Privacy Policy

for Loyalty Card Program and Websites

 

 

 

1. General

 

mfi Immobilien Marketing GmbH, Klaus-Bungert-Straße 1, 40468 Düsseldorf, Deutschland, Amtsgericht Düsseldorf, HR B 75970, as the local level data controller (“Local Data Controller”), and Unibail Management S.A.S., 7 place du Chancelier Adenauer, 75016 Paris, France, registered with the Paris Register of Commerce and Companies, no. 414878389, as the Group level data controller (“Group Data Controller”); as joint data controllers (“Data Controllers”), (“We” / “Us”) process your personal data within the context of the provisions of Our Loyalty Card Program and mobile applications (jointly referred to as “Services”), which may be accessed via various media or devices and are made available by Us, in particular, via mobile applications,  websites, or in hardcopy format. We place great emphasis on the protection of personal data. Personal data includes any information relating to an identified or identifiable individual.

 

The Local Data Controller collects personal data relating to shopping center, website, or application customer/visitors. They process your data in order to inform you about specific offers and events pertaining to the respective shopping center. The Group Data Controller has concluded various data processing agreements and service agreements with service providers to provide you with the technical means to register for the Loyalty Card Program or download and use the App. Furthermore, the Group Data Controller negotiates special offers for Loyalty Card holders with third parties. These offers are provided by the Local Data Controller. The Data Controllers analyze your customer behavior in order to provide you with customized offers and inform you about events you might be interested in.

 

  1. Loyalty Card Program (“Loyalty Card Program”)

  2. This program comprises Our loyalty card, which is available for each individual shopping center. It aims at providing you with customized information.

  3. Shopping Center App (“App”): Our App provides general information about the shopping center (e.g., maps, shops, business hours). You also have the opportunity to use the Additional Services (e.g., Smart Park).

  4. Commercial information can be provided via e-mail or via other channels, such as push messages (“Commercial Information”).As described above, the Local Data Controller and/or Group Data Controller has negotiated special conditions for its customers with various third parties. These third parties only have access to your personal data to the extent stipulated in Section 5 hereof. Based on Our analysis of your customer behavior, We provide you with these specific third-party offers, provided that We have obtained your prior consent (opt-in in the user interface).

Upon visiting our website, the Local Data Controller collects personal data relating to website users for the purpose of placing the website content at your disposal as well as offering other services, such as a contact form, registration for Our newsletter, registration for Our Loyalty Card Program, etc.

The purpose of this privacy policy (“Privacy Policy”) is to inform you about

  1. how We collect and process the personal data that you submit or disclose to Us or that is collected via your access or use of Our Services and within the scope of these Services, and

  2. your rights, including how you can exercise them and what We can do to assist you in the exercising of your rights.

We encourage you to read this Privacy Policy carefully. By using the Services and providing your personal data to Us, you acknowledge that you have been informed of Our use of your personal data as set out in this Privacy Policy. If you do not wish for your personal data to be used by Us as set out in this Privacy Policy, please do not provide Us with your personal data. Please note that in such case, you may not have access to and/or be able to use all the Services features (such as customized discounts, options, and preferences).

 

The Services are intended for users aged sixteen (16) and older.

2. Data Controllers

The Local Data Controller for the processing of your personal data under the Loyalty Card Program and/or App is:

 

mfi Immobilien Marketing GmbH
Klaus-Bungert-Straße 1, 40468 Düsseldorf, Germany
Tel.: 0049 (0) 211 302 310
Fax: 0049 (0) 211 302 31 111
E-mail: germany@unibail-rodamco.com
Website: www.unibail-rodamco.de

The Group Data Controller for the processing of your personal data under the Loyalty Card Program and/or App is:

Unibail Management S.A.S.
7 place du Chancelier Adenauer, 75016 Paris, France

 

3. Data Protection Officer

The Local Data Controller has appointed Mr. Torsten Weirich, LL.M., as the Data Protection Officer. Please find his contact details below:

Torsten Weirich, LL.M.
Unibail-Rodamco Germany GmbH
Klaus-Bungert-Straße 1, 40468 Düsseldorf, Deutschland
Tel.: 0049 (0) 211 302 31 105
Fax: 0049 (0) 211 302 31 111
E-mail: datenschutz@unibail-rodamco.com

 

4. Purpose of processing

 

4.1     HOW WE COLLECT PERSONAL DATA

We collect your personal data in different ways:

 

4.1.1 Registration information you provide to Us

Some of Our Services require you to create an account, in particular, Our Loyalty Card Program and some of the features available via Our App. If you create an account via the completion of the registration form, you will be asked to provide your contact details and other personal data (title, first name, last name, date of birth, postcode, e-mail address, mobile number, gender, password, your agreement to receive Commercial Information, and any other information necessary for the provision of Our Services).

