Privacy Policy of the MediaMarktSaturn Retail Group

You have the right to contact our external Data Protection Officer directly with any questions relating to data protection:

By post:

Dr. Christian Borchers
c/o datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

E-mail: MMS-DSB@datenschutz-sued.de

We process your personal data, among other things, for the following purposes:

// Making contact and customer service

// Events (including invitation management)

// Log files, cookies, web analytics services and identifiers

// Statistical evaluations, prevention of misuse, and enforcement of legal claims

In detail:

a) Making contact and customer service

When you contact us by telephone (hotline) or e-mail, the data you provide will be processed by us. The contact itself is also logged so that we can comply with legal requirements.

The hotline uses personal contact persons, but also relies on the use of a call bot in order to respond to your concerns as quickly as possible. The call bot is used to answer frequently asked questions (“FAQ”). It operates with artificial intelligence (“AI”) from Microsoft OpenAI, provided in the Azure environment. For this purpose, a voice recording of your call is made and temporarily stored for technical reasons. What you say is transcribed into text form and the bot analyzes the text thus converted – there is no analysis of your voice. As soon as the bot has “understood” the statements in this sense, the voice recording is deleted and the bot automatically generates an appropriate response text. This is then converted in such a way that the answer is played back in spoken form by the call bot. In order for the call bot to answer FAQs, you do not have to provide any personal data. Only a transcription of the conversation in text form is stored for 30 days for error analysis and optimization of the call bot. In addition, telecommunications data, e.g. phone number and call times, are recorded and stored in the context of telephony. Your data is not made available to third parties; in particular, the contents are not used by the AI for training purposes.

During our service hours, you always have the option of speaking to an employee rather than the call bot by pressing the corresponding key in the announcement before the conversation or by requesting during the conversation to be connected to an employee.

The processing of your data in connection with the call bot is carried out on the basis of our legitimate interest in efficient handling of customer inquiries.

The legal basis is Art. 6(1)(b), (c) and (f) GDPR.

If you have given your consent in the context of contacting us via the hotline, we record your call. Consent is given via the voice dialog system and is documented together with the corresponding communication connection data. We process your data for training and quality purposes in order to improve our services.

The legal basis is Art. 6(1)(a) GDPR. You may withdraw your consent at any time as described in the section “Your rights”.

b) Events (including invitation management)

As part of our invitation management for participation in events, we process your last name, first name, salutation, e-mail address, company and, where applicable, position/job title.

The data is processed for the purpose of carrying out the invitation process, in particular for sending invitations by e-mail. You can unsubscribe from the mailing list at any time on your own.

Your contact data will be used exclusively for the organization and implementation of the event.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in informing interested and invited persons, as well as in organizing and carrying out the invitations to and the organization and implementation of events.

c) Log files, cookies, web analytics services and identifiers

When you visit our website, the internet connection data that your browser transmits to our server is first processed. Each time our website is accessed, a series of general data and information is collected, which is temporarily stored in log files on a server. A log file is created as part of an automatic record by the processing computer system. The following may be recorded, among other things:

// Access to the website (date, time and frequency)

// How you arrived at the website (previous page, hyperlink, etc.)

// Amount of data sent

// Which browser and browser version you use

// The operating system you use

// Which internet service provider you use

// Your IP address, which your internet access provider assigns to your computer when you connect to the internet.

The legal basis for this data processing is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR as well as Section 25(2) No. 2 TDDDG (Telecommunications-Telemedia Data Protection Act), since the processing of this data is required for the operation of the website in order to ensure the functionality of the website and to correctly deliver the content of our website. The data also serves to optimize our website and to ensure the security of our IT systems.

For improved functionality and analysis, we use cookies, analytics tools and other technologies. For this purpose, we use proprietary solutions or solutions from service providers. The legal basis is Art. 6(1)(a), Art. 7 and in part Art. 49(1)(a) GDPR as well as Section 25(1) TDDDG. You can find a cookie overview and more detailed information on the individual services (including details on the specific purposes of processing, the types of data, the recipients and their location, and any transfer to a third country), along with the option to activate and deactivate/withdraw consent, in the privacy settings, which you can access again by clicking the fingerprint icon.

d) Statistical evaluations, prevention of misuse and enforcement of legal claims

We also process your data for the creation of statistics to improve our products and services. Your data is pseudonymized for this processing and is not evaluated on the basis of individual customers or used to predict your personal preferences.

However, the processing of your data may also be required, for example, to ensure IT security and IT operations or to prevent and investigate criminal offences and cases of misuse, in particular through data analyses.

Finally, we process your personal data insofar as we are legally obliged to do so, for example on the basis of an official or court order, and for the exercise of our rights and for legal defense.

The legal basis for this is Art. 6(1)(f) and (c) GDPR.

