Skip to main content
DE | EN
Business Divisions
Responsibility
News
Career
Contact
Legal
Privacy Policy
Privacy Policy for Visitors
Reporting Platform
Accessibility
Business Divisions
Responsibility
News
Career
Contact
Legal
Privacy Policy
Privacy Policy for Visitors
Reporting Platform
Accessibility

Privacy Policy for Visitors
Effective as of: May 1st, 2026

Overview

We, Oetker Collection KG, Gehrenberg 2, 33602 Bielefeld, Germany, respect your privacy and personal data.

The following information provides a simple overview of what happens to your personal data when you enter our premises and/or take part in our events.

1. Data controller

The controller responsible for the processing of personal data in accordance with Section 3 of this privacy policy is

Oetker Collection KG
Gehrenberg 2
33602 Bielefeld
Germany,

represented by
Dr. Alfred Oetker and
Mr. Ferdinand Oetker,
registered at Bielefeld Local Court, HRA 16997.
E-Mail: contact@oetker-collection.com.

2. Data Protection Officer

You can contact our Data Protection Officer by writing to Oetker Collection KG,

“Data Protection Officer”
Gehrenberg 2
33602 Bielefeld,

with the subject line “Data Protection”,
or via E-Mail: Data-Protection@oetker-collection.com.

3. Purposes of data processing and legal basis

3.1 We process the personal data you provide to us on our website or in any other way (e.g. your name, address, telephone number or E-Mail) for the purpose of executing and fulfilling contracts, enquiries and other services you request from us.

The legal basis for the processing of your personal data is Article 6 para. 1 (b) Regulation (EU) 2016/679 (General Data Protection Regulation, or ‘GDPR’). This also applies to processing data necessary for the implementation of pre-contractual measures.

In the case of general enquiries that do not aim to establish a contractual relationship, the legal basis for the processing of your personal data is Article 6 para. 1 (f) GDPR, as we have legitimate interests in processing the data and your interests or fundamental rights and freedoms do not override them.

Your general personal data, processed exclusively for this purpose, will be deleted no later than 4 years after the contract has been fully executed.

3.2 We process your personal data (name, address, telephone number, email address, vehicle registration number) to manage your visit, for insurance purposes, to safeguard our right of access and our legitimate interests in necessary security requirements.

The legal basis for data processing is Article 6 para. 1 (f) GDPR, as we have legitimate interests in processing the data and your interests or fundamental rights and freedoms do not override them.

Insofar as we are not permitted to retain your personal data under another legal relationship , we will delete it no later than 3 years after your visit to our premises.

3.3 In certain circumstances, we may ask you to take part in a safety training session or briefing before or upon entering our premises. In doing so, we may process your E-Mail address, your name and your contact details.

In the case of legally required compulsory training, the legal basis for the processing of your personal data is Article 6 para. 1 (c) GDPR. In the case of voluntary training/instruction, the legal basis for processing is Article 6 para. 1 (f) GDPR, as we have legitimate interests in processing the data and your interests or fundamental rights and freedoms do not override them..

Unless we are permitted to retain your personal data under another legal basis, we will delete it no later than 3 years after the training/instruction has been carried out.

3.4 When you enter our premises, your personal data may also be processed in the form of video recordings for the prevention and prosecution of criminal offences. In particular, this processing enables us to enforce our right of access and protect our property and employees.

The legal basis for the processing is Article 6 para. 1 (f) GDPR, as we have legitimate interests in processing the data and your interests or fundamental rights and freedoms do not override them.

If no incident occurs, your personal data processed in this context will be deleted 7 days after the data was first stored. Data will only be retained beyond this period in justified individual cases.

3.5 In the context of events held on our premises, your personal data may be processed in the form of photographs or video recordings. The recordings are produced and used for the purposes of documenting the event or for public relations work. 