 

4.1.2 Registration information you allow third parties to transmit to Us

Some of Our Services require you to create an account via a third party, in particular, Our promotional activities. If you create an account via a third party, within the scope of Our Services, this third party will submit the personal data provided during the sign-up process to Us (including first name, last name, and e-mail address). In this event, the supplementary privacy policies established by the respective third parties, under which you authorize third parties to transfer your personal data to Us, may apply to you as well.

 

4.1.3    Registration information you allow social networks to transmit to Us

If you create an account via your social network account (i.e., Facebook or Google+), upon your prior consent, the relevant social network will submit your personal data to Us (including first name, last name, user name, profile picture, e-mail address, gender, date of birth, education, school, job title), your address (country, city, street address, post code, phone number), your “likes” (e.g., websites, favorite movies, favorite music, favorite TV shows), posts, friend lists, and any other information you qualify as publicly available.

 

4.1.4 Personal data We collect when you use Our Services

a) When you use the loyalty card, We collect and process

  • information relating to your shopping profile;
  • the frequency and duration of your visits;
  • information relating to your purchasing and visitor behavior (especially tracking); and
  • if you registered for the Loyalty Card Program via your social network account, information related to your interactions with the Loyalty Card Program on such social network;

b) When you use Our App or website services as a registered user, We collect and process:

  • the information detailed above (Sec. 4.1.4 a)

  • personal data that you add to your profile (e.g., user name or nickname, profile picture, and password);

  • personal data included in the content that you post, upload, contribute to, or otherwise make available on or via the Services, such as your timeline, likes, look books, wish lists, or contact lists;

  • if you are connected to the Services via a social network account, information related to your interactions with the Services on such social network;

  • information about the frequency of your visits, your movements, and your location within the shopping center, provided that We have obtained your prior consent. Please refer to Section 4.2.2 a) below for further information on use:

  • Technical data

4.1.5    Website

As a general rule, you may use Our website without entering any personal data. To the extent that We collect your personal data via Our website, the purposes outlined below are served:

  • technical website provision and monitoring of operability,

  • contacting Us via the contact form (cf. (i) below),

  • circulation of newsletters, and

  • registration for Our Loyalty Card Program (cf. above).


 

  1. Newsletter / contact form:

    If you register for Our newsletters via Our website or contact Us via the contact form, We will collect your address and contact data, such as e-mail address and telephone number, which enable Us to send you the requested newsletter and/or reply to your enquiry.

     

  2. Personal Shopping

    If you register for an appointment with our personal shopping service via Our website, We will collect your e-mail address, first and last name, and your membership card number. This data will be forwarded to the personal shopping service for coordination of an appointment with you.

     

  3. Log files:

    Each time you access Our website, your browser will automatically send some information to the website server so as to enable communication between your browser and the server. This information is stored in a so-called log file. The information stored includes

     

    the type and version of your browser,

    your operating system,

    the website via which you accessed the current site,

    your computer’s host name (IP address), and

    the time of access.

     

    Subject to legal archiving requirements, We will delete or anonymize your IP address after you leave Our website, unless this is defined otherwise in the Privacy Policy and to the legally admissible extent.

     

    For the rest, We use the information your browser transfers to Our server in an anonymized format, which does not allow identification of who you are, for analyzing purposes, and to improve Our website Services. It allows Us to detect potential errors and identify on what days and at what times Our websites are most frequently accessed.

     

  4. Registration information you allow social networks to transmit to Us

    If you create a Loyalty Card Program account via your social network account (i.e., Facebook, Google+, or Twitter), upon your prior consent, the relevant social network will submit your personal data to Us (including first name, last name, user name, profile picture, e-mail address, gender, date of birth, education, school, job title), your address (country, city, street address, post code, phone number), your “likes” (e.g., websites, favorite movies, favorite music, favorite TV shows), posts, friend lists, and any other information you qualify as publicly available.

     

  5. If you use Our Internet services as a registered user, We will collect and process additional information relating to your user profile;

  • the frequency and duration of your visits to Our websites;

  • information relating to your visitor behavior (especially tracking);

  • personal data included in the content that you post, upload, contribute to, or otherwise make available on or via Our Services, such as your timeline, likes, look books, wish lists, or contact lists; and

  • if you are connected to Our Services via a social network account, information related to your interactions with the Services on such social network.

