Privacy Policy

Disclaimer: the English translation is provided for information purposes only. The official text is the German version of this Privacy Policy. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes.

1. Privacy Policy

We as the operator of the website under https://www.traderepublic.com as well as other subdomains to this domain (also “Website“) are responsible for the personal data of the user ("you") of this website within the meaning of the applicable data protection law, in particular the General Data Protection Regulation ("GDPR").

 

In the following, we inform you clearly within the scope of our information obligations (Art. 13 et seq.GDPR) about which data is processed when you visit our website and on which legal basis this takes place. You will also receive information about how we protect your data from a technical and organizational point of view and what rights you have vis-à-vis us and the competent supervisory authority.

 

2. Information about the responsible person(s)

Trade Republic Bank GmbH

Ernst-Schneider-Platz 1

D-40212 Düsseldorf

 

E-Mail: service@traderepublic.com

 

3. Data Protection Officer

We have appointed a data protection officer. They can be reached via the following contact details:

 

Trade Republic Bank GmbH

– Datenschutz –

Ernst-Schneider-Platz 1

D-40212 Düsseldorf

 

E-Mail: datenschutz@traderepublic.com 

 

4. Processing of your personal data

At the beginning, we would like to point out that we may use service providers with whom we have concluded order processing contracts when processing your personal data. If processors carry out data processing in a third country (not within the EU), we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 ff GDPR). 

 

In this data protection declaration, we represent the individual processing operations systematically. This means that the website is first described, then individual detached processes and then precise processes are illuminated in detail. In each section, we describe the processing activity and scope of the processing, describe the purpose of the processing and the legal basis, and finally share how long we store this data. If we cannot specify an exact storage duration - because it depends on a variety of factors – then we will at least inform you how this storage duration is measured. It may happen that processing is mandatory for a legal requirement or for the opening of a deposit ("conclusion of contract"). Should this be the case, we expressly point it out. If you do not agree to the processing, you can unfortunately not become a customer with us (Art. 15 (2) lit. e GDPR).  

 

Insofar as we use service providers who carry out this processing for us and on our instructions (so-called order processing), we represent this within the processing activity, so that you know exactly for which process which service provider is used. These are usually technical service providers who, for example, organize the e-mail dispatch or host our website.

a. Informational use of our website

When you visit our website for the sole purpose of visiting it, so-called log files are processed by our system automatically collecting them. This is done directly by the web server that provides the website.

 

The following personal data are processed automatically in the log files:

 

  • IP address of the requesting computer

  • Type of Internet browser used

  • Language of the Internet browser used,

  • Version of the Internet browser used

  • Operating system and its version

  • Date and time of visit

  • Time zone difference to Greenwich Mean Time (GMT)

  • Access status / http status code

  • Amount of data transferred

  • accessed website

  • Referrer

  • Websites accessed by the visitor's system through our website

  • User's Internet service Provider

 

The log files therefore contain the personal data mentioned above, but may not contain all of them. Therefore, an assignment to you is basically possible. However, we only store your data temporarily and in particular not together with other personal data, such as your customer data, should you already be a customer with us.

 

For the provision of our website, the processing of the above-mentioned data is technically necessary. We also store the data for the purpose of the security of our information technology systems and to prevent attacks. In these purposes, our legitimate interest is also justified, the data on the legal basis Art. 6 (1) lit. f GDPR. The log files will be deleted or anonymized immediately after they are no longer necessary to achieve the aforementioned purposes, but at the latest after seven days. Additional storage is possible – but we will then delete your IP address or make it unrecognizable so that an assignment is no longer possible and the data contained no longer have any personal reference.

 

When using the website for information purposes, we continue to use web fonts. For this purpose, a font is used as a web font, for which it is necessary to record how many page views take place in a period of time. The license fee is calculated based on the page views.

 

For this purpose, the browser you are using must connect to the servers of fonts.com record. Thus fonts.com obtains knowledge that our website was accessed via your IP address, but nothing more. The legal basis is Art. 6 (1) lit. f GDPR, because we have a legitimate interest in making an appealing design of the website, for this the font desired by us can only be used with this licensing and billing. 

 

Further information can be found under https://www.fonts.com/info/legal and in the Data Privacy statement from Fonts.com: https://www.fonts.com/info/legal/privacy/.

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

We use the Amazon Web Services ("AWS") service of Amazon Web Services, Inc.for hosting the database and web content., P. O. Box 81226, Seattle, WA 98108-1226, USA ("Amazon").

 

The data is stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1 and therefore meets the highest security standards. 

