Data Privacy Guidelines
At United Internet Media GmbH in Montabaur, Germany, protecting your personal information is our top priority. Of course, we operate in line with all relevant data protection laws. The following data privacy guidelines are designed to explain just how we use your data.
1. DATA PROTECTION NOTICE OF UNITED INTERNET MEDIA GMBH
2. NAME AND ADDRESS OF DATA PROTECTION OFFICER
3. GENERAL INFORMATION ON DATA PROCESSING
4. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
5. USE OF COOKIES
6. NEWSLETTER
7. CONTACT FORM AND E-MAIL CONTACT
8. WEB ANALYSE BY INTERNAL WEB ANALYSIS TOOL
9. RIGHTS OF THE DATA SUBJECT
10. SELF-REGULATION CODE OF THE DDOW
1. Data Protection Notice of United Internet Media GmbH
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States as well as other regulations on data protection is:
United Internet Media GmbH
Elgendorfer Str. 57
56410 Montabaur
Germany
Tel.: +49 (0) 721 91374 - 1717
E-Mail: datenschutz@united-internet-media.de
Website: www.united-internet-media.de
2. Name And Address of the Data Protection Officer
On request, we will provide you with the information about your personal data stored in our systems free of charge and without delay. Please contact us in writing:
United Internet Media GmbH
Data Protection Officer
Elgendorfer Str. 57
56410 Montabaur
Or via E-Mail: datenschutz@united-internet-media.de
3. General Information On Data Processing
Scope of Personal Data Processing
We collect and process personally identifiable information of our users basically only where this is necessary for providing a functional website as well as our content and services. You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data following Art. 6 (1) lit. (e) or (f) of GDPR for objection.
Legal Basis for the Processing of Data
Insofar as we obtain consent for processing operations of the data subject's personal data, Art. 6 (1)(a) GDPR serves as the legal basis.
For the processing of personal data required for the performance of a contract the contractual party of which is the data subject, Art. 6 (1)(b) GDPR serves as the legal basis. This also applies to processing operations required for the performance of precontractual measures. Insofar as processing of personal data is required for the fulfilment of a legal obligation applying to our company, Art. 6 (1)(c) GDPR serves as the legal basis.
If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1)(d) GDPR serves as the legal basis.
If the processing is necessary for the preservation of the legitimate interests pursued by our company or a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1)(f) GDPR serves as the legal basis for the processing.
Data Deletion and Retention Period
The personal data of the data subject will be deleted or blocked once the purpose of storing no longer exists. Nonetheless, the data may be stored if this is stipulated by European or national legislature, union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of data may also occur when a stipulated data retention period defined in the said regulations expires, except, the continued data storage is needed for the conclusion or performance of a contract.
4. Provision of the Website and Creation of Log Files
Description and Scope of the Data Processing
Like most standard websites, we use log files. Meaning, that our system automatically collects data and information of the visiting computer each time our website is accessed. The following data is collected in this process:
(1) date and time of access
(2) shortened internet protocol (IP) address of the visiting user's system
(3) a pseudonymous cookie ID
(4) information about the operating system and the browser used
(5) the accessed website
(6) the website from which the user reached the visited website (referrer)
However, none of the information stored in our log files, including but not limited to IP addresses, is linked to personally identifiable information or added together with other personal data of the user.
Legal Basis for Data Processing
Art. 6 (1)(f) GDPR serves as the legal basis for the temporary storage of data.
Purpose of the Data Processing
The log files are stored in order to ensure the functionality of the website. In addition, the data is used for optimising the website and safeguarding the security of our IT systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing according to Art. 6 (1)(f) GDPR.
Data Retention Period
The data is deleted once it is no longer required for attaining the purpose of its collection. With regard to the collection of data for the provision of the website, this is the case when the respective session has been finished.
Possibility to Object and to Withdraw Consent
The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. Users may therefore not object to this
5. Use of Cookies
Description and Scope of the Data Processing
Our website uses cookies. Cookies are small text files that are stored in the Internet Browser and/or stored by the Internet Browser on the user's computer. When a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a distinctive character string that facilitates the clear identification of the browser when the website is revisited.
