Thank you for visiting our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Person responsible
Couche-Tard Deutschland GmbH & Co KG, Jean-Monnet-Straße 2, 10557 Berlin, Germany, is responsible for the data processing described below.
Usage data
When you visit our website, so-called usage data is temporarily analysed on our web server as a log for statistical purposes in order to improve the quality of our website. This data record consists of:
- The name and address of the requested content,
- The date and time of the request,
- The amount of data transferred,
- The access status (content transferred, content not found),
- The description of the web browser and operating system used,
- The referral link, which indicates from which page you came to ours,
- The IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.
The aforementioned log data is only analysed in anonymised form.
The legal basis for the processing of usage data is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimised display.
Data security
We take technical and organisational measures to protect your data from unauthorised access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
Required cookies
We use cookies on our websites, which are necessary for the use of our websites. Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these necessary cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information on certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.
We use these cookies on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. You can set your browser to inform you about the placement of cookies. You can also delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed in full and some functions may no longer be technically available.
Consent banner
We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, in our legitimate interest to display our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can still be tracked.
Google Analytics
We use the web analysis tool "Google Analytics" to customise the design of our websites. Google Analytics creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such.
As part of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.
Data processing is based on your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
- Provider: Google
- Maximum storage duration: 16 months
- Adequate level of data protection: For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework).
- Revocation of consent: If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
Tracking technologies from third-party providers for advertising purposes
We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and we can recognise how effective our advertising measures were.
Data processing is based on your consent, provided that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party providers mentioned below may retrieve recognition features for your browser or end device (e.g. a so-called browser fingerprint), analyse your IP address, store or read recognition features on your end device (e.g. cookies) or gain access to individual tracking pixels.
The individual features can be used by third-party providers to recognise your end device on other websites. We can commission the relevant third-party providers to place adverts based on the pages you visit on our website.
What does cross-device tracking mean?
If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you are using, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.
Which third-party providers do we use in this context?
Below we list the third-party providers with whom we work for advertising purposes. If the data is processed in this context outside the EU or the EEA (in particular in the USA), we provide information on the level of data protection in the following table.
- Provider: Meta (Facebook)
- Maximum storage duration: 3 months
- Adequate level of data protection: For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework).
- Revocation of consent: If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
- Provider: Google
- Maximum storage duration: 13 months
- Adequate level of data protection: For transfers to the USA, an adequate level of data protection is guaranteed due to the provider's certification under the adequacy decision (EU-U.S. Data Privacy Framework).
- Revocation of consent: If you wish to withdraw your consent, please click here and make the appropriate setting via our banner.
Contact and offer
You have the option of providing us with your data so that we can contact you with a personalised offer and further information. To do this, we first need the data marked as mandatory fields. We use this data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for making contact. We process your voluntary information on the basis of your consent.
We will delete your data if it is no longer required and there are no statutory retention obligations to the contrary after 24 months at the latest.
You can revoke your consent to the processing of data for advertising purposes at any time.
Storage duration
Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.
Further processors
We pass on your data to service providers who support us in the operation of our websites and the associated processes as part of order processing in accordance with Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and contractually obliged accordingly.
Below we list the processors with whom we work if we have not already done so in the above text of the privacy policy. If data may be processed outside the EU or the EEA in this context, we will inform you of this in the following table
- Processor: Adstrategy Global, Lda
- Purpose: Web hosting and online marketing
- Adequate level of data protection: Processing only within the EU/EEA
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right to information (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
Right of cancellation (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Assertion of your rights
Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.
Contact details of the data protection officer
Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:
Datenschutz nord GmbH
Konsul-Smidt-Strasse 88
28217 Bremen
Web: https://www.dsn-group.de/
E-mail: office@datenschutz-nord.de
If you contact our data protection officer, please also indicate the responsible body named in the legal notice.
