Mercateo Deutschland AG (hereinafter referred to as “Mercateo”) takes the protection of your data very seriously and maintains the Mercateo platform in accordance with the applicable data protection law which includes the guidelines from the EU General Data Protection Regulation (referred to hereinafter as GDPR). The following illustrates how and to what extent your personal data is processed by Mercateo Deutschland AG.
1. General information
Mercateo Deutschland AG
Fürstenfelder Straße 5,
80331 München, Deutschland
Should you have any other queries which could not be answered in this data protection statement, you may contact our data protection officer at firstname.lastname@example.org.
Henry Freiberg is the Data Protection Officer of Mercateo Deutschland AG.
The responsible regulatory body for the entire Mercateo group is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach (Germany)
2. Data processing upon access to our website
When you visit our website, information such as
- the IP address,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which this website was accessed (referrer URL),
- the browser you use and, possibly, the operating system of the computer you use to connect to the internet as well as the name your access provider
is automatically transmitted to our server and temporarily stored. The processing is lawful in accordance with article 6, paragraph 1, item f) of the GDPR. This legitimate interest serves the following purposes:
- optimising the connection,
- ensuring and optimising the user-friendliness and handling of the website,
- ensuring the security and stability of the system
- as well as threat protection and prosecution following a cyberattack.
3. Data processing upon registration
The website offers the possibility to register as a customer or supplier. A password-protected customer account is created in the process. Which data is pro-cessed can be seen in the entry mask which the user has to fill in upon registration. This data is solely used for internal long-term storage of your personal data in a password-protected customer account. The IP address, the date and time of registration are stored.
A verification takes place to determine that the customer is not a consumer. This verification is completed to exclude consumers as the platform is solely geared towards B2B customers. The processing of this data is lawful in accordance with article 6, paragraph 1, item b) of the GDPR.
4. User management by the account holder
Through the user management, the account holder may name certain users as buyers and/or requesters for the account holder.
The account holder manages and organises their users. In the process, the account holder can access the information about the users that was entered and generated.
The account holder can do the following:
- make user settings
- allow or cancel account access for the user
- access and store the data of the user account
5. Data processing in the order process
Data is processed when an order is placed in order to complete all operations relating to the order. This procedure is lawful in accordance with article 6, para-graph 1, clause b) of the GDPR. Which data is processed can be seen in the entry mask which you fill in upon ordering.
The following data is processed to execute the sales agreement:
Your e-mail address is used to communicate with you electronically about your order and its processing. This kind of processing is lawful in accordance with article 6, paragraph 1, clause c) of the GDPR.
To fulfil the contractual obligations, the order data is transmitted to the supplier and, if applicable, transport personnel delivering the goods or rendering the services, to use the data for this purpose. This kind of processing is lawful in accordance with article 6, paragraph 1, clause b) of the GDPR.
To fulfil the contractual obligations, it may be necessary that the data is forwarded to our payment service provider or the commissioned financial institution. This depends on the selected payment method.
The following payment methods may be used:
- direct debit (SEPA)
- credit card (partially)
For instant transfers, we use the services of Klarna GmbH, Theresienhöhe 12, 80339 Munich, and for credit card payments, the services of EVO Payments Inter-national GmbH, Elsa-Brändström-Str. 10-12, 50668 Cologne.
In the event of delayed payments, we will forward the details to a company commissioned by us. We have legitimate interest in processing the data as we have a special interest in the settling of any open accounts.
6. Credit check
During the order process, we check the creditworthiness above a set order value. The credit check is not carried out by prepayment.
We submit the personal data required for a credit check (name and surname of the managing director, company, and address data) to the following agency:
a) Creditsafe Deutschland GmbH, Charlottenstr. 68-71, 10117 Berlin, Germany
b) Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Deutschland
c) Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden, Deutschland
The evaluation is carried out based on mathematical-statistical procedures. In order to calculate the probability value, your address data will also be used. You may object to the submission of your data to the credit agencies in text form (e.g. email, fax, and letter) at any time. In the case of an objection, Mercateo re-serves the right to offer no other type of payment than prepayment.
The credit check is lawful in accordance with article 6, paragraph 1, clause f) of the GDPR. Our legitimate interest is based on the fact that we advance funds, depending on the payment method, and seek to maintain an as low as possible financial risk for us.
7. Further data processing
Furthermore, data which you explicitly provide will be collected and recorded. This could apply to individual customer contact, for example, by email, telephone or on the platform, if you use the option to enter data (e.g. login registration, booking form, request forms). You will be informed of the type of data which is in-tended for collection prior to the respective process if this is not clearly discernible from the type of process to be undertaken (e.g. name and password during login registration or on the ‘User Data’ screen: telephone and e-mail).