Furthermore, we use cookies on our website that facilitate the analysis of the users' browsing behaviour.
A pseudonymous cookie ID may be transmitted this way.
It is not possible to attribute the data to the visiting user. The data is not stored together with other personal data of the users.
Legal Basis of the Data Processing
Art. 6 (1)(f) GDPR serves as the legal basis for the processing of personal data by using cookies.
Purpose of the Data Processing
The purpose of using analysis cookies is to improve the quality of our website and its content. Using analysis cookies gives us information on how the website is used so that we can continuously improve our services.
These purposes also constitute our legitimate interest in processing personal data according to Art. 6 (1)(f) GDPR.
Retention Period, Possibilty to Object and Withdraw Consent
Cookies are stored on the user's computer and transmitted to our website. Thus, you as user have full control over the use of cookies. You may deactivate or limit the transmission of cookies by changing the settings in your Internet Browser. Already stored cookies can be deleted any time. This may also be performed automatically. Though, if cookies for our website are deactivated, it may not be possible to use the full functionality of all website features.
6. Newsletter
Description and Scope of the Data Processing
Users have the option to subscribe to a free newsletter on our website. When registering for our newsletter, typed-in data from the input mask will be transferred to us (mandatory fields: Title, First Name, Last Name, E-Mail Address and Company). Furthermore, the time and date of your registration will be recorded.
We obtain your consent for the processing your data within the scope of the registration process by means of a confirmation E-Mail and referring to this Data Privacy Statement.
There is no data transfer to third parties associated with the data processing for the delivery of newsletters. The data is used exclusively for the delivery of our newsletters.
Legal Basis of the Data Processing
After having obtained the user's consent, Art. 6 (1)(a) GDPR serves as the legal basis for the data processing following the user's registration.
Purpose of the Data Processing
The user’s E-Mail address is collected to ensure the delivery of the newsletter.
The collection of other personal data within the scope of the registration process serves to personalise the newsletter and prevent misuse of the services or the used E-Mail address.
Data Retention Period
The data is deleted once it is no longer required for attaining the purpose of its collection. Therefore, the user's E-Mail address is stored as long as the subscription to the newsletter is active.
Possibility to Object and Withdraw Consent
The newsletter subscription may be cancelled by the affected user (data subject) at any time. Every newsletter contains an unsubscribe link for this purpose.
This also allows the withdrawing of consent to the storage of personal data collected during the registration process.
7. Contact Form and E-Mail Contact
Description and Scope of the Data Processing
Our website includes a contact form, which may be used to contact us electronically. When a user takes advantage of this possibility, the data entered into the input mask is transmitted to us and stored. This includes at least your first and last name as well as your E-Mail address. The time and date of your contact request will also be recorded.
We obtain your consent for processing the data within the scope of the sending process by asking you and referring to this Data Privacy Statement.
Alternatively, you may contact us via the E-Mail address or telephone number provided. In this case, the user's personal data sent via E-Mail will be stored.
The data is not transferred to third parties in this context but rather used exclusively for the handling of the conversation.
Legal Basis of the Data Processing
Art. 6 (1)(a) GDPR serves as the legal basis for the processing of data after the user's consent has been obtained.
Art. 6 (1)(f) GDPR serves as the legal basis for the processing of data that is transferred in line with sending an E-Mail.
Purpose of the Data Processing
The sole purpose of processing personal data from the input mask is to process the contact request. When contacting us via E-Mail, this also constitutes the required legitimate interest in the processing of the data.
Other personal data processed during the sending process serves to prevent misuse of the contact form and to safeguard the security of our IT systems.
Data Retention Period
The data is deleted once it is no longer required for attaining the purpose of its collection. For personal data from the input mask of the contact form and data submitted via E-Mail, this rule applies if the respective conversation with the user has ended. The conversation is considered completed when the circumstances indicate that the subject matter has been conclusively clarified.
Possibility to Object and Withdraw Consent
The user may withdraw his or her consent to the processing of personal data at any time. This right of withdrawal also applies to the storage of his or her personal data when contacting us via E-Mail. In that case, the conversation can not be continued and all personal data stored in the course of contacting us will be deleted.
8. Web Analysis by internal Web Analysis Tool
Scope of Personal Data Processing
We use an internal solution to analyse the traffic data of our website. Data that we analyse for the design of products and websites will not be transferred to third parties. The data is stored exclusively on our servers in Germany.
The software sets a cookie on the user's computer. When accessing our website, the following data will be stored:
(1) date and time of access
(2) shortened IP address of the visiting user's system
(3) a pseudonymous cookie ID
(4) information about the operating system and the browser used
(5) the accessed website
(6) the website from which the user reached the visited website (referrer)
Due to the software configuration the IP addresses are anonymised meaning that it is not possible to attribute the shortened IP address to the visitor’s computer.
Those log files are stored for seven days and pseudonymized analysis data for two months.
Legal Basis for the Processing of Personal Data
Art. 6 (1)(f) GDPR serves as the legal basis for processing the users' personal data.
Purpose of the Data Processing
The processing of our user’s personal data allows us to analyse our users' browsing behaviour. Evaluating the collected data allows us to compile information on the usage of our website's unique components. This helps us in continuously improving our website and its user-friendliness. Upon these purposes we constitute our legitimate interest in processing personal data according to Art. 6 (1)(f) GDPR. The anonymization of the IP address sufficiently takes into account the users' interest in safeguarding their personal data.
Data Retention Period
The data is deleted once it is no longer required for attaining the purpose of its collection.
Possibility to Object and to Withdraw Consent
Cookies are stored on the user's computer and hereupon transmitted to our website. Thus, you as user have full control over the use of cookies. You may deactivate or limit the transmission of cookies by changing the settings in your Internet Browser. Already stored cookies can be deleted any time. This may also be performed automatically. Though, if cookies for our website are deactivated, it may not be possible to use the full functionality of all website's features.
We offer our users the option to opt-out from the analysis process on our website. To do so please follow the corresponding link: www.united-internet-media.de/en/services/opt-inopt-out/ and the instructions on above webpage. While doing so another cookie is set in your system that signalizes our system to not store your data. If the user deletes the respective cookie earlier from his or her own system in the meantime, the opt-out cookie must be set once again.
8.1 tD Insights KPI Report
Description and scope of data processing
On our website, you have the option of requesting a KPI report free of charge. When you request it, the data from the input mask is transmitted to us (first name, last name, business e-mail address, company). In addition, the date and time of your request as well as the consent given, if any, are collected.
Legal basis for data processing
The legal basis for processing the data is the fulfilment of the contract, Art. 6 para. 1 lit. b DSGVO (sending the KPI report) or the protection of our legitimate interests, Art. 6 para. 1 lit. f DSGVO (information about our own similar products, as well as abuse prevention and IT security).
Purpose of data processing
The processing of the personal data from the input mask serves us to process your report request, the delivery of a total of four weekly KPI reports by e-mail as well as to inform you about our own similar products by e-mail.
The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The personal data you send us will be deleted as soon as they are no longer required to achieve the purpose for which they were collected, but no later than when you object to the processing of your personal data.
Your personal data submitted to us will also be deleted if you have not responded to an email request after a period of 90 days or if you have not provided us with the information requested for authentication and/or setup of your KPI reporting by us after a period of 90 days since our last corresponding email request.
Opt-out and opt-out options
The subscriber has the option at any time to unsubscribe from receiving the KPI Reports and to object to the use of their personal data to get informed about our similar products. In the event of an objection, the receipt of the KPI Report and further communication will cease, as this can only be done in each case by processing personal data. All personal data stored while contacting you will be deleted in accordance with the defined storage duration.
9. Rights of the Data Subject
Whenever your personal data is processed, you are a data subject within the meaning of the GDPR and entitled to enforce the following rights towards the controller:
Right to Access
You may request a confirmation from the data controller for the personal data concerning you processed by us. If such processing is performed, you may request access to the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if concrete details are not possible in that respect, the criteria used to determine the storage period;
(5) the existence of the right to request rectification or deletion of personal data concerning you or the right to restriction of processing by the data controller or right to object to such processing;
(6) the existence of the right to file a complaint with a supervisory authority;
(7) any available information on the source of the data when the personal data is not collected from the data subject;
You are entitled to request information about whether personal data concerning you is transferred to a third country or an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
Right of Rectification
You are entitled to rectification and/or completion towards the controller insofar as the processed data concerning you is incorrect or incomplete. The controller is obligated to perform the rectification without delay.
Right to Restriction of Processing
Under the following conditions, you may request the restriction of processing of personal data concerning you if:
(1) you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the deletion of the personal data and request the restriction of using the personal data instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require this data for the establishment, exercise or defence of legal claims, or
(4) you have objected to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate reasons of the controller override your reasons.
Where the processing of personal data concerning you has been restricted, this data – with the exception of its storage – may be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing was restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Right to Deletion
Obligation to Delete
You may request from the controller the immediate delete the personal data concerning you. The controller is obligated to delete this data without undue delay provided that one of the following reasons applies:
(1) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing was based according to Art. 6 (1)(a) or Art. 9 (2)(a) and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the personal data concerning you has to be deleted for compliance with a legal obligation of Union or Member State law to which the controller is subject;
(6) personal data concerning you has been collected in relation to services offered by information society services according to Article 8(1) GDPR.
Information to Third Parties
Where the controller has made the personal data concerning you public and is obligated pursuant to Art. 17 (1) to delete this data, the controller will take into account available technology and cost of implementation and reasonable technical measures to inform any controllers processing personal data concerning you to delete any links to this personal data including copies or replications of this personal data on your request.
Exceptions
The right to erasure does not apply if the processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing pursuant to EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for the establishment, exercise or defence of legal claims.
Right to Notification
Insofar as you have enforced your right to rectification, deletion or restriction of processing towards the controller, the controller is obligated to communicate such rectification, deletion or restriction of processing to each recipient to whom the personal data concerning you has been disclosed unless this proves impossible or involves disproportionate effort.
You are entitled to be notified by the controller about those recipients.
Right to Data Portability
You are entitled to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you are entitled to transmit this data to any other controller without hindrance from the controller to which you provided the personal data insofar as:
(1) the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or an agreement pursuant to Art. 6 (1)(b); and
(2) the processing is carried out by automated methods.
In exercising this right, you are also entitled to have the personal data transmitted directly from one controller to another controller insofar as this is technically feasible. The rights and freedoms of other persons must not be affected by this.
This right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been vested in the controller.
Right to Object
On grounds arising from your particular situation, you are entitled to object at any time to the processing of personal data concerning you that is based on Art. 6 (1)(e) or (f) GDPR.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you are entitled to object at any time to the processing of personal data concerning you for the purposes of such marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
Right to Withdraw Declaration of Consent Under Data Protection Law
You are entitled to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the legality of the performed processing based on the consent up to its withdrawal.
Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the provisions of the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
If we, contrary to expectation, are unable to clarify your data privacy concerns, please contact the supervisory authority responsible for United Internet Media:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (LfDI RLP),
Postfach 30 40
55020 Mainz
10. Self-Regulation Code of the DDOW
Practical data protection for the benefit of the users of the websites marketed by us (GMX, WEB.DE and 1&1) concerning online behavioural advertising is important to United Internet Media GmbH. In addition to the legal requirements and strict pseudonymization of the collected data, we therefore comply with the self-regulatory provisions of IAB Europe Framework for Online Behavioral Advertising and Deutscher Datenschutzrat Online Werbung (DDOW) (German Data Privacy Council for Online Advertising) relating to online behavioural advertising. You may view the applicable self-regulation code at the following link: http://www.youronlinechoices.com/de/nutzungsbasierte-online-werbung/
Mai 2018