Privacy Notice for Customers

 

The following privacy notice is intended to inform you about how we use your personal data. In doing so, we comply with the provisions of German data protection law and the requirements of the European General Data Protection Regulation (GDPR).

 

Contact details 

If you have any general questions regarding data protection at Imtron or if you wish to exercise your rights under the GDPR, simply send us a message. You can use the following contact details:

By post:
Imtron GmbH

- Data Protection Department –
Media-Saturn-Straße 1
85053 Ingolstadt

Email: datenschutz@imtron.eu

 

 

Contact the Data Protection Officer 

You also have the right to contact our external Data Protection Officer directly with any questions regarding data protection. You can reach them as follows: 

By post:
Dr Christian Borchers

c/o datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg

Email: MMS-DSB@datenschutz-sued.de

 

Purposes of processing and legal basis for the processing of your personal data

We process your personal data for the following purposes:
 

1. Customer service

If you contact us by telephone, email or post, e.g. to enquire about our products, regarding a spare part or repair, or in connection with a product recall, we process your personal data in order to handle your enquiry and respond to your request.

In doing so, we process the following categories of personal data:

  • Identity data,
  • Contact data,
  • Contract and billing data,
  • other communication content necessary to clarify the matter or carry out the order.


Your data is processed so that we can manage you as a customer in our systems and fulfil our contractual obligations towards you. In addition, we store your data for the purpose of asserting, exercising or defending legal claims.

The legal basis is Article 6(1)(b) and (f) of the GDPR.

Provided you have given your prior consent, we record individual telephone calls for the purposes of quality assurance and for training customer service representatives. Consent is given via the voice dialogue system and is documented along with the relevant communication connection data. We process your data for training and quality assurance purposes to improve our services.

In addition, provided you agree, you will be asked immediately after the telephone call about your satisfaction with customer service. This evaluation serves quality assurance purposes and is stored by us in anonymised form.

The legal basis is Article 6(1)(a) of the GDPR. You have the right to withdraw your consent at any time with effect for the future (see the section ‘Your rights’).

As part of our customer service, we may use artificial intelligence (“AI”) to help us record, process and/or respond to customer enquiries more quickly and efficiently. The data will not be used for any purpose other than processing your enquiry, neither by us nor by service providers engaged by us who are contractually bound by strict instructions within the framework of data processing. Furthermore, no automated decision-making or profiling takes place.

When using (AI) call bots on our helpline, what you say is recorded briefly in order to transcribe it immediately into text form. Based on the text input received, the bot generates the relevant response in text form, which is then converted so that it can be reproduced as speech.

The processing of your data in the context of customer service is carried out to fulfil contractual obligations or to implement pre-contractual measures. Processing is also regularly carried out on the basis of our legitimate interest in the efficient handling of customer enquiries and to provide evidence of correspondence.

The legal basis is Article 6(1)(b) or (f) of the GDPR.
 

2. Imtron Chatbot (Interactive Instruction Manual)

We provide support on our website in the form of a chatbot (Imtron Interactive Instruction Manual). Visitors to the website can access the chatbot via a QR code included with the products in printed form, or by manually entering the URL into their web browser, and ask product-specific questions regarding general information or product support. The Imtron Chatbot can also be operated via your microphone using voice commands; in this case, the processing of your voice or the conversion of speech to text does not take place on our systems, but solely in your environment (i.e. on your operating system or in your browser).

The chatbot uses artificial intelligence (‘AI’) and generates responses as a text-based, automated dialogue system based on various data sources made available.

The entry of personal data is not required for the effective use of the Imtron chatbot and is not permitted under the Terms of Use. However, if personal data is nevertheless entered whilst using the Imtron chatbot (so-called ‘imposed personal data’), it will be processed to the extent described below.

Chat histories are stored for 30 days and analysed during this period. The stored chat histories are used to continuously improve and further develop the Imtron chatbot. This does not involve any training or machine learning of the Imtron chatbot. The evaluation is also carried out for the purpose of improving our products. The storage also serves to ensure sufficient transparency and to protect Imtron in the event of legal action.

When interacting with the Imtron chatbot, technical metadata and non-personal information, such as date and time, number of messages, number of positive and negative ratings, and a session ID (unique identifier for each request) are also collected.

The legal basis for the processing of the aforementioned personal data is Article 6(1)(f) of the GDPR. Processing is carried out on the basis of our legitimate interest in providing the Imtron chatbot and the associated services, in providing the best possible answers to the questions asked, and in logging, quality assurance and the further development of our products and processes.
 

3. Sponsorship

Where we provide prizes for competitions and other marketing campaigns run by group companies or external partners, we process your contact details to notify you of a win and to dispatch the prize in accordance with the relevant terms and conditions. The legal basis for the processing is Article 6(1)(b) of the GDPR. Where you have given your express consent, we are entitled to publish the winner’s name or social media account. The legal basis for the processing is Article 6(1)(a) of the GDPR.
 

4. Log files, cookies, web analytics services, identifiers and retargeting
When you visit our website, the internet connection data transmitted by your browser to our server is processed first. Each time our website is accessed, it collects a range of general data and information which is temporarily stored in a server’s log files. A log file is created as part of an automatic log by the processing computer system. The following may be recorded, amongst other things:

  • Access to the website (date, time and frequency)
  • How you arrived at the website (previous page, hyperlink, etc.)
  • Amount of data sent
  • Which browser and browser version you are using
  • The operating system you are using
  • Which internet service provider you use
  • Your IP address, which your internet service provider assigns to your computer when you connect to the internet.

