And now from the beginning: The information on data protection outlined here applies to the use of the SPIEGEL Group's digital editorial products, such as www.spiegel.de and www.manager-magazin.de. For other SPIEGEL Group websites – for example, corporate communications – separate privacy policies may apply. Data protection information for conventional print subscriptions from the publishers within the SPIEGEL Group can be found in their respective General Terms and Conditions of Business and Delivery. When we link to other websites, we have no influence and no control over the service provider’s compliance with data protection provisions. If you wish to alert us about possible problems on a linked site or with one of our partners, please email us.

The responsible authority for data processing in connection with this website is the company within the SPIEGEL Group named in the respective legal notice (Impressum), represented by its management. You can always contact the SPIEGEL Group, Kennwort Datenschutz, Ericusspitze 1, 20459 Hamburg or send an email to datenschutz@spiegelgruppe.de if you wish to obtain additional information about how we collect, process or use your data; if you wish to rectify, delete or block such data; or if you have any other general questions that have not been answered. You can find detailed information about your rights in Section 6.

The following is always applicable: We will store, process and use your data only in the manner described in this notice, and in compliance with German and European data protection legislation. Naturally, we maintain data secrecy. We treat your data confidentially and do not pass it on without your consent to third parties other than to closely associated service providers, who may manage subscriptions, payment services, video delivery, or premium and advertising business or other services on our behalf. These service providers are under obligation to use your data only for the purpose provided for in the relevant contract, and not to pass it on to anyone else under any circumstances.

The following documents and information, which can be accessed separately, are part of this privacy policy.

• A detailed overview of the "ad trackers” used can be found in our Privacy Center and in this overview.

• A detailed overview of the cookies, device identifiers and similar tracking technologies and analysis services that are also used in the "PUR” service together with detailed information pertaining to them can be found here.

In principle, you can use our websites without explicitly providing classic personal data such as your name, address, bank account details, etc. In some cases, however, it is necessary to provide such data, either because it is required by law or in order to conclude contracts with you or to provide a requested service. The provision of the data in these cases remains at your discretion, of course, but this data is sometimes necessary in order to fulfill the stated purposes. Failure to provide this information may then mean that we are unable to provide you with our services.

Some further information up front: The latest SSL security standard (256-bit Secure Socket Layers) is used across all of our products and services. Your data is encrypted directly during transmission and all data protection-relevant information such as credit card number, bank code, bank account number, name and address is stored in encrypted form in a protected database. This brings us to the particular instances in which you provide us with information about yourself:

a) Purchasing a subscription

When purchasing a digital subscription (SPIEGEL+) and/or a PUR subscription, the following data must be provided: Salutation, first name and surname. Providing your postal address is optional, unless you order a product that includes printed issues. We need your payment data for the payment methods PayPal, SEPA direct debit or credit card to initiate the payment.

The data mentioned above are required to provide limited-time access or to fulfill the subscription contract, in accordance with Art. 6, Par. 1, lit. b of GDPR.

The creation of a SPIEGEL account is mandatory for digital subscription contracts (the periodically updated offer of digital products), limited-time access contracts (e.g., weekly or monthly, multi-month or annual pass for existing paid content) and the PUR subscription. You must provide your email address and a password. The provision of this data is necessary for the fulfillment of the contract and it, too, is processed in accordance with Art. 6, Par. 1, lit. b of GDPR.

We will initially store your data until the end of your contract or the deletion of your SPIEGEL account or until that data is no longer subject to any tax, commercial or other legal retention obligations. The legal basis is Art. 6, Par. 1, lit. b and c of GDPR.

b) Registration of a SPIEGEL account

On our websites, we offer you the possibility of creating a free user account (SPIEGEL account) by entering your email address, which provides the basis for some services requiring registration and also enables you to use personalized services (Art. 6, Par. 1, lit. b of GDPR).

We will delete your data as soon as you delete your SPIEGEL account on our website and there are no tax, commercial or other legal obligations to keep records.

To register, you only need to enter your email address and a password. Further information such as name and address is optional. When you register or log in to our websites, we ask for your email address and password. As a registered and logged-in user, we can create a profile, and various services are available to you. Among other things, you can use our digital limited-time access contracts and subscriptions, order products or participate in our debate formats with contributions.

You also have the possibility on our web pages to activate the "stay logged in” function by ticking the box, so that you don’t have to log in again after leaving the site and then revisiting it later. For this purpose, we use cookies with your consent, which ensure automatic recognition on the occasion of a renewed visit (Art. 6, Par. 1, lit. a of GDPR).

To make your visit and the use of our websites as comfortable as possible and to help you find relevant information more quickly, we personalize the use of our websites, for example by providing "Recommended for you" articles (Art. 6, Par. 1, lit. a of GDPR).

c) Newsletter

You also have the option on our website of registering for our newsletter to receive news and current information from our editorial departments and about our products. The ordering of the newsletter is carried out using the "Double Opt-In Procedure,” which means that the email you have entered is verified by means of a confirmation email sent to it. Your personal data will then be processed with your consent in accordance with Art., 6 Par. 1, lit. a of GDPR.

