Data Security← Back
- Relevant legal bases
- Changes and updates to the Privacy Statement
- Security measures
- Partnering with processors and third parties
- Transmission to third countries
- Rights of data subjects
- Right of revocation
- Right of objection
- Platforms and digital presence with registration and order functions
- Cookies and right of objection in relation to direct marketing
- Erasure of data
- Online shop
- Making contact
- Comments and contributions
- Collecting access data and log files
- Online presence on social media
- Cookies and measuring reach
- Cookies on Delius Klasing magazine websites
- Google Analytics
- Google-re/marketing services
- Facebook and Facebook marketing services
- INFOnline GmbH
- Integration of third-party services and content
- Affiliate Links
Name/Company: Delius Klasing Verlag GmbH
Street no.: Siekerwall 21
Postcode, place, country: 33602 Bielefeld, Germany
Company register/No.: Bielefeld District Court [Amtsgericht] HRB 7332
Managing Director: Konrad Delius
Telephone number: +49 (0) 521/559-0
E-mail address: email@example.com
Data protection officer:
Name: Petra Hörster
Street no.: Siekerwall 21
Postcode, place, country: 33602 Bielefeld, Germany
E-mail address: firstname.lastname@example.org
Types of data processed:
Stock data (e.g., names, addresses).
Contact data (e.g., e-mail, phone numbers).
Content data (e.g., product evaluations).
Contract data (e.g., contractual object, term, customer category).
Payment data (e.g., bank details, payment history).
Usage data (e.g., websites visited, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
Processing special data categories (paragraph 9 (1) GDPR):
Special data categories are not processed.
Generally, special data categories are not processed, unless they are provided by the user for processing, e.g. entered into online forms.
Categories of data subjects involved in processing:
Visitors and users of the online offering.
Hereinafter we will refer to all data subjects as "user".
Purpose of processing:
Provision and development of the online offering, its content and functions.
Provision of contractual services and customer care.
Respond to customer queries and communication with users.
Marketing, advertising and market research.
As of: 24 May 2018
1. Relevant legal bases
In accordance with paragraph 13 GDPR, we would like to notify you of the legal basis of our data processing. If the legal basis is not stated in the Privacy Statement, the following shall apply: The legal basis for obtaining consent is paragraph 6 (1)a and paragraph 7 GDPR, the legal basis for processing in order to perform our services and contractual measures, as well as to respond to queries is paragraph 6 (1)b GDPR, the legal basis for processing to fulfil our legal obligations is paragraph 6 (1)c GDPR, and the legal basis for processing to safeguard our legitimate interests is paragraph 6 (1)f GDPR. In the event that essential interests of the data subject or another natural person makes it necessary to process personal data, the legal basis for this is paragraph 6 (1)d GDPR.
2. Changes and updates to the Privacy Statement
We request that you regularly inform yourself about the content of our Privacy Statement. We adapt our Privacy Statement as soon as this is required by changes to our data processing. We will notify you as soon as a change requires you to perform an action (e.g. give your consent) or should any other separate information be required.
3. Security measures
3.1. We take suitable technical and organisational measures to ensure a protection level commensurate with risk in accordance with paragraph 32 GDPR taking into account the state of the art, implementation costs, and the type and scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and degree of risk for the rights and freedoms of natural persons. The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, but also access in respect of the data, their input, transfer, ensuring their availability and their separation. In addition, we have introduced processes that ensure the assertion of rights of data subjects, the erasure of data and reaction to threats to the data. In addition, we already take the protection of personal data into account during the development and/or selection of hardware, software and processes according to the principle of data protection by way of technology design and preliminary settings conducive to data protection (paragraph 25 GDPR).
3.2. The security measures include in particular the encrypted transmission of data between your browser and our server.
3.3. We therefore urgently ask you that you take all possible security measures to protect your data while working on the Internet. Make it a habit to regularly change your password. We recommend that you use a letter and number combination for your password and to ensure that you are using a secure, SSL-capable browser when you surf the Internet. Log fully out, if possible, when you are done using a computer that you share with other people, and do not disclose your password to third parties.