 

For the purpose of order processing, we have entered into an order processing agreement with Amazon. The personal data could be transferred to a so-called third party country, including, for example, the United States. Such is only permitted if the level of protection of your data guaranteed by the GDPR is complied with. Therefore, we have agreed in this order processing agreement on suitable guarantees for the possible transfer to third countries in accordance with Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third countries can in principle continue to be used.

b. Your contact to us

Description, scope, purpose, legal basis and storage period

 

You can contact us electronically, e.g. by sending an e-mail to one of the e-mail addresses we have provided. In this case, we process the personal data contained in this e-mail, such as the e-mail address or your name. We ask you not to provide any further personal data that is not absolutely necessary for your contact. Never forget that an e-mail is a postcard on the Internet and could theoretically be read by third parties, as an e-mail is generally not encrypted. 

 

The legal basis for this processing is Art. 6 (1) lit. f. GDPR. We have a legitimate interest in processing this data in order to be able to respond to you at all or to address you correctly and to prevent abuse. The purpose in this processing is only in the processing of the contact. 

 

We delete the personal data received through your contact as soon as they are no longer necessary for the achievement of the purpose. This is usually the case when the respective conversation has ended. We assume termination when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Of course, we limit the processing of personal data to what is necessary. 

 

Perhaps you are already a customer of ours - which pleases us very much - and you turn to us to answer questions related to this customer relationship. Or, you would like to become a customer of ours and have a few questions beforehand. In this case, the legal basis is Art. 6 (1) lit. b GDPR (initiation of a contractual relationship or fulfillment of a contractual obligation). The purpose in this case is also the processing of this contact. However, the deletion period may be longer in this case, as we are required to retain this due to regulatory obligations as a licensed bank. Furthermore, there may be longer retention periods in relation to our responses, which may contain your inquiry as a quote, insofar as these are commercial and business letters. Here, the legal storage obligation can be up to 10 years. 

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

We use the ticket system Zendesk, a customer service platform of Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, United States, to process customer requests. We have entered into a processing agreement with Zendesk that governs the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and our obligations and rights. Zendesk will only process your personal data on our instructions. Zendesk guarantees all necessary technical and organizational measures to ensure security of your personal data appropriate to the risk.

 

 

 

The personal data may be transferred to a third party country, e.g. the United States. Such a transfer is only permitted if the level of protection of your data guaranteed by the GDPR is complied with. 

 

The transfer takes place on the basis of appropriate guarantees pursuant to Art. 46 (2) lit. b in conjunction with Art. Art. 47 of the GDPR, the so-called Binding Corporate Rules. These Binding Corporate Rules have been approved by the Irish data protection supervisory authority (for more information, please visit: https://www.zendesk.de/company/privacy-and-data-protection/#data-processing-agreement under the heading "Are BCRs approved by Zendesk in force").

 

Further information can be found under: https://www.zendesk.de/privacy at the service provider directly (last retrieved on: 17.9.2020).

c. E-mail delivery through SendGrid

Description, scope, purpose, legal basis and storage period

 

For sending e-mails, we use the SendGrid service (or "Twilio SendGrid") provided by Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, United States. 

 

The sending of e-mails is organized and analyzed by this service provider. This makes it possible to determine whether an e-mail has been opened or not. 

 

For this purpose, SendGrid uses so-called "webbeacons". This is a reference to a small graphic that is embedded in the text of the e-mail, but is so small that it is not seen. Most of the time it is simply transparent. When you open the e-mail, your e-mail program calls up this graphic from SendGrid's web server. Just like when you visit a website, the web server now stores from where the graphic was accessed and can therefore determine that you have viewed and read this email. SendGrid collects the following data:

 

  • IP address

  • Date of last profile update

  • Geolocation and time zone

  • Language information of the browser

 

The data processing of the mere sending of e-mails takes place for the purpose of communication with you. Data processing for analysis is carried out to ensure communication: It can be guaranteed that e-mails reach you and do not end up in data nirvana. This is useful, for example, to ensure that transactional emails, such as registrations, are delivered. We also use this to determine which emails are really of interest to you as a customer. A simple example: If we determine that some information is not being read, then we try to improve and adapt our information so that it really interests you as a customer.

 

We base this data processing of the analysis on our legitimate interest, which also results from the purpose. The legal basis is Art. 6 (1) lit. f GDPR. As far as it is about an email to you with contractual content, it is the legal basis for the performance of the contract, Art. 6 (1) lit. b GDPR. 

 

You can find information on the storage period under the heading "Your contact with us". The storage period applies accordingly.

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

We have entered into a processing agreement with SendGrid that governs the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and our obligations and rights. SendGrid will process your personal data only on our instructions. SendGrid guarantees all necessary technical and organizational measures to ensure security of your personal data appropriate to the risk. 

 

The personal data may be transferred to a third party country, e.g. the United States. Such a transfer is only permitted if the level of protection of your data guaranteed by the GDPR is complied with. 

