EHI Retail Institute Logo 

Privacy Policy EHI Retail Institute GmbH

We take the protection of your personal data extremely seriously. The following Data Privacy Policy informs you about the type, scope, purpose, duration and lawfulness of the processing of personal data under the General Data Protection Regulation (GDPR). Personal data are any information concerning the personal or material circumstances of an identified or identifiable individual. This information includes a person’s name, address, e-mail address and telephone number.

1. Controller

EHI Retail Institute GmbH
Spichernstr. 55
50672 Cologne
Germany
Telephone: +49 221 57993-0
Fax: +49 221 57993-45
e-mail: info@ehi.org

How to contact our data protection officer:
Spichernstr. 55
50672 Cologne
Germany
e-mail: datenschutz@ehi.org

2. Technical provision of the website and web analysis

Purposes and lawfulness of data processing

We process the data sent to us by your browser to enable you to visit and use the website; we also process information sent to us by cookies in order to perform statistical analyses of the way our website is used.

For technical reasons relating to the provision of the website, we have to process automatically some of the information you send us so that your browser can display our website and you can use it. This information is recorded automatically every time you visit our website and is then stored in server log files. This information concerns the computer system on the computer used to visit the website.

We use Google Analytics and consequently cookies to analyse statistically how you surf on our website. This allows us to improve the quality of our website and its contents. We are then informed about how the website is used and can in this way continuously improve our offer. The information we obtain for statistical analysis of our website is not used together with any other information which may be obtained by the website.

Lawfulness of data processing: The legal basis is the performance of a contract or steps taken prior to entering into a contract under Article 6(1) (b) GDPR when you visit our website to find out about our products or services and our events. Data may also be lawfully processed for the purposes of our legitimate interests under Article 6(1) (f) GDPR to enable us technically to provide the website. We have a legitimate interest in being able to provide you with an attractive, technically functioning and user-friendly website and in taking measures to protect our website.

2.1 Information about cookies

We use cookies to optimise our website. These cookies are small text files that are saved on your computer. They are erased again as soon as you close your computer. Other cookies remain on your computer (persistent cookies) and recognise when your computer goes to our website the next time. This allows us to improve your access to our website.

You can stop cookies being stored by enabling the „accept no cookies“ function in your browser settings. Some of the functions on our website can only be offered in conjunction with the use of cookies.

2.2 Web analysis with Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (“Google”), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses „cookies“; these are text files which are stored on your computer to analyse the way you use the website. The information about the way you use our website created by the cookie is usually sent to and stored on a Google server in the USA. However, if IP anonymisation is activated on our website, your IP address is truncated beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address is only sent to and truncated on a Google server in the USA in exceptional circumstances. Google will use this information on our behalf to evaluate the way you use the website, to collate reports on website activities and to provide the website operator other services relating to website and internet use. The IP address sent by Google Analytics from your browser is not combined with other data held by Google.

You can also prevent the data (including your IP address) relating to your use of the website which is captured by the cookie being sent to or processed by Google by downloading and installing the browser plug-in from the following link: Browser Add On to Deactivate Google Analytics.

This website uses Google Analytics with the „_anonymizeIP()“ extension to ensure that only truncated IP addresses are processed and to prevent any direct correlation to specific persons.

Google is certified under the EU-US Privacy Shield: www.privacyshield.gov/participant
Further information about data privacy from Google: www.policies.google.com/privacy

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR; we have a legitimate interest in designing our website to meet our requirements.

2.2.1 Use of Google Maps

We use the “Google Maps” service to provide you with an interactive map. When the map is shown data such as your IP address and your location are sent to Google servers in the USA and stored there.
Further information about the terms of use at: www.google.com/terms_maps
Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR. We have a legitimate interest in designing our website to meet our requirements.

2.2.2 Use of Google Fonts and Material Icons

For a consistent presentation and to make our website more attractive to visitors we use external fonts and Icons from Google. These fonts and icons are loaded when the website is visited from Google Inc. servers. Google does not store any cookies in your browser. However, according to the information available to us, the IP address of the user’s terminal device is sent to and stored by Google.

