We are pioneers in the field of fraud prevention. Of course, that means we also know our limits. People are never perfect. That makes us unique, lovable and – vulnerable.

As a responsible and reliable company, we want to behave in accordance with the rules at all times. If we disregard statutory regulations or internal company rules, we not only put our good reputation at risk, but also risk financial damage.

This applies not only to us, but to the entire Otto Group.

That is why everyone associated with the Otto Group – whether employees, business partners, suppliers or customers – has a responsibility to report possible compliance violations. Only with everyone’s help can we identify and counteract violations at an early stage.


Whistleblower system 

Our digital whistleblower portal is a protected and secure reporting channel for all employees and for external stakeholders. The platform can be used anonymously, guaranteeing maximum protection for whistleblowers and sensitive data. Every piece of information fed into the system is checked at several stages by proven experts – so no tip-off leads to a hasty reaction or prejudgement.

Within the whistleblower system, you can decide whether your report should go to RISK IDENT’s compliance staff or be checked directly by our parent company.

You can reach our whistleblower system here:



Alternatively, you have the option of contacting the Otto Group Ombudsman in confidence: Attorney at Law Dr. Rainer Buchert. As a lawyer, he is subject to the legally recognized duty of confidentiality and is not allowed to pass on any information to third parties without consent.


Attorney at Law Dr. Rainer Buchert

Tel: +49 69 71033330 or 06105-921355

Legal Disclosure & Data Privacy

Information referred to §5 TMG (German Tele-Media Act):

Risk.Ident GmbH

Am Sandtorkai 50
20457 Hamburg, Germany

Phone: +49 40 60945 2590

VAT-ID: DE287875226
Amtsgericht Hamburg HRB 124968

Represented by:
Felix Steinmann, Frank Heisel

Data security officer:
Herr Dr. Nils Christian Haag

Liability for Content

We make every effort to keep the information on our Web site current, but accept no liability whatsoever for the content provided. Pursuant to §7 par. 1 of TMG, the law limits our responsibility as a service provider to our own content on these Web pages. According to §8 to 10 of TMG, we are not obligated to monitor third party information provided or stored on our Web site. However, we shall promptly remove any content upon becoming aware that it violates the law. Our liability in such an instance shall commence at the time we become aware of the respective violation.

Liability for Links

Our site contains links to third-party Web sites. We have no influence whatsoever on the information on these Web sites and accept no guarantee for its correctness. The content of such third-party sites is the responsibility of the respective owners/providers. At the time third-party Web sites were linked to ours, we found NO GROUNDS WHATSOEVER of any likely contravention of the law. We shall promptly delete a link upon becoming aware that it violates the law.


The content and works provided on these Web pages are governed by the copyright laws of Germany. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator.

Data privacy of Risk.Ident GmbH

State: 17.12.20

Data protection

In the following data protection information, we inform you about the processing of personal data carried out by Risk.Ident GmbH, (“Risk.Ident” and/or “we” and/or “controller”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG).

Please read this information attentively. In case you have any questions or comments regarding the data protection information do not hesitate to contact


1. Name and contact details of the responsible body
2. Contact details of the protection officer
3. Processing purposes, legal basis and legitimate interests
   3.1 Use of our websites/applications
     3.1.1 Log files
     3.1.2 Cookies und Tracking
   3.2 Online presence and website optimization
     3.2.1 Cookies – General information
     3.2.2 Consent Google Adwords / Remarketing
     3.2.3. Google Analytics as “basic version”
     3.2.4 Objection/opt-out possibility
     3.2.5 Mouseflow
     3.2.6 LinkedIn Insights Tag
   3.3 Google Maps Plugin
   3.4 Contact us
4. Recipients outside the EU
5. Contract Processor
6. Your Rights
7. Right to object
8. Right of withdrawal


1. Name and contact details of the responsible body

Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Deutschland

Represented by the managers Piet Mahler, Frank Heisel

Tel.: +49 40 60945 2590
for the following Internet pages ; ;

2. Contact details of the protection officer

You can reach the responsible data protection officer at:

Herr Dr. Nils Christian Haag
Tel.: +49 (0) 40 790 235 402

3. Processing purposes, legal basis and legitimate interests

3.1 Use of our websites/applications

3.1.1 Log files

With every use of our websites/applications, the respective internet browser of your device will send information to the server of our website/application which will temporarily be stored in the so-called log files. The thereby stored data sets contain the following data, which will be stored until the automatic deletion: date and time of the accessing, name of the viewed website, IP address of the requesting device, referrer URL, the transferred amount of data, loading time, as well as product and version information of the respectively used browser and the name of your access provider.

The processing of the IP address is done based on Art. 6 para. 1 lit. f) GDPR. We pursue the following legitimate interests:

  • Guarantee of a smooth connection establishment,
  • Ensuring comfortable use of our website/application,
  • Evaluation of system security and stability.

From the information, one is not able to infer your identity and will as well not be realized by us.

The data will be stored and deleted after the achievement of the mentioned purposes. The respites for the deletion conform to respective necessities.

3.1.2 Cookies und Tracking
The website uses so-called “cookies”, tracking-tools and targeting-procedure. Which procedures exactly are meant by this and how your data will be used for this will be explained in detail subsequently.


3.2 Online presence and website optimization

3.2.1 Cookies – General information

We use cookies on various pages to make the visit to our website attractive and to enable the use of certain functions as well as to record the use of our website statistically. Cookies are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans, or other malware. Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.

Most of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer the next time you visit us (so-called permanent or session-spanning cookies). These cookies in particular serve to make our offer user-friendly, more effective, and safer.

Of course, you can set up your browser so that it does not store cookies on the hard disk. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser inform you when you receive a new cookie or how to delete all cookies you have already received and blocked them for all others.

In Internet Explorer

  • In the “Tools” menu, select “Internet Options” – Click on the “Privacy” tab
  • Now you can set the security settings for the internet zone. Here you can set whether and which cookies should be accepted or rejected
  • With “OK” you confirm your attitude.

In Firefox

  • In the menu “Extras” select Settings
  • Click on “Privacy”
  • In the drop-down menu, select “Create custom settings”
  • Now you can set whether to accept cookies, how long you want to keep these cookies, and add exceptions to which sites you always or never want to allow cookies to use
  • With “OK” you confirm your attitude

In Google Chrome

  • Click the Chrome menu in the browser toolbar
  • Now select “Settings”
  • Click on “Show advanced settings”
  • Under Privacy, click Content Settings
  • Under “Cookies” you can make the following settings for cookies:
  1. Delete cookies
  2. Block cookies by default
  3. Allow cookies by default
  4. Delete cookies and website information by default after exiting the browser
  5. Allow exceptions to cookies from certain websites or domains

We point out that, in that case, you may not be able to fully use all the functions of this website.

If the cookies and/or the therein contained information are personally identifiable information, the legal basis of the data processing is Art. 6 para. 1 lit. f) GDPR. Thereby, our interest in optimizing our website is considered to be justified in the sense of the aforementioned provision.

3.2.2 Consent Google Adwords / Remarketing

Our website uses the service of Google Adwords. Google AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use the remarketing function within the Google AdWords service. The remarketing feature allows us to serve ads based on your interests on other sites within the Google advertising network. For this purpose, your surfing behavior on our website is analyzed, e.g. which offers you have viewed. This enables us to show you on the online search engine Google itself, so-called “Google ads” and on other websites individualized advertising after your visit to our website. For this purpose, Google stores a cookie in your browser when you visit Google services or websites in the Google advertising network. This cookie records your visits. The cookie is used to uniquely identify your web browser, not to identify you personally. The legal basis for this data processing is Article 6 paragraph 1 letter a) GDPR (consent).

You can deactivate the use of cookies by Google and thus revoke the consent you have given us for the use of the Google AdWords / Google Remarketing service by following the link below and downloading and installing the plug-in provided there:

Further information about Google Remarketing as well as Google’s privacy policy can be found at

3.2.3. Google Analytics as “basic version”

For the purpose of needs-based design and ongoing optimization of, we use the basic version of Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies” (text files), which are stored on your computer and which enable an analysis of your use of the website. On behalf of Risk.Ident, Google will use this information to evaluate your use of the website and to compile reports on website activity. Google processes the data collected through the use of the “basic version” of Google Analytics exclusively on the instructions of Risk.Ident and for purposes of Risk.Ident. Insofar as data collected via Google Analytics is used for advertising technologies of Google (e.g. Google Remarketing) and in this case is also processed by Google for its own purposes and/or purposes of third parties, such processing is only carried out if you have given your consent to the use of such advertising technology on

You can object to the collection of data by Google Analytics here.

3.2.4 Objection/opt-out possibility

In addition to the described deactivation methods, you can also generally prevent the described targeting technologies by means of a corresponding cookie setting in your browser (see also 3.2.1). You also have the option of deactivating preference-based advertising using the preference manager which can be accessed here.

3.2.5 Mouseflow

This website uses Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (only with anonymized IP address). This results in a protocol of mouse movements, mouse clicks and keyboard interaction, with the intention of randomly reproducing individual visits to this website as so-called session replays as well as evaluating them in the form of so-called heat maps and deriving potential improvements for this website. The storage and processing of the collected data takes place within the EU.

The legal basis for this processing is Article 6 paragraph 1 letter f) GDPR. If you do not want Mouseflow to collect your data, you can object to it on all websites that use Mouseflow by clicking on the following link:

Further information on data protection can be found at:

3.2.6 LinkedIn Insights Tag

This website uses the “LinkedIn Insights Tag”, an analysis tool of the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). The LinkedIn Insights tag allows us to collect information about visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. This data is encrypted, pseudonymized within seven days and the pseudonymized data is deleted within 90 days. The LinkedIn Insights tag is used for the purpose of tracking the success of campaigns, playing targeted advertising outside of our website (retargeting), and to gather additional information about LinkedIn members who view our ads. Please see the LinkedIn privacy policy for more information.

The legal basis for the processing of personal data is Article 6 paragraph 1 letter f) GDPR.

You can object to the collection of data by LinkedIn here. As a result of your objection, LinkedIn will no longer collect any data about you on

3.3 Google Maps Plugin

This site uses the map service Google Maps. Google Maps is a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, may be transmitted to the provider’s servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with the Google servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transfer. According to current knowledge, this includes the following data:

– Date and time of your visit to the website in question,

– Internet address or URL of the web page called up,

– IP address, (start) address entered during route planning

The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. The legal basis for this processing is Article 6 paragraph 1 letter f) GDPR. If you do not want Google to process data via this service, you can deactivate the use of JavaScript in your browser settings. Please note that in this case the interactive map function of Google Maps cannot be used.

You can find more information on the handling of user data in Google’s privacy policy:

3.4 Contact us

You have the possibility to get in contact with us in several ways. By e-mail, by phone, by contact form or by mail. If you contact us, we use the personal data that you voluntarily provide us with in this context solely for the purpose of contacting you and processing your request.

The legal basis for this data processing is art. 6 paragraph 1 letter a), art. 6 paragraph 1 letter b), art. 6 paragraph 1 letter c) GDPR as well as art. 6 paragraph 1 letter f) GDPR.

4. Recipients outside the EU

With the exception of the processing described above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The above-mentioned processing operations result in a transfer of data to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the USA. The data transfer is carried out on the basis of so-called standard contractual clauses of the EU Commission and according to the principles of the so-called Privacy Shield.

5. Contract processor (new to be added)

Risk.Ident uses contract processors for the processing of your data. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively on behalf of the data controller.

6. Your Rights

In addition to your right of withdrawal of your consent you have the following further rights, if the legal requirements are met:

  • the Right of access of your personal data (Art. 15 GDPR), especially you can obtain information about the purposes of the processing, the categories of the personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged storing period, the data source, as long as the data is not collected from you;
  • the Right to rectification (Art. 16 GDPR);
  • the Right to erasure (“right to be forgotten”) (Art. 17 GDPR), if there are no legal or contractual storage periods or other legal duties resp. rights about the on-going storage to comply with;
  • the Right to restriction of processing (Art. 18 GDPR), if the accuracy of the personal data is contested by you, the processing is unlawful, and you oppose the erasure of the personal data; the controller no longer needs the personal data, but they are required by you for the establishment, exercise or defence of legal claims;
  • the Right to data portability (Art. 20 GDPR), meaning your right to receive selected personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller;
  • the Right of appeal to the supervisory authority. According to Art. 77 DS-BER, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. Generally, you can address your claim to the supervisory authority of your usual place of residence or work or our company headquarter.

You can claim the aforementioned rights at The right to data portability you can claim at the same address.

7. Right to object

The data subject has the right to object, on grounds relating to his or her particular situation based on Art. 21 para. 1 GDPR.

The above general Right to object applies to all purposes of processing described in this legal disclosure, which are processed based on Art. 6 para. 1 lit. f) GDPR. Unlike the special right of objection to data processing for advertising purposes we are, based on the GDPR, only obliged to effectuate such a general Right to object, if you give us reasons of overriding importance (e.g. possible danger to life or health).

8. Right of withdrawal

Forasmuch we process the data based on an approval granted by you, you have the right to withdraw your approval at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Scroll to Top