If you have agreed, we then record your clicks in our newsletters using invisible image files, so-called tracking pixels. Together with our service providers Newsletter2Go, MailChimp and Salesforce, we analyze opening and click rates as well as other usage data. Your email address will be stored in a recipient list so that we can keep track of the distribution list. It will also be used in a pseudonymized way to send you personalized newsletters adapted to your preferences and interests.

You can unsubscribe from any newsletter at any time, thus revoking your consent for both sending and analysis, by clicking on the corresponding link at the end of the respective newsletter or by writing to newsletter@spiegel.de.

d) Use of the forums and comments

If you have registered on our websites, you can participate in our debate formats by posting comments. If you submit a comment, it will be published with the username you provide or with a username we create at random. In your profile, you may use a pseudonym as your user name instead of your real name so that other readers do not know your real name, except in the manager lounge, where all users are presented with their full real name.

The legal basis for the processing of your data is the consent given by you in accordance with Art. 6 Par. 1, lit. a of GDPR. You can revoke your consent at any time, but doing so precludes any further use of the comment function.

e) Surveys

On our websites, you have the opportunity to participate in surveys about various topics. Within the scope of these surveys, which we conduct using the service Typeform, we ask you to answer various questions and provide personal information that varies from survey to survey, such as name, email address, salary level, etc. Participation is, of course, voluntary, and the provision of personal data isn’t required. You can find more about data protection at Typeform here.

If you provide data as part of the survey, you are simultaneously providing your consent for the collection, processing and use of the data for the aforementioned purpose; the corresponding processing of data is thus in accordance with Art. 6, Par. 1, lit. a of GDPR. You may, of course, revoke this consent at any time.

f) Advertising by email, telephone or letter

We use your contact data for advertising if you have given your consent (Art. 6, Par. 1, lit. a of GDPR), as well as for the legally permissible direct advertising of our own and related products if you have provided such data when ordering or registering (Art. 6, Par. 1, lit. f of GDPR in conjunction with Sec. 7, Par. 3 of the German Act Against Unfair Competition (UWG)).

If you no longer wish to receive advertising, you can revoke your consent or object to direct advertising at any time

• by clicking on the unsubscribe link at the end of the email

• by sending an email to aboservice@spiegel.de

• by writing to DER SPIEGEL, Kundenservice, 20637 Hamburg (please state your name and the email address you used for registration)

• or by telephone at 040 3007-2700.

Your personal data will be passed on to our external and internal marketing and newsletter service providers and contest partners provided that they assist us in data processing. These partners are contractually obliged by us to neither use data for their own purposes nor to pass it on to others. We will not pass your data on for commercial use without your express consent.

The data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not infringe on any legal storage obligations.

g) Contacting us

We process your personal data when you contact us using the form on our website or by email. For this purpose, we partly use the service CognitoForms from Cognito LLC. You can find more information on data protection here. This data processing is necessary for the processing of your request (Art. 6, Par. 1, lit. b of GDPR). The data processing takes place exclusively within the scope of our customer service.

Which articles are currently being read? How often? By how many people? How much time do viewers spend watching videos? How often do users visit our sites? Are there any suspicious access attempts, so-called "denial of service” attacks?

Here, we explain which (personal or personal-related) data is collected, processed and, if applicable, transmitted to which third parties, where and how it is done.

In the following, we differentiate between four areas of application:

(A.) cookies and analysis that are not personalized or only serve to ensure technical functioning and access security and which may be set or performed without your consent and which, as such, cannot be deactivated.

(B.) cookies and analysis that, with your consent, are activated and integrated as a standard, also in the "PUR” offer, which are used to measure reach as well as for our analysis for the need-based design of the product, and can be partially deactivated.

(C.) without choosing the "PUR" option, in the case of free use integrated cookies and analysis for advertising tracking and for serving usage-based advertising by cooperating companies with your consent. And, finally,

(D.) optional cookies and analysis of "social media” for all users, which are deactivated by default, and those products used in editorial partnerships, which are activated by default.

In the following passages, we summarize the relevant information on these areas of use and the services related to them in text form. At the same time, you can also inform yourself through the tabular overviews here for areas A.) & B.) as well as here and in the Privacy Center for area C.). Further and more detailed information on and directly from individual services can be found in the specified text form and under Section 7 of this privacy policy.

A.) Non-personally identifiable or mandatory cookies & analysis, the technical functional safeguarding of systems and authentication

We use cookies and similar analysis services with which no personal data is collected and processed. One example here is the service "Hotjar,” which we sometimes use to track mouse movements in order to evaluate whether and, if so, how we can improve the positioning of certain buttons or similar and simplify use of the website for you. The analysis is carried out entirely anonymously – by shortening your IP address, for example, so that no conclusions can be drawn about specific persons. Nevertheless, we require consent for the storage of associated cookies on your end device in accordance with the Cookie or ePrivacy Directive in conjunction with the German Telemedia Act (Sec. 12 et seq. TMG). You give us this consent if you decide to use the website free of charge or the "PUR” subscription, as it is a prerequisite for using the offer. You can nevertheless declare an "opt-out” for individual services and the respective analyses will be prevented. You can find the aforementioned overview of the services in question here.