Further information about data privacy from Google: www.policies.google.com/privacy

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR. We have a legitimate interest in designing our website to meet our requirements.

2.2.3 Use of Google reCaptcha

In some cases we use the reCAPTCHA service provided by Google Inc. to protect the inquiries you make using web-based forms and to ensure data security when forms are sent to us. The purpose of this service is to predict whether data are being entered by a human or abusively by a processing robot. The service includes sending to Google the IP address and any other data required by Google for the reCAPTCHA service. This service is subject to Google Inc.’s own data protection rules. Further information is available in the Google Privacy Policy

Lawfulness of data processing: on the grounds of our overriding legitimate interests in data security and to protect your inquiries under Article6(1) (f) GDPR.

2.2.4 Google Tag Manager

This website uses the Google Tag Manager provided by Google Inc. The Google Tag Manager is used to manage website tags across an interface. The Google Tool Manager only implements tags. This means that no cookies are placed and no personal data are captured. The Google Tool Manager fires other tags which may capture data. The Google Tag Manager does not access these data, however. If tracking tags are disabled at the domain or cookie level, this remains in place for all tracking tags if implemented with the Google Tag Manager. Further information is available in the Google Privacy Policy.

These data are processed on the grounds of our overriding legitimate interests in the optimum marketing of our offer under Article 6(1) (f) GDPR.

2.2.5 Google DoubleClick for Publishers (DFP) Small Business

We use Google DoubleClick for Publishers (DFP) Small Business, a service for integrating Google Inc. (“Google”) adverts. The DFP Small Business also makes use of Google’s AdSense and DoubleClick Cookies.
Google DFP Small Business uses „cookies“; these are text files which are stored on your computer to analyse the way you use the website. Google DFP Small Business also uses Web Beacons (invisible graphics). These Web Beacons can be used to evaluate information, such as visitor traffic on pages of this website.

The information produced by cookies and web beacons (including the user’s IP address) about the use of this website and delivery of advertising formats are sent to and stored on a Google server in the USA. As Google needs your IP address in order, for example, to identify invalid click activities and attacks, the IP address is anonymised by Google after 9 months. Google can also pass on such information to parties it contracts with. However, Google will not combine its IP address with other data which we collect from you and store.

You can change your browser settings to prevent cookies from being installed; however, if you do this you may find that you are unable to make full use of functions on the website. By using this website you declare your agreement to the processing of data collected about you by Google in the manner and form and for the purposes described above. You can also prevent the data (including your IP address) relating to your use of the website which is captured by the cookie being sent to or processed by Google by downloading and installing the browser plug-in from the following link: www.google.com/settings/ads/anonymous

In addition to the uses described above, the information which you provide will be used in accordance with the Google Privacy Policy.
Lawfulness of data processing: For the purposes of our legitimateinterests, the legal basis is Article 6(1) (f) GDPR.

2.2.6 Integration of videos

To better transport content and make it easier to understand, we use the possibilities of videos. We used external video providers such as Vimeo or YouTube to optimally integrate the videos on the website.

YouTube: Our website integrates videos using the service provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address is normally sent to YouTube and cookies installed on your computer as soon as you go to a website which contains embedded videos. However, we have integrated videos in enhanced data protection mode (in this case YouTube still makes contact with Google’s Double Click  service but, according to Google’s data privacy policy, does not evaluate personal data). This means that YouTube does not store any data about users who do not watch the video. When you click the video your IP address is sent to YouTube and YouTube is informed that you have watched the video. If you are logged into YouTube, this information is assigned to your user account (you can prevent this by logging out of YouTube before watching the video). We have no knowledge of or any influence on whether YouTube stores and uses your data.

Google is certified under the EU-US Privacy Shield: www.privacyshield.gov/participant
More information about data protection is available at: www.policies.google.com/privacy

Vimeo: By default, cookies are placed in the browser by Vimeo (Vimeo LLC, White Plains, New York). We have prevented the setting of cookies by Vimeo with an extended data protection mode as far as possible by integrating a „Do-No-Track“ designation in the embed code.

More about Vimeo’s privacy policy can be found here: https://vimeo.com/privacy
Vimeo claims to comply with the privacy shield guidelines.