Furthermore, usage data which you submit when using the platform (executed item searches) and/or which the respective Internet provider discloses when using the platform (amongst others, your computer’s IP address) and/or generates by means of online tracking will be collected. Usage data may include per-sonal or corporate data or make it possible to infer such data.
Without your registration or login, anonymous usage data, e.g. the type of browser or operating system which you use or which pages you have visited on the website, will be transmitted by your browser when accessing the platform. The data collected in the process will not be used to identify you or your company.
The usage data shall be stored automatically in server log files. This data shall be used to make the handling of any functions on this platform more attractive and improve their efficiency.
This represents a legitimate interest to us and is therefore in accordance with article 6, paragraph 1, clause f) of the GDPR.
8. Data processing for advertising purposes
Data processing for advertising purposes represents a legitimate interest to Mercateo in accordance with article 6, paragraph 1, clause f) of the GDPR as a matter of principle.
If you are registered or listed as a customer with us, we process your customer data and inform you about products and services as well as relevant news, irrespective of whether you are subscribed to our newsletter.
You have the right to object to the processing of your data for advertising purposes at any time free of charge and with due effect for the future, for the respec-tive communication channel. The contact address for the respective communication channel will be blocked following such an objection relating to any further data processing for advertising purposes. You may submit your objection by e-mail or post to the contact details as specified.
9. E-mail campaigns
We only send e-mail campaigns after the recipient’s consent in accordance with article 6, paragraph 1, clause a) of the GDPR. The data entered when registering for the Mercateo information service are used solely for this purpose. After registering for the Mercateo information service, you will receive information on products/items which are new and/or might interest you, Mercateo (e.g., e-procurement features), webinars, competitions and events through various e-mail campaigns.
We do this to pursue advertising purposes of our own and those of third parties (of our suppliers and producers).
Subscribing to the newsletter requires a double opt-in. This means that, after entering your e-mail address, you will receive an e-mail asking you to confirm your subscription. This is the only way to prevent others from registering an e-mail address that is not their own.
In this process, we log the receipt of the newsletter subscription.
This data is used solely for sending out newsletters and is not forwarded to third parties.
You may revoke your consent to receiving our e-mail campaigns at any time for the respective e-mail campaign. The link to unsubscribe can be found at the end of every e-mail.
10. Third-party websites
Mercateo does not have any influence on the current content of third-party websites which can be accessed via the platform or on how these websites are operated. Mercateo shall not be responsible for data protection or for the content of these websites.
11. Recipients outside the EU
Except for the processing on our websites as listed below, we do not forward your data to recipients outside the European Union or the European Economic Area.
We use process cookies to ensure that our website functions properly. This includes site navigation and the secure completion of transactions on the website. We store your shopping basket, for instance, through the “Korb2” cookie.
We use session status cookies to obtain information on the user’s interaction with the website. This allows us to constantly improve our services and optimise them for our users. We use, for instance, the “sid3” cookie to anonymously analyse how effective certain improvements of our website are.
You may also set your browser so that no cookies will be stored on your computer.
However, a full deactivation of all cookies may lead to you not being able to use all features on our website.
The storage period of a cookie depends on their purpose and is not the same for all.
Mercateo uses Google Analytics, a web analysis service provided by Google Inc. (“Google”), CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, for customising and optimising our website.
Google Analytics uses ‘cookies’, which are stored on your computer, to help the website analyse how users use the website.
As a rule, the information generated by the cookies about your use of this website will be transmitted to and stored by Google on servers in the United States. The information generated by the cookies includes:
- browser type,
- operating system,
- the website from which this website was accessed (referrer URL),
- IP address,
- date and time of the server request.
This website uses Google Analytics with the IP anonymisation feature (“anonymizeIp”).
This means your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Treaty on the European Economic Area. The full IP address will be transmitted to a Google Server in the USA and shortened there only on an exceptional basis.
On behalf of Mercateo, Google will use this information for evaluating your use of the website, compiling reports on website activity for website operators and providing other services to Mercateo relating to website activity for market research and tailoring the offer to suit market needs. Google will not associate the IP address transmitted under Google Analytics by your browser with other data held by Google.
