PRIVACY POLICY
DATA PROTECTION GLOBAL DATENSCHUTZ (INDIVIDUELL) – EN
We are pleased about your visit to our website and the interest in our center that this reflects. We take the protection of your personal data seriously and want you to feel safe and comfortable while visiting our Internet pages.
I. RESPONSIBLE BODY
The responsible body at the corporate level for the processing of your personal data on our website is:
ECE Projektmanagement Polska Sp. z o.o.
ul. Przeskok 2
00-032 Warszawa
iodo@ece.com
Contact details of the data protection officer:
To the data protection officer of the ECE group
ul. Przeskok 2
00-032 Warszawa
or by e-mail to iodo@ece.com
II. BASIC INFORMATION ON COLLECTION AND PROCESSING OF PERSONAL DATA
1. DATA PROCESSING IN OUR CENTER
We process personal data, i.e. information related to an identified or identifiable individual person, such as your name and address, in our Center in accordance with the provisions of the European General Data Protection Regulation (GDPR).
a) Legal bases for data processing in the Center
(1) On the basis of your consent (Article 6, Section 1, letter a of the EU GDPR)
Provided you have given us your consent to the processing of your personal data for specific purposes, your consent forms the basis for the legality of such processing. Consent already granted can be withdrawn at any time. Withdrawal of consent does not affect the legality of the data processing that occurred prior to the withdrawal.
(2) In order to fulfill contractual obligations (Article 6 Section 1 letter b of the EU GDPR)
Some processing of your data is performed for the fulfillment of a contract concluded with you at your request or for performance of preliminary measures to fulfill a contract, such as those pertaining to the performance of an existing service obligation. You can find further details on these data processing purposes in the relevant contract documents and conditions of participation.
(3) As part of the balancing of interests (Article 6, Section 1, letter f of the EU GDPR)
Where necessary, we process your data in order to safeguard our legitimate interests or the legitimate interests of third parties. These are:
- advertising or marketing and opinion surveys, provided you have not objected to the use of your data,
- asserting of legal claims and defense in legal disputes,
- ensuring IT security and IT operation,
- preventing and investigating crimes,
- conducting video surveillance to ensure that the rights to the property are being safeguarded, to collect evidence, or as proof,
- carrying out measures to ensure building and facility safety,
- carrying out measures to ensure the rights of the property
b) Purpose of data processing in the Center
If we do collect your personal data in our centers in the context of promotions, services and processes. This is performed for the following purposes:
- participation in prize drawings
- subscribing to newsletters or signing up for events
- booking transactions
- registration for customer areas
- payment transactions
- reserving products
- participation in Center activities (signing up for such events as bike trips, competitions, or Center events)
- child care
- rental of Center property
- production of photos or videos
- video surveillance
- job applications
- Center newspapers
- customer service and entertainment
- issuing gift certificates
- registration of complaints, incidents of damage, or lost property
- preparation for and carrying out of events
- Center service products.
c) Categories of data processed in the Center
Depending on contract terms, consent, and activity we process the following categories of data:
Photo and video data, contact details, identity information, first and last name, address data, email address (for sending newsletters), date of birth (for proof of age), bank data (e.g. for online payments), invoice data, job application data, and parking data.
2. DATA PROCESSING ON OUR WEBSITE
In principle, you can visit our center website without our needing your personal data. We only learn which IP address has called up which page and at what point in time it did that. Our website also contains a system (see below) that ensures that IP addresses are anonymized. This means that although analysis is performed for purely statistical purposes, the individual visitors remain anonymous.
In exceptional situations, and only if you have granted your consent or we are legally required to do so, we collect personal data from you, the user of the website, in order to provide website content to you and to offer further services such as communication by means of a contact form, subscribing to our newsletter, signing up for our loyalty program, etc.
a) Legal basis of the data processing on our website
(1) On the basis of your consent (Article 6 Section 1 letter a EU GDPR)
Provided you have given your consent to our processing of your personal data for specific purposes, your consent forms the basis for the legality of such processing. Consent already granted can be revoked at any time. Revocation of consent does not affect the legality of the data processing that occurred prior to revocation.
