We are pioneers in the field of fraud prevention. Of course, that means we also know our limits. People are never perfect. That makes us unique, lovable and – vulnerable.

As a responsible and reliable company, we want to behave in accordance with the rules at all times. If we disregard statutory regulations or internal company rules, we not only put our good reputation at risk, but also risk financial damage.

This applies not only to us, but to the entire Otto Group.

That is why everyone associated with the Otto Group – whether employees, business partners, suppliers or customers – has a responsibility to report possible compliance violations. Only with everyone’s help can we identify and counteract violations at an early stage.

 

Whistleblower system 

Our digital whistleblower portal is a protected and secure reporting channel for all employees and for external stakeholders. The platform can be used anonymously, guaranteeing maximum protection for whistleblowers and sensitive data. Every piece of information fed into the system is checked at several stages by proven experts – so no tip-off leads to a hasty reaction or prejudgement.

Within the whistleblower system, you can decide whether your report should go to RISK IDENT’s compliance staff or be checked directly by our parent company.

You can reach our whistleblower system here:
https://www.bkms-system.com/ottogroup-speakup

 

Ombudsman

Alternatively, you have the option of contacting the Otto Group Ombudsman in confidence: Attorney at Law Dr. Rainer Buchert. As a lawyer, he is subject to the legally recognized duty of confidentiality and is not allowed to pass on any information to third parties without consent.

 

Attorney at Law Dr. Rainer Buchert

Tel: +49 69 71033330 or 06105-921355

dr-buchert@dr-buchert.de

Privacy information of Risk.Ident GmbH, Am Sandtorkai 50

20457 Hamburg, Germany for the website www.riskident.com

In the following privacy information, we inform you about the processing of personal data by Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg (“RiskIdent” and/or “we” and/or “controller”) in accordance with the DSGVO and the Federal Data Protection Act (BDSG 2018).

Please read our privacy information carefully. If you have any questions or comments about our privacy information, please feel free to contact us at datenschutz@riskident.com.

Table of Contents

1. Name and contact details of the controller responsible for processing
2. Contact details of the data protection officer
3. Online presence and website optimization (using cookies) including consent

3.1. Cookies – General information and consent requirements

3.2. Intervention options / browser settings

3.3 Consent management of the provider Borlabs

3.4. Consents for the use of individual online services / the collection of tracking data

3.4.1 Essential: Technically necessary cookies (No consent required)

3.4.2. Statistics: Consent for statistics cookies

3.4.2.1 Consent for Google Analytics as “basic version”

3.4.2.2 Consent for Microsoft Bing

3.4.2.3 Consent for Mouseflow

3.4.2.4 Consent for Google Optimize

3.4.3 Marketing: Consents for marketing cookies

3.4.3.1 Consent for LinkedIn Insights Tag / LinkedInAds

3.4.3.2 Consent for Capterra Conversion Tracking

1. Contacting
2. Data processors
3. Recipients outside the EU
4. Duration of data storage
5. Your rights

8.1. Your rights in detail

 

1. Name and contact details of the controller responsible for processing

This privacy information applies to data processing by:

Risk.Ident GmbH

Am Sandtorkai 50

20457 Hamburg

Germany

represented by the managing directors:

Felix Steinmann

Frank Heisel

for the following websites: www.riskident.com and www.onlinefraudforum.com.

2. Contact details of the data protection officer

You can reach the company’s data protection officer at:

Mr. Dr. Nils Christian Haag

E-mail: datenschutz@riskident.com

3. Online presence and website optimization (using cookies) including consents

We collect data on user behavior on this website (tracking data). This includes, among other things, which individual subpages (article detail pages) were accessed. For this purpose, cookies can be set in the browser used by the respective user, among other things. The collection of tracking data is generally only permitted if you have consented to it beforehand (§ 25 para. 1 sentence 1 TTDSG). You can give such consent by clicking the “AGREE” button in the “Cookie Banner” displayed on this website. However, consent is not required for the processing of such tracking data necessary for the provision of the website (§ 25 para. 2 no. 2 TTDSG). This includes, for example, setting cookies for the purpose of displaying the shopping cart. The information about your usage behavior can be used by us, among other things, to display interesting offers to you on our website or to advertise to you with personalized content (e.g., retargeting) on other websites. Insofar as personal data about your usage behavior on this website can also be used by other providers, e.g., for the purpose of “enriching their own information”, such use will also only take place in these cases if you have previously consented to it. In these cases, the further processing of the data collected on this website is regularly carried out in the sole responsibility of the providers. In the course of this further processing, the providers may transfer the data to the USA. The European Court of Justice has determined that the USA is a country with an insufficient level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you being given adequate legal recourse against this. Tracking data collected and stored by us is processed exclusively in a pseudonymized form. This prevents the data from being assigned to your person. If you wish to delete individual cookies set in your browser or find out which service providers/providers have set cookies in your browser, you can do this via a “preference manager.” One such is available, for example, at www.youronlinechoices.com. In addition, you have the option to set your browser so that it prevents the setting of cookies or only allows the setting of certain types of cookies. Details on the possibility of changing the settings of common browser types (including Google Chrome, Firefox) can be found under item 3.2. of these privacy notices.