You may prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we must advise you that in this case, you might not be able to use all functions of this website to the full extent. You may prevent Google from recording the data generated by the cookie and pertaining to your use of the website (including your IP address), or processing these data by downloading and installing the following browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You may also prevent data collection by Google Analytics by clicking the following link. An opt-out cookie will be set up which will prevent the collection of your data when visiting this website in the future: Deactivate Google Analytics.
This website uses the web analytics service with bid management provided intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich, Germany. In order to opti-mise and better tailor this website to the users’ needs, anonymous usage data is collected as well as aggregated and usage profiles using pseudonyms are created based on this data. Cookies are stored locally when using intelliAd tracking.
The anonymised usage data and profiles may be used by the operator of the website as well as other intelliAd clients to identify user interests without allowing for conclusions as to your identity as a visitor of the website. You have the right to object to the storage of your (anonymized) data for the future as well. To do so, you may use the intelliAd opt-out feature at https://login.intelliad.de/optout.php.
Our website uses the services of ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany. ADITION is used for marketing and optimisation purposes as well as the statistical evaluation of the number of visitors.
A cookie is stored in the website visitor’s browser as part of this process. Any information in this cookie has been anonymised and contains technical details such as the frequency and date of the ads that are displayed, the browser and the installed operating system.
ADITION complies with all P3P (Privacy Preferences Project) specifications.
By clicking the following link, you can stop the collection of anonymised data. In this case, ADITION will replace the current cookie with a new opt-out cookie. This opt-out cookie will delete any previously stored information, including the IP address, and prevents any future collection of anonymised data.
Please click here to set the opt-out cookie. (www.adition.com/datenschutz)
IMPORTANT: If this opt-out cookie is deleted, ADITION will no longer be able to determine that the user opted out. The opt-out procedure must be repeated in this case.
Our website uses the remarketing feature provided by Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA. Remarketing serves the purpose of displaying interest-based ads to the visitors of the website. A cookie is stored to the website visitor’s browser which recognises the website visitor when he or she accesses a website that is a part of Google’s advertising network.
This allows us to place interest-based ads in the entire Google network. On these sites, ads are presented to the user which relate to content that the user accessed before on websites which also use Google’s remarketing feature. By their own account, Google does not collect any personal data during this process.
Marketing and its optimisation are the purpose of the remarketing feature.
You may prevent Google’s remarketing feature by selecting the appropriate settings on your browser software; however, we must advise you that in this case, you might not be able to use all functions of this website to their full extent.
You may prevent the use of Google’s remarketing feature by clicking the following link (www.google.de/settings/ads) and adjusting the settings accordingly. Please note that these settings will only apply to the browser used when making these settings.
“Google AdWords” conversion tracking by Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, has been integrated into our website. Google AdWords is an analysis service for placing ads on the internet. If you click on a Google ad (Google search engine or on third-party websites), a so-called conver-sion cookie is added to your computer.
The cookie expires after 30 days. Until it expires, Google and we can track which pages you access on our website. Whether you have completed or cancelled a shopping basket is also recorded. Neither we nor other Google AdWords advertising clients obtain information on your identity.
Personal data (e.g., IP address, visited websites) are stored in the cookie. This information is transmitted to Google in the USA and stored there.
The purpose of Google AdWords is advertising our website by placing interest-based ads on third-party websites and/or placing third-party ads on our website.
Google uses the data to create visitor statistics. The Google AdWords visitor statistics relating to our website show us the success of our Google AdWords ad. This allows us to optimise our AdWords ads in the future.
You may prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we must advise you that in this case, you might not be able to use all functions of this website to their full extent.
To ensure that the articles are presented in a lively, optimal manner, we also at times embed videos in the article description on our website. The embedding is executed by a third-party provider. If you access a video, a connection to the respective third-party server will be established and certain information relating to the utilisation will be transmitted. This data is processed in accordance with the respective privacy regulations of the third-party providers. Mercateo does not have any knowledge of the content of the data collected by the respective third-party providers and does not have any influence on how the data is used.
We embed videos from the Vimeo video portal operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA, on our website.
If you access a video via Vimeo, a connection to the Vimeo servers in the United States will be established. Certain information will be transmitted to Vimeo in the process. Vimeo might also place cookies on your device; in particular the Google Analytics tracker. This represents a tracking process by Vimeo which we cannot influence. You can prevent tracking by Google Analytics by using the deactivation tool which Google offers for some browsers. You may also prevent Google from recording the data generated by the cookie and any information pertaining to your use of the website (including your IP address), or processing this data by downloading and installing the following browser plug-in available through this link:
Moreover, Vimeo allows for certain other features such as the rating or sharing of videos. These features are solely offered by Vimeo and third-party providers and you are advised to read their privacy statements before using the respective features. Mercateo does not have any knowledge of the content of the data collected by Vimeo or third-party providers and does not have any influence on how the data is used.