Furthermore, we use cookies in both the free offer and in the "PUR” subscription for the safeguarding of technical functioning and authentication – i.e., cookies that are absolutely necessary for us to provide access to our product. Although no consent is required for these in accordance with the Cookie or ePrivacy Directive in conjunction with the German Telemedia Act (Sec. 12 et seq. TMG), you also agree to them when you choose between the free offer or the "PUR” subscription. An example of this is the "accessInfo” cookie, which is used to check whether you are an authorized user of the advertising tracking-free "PUR” offer and/or our paid "Plus” content. You can find an overview of these types of cookies here.

Finally, when you visit our website, the following data is automatically sent to our server and stored for 30 days in a log file:

• IP address

• Date and time of access

• Name and URL of the data retrieved

• Web page from which the access takes place (referrer URL)

• User agent (usually contains information about the browser used, the computer's operating system, the manufacturer and the model designation of the mobile device)

• Volume of data transferred

• Reporting on whether the access/retrieval was successful (http status code)

The above-mentioned data and its processing is technically necessary for us to ensure the stability and security of our systems, to be able to detect abuses and to protect against them (hacking or DDos, for example), as well as for error analysis and correction. Data processing is based on our justified legitimate interest in accordance with Art. 6, Par. 1, lit. b of GDPR for the purposes mentioned above. We employ state-of-the-art security measures to ensure data security.

Since the collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of our web pages, it is not possible for you to opt-out here. You can only prevent this form of data processing by not using our services.

Finally, we use a service from Sourcepoint to prevent the use of ad blockers on our site. This stores data on usage of our site in cookies to repel advertising blockers and record your settings. All analysis is carried out anonymously and in a non-personalized way. Private data such as IP addresses are used only in truncated form.

B.) Cookies and analyses in the "PUR" offer for reach measurement and needs-oriented design (can for the most part be deactivated with an opt-out)

We also use cookies and analytics in both the "PUR” subscription and the free product to tailor our offerings to your needs and to measure reach.

We use Adobe Analytics with the cookies listed here in detail in the overview for a design of our product that meets your needs. By using Adobe Analytics, we are able to customize products and services to meet your needs. Individualization plays an important role here, for example through personal reading recommendations based on your reading history. Further detailed information about Adobe Analytics is available here.

The legal basis for the use of such cookies is the European Cookie or ePrivacy Directive in conjunction with the German Telemedia Act (Sec. 12 et seq.) and/or the European General Data Protection Regulation (Art. 6, Par. 1, lit. a of GDPR). If you do not want such a needs-based design, you can select an opt-out for the services listed in the overview. If you wish to delete past data, you can do so here [xxx]. Unlike with ad trackers under (C.), we cannot offer our services without these cookies and analytics. If you categorically refuse the placement of such cookies, even with the possibility of such an opt-out, you cannot use our website.

The same applies to the measurement of reach, which must be standardized and carried out by neutral third parties in the interest of comparability. Insofar as cookies are stored on your computers for this purpose, this is done with your consent in accordance with the European Cookie or ePrivacy Directive in conjunction with the German Telemedia Act (Sec. 12 et seq. TMG). The legal basis for this analysis is also consent (Art. 6, Par. 1, lit. a of GDPR), although no user and usage profiles are created in the measurement of reach, and you can also set an opt-out for these. You can find more information in the overview here and in the details of the individual services here.

C.) Ad tracking and the serving of usage-based advertising

If you decide not to use the paid "PUR" service, advertisements and promotions will be served to finance our products and services. In online advertising, advertisers need reliable information about how many readers view their ads. Moreover, they expect preferential presentation of their advertising to those who are likely to be interested in certain products or topics. To enable them to do so, we allow our advertising partners on our free products and services to track usage data for "usage-based" online advertising (in which advertising is tailored to the user's interests), which implies the collection of data and its processing in pseudonymized usage profiles ("ad tracking”). This data helps ensure that you are presented with advertising to which you are likely to be more attentive.

As an advertising partner through Google AdWords, Google is also integrated and can place and use advertising cookies with us according to the same guidelines. If you click on an ad placed by Google, a cookie is stored without personalized data and remains valid for 30 days. It registers your clicks on the ad on our website and is used for statistics. You can opt out here.

You can find an overview of the advertising service providers, the so-called "Third-Party Trackers,” approved for use on our free content offerings in our Privacy Center and here. Legal basis for the use of cookies described above is the European Cookie or ePrivacy Directive in conjunction with the German Telemedia Act (Sec. 12 et seq.) and/or the European General Data Protection Regulation (Art. 6, Par, 1, lit. a of GDPR).