(2) In order to fulfill contractual obligations (Article 6 Section 1 letter b EU GDPR)
Some processing of your data is performed for the fulfillment of a contract concluded with you at your request or for performance of preliminary measures to fulfill a contract, such as those pertaining to the performance of an existing service obligation. You can find further details on these data processing purposes in the relevant contract documents and conditions of participation.
(3) As part of the balancing of interests (Article 6 Section 1 letter f EU GDPR)
Where necessary, we process your data in order to safeguard our legitimate interests or the legitimate interests of third parties. Examples of these are:
- advertising or marketing and opinion surveys, provided you have not objected to the use of your data
- use of cookies (see below for more detailed information)
- assertion of legal claims and defense in legal disputes
b) Purpose of data processing on our website
In principle, you can use our website without entering any personal data. If we do process your personal data on our website, this is performed for the following purposes:
- technical provision of the website and monitoring of its proper functioning
- contact via the contact form
- sending of newsletters
- statistical analysis of the use of the website
- creation of profiles
- publication of content that you provide during your visit to our website
- publication of photos based on your consent
- participation in prize drawings
- processing of reservations as part of registration for our tool Digital Mall.
- creation of a customer account
- ordering of center vouchers
- ordering of parking tickets
- collection of your device data (by using cookies)
- user-generated social media content
- app communication
c) How do we collect personal data?
We collect your personal data on our website by various means:
(1) Hosting and log files
The hosting services we make use of serve the provision of the following services: infrastructure and platform services, computing capacity, storage space and data bank services, security services, and technical maintenance services that we apply for the purpose of operating this online offering.
In providing these services we or our hosting provider process master data, contact details, content data, contract data, use data, metadata and communication data from our customers, interested parties, and visitors to these online offerings on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Article 6 Section 1 letter f GDPR in conjunction with Article 28 GDPR (conclusion of order processing contract).
We and/or our hosting provider collect(s) data (known as server log files) on every access to the server on which this service is located on the basis of our legitimate interests within the meaning of Article 6 Section 1 letter f GDPR. This access data includes the name of the website called up, file, date, and time of access, amount of data transferred, notification of successful access, browser type and version, the user operating system, referer URL (the page visited just previously), the IP address, and the requesting provider.
Log file information is stored for security reasons (e.g. investigation of misuse or fraud) and then deleted. Data whose further storage is required for the purpose of providing evidence is excluded from deletion pending final clarification of the case at hand.
Every time you open our website, certain information is automatically transferred from your browser to the server of the Internet page in order to allow communication between your browser and the server. Such information is stored in what are referred to as log files. Examples of such information are
- the type and version of the browser you use
- the operating system you use
- the Internet page from which you have accessed the current page
- the host name (IP address) of your computer
- the time at which access occurred
Subject to any legal obligations to store data, we delete or anonymize your IP address once you have left the Internet page, provided nothing else is stated in this privacy statement and this is permitted by law.
Apart from this, we use the information transmitted from your browser to our server in anonymized form – in other words, without the possibility of the information being traced back to you – for the purposes of analyzing and improving our services. This allows us, for example, to detect errors or to determine on which days and at which times our Web pages have the heaviest traffic.
(2) Newsletter and communication
If you sign up for our newsletters via our website, we collect your name and e-mail address so that we are able to send the newsletter as you request.
Via our contact form, we collect your name, e-mail address, and telephone number to be able to respond to your request.
(3) Use of cookies
When you visit our website, we use technologies for the collection of data, such as cookies, tags, pixels, beacons, and more, in your browser to acquire specific information about your current browser session. These technologies are often generally referred to as “cookies” on other websites. Cookies also enable our website to save your actions and preferences (e.g. log-in details, language, font size, and other display preferences) for a certain period of time so that you do not have to reenter it continually when you next visit or navigate from one page to the next. We use cookies for various purposes. It is for this reason that different legal grounds apply for the use of cookies. You can find out below what cookies we use and for what purposes we use them.
“REQUIRED” cookies – functionality of website and management.