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

Further information can be found under: https://www.twilio.com/legal/privacy at the service provider directly (last retrieved on: 10.8.2020)

 

Right to Object

 

You can easily prevent the analysis of the email by disabling the reloading of external sources in your email program - see the instructions of your email program. You can stop receiving unnecessary emails by clicking the "unsubscribe" link at the bottom of each email and thus exercising your right to object. You can also send us an email at service@traderepublic.com to unsubscribe from the mailing list. 

 

You will not receive any further emails from us after you unsubscribe, which we understand, even though it is very unfortunate. Please note: necessary emails that we need to send to you as part of the contractual relationship will continue to be sent to you despite unsubscribing. We call these emails "transactional" emails. 

d. Customer surveys through Zenloop

Description, scope, purpose, legal basis and storage period

 

zenloop GmbH, Pappelallee 78/79 10437 Berlin ("zenloop") is a Business-to-Business Software-as-a-Service platform that enables us to collect and analyze feedback from our customers through various channels. This allows us to align and improve our offering to the needs of our customers.

 

Of course, you don't have to take part in a survey. If you want, the following data will be processed:

 

When you use the feedback tool, zenloop collects public IP address, device and browser data, and the website from which you use the feedback platform. zenloop also uses cookies and similar technologies to collect aggregate data about users. In addition, zenloop collects your survey responses.

 

Legal basis is our legitimate interest in conducting customer surveys, to improve our offer, Art. 6 (1) lit. f GDPR..

 

We will usually delete this data after the purpose has been served. This will usually be at the end of the survey and after we have drawn our necessary conclusions from the survey. After that, this data will be deleted. 

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

We have entered into a order processing agreement with zenloop in accordance with Art. 28 (3) GDPR. You can find more information about this in the privacy policy at www.zenloop.com. 

 

Right to Object

 

The objection can be made form-free and should preferably be addressed to: Trade Republic Bank GmbH, Ernst-Schneider-Platz 1, D-40212 Düsseldorf or by e-mail to service@traderepublic.com.

e. Opening a customer account with Trade Republic

We appreciate your interest in becoming a customer with us. In the following paragraphs, we describe the process via our website and the data processing that takes place in a transparent manner. The data connection is always encrypted (TLS procedure). You can recognize this by the lock symbol at the top of your browser bar. There you can usually also view further technical details, such as the exchanged security keys.

aa. Securities account opening on our website

Description, scope, purpose, legal basis and storage period

 

You can open a securities account with us on our website. To do so, simply click on the "Open a securities account now" button on our website and follow the questions. We will ask you for the following data and process it to open a securities account with us:

 

  • Verification code and personal identification number (PIN)

  • Mobile phone number

  • Name (first and last name)

  • E-mail address

  • Date and place of birth

  • Country of origin and address (registration address)

  • Citizenship(s) and tax liability

  • Payment account

  • Experience and knowledge of financial instruments

  • Your consent to private use, contract documents, escrow account, in-app notifications, and confirmation regarding receipt of information

 

The purpose of data processing is the initiation of a customer relationship as well as compliance with legal requirements.

 

As a securities trading bank, we are subject to legal obligations, i.e., statutory requirements (e.g., German Banking Act, German Money Laundering Act, German Securities Trading Act, tax laws) as well as banking supervisory requirements (e.g., of the European Central Bank, the European Banking Authority, the Deutsche Bundesbank, and the German Federal Financial Supervisory Authority -BaFin-). These include, in particular, identity and age checks, fraud and money laundering prevention, and the fulfillment of control and reporting obligations under tax law.

 

The data processing of this personal data at the opening of the securities account is based on the legal basis Art. 6 (1) lit. b GDPR (contract initiation) and Art. 6 (1) lit. c GDPR in accordance with the relevant legal obligation. 

 

We only store this data as long as we need it. Once you are a customer with us, your data will remain stored during the term of the customer relationship. In addition, due to legal obligations, it may be necessary for us to store your data beyond the contractual relationship, i.e. beyond the date of termination of the customer relationship. 

 

However, if you decide not to become a customer during the opening, we will store the data collected so far for a maximum of three months after the opening process begins. We may contact you within this period to offer assistance in opening the securities account. 

bb. SMS sending

Description, scope, purpose, legal basis and storage period

 

We use the sending of security codes via SMS to your mobile number as an additional and necessary security feature. Through this additional feature, we secure your access to your depot and pair your terminal device and mobile number with your customer account. When opening the depot, we also make sure that you are not already a customer with us and therefore check whether the mobile number you have specified is not already present in our database – this is by means of a pseudonymised and secure hash algorithm. This also corresponds to the state of the art.

 

In this step, we only process your mobile number and base this data processing on Art. 6 (1) lit. b GDPR. Depending on the described purpose of the processing, either to initiate a contractual relationship or to be able to fulfill our contractual relationship with you.

 

If you have subsequently become a customer with us, your mobile number will continue to be transferred to the customer database – otherwise you would have to transmit your mobile number to us a second time. 