These data are processed on the grounds of our overriding legitimate interests in the optimum marketing of our offer under Article 6(1) (f) GDPR.

2.3 Use of Hotjar

We use Hotjar for our website. Hotjar is an analysis software provided by Hotjar Ltd. (“Hotjar”) (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar provides us with an overall picture of how user experience and the performance provided by the website can be improved. We use Hotjar to measure and evaluate the way you use our website (clicks, mouse movements, scrolling, etc.). The information generated by the “tracking code” and “cookie” about your visit to our website is sent to and stored on the Hotjar server in Ireland. The tracking code collects the following information.
Device-dependent data

The following information can be recorded by your device and your browser:

  • Your device’s IP address (collection and storage in an anonymised format)
  • Your e-mail address, including your first and family name if you have provided these on our website
  • The size of your device’s screen• Type of device and browser information
  • Geographic location (only the country)
  • The preferred language with which our website should be displayed
  • Log data

The following data are created automatically by our server when Hotjar is used:

  • Referring domain
  • Pages visited
  • Geographic location (only the country)
  • The preferred language with which our website should be displayed
  • Date on and time at which the website was accessed

Hotjar uses this information to evaluate the way you use our website, to produce reports on website use and to provide other services relating to use of the website and internet evaluation of the website. Further information about Hotjar  data privacy and its commitment to the GDPR is available at www.hotjar.com/legal/compliance/gdpr-commitment and at www.hotjar.com/legal/policies/

Hotjar also contracts some services from third companies, such as Analytics and Optimizely. These third-party contractors may store information which is sent by your browser when you visit the website, including cookies or IP inquiries. Please read the companies’ data privacy policies to find out more about how Google Analytics and Optimizely store and use data.

Please also note the privacy policies of other service providers:

Google Analytics privacy policy: www.google.de/intl/de/policies/privacy/Optimizely privacy policy: www.optimizely.com/privacy

Click www.optimizely.com/opt_out and follow the instructions to prevent tracking by Optimizely.The cookies used by Hotjar have a different “lifespan”; some can remain valid for up to 365 days, and some are only valid for the current visit.
Right to object: You can prevent Hotjar recording your data and object to us using the data: To do this click here: https://www.hotjar.com/opt-out

Then click the “disable hotjar” button. You can retract your objection in exactly the same way.

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR; we have a legitimate interest in designing our website to meet our requirements.

2.4 Use of Fact-Finder

We use the FACT-Finder service (a product provided by Omikron Data Quality GmbH, Habermehlstr. 17, 75172 Pforzheim, Germany) to offer you the best search results. The search terms you enter in the website search function are sent to FACT-Finder and stored there. Only data which are absolutely necessary for the function are stored there. When using FACT-Finder WebComponents, clients’ IP addresses are stored by search users as the search requests can be sent directly from the browser to the search server. It is not possible to identify you in this way. Further information is available at www.fact-finder.de/dsgvo and at www.fact-finder.com/privacy-policy.html

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR. We wish to offer an optimum search function and appropriate results to visitors to our website.

3. Active use of the website and conclusion of contract

Purposes and lawfulness of data processing

You can also make active use of our website to order one of our products or services, to register for an event, to subscribe to our newsletter, to contact us or register below  to download EHI studies or working group documents.

3.1 Customer account

If you open a customer account, your data (name, company name, address, e-mail address and, where applicable, telephone number) as well as your user data (user name and password) will be stored. This enables us to identify you as a customer. You can also manage your data and orders yourself in the customer account.Lawfulness of data processing: For the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract, the legal basis is Article 6(1) (b) GDPR or on the basis of consent given under Article 6(1) (a) GDPR.

3.2 Registration for events

We process your data in order to receive and deal with registrations made on our website for any free or ticket event. This involves us processing the following information: first name, family name, company name (for assignment to a member company), contact data, such as e-mail, telephone number and company address, function and department.

Lawfulness of data processing: For the performance of a contract or steps taken prior to entering into a contract, the legal basis is Article 6(1) (b) GDPR.

