And now from the beginning: The information on data protection described here applies to the use of the SPIEGEL Group's editorial digital offerings such as www.spiegel.de,www.manager-magazin.de and www.11freunde.de. For other SPIEGEL Group websites, e.g. for corporate communications, separate data protection statements may apply; data protection notices for conventional print subscriptions and other fee-based offers from SPIEGEL Group publishers can be found in their respective General Terms and Conditions of Business and Delivery. When we link to other websites, we have no influence or control over how other providers comply with data protection regulations. If you wish to inform us of any problems with a linked site or one of our partners, please write to us.

The entity responsible for data processing through this website is the SPIEGEL Group company named in the legal notice, represented by the management. If you have any questions, you can always contact the SPIEGEL Group, Data Protection, Ericusspitze 1, 20459 Hamburg or send an e-mail to datenschutz@spiegelgruppe.de if you would like to receive additional information on how we collect, process or use your data, if you have any general questions or if you would like to correct, delete or block your data. Details of your rights can be found in section 6.

In any case, the following applies: We store, process and use your data exclusively as you read it in this information and do so in accordance with German and European data protection law. It goes without saying that we maintain data secrecy. We treat your data confidentially and do not pass it on without a legal basis, except to closely associated service providers who manage subscriptions on our behalf and process payment services, services, video deliveries or rewards and advertising transactions, for example. These service providers are obliged to use data only for the contractually intended purposes and not to pass it on to third parties themselves under any circumstances.

The following independently retrievable documents and information are part of this privacy policy.

• Detailed overview of the currently used "advertising trackers" and other analysis services in our Privacy Center

• Detailed overview of the cookies, device identifiers and similar tracking technologies and analytics services currently used in the read-free advertising offer, including detailed information about them

In principle, you can also use our websites without expressly providing classic personal data such as name, address, bank details, etc.. In some cases, however, it is necessary to provide such data, either because this is required by law or in order to conclude contracts with you or to provide a requested service. The provision of data in these cases is of course also at your discretion, but this data is sometimes necessary in order to achieve the stated purposes. Failure to provide this data may mean that we are unable to provide you with our services.

Further information in advance: We use the latest SSL security standard (256bit Secure Socket Layers) throughout our website. Your data is encrypted directly during transmission and all data protection-relevant information such as credit card number, bank code, bank account number, name and address are stored in encrypted form in a protected database. This brings us to the individual occasions on which you provide us with information about yourself:

a) SPIEGEL account registration

We offer you the opportunity to create a free user account (SPIEGEL account) on our websites by providing your e-mail address and assigning a password. This is the basis for using some services that require registration (digital time access contracts, subscriptions, ordering products, participating in recurring quizzes with access to personal game statistics and participating in our debate formats) and enables you to use personalized services. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Further details such as name, address, date of birth and telephone number are optional and are therefore based on your voluntary consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

If you register as a user for a SPIEGEL account, we process your IP address and the date and time of registration in connection with your registration. You will then receive an email from us with a link that you can use to confirm the creation of your user account. Data processing is required for registration and is based on Art. 6 para. 1 sentence 1 lit. b GDPR.

You have the option of using the "Stay logged in" function so that you do not have to log in again at the end of a session and when you return later. For this purpose, we set a cookie in the browser of your end device, which ensures automatic recognition on a new visit. The legal bases are your voluntarily declared consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TDDDG.

In order to make your visit and use of our websites as pleasant as possible and to help you find information relevant to you more quickly, we can personalize the use of our websites, for example through "Recommended for you" articles. In this context, we process your usage data with your consent (Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR); you can find more information on this in Section 4.B of this privacy policy.

As a registered user, you have the opportunity to take part in our daily quiz and access your personal game statistics to see which quizzes you have taken part in, as well as which and how many questions you answered correctly or incorrectly. In this context, we process your personal user data exclusively in pseudonymized form, i.e. using identifiers that do not allow any conclusions to be drawn about your person for this purpose and within the scope of our legitimate interest in providing you with the widest possible range of services. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

Your data will be stored for the duration of the existing registration and will only be deleted when you close your SPIEGEL account, unless statutory retention obligations prevent deletion. You can initiate the deletion yourself in your SPIEGEL account.

b) Conclusion of a subscription

You need a SPIEGEL account to conclude digital contracts such as subscription contracts (periodically updated offers of digital content), time-based access contracts (e.g. weekly, monthly, multi-month or annual passes for existing paid content) and to book the ad-free reading option. In addition to the data processing in connection with your registration (see section 3.a.), we process your full name, title, information about an existing print subscription, payment data, your address (private or company address), and the country of use (subscription data) for the conclusion of digital contracts (subscription data). The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Confirmation of your age, your date of birth and/or your address is only required for the fulfillment of the contract if it is relevant for the respective offer (e.g. for the U30 Duo subscription). Further information such as name additions and telephone number are optional and are therefore based on your voluntary consent (Art. 6 para. 1 p. 1 lit. a GDPR).

Further processing when taking out a U30 Duo subscription
For the age verification required as part of the U-30 subscription, we process a 7-digit verification number from your ID card or passport, from which your date of birth and thus proof of the existence of the discount reason based on your age can be derived. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. For age verification, we use the service provider Plenigo [plenigo GmbH, Königstr. 4, 87435 Kempten, www.plenigo.com] , with whom we have concluded an order processing contract for this purpose, which ensures that data processing is carried out in accordance with the legal requirements. The verification number will be deleted immediately after your age has been verified. Only the expiration date of the reason for the discount is stored in our customer management system in order to continue your subscription on your 30th birthday without a discount.

Further processing when taking out a starter subscription
If you use our starter subscription, we use parts of the data collected as part of our basic tracking (the so-called SSO tracking ID) in addition to the subscription data in order to ensure compliance with the subscription requirements, in particular the use of the activations and the provision of the items used. The legal basis is the contract between you and us (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further processing when taking out a trial subscription
When you take out a trial subscription, we reserve the right to check your email address to verify that you meet the conditions for claiming the discount. For this purpose, we store a pseudonymized hash value of your email address for 12 months. The legal basis for this is Art. 6 (1) 1 lit. b GDPR.

As part of the fulfillment of digital contracts, we use external payment service providers through whose platforms we and you can carry out payment transactions (e.g. Paypal, credit cards such as Visa, Mastercard, American Express, SEPA direct debit). The data processed by the payment service providers includes Name, address, bank details, as well as transaction data such as contract and recipient-related details. The information is required to carry out the transactions; the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. The aforementioned data is processed exclusively by the respective payment service provider and stored by them; we only receive information about confirmation or non-execution of the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection notices of the respective payment service providers.

To optimize our customer service, we use the information about digital contracts concluded by you for the internal organization of the processing of customer inquiries (reader prioritization). Reader prioritization is carried out in our legitimate interest in categorizing and processing customer concerns in line with their interests. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

As part of your existing digital subscription agreement, we may provide you with discount codes for discounted subscriptions with other publishing and media houses with which we cooperate. For this purpose, we process your customer number for the recurring reconciliation of the existing customer relationship as a prerequisite for the discounts and, on a one-time basis, also your e-mail address for sending you an individual discount code at your explicit request. This offer is part of our contractual services to you, so the legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. b DSGVO. For the technical processing of such discounted combined subscriptions, we work with the association alles.plus [alles.plus e.V., c/o DER SPIEGEL GmbH & Co. KG, Ericusspitze 1, 20457 Hamburg, Germany], with whom we have concluded a contract for commissioned data processing.

We always store your data until the end of your digital contract. Deleting your SPIEGEL account is not the same as terminating your digital contract. It may be necessary to store your data in order to check the requirements for establishing a digital contract, e.g. to prevent repeat orders for the start of discounted digital or premium subscriptions. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, we are obliged under Art. 6 para. 1 sentence 1 lit. c GDPR to retain data due to tax, commercial or other statutory retention obligations. If the data is not deleted because it is required for other contractual or legally permissible purposes, its processing is restricted or it is archived and only made available to those authorized to retain it using appropriate technical and organizational measures.

For the purposes of abuse prevention in the context of securing personal access to our digital offers, we process information about the use made by your account, such as identifying features in the context of Adobe tracking (ECID, Adobe Tracking ID), the number of user accesses (unique users), visits, page views, browser types used, end devices used, as well as the name and contact details from your subscription. The data processing is necessary for the analysis of abusive user accounts and is carried out on the basis of the contract concluded between you and us; the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

Please also refer to the information and regulations in our General Terms and Conditions of Business and Delivery.

c) Newsletter

On our websites, you have the option of subscribing to our editorial newsletter in order to receive news and up-to-date information from our editorial teams and about our products. Your personal data is also processed in this respect with your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

If you have given your consent, we record your clicks in our newsletters and other notifications with invisible image files, so-called tracking pixels. We analyze the opening and click rates as well as other usage data with our service providers Mailjet and Salesforce. Your e-mail address is stored in a recipient list in order to be able to track the distribution list. It is also used pseudonymously to send you personalized newsletters tailored to your preferences and interests.

As a member of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW - https://www.ivw.eu  ), we use a so-called IVW pixel in the newsletters, i.e. a pixel-sized file that is retrieved from an IVW server when the newsletter is opened. This retrieval collects technical information and the time of retrieval as part of an anonymized reach measurement. You can find more information on this in section 7 at the end of the privacy policy.

You can unsubscribe from any newsletter at any time and revoke your consent to the sending and analysis by clicking on the corresponding link at the end of the respective newsletter, writing to newsletter@spiegel.de or unsubscribing independently in your "My account" area. This also applies to editorial newsletters that have been ordered as part of subscriptions and time access contracts.

d) Use of SPIEGEL debate and contributions

If you have registered on spiegel.de with a SPIEGEL account and have a SPIEGEL+ subscription, you can contribute to our debate formats. If you submit a contribution, it can be published with the user name you have provided or a user name we have created. In your profile, you may use a pseudonym as your user name instead of your real name so that other readers do not know your real name. We collect and process the data you provide and the data we collect automatically, such as your first and last name, email address and any other information, in order to be able to publish your contribution in accordance with our special terms of use. The legal basis for the processing of your data is Art. 6 para. 1 lit. b) GDPR.

We use the Logora tool from Société Logora, 31 Avenue Théophile Gautier, 75016 Paris, France, with which we have concluded the necessary data protection agreements, to support the moderation and management of your contributions in our digital offerings. When you log in/register in the debate area, which is integrated via a widget, your name, your e-mail address, your subscription status and your user ID are processed. In addition, we analyze your posts to check compliance with our community guidelines and, in particular, to prevent criminally relevant statements. The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Further information can be found here  in Logora's Privacy Policy.

We use the Conversario tool from ferret go GmbH, Brauerstraße 14, 16321 Bernau bei Berlin, Germany, to support the moderation of comments and posts on our social media sites. In the case of YouTube, Facebook and Instagram comment verification, Conversario processes the YouTube, Facebook or Instagram user ID, the comment text and the date and time of the comment. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Further information can be found here  in Conversario's privacy policy.

e) Advertising by email, telephone or letter

We use your contact data for advertising if you have consented to this (Art. 6 para. 1 lit. a) GDPR), as well as for legally permissible direct advertising for our own and related products if you have specified this when placing your order or registering (Art. 6 para. 1 lit. f) GDPR in conjunction with Section 7 para. 3 UWG).

If you no longer wish to receive advertising, you can withdraw your consent or object to direct advertising at any time

• by clicking on the unsubscribe link at the end of the email

• by e-mail to aboservice@spiegel.de or aboservice@manager-magazin.de orkundenservice@​11freunde.​de

• in writing to Der SPIEGEL, Customer Service, 20637 Hamburg (please state your name and e-mail address of registration) or manager magazin, Customer Service, 20637 Hamburg oder Customer Service11 Freunde, Postfach 111828, 20418 Hamburg

• or by telephone on 040 3007-2700 (SPIEGEL) or 040 3007-3400 (mm) or 040 3007-3030 (11F).

Your personal data will be passed on to our external (Bisnode Marketing GmbH as part of an order processing agreement, which in turn uses the POSTADRESS MOVE database of Deutsche Post AG to update addresses) and intragroup marketing and newsletter service providers and competition partners if they support us in data processing. We contractually oblige them neither to use data for their own purposes nor to pass it on to others. We will not pass on your data for advertising purposes without your express consent.

The data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

f) Making contact

If you would like to contact us, you can send us an email to aboservice@spiegel.de . In this case, we will process your e-mail address, details of your request and, if applicable, your name for further correspondence and any resulting measures relating to your request. You also have the option of contacting us by telephone (040 3007-2700). In this case, we will process your telephone number, your name, your customer number if applicable and information about your request for further correspondence. If you wish to use our contact form, we will process the reason for your contact, the channel, details of your request, the form of address, your first name (optionally also your surname) and e-mail address for further correspondence and any measures requested in relation to your request. If you agree to your message being published, it may be published both on our websites and in our magazines, stating your name and place of residence. If you contact us as a user or subscriber and your request is therefore within the scope of the contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise, we process your data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 sentence 1 lit. f GDPR. To provide the contact form, we work together with the CognitoForms service from Cognito LLC (1310 Gadsden St Ste 100 Columbia, SC, USA, https://www.cognitoforms.com) . For this purpose, we have concluded an order data processing contract with Cognito LLC, which guarantees compliance with your rights and the requirements of Art. 28 para. 3 GDPR.

g) Events

We invite our readers and subscribers to events at regular intervals and you have the opportunity to register for various events on our website. We use your personal information, such as your first name, surname and email address, as well as any other mandatory information, to enable you to participate in the event. For chargeable events, we require further information and data for payment processing, depending on the selected payment method. The data processing takes place exclusively for the realisation and processing of the respective event and to provide you with the necessary information for your participation. For some events, we use the option of informing you in advance by email about the start of the live stream. In addition, following the event, you will receive an email with (further) information about your event and a feedback survey. In this respect, the processing is based on Art. 6 para. 1 lit. b) GDPR. If necessary, we will pass on your data to our event partners and sponsors. The corresponding transfer of this data is necessary for the organisation of the event and is also based on Art. 6 para. 1 lit. b) GDPR.

The provision of the live stream via our service provider JW Player and the setting of corresponding cookies is based on your consent in accordance with the European Cookie or ePrivacy Directive in conjunction with the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) or the European General Data Protection Regulation (Art. 6 para. 1 lit. a) GDPR). As a rule, the following personal data is processed: the IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer), the time of the server request, the time spent on the website, the frequency with which the website is accessed. This recording is used to optimise the transmission and to count visitors.

During the livestream, participants can ask questions using the Slido interaction tool. For this purpose, we use functions of the external service provider sli.do s.r.o., Vajnorská 100/A, 831 04 Bratislava, Slovakia, which supports us as a commissioned data processor. The use of the interaction tool is voluntary, the event can also be followed without Slido. The legal basis for the activation of this service and the setting of corresponding cookies is the consent of the European Cookie or ePrivacy Directive in conjunction with the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) or the European General Data Protection Regulation (Art. 6 para. 1 lit. a) GDPR (consent)).

Consent is requested as part of the use of the tool. A reference to Slido's policy appears and you give your consent by clicking on it. It is possible to use Slido in anonymised form so that no personal data (such as your name) is transmitted to other participants or Slido. Anonymisation is expressly recommended.

Personal data such as participant data (name), text data and shared content (questions, ideas, chats, etc.), information on the device used (IP address, hardware model, software used, language settings, etc.), meeting metadata (date, time, name of the event, etc.), information on any system crashes, etc. are stored via the cookie set by Slido. This serves to guarantee the functionality of the tool and also to recognise function-critical access to the tool.

Further information on data protection at Slido can be found here: https://www.sli.do/terms#privacy-policy 

For the processing of ticket purchases or registration for a free event, functions and content of the pretix service are offered and integrated by rami.io  GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany. This includes the ticket shop, which is integrated via a JavaScript widget. rami.io GmbH processes your data on our behalf and only in accordance with our instructions. If you purchase a ticket or acquire one free of charge, pretix uses a technically necessary cookie to enable the order process and to remember which shopping basket belongs to you. The cookie is set as soon as you interact with the widget. Pretix does not store any IP addresses, browser information or other unnecessary metadata beyond the duration of your enquiry. Further information on data protection at pretix can be found here: https://pretix.eu/about/de/privacy 

If the event is (also) broadcast as a livestream, it is possible for this to bereproducedon the website www.spiegel.de and made permanently available to the public as a video after the event has finished.

In the case of registration for chargeable events, we store your data for the duration of the contract and thereafter until the expiry of the statutory limitation periods or for the duration of the retention periods under tax law. The corresponding data processing beyond the term of the contract is based on our legitimate interest in storing the data for the aforementioned purposes and thus on Art. 6 para. 1 lit. f) GDPR.

If you register for free events, we will retain your data for a period of six months for documentation purposes and in case of queries after the event.

In addition, your contact data will be stored for advertising purposes as long as you do not object to this.

h) Analysis for the prevention of abuse

Our digital services and, in particular, subscriptions may only be used in accordance with the applicable terms of use and contractual agreements. In order to detect misuse of our services and to be able to react appropriately, for example by preventing unauthorized access, data collected during the use of our digital services (login data, devices, login frequency, date and time) is processed in our internal database to protect our rights, also using cookies and similar technologies, and unusual uses are identified. The legal basis for this processing is Art. 6 para. 1 lit. b) and f) GDPR. The use of cookies and similar technologies for these purposes is possible without your consent in accordance with Section 25 (2) No. 2 TDDDG.

i) Playout of content

In some cases, we process your IP address to ensure that content on our website is always up to date. This may involve sports, election results or other information for which we assume that you wish to be kept up to date in order to stay informed. In this respect, data processing is based on our legitimate interest in always providing our users with up-to-date information and is necessary for this purpose. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. For this purpose, we may work together with external service providers with whom we conclude order processing contracts that meet the requirements of Art. 28 para. 3 GDPR.

j) Playback of videos and livestreams

We process statistical usage data (IP address, local ID, viewer ID, device type, browser type and version, times of use, duration of use) that is suitable for drawing conclusions about you as a user in order to play our videos and live streams on our websites, as well as to display advertising, suggest further videos, create reports on video activity on our websites, increase the quality of our videos, analyze user trends, detect technical problems and maintain and improve our service. We use the "JW Player" service for these purposes. The operator is Longtail Ad Solutions, 8 West 38th Street, 6th Floor, NY 10018 New York, USA, https://jwplayer.com/legal/privacy/  (hereinafter "JW Player"), with whom we have concluded an order processing contract that fulfills the requirements of Art. 28 para. 3, Art. 44 et seq. GDPR are met. The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Which articles are being read how often and by how many people? How long do viewers watch videos? How often do users visit our pages? Are there any suspicious accesses, so-called "denial of service" attacks?

Here we explain which (personal or personally identifiable) data is collected, processed and, if necessary, transmitted to which third parties and how this is done.

For this purpose, we distinguish between four areas of use below, namely

(A.) Cookies and analyses that are not personally identifiable or are used solely for technical functional and access security purposes and which can generally be set or carried out without your consent and which cannot be deactivated accordingly,

(B.) cookies and analyses that are also integrated and activated by default with the ad-free reading option, which serve to measure reach and our own analysis for functional purposes (such as fraud prevention, industry-specific reach measurement and the evaluation of the relevance of content in editorial work) and can be partially deactivated,

(C.) without selecting the read-free advertising option, in the case of free use with your mandatory consent, integrated cookies and analyses for advertising tracking and for the display of usage-based advertising by third parties / cooperation companies as well as for analysis for the submission of our own personalized publishing offers and our product and sales development.

(D.) For all users, optional cookies and analyses of "social media" and for personalized editorial content recommendations, which are deactivated by default, as well as those of editorial cooperation offers, which are activated by default.

In the following, we summarize the relevant information on these areas of use and the services used there in text form. At the same time, you can also find out about the tabular overviews here for areas A.) & B.) and in the Privacy Center for area C.). You can also find even more detailed and further information on and directly from individual services in written form in section 7 of this privacy policy.

A.) Non-personally identifiable or mandatory cookies & analyses, technical function assurance and authentication

We use cookies and similar analysis services that are required for technical functional security and authentication. These do not require consent under the Cookie or ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (Section 25 f. TDDDG) or the General Data Protection Regulation (GDPR).

The first example of this is the "accessInfo" cookie, which is used to check whether you are a user:in the ad-tracking-free read-free option and / or our paid "Plus" content. This cookie is required for authentication and thus contract execution within the meaning of Art. 6 para. 1 lit. b) GDPR, which is why it can also be set and read without your consent in accordance with the TDDDG (§ 25 para. 2 no. 2 TDDDG).

Another example is the "thirdPartyConsent" cookie, which stores whether or not users have given their consent to the display of content from third parties such as X and YouTube. This cookie is required to ensure the functionality of the integration, which is deactivated by default, and can therefore be set and used without consent in accordance with Art. 6 para. 1 lit. f) GDPR (legitimate interests) and Section 25 para. 2 no. 2 TDDDG. You can find an overview of such cookies here. The type and functionality of these services does not change, but individual services and/or cookies may be added or removed from time to time.

We also use cookies that are not used to collect and process any personal data. An example of this is the "Hotjar" service, which we sometimes use to track mouse movements in order to evaluate whether and, if so, how we can improve the positioning of certain buttons and the like and simplify the use of the website for our readers. The analysis is completely anonymized, for example by shortening your IP address, so that no conclusions can be drawn about specific persons. Nevertheless, we require consent in accordance with the Cookie or ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) for the storage of cookies from this service on your end device.) You give us this consent when you decide to use the offer free of charge or also for the read-free advertising option; it is a prerequisite for using the offer. Consent under the GDPR, on the other hand, is not required because no personal data is processed at all. Nevertheless, you can declare an "opt-out" for individual services, in which case even such anonymous analyses are prevented. You can find an overview of the relevant services here.

In addition, the following data is automatically sent to our server when you visit our website and stored in a log file for 30 days:

• IP address

• Date and time of access

• Name and URL of the retrieved file

• Website from which the access was made (referrer URL)

• User agent (usually contains information about the browser used, the computer's operating system, the manufacturer and the type designation of the mobile device)

• Amount of data transferred

• Message as to whether the access / retrieval was successful (http status code)

The aforementioned data and its processing are technically necessary for us to ensure the stability and security of our systems in order to detect misuse and provide protection against it (e.g. hacking or DDoS), as well as for error analysis and rectification.

The data processing is based on our existing legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR for the above-mentioned purposes.

Since the collection of data for the provision of the websites and the storage of data in log files is absolutely necessary for the operation of our websites, you have no option to object here. You can also only prevent this data processing by not using our services.

Finally, we use a service from Sourcepoint to prevent the use of adblockers on our website. This service stores data on the use of our website in cookies in order to prevent ad blockers and to record your settings. All evaluations are carried out anonymously rather than on a personal basis and personal data such as IP addresses are only used in abbreviated form. You cannot prevent the use of these services either.