 

See also the previous section for more details. We only store this data as long as we need it. Once you are a customer with us, your data will remain stored during the term of the customer relationship. In addition, due to legal obligations, it may be necessary for us to store your data beyond the contractual relationship, i.e. beyond the date of termination of the customer relationship. 

 

However, if you decide not to become a customer during the opening process, we will store the data collected so far for a maximum of three months after the opening process begins. We may contact you within this period to offer assistance in opening the deposit. 

 

We point out that without entering the mobile number it is not possible to become a customer with us. Also, no mobile numbers can be used together for multiple Accounts. 

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

For sending the SMS, we use service providers on our behalf, who automatically send the SMS based on our instructions and your input of the mobile number. These are the following service providers:

 

(1) „Twilio“

 

Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 (“Twilio”) is a company incorporated in the United States. There is therefore a transfer of third party countries. For this purpose, we have concluded a data Processing Agreement ("DPA") with Twilio.

 

You can find the privacy policy and further details (like the DPA) of Twilio here:

https://www.twilio.com/legal/privacy 

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

The transfer takes place additionally on the basis of suitable guarantees according to Art. 46 (2) lit. b in conjunction with Art. 47 GDPR, the so-called binding internal data protection regulations ("Binding Corporate Rules"). These Binding Corporate Rules have been approved by the Irish Data Protection Authority (for more information, see:https://www.twilio.com/legal/binding-corporate-rules

 

(2) „MessageBird“

 

MessageBird B. V., Trompenburgstraat 2C, (1079 TX) Amsterdam ("MessageBird"), is a company in the Netherlands. Therefore, there is no third-country transfer between Messagebirdand us. If, on the other hand, a third-country transfer occurs through subcontractors employed by MessageBird, this will only take place on the basis of suitable guarantees within the meaning of Art. 44 et seq.GDPR, which MessageBird has agreed with the subcontractors. We have committed MessageBird to this in the order processing agreement. 

 

The privacy statement, and other details of MessageBird, you can find here: https://www.messagebird.com/de-de/datenschutz.

cc. WebID Video identification

Description, scope, purpose, legal basis and storage period

 

In order to facilitate the opening of the account, we offer a video identification procedure for the required identification according to the Law on the Detection of Profits from Serious Criminal Offences - Money Laundering Act ("GwG") and the interpretative and application information on the Money Laundering Act of the Federal Financial Supervisory Authority ("BaFin"). 

 

For the purpose of video identification, we process the personal data you provide (name, date of birth, address, e-mail address, telephone number and desired language) for verification. Finally, in the course of the video ident procedure, photos of you and your ID document (passport, ID card) are taken via the camera of the customer's device. The photos of the identification document are then stored to fulfill the identification, enable the account opening and fulfill our retention obligations.

 

Service provider on behalf, Appropriate safeguards for third country transfer

 

The video identification is carried out on behalf of WebID Solutions GmbH, Friedrichstraße 88, 10117 Berlin, Germany ("WebID"), a company specializing in this field. The data processing by WebID takes place as a service provider/processor and WebID is also obliged to comply with all applicable data protection regulations.

 

The legal basis for data processing is Art. 6 (1) lit. a) and c) GDPR (consent and legal obligation) in accordance with the Law on the Detection of profits from Serious Criminal Offences (Money Laundering Act – GwG for short).

 

We would like to point out that it is not possible to become a customer with us without this video identification procedure. Personal identification on site is not possible, nor is sending a copy of an identity document sufficient. The reason for this are the statutory provisions.  

 

We only store this data as long as we need it. Once you are a customer with us, your data will remain stored during the term of the customer relationship. In addition, due to legal obligations, it may be necessary for us to store your data beyond the contractual relationship, i.e. beyond the date of termination of the customer relationship. This relates to the video identification, in particular, because, according to §§ 8, 10 GwG, we are obliged to store the identification data for at least five years. This retention obligation only begins with the end of the calendar year in which our customer relationship with you is terminated – therefore, the entire retention period may be longer than five years after the end of the contract. 

e. Marketing and Tracking

In this section, we inform you about the marketing and analysis processes we intend to use, especially on our website. We perform these tracking procedures only after your explicit consent - this is done within the cookie consent banner, which is displayed on each first visit to our website. In the default settings, marketing and analytics processing are disabled, you must confirm these either individually or together for your consent to be effective. You have the option to give us consent for all cookies by clicking "Agree and continue". You select the details via the link on "Here". Here you can allow individual cookies. In the next window you can also decide that only the technically necessary cookies should be used. 

Of course, you can also revoke your consent at any time in the same simple way, either via cookie consent banner or by simply deleting all cookies in your browser.  

 

On our cookie information website you will find further technical details that precisely describe the cookies used. Please read this before you agree. In the following section we describe the individual marketing and analysis tools.

 

In order to maintain an overview, we have divided the individual service providers into "Marketing" and "Analytics". With the marketing tools, they focus on our own advertising, while with analytics we have the goal of learning more about our visitors and customers in order to make our products even better or to make advertising even more interesting. You can find the exact details at the respective service provider. 

aa) Marketing

Legal Basis

 

We use a variety of service providers for marketing purposes. These are technically only activated if you have given us consent for "marketing". 

 

The legal basis is always Art. 6 (1) lit. a GDPR. You can revoke your consent at any time without giving reasons - the processing that took place before based on your consent is not affected by this. 

 

Potential third party country transfers

 

The personal data may be transferred to a so-called third party country, this includes e.g. the United States. Such a transfer is only permissible if the level of protection of your data guaranteed by the GDPR is complied with, we point out accordingly how this level of protection is complied with.

aaa) Taboola

We use the Taboola service on our website, which makes it possible to play out user-specific recommendations for content and ads based on surfing behavior and customer interests in order to improve the user-friendliness of our offering. The usage profiles are created using pseudonyms, they are not merged with the data about the bearer of the pseudonym and do not allow any conclusions to be drawn about personal data. Taboola collects by means of the following user information:

 

  • Operating system of the user

  • Websites/content accessed on our websites

  • Referrer/link through which the user came to our website

  • Time and number of website calls

  • Calls from error pages

  • Location information (city and state)

  • IP addresses in shortened form

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

bbb) Outbrain

We use on our website the Outbrain Pixel of our contractual partner Outbrain UK Ltd, 5th Floor, The Place,175 High Holborn, London, WC1V 7AA, United Kingdom, a technology of Outbrain Inc, 39 W 13th Street New York, NY 10011 USA. 

 

The Outbrain service enables us to target those users with advertising who have already shown interest in our offers on our websites. The Outbrain pixel uses a unique identifier (Universally Unique Identifier (UUID)) to recognize you on other websites. The information required for this, as well as the information that you have visited our website, which browser and which device you are using, is stored in cookies on your computer and transmitted to Outbrain. 

 

In addition, Outbrain uses the IP address shortened by the last octet to obtain your approximate geolocation. The pseudonymous profiles created in this way are stored by Outbrain for 13 months. However, Outbrain is not able to directly identify you as a person based on these pseudonymous profiles. Outbrain further decides which content might be of interest to you and plays corresponding content to you. The decision of what content you see is made based on your previous viewed content, similar browsing patterns of other users, recommendations that are current with Outbrain's addressees at the given time, a certain degree of randomness, and targeting requirements set by advertisers. 

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

If you do not want Outbrain to analyze this data and show you interest-based advertising, you can withdraw your consent here: https://www.outbrain.com/legal/privacy#advertising_behavioral_targeting.

 

For more information about Outbrain's data processing, please visit:  https://www.outbrain.com/legal/privacy#privacy-policy.

ccc) Google Ads (prev. Google Adwords)

We use the offer of Google Ads Conversion to refer us on other websites with the help of so-called Google Ads. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. 

 

Google delivers this advertising through your own system. For this purpose, we use ad server cookies, through which certain details for measuring success, such as display of the ads or clicks by you and other users, can be measured. If you have reached our website via a Google ad, Google Ads (and not us) will store a cookie on your terminal device. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

 

These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers' websites. Please note that Google may have obtained consent from you for the merging of data, we have no control over this. 

We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. 

 

We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

 

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform according to our knowledge: 

Through the integration of Ads Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can also assign the visit to your account and thus to you personally. Even if you are not registered with Google or are not logged in, it is possible that Google learns your IP address and stores it.

 

We are aiming to display advertising that is really interesting for you, to make our website more interesting and to determine the costs of advertising in a fairer way.

 

Google Ads Re-marketing

 

Description and scope of data processing, purpose of data processing

 

Description and scope of data processing, purpose of data processing.

We use the re-marketing function within the Google Ads service. 

With the re-marketing function, we can present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, so-called "Google Ads" or on other websites). For this purpose, the interaction of the users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to the users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a specific end device and not to identify a person; personal data is not stored.

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

The details of the standard contractual clauses and their use by Google and us can be found at: https://policies.google.com/privacy/frameworks?hl=de&gl=de. Google has stated: “As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield for data transfers from the EEA or the United Kingdom to the United States.“

ddd) Facebook

We use the re-marketing function "Custom Audiences" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you live in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") on our website. Here, a so-called "tracking pixel" and cookies are used. 

 

This allows us to display behavioral advertising ("Facebook Ads") to you via the Facebook social network or other website using this method. We also use the Facebook service for campaign optimization.