3.3 Payment processing

We use payment service providers and banks for payment processing purposes.
Lawfulness of data processing: For the performance of a contract or steps taken prior to entering into a contract, the legal basis is Article 6(1) (b) GDPR.

3.4 “My EHI” download area

We offer EHI members a special download area for EHI studies or working group documents.
Please note that downloads of EHI studies will only be activated after your EHI membership has been checked manually. Downloads of EHI working group documents will only be activated after membership and participation in the relevant working groups has been checked.
Lawfulness of data processing: For the performance of a contract, the legal basis is Article 6(1) (b) GDPR.

3.5 Contact inquiries

We process the personal data you provide us in this context to handle and answer inquiries sent to us, e.g. using the contact form or sent to our e-mail address. This information will always include your name and e-mail address – this allows us to respond to you in person. The information may also include the name of your company as stated in the contact form so that this can be identified as a member company and any other information which you send to us.

These services are only available to persons aged 18 years of age or older (Article 8 GDPR). By registering you agree that you meet these preconditions.Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR; we have a legitimate interest in responding appropriately to inquiries.

3.6 Newsletter

The EHI Retail Institute processes your data for your subscription in order to send you the EHI Newsletter (Article 6(1) (a) GDPR), to contact you in person (Article 6(1) (a) GDPR) and to identify a member company (Article 6(1) (a) GDPR). We process the double opt-in procedure data to demonstrate that you have given your consent (Article 6(1) (f) GDPR, Article 13(1) (d) GDPR). We are supported in this respect by our e-mail and other IT service providers as contracted processors.

We analyse the links in these e-mails in anonymous form for statistical purposes and to optimise our offer. However, it at no time becomes apparent who precisely has clicked the link.

We process your data for this purpose until you withdraw your consent to such processing. The newsletter can only be sent to you if we have your e-mail address. We only need your e-mail address for this purpose but further information does make communication easier. You have the right to receive information from us about the relevant personal data as well as the right to have such data rectified, erased (right to be forgotten), to have the processing of such data restricted, the right to data portability and, where data are processed under Article 6(1) (e) and (f) GDPR, the right to object to processing.

If you no longer wish to receive the newsletter, you may unsubscribe at any time using the link at the end of the newsletter.

These services are only available to persons aged 18 years of age or older (Article 8 GDPR). By registering you agree that you meet these preconditions.

3.7 Advertising for own similar services

We process your e-mail address and information about your order in order to send you advertising by e-mail for similar services (Article 6(1) (f) GDPR). We have a legitimate interest in the direct marketing of our services. We are supported in this respect by our e-mail and other IT service providers as contracted processors.

We analyse the links in these e-mails in anonymous form for statistical purposes and to optimise our offer. However, it at no time becomes apparent who precisely has clicked the link.

We process your data for this purpose until you express your objection. It is only possible to advertise in this way using your e-mail address and the information about your order. You may withdraw any consent you have given to our processing of your personal data with effect for the future at any time. You may send us your objection by e-mail to datenschutz@ehi.org. You will also find an unsubscribe link at the end of each advertising e-mail.
Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR; we have a legitimate interest in the direct marketing of our products and services.

3.8 Information about social media buttons

We have integrated social media buttons from Shariff on our website to enable you to share contents with your friends and colleagues. Shariff enables us to protect your privacy against the curiosity of social networks such as Facebook, Google+ and Twitter. Nonetheless, a single click on the button is enough to share information with others. The c’t project Shariff replaces the usual share buttons used on social networks and protects your surfing against the curiosity of others. Shariff functions as a neutral interface whereby the website operator’s server inquires about the number of likes – but only once a minute to reduce traffic to a minimum – instead of the browser. The visitor remains anonymous. Further information.

3.9 Information about our social media channels

We maintain an online presence in social networks and on platforms were we communicate with and inform users who are active there. The data used in this context may be processed outside the European Union. The US providers which are certified under the Privacy Shield have committed to complying with EU data protection standards. The relevant social media providers usually process their data for market research and advertising purposes. They usually do this by means of cookies which collect and store information about your user behaviour and interest on your device. In addition, and particularly if you are registered on the relevant platform, data may be stored in your user profile separately from your device.

