Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere and therefore take the protection of your personal data and the associated lawful processing very seriously. Your personal data will always be processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific Data Protection Regulations applicable to KODi Diskontläden GmbH.
As the controller, we have implemented numerous technical and organizational measures to ensure the optimal protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or by post.
We would like to inform you about the processing of your personal data in our online offer. To do so, navigate through our data protection information as usual. We provide you with a brief summary of each topic and, for particularly interested readers, additional detailed information on the respective content.
If you have any questions, please do not hesitate to contact our data protection team by e-mail to firstname.lastname@example.org.
KODi Diskontläden GmbH
Zum Eisenhammer 52
We have appointed a data protection officer, you can reach him via the following contact options:
By mail to:
KODi Diskontläden GmbH
– for the attention of the Data Protection Officer –
By e-mail to:
In order for you to be able to understand the following information on the processing of your personal data and the wording used there, we would like to briefly explain the most important terms. These are specified by the legal definitions in Article 4 of the General General Data Protection Regulation and should also be understood as such here.
If you are already familiar with the terms, please continue with section 3.
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Thus, the data related to your person is all information that allows a conclusion to your person. This is in particular the IP address that is assigned to your terminal device or the Internet connection with which or via which you use the online offer.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
When you use the online offer, the IP address used by you is collected at the beginning of the usage process, as well as other data related to the usage. For this reason, we are obliged to provide you with the following information.
When you use the online offer, we process the data related to your person on the basis of the following permissions:
For the purpose of realizing the online offer or, from your point of view, simply visiting the online offer, personal data is processed on the basis of legitimate interests (Art. 6 (1) lit. f GDPR). In doing so, the responsible party pursues the legitimate interest of presenting the information summarized in the online offer to anyone who is interested. Accesses to the online offer are recorded in so-called server log files. We need these log files in order to display the content of our website correctly, to ensure and optimize the usability of our website or to provide law enforcement authorities with the necessary information in the event of cyberattacks.
For the creation of user accounts, the realization of the registration process, as well as the provision of those parts of the online offer which are only accessible to registered and logged-in users, personal data are processed based on a contract (Art. 6 para. 1 lit. b GDPR).
We also process personal data to ensure the confidentiality, integrity, availability and resilience of the online service and the systems used to provide it, including measures to detect, contain, prevent and correct faults or errors in the online service. These are examples of the generally formulated purpose of “compliance with legal obligations” incumbent on the controller in connection with the provision of the online service. The permission for such processing results from Art. 6 (1) lit. c GDPR. Corresponding legal obligations result, for example, from Art. 32 (1) GDPR.
However, the most important basis for processing personal data is your consent to the processing (Art. 6 para. 1 lit. a GDPR). We will explain the purposes for which these processing operations are carried out in the context in which we ask you to declare your consent.
We will be happy to explain the individual legal bases in more detail in the following sections:
Art. 6 (1) lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. This may, for example, be your consent to receive our newsletter and the associated processing of your personal data.
Consent is a voluntary declaration. It follows from this that on the one hand you are not obliged to declare consent and on the other hand, that you can revoke consent already declared at any time. Please note that the revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example, in cases of inquiries about our products or services.
If our company is subject to a legal obligation through which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR.
Ultimately, processing operations could be based on Art. 6 (1) lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases, are based our legitimate interest if the processing is necessary for our company or a third party. This happens only if the interests, fundamental rights and freedoms of the data subject are not overridden.
When we make the personal data processed by us or on our behalf available to another person, organization or entity, we talk about the disclosure or transfer of data. This other person or entity is referred to as a recipient. Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party.
We disclose data to the following categories of recipients:
- processors, i.e. companies that handle your data exclusively in accordance with our instructions based on contractual obligations with us. The largest group of processors, in the context of this online offer, are the providers of technical services and services, in particular data center services.
- third parties, i.e. companies that handle your data on their own responsibility. In connection with the online offer, this concerns above all the hosting providers or content suppliers.
Individual recipients are described explicitly below.
