Data Privacy

Data protection information of GmbH

Status: September 2022

As of May 25, 2018 the uniform requirements of the EU General Data Protection Regulation (GDPR) apply Europe-wide in the area of data protection. The following Privacy Policy informs you about the processing of personal data conducted by GmbH (“myToys” and/or “we” and/or “controller”) in compliance with the GDPR and the German Data Protection Act (BDSG 2018).

Please read our privacy information carefully. If you have any questions or comments about our privacy information, please feel free to contact us at the email address:

Responsible controller and the company data protection officer

This data protection information applies to data processing by the GmbH
Potsdamer Str. 192
10783 Berlin

represented by the managing directors
Martin Schierer
Katrin Behrens
Tobias Nieber
Tel.: 030/726201-201

for the following website:

as the responsible controller.

You can contact the data protection officer of the data controller at GmbH
Potsdamer Str. 192
10783 Berlin, Deutschland


I. Purposes of data processing, legal bases and legitimate interests pursued by the controller or a third party and categories of recipients
1.1. Accessing our website
1.1.1. Operation of the website / log files
1.1.2. Cookies, Tracking
1.2. Online presence and website optimisation
1.2.1. Cookies – General Information
1.2.2. Intervention options / browser settings
1.2.3. Basic reach measurement (MAPP)
1.2.4. YouTube
1.3. Further offers
1.3.1. Newsletter
1.3.2. Contact

II. Recipients outside the EU

III. Your rights
1.1. Overview
1.2. Right of objection
1.3. Right of withdrawal
1.4. Duration of data storage

IV. Data security

V. Applicant data protection
1.1. Information on the purpose of the data processing and the data that are processed
1.2. Legal basis for data processing
1.3. Disclosure of your data within the application process
1.4. Duration of data storage
1.5. Group membership

I. Purposes of data processing, legal bases and legitimate interests pursued by the controller or a third party and categories of recipients

1.1. Accessing our website

1.1.1. Operation of the website / log files

This website uses various technologies necessary for the operation of the website. The use of these technologies enables you to access and use the basic functions of our website.
Each time our website is accessed, information is sent by the respective internet browser of your respective end device to the server of our website and temporarily stored in log files, the so-called log files. The data records stored in this process contain the following data, which are stored until automatic deletion: Date and time of access, name of the page accessed, IP address of the requesting device, referrer URL (URL from which you came to our website), the amount of data transferred, loading time, as well as product and version information of the respective browser used and the name of your access provider.

The legal basis for the processing of the IP address is article 6 section 1 letter f) of the GDPR. Our legitimate interest results from

  • ensuring a trouble-free establishment of the connection,
  • ensuring the convenient use of our website/application,
  • analyzing system security and stability.

It is impossible to identify you directly based on this information and we do not use this information to do so.

The data is stored and automatically erased after achieving the aforementioned purposes. The standard periods for erasure comply with the criterion of necessity.

1.1.2. Cookies, Tracking

We use a tracking tool and cookies for our website. The exact procedures involved and how your data is used for this purpose are explained in detail below.

1.2. Online presence and website optimization

1.2.1. Cookies – General information

Cookies are used on this website. Cookies are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar). Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Some of the cookies we use are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise your computer on your next visit (so-called permanent or session cookies). These cookies in particular serve to make our website user-friendly, more effective and safer.
According to the legal requirements, the storage of information on end devices (desktops, mobile phones, tablets or similar) – e.g. by setting cookies – as well as the retrieval of information from end devices (tracking) is generally only permitted if you have given your prior consent. The legal basis for this is § 25 para. 1 sentence 1 TTDSG. However, consent does not have to be granted if such storage/retrieval is necessary for the website/app offer. The legal basis for this is § 25 para. 2 number 2 TTDSG. Necessity is given, for example, with regard to ensuring the following functionalities/achieving the following purposes:

  • Ensuring system security and
  • Implementation of the application process.

With regard to data processing that is necessary for the operation of the website, you have no right of objection.

You can use the myToys websites without data being retrieved from or stored on your end device for purposes that are not necessary for the offer of the myToys websites. For this reason, only “basic tracking” is activated when you use the myToys websites – unless you give further consent.

1.2.2. Intervention options / browser settings

Of course, you can set up your browser so that it does not place certain cookies on your end device. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or even how to delete all cookies you have already received and block them for all further ones.