In general, tracking means that your usage of our products and services is captured, for instance individual clicks, subpages visited, advertising banners viewed, etc. Because such data is related to you as a person, all usage data must be saved with a random pseudonym that cannot be reconnected with the user.  To enable ads to be tailored to your needs in places where cookies do not work optimally, within smartphone apps for example, cookie-like technologies may be used. To prevent this, go to the app "Google Settings" on Android smartphones or scroll down to "Google" in the General Settings app, tap "Ads Settings" and tap the on-off slider next to "Personalized advertising." On iOS devices, for which we use Apple's Advertising Identifier, go to the Settings app, then to "Privacy," then to "Advertising" and make your specific settings.

D.) (Optional) additional services

1. Social media

On our site, we integrate posts and recommendation functions from platforms such as Facebook, YouTube, Twitter, Instagram, Giphy, Imgur, Spotify, TikTok and the mapping service Mapbox. These services are inactive by default, but they can be activated by the user. Most of these services are based in the U.S. but are nonetheless subject to the applicable data protection regulations in EU and EEA countries. If, for instance, you actively use a recommendation bar on our site or read an article with an embedded post or YouTube video or Spotify playlist, the embedding technology may transfer general framework data such as your IP address back to the social networks and platforms. We have no influence over the way these platforms use the data, including, in some cases, the creation of user profiles. Please consult Facebook, Twitter, Spotify, TikTok and YouTube, et. al. directly for more information and to adjust your privacy settings.

For social networks and on other external platforms, the companies' respective data protection regulations apply, even if we distribute information and maintain presences there with our brands. With Snapchat, in particular, we are active outside our internet presence, for example with DER SPIEGEL in the network’s Discover section. The U.S.-based company provides us with its content management system and general usage data, such as the number of hits, the length of usage, the demographics of readers and the user names of all contacts. You can read the network's data protection rules here.

You can also create a user account with us by connecting to your Facebook account ("Sign in with Facebook” function). Should you use this option, we will of course have no access to your Facebook log-in information - the social network's privacy policy applies - but we will need to obtain your public information and your email address in order to allow you to register with us. This will enable you to set up a user account with us, and you can later unlink Facebook in our log-in area at any time in order to log in to us independently of Facebook.

The following links will provide you with information about the privacy policies of the individual third-party providers:

• Content from Twitter: We integrate Twitter content into our internet offering using the Tweet plugin. Twitter’s privacy policy can be found here: https://twitter.com/de/privacy

• Content from Facebook: We integrate Facebook content into our internet offering using the Facebook plugin. Facebook’s privacy policy can be found here: https://www.facebook.com/privacy/explanation

• Content from YouTube: We use the YouTube player to integrate videos from its YouTube channels or videos from other providers into our internet offering. Google’s privacy policy can be found here: https://support.google.com/youtube/answer/2801895?hl=de

• Content from Instagram: Instagram's embed feature enables the integration of images and videos from Instagram into our offering. Instagram’s privacy policy can be found here: https://www.instagram.com/legal/privacy/

• Content from Giphy: Giphy’s embed function enables the integration of GIFs on our websites. Giphy’s privacy policy can be here: https://giphy.com/privacy

• Content from Imgur: With Imgur, we can integrate Imgur content, such as images. Imgur’s privacy policy can be found here: https://imgur.com/privacy

• Content from Spotify: Spotify allows us to integrate songs, albums or playlists into our websites. Spotify’s privacy policy can be found here: https://www.spotify.com/de/legal/privacy-policy/

• Content from TikTok: The TikTok plugin allows us to integrate videos from TikTok. TikTok’s privacy policy can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de

• Content from Mapbox: Mapbox allows us to integrate maps. Mapbox’s privacy policy can be found here: https://www.mapbox.com/legal/privacy/

2. Products used in editorial partnerships

In our articles, we often use services from cooperation partners, for surveys or discussion questions, for instance. As with social networks and platforms, the following applies: If, as an example, you read an article with an embedded survey, general framework data such as your IP address may theoretically be transferred back to the social networks and platforms. You can also find more information on their data protection policies on the websites of the cooperation partners:

• Civey: In some products and services, we use this German platform to carry out opinion surveys. Civey also collects data on your personal settings and your voting behavior, which is why you can only fully utilize the service once you log in with your own log-in or through Facebook (in the latter case the social network may theoretically track the fact that you use Civey). If you are not logged in, your voting behavior will be evaluated in anonymized form and a cookie set in each case. Your log-in and voting data is stored in encrypted form on German servers, where it remains confidential and is used solely for survey purposes. You can find out more about data protection details for Civey here.

• Opinary: In some products and services we use this German platform to carry out rapid opinion surveys or to create and display other content (like advertising). Only when you register there are you identifiable as an individual, otherwise a cookie will be set in order to present you with usage-related advertisements; Opinary analyzes the usage of websites and advertising space where it is deployed. You will only be captured using a pseudonym and then anonymously analyzed. You can opt out here. Further details about the partnership with Opinary can also be found in Section 7 at the end of the privacy policy.