3.4. By taking all technical and organisation measures, your personal data will be stored such that they are not accessible to third parties. When communicating per e-mail, we cannot ensure full data security; for confidential information, we therefore recommend using regular postal mail.
4. Partnering with processors and third parties
4.1. To the extent that we disclose, transmit or give access to the data to other persons and companies (processors or third parties) as part of our processing, this will only occur based on statutory permission (e.g., if the transmission of data to third parties, such as payment service providers, is required in accordance with paragraph 6 (1)b GDPR to fulfil contractual obligations), your consent, if a legal obligation requires us to do so, or based on our legitimate interests (e.g., when using representatives, web hosting services, etc.).
4.2. If we commission third parties to process data based on an "order processing agreement", this shall be based on paragraph 28 GDPR.
4.3. We will transmit personal data to third parties only if this is required as part of contract processing, e.g., to the credit institution commissioned to perform payment operations or companies that we have commissioned for our own purposes. These companies undertake not to disclose these data and to comply with data protection provisions. Further transmission of your data, e.g. for advertising purposes, will not take place.
4.4. Your personal data will not be disclosed to third parties if you have not explicitly given your consent or if we are obliged to disclose the data, e.g. due to a court or official order.
5. Transmission to third countries
If we process data in third countries (i.e. outside of the European Union (EU) or European Economic Area (EEA)) or if this occurs as part of our use of third party services or if data are disclosed or transmitted to third parties, this will only occur if required to fulfil our (pre)contractual obligations, based on your consent, based on a statutory obligation or our legitimate interests. Subject to statutory or contractual permissions, we will only process data or have them processed in a third country if the special conditions pursuant to paragraph 44 et seqq. GDPR apply. This means that processing will only take place, e.g., based on special guarantees, such as the official determination of an adequate data protection level similar to the EU data protection level (e.g., for the USA with the "Privacy Shield") or compliance with officially acknowledged special contractual obligations ("standard contractual clauses").
6. Rights of data subjects
6.1. You have the right to request confirmation about whether the respective data have been processed and to receive information on these data and additional information as well as a copy of the data in accordance with paragraph 15 GDPR.
6.2. In accordance with paragraph 16 GDPR, you have the right to request that your personal data be completed if it is incomplete or that incorrect data be corrected.
6.3. In accordance with paragraph 17 GDPR, you have the right to request that data relating to you are immediately erased or, alternatively, you have the right to request that processing of said data is restricted in accordance with paragraph 18 GDPR.
6.4. You have the right to request that data relating to you that you provided to us be retained in accordance with paragraph 20 GDPR and that we transmit these data to other responsible persons.
6.5. You also have the right to lodge a complaint with the competent supervisory authority (paragraph 77 GDPR).
7. Revocation right
In accordance with paragraph 7 (3) GDPR, you have the right to revoke your consent with effect for the future.
8. Right of objection
You can object to the future processing of your personal data at any time in accordance with paragraph 21 GDPR. The objection may be raised in particular with regard to processing for direct marketing purposes.
9. Platforms and digital presence with registration and order functionality
You must be at least 16 years old to register and order products on all platforms and web presences provided by Delius Klasing.
10. Cookies and right of objection to direct marketing
11. Erasure of data
11.1. In accordance with paragraphs 17 and 18 GDPR, we erase the data that we process or limit their processing. If not explicitly stated in this Privacy Statement, we will erase the data we have stored as soon as they are no longer required for the purpose for which they were stored and erasing them does not violate any statutory provisions for retention. If the data are not erased because they are required for other, legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This also applies to data that must be retained for reasons under commercial or tax law.
11.2. According to statutory provisions, we retain data for six years in particular in accordance with § 257 (1) German Commercial Code (HGB) (trading books, inventory, opening balances, annual financial statements, business letters, accounting records, etc.) and for ten years in accordance with § 147 (1) German Tax Code (AO) (books, records, management reports, accounting records, commercial and business letters, documents relevant for tax, etc.).
12. Online shop
12.1. We process existing data (e.g., names and addresses as well as user contact data) and contractual data (e.g., services used, names of contact persons, payment information) to fulfil our contractual obligations and provide services in accordance with paragraph 6 (1)b GDPR. The entries marked mandatory in our online forms are required to be able to conclude the contract.