Please proceed as follows:

In Internet Explorer

  1. Select “Internet Options” in the “Extras” menu.
  2. Click on the “Data protection” tab.
  3. Now you can make the security settings for the Internet zone. Here you set whether and which cookies are to be accepted or rejected.
  4. Press “OK” to confirm your setting.

In Firefox:

  1. In the “Extras” menu, select the item Settings.
  2. Click on “Privacy”.
  3. Select the entry “Create according to user-defined settings” in the drop-down menu. ow you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions, which websites you always or never want to allow to use cookies.
  4. Confirm your setting with “OK”.

In Google Chrome:

  1. Click on the Chrome menu on the browser toolbar.
  2. Now select “Settings”.
  3. click on “Show advanced settings”.
  4. click on “Content settings” under “Privacy”. Under “Cookies” you can make the following settings for cookies:
    • Delete cookies
    • Block cookies by default
    • Delete cookies and website data by default after exiting the browser
    • Allow exceptions for cookies from specific websites or domains
      If you would like to delete individual cookies set in your browser or find out which service providers / suppliers have set cookies in your browser, you can also do this / find out via a “preference manager”. Such a preference manager is available, for example, at
      If you also use apps in addition to a browser, your end device (smartphone, tablet or similar) has a function with which you can influence tracking by apps. You can, for example, deactivate the transmission of tracking data by
      • Deactivate the setting “Allow apps to request tracking” on their iOS device.
      • or activate the setting “Deactivate ad personalisation” on your Android device.
      To learn more about how these opt-out features work, please refer to your device settings.

1.2.3. Basic Tracking (MAPP)

For the purpose of service-oriented design and continuous optimisation of the myToys pages, collected data is processed by the basic tracking of the web analysis service Mapp (Mapp Digital c/o Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin). Mapp uses so-called “cookies” (text files), which are stored on your computer and which enable an analysis of your use of the website. On behalf of myToys, Mapp will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. Mapp processes the collected data exclusively on the instructions of myToys and for the purposes of myToys.

The legal basis for the aforementioned data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest).

You can object to the further processing of your data by Mapp by clicking here. The consequence of the objection is that MAPP will no longer collect any data on the device used by you on the myToys pages when you object.

1.2.4. YouTube

This website uses the Youtube embedding function to display and play videos from Youtube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). We use the extended data protection mode , which, according to the provider, only starts storing user information when the video is played. At the moment when the playback of the embedded video is started, Youtube uses cookies to collect information about user behaviour.

According to information from Youtube, these are used, among other things, to collect video statistics, improve the user experience and prevent abusive behaviour.

For further information on data protection at YouTube, please refer to the provider’s privacy policy at:

1.3. More content

1.3.1. Newsletter

On our website we offer you the possibility to register for our newsletter. In order to be able to ensure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field, we will send you a confirmation link to the address you have provided. Only when you click on this confirmation link will your email address be added to our distribution list for sending our newsletter. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

You can revoke your consent at any time with effect for the future by sending a message to e-mail: or using the unsubscribe option at the end of each newsletter.

1.3.2. Contact

You have the option of contacting us in several ways. By e-mail, by telephone, by contact form or by post. When you contact us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your enquiry. The legal basis for this data processing is Art. 6 (1) a), Art. 6 (1) b), Art. 6 (1) c) DSGVO and Art. 6 (1) f) GDPR.

II. Recipients outside the EU

With the exception of the processing operations for which we provide information about the possibility of transferring data to recipients based outside the EU in this privacy notice, we do not transfer your data to recipients based outside the European Union or the European Economic Area. The data transfers take place on the basis of so-called standard contractual clauses of the EU Commission.

III. Your rights

1.1. Overview

In addition to your right to revoke your consent given to us, you also have the following rights if the respective legal requirements are met:

  • the right of access to your personal data (art. 15 GDPR) stored by us, in particular you can request information regarding the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned duration of storage, the origin of your data, provided that it was not collected directly from you;
  • the right to rectification of incorrect or incomplete accurate data (art. 16 GDPR),
  • the right to the erasure of your data stored by us (art. 17 GDPR), insofar as we are not required to comply with any legal or contractual retention periods or other legal duties or rights for further storage,
  • the right to the restriction of processing your data (art. 18 GDPR), insofar as you contest to the accuracy of the data, the processing is unlawful but you object to its erasure; the controller no longer requires the data however, you require it to assert, exercise or defend against legal claims or you have objected to the processing in accordance with art. 21 of the GDPR, If you purchase products/services from partners via, the aforementioned rights apply accordingly against our partners. If you want to assert the aforementioned rights against our partners, please contact the respective partner directly.
  • the right to data portability according to art. 20 of the GDPR, i.e. the right to receive your selected personal data we store in a commonly used, machine-readable format or to request the transmission of said data to another controller
  • the right to lodge a complaint with a supervisory authority. Normally, you can contact the supervisory authority at your usual place of residence or work for this purpose or contact our headquarters.
  • You can exercise the aforementioned rights to which you are entitled vis-à-vis us at the following e-mail address: You can also exercise the right to data portability at

1.2. Right to object

Under the conditions laid down in art. 21 sec. 1 of the GDPR, data processing can be objected to for reasons resulting from the special situation of the data subject.
The preceding general right to object applies to all processing purposes described in this Privacy Policy, which are processed based on article 6 section 1 letter f) of the GDPR. Contrary to the special right to object aimed at data processing for promotional purposes, according to the GDPR, we are only obligated to implement such a general right to object if you give us reasons of paramount importance (e.g. possible danger to life or health).

1.3. Right to revoke

If we process data on the basis of your consent, you have the right to revoke this consent at any time. The revocation of consent does not have the consequence that the data processing carried out on the basis of the consent up to the time of the revocation becomes ineffective.

1.4. Duration of the storage of the data

The duration of the storage of the data collected about you depends on the purpose for which we process the data. The data is stored for as long as is necessary to achieve the purpose for which it was collected. Insofar as we have to store certain categories of data for a certain period of time due to legal obligations (e.g. obligations under tax law), the continued storage of the data after its storage is no longer necessary for the achievement of the respective purpose is exclusively for the purpose of fulfilling the legal obligation. In this case, the data will be blocked for access.

IV. Data security

All of your transmitted personal data including your payment data is transferred using the generally common and secure standard SSL (Secure Socket Layer). SSL is a secure and tested standard, which is used for online banking for instance. Among other things, you can recognize a secure SSL connection by the “s” attached to http (i.e. https://…) in the address bar of your browser or by the small lock icon in the lower section of your browser.

We also use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

V. Applicant data protection

Dear applicant, Thank you for your interest in our company. We would like to inform you about the information we collect during your visit to this website and your application process and how we process it.

We would like to refer you to the above “General Information” regarding the general information on data protection for this website. There you will find information about the responsible controller and your rights.

Application-specific details can be found below.

1.1. Information on the purpose of the data processing and the data that will be processed

We process the data that you have sent us with your application in order to check your suitability for the position (or, if applicable, other vacant positions in our companies, insofar as your consent is required here in accordance with the legal basis, we will obtain this beforehand) and to carry out the application procedure.

When you apply for a job, we ask you to provide us with the following data via our online form: Salutation, first and last name, e-mail address, birthday (optional), address, telephone number. Furthermore, we may request your CV, relevant references, a covering letter and, if applicable, samples of your work.

If further data is processed as part of the ongoing application process, we will inform you of this separately.

1.2. Legal basis for data processing

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after the application procedure has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then consists in the assertion or defence of claims.

1.3. Disclosure of your data within the scope of the application process

Your application data will be reviewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the person responsible for the respective open position. If consent is required by law and we have it, the application documents may also be forwarded to other parties from other departments. In principle, only those persons in the company have access to your data who need it for the proper conduct of our application procedure. This also includes the members of the works council. Due to system maintenance and servicing, your data may come to the attention of the persons entrusted with it. The relevant persons or, if applicable, the service providers used are obliged to maintain data secrecy.

For the aforementioned purposes, the data will also be passed on to the following company: TALENTSOFT GmbH. This is an processing according to Art. 28 GDPR. This means that the data may only be processed by TALENTSOFT GmbH on the instructions of TALENTSOFT GmbH is based in Germany.

1.4. Duration of the storage of the data

Data of applicants will be completely deleted after 6 months in case of rejection. If you have been accepted for a position during the application process, the data from the applicant data system will be transferred to our personnel information system.

1.5. Group membership GmbH is part of the Otto Group. If you would like more information about the companies belonging to the Otto Group, please look at the following link: