We are pioneers in the field of fraud prevention. Of course, that means we also know our limits. People are never perfect. That makes us unique, lovable and – vulnerable.
As a responsible and reliable company, we want to behave in accordance with the rules at all times. If we disregard statutory regulations or internal company rules, we not only put our good reputation at risk, but also risk financial damage.
This applies not only to us, but to the entire Otto Group.
That is why everyone associated with the Otto Group – whether employees, business partners, suppliers or customers – has a responsibility to report possible compliance violations. Only with everyone’s help can we identify and counteract violations at an early stage.
Our digital whistleblower portal is a protected and secure reporting channel for all employees and for external stakeholders. The platform can be used anonymously, guaranteeing maximum protection for whistleblowers and sensitive data. Every piece of information fed into the system is checked at several stages by proven experts – so no tip-off leads to a hasty reaction or prejudgement.
Within the whistleblower system, you can decide whether your report should go to RISK IDENT’s compliance staff or be checked directly by our parent company.
You can reach our whistleblower system here:
Alternatively, you have the option of contacting the Otto Group Ombudsman in confidence: Attorney at Law Dr. Rainer Buchert. As a lawyer, he is subject to the legally recognized duty of confidentiality and is not allowed to pass on any information to third parties without consent.
Attorney at Law Dr. Rainer Buchert
Tel: +49 69 71033330 or 06105-921355
Legal Disclosure & Data Privacy
Information referred to §5 TMG (German Tele-Media Act):
Am Sandtorkai 50
20457 Hamburg, Germany
Phone: +49 40 60945 2590
Amtsgericht Hamburg HRB 124968
Felix Steinmann, Frank Heisel
Data security officer:
Herr Dr. Nils Christian Haag
Tel.: +49 (0) 40 790 235 402
Liability for Content
We make every effort to keep the information on our Web site current, but accept no liability whatsoever for the content provided. Pursuant to §7 par. 1 of TMG, the law limits our responsibility as a service provider to our own content on these Web pages. According to §8 to 10 of TMG, we are not obligated to monitor third party information provided or stored on our Web site. However, we shall promptly remove any content upon becoming aware that it violates the law. Our liability in such an instance shall commence at the time we become aware of the respective violation.
Liability for Links
Our site contains links to third-party Web sites. We have no influence whatsoever on the information on these Web sites and accept no guarantee for its correctness. The content of such third-party sites is the responsibility of the respective owners/providers. At the time third-party Web sites were linked to ours, we found NO GROUNDS WHATSOEVER of any likely contravention of the law. We shall promptly delete a link upon becoming aware that it violates the law.
The content and works provided on these Web pages are governed by the copyright laws of Germany. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator.
Data privacy of Risk.Ident GmbH
In the following data protection information, we inform you about the processing of personal data carried out by Risk.Ident GmbH, (“Risk.Ident” and/or “we” and/or “controller”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG).
Please read this information attentively. In case you have any questions or comments regarding the data protection information do not hesitate to contact email@example.com
1. Name and contact details of the responsible body
Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, Deutschland
Represented by the managers Piet Mahler, Frank Heisel
2. Contact details of the protection officer
You can reach the responsible data protection officer at:
Herr Dr. Nils Christian Haag
Tel.: +49 (0) 40 790 235 402
3. Processing purposes, legal basis and legitimate interests
3.1 Use of our websites/applications
3.1.1 Log files
With every use of our websites/applications, the respective internet browser of your device will send information to the server of our website/application which will temporarily be stored in the so-called log files. The thereby stored data sets contain the following data, which will be stored until the automatic deletion: date and time of the accessing, name of the viewed website, IP address of the requesting device, referrer URL, the transferred amount of data, loading time, as well as product and version information of the respectively used browser and the name of your access provider.
The processing of the IP address is done based on Art. 6 para. 1 lit. f) GDPR. We pursue the following legitimate interests:
- Guarantee of a smooth connection establishment,
- Ensuring comfortable use of our website/application,
- Evaluation of system security and stability.
