

  • the right to information about your personal data stored by us (Article 15 GDPR); in particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to which your data was or will be disclosed, the planned storage period, and the provenance of your data, if they were not collected directly from you;
  • the right to rectification of incorrect data or to have correct data completed (Article 16 GDPR);
  • the right to erasure of your data stored with us (Article 17 GDPR), if no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed by us (e.g., if We still have outstanding claims against you);
  • the right to restrict the processing of your data (Article 18 GDPR), if the accuracy of the data is disputed by you, the processing is unlawful, but you object to their erasure; the Controller no longer requires the data, but you need them to assert, exercise, or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
  • the right to data portability (Article 20 GDPR), i.e., the right to receive selected data We have stored on you transmitted in a standard, machine-readable format or to request transmission to another Controller;
  • the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your regular place of residency, workplace, or the registered office of our company.

The rights indicated above and to which you are entitled can be asserted at dtnschtzbftrgtrttgrpcm.

On this website Otto Group partly uses cookies which, based on the usage behavior, allow certain functions, such as an analysis of the use of the website.