• Datawrapper: We use this service to create editorial information graphics to accompany our articles. When you load these infographics, general usage data is recorded, but not the IP address of your device. In addition, Datawrapper will not pass on any user data to commercial third parties. You can find more about data protection at Datawrapper here.

• Games: Some of our products and services include embedded browser-based games that are provided by our Karlsruhe-based partner kr3m, which stores the log files of the websites and files that are accessed, the associated time data, the browser and operating system and the IP address including the provider. This data is used solely for statistical purposes to optimize security and the product or service itself, but also to track illegal use. In no case is personal data passed on without the user's consent. You can find more about data protection at kr3m here.

We, too, advertise our products and services on the internet. We use various options for individualized advertisements with which we aim to reach you and other potential readers directly:

• Google Remarketing: We use Google's Remarketing function to present you with advertisements for our products and services that correspond with your usage preferences in the global Google advertising network. You will be identified in this network through cookies, but not identified as an individual. You can opt out here.

• Facebook Remarketing/Retargeting: We have integrated remarketing tags from the social network in our products and services where appropriate. If you are logged into Facebook, the platform receives the information that you have visited our site, through which we can present you with advertising on Facebook. The transfer of your data as a Facebook user is regulated in the data protection declaration of the network itself. You can deactivate the "custom audiences" setting for your profile here. We do not use the custom audience email procedure.

• Bing Ads: This service from Microsoft, a U.S.-based company, sets a cookie if you access our website through a Bing ad so that we can find out the total number of clicks leading from an ad to our website. Your user profile is only stored in a pseudonymized form. There is no transfer of data. You can opt out here.

• Sovendus: This German service provider offers some of our products for sale on the internet as an advertising partner. In order to ensure correct billing, the service sets a single pixel at the time of purchase in order to transmit the ordered product in a pseudonymized and encrypted form, including time stamp and IP address, whereby the latter is only used for data security purposes and is normally anonymized after seven days. Details on data protection at Sovendus can be found here.

GDPR Article 15: Right of access by the data subject
You have the right to obtain information from us about the personal data we process.

GDPR Article 16: Right to rectification
If the data concerning you is inaccurate or incomplete, you may request the rectification of incorrect information or the completion of incomplete information.

GDPR Article 17: Right to erasure
In accordance with Article 17 of GDPR, you can request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still needed by us to fulfil our legal or contractual obligations.

GDPR Article 18: Right to restriction of processing
In accordance with Art. 18 of GDPR, you have the right to request that the processing of personal data concerning you be restricted.

GDPR Article 21: Right to object
For reasons relating to your particular situation, you have the right to object to the processing of personal data concerning you at any time.

Art. 7, Par. 1 of GDPR: Right to withdraw consent
You have the right to withdraw your consent for the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

A.) About our partnership with INFOnline GmbH

Our websites use the measurement procedure known as "next-generation innovative scalable central measurement process," or SZMnG, from INFOnline GmbH for calculating key statistical figures on the usage of our products and services. The goal of usage measurement is to statistically determine the number of visits to our websites, the number of website visitors and their surfing behavior – on the basis of a uniform standard procedure – and so obtain values that are comparable across the market. For all digital products and services that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW; German Audit Bureau of Circulation) or take part in studies of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF; Working Group for Online Media Research), usage statistics on reach are regularly processed further by AGOF and the Arbeitsgemeinschaft Media-Analyse e.V. (agma; Media Analysis Working Group) and published with the performance value "unique user" as well as the performance values "page impression" and "visits" from IVW. These reach values and statistics can be seen on the respective websites.

1. Legal basis for processing

Measurement using INFOnline GmbH's SZMnG process is carried out on the basis of legitimate interest as defined by Art. 6, Par. 1, lit. f of the GDPR. The purpose of processing personal data is the generation of statistics and the creation of user categories. The statistics help us understand and verify the usage of products and services. The user categories form the basis for the provision of advertising material and/or advertising measures aligned with your interests. For the marketing of our website, usage measurement that guarantees comparability with other market participants is essential. Our legitimate interest arises from the economic usability of the findings generated by statistics and user categories and the market value of our website – including direct comparison with the websites of third parties – which can be determined using statistics. Moreover, we have a legitimate interest in making available the pseudonymized data from INFOnline, AGOF, agma and IVW for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). Moreover, we have a legitimate interest in making available the pseudonymized data from INFOnline for further development and provision of advertising materials aligned with interests.

2. Type of data

INFOnline GmbH collects the following data which, according to the GDPR, may contain references to individuals:

• IP address: Every device on the internet requires a unique address for the transfer of data – the IP address. Due to the way the internet works, it is a technical requirement that the IP address be stored at least in the short term. IP addresses are reduced by 1 byte before any processing and all further processing takes place anonymously. There is no saving or further processing of non-truncated IP addresses.