From the information, one is not able to infer your identity and will as well not be realized by us.
The data will be stored and deleted after the achievement of the mentioned purposes. The respites for the deletion conform to respective necessities.
3.1.2 Cookies und Tracking
The website uses so-called “cookies”, tracking-tools and targeting-procedure. Which procedures exactly are meant by this and how your data will be used for this will be explained in detail subsequently.
3.2 Online presence and website optimization
3.2.1 Cookies – General information
Most of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer the next time you visit us (so-called permanent or session-spanning cookies). These cookies in particular serve to make our offer user-friendly, more effective, and safer.
Of course, you can set up your browser so that it does not store cookies on the hard disk. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser inform you when you receive a new cookie or how to delete all cookies you have already received and blocked them for all others.
In Internet Explorer
- In the “Tools” menu, select “Internet Options” – Click on the “Privacy” tab
- Now you can set the security settings for the internet zone. Here you can set whether and which cookies should be accepted or rejected
- With “OK” you confirm your attitude.
- In the menu “Extras” select Settings
- Click on “Privacy”
- In the drop-down menu, select “Create custom settings”
- Now you can set whether to accept cookies, how long you want to keep these cookies, and add exceptions to which sites you always or never want to allow cookies to use
- With “OK” you confirm your attitude
In Google Chrome
- Click the Chrome menu in the browser toolbar
- Now select “Settings”
- Click on “Show advanced settings”
- Under Privacy, click Content Settings
- Under “Cookies” you can make the following settings for cookies:
- Delete cookies
- Block cookies by default
- Allow cookies by default
- Delete cookies and website information by default after exiting the browser
- Allow exceptions to cookies from certain websites or domains
We point out that, in that case, you may not be able to fully use all the functions of this website.
If the cookies and/or the therein contained information are personally identifiable information, the legal basis of the data processing is Art. 6 para. 1 lit. f) GDPR. Thereby, our interest in optimizing our website is considered to be justified in the sense of the aforementioned provision.
3.2.2 Consent Google Adwords / Remarketing
Our website uses the service of Google Adwords. Google AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use the remarketing function within the Google AdWords service. The remarketing feature allows us to serve ads based on your interests on other sites within the Google advertising network. For this purpose, your surfing behavior on our website is analyzed, e.g. which offers you have viewed. This enables us to show you on the online search engine Google itself, so-called “Google ads” and on other websites individualized advertising after your visit to our website. For this purpose, Google stores a cookie in your browser when you visit Google services or websites in the Google advertising network. This cookie records your visits. The cookie is used to uniquely identify your web browser, not to identify you personally. The legal basis for this data processing is Article 6 paragraph 1 letter a) GDPR (consent).
3.2.3. Google Analytics as “basic version”
For the purpose of needs-based design and ongoing optimization of otto.com, we use the basic version of Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies” (text files), which are stored on your computer and which enable an analysis of your use of the website. On behalf of Risk.Ident, Google will use this information to evaluate your use of the website and to compile reports on website activity. Google processes the data collected through the use of the “basic version” of Google Analytics exclusively on the instructions of Risk.Ident and for purposes of Risk.Ident. Insofar as data collected via Google Analytics is used for advertising technologies of Google (e.g. Google Remarketing) and in this case is also processed by Google for its own purposes and/or purposes of third parties, such processing is only carried out if you have given your consent to the use of such advertising technology on riskident.com.
You can object to the collection of data by Google Analytics here.
3.2.4 Objection/opt-out possibility
In addition to the described deactivation methods, you can also generally prevent the described targeting technologies by means of a corresponding cookie setting in your browser (see also 3.2.1). You also have the option of deactivating preference-based advertising using the preference manager which can be accessed here.