 

Your browser automatically establishes a connection to the Facebook servers. We have no influence on the data processing at Facebook. According to our knowledge, the following happens at Facebook: Facebook receives the information that you have called up a website from our offer, or clicked on one of our advertisements. If you are a user of the Facebook service, Facebook can also assign this visit to your account. If you do not have a Facebook account or are not logged in, it is still possible that Facebook identifies and assigns you based on your IP address. The information collected via the Pixel can therefore be compiled by Facebook and the information collected in this way can be used by Facebook for its own advertising purposes as well as for advertising purposes of third parties. Thus, Facebook can infer certain interests from your surfing behavior on this website and also use this information to advertise third-party offers. Facebook may also combine the information collected via the Pixel with other information that Facebook has collected about you via other websites and / or in connection with the use of the social network "Facebook", so that a profile about you can be stored at Facebook. This profile can be used for advertising purposes.

 

Through this data processing, we want to ensure that we only show you advertising that is appropriate to your interests. This also allows us to make our offer more appealing. 

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

You can disable the setting in your Facebook account: https://www.facebook.com/settings/?tab=ads#

 

For more information about Facebook’'s data processing, please visit: https://www.facebook.com/about/privacy

eee) Linkedin Insight Tag

We use functions of the LinkedIn network. The provider for this is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When a website is called up, a connection to the LinkedIn servers is established. This tells LinkedIn that you have visited this website with your IP address. We have no influence on the further data processing at LinkedIn. If you have a user account with LinkedIn, LinkedIn can also assign your visit to us to this account. If you are not logged in or do not have an account with LinkedIn, LinkedIn can identify and assign you based on your IP address. It is also stores whether a customer relationship was successfully established or not and passes this information on to LinkedIn.

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

We use the cookie for the purpose of optimizing our marketing to be able to determine whether users reach us via LinkedIn or not. 

 

Further information about LinkedIn’s data privacy policy can be found under: https://www.linkedin.com/legal/privacy-policy.

fff) Bing Universal Event Tracking (UET)

Our website uses Bing Ads technologies to collect and store data from which user profiles are created using pseudonyms. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track the activities of users on our website when they have reached our website via ads from Bing Ads. So if you clicked on an advertisement and came to our website, a cookie is set here on your computer. A corresponding Bing UET tag is stored on our website. This is a code used in connection with the cookie to store some data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website have been accessed and via which advertisement the users have reached the website. Through tracking, Bing recognizes which campaigns and ads have been successful and applies this information to optimize campaigns, i.e. adjust bids or distribute budgets. In addition, user groups can also be created with the UET Tag, e.g. a group of all users who have been to the website before. This means that advertising is targeted at individual user groups.

 

Data processing is carried out on the basis of Art. 6 (1) lit. a GDPR (consent).

 

The purpose of data processing lies in the effective design of our marketing strategies and advertising campaign. We use the service to optimize individual campaigns.

You can object here: https://choice.microsoft.com/de-de/opt-out 

 

More information about Bing's analysis services can be found here: (https://help.bingads.microsoft.com/#apex/3/de/53056/2).  

Further information on data protection at Microsoft and Bing can be accessed here (https://privacy.microsoft.com/de-de/privacystatement). 

ggg) FinanceAds

We work together with "FinanceAds" the financeAds GmbH & co. KG Karlstraße 9, 90403 Nürnberg, Germany, to reach via advertising partners, new customers. In this case, the advertising partner receives a commission from us, should you come to us from this advertising partner and become a customer. The industry speaks of Sales and/or Leads. Tracking technologies are used so that the advertising partner can prove to us how many customers they have placed.

 

These FinanceAds tracking technologies store an identification of the mediating advertising partner as well as the order number of the advertising material clicked by the website visitor. This information is required for payment processing between the website operator and the advertiser. When a transaction is concluded, the partner identification number serves to assign the commission to be paid to the intermediary partner.

 

Data processing is carried out on the basis of Art. 6 (1) lit. a GDPR (consent).

 

Further information on data usage by FinanceAds can be found here: https://www.financeads.net/aboutus/datenschutz/

hhh) Twitter

On our website, we use "Twitter Analytics", a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (hereinafter referred to as: "Twitter"). Twitter Analytics stores and processes information about your user behavior on our website. The following data can be processed:

 

  • Browser Cookie ID

  • Mobile Device ID

  • Demographic or interest data

  • viewed content or actions performed on a Website or App.

This allows us to collect behavioral data about you to optimize our campaigns.

 

Your data transferred to Twitter may be transferred to and stored in the United States, Ireland and other countries where Twitter and its affiliates operate, including through their affiliates, partners and service providers. In some of these countries, privacy and data protection laws, as well as regulations on when data may be accessed, may differ from those in the European Union and Germany. Therefore, further measures will be taken:

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

Further information can be found under: https://privacy.twitter.com/en/for-our-partners/global-dpa und https://gdpr.twitter.com/de/faq.html.