We embed videos from the YouTube video portal, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, on our website.
If you access a video via YouTube, a connection to the YouTube servers in the United States will be established. Certain information will be transmitted to YouTube in the process. In the process, the YouTube server will be notified of which website you have visited.
If you are logged into your YouTube account, you will allow YouTube to link your web surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube might also place cookies on your device; in particular the Google Analytics tracker. This represents a tracking process by YouTube which we cannot influence. You can prevent tracking by Google Analytics by using the deactivation tool which Google offers for some brows-ers. You may also prevent Google from recording the data generated by the cookie and any information pertaining to your use of the website (including your IP address), or processing this data by downloading and installing the following browser plug-in available through this link: https://tools.google.com/dlpage/gaoptout?hl=de.
Moreover, YouTube allows for certain other features such as the rating or sharing of videos. These features are solely offered by YouTube and third-party provid-ers and you are advised to read their privacy statements before using the respective features. Mercateo does not have any knowledge of the content of the data collected by YouTube or third-party providers and does not have any influence on how the data is used.
14. Social media plug-ins
Our website uses social media plug-ins in accordance with article 6, paragraph 1, clause a), clause f) of the GDPR. The advertising purposes of these represent a legitimate interest to us.
Our website uses plug-ins of the Google Plus social network by Google Inc., CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA.
The plug-in can be recognized by the “+1” button. The Google plug-in is activated with just one click through which your browser establishes a direct connection to the Google servers. Google stores the IP address, the information that you clicked +1 for certain content as well as the information about the site which you viewed by clicking +1, even if you do not have a Google+ profile or are not logged into your profile at the time.
If you are logged into Google+, the data is directly linked to your profile. Furthermore, the information is published on Google+ (depending on the profile settings) and displayed to your contacts.
Google records information about your +1 activities to improve Google services for you and others.
The information collected is used as follows:
Websites using this plug-in prompt your browser to download the respective LinkedIn components. As a result, LinkedIn obtains information about which specific page of our website you have visited.
If you are logged into LinkedIn at the time, your visit to our website might be linked to your LinkedIn account. If you wish to prevent this, you should log out of LinkedIn before accessing our website.
By clicking the LinkedIn plug-in, the website you visit will be connected to your LinkedIn account and disclosed to other users.
We do not receive any information about the data transmitted to LinkedIn. We do not have any knowledge about the purpose and extent of the data collected or the subsequent processing and use of the data by LinkedIn. For further information data protection, please visit www.linkedin.com/legal/privacy-policy. Furthermore, you can adjust the privacy settings in the settings of your LinkedIn account.
15. Deletion of personal data
Upon the suspension of the respective authorisation, in particular after achieving the intended purpose, the data which we have stored shall be blocked from further use and, after the retention period legally required by tax and commercial law, deleted, unless you have expressly consented to the further use of your data or other contractual stipulations have been made.
16. Data security
Suitable technical and organisational measures shall be taken to safeguard your data from unintentional or unlawful deletion, transfer, access, manipulation, loss or any other misuse.
For your security, your data shall be encrypted using the SSL (Secure Socket Layer) website certificate. It is an encryption standard which is also used, for in-stance, in online banking. You can recognise a secure SSL connection by, amongst other things, at the s added to http (https://) in the address bar of your brows-er or the lock symbol at the bottom of your browser.
Please note when using the internet that security depends on several factors and cannot be completely ensured at all times.
17. Overview of your rights
Right of access
You have the right to obtain information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the source where the personal data is not collected from you directly.
Right to rectification
You have the right to obtain the rectification of inaccurate personal data and the completion of correct data.
Right to erasure
You have the right to obtain the erasure of your personal data.
Right to data portability
You have the right to receive the personal data, which you have provided, in a commonly used and machine-readable format and to demand transmission of this data to another controller.
Right to lodge a complaint
Please contact the supervisory authority of your habitual residence or the supervisory authority responsible for us.
Right to restriction of processing
You have the right to obtain restriction of processing if the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, the data subject has objected to processing pursuant to article 21 of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to object
The general right to object shall apply to all purposes of processing of personal described herein and based on article 6, paragraph 1, point f) of the GDPR. Unlike for the processing described under “Data processing for advertising purposes”, we shall only be obligated to implement the objection if you demonstrate com-pelling legitimate grounds based on your particular situation.