12.2. Users may create a user account where they can view their orders. During registration, users will be informed of required information which they must provide. The user accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, the data relating to the user account will be erased, provided their retention is not required under commercial or tax law in accordance with paragraph 6 (1)c GDPR. It is the responsibility of users to back up their data before the contract ends if they have cancelled their user account. We have the right to erase all user data without backup which were stored during the term of the contract.
12.3. As part of the registration and return login and use of our online services, we store all IP addresses and the time of the respective user activity. The storage of these data is based on our legitimate interests and those of the users to protect against misuse or other unauthorised use. These data are generally not shared with third parties, unless required to assert our claims or in the event of a legal obligation in accordance with paragraph 6 (1)c GDPR.
12.4. We process usage data (e.g. websites of our online offering visited, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile. It is used to provide the user with product information based on the services they have previously used.
12.5. The data is erased after expiration of statutory warranty and similar obligations, the requirement for data retention is reviewed every three years; in the event of statutory archiving obligations, erasure takes place after their expiration (end of retention obligations under commercial law (6 years) and under tax law (10 years)); data retained in the customer account is retained until the account is closed.
13. Making contact
13.1. When contacting us (via contact form or e-mail), the information provided by the user for responding and processing the contact request is processed in accordance with paragraph 6 (1)b GDPR.
13.2 The user information may be stored in our customer relationship system ("CRM system") or similar query-processing systems.
13.3. We will erase the queries as soon as they are no longer required. We will review whether they need to be retained every two years; queries from customers who have a customer account with us are stored permanently, and refer to the customer account information regarding erasure. In the event of statutory archiving obligations, erasure takes place after their expiration (end of retention obligations under commercial law (6 years) and under tax law (10 years)).
13.4. There is an option for you to contact our small ads advertisers on the various Delius Klasing online channels. A contact form is integrated into the respective online presence for that purpose. If you send us a contact request, the respective advertiser will receive the information provided by you directly via e-mail. The transmitted information will not be stored on Delius Klasing’s servers.
14. Comments and contributions
14.1. If users post comments or other contributions, their IP addresses are stored based on our legitimate interests within the meaning of paragraph 6 (1)f GDPR.
14.2. This is carried out for security purposes, in case a user posts illegal content in the comments or contributions (defamations, illegal political propaganda, etc.). In that case, we can be sued for the comment or contribution and are therefore interested in the identity of the author.
15. Collecting access data and log files
15.1. Based on our legitimate interest within the meaning of paragraph 6 (1)f GDPR, we collect data (‘server log files’) each time the server, on which this service is located, is accessed. The access data contain the name of the website, file, date and time of access, transmitted data volume, report about the success of the access, browser type including version, the operating system of the user, referrer URL (the website visited previously), IP address and the requesting provider.
15.2. Log file information is stored for security reasons (e.g. to investigate misuse or fraudulent activity) and will be erased at regular intervals. Data whose further retention is required for verification purposes is exempt from erasure until the investigation of the respective incident is complete.
16. Online presences on social media
16.1. Based on our legitimate interest within the meaning of paragraph 6 (1)f GDPR, we maintain various online presences on social networks and platforms to communicate with customers who are active in these networks/on these platforms and inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
16.2. If not stated otherwise as part of our Privacy Statement, we process user data to the extent that users communicate with us in social networks and on platforms, e.g. by posting contributions in our online presences or by sending us messages.
17. Cookies and measuring reach
17.1. Cookies are information that is transmitted from our web server or third-party web servers to the web servers of users and are stored there for subsequent call-up. Cookies may be small files or other types of storage information.
17.2. We use "session cookies" which are stored on our online presence for the duration of the current visit only (e.g. to enable storage of your login status or the cart function, and thus the actual use of our online offering). A session ID, i.e. a randomly generated unique identification number, is stored in a session cookie. In addition, a cookie contains information about its origin and retention period. These cookies cannot store any other information. Session cookies are erased once you are finished using our online offering and have logged out or closed the browser, for example.