This website uses Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (only with anonymized IP address). This results in a protocol of mouse movements, mouse clicks and keyboard interaction, with the intention of randomly reproducing individual visits to this website as so-called session replays as well as evaluating them in the form of so-called heat maps and deriving potential improvements for this website. The storage and processing of the collected data takes place within the EU.
The legal basis for this processing is Article 6 paragraph 1 letter f) GDPR. If you do not want Mouseflow to collect your data, you can object to it on all websites that use Mouseflow by clicking on the following link: https://mouseflow.com/opt-out/
Further information on data protection can be found at: https://mouseflow.com/de/privacy/
3.2.6 LinkedIn Insights Tag
The legal basis for the processing of personal data is Article 6 paragraph 1 letter f) GDPR.
You can object to the collection of data by LinkedIn here. As a result of your objection, LinkedIn will no longer collect any data about you on riskident.com.
3.3 Google Maps Plugin
This site uses the map service Google Maps. Google Maps is a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In order to use the functions of Google Maps, information, including the IP address and the address entered as part of the route function, may be transmitted to the provider’s servers. This information is usually transferred to a Google server in the USA and stored there. When you visit a website that contains Google Maps, your browser establishes a direct connection with the Google servers, whereby the map content is sent to your browser and integrated by it. The provider of this site has no influence on this data transfer. According to current knowledge, this includes the following data:
– Date and time of your visit to the website in question,
– Internet address or URL of the web page called up,
– IP address, (start) address entered during route planning
3.4 Contact us
You have the possibility to get in contact with us in several ways. By e-mail, by phone, by contact form or by mail. If you contact us, we use the personal data that you voluntarily provide us with in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is art. 6 paragraph 1 letter a), art. 6 paragraph 1 letter b), art. 6 paragraph 1 letter c) GDPR as well as art. 6 paragraph 1 letter f) GDPR.
4. Recipients outside the EU
With the exception of the processing described above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The above-mentioned processing operations result in a transfer of data to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the USA. The data transfer is carried out on the basis of so-called standard contractual clauses of the EU Commission and according to the principles of the so-called Privacy Shield.
5. Contract processor (new to be added)
Risk.Ident uses contract processors for the processing of your data. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively on behalf of the data controller.
6. Your Rights
In addition to your right of withdrawal of your consent you have the following further rights, if the legal requirements are met:
- the Right of access of your personal data (Art. 15 GDPR), especially you can obtain information about the purposes of the processing, the categories of the personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged storing period, the data source, as long as the data is not collected from you;
- the Right to rectification (Art. 16 GDPR);
- the Right to erasure (“right to be forgotten”) (Art. 17 GDPR), if there are no legal or contractual storage periods or other legal duties resp. rights about the on-going storage to comply with;
- the Right to restriction of processing (Art. 18 GDPR), if the accuracy of the personal data is contested by you, the processing is unlawful, and you oppose the erasure of the personal data; the controller no longer needs the personal data, but they are required by you for the establishment, exercise or defence of legal claims;
- the Right to data portability (Art. 20 GDPR), meaning your right to receive selected personal data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller;
- the Right of appeal to the supervisory authority. According to Art. 77 DS-BER, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. Generally, you can address your claim to the supervisory authority of your usual place of residence or work or our company headquarter.
You can claim the aforementioned rights at firstname.lastname@example.org. The right to data portability you can claim at the same address.
7. Right to object
The data subject has the right to object, on grounds relating to his or her particular situation based on Art. 21 para. 1 GDPR.
The above general Right to object applies to all purposes of processing described in this legal disclosure, which are processed based on Art. 6 para. 1 lit. f) GDPR. Unlike the special right of objection to data processing for advertising purposes we are, based on the GDPR, only obliged to effectuate such a general Right to object, if you give us reasons of overriding importance (e.g. possible danger to life or health).
8. Right of withdrawal
Forasmuch we process the data based on an approval granted by you, you have the right to withdraw your approval at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.