 

3.1. Cookies – General information and obligation to obtain consent

This website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.). The cookie stores information related to the specific device used. However, this does not mean that we receive direct knowledge of your identity. Some of the cookies we use are deleted after the end of the browser session (so-called session or session cookies). These cookies allow us, for example, to offer you a cross-page shopping cart display where you can see how many items are currently in your shopping cart and the current purchase value. Other cookies remain on your computer and enable us to recognize your computer on your next visit (so-called permanent or cross-session cookies). These cookies, in particular, serve to make our offer more attractive to you. Thanks to these files, it is possible, for example, to display information on this website that is specifically tailored to your interests.

According to legal requirements, storing information on end devices (desktops, mobile phones, tablets, etc.) – e.g., by setting cookies – and retrieving information from end devices (tracking) is generally only permitted if you have given your prior consent. The legal basis for this is Section 25 (1) sentence 1 of the TTDSG. However, consent does not have to be given if such storage/retrieval is necessary for the provision of the website/app. The legal basis for this is Section 25 (2) No. 2 TTDSG. A necessity exists, for example, with regard to ensuring the following functionalities/achieving the following purposes:

– Ensuring system security

– Enabling billing of partners.

With regard to the data processing necessary for the operation of the website, you do not have the right to object.

You can use this website without data being retrieved from or stored on your end device for purposes that are not necessary for the offer of this website. For this reason, only “basic tracking” is activated when using this website – if you do not give any further consent.

3.2. Intervention options/browser settings

Of course, you can set up your browser so that it does not store our cookies on your end device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie, or how to delete all cookies you have already received and block all others.

To do this, please proceed as follows:

In Internet Explorer:

1. Select “Internet Options” from the “Tools” menu.
2. Click on the “Privacy” tab.
3. Here you can make the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
4. Confirm your setting with “OK”.

In Firefox:

1. Select the “Settings” item from the “Tools” menu.
2. Click on “Privacy”.
3. Select “Create custom settings” from the drop-down menu.
4. Now you can set whether cookies should be accepted, how long you want to keep these cookies, and add exceptions for which websites you always or never want to allow cookies.
5. Confirm your setting with “OK”.

In Google Chrome:

1. Click on the Chrome menu in the browser’s toolbar.
2. Now select “Settings”.
3. Click on “Show advanced settings”.
4. Click on “Content settings” under “Privacy”.

Under “Cookies” you can make the following settings for cookies:

• Delete cookies
• Block cookies by default
• Delete cookies and website data by default when closing the browser

1. • Allow exceptions for cookies from specific websites or domains

If you want to delete individual cookies set in your browser or find out which service providers/providers have set cookies in your browser, you can do this via a “preference manager”. One such manager is available at www.youronlinechoices.com.

3.3 Consent management of Borlabs provider

For managing your settings and documenting user consents for our services, we use the consent tool Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (“Borlabs”). Borlabs is used, among other things, to store cookie settings for the entire website. Borlabs stores information about the categories of cookies used by the website and whether users have given or revoked their consent for the use of individual categories. This allows us to prevent cookies in each category from being set in the user’s browser if no consent is given for individual categories. Borlabs uses cookies for information storage, which have a normal lifespan of one year, so that the settings of returning visitors are saved. The legal basis for this is Article 6 (1) c DSGVO.

3.4 Consent for the use of individual online services / the collection of tracking data

As already set out in Section 3.1 of these data protection notices, we collect and process tracking data, in some cases based on consent. You give this consent by clicking on the “ACCEPT ALL” button in a banner on the website, which links to these consent texts. By clicking on the “ACCEPT ALL” button, you give your consent for us to store data on your device (e.g., by setting cookies) or retrieve data from your device. Furthermore, by clicking on the “ACCEPT ALL” button, you consent to the use of certain advertising functionalities of third parties, the use of which requires consent. You also have the option to click on “Settings” in the banner and manage your consent preferences there. You can change your consent and preferences at any time in our consent management. The categories “Essential Cookies”, “Statistic Cookies”, and “Marketing Cookies” are differentiated there. The data processing associated with these advertising functionalities is described in the following (Section 3.4.1 to Section 3.4.3 of this Privacy Policy).

All data processing covered by the consent you give by clicking on the “ACCEPT ALL” button serves the same purpose, namely “advertising”.

Revocation of all consents

You can revoke all consents you have given by clicking on the “ACCEPT ALL” button in the banner by clicking here and selecting “REJECT ALL”.

3.4.1 Essential: Technically necessary cookies (No consent required)

3.4.2 Statistics: Consent for statistic cookies

3.4.2.1 Consent for Google Analytics as a “basic version”

For the purpose of demand-oriented design and continuous optimization of this website, we use Google Analytics based on consent. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses, among other things, so-called “cookies” (text files) and similar technologies that are stored on your device and enable an analysis of your use of the website. This information is used to evaluate your use of the website and to compile reports on website activities. It is possible that Google will use the data collected about your usage behavior for its purposes or for the purposes of other Google customers. The processing of the data after their transmission by RiskIdent to Google Ireland Limited is carried out by Google as the sole data protection controller. In this context, Google Ireland Limited, as the sole data protection controller, may store data about you in the USA. The European Court of Justice has found that the USA is a country with an insufficient level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and surveillance purposes without you having sufficient legal recourse against this. The legal basis for this data processing is Article 6 (1) a) DSGVO.

You can revoke your consent to data processing by Google Analytics at any time here in our consent management by deselecting the “Statistics” category or refusing to grant consent for the use of Google Analytics.

3.4.2.2 Consent for Microsoft Bing

Our website uses the Microsoft Bing service. The use of the service allows us to evaluate the success of advertising campaigns, and it is provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521) (“Microsoft”). Upon visiting our website and granting consent, a cookie enables the collection of actions performed on the website and sends this information back to Microsoft. Microsoft stores a cookie in your browser for this purpose. This cookie records your visits and can then be used for campaign optimization. The cookie serves to uniquely identify your web browser and not your person. The legal basis for this data processing is Article 6(1)(a) DSGVO (consent). More information on Microsoft’s privacy policy can be found here. You can also assert your rights as a data subject with Microsoft (e.g., right to erasure). Microsoft processes the data collected about you on this website as the sole data controller. In this context, there is a possibility that your data will be transferred to the United States by Microsoft. The European Court of Justice has determined that the United States is a country with an insufficient level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/agencies for control and monitoring purposes without adequate legal remedies available to you. The legal basis for the data processing described above is consent under Article 6(1)(a) DSGVO.

You can withdraw your consent to the described data processing by Microsoft (Bing) at any time here in our consent management by deselecting the “Statistics” category or by declining consent for the use of Microsoft Retargeting.

3.4.2.3 Consent for Mouseflow

This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to randomly record individual visits (only with anonymized IP address). This creates a log of mouse movements, mouse clicks, and keyboard interactions, with the intention of replaying individual visits to this website as so-called session replays, and evaluating them in the form of so-called heatmaps to derive potential improvements for this website. The storage and processing of the collected data take place within the EU.

The legal basis for this processing is Article 6(1)(a) DSGVO.

You can withdraw your consent for the use of Mouseflow at any time here in our consent management by deselecting the “Statistics” category or by declining consent for the use of Mouseflow.

3.4.2.4 Consent for Google Optimize

To improve our website, we use Google Optimize (Google Ireland Limited) in the field of A/B testing with your consent. Google Optimize allows us to increase the attractiveness, content, and functionality of our website by displaying new features and content to a percentage of our users and statistically evaluating the changes in usage. Google Optimize analyzes the use of different variants of the website, allowing us to adjust the user-friendliness according to the behavior of website users.

The legal basis for processing is consent under Article 6(1)(a) DSGVO.

You can withdraw your consent for data processing by Google Optimize at any time here in our consent management by deselecting the “Statistics” category or by declining consent for the use of Google Optimize.

3.4.3 Marketing: Consent for Marketing Cookies

3.4.3.1 Consent for LinkedIn Insights Tag / LinkedInAds

This website uses the “LinkedIn Insights Tag”, an analytics tool of the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). The LinkedIn Insights Tag allows the collection of data about visits to our website, including URL, Referrer URL, IP address, device and browser properties, timestamps, and page views. This data is encrypted, pseudonymized within seven days, and the pseudonymized data is deleted within 90 days. The use of the LinkedIn Insights Tag is for the purpose of tracking the success of campaigns, displaying targeted advertising outside our website (retargeting), and gathering additional information about LinkedIn members who view our advertisements. You can find more information in LinkedIn’s privacy policy here.

The legal basis for processing personal data is Article 6(1)(a) DSGVO.

You can withdraw your consent for the use of the LinkedIn Insight Tag at any time here in our consent management by deselecting the “Marketing Cookies” category or by declining consent for the use of the LinkedIn Insight Tag.

3.4.3.2 Consent for Capterra Conversion Tracking

This website uses “Capterra Conversion Tracking”, an analytics tool of the research platform Capterra (Capterra Inc. 1201 Wilson Blvd, 9th Floor, Arlington, Va 22209, USA). The Capterra Conversion Tracking Tag allows the collection of data about visits to our website, including Referrer URL, IP address, Session ID Cookie from Capterra.com, GetApp.com, Softwareadvice.com, and timestamp. The use of Capterra Conversion Tracking is for the purpose of tracking the success of campaigns.

You can withdraw your consent for the use of Capterra Conversion Tracking at any time here in our consent management by deselecting the “Marketing Cookies” category or by declining consent for the use of the LinkedIn Insight Tag.

4. Contacting Us

You have the opportunity to contact us in several ways. By email, by phone, via contact form, or by mail. When you contact us, we use the personal data that you voluntarily provide to us solely for the purpose of contacting you and processing your request.

The legal basis for this data processing is Article 6 paragraph 1 letter a), Article 6 paragraph 1 letter b), Article 6 paragraph 1 letter c) DSGVO, and Article 6 paragraph 1 letter f) DSGVO.

5. Data Processor

Risk.Ident uses data processors within the scope of processing your data. A data processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller. Data processors do not use the data for their own purposes, but rather carry out the data processing exclusively for the data controller.

6. Recipients outside the EU

With the exception of the processing where we inform about the possibility of transferring data to recipients located outside the EU in these privacy notices, we do not transfer your data to recipients located outside the European Union or the European Economic Area. Data transfers are based on so-called standard contractual clauses of the EU Commission.

7. Duration of Data Storage

The duration of the storage of the data collected about you depends on the purpose for which we process the data. Storage takes place as long as it is necessary to achieve the pursued purpose. If we are required by law (e.g., tax obligations) to store certain data categories for a certain period of time, the continued storage of the data after it is no longer necessary for achieving the respective purpose is carried out exclusively for the purpose of fulfilling the legal obligation. In these cases, the data is blocked for access.

Examples of storage durations:

Use of data for marketing purposes (without tracking): 3 years.

Consents: Permanent storage as long as consents are used continuously (e.g., permanent sending of email newsletters).

Tracking data: 2 years.

Data for the purpose of implementing (advertising) objections: Unlimited storage.

8. Your Rights

In connection with the processing of personal data by us, you have data subject rights. For example, you have the right to request information about the data stored about you by us. You can also revoke consents given to us and object to individual data processing. You also have the right to have incorrect data corrected and to request that we provide you with specific data in a common electronic format. Furthermore, you have the right to delete the data stored by us about you. Please note in this regard that we may be legally obliged to continue storing the data despite your request for deletion. In addition, we may have an interest in continuing to store your data that outweighs your interest in its deletion (e.g., if we still have outstanding claims against you).

8.1. Your Rights in Detail

In addition to the right to revoke your consent given to us, you have the following additional rights, provided the respective legal requirements are met:

the right to access your personal data stored by us (Article 15 DSGVO), in particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the origin of your data, if it was not collected directly from you;

the right to rectification of incorrect or completion of correct data (Article 16 DSGVO);

the right to deletion of your data stored by us (Article 17 DSGVO), insofar as no legal or contractual retention periods or other legal obligations or rights for further storage by us must be observed (e.g., if we still have outstanding claims against you);

the right to restriction of processing your data (Article 18 DSGVO), insofar as the accuracy of the data is contested by you, the processing is unlawful, but you refuse its deletion; the controller no longer needs the data, but you require it for the assertion, exercise, or defense of legal claims, or you have objected to the processing according to Article 21 DSGVO;

the right to data portability (Article 20 DSGVO), i.e., the right to receive selected data stored by us about you in a common, machine-readable format, or to request transmission to another controller;

the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

You can exercise the aforementioned rights by contacting us at datenschutz@riskident.com. You can also assert your right to data portability by contacting datenschutz@riskident.com.

You can also request information about your personal data stored by us by sending an email to datenschutz@riskident.com.

Last updated: May 2023