 

bb) Analytics

aaa) Google Analytics

For the needs-based design of our websites, we create pseudonymous usage profiles with the help of Google Analytics. Google Analytics uses targeting cookies that can be stored on your device and read out by us. In this way, we are able to recognize and count recurring visitors as such and to learn how often our websites have been accessed by different users. 

 

If individual pages of our website are accessed, the following data is stored:

 

  • Three bytes of the IP address of the calling system ("anonymizeIP“)

  • The website accessed

  • The website from which you accessed the page of our website (referrer)

  • The subpages accessed from the page accessed

  • The length of stay on the website

  • The frequency of access to the website

 

As shown above, the software is also set so that the IP addresses are not stored completely, but the last part of the address is masked (e.g. 192.168.1.***). In this way, it is no longer possible for you to assign the shortened IP address to the calling computer or terminal device. This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. If you become a new customer with us and have agreed to the tracking analysis here, then we can also determine from which channel and/or campaign you have found your way to us. 

 

Data processing is carried out on the basis of Art. 6 (1) lit. a GDPR (consent).

 

The personal data may be transferred to a so-called third country, including, for example, the United States. Such is only permitted if the level of protection of your data guaranteed by the GDPR is complied with. The information generated by the cookie about the use of our website is usually transmitted to a Google server in the USA and stored there. However, since we have activated IP anonymization on our website, your IP address will first be shortened by Google within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there (further information on the purpose and scope of data collection can be found here, among other things: https://policies.google.com/privacy?hl=de&gl=de).  

 

The transfer is made on the basis of suitable guarantees pursuant to Article 46 (2) c) of the GDPR, the so-called standard data protection clauses ("standard contractual clauses"). In its ruling of July 16, 2020, the European Court of Justice (ECJ) declared the EU-U.S. Privacy Shield invalid (Case C-311/18; so-called Schrems II). At the same time, however, the ECJ also ruled that the Commission's decision on standard contractual clauses (2010/87/EU) remains valid in principle, so that standard contractual clauses for a transfer of personal data to third party countries can in principle continue to be used.

 

The details of the standard contractual clauses and their use by Google and us can be found at: https://policies.google.com/privacy/frameworks?hl=de&gl=de. Google has stated: “As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield for data transfers from the EEA or the United Kingdom to the United States.“

bbb) Adjust

We use the analysis technology “adjust” of adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin (”Adjust"). For the analysis, Adjust uses IDFA or the user's AAID, which, are used exclusively anonymously. Adjust is also used on our website. This information is used by us for our own market research as well as for the optimization of our own advertising measures.

 

Data processing is carried out on the basis of Art. 6 (1) lit. a GDPR (consent).

 

Further information on data processing

 

Further information on the purpose and scope of data collection and the further processing and use of the data can be found in the data protection declaration of Adjust under https://www.adjust.com/privacy-policy. The data collection and storage by Adjust can be performed at any time with effect for the future under https://www.adjust.com/opt-out be deactivated. We have entered into an order processing agreement with adjust GmbH.

 

f. Social Media

We do not use social media plugins on our website. If our website contains symbols of social media providers (e.g. Facebook), we only use these for passive linking to the pages of the respective providers.

 

We maintain publicly accessible profiles on various social networks. Your visit to these profiles sets a variety of data processing operations in motion. Below we give you an overview of which of your personal data is collected, used and stored by us when you visit our profiles. 

 

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This also happens if you do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily comprehensible to us.

 

Details about the collection and storage of your personal data as well as the type, scope and purpose of their use by the operator of the respective social network can be found in the data protection declarations of the respective operator:

 

 

As the operator of a Facebook fan page (and also a Facebook group), we can only view the information stored in your public Facebook profile, and this only if you have such a profile and are logged into it while you visit our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our fan page. We do not have access to the usage data that Facebook collects to compile these statistics. Facebook has committed itself to us to assume the primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to provide the affected parties with the essentials of this obligation.

 

This data processing serves our legitimate interest to improve the user experience when visiting our fan page in a targeted manner. The legal basis for data processing is therefore Art. 6 (1) lit. f GDPR. In addition, Facebook uses so-called cookies, which are stored on your device when you visit our fan page even if you do not have your own Facebook profile or are not logged into it during your visit to our fan page. These cookies allow Facebook to create user profiles based on your preferences and interests and to display ads tailored to you (inside and outside Facebook). Cookies remain on your device until you remove them. Details can be found in the privacy policy of Facebook.

 

If you use our Profiles in social networks to contact us (eg. by creating your own contributions, responding to one of our contributions or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of being able to contact you. The legal basis is Art. 6 (1) lit. a and lit. b GDPR. See also the sub-item Contact in this information.

g. Deine Rechte

You have the following rights: right of access , right to rectification, right to restriction of processing, right to Erasure, right to information and right to data portability. In addition, you have a right of objection and a right of withdrawal and the right to appeal to the supervisory authority.