For more detail about the processing of your data please read the relevant providers’ privacy policies:

You can also make requests for information from and assert your user rights against the providers.
Lawfulness: Your personal data is processed on the basis of our legitimate interests in accordance with Article 6(1) f) GDPR. We have a legitimate interest in communicating with and providing information to users of social media. The legal basis of consent to the processing of your data to the relevant social media providers is Article 6 (1) (a) GDPR.

4. Data processing outside the website

Purposes and lawfulness of data processing

If you make contact with us, enter into a contract with us or register for a free or ticket event via channels (e.g. e-mail, telephone, in person) other than our website, we process the personal data you send us for the purposes of entering into a contract or registering with us and which are needed in order to make a contract and to provide our products or services, to establish, perform and, where applicable, terminate our contracts/events as follows.

4.1 Contact inquiries

We process the personal data you provide us in this context to handle and answer inquiries sent to us, e.g. by telephone, post or to our e-mail address. In all cases this information includes your name and your address, such as your e-mail address, postal address or a fax number to which a response can be sent as well as any other information which you send us.

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis is Article 6(1) (f) GDPR; we have a legitimate interest in responding to inquiries.

4.2 Entering into a contract

If you order any of our free or other products and services by telephone, e-mail or in person, we process your personal data in order to receive and process your order and to be able to provide you with the products or services you have ordered. We do this by processing the information you enter in our forms.

Lawfulness of data processing: performance of a contract or steps taken prior to entering into a contract under Article 6(1) (b) GDPR.

4.3 Registration for events

We process your data in order to receive and deal with registrations made by telephone, by e-mail, post or in person for any free or ticket event. This involves us processing the following information: first name, family name, company name (for assignment to a member company), contact data, such as e-mail, telephone number and company address, function and department.

Lawfulness of data processing: For the performance of a contract or steps taken prior to entering into a contract, the legal basis is Article 6(1) (b) GDPR.

4.4 Payment

We use payment service providers and banks for payment processing purposes. Lawfulness of data processing: For the performance of a contract or steps taken prior to entering into a contract, the legal basis is Article 6(1) (b) GDPR.

4.5 Compliance with legal requirements

We process your personal data in order to comply with other statutory requirements relating to the performance of the contract. Such requirements include but are not limited to retention periods under business, commercial or tax law.

Lawfulness of data processing: for compliance with a legal obligation to which we are subject under Article 6(1)(c) GDPR in connection in particular with business, commercial or tax law.

4.6 Enforcement of law

We also process your personal data to enable us to assert our legal rights and to defend ourselves against legal claims brought against us. Finally, we process your personal data as necessary for the purpose of defending against or for the prosecution of criminal offences.

Lawfulness of data processing: For the purposes of our legitimate interests, the legal basis for the assertion of legal claims or the mounting of a defence in legal disputes or the prevention or investigation of crimes is Article 6(1) (f) GDPR.

5. Information about applicant’s data

You are welcome to send applications to us at www.ehi.org/de/das-institut/jobs/.
We process the data which you send us with your application to assess your appropriateness for the position (or any other vacancies in our company) and to carry out the application procedure.

Lawfulness of data processing: The legal basis for this application procedure is primarily the 25 May 2018 version of section 26 of the German Data Protection Act (BDSG). The data may then be processed which are required in connection with the decision concerning the establishment of an employment relationship.

If the data are still needed after the application procedure has been completed or for prosecution purposes, data may be processed on the legal basis provided by Article 6 GDPR, including for the purpose of our legitimate interests under Article 6(1)(f) GDPR. We then have an interest in asserting or defending against claims.

The data on candidates whose application has been turned down are kept for a maximum of 6 months and then erased. If you have agreed to allow your personal data to be stored for longer, we will add your data to our pool of candidates. The data will expire after a period of two years.

If your application for a job is successful, your data will be transferred from the application data system to our human resources information system.
We use a specialised software provider for the application process. This software provider works on our behalf and may gain access to your personal data in the process of maintaining and updating the system. We have a processing contract with this provider which ensures that data is processed legitimately.