17.4. If users do not want cookies to be stored on their computer, we request that they deactivate the respective option in their browser settings. Stored cookies can be deleted in browser settings. The prevention of cookie storage can lead to reduced functionality of this online offering.
18. Cookies on Delius Klasing magazine websites
With the Consent Manager on the websites listed below, we offer you the opportunity to decide in detail in which cases you want to consent to tracking via cookies and other technologies - for the purpose of displaying content that is relevant to you and advertising tailored to you. You can access the settings for the respective website via a link at the bottom of the website "Cookie Einstellungen".
Websites that offer you these settings via the Consent Manager:
The processing of your data for the above-mentioned purposes takes place partly on the basis of legitimate interest, but partly we also need your consent.
In order to guarantee the requirements of the General Data Protection Regulation (GDPR) and to provide you as a user with the highest level of transparency, we participate in the Transparency & Consent Framework (TCF) from IAB Europe and are subject to its specifications and guidelines. For this we use the consent management platform (CMP) from Sourcepoint Technologie Inc., 228 Park Ave S # 87903, New York 10003-1502, USA as a processor. As part of the IAB Europe Transparency & Consent Framework, Sourcepoint is listed under identification number 6. Sourcepoint's CMP enables you to give us self-determined consent to the processing of your data in accordance with data protection regulations and to revoke it at any time. You can also object to data processing that is based on our legitimate interest.
You will also find an overview of your setting options, the purposes and third parties involved in the footer of the respective website, which you can access via the list above.
Further information on data protection and the Sourcepoint CMP can be found on the website www.sourcepoint.com/privacy-policy.
You can also find out more about the Transparency and Consent Framework (TCF) on the IAB Europe website: iabeurope.eu/
19. Google Analytics
19.2. Google uses this information on our behalf to analyse the users’ use of our online offering, compile reports about activities within this online offering, and to provide us with additional services in relation to this online offering and Internet use. During this process, user profiles may be derived from processed data.
19.3. We use Google Analytics to show the ads provided within the advertising services of Google and its partners only to those users who have shown interest in our online offering or who have displayed certain characteristics (e.g. interest in certain topics or products determined based on their visit of certain websites) which we transmit to Google (known as "remarketing" or "Google Analytics audiences"). We use remarketing audiences to ensure that our ads fit the potential interests of users and are not perceived as bothersome.
19.4. We use Google Analytics only with enabled IP anonymisation. This means that Google will shorten your IP address within the EU member states or in other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
19.5. The IP address which is transmitted by the user’s browser is not combined with other Google data. Users can prevent the cookies from being stored using a certain setting in their browser software; in addition, users can prevent the recording and transmission of the data generated by the cookie relating to their use of the online offering to Google and the processing of the data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
19.7. Otherwise, personal data are anonymised or erased after 50 months have expired.
20. Google Re/Marketing Services
20.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and profitable operation of our online offering within the meaning of paragraph 6 (1)f GDPR) we use the marketing and remarketing services ("Google Marketing-Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
20.2. Google marketing services permit us to show ads for and on our websites in a more targeted manner to present users exactly those types of ads that potentially match their interests. If a user is shown ads for products for which the user has shown interest on our websites, for example, this is called "remarketing". For this purpose, Google directly executes a Google code when our and other websites are called up on which Google Marketing Services are enabled and (re)marketing tags (invisible graphics or code, also called "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (it is also possible to use similar technologies instead of cookies). The cookies can be placed by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, for which content the user has shown interest and which offerings the user has clicked. Additionally, it records technical information relating to the browser and operating system, referring websites, time of visit, and additional information on the use of the online offering. Users’ IP address will be also recorded. We would like to inform you that within the Google Analytics framework, the IP address will be shortened within the European Union member states or in other contracting parties to the Agreement on the European Economic Area and will only in exceptional cases be transferred to a Google server in the USA and shortened there. The IP address will not be combined with the user data of other Google offerings. Google can link the aforementioned information also with such information from other sources. If the user subsequently visits other websites, the user may be shown ads selected in accordance with their interests.