4.2 HOW WE USE YOUR PERSONAL DATA

 

4.2.1    General use

We use your personal data to

  • manage and provide the Services to you;

     

  • manage your registration;

     

  • analyze your use of the Services and, subject to your prior consent, combine the personal data collected from the use of different Services (the loyalty card, Our App, Our websites, Our social media accounts, and Our promotional activities) to improve Our understanding of your expectations and needs and to develop new features and services;

     

  • provide customized information and promotional material to you. We do not want to bother you with information or advertising that is not not relevant to you. Therefore, We analyze your user profile, i.e., information on prior use of Our Services, preferences and requirements which we identify via your use of Our Services, in order to send you only such information and advertising that We think is of interest to you. We only use your personal data to (i) send you information and offers in connection with the Loyalty Card Program and/or advertising, depending on whether you have activated this option (ii);

     

  • measure, test, and monitor the metrics and the effectiveness of Our Services;

     

  • To use Our Services via an App, you have to download the shopping center App to your mobile device. Once you have downloaded the shopping center App, you can decide whether you want to use the Additional Services (cf. Specific Use, Section 4.2.2), such as “Smart Park”, and whether you want to join the Loyalty Card Program. Those services will not be automatically activated; and

     

  • ensure the technical operability of the Services and protect your personal data against any theft, loss, damage, or unauthorized access.

If you cancel the registration process, your personal data will not be stored. We will delete your personal data immediately, without any further processing. We may keep a minimal amount of data, if necessary to substantiate that your data has been deleted and when.

As described in Sec. 4.1.4 above, We use your personal data to analyze your customer behavior, i.e., prior use; however, such analysis of your customer behavior does not have any legal impact on or otherwise significantly affect you. Information about how you use the Services is used solely to customize Our promotional materials for you, so We can offer you Services and products that match your preferences and needs. The sole purpose of profiling is to provide you with tailored benefits and options. The profiled data is not used in any other manner and is not shared with any third parties not explicitly named in this Privacy Policy, unless We use the following service providers to perform Our Services. We assure you that the analysis of your customer behavior will not have any negative impact on you.

4.2.2 Specific use

a) Geo-tracking

  1. General principle

    Subject to your express prior consent, information related to your location within Our shopping center may be collected and processed by Us while you are logged in to Our mobile applications in order to measure the frequency of your visits as well as your movements within Our shopping center and/or to provide the location-based Services.

    Geo-tracking only takes place if you activate the Additional Services/specific use option in the settings of your shopping center App. You can deactivate the use of the Additional Services in the settings at any time via the shopping center App.

     

  2. How We use your geo-tracking information

    In order to be tracked within the shopping center, you will be required to activate the Bluetooth feature on your mobile device. If you only want to view the map and your contacts’ locations via the geo-tracking service, activation of the Bluetooth feature will not be required. Please note that We will not track you outside Our shopping center and you will not be able to share your location via the geo-tracking service outside Our shopping center. Geo-tracking is carried out via Bluetooth beacons, which are only installed in the shopping center common areas.  

    The maximum period for which your geo-tracking data is stored is 12 months.

    We may also share your geo-tracking information with the recipients named below (Section 5.1: “How We share and disclose your personal data”).

      

  3. How to manage your geo-tracking preferences via your mobile device. When you first log in via your mobile device, We will ask for your permission to activate the geo-tracking function.

If you agree to the activation of geo-tracking on your mobile device, this function will be effective immediately and will be enabled for any future connections to Our Apps as well as for any future visits to Our shopping center. You may disable geo-tracking on your mobile device via your mobile settings at any time.

 

b) Additional Services

We have developed the “Smart Park” and “In & Out” Services to improve your experience when visiting Our shopping centers.

 

When you log in to your user account to use the “Smart Park” Service, We will process your personal data in order to activate geo-tracking of your car within the parking areas of Our shopping centers, as described in Section 4.2.2 a); this data will not be processed for any other purpose. If you do not log in to your user account, no personal data will be processed. If you log in to your user account, We will process your personal data as authorized.

 

If you wish to benefit from the “In & Out” Service, We will process the personal data you provided when creating your user account. In particular, the license plate recognition feature and data processing enable the parking system to automatically open the gate / the barrier when you enter or leave Our shopping center parking garage.

 

In addition, We may process the personal data provided as a result of your use of the “Smart Park” and “In & Out” Services to inform you about any new services that We develop that may be of interest to you.

 

Your personal data will not be shared with or made available to third parties or used for any other purposes than the aforementioned Services.

 

4.3 Data processing within and outside the EEA

We use third-party service providers to provide the Services to you and to process your personal data on Our behalf. Such third-party service providers are always subject to security and confidentiality obligations consistent with this Privacy Policy and applicable law. Please note that some third-party service providers are located outside the EEA (European Economic Area) and, thus, access and process your personal data from such locations. In the case of such transfer outside the EEA, We utilize the model clauses adopted by the European Commission (standard contractual clauses for the transfer of personal data from the EU to third-party countries) to ensure that your personal data is subjected to an adequate level of protection when accessed and processed from such locations, or We/the third-party service providers use other acknowledged means to process personal data outside the EEA, such as Binding Corporate Rules or the EU/US Privacy Shield. Information on the model clauses can be found here. Information on the EU/US Privacy Shield can be found here. The list of the third-party service providers that We currently engage for data processing can be found here. The list is regularly updated and includes company names, company addresses, and specific processing by the service providers, if they have access to your personal data.

We have entered into specific data processing agreements with each service provider listed above and have reviewed their general technical and organizational measures. The service providers are only authorized to process data under the regulations of this Privacy Policy, only on Our behalf, and according to Our instructions. No additional processing, use, or sub-data processing is allowed without Our knowledge with regard to data transferred outside the EEA.

 

We use the service providers on the attached list for various purposes as described below:

  1. Registration:
    If you register for Our Loyalty Card Program in writing at Our customer desk, a hostess service (“Customer Information”) will be available to help you enter your personal data.


    We use a service provider, who will send you a registration e-mail, for account management during the registration process (“Registration Account Manager”). At a minimum, you must provide your first name, last name, date of birth, and e-mail address. The Registration Account Manager will provide you with an initial password and will manage your password settings.

     

  2. Customer Relationship Management (CRM)

    We use a service provider for CRM Management (“CRM Manager”). The CRM Manager has full access to the personal data you enter into the Loyalty Card Program or App. The CRM Manager combines other data you provide to Us (e.g., for Wi-Fi registration) in your data set.

     

  3. Analysis of customer behavior:

    We use a service provider for the analysis of your customer behavior (“Analysis Manager”). The Analysis Manager analyzes your user behavior based on your settings, your personal data, and your geo-tracking information.

     

  4. E-mailing:
    We use service providers for customized e-mailing (“E-mail Manager”). If you register for the use of Our Services, the Group Data Controller will send you a welcome e-mail on behalf of the Local Data Controller.

     

  5. Based on the analysis of your customer behavior by the Analysis Manager, you will receive personalized e-mails and push messages from the E-mail Manager on behalf of the Local Data Controller. Accordingly, the E-mail Manager will have access to your e-mail-address, first name, and last name.

  6. Data storage:
    We use an external provider for data storage (“Data Storage Manager”). The Data Storage Manager is not contractually allowed to use your personal data in any manner. We use this service to store Our CRM database on an external server.

4.4 Note on RFID CHIPS (Radio Frequency Identification)

In order to allow you to use Our Loyalty Card Program, including some of Our Services, We use an RFID chip that is physically integrated into your loyalty card.  Loyalty Card customers can register with the participating shopping centers via their RFID chips and can use the Services offered.

 

RFID technology is based on chips that transmit information via radio. Transmission is not externally identifiable. The chip is integrated into the loyalty card. A reading device emits radio signals via a pre-set frequency, which is picked up by the RFID chip. The data stored on the chip is then transferred to the reading device.

 

The RFID chip contains a Unique Identification Number (UID) that differs from the membership number. UIDs are exclusively processed by the Regional Data Controller. The data stored on the RFID chip does not serve to identify the card holder. If members wish to use Our Services, the UID on stored on the RFID chip will be transferred to Us. The Services used are then compared to Our data base and transferred to the RFID reader via the UID. No other personal data is transferred. The RFID chip is only used for the aforementioned purpose.

 

We must be immediately notified in cases of loss or destruction of  membership cards or chips. Upon such notification, We will immediately block the membership number stored on the RFID chip for utilization of the Loyalty Card Program and issue a new membership card with a new UID.

 

4.5 Information on bar codes

In order for you to benefit from Our Loyalty Card Program, the membership card has been equipped with a bar code. Participating stores will scan the bar code for identification if it is used, for instance, to benefit from discounts. The lessees at the respective shopping centers see the confirmation on their displays that the loyalty card is active and that certain benefits can be granted. No personal data is transferred to the lessees.

 

We are notified of the use of the loyalty card via the bar code scanner. Combined with the scanner location, We can identify where the loyalty card has been used. We do not receive any additional information, e.g., what products have been bought, what prices have been paid or what discounts have been granted.

 

4.6 Data Security

Protecting your privacy and your personal data is Our priority. If, as a registered user, you receive a password, you should keep it confidential, limit access to your computer or mobile device, and sign off after using the Services. Learn more about your responsibilities in Our Terms of Use.

 

We take appropriate security measures, especially technical and organizational measures, to protect your personal data against any accidental loss, destruction, misuse, damage, or unauthorized or unlawful access. However, please be aware that no information transmission via the Internet or storage technology can be guaranteed to be 100% secure.

 

The controllers have entered into a data processing agreement ensuring, in particular, appropriate security measures. mfi Immobilien Marketing GmbH  is the controller responsible for compliance with your requirements towards whom you can exercise all your rights you have with respect to Us processing your personal data.

 

5. Additional information concerning the use of Our websites

 

5.1 Links to other websites

We may provide hypertext links from Our website to third-party websites or Internet sources. Our privacy policies do not normally extend to third-party websites. Prior to using a website that you have accessed via a link, please read the respective telemedia services provider’s privacy policy. Furthermore, We do not control such third-party websites or Internet sources and cannot be held liable for third-party privacy policies or web content. Please read the respective third-party privacy policies carefully to find out how your personal data is collected and processed.

 

5.2 Cookies

Our Website / App uses so-called cookies. Please refer to Our Terms of Use for further information on Our use of cookies.

 

5.3 Plugins

 

5.3.1 Instagram

Our website uses so-called Social Plugins (“Plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (”Instagram“). The Plugins show the Instagram logo or the “Instagram camera”. Below, you can find an overview of Instagram Plugins and what they look like: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

 

If you open a page of Our website that contains such Plugin, your browser will establish a direct connection to the Instagram servers. Instagram will transfer the Plugin content directly to your browser and integrate it into the page. Via this integration, Instagram will be informed that your browser has opened the respective page of Our website, even if you do not have your own Instagram profile or are not logged in to Instagram. Your browser will submit this information (including your IP address) to the Instagram server in the USA, where it will be stored.

 

If you are logged in to Instagram, Instagram can immediately link your visit to Our website to your Instagram account. If you interact with the Plugins, for example, if you click on the “Instagram” button, this information will also be transferred to and stored by the Instagram servers. The information will also be posted on your Instagram account and shown to your contacts.

Please refer to the Instagram privacy policy for details on the purpose and scope of data collection as well as the processing and use of data by Instagram and your rights as well as the settings you can make to protect your privacy: https://help.instagram.com/155833707900388/.

 

If you do not want Facebook to link the data collected via Our website to your Facebook account, please sign out of Facebook prior to visiting Our website. You can block the loading of Facebook Plugins by means of browser AddOns, e.g., by using the “Facebook Blocker” (https://disconnect.me).

 

5.3.2 Facebook

Our website uses so-called Social Plugins (“Plugins”) from the social network, Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook“). The Plugins show the Facebook logo or the addition “Facebook Social Plugin”. Below, you can find an overview of Facebook Plugins and what they look like: https://developers.facebook.com/docs/plugins.

 

If you open a page on Our website that contains such Plugin, your browser will establish a direct connection to the Facebook servers. Facebook will transfer the Plugin content directly to your browser and integrate it into the page. Via this integration, Facebook will be informed that your browser has opened the respective page of Our website, even if you do not have your own Facebook profile or are not logged in to Facebook. Your browser will submit this information (including your IP address) to the Facebook server in the USA, where it will be stored.

 

If you are logged in to Facebook, Facebook can immediately link your visit to Our website to your Facebook profile. If you interact with the Plugins, for example, if you click on the “I like” button or add a comment, this information will also be transferred to and stored by the Facebook servers. The information will also be posted on your Facebook profile and shown to your Facebook friends.

 

Please refer to the Facebook privacy policy for details on the purpose and scope of data collection as well as the processing and use of data by Facebook and your rights as well as the settings you can make to protect your privacy: http://www.facebook.com/policy.php.

 

If you do not want Facebook to link the data collected via Our website to your Facebook account, please sign out of Facebook prior to visiting Our website. You can block the loading of Facebook Plugins by means of browser AddOns, e.g., by using the “Facebook Blocker” (https://disconnect.me).

 

5.3.3 Google+

 

Our website uses so-called Social Plugins (“Plugins”) from the social network, Google+, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountainview, CA 94043, USA (”Google+“). The Plugins show the Google+ logo or the addition “Google+ Social Plugin”. Below, you can find an overview of Google+ Plugins and what they look like: https://google.com/policies/privacy/partners/?hdl=de.

 

If you open a page on Our website that contains such Plugin, your browser will establish a direct connection to the Google+ servers. Google+ will transfer the Plugin content directly to your browser and integrate it into the page. Via this integration, Google+ will be informed that your browser has opened the respective page of Our website, even if you do not have your own Google+ profile or are not logged in to Google+. Your browser will submit this information (including your IP address) to the Google+ server in the USA, where it will be stored.

 

If you are logged in to Google+, Google+ can immediately link your visit to Our website to your Google+ profile. If you interact with the Plugins, for example, if you add a comment, this information will also be transferred to and stored by the Google+ servers. The information will also be posted on your Google+ profile and shown to your Google+ friends.

 

Please refer to the Google+ privacy policy for details on the purpose and scope of data collection as well as the processing and use of data by Google+ and your rights as well as the settings you can make to protect your privacy: https://google.com/policies/privacy/partners/?hdl=de.

 

If you do not want Google+ to link the data collected via Our website to your Google+ account, please sign out of Google+ prior to visiting Our website.

 

5.3.4 YouTube use of YouTube Plugins

 

We integrate videos etc. via YouTube. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

We use YouTube plugins on some of Our websites. If you open pages on Our websites that use such plugins - such as Our media library - a connection to YouTube servers will be established and the plugin will be displayed. The YouTube server receives the information which of Our websites you have visited. If, while visiting Our website, you are logged in to your YouTube account, YouTube will allocate the information to your user account. When activating the plugin, e.g., by clicking on the start button of a video, this information will also be allocated to your user account. You can prevent such allocation by signing out of your Youtube user account as well as any other user accounts you may have with YouTube LLC and Google Inc. and deleting the corresponding cookies prior to using Our website. Please refer to Cookies. for more information on data processing and data protection by YouTube (Google).

 

5.4 Analytics programs

 

5.4.1 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies that will be stored on your computer and enable an analysis of your use of Our website. The information on your use of this website generated by the cookie (including your IP address) will be submitted to a Google server in the USA, where it will be stored. If IP anonymization has been activated, Google will abbreviate / anonymize the last eight-bit-sequence of your IP address in all EU member states as well as in member states of the European Economic and Monetary Union prior to submission. The full IP address will only be submitted to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities for the website operator, and to provide other services in connection with the use of the website and the Internet on behalf of the website operator.

You can prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being collected by Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available via the link below: http://tools.google.com/dlpage/gaoptout?hl=de.

 

5.4.2 Google Tag Manager

This website also uses Google Tag Manager. It is a service that manages website tags via a surface. Tags are small code elements that serve, among others, to measure traffic and user behavior. Google Tag Manager merely implements tags. It does not use cookies and, therefore, does not collect personal data. Google Tag Manager triggers other tags that might collect data. However, Google Tag Manager does not access such data. If the function was deactivated at domain or cookie level, it will remain active for all tracking tags that were implemented via Google Tag Manager. If the function was deactivated at domain or cookie level, it will remain active for all tracking tags that were implemented via Google Tag Manager. http://www.google.de/tagmanager/use-policy.html.

 

5.4.5 Facebook Remarketing / Retargeting

Our website uses so-called remarketing tags from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Upon your visit to Our websites, the remarketing tags create a connection between your browser and the facebook server, informing Facebook that your IP address has visited Our website. Facebook is, thus, enabled to allocated the visit to Our websites to your user account. We can use the information thus obtained for advertisements with Facebook Ads. Please note that, as the website operator, We are not informed of the content of the data transferred or their use by Facebook. Please refer to the Facebook privacy policy (https://www.facebook.com/about/privacy/) for further information.

 

5.4.6 Facebook Conversion Tracking

Subject to your consent, We use “Conversion Tracking” by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our websites. It lets Us track user activities after they have viewed or clicked on Facebook advertisements, allowing for measuring the effectiveness of Facebook advertisements for statistical and market research purposes. The data thus collected are anonymized, i.e., We do not see the personal data pertaining to individual users. However, Facebook stores and processes the data, of which We will keep you posted according to Our own information. Facebook can link this data to your Facebook account and use it for its own advertising, in line with Facebook's data processing policy: https://www.facebook.com/about/privacy/. Facebook and its partners can, thus, activate advertisements both on and outside or Facebook. Cookies may be stored on your computer for this purpose.

 

5.5 Google Maps

This website uses Google Maps to show maps and indicate routes. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing, and use of automatically collected data and data you have entered by Google, its representatives, or third-party service providers. Please refer to the Google Maps Terms of Use.

 

Please refer to the google.de data protection center for more information: Transparency and options as well as data protection provisions

 

6. Transfer and sharing of personal data (recipients of personal data)

6.1 HOW WE SHARE AND DISCLOSE YOUR PERSONAL DATA

 

We share the personal data We collect through the Services as follows:

 

6.1.1 Sharing with third parties

We may share your personal data with the following third parties:

  • any companies that are affiliated with Us within the meaning of Art. 15 et seq. AktG (German Stock Corporation Act) in order to develop and test new services and features;

  • in an anonymized format, ensuring you cannot be identified, with partner brands located in the shopping center in order to allow them to send you advertisements that they believe may be of interest to you;

  • in an anonymized format, ensuring you cannot be identified, with Our advertising and marketing partners;

  • Our service providers, as described in Section 4.3 above;

  • pursuant to legal or statutory provisions and court decisions; and

  • any transferee, when personal data is submitted as part of the sale or other transfer of all or part of Our assets to another company.

 

6.1.2 Sharing with parties of your choice

  • Sharing with other users of the Services
    Any information or content that you voluntarily disclose via Our mobile application or website Services becomes available to users of the Services that have been previously authorized.
    Such Services enable you to share all or part of your content and personal data, on an individual basis, to the users of your contact list by changing your share settings within the Services.

  • Sharing with social networks. If you access the Services via your social network account (such as Facebook, Google+, or Twitter) or click on one of the social network plug-in buttons or links (e.g., Facebook “Like” button or Google “+” button) available through the Services, your content and personal data will be shared with the relevant social networks. You understand that such information may be published on your social network under your account.
  •  

  • You understand and agree that the use of your personal data, including information shared with social networks via the Services, by the social networks is governed by their respective privacy policies. If you do not want social networks to collect information about you, please review the privacy policy of the relevant social network and/or log out of the relevant social network before using Our Services.

6.2 Transfer in the event of change of control

If the Unibail-Rodamco Group, including the Regional Data Controller and the Group Data Controller, becomes the subject of the merger, takeover, dissolution, or sale of a shopping center of which you are a registered loyalty card holder, We reserve the right to transfer your personal data. You will be informed if your data is transferred to a different unit due to the merger, takeover, dissolution, or sale of a shopping center.

 

7. Duration of data storage

We process your personal data based on the consent you grant to Us for these purposes for the period during which you make use of Our Service

Please note: We will automatically delete or block your personal data  from further use if you have not used Our Services under the Loyalty Card Program for more than 5 years (last contact with you or last use of Services by you).

8. Your rights as a data subject

If you exercise any of your rights pursuant to this Section or pursuant to applicable laws, We will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with your request to each recipient to whom the personal data have been disclosed pursuant to Section 5 of this Privacy Policy, unless such communication proves impossible or involves disproportionate effort.

If you wish to exercise these rights and/or obtain all relevant information, please contact the Regional Data Controller. You will be asked to provide some of the identification information that you submitted upon your registration; this is necessary to verify that the request has been sent by you. We will respond within one month after receipt of your request, but We reserve the right to extend this period by two months. We will, in any event, inform you within one month after receipt of your request if We decide to extend the response period.

    8.1 What you may request

    In accordance with applicable law and as detailed below, you have the right to request access to, correction, deletion, or portability (e.g., transfer of your personal data to another service provider) of your personal data, as well as to request restriction of such processing.

     

    8.2 Correction of your personal data

    Under applicable law, you have the right to correct the personal data you have shared with Us. Via your settings in the Services, you can update your account information, change your profile settings, subscribe to/unsubscribe from communication you receive from Us, and set your Services sharing preferences, including location-based functionalities.

     

    Please note that if you wish to limit or change access to or sharing of your personal data with a social network, you must change your account settings on that social network. If you registered for Our Services in written format, please contact the Data Controllers detailed in Section 2 above in writing or via e-mail to correct your personal data.

     

    8.3 Accuracy of your personal data

    We will take adequate steps to ensure that you are able to keep your personal data up to date. You may contact Us at any time and request confirmation regarding whether or not We still process your personal data.

     

    If you find that your personal data processed by Us is inaccurate or incomplete and you are unable to update your personal data according to Section 8.2 of this Privacy Policy, you may ask Us to update your personal data. We will verify your identity and update your personal data.