B.) Cookies and analyses in the read-free advertising option for reach measurement and functional purposes (can mostly be deactivated with an opt-out)

We also use cookies and analytics for reach measurement and our own analytics for functional purposes (such as fraud prevention, industry-specific reach measurement and evaluation of the relevance of content in editorial work) both in the ad-free read option and in the free offer.

For these purposes, we use Adobe Analytics, for example, with the cookies listed in detail in the overview here . With the usage data collected, we optimize the offer of our journalistic content for you by evaluating the behavior, interests or demographic information of our visitor streams on a group basis. With the usage analysis, we can understand, for example, which content and / or functions of our offer are used most frequently, which age groups etc. you use and how long and which functions you use. How long and at what times this takes place. For this purpose, we may also use procedures to test different versions of our offers.

In addition, we also use the information for personalization in the "For Me" section as well as for our editorial products and also for the SPIEGEL+ and mm+ and 11F-newsletter if you have consented to this personalization calculated on the basis of your customer profile at the appropriate point.

Further detailed information on "Adobe Analytics" can be found here  .

The legal basis for the use of such cookies is § 25 para. 2 no. 2 TDDDG, the processing of your data is based on a legitimate interest and thus on Art. 6 para. 1 lit. f) GDPR. If you do not want such a needs-based design, you can set an "opt-out" for the services listed in the overview if necessary. However, unlike the advertising trackers under (C.), we do not offer our website without these cookies and analyses. If you categorically reject their use, even with the option of opting out in some cases, you will not be able to use our website. The same applies to reach measurement, which must be standardized and carried out by neutral third parties in the interest of comparability. Insofar as cookies are stored on your end devices for this purpose, this is also done in accordance with Section 25 (2) No. 2 TDDDG or Art. 6 (1) (f) GDPR on the basis of our legitimate interests, whereby no user and usage profiles are created for reach measurement and you can also opt out for these. You can find more information in the overview here . Again, the type and functionality of these services does not change, but individual services and / or cookies may be added or removed from time to time.

C.) Advertising tracking and display of usage-based advertising, own personalized publishing offers and own product and sales development.

If you have not opted for the fee-based read-free advertising option, advertisements and advertising, including our own publishing offers and product analyses, ensure the overall existence of our offers. To do this, advertisers and we need reliable information about how many readers see their ads. They also expect their advertising to be prioritized to those users who are likely to be interested in their products or topics, and the same applies to our content. For this purpose, we use and enable advertising partners in the free offer to track usage data for so-called usage-based online advertising (ads are tailored to user interests), i.e. to collect usage data and process it pseudonymously to create usage profiles ("advertising tracking"). This data is used to show you, or rather your end device, the advertising that you are likely to pay more attention to.

The marketing of the advertising spaces on our website is carried out by iq digital media marketing gmbh, Toulouser Allee 27, D-40211 Düsseldorf as the controller and together with us "joint controller" within the meaning of Art. 26 GDPR. In this context, we and iq digital have concluded a joint agreement to regulate which of us fulfills which obligations under the GDPR. This relates in particular to the exercise of the rights of data subjects and the fulfillment of the information obligations under Articles 13 and 14 GDPR. The data protection obligations are distributed as follows:

1. we are responsible under data protection law within the meaning of the GDPR for our offers and the cooperation offers that we have included on our websites at our own discretion. This applies in principle to all data processing activities that are explained in our privacy policy outside of this section, unless explicitly described otherwise (in particular in section 7).

2. iq digital creates profiles for advertising marketing under its own responsibility within the meaning of the GDPR with the help of third parties/vendors.

3. we and iq digital are jointly responsible for all further collection and transmission of data for the implementation of online marketing measures carried out by iq digital and/or the third parties/vendors and listed here: https://www.iqdigital.de/service/datenschutz-nach-tcf/. 

You can assert your data protection rights both with us and with iq digital using the contact details given above. You will generally receive information from the body to which rights have been asserted, with the exception of requests relating to data processing at publisher level, for which you will receive information from us.

In addition to the information in our privacy policy, you can also find out more about the partners and tool providers used by iq digital and the respective data processing in iq digital's privacy policy . In iq digital's privacy policy you will find, for example, information about the recipients of data, deletion periods, permissions and detailed information about the exact purposes of data processing by each individual partner and tool provider.

To enable the delivery of interest-based content and/or targeted online and cross-channel advertising (e.g. web, email, connected devices, in-app advertising, etc.), we may share personal data or other information we collect from you, such as your email address (in hashed, pseudonymized form), your IP address and/or information about your browser or operating system with ID5 and its group companies and other partners (Google. Google Advertising Products) who act as data controllers in this area. ID5 and the other partners use this information to create an ID that can be used to recognize you on your devices. This ID does not contain any of your identifiable personal data. We may place this ID in our first-party cookie or use an ID5 or partner cookie and allow it to be used for the above purposes. This ID may be shared by us or on our behalf with our advertising partners and other third party advertising providers worldwide. The legal basis is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Detailed information on ID5's data processing activities in connection with this ID and the ID5 opt-out can be found in the ID5 platform privacy policy at the following link: https://id5.io/platform-privacy-policy ,  for Google Advertising Products at https://myadcenter.google.com/home?hl=d. 

Google is integrated as an advertising partner with Google AdWords and can place and use advertising cookies with us in accordance with the same guidelines. If you click on an advertisement placed by Google, a cookie valid for 30 days is stored without personal data, which registers your clicks on the advertisement with us and is used for statistics. You can object to this here .

An overview of the advertising service providers approved and currently used for the free offer, the so-called "third-party trackers", can be found in our Privacy Center. The type and functionality of these services does not change, but individual services and/or cookies may be added or removed from time to time. Consent to advertising tracking is mandatory when using the free offer, the same applies to the submission of our own personalized publishing offers and the analysis for our product and sales development.

The legal basis for their use by us is consent in accordance with the European Cookie or ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) or the European General Data Protection Regulation (Art. 6 para. 1 lit. a) GDPR (consent)).

As a general rule, your use of our offers is recorded during tracking, e.g. individual clicks, subpages visited, advertising banners viewed, etc., so that ads can also be tailored to you there. So that ads can also be tailored to you where cookies do not work optimally, for example in apps on smartphones, cookie-like techniques and sources such as device data may be used. To prevent this, go to the "Google settings" app on Android smartphones or scroll down to "Google" in the general settings app, tap on "Ads" and uncheck the box next to "Interest-based advertising". On iOS devices, where we use Apple's Advertising Identifier, go to the Settings app, then to "Privacy", then to "Advertising" and make your specific settings.

We ourselves use the analyses to be able to address you with on-site campaigns and personalization according to the profile information determined or, if applicable, provided by you. These profile characteristics are derived from the context (the content of the website displayed), from your profile creation characteristics, from the analyses and tests for product development and from calculated characteristics based on cookie information. Characteristics for a profile-related approach are the engagement score (identification of your profile with a calculated intensity of use of our offers), the propensity score (identification of your profile with a calculated probability of subscription) and the churn score (identification of your profile with a calculated probability of termination). These scorings help us to create segments for playing out tailored and relevant on-site campaigns including suitable surveys, the latter also for playing out e-mail campaigns. You can object to the processing of your scorings and other advertising measures at any time, for example by sending an email to datenschutz@spiegelgruppe.de .

D.) (Optional) additional services

1. social media

We integrate postings and recommendation functions from platforms such as Facebook, YouTube, X, Instagram, Giphy, Imgur, Spotify, TikTok, Vimeo, Reddit or the map service Mapbox on our website. These services are inactive by default, but can be activated by the user. These services are mainly based in the USA, but are subject to the usual data protection rules in EU and EEA countries. For example, if you actively use a recommendation button on our site or read an article with an embedded post, YouTube video or Spotify playlist, general framework data such as your IP address may be transmitted back to the social networks and platforms through the embedding technology. We have no influence on how the platforms use the data, including to create user profiles. Please inform yourself directly on Facebook, Twitter, Spotify, TikTok, YouTube, etc. and adjust your privacy settings there.

The legal basis for the activation of these services and the setting of the corresponding cookies etc. is the consent in accordance with the European Cookie or ePrivacy Directive in conjunction with the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) or the European General Data Protection Regulation (Art. 6 para. 1 lit. a) GDPR (consent).

In the social networks and on the other external platforms, the respective companies' own data protection regulations apply, even if we disseminate information and maintain a presence there with our brands.

You can find out more about the privacy policies of the individual third-party providers under the following links:

• Content from X: We integrate X content into the website via the Tweet plugin. To the privacy policy of X: https://twitter.com/de/privacy 

• Content from Facebook: We integrate Facebook content into the website via the Facebook plugin. To the Facebook privacy policy: https://www.facebook.com/privacy/explanation 

• Content from YouTube: We use the YouTube player to integrate videos from its YouTube channels or videos from other providers into the website. To the Google privacy policy: https://support.google.com/youtube/answer/2801895?hl=de 

• Content from Vimeo: We use the Vimeo player to integrate videos or videos from other videos from other providers into the website. To the privacy policy of Vimeo: https://vimeo.com/privacy 

• Content from Instagram: Instagram's "Embed" function allows us to integrate images and videos from Instagram into our website. To the Instagram privacy policy: https://www.instagram.com/legal/privacy/ 

• Content from Reddit: Reddit's "Embed" function enables texts, images and videos from Instagram to be integrated into our website. To the Reddit privacy policy: https://www.reddit.com/policies/privacy-policy 

• Content from Giphy: The "Embed" function from Giphy enables the integration of GIFs on our websites. To the privacy policy of Giphy: https://giphy.com/privacy 

• Content from Imgur: With Imgur we can integrate Imgur content, such as images. To the Imgur privacy policy: https://imgur.com/privacy 

• Content from Spotify: We use Spotify to integrate songs, albums or playlists into our websites. To the Spotify privacy policy: https://www.spotify.com/de/legal/privacy-policy/ 

• TikTok content: We use the TikTok plugin to integrate videos from TikTok. To the privacy policy of TikTok: https://www.tiktok.com/legal/privacy-policy?lang=de 

• Content from Mapbox: We integrate maps with Mapbox. To the data protection information: https://www.mapbox.com/legal/privacy/ 

2. own personalized editorial content recommendations

As part of our "personalized editorial content recommendations and reviews”, we would like to offer you the opportunity to have your use of our services analyzed and to suggest editorial content at selected points based on your reading behavior. For this purpose, we use the data already collected as part of our basic tracking (so-called "clickstream”, ECID-ID and SSO-Tracking-ID), which allows us to track your surfing behavior and navigation on our site). The data in the "clickstream” only includes data for which you have not yet requested deletion and that is still available to us. The legal basis is your voluntarily declared consent (Art. 6 para. 1 sentence 1 lit. A GDPR). For the processing of clickstream data, we work together with the provider Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart, Dublin 24, Ireland), with whom we have concluded a contract for these purposes for commissioned data processing in accordance with Art. 28 (3) GDPR. You can find more information about this purpose in our Privacy Center.

3. editorial cooperation offers

We frequently use services from cooperation partners in our articles, for example for surveys or discussion questions. As with social networks and platforms, if you read an article with an embedded survey, for example, general framework data such as your IP address can theoretically be transmitted back to the social networks and platforms. As we generally include these services as part of our journalistic offerings, the legal basis is the European Cookie or ePrivacy Directive in conjunction with the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 f. TDDDG) or Art. 6 para. 1 lit. a) GDPR (consent). Here, however, you have the option of deactivating the services and withdrawing your consent. You should check the websites of the cooperation partners for detailed information about their data protection policies:

• Datawrapper: We use this service to create editorial infographics for our posts. When you access these infographics, general usage data is collected, but not the IP address of your device. Datawrapper does not pass on any other user data to commercial third parties. You can find out more about data protection at Datawrapper here  .

• Games: Some of our offers integrate browser games from our cooperation partner kr3m from Karlsruhe, which stores the websites and files accessed, the associated time data, the browser and operating system and the IP address including provider in log files. This data is only used for statistics to optimize security and services, as well as for tracking illegal use - under no circumstances is personal data passed on without the user's consent. You can find out more about data protection at kr3m here  .

• Heise price comparison
  
  We use widgets on our websites, e.g. with price information, tables or images (widgets) from Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hanover (Heise Medien). The widgets serve, among other things, to provide an overview of the prices of various providers. At the same time, it is possible to access the offer directly via an affiliate link. The widgets are made available via a programming interface from Heise Medien. When you as a visitor:call up a web page with a widget on our website, your IP address, user agent string and standard header are transmitted to Heise Medien. This is technically necessary in order to be able to respond to inquiries. This data is stored for a maximum of 7 days and then deleted or anonymized so that it is no longer possible to identify the calling client. The processing of the data required by you is carried out on the basis of Art. 6 para. 1 lit. f) GDPR exclusively to safeguard our legitimate interests, in particular for technical reasons, for IT security purposes and to fulfill user interests and for the economic operation of our online offer.

We ourselves also rely on advertising our services on the Internet. We use various individualized advertising options to reach you and other potential readers directly:

• Google Remarketing: We use Google's remarketing function to present you with ads for our offers in the global Google advertising network that match your usage preferences. You will be recognized in this network via cookies, but not identified as a person. You can deactivate this technology here .

• Facebook remarketing/retargeting: Where appropriate, we have integrated remarketing tags from the social network into our offers. If you are logged in to Facebook, the platform receives the information that you have visited our site, allowing us to target you with advertising on Facebook. The transmission of your data as a Facebook user is regulated in the privacy policy of the network itself. You can deactivate the so-called Custom Audiences for your profile here . We do not use the Custom Audience email process.

• Bing Ads: The service of the US company Microsoft sets a cookie if you have reached one of our offer pages via a Bing ad so that we know the total number of clicks from the ad to our offers. Your user profile is only recorded in pseudonymized form. No data is transferred. You can prevent this here .

• Sovendus: This German service provider offers some of our products for sale on the Internet as an advertising partner. In order to ensure correct billing, a pixel of the service is sent when a purchase is made in order to transmit the ordered offer pseudonymized and encrypted, including timestamp and IP address, whereby the latter is only used for data security purposes and is usually anonymized after seven days. Details on data protection at Sovendus can be found here  .

• Outbrain Amplify: On our websites we use the technology of Outbrain Inc ("Outbrain", 39 W 13th Street New York, NY 10011 USA). This enables us to target advertising on our partners' websites to those visitors who are or have been interested in our content. The technology is based on a cookie-dependent analysis of previous usage behavior. This advertising only appears on Outbrain advertising spaces, either on Outbrain Engage advertising spaces or the Outbrain Extended Network. If you do not wish to be shown interest-based advertising, you can deactivate this function here  . Further information can be found here: https:  //lp.outbrain.com/gdpr-ready/.
  The Outbrain smart feed embedded in our website in the read-free advertising option does not process any personal data of our users - despite contrary expectations due to the popularity of the offer for personalized content recommendations and advertising. The display of content takes place without any profiling or tracking and thus complies with the requirements of the ad-free reading subscription.

• X Conversion Tracking: We have integrated the X website tag on our websites. This tag establishes a direct connection to the X servers when you visit one of our websites and transmits the fact that you have visited our websites. Twitter assigns this information to your personal X user account. In this way, we can place targeted ads based on your previous page views and activities (remarketing). The data processed by X in this way does not allow us to identify you personally. This pseudonymous information is also not combined with other information about you. You can find more information on the collection and use of data by X and your rights in this regard in X's privacy policy here  . Options for protecting your privacy and settings for personalized content on X can be found here .

• TikTok Retargeting: Where appropriate, we have integrated retargeting pixels from the social network into our offers. If you are logged in to TikTok, the platform receives the information that you have visited our pages, which allows us to target you with advertising on TikTok. The transmission of your data as a TikTok user is regulated in the "Ads and your data" guidelines of the network itself, which you can find here . You can deactivate the settings for personalized advertising for your account here .

Art. 15 GDPR: Right to information of the data subject

You have the right to obtain information from us about which of your personal data we process.

Art. 16 GDPR: Right to rectification

If the data concerning you is incorrect or incomplete, you can request the correction of incorrect data or the completion of incomplete data.

Art. 17 GDPR: Right to erasure

Under the conditions of Art. 17 GDPR, you can request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our legal or contractual obligations.

Art. 18 GDPR: Right to restriction of processing

Under the conditions of Art. 18 GDPR, you can request the restriction of the processing of personal data concerning you.

Art. 21 GDPR: Right to object

For reasons arising from your particular situation, you can object to the processing of your personal data at any time.

Art. 7 para. 3 GDPR: Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

A.) Privacy Policy - INFOnline Measurement

Privacy Policy Web - INFOnline Measurement
Our website uses the multi-stage measurement method 'INFOnline Measurement' from INFOnline GmbH (https://www.INFOnline.de ) to determine statistical parameters (page impression, visit, (technical) client) about the use of our digital offering.

The aim of usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behavior - on the basis of a uniform standard procedure - and thus to obtain market-wide comparable values.

As a member of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW - https://www.ivw.eu  ), the usage statistics are regularly provided by the IVW with the performance values 'Page Impression' and 'Visit' in the IVW report (https://ausweisung-digital.ivw.de/  ).

1 Legal basis for processing

The measurement with INFOnline Measurement (pseudonymous system: IOMp) by INFOnline GmbH is carried out as part of a usage measurement with consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The purpose of processing personal data is to generate digital performance values (page impression, visit and (technical) client) for the creation of statistics. The statistics are used to track and document the use of our website.

2. type of data

The data collected with INFOnline Measurement does not allow a user to be clearly identified as a person due to the type and amount of data.

A JavaScript code (so-called 'Measurement Manager') is used, which automatically integrates and executes the necessary measurement sensors for anonymous and / or pseudonymous data processing to determine the key figures on the basis of the consent information from the Consent Management Platform (CMP) used by the provider for the digital offer when called up via the browser or the user's end device (client). INFOnline Measurement is designed as an anonymous system (without client identifier) and as a pseudonymous system (with client identifier).

In the anonymous census procedure (IOMb)

completely dispenses with the processing of personally identifiable information, in particular the IP address. This is completely removed from communication and processing. For this purpose, a communication interface, the so-called 'service platform', prevents the exchange of the user's IP address with the INFOnline systems as a measurement endpoint within the framework of INFOnline Measurement. The IP address as personal data is discarded in the census procedure on the service platform before the measurement call is forwarded to INFOnline. There is also no geolocalization using the IP address. The data set generated in the census procedure is a pure PI data collection.

With the pseudonymous measurement method (IOMp)

the following data is collected with the 3rd party cookie 'i00' (ioam.de) and the 1st party cookie 'ioam2018', which has a personal reference according to the EU GDPR:

- IP address:

On the internet, every device requires a unique address, the so-called IP address, to transmit data. The at least short-term storage of the IP address is technically necessary due to the way the internet works.

The IP addresses are further processed in full using the pseudonymous procedure.

- A randomly generated client identifier:

Reach measurement uses unique identifiers of the end device, a 'Local Storage Object' (LSO) or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique for a browser as long as the cookie or local storage object is not deleted. It may also be possible to measure the data and subsequently assign it to the respective identifier if you visit other websites that also use INFOnline GmbH's pseudonymous measurement method. The following unique identifiers can be transmitted to INFOnline GmbH as a hash:

- shortened client IP or X-Forwarded-For (XFF)

- User agent (as hash)

Personal data within the meaning of the EU GDPR is only used for measurement to the extent that a JavaScript is used against a user who has been assigned a unique identifier.

individual IP address and a randomly generated client identifier to access web content.

3. use of the data

INFOnline GmbH's measurement method, which is used on this website, determines usage data. This is done in order to collect the performance values Page Impression, Visit and Client.

- Geolocalization

The pseudonymous measurement method (IOMp) is used to assign a website visit to the location of the visit exclusively on the basis of the anonymized IP address and only up to the geographical level of the federal states / regions. Under no circumstances can the geographical information obtained in this way be used to draw conclusions about a user's specific place of residence.

- Cross-offer consolidation of usage data

The usage data of a (technical) client (e.g. a browser on a device) is merged across websites using the pseudonymous measurement method (IOMp) and stored in a database.

4. storage duration of the data

The complete IP address is not stored by INFOnline GmbH.

The IP address is only used to receive the data packets and is then shortened by 1 byte.

In the census procedure, the shortened IP address is discarded; in the pseudonymous procedure, it is stored for a maximum of 60 days. In the pseudonymous procedure, the usage data is stored for a maximum of 6 months in conjunction with the unique identifier.

The validity of the 'i00' cookie used in the pseudonymous procedure and the 'ioam2018' cookie on the user's end device is limited to a maximum of 1 year.

5 Forwarding of the data

The IP address and the shortened IP address are not passed on.

6 Rights of the data subject

The data subject has the following rights

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to object (Art. 21 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 et seq. GDPR)

Right to data portability (Art. 20 GDPR)

Right to revocation (Art. 7 para. 3 GDPR) (with consent)

For inquiries of this kind, please contact datenschutz@spiegelgruppe.de. Please note that we must ensure that we are actually dealing with the data subject for such requests.

The data subject has the right to lodge a complaint with a data protection authority.

Further information on data protection in INFOnline Measurement can be found on the website of INFOnline GmbH (https://www.infonline.de ), which operates the measurement procedure.

Privacy policy app - INFOnline Measurement

Our application uses the multi-stage measurement method 'INFOnline Measurement' from INFOnline GmbH (https://www.INFOnline.de ) to determine statistical parameters (page impression, visit, (technical) client) about the use of our digital offering.

The aim of usage measurement is to statistically determine the intensity of use, the number of uses and users of our application and their surfing behavior - on the basis of a uniform standard procedure - and thus to obtain market-wide comparable values.

As a member of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW - https://www.ivw.eu  ), the usage statistics are regularly provided by the IVW with the performance values 'Page Impression' and 'Visit' in the IVW report (https://ausweisung-digital.ivw.de/  ).

1 Legal basis for processing

The measurement with INFOnline Measurement (pseudonymous system: IOMp) by INFOnline GmbH is carried out as part of a usage measurement with consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The purpose of processing personal data is to generate digital performance values (page impression, visit and (technical) client) for the creation of statistics.

The statistics are used to track and document the use of our website

2. type of data

The data collected with INFOnline Measurement does not allow a user to be clearly identified as a person due to the type and quantity of data.

Measurement libraries are used that automatically integrate and execute the necessary measurement sensors for anonymous and / or pseudonymous data processing to determine the key figures when the app (client) is called up.

With the anonymous census procedure (IOMb)

completely dispenses with the processing of personally identifiable information, in particular the IP address. This is completely removed from communication and processing. For this purpose, a communication interface, the so-called 'service platform', prevents the exchange of the user's IP address with the INFOnline systems as part of the INFOnline measurement. The IP address as personal data is discarded in the census procedure on the service platform before the measurement call is forwarded to INFOnline. There is also no geolocalization using the IP address. The data set generated in the census procedure is a pure PI data collection.

With the pseudonymous measurement method (IOMp)

the following data is collected with the measurement library, which has a personal reference according to the EU GDPR

- IP address:

On the internet, every device requires a unique address, the so-called IP address, to transmit data. The at least short-term storage of the IP address is technically necessary due to the way the Internet works.

The IP addresses are shortened by 1 byte before any processing and only processed further in anonymized form. The unabridged IP addresses are not stored or processed.

- A randomly generated client identifier:

Reach measurement uses unique identifiers of the end device or a signature created from various automatically transmitted information from your device to recognize computer systems. It may also be possible to measure the data and subsequently assign it to the respective identifier if you access other applications that also use INFOnline GmbH's pseudonymous measurement method. The following unique identifiers can be transmitted to INFOnline GmbH as a hash:

- Advertising identifier

- Installation ID

- Android ID

- Vendor ID

Personal data within the meaning of the EU GDPR is only used for measurement to the extent that a library/SDK is used for a user who has been assigned an individual IP address and a randomly generated client identifier to access app content. The pseudonymous measurement is only carried out if the user has given positive consent from the Consent Management Platform (CMP).

3. use of the data

The INFOnline GmbH measurement method used in this app determines usage data. This is done in order to collect the performance values Page Impression, Visit and Client.

- Geolocalization

The assignment of an app usage to the location of the call is based exclusively on the anonymized IP address and only up to the geographical level of the federal states / regions. Under no circumstances can the geographical information obtained in this way be used to draw conclusions about a user's specific place of residence.

- Cross-offer consolidation of usage data

The usage data of a (technical) client (e.g. a browser on a device) is merged across applications and stored in a database.

4. storage duration of the data

The complete IP address is not stored by INFOnline GmbH.

The IP address is only used to receive the data packets and is then shortened by 1 byte.

In the census procedure, the shortened IP address is discarded; in the pseudonymous procedure, it is stored for a maximum of 60 days. In the pseudonymous procedure, the usage data is stored for a maximum of 6 months in conjunction with the unique identifier.

5 Passing on the data

The IP address and the shortened IP address are not passed on.

6 Rights of the data subject

The data subject has the following rights

- Right of access (Art. 15 GDPR)

- Right to rectification (Art. 16 GDPR)

- Right to object (Art. 21 GDPR)

- Right to erasure (Art. 17 GDPR)

- Right to restriction of processing (Art. 18 et seq. GDPR)

- Right to data portability (Art. 20 GDPR)

- Right to revocation (Art. 7 para. 3 GDPR) (with consent)

For inquiries of this kind, please contact datenschutz@spiegelgruppe.de. Please note that we must ensure that we are actually dealing with the data subject for such requests.

The data subject has the right to lodge a complaint with a data protection authority.

Further information on data protection in the measurement process can be found on the website of INFOnline GmbH (https://www.infonline.de ), which operates the measurement process.

B.) About our partnership with Ad Alliance GmbH

We and our marketer Ad Alliance GmbH use your IP address, which is always transmitted to us for technical reasons, and your user agent, i.e. automatic information about your device, which is transmitted to us by your device, for the following purposes in connection with the playout of advertising in our podcasts:

• Determining the approximate location of your Internet provider's dial-up node (radius approx. 10 km) for the playout of locally relevant advertising: in this process, the IP address is regionally narrowed down in order to select and play out advertising with regional relevance within our podcast. No profile is created about you

• Limitation of the playout frequency (frequency capping): Here, the IP address and user agent are used to log in our systems how often a certain commercial has already been listened to. This enables us to ensure that users do not always receive the same commercial, or to limit the frequency of identical commercials in order to achieve a better overall advertising impact and a more pleasant user experience.

• Statistical determination and analysis of the audience of our podcasts:Here, IP address and user agent are used in order to make - insofar as you have given us consent to this elsewhere - an assignment to a profile that may already exist about you. Such a profile will only exist about you if you have given your consent to this on one of our other offers. If such an assignment can be made, we will use the data from the existing profile to conduct statistical surveys about the listenership of the podcast and assign it to an approximate target group (e.g., certain age group or a general interest profile, such as "interested in sports"). There is no enrichment of a profile of you and no personalized advertising is played to you via this. The data processing only takes place in relation to the content of the podcast, not in relation to you as a person

Legal basis:

The legal basis for the aforementioned processing is Art. 6 1f) DSGVO (legitimate interests). It is our interest to market our podcasts in the best possible way and to make advertising relevant and varied. Furthermore, we have an interest in knowing to which user groups the listeners of our podcasts belong. You will not suffer any disadvantages as a result of this processing. No profiles will be created about you, nor will you be addressed as a person in the form of direct advertising. Rather, you will receive more varied and relevant advertising instead of random repetitive advertising.

There is no right of objection within the meaning of Article 21 (1) sentence 2 of the Data Protection Regulation in terms of the aforementioned balancing of interests.

C.) About Adobe Analytics

We use the tracking tools Adobe Analytics and Adobe Audience Manager on our websites. These are services provided by Adobe Systems Software Ireland Limited, Ireland, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe").

Tracking is pseudonymous, i.e. we cannot draw any direct conclusions about you as a person from the information we receive through tracking unless you are logged into your SPIEGEL account. If you are logged into your SPIEGEL account, the data will be linked to your SSO-Tracking-ID during tracking. Cookies are used for the web analysis process and to store and process information about your usage behavior, with which the browser of your end device can be identified.

We use Adobe for marketing, personalization and optimization purposes, in particular to analyze the use of our websites and services and to continuously improve and personalize individual functions and products as well as the user experience.

The integration of Adobe is based on the legal grounds of Art. 6 para. 1 lit. f) GDPR (Legitimate Interest) and Art. 6 para. 1 lit. b) GDPR (performance of contract).

You can stop tracking by Adobe at any time by clicking on the following link (»opt-out«): https://sams.spiegel.de/optout.html?popup=1&locale=de_DE.

This is inhibited by setting a cookie on the end device you are using. If you delete the cookie or use another end device or web browser, the opt out must be set up again. For our mobile apps, you have to configure this in the respective app settings.

D.) About Localytics

App analysis with Localytics: To better understand the usage of our apps for smartphones and tablets, we perform analysis in some apps using the service Localytics – how often they are accessed, what is clicked on, etc. Your data is pseudonymized and you are never identified as an individual. You can disable the analysis in the settings (on iOS in iOS Settings > App > Send Usage Data; on Android directly in the app menu in the settings themselves).

E.) Chatbot

For general service requests, we offer you the possibility of obtaining information on our website about our customer service and self-care solutions through the use of Chatbot. Our technical service provider for this service is knowhere GmbH, Steinhöft 9, 20459 Hamburg.

No further information is required from you for the use of Chatbot. Log files and chat histories are stored for 30 days in order to optimize the artificial intelligence behind Chatbot.

Data processing is carried out on the basis of our legitimate interests in accordance with Art. 6, Para. 1, Sentence 1, lit. f of GDPR.

F.) About our partnership with Consentric Technology

Deutsche Post AG's Consentric process was developed from the outset against the backdrop of data protection requirements and aims to process as little personal data as possible. With the Consentric procedure, Deutsche Post AG, with the involvement of various partners, links a cookie stored on a user's terminal device with a microcell of Deutsche Post Direkt GmbH (»DP Direkt«). This microcell contains only one statement about a group - an average of 6.6 people - so that the cookie identifier (cookie ID) cannot be assigned to an individual person. Various addresses have been combined in a microcell, so that the Consentric procedure has been used to link an end device to a microcell as a geographical location in compliance with data protection requirements. You can object to the data processing within the scope of the described procedure under the following link: https://pixel.consentric.de/optout . You can object to the use of the cookie of the service provider intelliAd (diva-e Products GmbH, Sendlinger Str. 7, 80331 Munich, Germany) using the intelliAd opt-out function.

With regard to the forwarding of the cookie ID read during your visit to our website, there is a joint responsibility between us and Deutsche Post AG in accordance with Art. 26 GDPR. We are therefore jointly responsible with Deutsche Post AG for the protection of your personal data. The joint responsibility is limited to forwarding the cookie IDs read by you on our websites to Deutsche Post AG for participation in the Consentric process (conversion to a microcell). The individual process steps are divided as follows: We are responsible for pixelation/installation of a script on our web pages and forwarding of the intelliAd cookie along with campaign information to Deutsche Post AG. Deutsche Post AG is responsible for the operation of the Consentric process and the specifications to us for forwarding your cookie IDs to Deutsche Post AG. With the help of the cookies, it can be recognized that you are visiting a website participating in the measurement. This information is then aggregated on the basis of the anonymous microcell of Deutsche Post Direkt GmbH. This means that it can no longer be assigned to you. At no time are individual users identified by name. Your identity therefore remains protected. Deutsche Post Direkt GmbH has data protection-compliant procedures for sending postal advertising based on the selection of a microcell. This process of selecting a microcell is facilitated by the Consentric process, which automatically indicates which microcells are of interest to an advertising company on the basis of the upstream measurement process. For example, calling up a web page can trigger the sending of a postal advertising letter. If you have any further questions about the handling of personal data, in particular if you would like information about processed personal data or wish to assert further rights, please first contact the website operator. The right to also assert your data subject rights against Deutsche Post AG at consentric@deutschepost.de  remains unaffected.

G.) About our partnership with AWIN AG

We process your personal data to conduct an affiliate marketing campaign. In this way, we are able to track which third-party website, app or other technology provider has referred potential customers to our websites and apps ("referrer") and pay them a commission in return for these referrals. In doing so, we pursue the legitimate interest of running an online advertising campaign that is remunerated based on performance. We work together with Awin, which supports us in implementing this affiliate marketing campaign. The Awin privacy policy can be found here . It contains information about your rights in relation to data processing by Awin. In some cases, Awin may maintain a restricted profile that relates to you. However, this will not reveal your identity, online behavior or other personal characteristics. The sole purpose of this profile is to track whether a referral was started on one device and completed on another.

In some cases, Awin and the referrer of the potential customer may receive and process your personal data in order to implement the affiliate marketing campaign together with us.

Likewise, we receive personal data of potential customers from Awin and the referrers, which can be divided into the following categories: Cookie data, data related to the website, app or technology from which a potential customer was referred to us and technical information about the device you are using.

H.) About our partnership with The Reach Group GmbH

Cookies are used on our websites to enable the placement of retargeting campaigns by The Reach Group GmbH (Am Karlsbad 16, 10785 Berlin, Germany). The data stored within the cookie is only an encrypted, pseudonymized user ID. The adserving technology uses a shortened and hashed IP address to evaluate the geographical region, access speed and Internet provider. In addition, the time of the visit, the IDs of the products that were viewed, searched for or purchased, the URLs of the pages viewed, possible search terms and/or the IDs of the categories called up are stored in order to deliver more relevant advertising content. IP or browser data is stored exclusively in Germany and for the anonymized preparation of visitor statistics and assignment of transactions. A conclusion on concrete persons, the exact address, the location or further personal data is not possible at any time. IP data is not explicitly passed on to third parties. All information also has a maximum expiration date of 90 days, after which your browser automatically deletes the stored data. You can prevent the storage of the cookie by setting your browser software accordingly. You can also prevent the collection of data generated by the cookie and related to your use of the website by activating the OptOut function at the following link:

https://hal9000.redintelligence.net/privacy/8lcfmzhxc8d6/ 

You can find more information about the data protection of The Reach Group GmbH at.

https://trg.de/datenschutzerklarung/ 

This objection is valid as long as the associated OptOut cookie is not deleted. This cookie is set for the domain, per browser and user of a computer. If you access our websites from several end devices and browsers, you must therefore object to the data collection separately and again on each of these devices and in each browser.

I.) About our partnership with mit targeting360 GmbH

So-called "cookies" are used on our websites to enable the placement of retargeting campaigns by targeting360 GmbH (Gredinger Str. 28, 90453 Nuremberg), which works with the adserving technology of NEORY GmbH. In addition, further calls to the following technologies can be loaded after the NEORY technology, which may set cookies: Adform, Adition, Google, MediaMath, The Trade Desk, Emego. This serves to present interest-based advertisements to visitors to the website as part of our partner advertising network.

Cookies can generally enable us to make our website more user-friendly, effective and secure. Cookies are small text files that are saved by your browser and stored on your computer. Most of the cookies used are so-called "session cookies", which are automatically deleted at the end of your visit to a website. Other cookies remain stored on your end device until you delete them. In general, you can prevent the storage of cookies by setting your browser software accordingly.

By reading the identifier stored in a cookie, it is possible to recognize your device when you visit websites that belong to the advertising network. On these pages, visitors can then be presented with advertisements relating to content that they have accessed on websites that use the aforementioned ad serving technology. With the technology used here, an IP address anonymized by shortening and hashing and a cookie ID are used to process and evaluate the following information: Location by country/region/state/city, internet provider, access speed, technical information on the browser and end device used, operating system, preferred languages according to browser settings, HTTP referrer, time of server request. The hashed IP address and the cookie ID are pseudonyms. The processed data can therefore not be directly assigned to specific persons.

The legal basis for the use of the cookies used here and the subsequent processing is the consent given for this in accordance with Art. 6 para. 1 lit. a) GDPR. Consent to the processing of personal data - and also to the use of cookies - can be withdrawn at any time. You can terminate the processing of the above-mentioned data based on your consent and the further use of the cookies used for this purpose by exercising your right of revocation or objection under the following link: https://ad.ad-srv.net/privacy/kdb0xdq3ls8m/ 

J.) To Linkfire

StorifyMe GmbH: In some offers, we use this German platform to create editorial stories. When you open these stories, general usage data is recorded, but not the IP address of your device. Your IP address, user agent string and standard header will be transmitted to StorifyMe GmbH and processed, but not recorded.

If, as a visitor to our website, you call up a website with a stories widget, your IP address, user agent string and standard header will be transmitted to StorifyMe, but they won't be processed or recorded.

You can find out more about data protection at StorifyMe here .

K.) About our partnership with Linkfire

We use the music distribution analysis tool "Linkfire" from Linkfire A/S, Artillerivej 86 3rd, Copenhagen 2300 Denmark ("Linkfire"), with whom we have concluded a data protection order processing agreement.

For this purpose, we maintain specially set up websites (so-called landing pages) on the Linkfire platform, on which we can display various online music services clearly in a link that redirect you to our podcasts.

Linkfire allows us to track and analyze your usage behavior in relation to the Linkfire links displayed. Such an analysis is carried out by Linkfire using cookies ("performance cookies") on our behalf, which are stored on your respective end device when you visit one of our landing pages and interact with a Linkfire link. These cookies store certain settings about your browser as well as data about the exchange with our landing pages. If such a cookie is activated, it is assigned an identification number (cookie ID) that identifies your browser and allows the data contained in the cookie to be used. In particular, this makes it possible to determine how often the individual Linkfire links were clicked on, which online music services were clicked on and from which channel this was done. The usage behavior determined is then communicated to us by Linkfire in the form of a clear report. The data collected in this way is anonymous to us. It is stored on Linkfire's servers in Denmark. The purpose and scope of the data collection and the further processing and use of the data by Linkfire as well as your rights in this regard and setting options to protect your privacy can be found in Linkfire's data protection information at https://help.linkfire.com/hc/en-us/articles/360003273554-Privacy-Portal . 

If you do not want Linkfire to collect data about you, you have the option of preventing this at https://help.linkfire.com/hc/en-us/articles/360003273554-Privacy-Portal#h_843765285401525169613598  .

This measure is carried out by us on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.