 

a. Right to Information

 

You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information about the following information:

  • the processing purposes

  • the categories of personal data being processed;

  • the recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations;

  • if possible, the planned duration for which your personal data will be stored, or, if this is not possible, the criteria for determining this duration;

  • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing;

  • the existence of a right of appeal to a supervisory authority;

  • if the personal data has not been collected directly from you, all available information about the origin of the data;

  • the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.

 

If we transfer your data to an international organization or to a third country, you have the right to request information on whether appropriate guarantees pursuant to Art. Art. 46 GDPR in connection with the transmission.

 

b. Right to Rectification

 

You have the right to correct and/or complete the data we have stored about you if this data is incorrect or incomplete. Of course, we report this data immediately.

 

c. Right to Restriction of Processing

 

Under certain conditions, you have the right to request that we restrict the processing of your personal data. At least one of the following conditions must be fulfilled:

 

  • You contest the accuracy of the personal data for a period that allows us to verify the accuracy of the personal data,

  • The processing is unlawful and you refuse to delete the personal data and instead you want to restrict the use of the personal data;

  • We no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims, or

  • you have objected to the processing in accordance with Art. 21 (1) GDPR, as long as it is not yet clear whether our legitimate reasons outweigh your interests.

 

d. Right to Erasure

 

You have the right to request that we delete your personal data immediately, if we are obliged to do so. This is the case if one of the following conditions is met:

 

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • you revoke your consent, on which the processing is based according to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.

  • you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

  • Your personal data has been processed unlawfully.

  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.

  • Your personal data has been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

 

If we have made your personal data public and we are obliged to delete it in accordance with the aforementioned conditions, we shall take reasonable steps, including technical measures, taking into account the technologies and implementation costs available to us, to inform other data controllers who process the personal data that you have requested us to delete all links to such personal data or copies or replications of such personal data.

 

However, your right to erasure does not exist if the processing is necessary for the following reasons (exceptions) :

 

  • To exercise the right to freedom of expression and information;

  • to fulfil a legal obligation that requires processing under the law of the Union or the Member States to which we are subject, or to perform a task that is in the public interest or in the exercise of official authority vested in us;

  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the law referred to in (1) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

  • to assert, exercise or defend legal claims.

 

e. Right to Information

 

If you have exercised your right of rectification, erasure or restriction against us, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.

 

f. Right to Data Portability

Under the following condition, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to have these data transmitted to another controller:

 

  • The processing is based on consent in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and

  • processing is carried out using automated procedures.

 

You have the right that we transmit your personal data directly to another controller, insofar as this is technically feasible and does not affect the freedoms and rights of other persons.

 

This right to data portability does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on us.

 

g. Right to Objection

 

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 (1) lit. e or lit. f GDPR. This also applies to profiling referred to in these provisions.

 

After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

 

h. Right of Objection to direct advertising

 

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to direct advertising.

 

If you object to the processing of your personal data for direct marketing purposes, we will no longer process them for these purposes.

 

You may, in connection with the use of information society services – notwithstanding DIRECTIVE 2002/58/EC (Privacy Policy for Electronic Communications) – exercise your objection by means of automated procedures using technical specifications. 

 

We would like to point out that you can object to the use of your address at any time without incurring any costs other than the transmission costs according to the basic tariffs.

 

h. Right of Withdrawal

 

You have gem. Art. 7 (3) GDPR the right to revoke your consent at any time. The revocation of consent does not retroactively invalidate the lawfulness of the processing.

 

i. Right of appeal to a supervisory authority

 

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you can exercise your right of appeal in the Member State of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of your personal data violates the GDPR.

An overview of the respective country data protection officers of the countries and their contact details can be found here:

 

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

The supervisory authority responsible for us can be reached under the following data:

 

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

 

Postfach 20 04 44

40102 Düsseldorf

 

Kavalleriestraße 2-4

40213 Düsseldorf

 

Telefon: 02 11/384 24-0

Telefax: 02 11/384 24-10

 

E-Mail: poststelle@ldi.nrw.de

9. Timeliness and change of this privacy policy

 

We update this privacy policy at regular intervals and therefore ask you to view the latest updates here regularly.

 

Current Status: 7.1.2021

Cookie Settings

Here you can easily customize cookies. Please make sure that necessary cookies are essential for the website to function and therefore cannot be switched off.

  • Required

    These cookies are necessary for the website to function properly. Therefore, they cannot be turned off.

  • Analytics

    Analytics cookies collect data on the use of the website. These data help us to continuously improve the content of the website.

  • Marketing

    Marketing cookies collect information about advertising campaigns and their success. This helps us to adapt advertising to your interests.