When passing on your personal data, we always ensure the highest possible level of security. Therefore, your data is only passed on to group-affiliated companies and, if applicable, to carefully selected and contractually bound service providers and contractual and cooperation partners.

a) Group-affiliated companies

The companies affiliated with us under company law (Sections 15 et seq. German Stock Corporation Act (AktG)) receive your data so that we can provide you with all services and offers.

The legal basis is Art. 6(1)(b), (c) and (f) GDPR.

b) Third-party service providers and processors

In order to be able to fulfill our contractual and legal obligations, we also use external service providers. Your data may be passed on, among others, to the following recipients:

• Third-party service providers, e.g. for fulfilling orders, sending parcels and letters; delivery of goods to logistics companies
• Processors within the meaning of Art. 28 GDPR, e.g. to ensure our IT operations and for sending our newsletter

Insofar as these companies act as processors on our behalf, they may process the provided personal data exclusively in accordance with our instructions and for the purposes specified by us, Art. 28 GDPR.

The legal basis is Art. 6(1)(b), (c) and (f) GDPR.

c) Disclosure to other third parties

We will disclose your data to third parties or public authorities within the framework of the applicable data protection laws if we are legally obliged to do so due to an official or court order or if we are entitled to do so, for example because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

The legal basis is Art. 6(1)(c) and (f) GDPR.

We attach great importance to processing your data within the EU. However, it may occur that we use service providers that process data outside the EU (“third countries”) in the context of the administration, development and operation of IT systems as well as marketing and customer communication. In these countries, despite careful selection and obligation of the service providers, the high European level of data protection cannot necessarily be guaranteed. If data is transferred to the USA, for example, there is a risk that this data may be processed by US authorities for monitoring and control purposes without effective legal remedies being available or all data subject rights being enforceable.

If we use service providers in third countries, we take additional measures in accordance with Art. 44 et seq. GDPR to ensure an adequate level of data protection when transferring personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding EU standard contractual clauses and additional safeguards, supplementary technical and organizational measures such as encryption or anonymization).

If any data transfer is based on your consent, the submission of such a declaration is voluntary. This then also includes your consent pursuant to Art. 49(1)(a) GDPR to data processing outside the EEA, e.g. in the USA.

You can withdraw this consent as described in the “Your Rights” section, or—if you have given your consent to the use of the relevant services on our website—you can also withdraw it in the privacy settings by clicking the fingerprint icon.

We process and store your personal data only for the period necessary to fulfill the processing purpose or insofar as this is provided for in laws or regulations. After the purpose ceases to apply or is fulfilled, your personal data will be deleted or blocked. In the event of blocking, deletion will take place as soon as there are no statutory or contractual retention periods to the contrary.

Of course, you have rights with regard to the collection of your data, which we are pleased to inform you about here. Under the statutory conditions, you have the right

// of access to your personal data processed by us (Art. 15 GDPR)

// to rectification (Art. 16 GDPR)

// to erasure (Art. 17 GDPR)

// to restriction of processing (Art. 18 GDPR)

// to data portability (Art. 20 GDPR)

// to object to processing (Art. 21 GDPR)
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing at any time.

// to withdraw consent given (Art. 7(3) GDPR)
If your personal data is processed on the basis of consent, the lawfulness of the processing carried out on the basis of the consent up to the time of withdrawal is not affected by the withdrawal.

If you have general questions about data protection at MediaMarktSaturn or if you would like to exercise the rights to which you are entitled under the GDPR*, a simple message is sufficient. You can use the following contact details:

By post:

MediaMarktSaturn Retail Group GmbH
– Data Protection Department –
Media-Saturn-Straße 1
85053 Ingolstadt

E-mail: datenschutz@mediamarktsaturn.com

*For your own protection, when you assert your rights (e.g. requests for information or requests for erasure), we are obliged, where applicable, to obtain further information required to confirm your identity, in order, for example, not to disclose personal data to unauthorized persons or to delete such data.

If identification is not possible, we must refuse to process such requests if we have doubts about your identity.

In addition, you also have the right to contact our external Data Protection Officer directly with any questions relating to data protection:

By post:

Dr. Christian Borchers
c/o datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

E-mail: MMS-DSB@datenschutz-sued.de

If you have given your consent to the use of corresponding services on our website, you can also withdraw it in the data protection settings.

In addition to the rights mentioned above, you also have the right to lodge a complaint with the supervisory authority responsible for us if you are of the opinion that the processing of your personal data violates the GDPR, Art. 77 GDPR. The authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach

Our website contains links to websites of other companies. We are not responsible for data protection measures on external websites that you can access via these links. Please inform yourself there about the data protection provisions of the external websites.

In order to ensure that our data protection information always complies with current legal requirements, we reserve the right to make changes at any time. This also applies if the data protection information has to be adapted due to new or revised offers or services.

Status: December 2025, Version 20251208