20.3. The user data will be pseudonymised as part of Google marketing services. This means that Google does not record and process the name or e-mail address of users, but rather processes the relevant data related to cookies within the pseudonymised user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specific identifiable person, but for the cookie owner, regardless of who owns this cookie. This does not apply if a user has specifically authorised Google to process these data without pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google servers in the USA.
20.4. One of the Google marketing services which we use is the online advertising program "Google AdWords". As part of Google AdWords, every AdWords customer receives a different "conversion cookie". Cookies can thus not be tracked across the websites of AdWords customers. The information collected using the cookie is used to generate conversion statistics for AdWords customers that have opted for conversion tracking. AdWords customers are informed of the total number of users that have clicked on their ad and were transferred to a website fitted with a conversion tracking tag. They do not, however, receive any information that would allow them to identify users personally.
20.6. Furthermore, we can use the "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.
20.8. If you wish to object to the ads placed by Google marketing services based on your interests, you can use the configuration and opt-out options provided by Google: https://adssettings.google.com/authenticated.
21. Facebook and Facebook marketing services
21.1. As part of our online offering, we use the "Facebook Pixel" of the social network Facebook based on our legitimate interest in analysis, optimisation and the profitable operation of our online offering; the Facebook Pixel is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
21.2. Facebook uses the Facebook Pixel to enable it to, among other things, determine visitors of our online offering as a target group for the placement of ads ("Facebook Ads"). We use the Facebook Pixel to show the Facebook ads we place only to those Facebook users who have shown interest in our online offering or who have displayed certain characteristics (e.g. interest in certain topics or products determined based on their visit of specific websites) which we transmit to Facebook ("custom audiences"). Using Facebook Pixel, we also want to ensure that our Facebook ads fit potential user interests and are not perceived as bothersome. Using the Facebook Pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes, by determining whether the user has been transferred to our website after clicking on a Facebook ad ("conversion").
21.3. Facebook processes data within the framework of Facebook’s data processing guide. General information regarding the display of Facebook ads in Facebook’s data processing policy can be found at: https://www.facebook.com/policy.php. Special information and details on the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616.
21.4. You can object to data recording carried out by the Facebook Pixel and the use of your data for displaying Facebook ads. To specify which types of ads you will be shown on Facebook, you can call up the page set up by Facebook and follow the instructions to configure user-based advertising: https://www.facebook.com/settings?tab=ads. The configuration is independent of platforms, i.e. it is transferred to all devices, such as desktop computers or mobile devices.
22. INFOnline GmbH
22.1. Based on our legitimate interests (i.e. interest in the analysis, optimisation and profitable operation of our online offering within the meaning of paragraph 6 (1)f GDPR) we use the "SZMnG" measuring process offered by the INFOnline GmbH, Brühler Str. 9, 53119 Bonn, Germany.
22.2. Our website uses the INFOnline GmbH measuring process ("SZMnG") to determine statistical characteristic
values about the use of our offerings. The goal of measuring use is to statistically determine the number of
visits to our website, the number of visitors and their surfing behaviour – based on a uniform standard
process – and as a result receive comparable values across the entire market.
For all digital offerings which are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW) or participate in the studies of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF), the usage statistics are regularly further processed by the AGOF and the Arbeitsgemeinschaft Media-Analyse e.V. (agma) regarding reach and published with the performance value "unique user" as well as by the IVW with the performance value "page impressions" and "visits". These reaches and statistics can be viewed on the respective websites.
22.3. INFOnline GmbH collects the following data according to EU GDPR that reference persons:
IP address: Every device on the Internet needs a unique address, an IP address, for transmitting data. The storage, even short-term, of the IP address is technically required due to how the Internet works. IP addresses are shortened by 1 byte before every processing and are only processed anonymized. The shortened IP addresses are not stored or processed further.
A randomly generated client identifier: To recognize computer systems, the processing of reach alternatively
uses either a third-party cookie, a first-party cookie, a "local storage object" or a signature for
recognizing computer systems which is generated by various automatically transmitted information by your
browser. This identifier is unique for a browser as long as the cookie or the local storage object are not
deleted. Measuring of data and subsequent assignment to the respective client identifier is therefore also
possible if you call up other websites that also use INFOnline GmbH’s measuring process ("SZMnG").
The validity of cookies is limited to maximal one year.
22.4. The INFOnline GmbH measuring process that is used on this website determines all user data. This is
done to collect the performance values of page impressions, visits and clients, and to create further key
figures (e.g., qualified client). In addition, the measured data are used as follows:
- So-called geolocalisation, meaning the assignment of the website call-up to the location of the call up, occurs exclusively based on the anonymized IP address and only down to the geographical level of federal states / regions. In no case is it possible to draw a conclusion regarding the actual location of the user based on the obtained geographical information.
- The usage data of a technical client (e.g., a browser on a device) are compiled across websites and stored in a database. This information is used to estimate sociological information such as age and gender and transferred to the service provider AGOF for further processing of reach. As part of the AGOF study, sociological characteristics are technically estimated based on a random sample which can be assigned to the following categories: Age, gender, nationality, professional activity, marital status, general information on the household, household income, place of residence, Internet use, online interests, place of usage, user type.
22.5. INFOnline GmbH will not store the full IP address. The shortened IP address is stored for a maximum of 60 days. The usage data in connection with a unique identifier is stored for maximal 6 months.
22.6. The IP address and the shortened IP address are never shared. For the preparation of the AGOF study, the following data and client identifiers are provided to the following AGOF service providers: Kantar Deutschland GmbH (https://www.tns-infratest.com/), Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/), Interrogare GmbH (https://www.interrogare.de/)
23.1. The information below is intended to give you an idea about the contents of our newsletter and the registration, mailing and statistical analysis processes as well as your related rights to objection. By subscribing to our newsletter, you give your consent to receive the newsletter and agree to the described processes.
23.2. Newsletter content: We send newsletters, e-mails and additional electronic messages with commercial information (hereinafter the "newsletter") only with the recipient’s consent or if legally permitted. To the extent that the contents of the newsletter are specified during the subscription process, they are relevant for the user’s consent. Generally, our newsletters contain information relating to our products, offerings, campaigns and our company.
23.3. Double opt-in and logging: The subscription to our newsletter takes place by means of a double opt-out process, meaning you will receive an e-mail after you subscribe which requests you to confirm your subscription. This confirmation is necessary to ensure that nobody can subscribe using another person’s email address. The newsletter subscriptions are logged to be able to produce evidence for the subscription process in accordance with legal requirements. This includes storage of the subscription and confirmation time as well as the IP address. In addition, any changes to the data stored with your e-mail provider are logged.
23.5. In addition, the e-mail provider can, according to its own information, use the data in pseudonymized form, i.e. without assignment to a user, for optimization or improving its own services, e.g. to technically optimize the shipping and the presentation of the newsletter, or for statistical purposes to determine recipients’ countries of origin. The e-mail provider, however, does not use the data of our newsletter subscribers to contact them directly or provide their information to third parties.
23.6. Registration data: Your e-mail address is all that is required to subscribe to the newsletter. Optionally, we will ask you to provide us with a name so we know how to address you.
23.7. Measuring success - The newsletters contain a so-called "web beacon", meaning a pixel-sized file which is called up by the server of the e-mail provider when the newsletter is opened. As part of this call up, initially technical information is collected such as information about your browser and operating system, as well as your IP address and the time of call-up. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on the call-up locations (which can be determined using the IP address) or the access times. The statistical survey also contains the determination whether the newsletters are opened, when they are opened and which links are being clicked on. Although these types of information can be assigned to the individual newsletter recipients for technical reasons, it is not our intent nor the intent of the e-mail provider to monitor individual users. We use these analyses instead to determine the reading habits of our users and to adapt our content to their preferences, or to send different content based on the interests of our users.
23.8. The mailing of the newsletter and measuring of the success take place based on the recipients’ consent in accordance with paragraph 6 (1)a, paragraph 7 GDPR in conjunction with § 7 (2) no. 3 of the German Fair Trade Practices Act (UWG) or based on the statutory authorisation in accordance with § 7 (3) UWG.
23.9. The registration process is logged based on our legitimate interests in accordance with paragraph 6 (1)f GDPR and needed to verify the user’s consent for receiving the newsletter.