We use “required” cookies in order to operate our website. These also involve a personal identification number being stored for you, the visitor of our website, for administration and identification purposes. By doing this, we can offer you a consistently positive service. We store data such as the language preferences saved by you. These cookies are set for the duration of your browser session. The full extent of our website will not be displayed to you without these cookies.
“FUNCTIONAL” – improvement and performance of website
We use “functional cookies” to improve the performance of our website on an ongoing basis. This includes data that we collect from you for the following purposes:
- Web analytics – based on your surfing patterns, we analyze data for the purpose of improving the functionality and design of our website.
- Advertising effectiveness – using the route via which you access our website, we measure the effectiveness of our advertisements by analyzing the click-through rate of our advertisements. This is how we optimize the effectiveness of advertisements that we put on external websites.
- Error management – we measure errors on our websites in order to resolve errors or other problems without delay.
- Design tests – using A/B or multivariate testing, we ensure that the users of our website experience a consistent view of it during a session and during sessions that potentially follow.
“ADVERTISING” – or “DIRECT ADVERTISING ON THIRD-PARTY ADVERTISING PLATFORMS” and advertising
We use “advertising cookies” belonging to our advertising partners to ensure that our advertisement messages are displayed to you at the right place at the right time. These cookies are permanent cookies, though they do come with a time limit. They contain a personal identifier with which surfing patterns can be matched to individual users. We furthermore use these cookies to ensure that advertisements are not displayed to the individual user without limits and to measure the effectiveness of our advertising campaigns. The identifiers stored by these cookies are provided by our partners. We cannot use the same identifiers in our systems. Additionally, we use these cookies to display advertising that is relevant to your location, e.g. to inform you of locations nearby you where the product you are currently looking at is available.
This website uses Google Analytics, a Web analysis service from Google Inc. (“Google”). Google Analytics uses what are called “cookies,” text files that are stored on your computer and that make it possible to analyze your use of our website. The information on your use of this website that is generated by the cookies (including your IP address) is transmitted via a server to Google in the USA and stored there. Due to activation of IP anonymization on this website, within member states of the European Union or within other states party to the Agreement on the European Economic Area, Google abbreviates your IP address before it is transmitted. Only in exceptional cases is the complete IP address transmitted to the Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services connected with website and Internet use to the website operator. The IP address transmitted by Google Analytics from your browser will not be linked to other Google data. You can prevent the installation of cookies by changing the necessary setting in your browser software; we inform you, however, that in this case you may not be able to use all the functions of this website to their full extent. Additionally, you can prevent transmittal of the data collected by the cookie on your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. The current link:
https://tools.google.com/dlpage/gaoptout?hl=en
You can prevent Google Analytics from collecting data by clicking on the following link. This sets an opt-out cookie which prevents collection of your data when you visit this website:
Deactivate Google Analytics
You can find further information on conditions of use and data protection at www.google.com/analytics/terms/gb.html or https://www.google.de/intl/en/policies/. We inform you that on this website Google Analytics has been enhanced with the code “gat._anonymizeIp();” in order to ensure the anonymized collection of IP addresses (this is known as IP masking).
(4) Data processing as part of registration using the LOGIN function
When you register via the LOGIN function, we collect the following data: Name, e-mail address, postal address. We also use, collect, and process further information regarding your purchasing profile;
- the frequency and duration of your visits to our Web pages;
- information regarding your purchasing and visiting habits (particularly tracking) as well as products (offerings, events, news, etc.) that you have marked as interesting;
- personal data contained in the file content you upload, provide, or otherwise make available via our other services, such as your interests and your favorites list.
- your birthday, so that we can send you a birthday bonus.
(5) Ordering vouchers
You can also obtain vouchers for our center via our website. If you make use of this offering, we collect the following data from you: name, bank details, e-mail address.
(6) Ordering of parking tickets
Additionally, you can obtain parking tickets for our center’s parking garages. If you make use of this offering, we collect the following data from you: name, bank details, e-mail address.
(7) Submission of product reservations
When using our Digital Mall, we offer you the option of reserving products in our centers and then collecting those products from the center. To ensure that the reservation is placed in your name properly, the reservation details (your forename, surname, e-mail address, product reserved, and time of reservation) will be transferred to the relevant store operator. The details will be deleted once the reservation process is complete (i.e. when the product is collected or the reservation expires).