As a matter of principle, the transmission of confidential content within the scope of our Internet presence takes place in encrypted form (SSL/TLS encryption), which of course, also includes payment transactions or the transmission of payment information.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. You can recognize an encrypted connection by the fact that the address line of the browser contains a “https://” instead of a “http://” and by the lock symbol in your browser line.
Detailed information on the technology used can be found in the following sections:
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains a “https://” instead of a “http://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, third parties cannot read the data you transmit to us.
When using our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (in so-called “server log files”). Our website collects a series of general data and information with each call of a page by you or an automated system. This general data and information is stored in the server log files. The following information can be recorded:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system arrives at our website (so-called referrer),
- the sub-websites which are accessed via an accessing system on our website,
- the date and time of access to the website,
- a shortened Internet protocol address (anonymized IP address),
- the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. This information is rather required in order to
- to deliver the contents of our website correctly,
- to optimize the content of our website and the advertising for it,
- to ensure the permanent operability of our IT systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
Therefore, the data and information collected will be used by us for statistical purposes only and to increase the data protection and data security of our enterprise to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
The legal basis for the data processing described above results from Art. 6 para. 1 lit c. GDPR in conjunction with § 13 para. 7 TMG and serves to prevent disruptions to our website or attacks on our website, as well as our obligation to protect personal data.
In a cookie, information is stored that arises with the use of the specific device. However, this does not mean that we gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
Which cookies we use, whether it is a cookie of a service provider or third party and how long the cookies are stored, you can always see the details of the following table.
|_gat||analysis||1 minute||Certain data is only sent to Google Analytics up to every minute. The cookie‘s lifetime is one minute. As long as it is set, certain data transmissions are prevented.|
|_gid||analysis||24 hours||Contains a randomly generated user ID. This ID enables Google Analytics to recognise returning users on this website and to merge data from previous visits.|
|_ga||analysis||2 years||Contains a randomly generated user ID. This ID enables Google Analytics to recognise returning users on this website and to merge data from previous visits.|
|_ga_<container-id>||Analyse||2 years||Used to obtain the session status.|
|pll_language||function||KODi||1 year||Saves the language setting of the website.|
|cookies-functional||function||KODi||1 year||Saves consent to the use of functional cookies.|
|cookies-analytics||function||KODi||1 year||Saves consent to the use of analytical cookies.|
Via the aforementioned consent management, you have the possibility to design the cookie setting according to your preferences by giving your consent for the cookie categories per click. If your preferences change and you want to adjust your settings, we ask you to delete the cookies that have already been set from your browser and to adjust your settings according to your preferences when you visit our website again. Alternatively, you can adjust your settings using the checkboxes in the next paragraph.
The data processed by cookies, which are required for the proper functioning of the website, are necessary to protect our legitimate interests, as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f GDPR. The category described above has been classified in our cookie banner under “Functional cookies” or in German “Funktionale Cookies”.
For all other cookies, you can give your consent to this within the meaning of Art. 6 (1) lit. a GDPR via our cookie banner. A revocation or an adjustment of your consent can be made at any time by deleting the cookies stored in your browser. When you subsequently visit our website again, you will then have the opportunity to adjust your consent via our consent management.
With regard to the indication of the duration of storage, it should generally be noted that the controller only stores personal data for as long as it is necessary to pursue the purpose of their processing. This results in detail:
For the above-mentioned purposes of providing the online offer, the data is stored for as long as your use of the online offer lasts in the individual case.
For the purpose of contacting us, your data will be stored until the communication with you has ended; if the content of the communication triggers retention obligations, the data will be stored beyond the time of termination of the communication until the expiry of the retention obligation, otherwise at least as long as the possibility of the responsible party’s own legal defense makes storage necessary within the framework of statutory limitation or preclusion periods.
For the purpose of IT security, personal data may be stored for up to 7 days after the end of the individual usage process. In other cases of the pursuit of legitimate interests and fulfilment of legal obligations, the personal data will be kept as such for as short a time as possible and deleted or the personal reference irreversibly removed when the purpose is achieved, usually within a few minutes after the end of your use of the online offer.