The legal basis for this data processing is Article 6(1)(f) GDPR or (b) GDPR, as well as Section 25(2)(2) of the TDDDG (Telecommunications and Digital Services Data Protection Act), as the processing of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly. Furthermore, the data helps us to optimise our website and to ensure the security of our IT systems.

We use cookies, analytics tools and other technologies to improve functionality, perform analyses, personalise content and advertisements on our website and third-party sites (retargeting), and to provide a comprehensive shopping experience. To this end, we use solutions developed in-house or those provided by service providers. The legal basis is Article 6(1)(a), Article 7, and in part Article 49(1)(a) of the GDPR, as well as Section 25(1) of the TDDDG. 

 

 

You can change your settings at any time here in the privacy settings (option to enable, disable or withdraw consent). For more information on the individual services, click on ‘Change your consent’, then on ‘Show details’, then on the relevant category of cookies, and finally on the specific cookie.

 

Recipients of data

Your data may be disclosed to the recipients listed below (contracted service providers and cooperation partners) on a case-by-case basis. We require all recipients to ensure the security of your personal data and to process it in accordance with applicable law.

 

1. Affiliated companies

The companies within the MediaMarktSaturn Retail Group that are affiliated with us will receive your data where necessary to enable us to provide all services relating to our own brands.

In particular, for the purpose of settling claims, we transfer data to the store or online shop of the MediaMarkt and Saturn retail chains where you purchased our product, as well as to the Group’s Legal and Insurance departments for the purpose of handling complaints, product liability cases and product recalls.

The legal basis for this is Article 6(1)(b) or (c) of the GDPR.

 

2. Third parties and processors

In order to fulfil our contractual and legal obligations, we also use external service providers. Your data may be passed on to the following recipients, amongst others:

  • Cooperation partners, where necessary in connection with the handling of warranty/guarantee claims and repairs,
  • to Capita West GmbH, Nassauer Ring 39-41, 47803 Krefeld, in connection with call centre services,
  • service providers, e.g. for the dispatch of parcels and letters or for payment processing,
  • Data processors within the meaning of Article 28 of the GDPR, e.g. to ensure our IT operations,
  • in the event that you fail to settle outstanding debts despite a reminder, we may transfer the data necessary for debt collection to a debt collection service provider for the purpose of escrow collection. 

The legal basis is Article 6(1)(b) or (f) of the GDPR.

 

Data transfer to third countries

We place great importance on processing your data within the EU. However, in the context of the administration, development and operation of IT systems, as well as marketing and customer communication, we may use service providers who process data outside the EU (‘third countries’). In these countries, despite careful selection and the service providers’ commitment, the high European standard of data protection cannot necessarily be guaranteed. Where data is transferred to the USA, for example, there is a risk that this data may be processed by US authorities for control and surveillance purposes without effective legal remedies being available or all data subjects’ rights being enforceable.

Where we use service providers in third countries, we take additional measures in accordance with Article 44 et seq. of the GDPR to ensure an adequate level of data protection when transferring personal data, thereby ensuring that the transfer is generally permissible and that the specific conditions for a transfer to a third country are met (e.g. by entering into EU standard contractual clauses and providing additional safeguards, supplementary technical and organisational measures, such as encryption or anonymisation).

Where any data transfer is based on your consent, the provision of this declaration is voluntary. This then also includes your consent in accordance with Article 49(1)(a) of the GDPR to data processing outside the EEA, e.g. in the USA. You may withdraw this consent at any time as described in the section ‘Your rights’.

 

Duration of storage and routine deletion of personal data

We process and store your personal data only for the period necessary to fulfil the purpose of processing or where this is provided for by law or regulation. Once the purpose has ceased to apply or has been fulfilled, your personal data will be deleted or blocked. For example, recordings of telephone calls are automatically deleted after six months.

In the event of blocking, deletion takes place as soon as statutory or contractual retention periods do not preclude this.

 

Your rights

Naturally, you have rights regarding the collection of your data, which we are happy to explain to you here. In accordance with legal requirements, you have the right

  • to receive information from us regarding the personal data concerning you (Art. 15 GDPR)
  • to rectification (Art. 16 GDPR)
  • to erasure (Art. 17 GDPR)
  • to restriction of processing (Art. 18 GDPR)
  • to data portability (Art. 20 GDPR)
  • to object to processing (Art. 21 GDPR) Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing at any time pursuant to Art. 21 GDPR.
  • to withdraw consent (Art. 7(3) GDPR) Where your personal data is processed on the basis of consent, the lawfulness of the processing carried out prior to withdrawal remains unaffected by the withdrawal.

     

If you wish to exercise your rights*, simply send a message to our Data Protection Officer:

By post:

Imtron GmbH

- Data Protection Department -
Media-Saturn-Straße 1

85053 Ingolstadt

Germany

By email:

datenschutz@imtron.eu

 

*For your own protection, when you exercise your rights (e.g. requests for information or requests for erasure), we are obliged to obtain further information, where necessary, to verify your identity, in order, for example, to ensure that personal data is not disclosed to unauthorised persons or that such data is not erased. If identification is not possible, we must refuse to process such requests if there are doubts regarding your identity.

  • Complaints to a supervisory authority

If the processing of your personal data infringes data protection law or if your data protection rights have otherwise been infringed, you may lodge a complaint with the supervisory authority.

 

Links to other companies’ websites

Our website contains links to other companies’ websites. We are not responsible for the data protection measures on external websites that you can access via these links. Please check the privacy policies of these external websites for further information.

 

Changes to the privacy policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy needs to be adapted due to new or revised offers or services.

 

Date: July 2025