• A randomly generated client identifier: To identify computer systems, reach processing uses either a third-party cookie, a first-party cookie, a "local storage object" or a signature generated from a range of information automatically transferred by your browser. This identifier can uniquely identify a browser as long as the cookie or local storage object is not deleted. Measurement of data and subsequent allocation to the relevant client identifier is therefore also possible if you access other websites that use INFOnline GmbH's measurement process ("SZMnG").

The validity of cookies is restricted to a maximum of one year.

3. Usage of data

INFOnline GmbH's measurement process, which is used on this website, communicates usage data. This occurs for the collection of the performance values "page impressions," "visits" and "clients" and to generate other key figures from them (e.g., qualified clients). Moreover, we may use the measurement data as follows:

• "Geo-localization," which links website access to the location from which it was accessed, occurs solely on the basis of the anonymized IP address and only to the geographical level of state/region. Under no circumstances can the geographic information gathered in this way be used to identify the precise whereabouts of a specific user.

• The usage data of a technical client (e.g., a browser on a device) is compiled across websites and stored in a database. This information is used for technical estimation of the demographic details of age and gender and transferred to the AGOF service provider for further reach processing. As part of the AGOF study, a random sample of social characteristics is used to provide a technical estimate that allows assignment to the following categories: age, gender, nationality, profession, marital status, general household details, household income, place of residence, internet usage, online interests, usage location, user type.

4. Storage duration of the data

INFOnline GmbH does not store the complete IP address. The truncated IP address is stored for a maximum of 60 days. The usage data in connection with the unique identifier is stored for a maximum of six months.

5. Transfer of data

Neither the IP address nor the truncated IP address is transferred. In generating the AGOF study, data is transferred to the following AGOF service providers with client identifiers:

Kantar Deutschland GmbH

Ankordata GmbH & Co. KG

Interrogare GmbH

6. Rights of data subjects

Data subjects have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR )

• Right to object (Art. 21 GDPR)

• Right to erasure (Art. 17 GDPR )

• Right to restriction of processing (Art. 18 et seq. GDPR)

• Right to data portability (Art. 20 GDPR )

For any inquiries related to these rights, please contact datenschutz@spiegelgruppe.de. Please note that for this type of inquiry, we must be able to establish that we are dealing with the data subject. The data subject has the right to lodge a complaint with the data protection authorities. You can find further information on the measurement process on the website of INFOnline GmbH, which operates the measurement process, the data protection website of AGOF and the data protection website of IVW.

B.) About our partnership with IP Deutschland GmbH

1). The following general information applies:

Various companies are involved in the marketing of our internet products and services, both in the collection of data and in the serving of advertising. These companies play different roles. In some cases, they are individually responsible for data processing (controller) or act purely as a service provider carrying out the instructions of a controller (processor). In the context of advertising marketing, IP Deutschland GmbH, Picassoplatz 1, 50679 Cologne, Germany, email: kontakt@ip.de, is responsible and are thus, together with us, "joint controllers" under Article 26 of the EU General Data Protection Regulation in terms of our internet products and services. You can find more details about this, about roles and about other responsible parties here.

2. Collection of data in the context of marketing (tracking, profiling, etc.)

In order to personalize advertising, design it according to interests and find suitable target groups, to collect information for billing, measure reach and control/limit the serving of ads through frequency capping, a system is used in online advertising that examines user behavior and produces pseudonymized profiles of users, which can then be used in the serving of advertising. As part of that process, products and services that have been visited, content that has been clicked on, etc., are captured and stored. This data is stored within a profile in a database that can be accessed with a cookie or by another means of identification. Names and personal data of users are not stored. The cookie is essentially a pseudonym and does not contain the real name or identity of the user. In some cases, data from other sources, e.g., parts of profiles from registered areas or also technical data about the device used, the time the activity occurred or data from party sources can also be stored. Behavior patterns of users of our products and services are stored and analyzed within the profile and it is in part supplemented by sociodemographic data or assumptions about sociodemographic data (so-called statistical twins of profiles with known data that are compared based on similar or identical surfing behavior). The formation of this profile is also possible across networks, i.e., across a number of internet products or services.

3. Legal basis

Both the operators of the products and services and the other marketers and other entities that serve advertising on the products and services have a legitimate interest in marketing and monetizing their (marketed) products and services through the target group-specific serving of advertising as well as measuring the reach and controlling the serving of advertising with the use of frequency capping. The same applies to the creation of user profiles that make this possible in the first place. This purpose could not be achieved without data processing. Given the pseudonymous nature of the data, users of the products and services will not be individually identifiable to us or our marketers beyond the recognition of the browser and end devices used. Incursions on the user's right of informational self-determination are justified by the fact that the user's data is pseudonymized and is only used for relatively short periods of time. Because users are informed transparently of the procedures used in data protection statements and are also provided with effective possibilities for opting out, incursions on users' rights are minimal and at the expected level. Furthermore, no profiles are produced that focus on children. The legal basis for all processing of data in the scope of marketing is Art. 6 1f of the GDPR ("legitimate interests") or Sec. 15, Par. 3 of the German Telemedia Act (TMG).