(8) Use of social media plug-ins
(a) Facebook plug-ins
Plug-ins from the Facebook social network (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA) may be integrated in our website. You can recognize Facebook plug-ins by the Facebook logo or the “like” button on our website. You can find an overview of Facebook plug-ins at:
When you visit our pages and actively click on the plug-in button, a direct connection is established between your browser and the Facebook server. Confirmation of the social media plug-in is made through active decision. This means the center itself does not obtain access to personal data.
A visit to our website and a visit to the center’s Facebook fan page can be traced by Facebook if the user of the website has a Facebook user account. We have no influence on the transmittal of information to Facebook. If you do not wish that Facebook is able to trace the use of our pages to your Facebook account, please log out of Facebook. You can find further information on this in the Facebook privacy statement at:
Each time a Web page operated by us, in which a Facebook component is integrated, is called up, the Facebook component automatically causes the Internet browser on the IT system of the affected person to download from Facebook a display of the relevant Facebook components. A complete overview of all Facebook plug-ins can be called up at
As part of this technical procedure Facebook is informed as to which specific sub-page of our website is visited by the affected person.
We use Facebook fan pages, for which we share joint responsibility with Facebook Ireland Limited:
In joint responsibility with Facebook we analyze how you use our fan page (page insights). You can obtain the information required under the GDPR regarding data processing as part of page insights from Facebook, specifically in the Facebook data protection notices at https://www.facebook.com/privacy/explanation.
Facebook also provides you with the relevant content of the contract concluded between Facebook and us regarding processing of these data in joint responsibility in accordance with Article 26 of the GDPR, currently under the following link:
Within the context of page insights we receive only anonymized statistics – we have no access to personal data processed by Facebook. We process anonymized data on the basis of legal statutes which allow us to process personal data because we have an overriding legitimate interest in obtaining a clearer understanding of the interests of visitors to our fan page (Article 6 Section 1 letter f of the GDPR).
On our fan pages we offer various community functions which you can use to interact with other users, for example by posting content on our wall, leaving comments, or liking/sharing posts. We inform you that these areas are accessible to the public and that all personal information you enter there or provide when registering can be seen by others. We are not able to monitor how other users of our fan page utilize such information. In particular we cannot prevent undesired messages being sent to you.
We collect all data entered through use of community functions in order to provide the community functions to you in the intended manner. Without these data we are not able to provide you with the necessary# community functions. These data are processed on the basis of legal statutes which allow us to process personal data provided this is necessary to the use of a service or fulfillment of a contract (e.g. Section 15 Article 1 of the German Telemedia Act; Article 6 Section 1 letter b) of the GDPR), or because we have an overriding legitimate interest in making the use of our offering as simple and efficient as possible (Article 6 Section 1 letter f) of the GDPR).
Content contributed in community areas can be stored indefinitely. If you should ever wish to have content you have contributed deleted, send us an email to this effect to datenschutz@ece.com.
(b) Instagram plug-ins
Our website uses social plug-ins from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. These plug-ins are marked by an Instagram logo in the shape of an Instagram camera. You can find an overview of Instagram plug-ins and what they look like at:
If you open a page of our Web presence that contains such a plug-in and you actively click on this plug-in button, a direct connection is established to the Instagram servers. The content of this plug-in is transmitted by Instagram directly to your browser and integrated into the page. This integration provides Instagram with the information that your browser has called up a particular page of our Web presence, even if you do not have an Instagram profile or if you are not currently logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there.
If you are logged in to Instagram, Instagram can directly trace the visit to our website to your Instagram account. If you interact with the plug-ins, for example by clicking the Instagram button, this information is also directly transmitted to an Instagram server and stored there. This information is also published in your Instagram account and displayed to your contacts there. To obtain information on the purpose and scope of data collected and the further processing and use of the data by Instagram and your rights in this regard and your options to protect your privacy through settings, please refer to the Instagram data protection notices at:
If you do not wish that Instagram directly links the data collected via our Web presence to your Instagram account, you need to log out of Instagram before you visit our website. You can also completely block the installation of Instagram plug-ins using add-ons for your browser, such as the “NoScript” script blocker (http://noscript.net/).