Your application data are inspected as soon as they have been received by the human resources department. Suitable applications are then passed on internally to those responsible in the departments for the relevant vacancies. Further action is then agreed. In the company itself your data are only accessible to persons who require them for your application procedure. The data are processed exclusively in computer centres in the Federal Republic of Germany.

6. Categories of recipients

Initially only our employees are informed about your personal data. We also share your personal data, if this is permitted or required by law, with other recipients who provide services in connection with our website. We only pass on your personal data if this is absolutely necessary, in particular in order to process your order. Some of our service providers receive your personal data in their function as processors and must then comply precisely with our instructions on the use of your personal data. Some of these recipients use the data we send to them autonomously.

Your personal data are sent to the following categories of recipients:

  • Where applicable, payment service providers and banks for the processing of payments
  • IT service providers for the administration and hosting of our website
  • Collection companies and legal counsel for the assertion of our rights and claims
  • Letter shops for transfer to the post.

7. Transfers to third countries

 When we use Google tools we truncate your IP address before sending it to the USA. The legal basis for the transfer of data is the implementing decision (EU) 2016/1250 of the EU Commission of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and the Council on the appropriateness of the protection offered by the EU-US Privacy Shield. We do not transfer your personal data to countries which are outside the EU or the EEA or to international organisations.

8. Data storage

When you visit our website your IP address, the website you were visiting prior to our website, the data and time you accessed our website, the volume of data transferred, the type and version of browser you are using and data on the referring provider are all sent to the EHI server and stored in log files.

When you make active use of our website and when you send us inquiries or register with us, including outside the website, we initially store your personal data for as long as it takes to respond to your inquiry. If a business relationship is then entered into and/or a contract is entered into, we store your personal data for the duration of our business relationship or the length of the contractual relationship. This also includes taking steps prior to entering into a contract (pre-contractual relationship) and the settlement of a contract.

We also store your personal data as potential evidence until any legal claims arising from the relationship with you have become statute-barred. The limitation period is as a rule three years.

Upon expiry of the limitation period we erase your personal data unless there is a legal requirement or requirements to retain the data for longer, e.g. the sections 238, 257 (4) of the German Commercial Code (HGB) or section 147 (3, 4) of the Tax Code (AO). These retention periods may be as long as ten years.

9. Information about your rights

You have the right to receive information from us about the relevant personal data as well as the right to have such data rectified, erased (right to be forgotten), to have the processing of such data restricted, the right to data portability and, where data are processed under Article 6(1) (e) and (f) GDPR, the right to object to processing.

You may withdraw any consent you have given to our processing of your personal data with effect for the future at any time.

You have the right to lodge a complaint to a data protection authority.

Questions, including about your rights as a data subject, can be sent to our data protection officer at the following e-mail address: datenschutz@ehi.org

Your applications can also be sent by post to our data protection officer directly at the address given.

10. Duties to provide data

You are not required in any way to disclose your personal data to us. If you do not disclose such data, however, we will not be able to make our website available to you, to respond to your inquiries or enter into a contract with you.

 11. Automated decision-making

We do not engage in automated decision-making or profiling (an automated analysis of your personal circumstances).

12. Information about your right to object under Article 21 GDPR

You have the right to object at any time to the processing of your data on the legal basis of Article 6(1) (f) GDPR (data processing on the basis of a balance of interests) or Article 6(1) (e) GDPR (data processing in the public interest) on grounds relating to your particular situation.

If you lodge an objection, we will cease to process personal data concerning you unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if such processing is carried out to establish, exercise or defend legal claims.

In certain specific cases we process your personal data for direct marketing purposes. You may object at any time if you do not wish to receive any advertising. We will comply with such objection with effect for the future. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Your right to object may be exercised informally and should be communicated as soon as possible to:

EHI Retail Institute GmbH Spichernstr. 55
50672 Cologne
Germany
e-mail: datenschutz@ehi.org

13. Scope of and changes to this privacy policy

This privacy policy applies exclusively to the use of the websites provided by us. The policy does not apply to the websites of other service providers to which we refer merely by means of a link. We disclaim all responsibility and liability for external declarations and guidelines which are not related to our website. We reserve the right to modify the above privacy policy from time to time in line with future changes in the collection and processing of personal data.

(02 October 2019)