4. Detailed information and objection options

• Information about marketers and technology opt-out opportunities

Here, you can find detailed information about the individual data processing procedures and the service providers and participants involved. This overview contains general and detailed information about the names and addresses of the companies that collect, process and/or make personal data available to other third parties, the data categories collected, the purpose of processing and the opt-out options, recipients of data, transfer to third countries, duration of storage and data sources and provides the ability to contact the data protection officer of IP Deutschland GmbH.

• Advertising IDs for mobile apps

To enable advertisements to be delivered in services that lack cookie technology – in mobile apps, for example – technologies similar to cookies may be employed. To disable personalized advertising on your mobile device, please follow the instructions below.

Android

1). Depending on the device, you will find Google Settings at one of the following places:

a. in a separate app called Google Settings

b. scroll through your main Settings app and tap Google

2. Tap on Ads

3. Tap the on-off slider to deactivate personalized ads

iOS

iOS devices use Apple's Advertising Identifier. You can find further information about the different possibilities for using this identifier in the app settings on your device.

You can find it as follows:

1). Tap "Settings"

2. Tap "Privacy"

3. Tap "Advertising." From there, you select specific settings using a slider.

Right to object

Should you not wish to take part in measurement on websites, you can object at the following link: https://optout.ioam.de. For technical reasons, a cookie must be set to guarantee your exclusion from measuring. If you delete the cookies in your browser, it will be necessary to repeat the opt-out process under the link above. In applications, you can opt out of this measuring here; in apps you can deactivate them in settings (for iOS in iOS Settings > App > AGOF-Zählung, for Android directly in the app menu under Data protection > IVW/AGOF-Zählung).

C.) About Adobe Analytics

We use the tracking tools Adobe Analytics and Adobe Audience Manager on our websites. These are services provided by Adobe Systems Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe").

Tracking is pseudonymous, which means that we cannot draw any direct conclusions about you as a person from the information we receive through tracking. As part of the web analytics procedure and for the processing of information about your user behavior, cookies are used to identify the browser of your end device.

We use Adobe for marketing, personalization and optimization purposes, in particular to analyze the use of our websites and services and to continuously improve and personalize individual functions and products as well as the user experience.

Adobe is integrated with your consent, which you can revoke at any time. The legal basis for this is Art. 6, Par. 1, lit. a of GDPR.

You can stop tracking by Adobe at any time by clicking on the following link ("opt-out"): "https://www.adobe.com/de/privacy/opt-out.html.

This is inhibited by setting a cookie on the end device you are using. If you delete the cookie or use another end device or web browser, the opt out must be set up again. For our mobile apps, you have to configure this in the respective app settings.

D.) About Opinary

We embed a survey tool from Opinary GmbH, Engeldamm 62-64, 10179 Berlin, Germany, on our pages in joint controllership (in accordance with Art. 26 of the GDPR). The use of this service allows us to create and display online pools or other content. The Opinary plugin retrieves the following information from the website visitor: Cookie IDs, timestamps, click data, vote coordinates and truncated IP addresses. For the protection of your personal data, we have an agreement with Opinary GmbH on the order in which this data is processed (Art. 26, GDPR). As part of our joint responsibility under data protection law, it was agreed which party would fulfil which obligations under the GDPR. We are the responsible party for the collection and transmission of the user’s data to Opinary. The data collected in this way is then anonymized by Opinary and made available to us in aggregated form. In order to control target group-based advertising, Opinary collects information about activities on our websites (advertising banners clicked and subpages visited, for example) under a pseudonym and uses this information to serve you advertising from third parties in line with your interests. This allows cookies from third-party advertisers to be stored on your end device.

For further information on the processing of your personal data, please refer to Opinary’s privacy policy. If you do not consent to the use of your data in the specified form, you can object here by opting out: https://compass.pressekompass.net/static/optout.html

E.) About Typeform

We use the Typeform service to collect data from surveys. This service is provided by TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona ("Typeform"). Typeform specifies that your answers to the questions asked in the survey will only be viewed by Typeform if it is necessary for the correction of errors. According to its own statements, Typeform uses cookies, but only those that do not collect personal data. The cookie settings can be edited in the browser settings. Typeform has a strict privacy policy, but handles some of its survey services through the cloud provider Amazon Web Services, Inc. (AWS) with servers located outside the European Union, based in the United States.

You can find more detailed information about the processing of your data by Typeform in Typeform’s privacy policy: "https://admin.typeform.com/to/dwk6gt.

F.) About Localytics

App analysis with Localytics: To better understand the usage of our apps for smartphones and tablets, we perform analysis in some apps using the service Localytics – how often they are accessed, what is clicked on, etc. Your data is pseudonymized and you are never identified as an individual. You can disable the analysis in the settings (on iOS in iOS Settings > App > Send Usage Data; on Android directly in the app menu in the settings themselves).

G.) About Consentric Technology

Deutsche Post AG’s Consentric technology was developed from the very beginning with data protection requirements in mind and aims to process as little personal data as possible. Using the Consentric technology, Deutsche Post AG, with the involvement of various partners, links a cookie stored on a user’s end device with a microcell of Deutsche Post Direkt GmbH ("DP Direkt”). This microcell only contains information about a single group – comprised on average of 6.6 people – so that the cookie ID cannot be assigned to any individual. Various addresses have been combined in a microcell so that the Consentric technology can provide a data protection-compliant link between an end device and a microcell as a geographical location. You can opt out of the data processing by following the procedure described in the following link: https://pixel.consentric.de/optout. You may object to the use of cookies by service provider intelliAd (diva-e Products GmbH, Sendlinger Str. 7, 80331 München) by using the intelliAd opt-out function.

In relation to the transmission of the cookie IDs obtained during your visit to our website, we and Deutsche Post AG have a joint responsibility under Article 26 of GDPR. As such, we are jointly responsible with Deutsche Post AG for the protection of your personal data. The joint responsibility is limited to the transmission of the cookie IDs obtained from you on our websites to Deutsche Post AG for used by the Consentric technology (conversion into a microcell). The individual stages of the process are described as follows: We are responsible for the pixilation/installation of a script on our websites and the forwarding of the intelliAd cookie together with campaign information to Deutsche Post AG. Deutsche Post AG is responsible for the operation of the Consentric technology and for providing us with the specifications for transmitting your cookie IDs to Deutsche Post AG. It can be determined with the use of cookies that you are visiting a website that is participating in the measurement. This information is then aggregated based on the anonymous microcell from Deutsche Post GmbH. This means you can no longer be identified as an individual. At no time are individual users identified by name. This means your identity remains protected. Deutsche Post Direkt GmbH has data protection-compliant procedures for sending postal advertising by selecting a microcell. The selection process used by a microcell is facilitated by the Consentric technology, since the upstream measurement process automatically indicates which microcells are of interest to an advertising company. For example, visiting a website can trigger the dispatch of advertising by mail. If you have any further questions regarding the handling of personal data, in particular if you wish to obtain information about processed personal data or to assert further rights, please contact the website operator first. This does not affect your right to make your subject rights known to Deutsche Post AG under consentric@deutschepost.de.

H.) Chatbot

For general service requests, we offer you the possibility of obtaining information on our website about our customer service and self-care solutions through the use of Chatbot. Our technical service provider for this service is knowhere GmbH, Steinhöft 9, 20459 Hamburg.

No further information is required from you for the use of Chatbot. Log files and chat histories are stored for 30 days in order to optimize the artificial intelligence behind Chatbot.

Data processing is carried out on the basis of our legitimate interests in accordance with Art. 6, Para. 1, Sentence 1, lit. f of GDPR.

I.) About our cooperation with ADITION technologies AG

We work together with advertising partners to make the online offerings on our websites even more interesting for you. To achieve this, cookies are also set by our advertising partners when you visit our websites (so-called third-party cookies).

Information is also stored pseudonymously in the cookies of our advertising partners about your user behavior and your interests when you visit our site. In some cases, information is also collected that was obtained on other sites before you visited our site. This information is used to display interest-related advertisements from our advertising partners. No personal data is stored and no user profiles are merged with personal data about you.

You can prevent interest-based advertising from our advertising partners by adjusting the cookie settings in your browser.

This website uses the ADITION adserving technology of ADITION technologies AG, Oststraße 55, 40211 Düsseldorf ("www.adition.com) to collect and store data for marketing and optimization purposes. This data can be used, among other things, to create pseudonymized user profiles. Cookies can be used for this purpose. The data collected using the ADITION adserving technology is not used by ADITION to personally identify the visitor to this website. You can object to the collection and storage of data at any time in the future here.

J.) About our cooperation with AWIN AG

We process your personal data for the purpose of implementing an affiliate marketing campaign. In this way, we are able to track which third-party website, app or other technology provider referred potential customers to our websites and apps ("referrer") and pay them a commission in return for these referrals. We are pursuing the legitimate interest of carrying out an online advertising campaign that is remunerated according to performance. We are working with Awin to help us implement this affiliate marketing campaign. You can find Awin’s privacy policy here. It contains information about your rights in relation to data processing by Awin. In some cases, Awin may maintain a restricted profile relating to you. However, this will not reveal your identity, online behavior or other personal characteristics. The sole purpose of this profile is to determine whether a referral began on one device and was completed on another device.

In some cases, Awin and the referrer of the potential customer may receive and process your personal information in order to implement the affiliate marketing campaign with us.

We also receive personal information from potential customers of Awin and the referrers, which can be divided into the following categories: Cookie data, data relating to the website, app or technology that referred a potential customer to us and technical information about the device you are using.