23.10. Cancellation/revocation - Newsletter recipients can cancel their subscription to the newsletter at any time, meaning they can revoke their consent. A link to unsubscribe from the newsletter can be found at the end of every newsletter. This also revokes their consent for success measuring. A separate revocation of consent for the measuring of success is, unfortunately, impossible; to achieve this, the entire newsletter subscription must be cancelled. Unsubscribing the newsletter results in erasure of the personal data unless their retention is legally required or justified. In this case, however, their processing will only be limited to these exceptional purposes. We can store the revoking email addresses for up to three years based on our legitimate interests before we erase them for the purposes of mailing newsletters, to be able to provide evidence for consent given previously. The processing of this data is limited to the defence against possible claims. An individual request for erasure is possible at any time, if at the same time the previous existence of consent is confirmed.
24. Integration of third-party services and content
24.1. As part of our online offering based on our legitimate interests (i.e. interest in the analysis, optimisation and profitable operation of our online offering within the meaning of paragraph 6 (1)f GDPR), we use third-party content and service offerings to integrate their content and services, such as videos or fonts (hereinafter jointly referred to as "contents"). This always presupposes that these third-party providers use the user IP addresses since without the IP address, they cannot send the contents to the users’ browsers. The IP address is therefore required to display this content. We try to only use content whose respective providers use the IP address only for the provision of content. In addition, third-party providers can use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. These "pixel tags" allow the analysis of information, such as the visitor traffic on these web pages. The pseudonymised information can also be stored in cookies on the user device and contain, among other things, technical information regarding the browser and operating system, referring websites, time of visit and further information regarding the use of our online offering, and can also be connected with such information from other sources.
24.2 The following presentation provides an overview of third-party providers and their contents including links to their privacy policies which provide additional information on the processing of data, and, as partially already mentioned here, objection options (opt-out):
- YieldKit: Some pages contain affiliate links. If you click on these links and subsequently make a purchase, we will receive a commission. For further information, please visit the website of our partner YieldKit. YieldKit documents these revenues, but never personal data, such as names or addresses. For further details regarding the stored data and the opt-out option, please visit the website https://yieldkit.de/legal-notes/privacy-policy/.
- You can use our website to order the news and information we have provided about the content and
topics of our website via the messenger services "Notify" and "Telegram". With your registration you give
your consent. The legal basis for processing your data on the basis of your consent is Art. 6 Para. 1 S. 1
lit. a GDPR. We provide this service through the service provider MessengerPeople GmbH, Herzog-Heinrich-Str.
9, 80336 München, Germany, (hereinafter "MessengerPeople") as our processor. The messages are sent via a
Notify or Telegram account created in our name. If you register for sending messages via Notify or Telegram
via our website in accordance with the instructions described there, MessengerPeople can access your
personal data stored with Notify or Telegram, in particular first and last name, device, profile picture and
those exchanged via MessengerPeople News. You can unsubscribe at any time. At Telegram you send a message
with "Stop" to receive no further messages and a message with "Delete all data" to completely end the
service. With Notify you have the option to deactivate the channel under "Channels". You can also find
detailed information on the use of personal data by MessengerPeople in the information on data protection
from MessengerPeople at https://www.messengerpeople.com/de/datenschutzerklaerung/.
The provider of the "Notify" service is MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 München, Germany. The provider of the messenger "Telegram" is Telegram Messenger Inc. (hereinafter "Telegram") with the data protection declaration available at https://telegram.org/privacy We point out that Telegram receives personal data (in particular metadata of communication), which are also processed on servers in countries outside the EU (e.g. USA) in which an adequate level of data protection cannot be guaranteed. However, Telegram says it complies with the data protection standards required by the GDPR. Further information can be found in the Telegram data protection guidelines. We have neither precise knowledge nor influence on the data processing by the respective provider.
25. Affiliate Links
On some of our websites we use so-called affiliate links. These are marked with asterisks (*). If you click on one of these affiliate links and shop via this link, we will receive a commission from the respective online store or provider. This does not change your price.
Please also note our General Terms and Conditions.