We want you to enjoy your visit to our website. To this end, we offer you various functions within the scope of using our website. One of these functions is the integration of our applicant portal.
In order for you to be able to use the aforementioned functions, we may require personal data from you. Which data we request for the respective functions of the website and under which conditions the further processing of this data takes place, we will gladly inform you about in the following sections:
We collect and process the personal data of applicants for the purpose of handling the application process and use a specialist provider for this purpose (softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin). This provider acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called contract for order processing with this provider, which ensures that the data processing is carried out in a permissible manner.
You have the option of applying to us via our career portal or by e-mail. The data is then transmitted to us electronically and checked in-house by the relevant departments. If we conclude an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents are automatically deleted six months after notification of the rejection decision, provided that no other justified interests on our part oppose deletion. Other legitimate interests in this sense are, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act , the so called “Allgemeinen Gleichstellungsgesetz” (AGG). In this respect, the data processing is carried out solely based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
For consideration in future vacancies, it is possible to store your data in our talent pool. However, for this we ask you separately for your consent in accordance with Art. 6 para. 1 lit. a.
You can read the General Data Protection Regulations of the above-mentioned service provider here: https://softgarden.com/de/datenschutz/
We offer you raffles or competitions at irregular intervals on our homepage or in the context of social media use (e.g. Facebook). Our raffles / competitions are subject to the respective applicable conditions of participation. You do not automatically participate in raffles 7 competitions, but will be informed of the possibility of participation.
Within the scope of the prize promotions, we process the relevant data for the promotion in each case. This is usually your first name, last name, e-mail address, postal address and, if applicable, your telephone number. The data provided is used for the implementation and subsequent contact in the event of notification of the prize. The data processing serves the purpose of handling the prize campaign and is therefore based on Art. 6 Para. 1 lit. b GDPR.
Your data will not be passed on to third parties when the raffle / competition is offered via our website. An exception is the integration of a shipping service provider, if the prize must be sent.
If the competition is offered via a social media platform such as Facebook, the respective provider will of course also gain knowledge of the data provided.
The data transmitted for the prize campaign will be deleted after the campaign has ended, unless we are obliged to retain the data for longer (generally 10 years) for reasons of commercial or tax law.
Personal data is collected when contacting us (e.g. via contact form). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal storage obligations to the contrary.
We have created a virtual tour with the help of the Matterport tool and integrated it on our website. The operating company of Matterport is Matterport, Inc, 352 E. Java Dr., Sunnyvale, CA 94089, USA.
If you call up our pages and confirm the start of the 3D tour by clicking on the “Play” button, a connection is established to the servers of Matterport with server location in the USA. This transmits to Matterport which page you have visited, as well as the IP address of your terminal device. If you also have a Matterport account and are logged in to it at the time of accessing our website, Matterport assigns your surfing behavior to your personal profile.
The use of Matterport is based on our legitimate interest in an attractive presentation of our website and products within the meaning of Art. 6 (1) lit. f DSGVO and your consent pursuant to Art. 6 (1) lit. A DSGVO to the use / view of the 3D tour and the associated data transmission.
Further information on data processing by Matterport can be found at: https://matterport.com/privacy-policy.
So that we can also communicate with you in social networks and inform you about our products, campaigns and our company, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Art. 26 GDPR with regard to the processing operations triggered thereby which concern personal data.
We are not the original provider (responsible party or controller) of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
Therefore, we point out as a precaution that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and the processing in the social networks often takes place directly for advertising purposes or for the analysis of user behaviour by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behaviour is directly assigned to your own member profile of the social networks (if you are logged in).
The described processing operations of personal data are carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a GDPR in conjunction with. Art. 7 GDPR.
We reserve the right to delete content on our own profile insofar as this is possible and appears necessary. The deletion of the content published by you will be carried out in accordance with the procedures and policies of the respective social media platform.
We may communicate with you via the social media platform in order to answer your inquiries, for example about our products. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal retention obligations, insofar as deletion or restriction of processing is possible. Communication via social media platforms is potentially insecure. You can always contact us via other means.
Since we do not have access to the data files of the providers, we would like to point out that it is best to exercise your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks and the possibility of making use of your right of objection or revocation (so-called opt-out), we have listed below at the respective provider of social networks used by us:
(Co-) Responsible for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Notice (Data Policy):
(Co-) responsible for data processing in Germany:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-out and advertising preferences: https://www.instagram.com/accounts/privacy_and_security/
(Co-) responsible for data processing in Germany: TikTok Technology Ltd. , 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
(Co-) Responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Opt-out and advertising preferences:
(Co-)responsible for data processing in Germany:
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Information requests for XING members:
In order to show you targeted advertisements for and on our website and to present you with advertisements that potentially correspond to your interests, we use technologies designed for this purpose. If, for example, you are shown ads on our website for products in which you were interested in on other websites, this is referred to as “remarketing”.
To ensure that you can control the setting of cookies for web analysis or advertising according to your wishes, we have integrated a consent management on our website (see also section “Cookies). There you can specifically consent to the use of selected cookies. If your preferences change, simply delete the cookies from your browser history and adjust your settings the next time you visit our website.
Specific information concerning the tools used can be found in the following sections:
On our website we use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies are used (see section “Cookies”). The information generated by the cookie about your use of this website, such as
- Browser type / version,
- operating system used,
- Referrer URL (the previously visited page),
- Hostname of the accessing computer (IP address),
- Time of the server request,
will be transmitted to and stored by Google on servers in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and provide other services related to website activity and internet usage for the purposes of market research and demand-oriented design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
The use of Google Analytics is in the interest of optimizing and designing our website according to your needs. The legal basis for the processing is your consent given in our consent management pursuant to Art. 6 (1) lit. a GDPR.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
On our website, in addition to the Google Analytics version (Universal) mentioned above, we are temporarily using the Google Analytics 4 (GA4) version, which is also a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
In this context, pseudonymized usage profiles are created and cookies (see point “6 Cookies”) are used. The information generated by the cookie about your use of this website may include:
- a short-term collection of the IP address without permanent storage.
- location data
- browser type/version
- operating system used
- referrer URL (previously visited page)
- Time of the server request
The pseudonymized data may be transferred by Google to a server in the USA and stored there.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 Para. 1 lit. a DSGVO.
Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de
As a data subject, you have a variety of rights in terms of data protection. The most important rights of a data subject include the right to information, the right to rectification, erasure or restriction and your right to object.
If you require information on the following topics, please contact our data protection team (email@example.com), our specialists will be happy to assist you. For further contact options, please also refer to point 1.2 of the data protection declaration.
We would be pleased to inform you in detail in the following:
You have the right to request information about the personal data stored by us free of charge. Please note that we are obliged to verify your identity before responding to the request and may ask you questions in this context.
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
You have the right to demand that we restrict processing if one of the legal requirements is met.
You have the right to demand that we erase the personal data concerning you without undue delay, given that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
In individual cases, we process personal data in order to carry out direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You can exercise your objection by means of automated procedures (e.g. “do-not-track” setting in your browser) or in individual cases send a statement by e-mail, fax or letter to the following contact details:
KODi Diskontläden GmbH
– Datenschutz Onlineshop –
Zum Eisenhammer 52
Fax: 0208 / 85007-112
For the objections not declared by means of automated procedures, we would like to point out that these can only be realised if you give us the possibility to recognise you in future when you visit our online offer (for example by means of a persistent cookie).
As a data subject, you naturally have the right to lodge a complaint with the responsible data protection supervisory authority.
Your provision of the personal data concerning you is necessary for the delivery of our online offer. There is no legal obligation to provide the data. However, non-provison of the data would have the consequence that the online service cannot be provided to you, or cannot be provided completely.
We do not use automated decision-making processes that would have legal effect on you or would significantly affect you in a similar way when processing your data.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed and printed out by you at any time on the website at https://www.kodi-unternehmen.de/ueber-kodi/datenschutz/.