     

    8.4 Deletion of your personal data

    You may ask Us to delete your personal data at any time. If you approach Us with such a request, We will delete all your personal data without undue delay, provided that your personal data is no longer necessary for provision of the Services. We will also delete (and ensure deletion by the processors that We engage) all your personal data in case you withdraw your consent or in the circumstances that the law requires Us to do so.

     

    8.5 Restriction of processing

    If you ask Us to restrict the processing of your personal data, e.g., when you contest the accuracy, lawfulness, or Our need to process your personal data, We will limit processing of your personal data to the necessary minimum (storage) and, if applicable, will only process it for the establishment, exercise or defense of legal claims or, where necessary, for the protection of the rights of another natural or legal person, or other limited reasons dictated by applicable law. Once the restriction is lifted and We continue processing your personal data, you will be informed accordingly without undue delay.

     

    8.6 Objection against direct marketing

    Should you no longer wish to receive Commercial Information and offers in connection with the Loyalty Card Program, you may ask Us to refrain from using your personal data for these purposes. We will comply with your request without undue delay. In such case, you will no longer be able to benefit from some of Our Services or specific features for which this category of processing is essential (i.e., the receipt of [personalized] marketing and promotional materials).

     

    If you merely tick the box to withdraw your consent to receiving Commercial Information, you will no longer receive third-party Commercial Information that is not directly related to information on Our Loyalty Card Program. Please be aware that, in such event, you will only receive Commercial Information concerning shopping center events and offers, which forms an essential part of the Loyalty Card Program

     

    8.7 Objection against the receipt of information and offers related to the Loyalty Card Program

    Should you no longer wish to receive information on the Loyalty Card Program, you may ask Us to refrain from using your personal data for these purposes. We will comply with your request without undue delay. In such case, you will no longer be able to benefit from some of Our Services or specific features for which this category of processing is essential.

     

    8.8 Portability of your personal data

    You have the right to receive the personal data that you provide to Us. Upon receipt of your request, We will submit your personal data in a commonly used and machine-readable format without undue delay. Upon request, We will send your personal data to any third party (data controller) that you identify in your request, unless such request would adversely affect the rights or freedoms of others, and where technically feasible.

    8.9 Withdrawal of your consent

    Should you no longer wish to receive any communication, please refer to Section 8.6 and/or 8.7. Should you no longer wish to benefit from the Loyalty Card Program and/or the App, you may withdraw you consent at any time and without indication of your reasons. Please contact the Data Controllers or the shopping center customer information via e-mail. We will block your personal data from any further processing. Please note that withdrawing your consent will not affect the lawfulness of any processing done on the basis of your prior consent.

     

    Please be aware that it will not be possible to use the Loyalty Card Program Services or part of the Services if you withdraw your consent.

     

    You can deactivate the Additional Services, such as “Smart Park” and “In & Out”, in the App settings. You need not withdraw your consent in this case.

    If you withdraw your consent or deactivate your settings in the App, the Services not affected thereby can still be used.

     

    8.10 Complaint to a data protection authority

    You have the right to submit a complaint concerning Our data processing activities. Please address your complaint to:

    • in case of complaints about the Regional Data Controller:

    Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

    Kavalleriestraße 2-4, 40213 Düsseldorf, Germany

    Phone: 0049 (0) 211 38 424 0

    Fax: 0049 (0) 211 38 421 10

    E-mail: poststelle@ldi.nrw.de

    Website: www.ldi.nrw.de

     

    • in case of complaints about the Group Data Controller:

      Commission Nationale de l’Informatique  et des Libertés,

      3 Place de Fontenoy

      75007 Paris.

    9. Provision of your personal data

     

    You provide your personal data to Us on a voluntary basis, which you consented to during registration and as part of a contractual requirement to use the Services. If you do not provide Us with your personal data, you may not have access to and/or use all of the features of the Services (such as personalized discounts, options, and preferences). By providing your personal data to Us, you can benefit from all the Services features and personalized offers We may send you from time to time; you can also help Us improve Our Services and analysis of your data, as described in this Privacy Policy.

     

    10. Automated decision-making / profiling

    Currently, there is no automated decision-making process or profiling that would legally or otherwise affect you. However, We will provide you with specific offers based on your individual personal data and analysis of your user behavior.

     

    11. Updated of Privacy Policy

    We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon the posting of the revised Privacy Policy via the Services. If We make changes We consider significant and that require your consent under applicable law, We will inform you via the Services and ask for your consent, where applicable.