The legal basis for the processing is Article 6(1)(f) of the GDPR. It serves our legitimate interest in documenting the event or for public relations purposes.

In the case of individual photographs, we will seek your consent in advance. In this case, the legal basis for data processing is your consent pursuant to Article 6 para. 1 (a) GDPR.

You may object at any time, with effect for the future, to the taking or use of video/photo recordings by the controller named in section 2.

The recordings will be deleted as soon as we no longer have the right to retain them. However, we would like to point out that photos/videos already published by us cannot always be withdrawn, or cannot be reliably withdrawn.

3.6 As part of the provision of our visitor Wi-Fi service, we process users’ personal data in order to enable access to the internet and to ensure the security of our IT systems. When using the visitor Wi-Fi service, the following data in particular may be processed:

  • Device and connection data (e.g. MAC address, IP address, device name)
  • Time and duration of use
  • Amount of data transferred
  • Log data (log files).

The data is processed for the      provide and maintain the Wi-Fi connection, ensure IT security (e.g. defence against attacks, detection of misuse) and comply with legal obligations.

Processing is carried out on the basis of our legitimate interest pursuant to Article 6 para. 1 (f) GDPR, as there is a legitimate interest in providing secure and functional internet access and your interests or fundamental rights and freedoms do not override.

The data collected is stored only for as long as is necessary for the purposes mentioned above or as required by statutory retention obligations.

Use of the visitor Wi-Fi is voluntary. Alternatively, you may use other means of accessing the internet. Please note that the use of public Wi-Fi networks may generally involve security risks over which we have no control.

4. Recipients

4.1 In connection with the data processing operations mentioned in section 3, data may be transferred to other recipients. We will only transfer your personal data to other recipients if this is necessary for the purpose of the data processing.

For example, we may transfer your personal data to companies in the IT and marketing services sectors. Furthermore, where there are legitimate interests, we may transfer your data to other companies within our group. Where necessary, we enter into a data processing agreement with the third parties.

4.2 Your personal data may be transferred to a service provider in a non-European third country under certain circumstances if

  • the third country in question offers an adequate level of protection,
  • we or our service provider provide suitable safeguards and you have enforceable rights and effective legal remedies available to you, or
  • you have expressly consented to the data transfer after being informed of the potential risks associated with such data transfers in the absence of an adequacy decision and without appropriate safeguards.

4.3 No further transfer of the data will take place, or only if you have expressly consented to the transfer. Your personal data will not be disclosed to third parties without your express consent, for example for advertising purposes.

5. Duration of processing

We store your personal data only for as long as is necessary.

5.1 This means that, unless otherwise stated in this privacy policy, we will store your personal data until such time as there are no longer any claims in connection with the establishment, performance and processing of services, contracts or quasi-contractual relationships, or the functionality of the websites, and all other retention and documentation obligations, in particular those under the German Civil Code (BGB) and the German Fiscal Code (AO), have expired.

5.2 Otherwise, we adhere to the statutory limitation periods.

5.3 Once retention is no longer required under these provisions, we will delete your data.

6. Your rights

6.1 You have the right at any time to obtain, free of charge, information about the origin, recipients and purpose of your stored personal data.

You also have the right to rectification, blocking, erasure, restriction of processing of your personal data and to the transfer of your data to yourself or another controller

6.2 If the data processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

To exercise your rights or if you have any further questions regarding data protection, you may contact the Data Protection Officer named in section 3 at any time.

6.3 You have the right to lodge a complaint with the competent supervisory authority at any time. The supervisory authority responsible for us in matters of data protection is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia,
Kavalleriestr. 2-4, 40213 Düsseldorf. Telephone: 0211/38424-0, Fax: 0211/38424-999.  E-Mail: poststelle@ldi.nrw.de.

7. Status of the Privacy Policy

It may occasionally be necessary to update the privacy policy. We therefore reserve the right to make changes to this privacy policy. This privacy policy is valid from May 1st 2026.