(c) Use of YouTube plug-ins
For integration of videos, we use the provider YouTube, among others. YouTube is operated by YouTube LLC with its main headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
On some of our Internet pages, we use plug-ins from the provider YouTube. If you open one of the pages of our Internet presence that contains such a plug-in – our media library for example – and you actively click on the plug-in button, a connection is made to the YouTube servers. This informs the YouTube servers as to which of our Internet pages you have visited. If you are logged in to YouTube as a member, YouTube traces this information to your personal user account. When you use the plug-in by clicking the start button of a video, for example, this information is also traced to your user account. You can prevent this tracing by logging out, before you visit our Internet page, of your YouTube user account and other user accounts from the YouTube LLC and Google Inc. companies and by deleting the relevant cookies from these companies. You can find further information on data processing and data protection notices from YouTube (Google) at: https://policies.google.com/privacy?hl=en
(9) Information regarding the use of apps
As you know, apps are regularly made available for download on third-party sites (such as iTunes, Google, etc.). If, upon purchasing an app, ECE becomes your contractual partner under the applicable terms and conditions of such a provider, we will process the data made available to us by the third party provider to the extent necessary to fulfill our contractual obligation so that you can download the app to your mobile device.
Our app uses the following permissions for the purposes listed below, which give it access to certain features of your mobile device:
- Camera – our apps use your device’s camera to provide “augmented reality” features. You can deactivate access to the camera at any time in your device settings.
- Location – our apps may use location data from your device to show you news from your region. You can deactivate access to your location data at any time in your device settings.
3. COMMON GUIDELINES FOR PROCESSING YOUR DATA IN OUR CENTER AND ON OUR WEBSITE
a) Recipients of the data
Only those internal bodies or organizational units and other companies with which we are affiliated receive your data, provided this is necessary to the fulfillment of our contractual and legal obligations or we require the data for the processing and implementation of our legitimate interests.
We transmit your data to external recipients in connection with the conclusion of contracts, provided we are obligated to give notice of, report, or transfer data in order to fulfill legal requirements, you have granted your consent to transmittal to third parties or to external service providers who act on our behalf as order processor or who perform functions in our stead (such as IT service providers, data centers, data-destruction companies, or courier services).
b) Transmittal of your data to a third country
We transmit your data to locations within countries located outside the European Union (EU) and/or the European Economic Area (EEA) (referred to as third countries) that act on our behalf as order processors (such as IT service providers or data centers). Within the scope of use of Google Analytics, we transmit your abbreviated IP address to the USA. In addition, your data may be transmitted to providers of social media plug-ins; please see these companies’ privacy policy for details.
Provided there is no EU Commission resolution as to the existence of an adequate level of data protected in the country in question, we conclude contracts in accordance with the EU data protection regulations, which ensure that your rights and freedoms are reasonably protected and guaranteed. Alternatively, the data transfer is based on Implementation Decision (EU) 2016/1250 of the EU Commission dated July 12, 2016, in accordance with Directive 95/46/EC of the European Parliament and the Council on the adequacy of the protection provided by the EU-US Privacy Shield. We would be pleased to provide you with the relevant details upon request.
Otherwise we do not transfer your personal data to countries outside the EU or the EEA, or to international organizations.
c) Data-storage period
We follow the principles of data avoidance and minimization. For this reason, we store your personal data, if we collect any at all, only as long as is necessary to fulfill the purpose of data processing or as long as prescribed by law in the existing multiplicity of storage periods. After the respective purpose ceases to apply, or following revocation of your consent or expiration of the legally prescribed storage periods, the affected data is routinely blocked or deleted in compliance with the legal statutes.
d) Your rights as a person affected by data collection
If you exercise your rights in accordance with this section and with applicable law, we will inform all parties to whom your personal data has been transmitted of your request regarding correction or deletion of your personal data or the limitation of its processing, provided this notification is not impossible or does not involve unreasonable time and effort.
If you wish to exercise your rights and/or to obtain all relevant information, please contact us using the contact details provided in section 10. We will answer your request within no more than one month following receipt. Under applicable law and in accordance with the following information, you have the right to request information on your personal data, on the correction, deletion, or portability (e.g. transmittal of your personal data to another service provider) of the personal data pertaining to you which we process, and to request limitation of such processing.
(1) Right to information
You have the right at any time to request information from us free of charge about the personal data pertaining to you that is processed by us, the purposes of processing, the categories of recipients, the planned period of storage, or in the case of transfer to third countries, the appropriate guarantees. You also have the right to obtain a copy of your data.
(2) Correction of your personal data
Under applicable law, you have the right to correct the personal data you have shared with us. By changing the settings in these services, you can update your account information, change your profile settings, subscribe/unsubscribe to news from us, and set your preferences with regard to sharing of services, including location-based functions.
If you have signed up for our services in writing or by e-mail, please contact us using the contact details provided in section 10 in order to correct your personal data.
(3) Deletion of your personal data
You can request at any time that we delete your personal data, either in writing or by e-mail using the contact details shown in section 10. If you make such a request, we will immediately delete all personal data stored pertaining to your person, provided the purpose of processing no longer applies and no statutory or legal storage periods contradict deletion. In this case, we will block the data.
(4) Limitation of processing
If you request, in writing or by e-mail using the contact details in section 10, that we limit the processing of your personal data, e.g. if you question the correctness, legality, or necessity of our processing your personal data, we will limit the processing of your personal data to the necessary minimum (storage) and use it only when necessary to establish, exercise, or enforce our legal rights or to protect the rights of other natural or legal persons, and for other legal reasons. If the limitation is revoked and we once again process your data, you will be informed of this immediately.
(5) Portability of your personal data
You have the right to obtain the personal data that you have provided us under consent or contract and have been processed automatically. If you so request in writing or by e-mail using the contact details provided in section 10, we will provide you with your personal data immediately upon receipt of your request in a common, machine-readable format. At your request, we will transmit your personal data to an external party (data controller) named by you in your request, provided this request does not infringe upon the rights or freedoms of third parties and is technically feasible.
(6) Revocation of your consent/rights to revocation
You can revoke your consent at any time without stating reasons. To do so, please contact us by e-mail or letter (see contact details in section 10). We will discontinue use of your personal data for those purposes for which you have revoked consent and will block them appropriately. Revocation of your consent does not affect the legality of the processing that occurred based on your consent prior to revocation.
(7) Rights to objection
You also have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data by us that is performed on the basis of Article 6 Section 1 letter e GDPR (Performance of Tasks Carried out in the Public Interest) or Article 6 Section 1 letter f GDPR (Legitimate Interest of the Responsible Party); this also applies to profiling based on these provisions. In such a case, we cease to process personal data pertaining to you unless we can give evidence of compelling and legitimate grounds for processing that outweigh your interests, rights, and freedoms or unless processing serves the assertion, exercising, or defense of legal claims.
If the personal data pertaining to you is used for the purpose of direct-marketing activities, you have the right at any time to object to the processing of your personal data for such purposes. If you object to the processing for direct-marketing purposes, this data will no longer be used for these purposes.
Please direct any objections to the address provided in section 10.
(8) Complaint to the responsible data protection authority
You have the right to file a complaint regarding our processing of data with the responsible supervisory authority:
Urząd Ochrony Danych Osobowych
ul. Stawki 2 –
00-193 Warszawa
kancelaria@uodo.gov.pl
(9) Changes to our data protection regulations
We reserve the right to make alterations to this privacy statement from time to time in order to maintain conformance with current legal requirements or to implement changes to our services in the privacy statement, for example when we introduce new services. On your next visit, the new data protection regulation is then in force.
(10) Questions on data protection
If you have questions regarding data protection or if you wish to exercise your rights as set out in section 6, please make contact with us using the following details:
ECE Projektmanagement Polska Sp. z o.o.
ul. Przeskok 2
00-032 Warszawa
iodo@ece.com
Hamburg, 01.01.2021