PRIVACY POLICY

We are very pleased about your interest in die dame. To be able to offer die dame, we of course require certain data about you. We take the protection of personal data very seriously and always process it in compliance with applicable data protection regulations, in particular the European Union General Data Protection Regulation (GDPR). With this privacy policy, we aim to fully inform you about how, why and to what extent we process personal data, and what your rights are as a data subject.



1. Data controller and general information

Your data will be processed by [data controller (responsible processor – company name, address, telephone, email)] (service provider for the purposes of the Act for Telecommunication Media Services (TMG) and data controller for the purposes of the General Data Protection Regulation (GDPR).

When we use terms such as “we” or “us”, this is who we are referring to. We consider die dame to mean any sub-pages, content and functions (for instance discussion forums, prize draws) present in this document [please specify domain(s)] and the various apps of [please enter division/brand names] as well as (free text relating to offline services such as print publications with named magazines/newspapers, distribution). Individual elements of die dame are also referred to as “online services” below. The same is meant wherever we refer to a website or app below.



2. Collection and processing of personal data

You can usually use online services that do not require payment or registration without providing personal data. In certain cases, however, we may process personal data listed under point 3. This is only done as is necessary to provide a functioning website or app, our content and our services. We also process personal data in connection with the use of die dame insofar as you provide such data voluntarily, for instance for the purpose of registration, a prize draw, sending us an enquiry, submitting an application to us, subscribing to a publication, or some other legal basis (see point 4). If you do not wish to provide personal data, you will unfortunately not be able to make use of our services or will only be able to use them to a limited degree.



3. Categories of processed data

As soon as you make use of SERVICE, our system will automatically collect information from the computing device accessing the service. The following data may be collected by way of example:

• Information about the browser type and version used
• The operating system of the user
• Mobile device ID
• Shortened IP address of the user
• Date and time of the access
• Web analysis data / pseudonymised user profiles (cookie ID, ad ID, etc.)
• Websites from which the users access our website
• Websites that the users access from our website

We also process the following personal data insofar as there is a contract in effect between you and us or if you have provided us with the data by other means:

• Personal details (name, address, date of birth)
• Contact details (telephone number, email address)
• Contract details (contractual relationship, product or contract interest, order history)
• Account details with password
• Invoicing and payment data
• Comments, articles, etc.
• Employee details (name, address and contact details, contract and accounting information, date of birth, marital status, children, nationality, religious affiliation, employment field, welfare benefits, payroll tax details, social security details, bank account details, human resource management details, access and IT account details)
• Applicant details (name, address and contact details, application-related information)
• Other data



4. Legal basis and purposes of processing

We only process your data on the basis of one or several potential legal bases.
Pursuant to the GDPR, personal data may be processed in particular under the terms of a contract or to perform pre-contractual activities, if consent is provided, if there is a legitimate interest or compelling statutory cause, or if it becomes necessary to protect vital or public interests.

Registration is required to provide certain content or services on our website. Any user can register for [SERVICE] by providing their forename, surname, email address and a password, which will result in their registration details being sent to us. This data will be collected and processed for the purpose of fulfilling a user agreement between us and the user pursuant to Art. 6 para. 1 point b of the GDPR. (Only if the central Axel Springer login service – formerly myPass – is being used) This registration is not specific to die dame, but is valid for several websites. It allows a single set of account details to access all websites that have incorporated this service.

For subscriptions and the purchase of paid services, we use your contract details (including contact details) only for the purpose of performing and fulling the contract, for example for performing processing as necessary to deliver goods, provide other services or considerations, enforce legal rights or collect receivables (Art. 6 para. 1 point b GDPR). The same applies to processing activities that are necessary to perform pre-contractual activities, for instance in connection with enquiries about our products and services. In connection with paid services, we process certain data because we are bound by a legal obligation that requires personal data to be processed, for instance for compliance with tax obligations (Art. 6 para. 1 point c GDPR).

Your email address, which is collected during registration or during the performance of the contract, is also used by us to inform you about similar products or services that we offer, about existing subscriptions, and in general about [please enter division/brand name]. In this case, your email address will be processed on the basis of our legitimate interest in marketing our goods and services (Art. 6 para. 1 point f GDPR). (Only if newsletter) We also use your email address to send you our newsletter if you have given us your prior express consent to receive a newsletter and/or marketing emails in this connection. In this case, we will process your email address in order to be able to send you the newsletter as requested (Art. 6 para. 1 point b GDPR). You can withdraw your consent at any time for the use of your email address for such purposes in writing or via electronic text communication media at [email address and postal address] with effect for the future without incurring any transmission costs beyond the base costs imposed by your provider.

On the internet, every device requires a unique address to transmit data, known as an IP address. This IP address must be stored, even if only temporarily, for technical reasons in order to enable the website to be downloaded to the user’s end device. [Only if IP address is shortened] We shorten IP addresses prior to any processing and only process IP addresses in anonymised form. The unshortened IP addresses will not be stored or otherwise processed. [Only where geolocation is used] This also allows us to display region-specific content on all of our websites accessed from a certain region. Geolocation, which is the ability to determine where a certain visitor is located, is only applied with the use of the anonymised IP address and only allows geographical location down to specific federal states or regions. The geographical information acquired in this manner cannot under any circumstances be used to establish a user’s specific location. Our servers will also store your IP address for a period of 14 days for internal security purposes.

For processing activities encompassed by none or several of the aforementioned legal bases, processing is performed insofar as it is necessary to uphold a legitimate interest and insofar as this interest is not outweighed by your interests, fundamental rights or freedoms following a thorough consideration of the interests as a whole. A legitimate interest can be assumed if the data subject is a customer of the data controller. If personal data is processed on this basis, our particular legitimate interest here is in the performance of our business activities for the benefit of all of our employees and our shareholders.

Our legitimate interest in being able to offer you tailored products, informing you about our products, news and quality features, and continuously improving our services and products with a view to increasing our revenue provides the legal basis for processing by means of web analysis (see point 9), direct marketing (our own and third-party advertising) as well as sales partnerships, advertising scoring (combination of several selection criteria to deliver suitable advertising), usage-based online marketing, big data and market research.

Another legitimate interest lies in ensuring that business processes function well, and processing is performed in this connection for internal administrative purposes (e.g. address management / accounting).

Only for Bonifrage: If you select “purchase on account” as your payment method when concluding a contract for paid services, we will conduct a credit check in order to determine your creditworthiness on the basis of consent or on the basis of our legitimate interest in minimising the risk of unpaid debts.
Our legitimate interest in preventing fraud, ensuring network and information security and guaranteeing the reliability of our services and products provides us with a further basis for processing certain data.

Our freedom of expression and information also constitutes a legitimate interest in processing the personal data of data subjects in connection with our reporting.

You can object to processing performed on the basis of a legitimate interest at any time (see point 15).
If data is processed for a purpose other than that specified upon collection, a compatibility test is performed pursuant to Art. 6 para. 4 of the GDPR. Continued processing is then only permitted if the original purpose is compatible with the new purpose or if this processing is permitted on a specific legal basis. Recognised compatible purposes include the establishment, exercise or defence of legal claims under civil law, unless outweighed by an interest of the data subject, in which case we will inform you about the change in purpose. If the new purpose is not compatible with the purpose specified upon collection, the data will be collected again on a new legal basis. We will also inform you about the change in purpose in this case.



5. Place of processing

We personally will not transmit your personal data to countries outside of the European Economic Area, except where permitted by the General Data Protection Regulation. We cannot know and cannot influence whether third parties with whom you have concluded a separate contractual agreement (for instance with Facebook, if you have a Facebook account) transmit data to countries outside of the European Economic Area.

We also process data in countries outside of the European Economic Area (“EEA”). To ensure the protection of your personal rights, including in connection with such data transmissions, we use the standard contractual clauses of the European Commission in accordance with Art. 46 para. 2 point c of the GDPR when establishing contracts with recipients in Third Countries. These are available on demand at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF, and these documents can also be requested from us by contacting us using one of the methods specified below.

For the USA, the European Commission ruled on 12 July 2016 that the terms of the EU-U.S. Privacy Shield provide a suitable level of data protection (adequacy decision, Art. 45 GDPR). Further information – including on the certification of the service providers that we employ – can be obtained at https://www.privacyshield.gov. We only use US service providers certified under the EU-U.S. Privacy Shield.



6. Origin of data

In certain cases, we also receive data because you have consented to its transmission to us.



7. Transmission of your data to third parties

We will only transmit your personal data to third parties if transmission is required to comply with our contractual obligations to you if this evidently needs to be done through or jointly with another provider (e.g. partnerships), if we are permitted or required by law to transmit the data in any other fashion, or if you have provided us with the corresponding consent.

To provide our service, selected personal data may be transmitted to certain departments within our company, including employees of the Accounting, Product Management, Marketing and IT departments.

In certain cases we also employ external service providers or affiliates commissioned by us to process data on our behalf on the basis of instructions. We ensure that such service providers are contractually bound by the strict terms of the GDPR as data processors and that they are prohibited from using your data for any other purposes. Data processors employed by us provide the following services in particular: Hosting, subscriber management, customer service, prize draw processing, web analysis services (see point 9 for more specific details), logistics, prize shipping, newsletter delivery, letter shop, login service, printers, survey/comment services, maintenance and support.

Other recipient categories:
Data is transmitted to data processors on the basis of Art. 28 para. 1 of the GDPR, and also on the basis of our legitimate interest in economic and technical advantages afforded by the employment of specialist data processors as permitted by Art. 6 para. 1 point f of the GDPR.
Only include if relevant: For the purpose of collecting delinquent receivables, we make use of the services of collection agencies. The legal basis for this is provided by the contract in force and our legitimate interest in collecting outstanding debts (Art. 6 para. 1 point f GDPR).

Insofar as we are required to do so by law or are permitted to do so under data protection law, we will transmit personal data to public authorities such as the police or public prosecution service (Art. 6 para. 1 point c GDPR). This data is transmitted on the basis of our legitimate interest in preventing abuse, prosecuting criminal acts and securing, establishing and enforcing legal claims, unless outweighed by your rights and interests in the protection of your personal data, Art. 6 para. 1 point f of the GDPR.



8. Cookies and similar technologies

We make use of cookies, which are small files that your browser deposits in a folder designated for this purpose on your device. This makes it possible, for instance, to determine whether you have visited a website before. With your consent, cookies can also be used to store account details for an online service, meaning that you do not need to enter these account details every time you open the website. Many cookies contain what is known as a “cookie ID”, which is a unique identifier for the cookie. It consists of a string of characters which websites and servers can associate with the specific web browser in which the cookie has been stored. This enables visited websites and servers to differentiate between the specific browser of the data subject and other web browsers containing different cookies. A specific web browser can be recognised and identified using the unique cookie ID.

We use two types of cookies. The first are technically necessary cookies, without which the functionality of our website would be limited. The second is the optional cookie, which we use to make our website more user-friendly. The user data collected in technically necessary cookies is not used to create user profiles. Analysis cookies are used to improve the quality of our website and its content. We use analysis cookies to ascertain how the website is being used, allowing us to continuously optimise our services. Further information on individual analysis services can be found under point 9 of this privacy policy.

Advertisements are usually delivered by third-party providers. These may use information on your visits, provided that your device configuration allows this, so that advertisements on products and services that may be of interest to you are displayed. Specific contact details such as your name, postal address, email address or telephone number will not be transmitted under any circumstances.

You can prevent cookies from being set by us at any time by configuring the web browser that you are using, which represents your objection to the setting of cookies. Previously set cookies can also be deleted at any time using a web browser or another software solution. This is possible in all standard web browsers. If you deactivate cookies in your chosen web browser, it may not be possible for you to use all of the functions of our website in full.
This paragraph only for apps: When using apps, a technology comparable to that of cookies is used in its place.



9. (Web) analysis services

In order to continuously improve our services and adapt them to the interests of our users, and in order to display usage-based online advertising, we make use of a number of analysis services that collect and analyse data on our website and in the app on our behalf. These service providers process pseudonymised user data in accordance with instructions on the basis of a data processing agreement. The data is not stored together with other personal data of the user. You can deactivate the individual analysis services at any time with effect for the future.



10. Online marketing and advertising

This website contains advertising from our advertising associate Media Impact GmbH & Co KG / field for other marketer. This ensures that advertising is optimised for you based on the data collected and processed on your usage behaviour and that it is targeted towards your predicted interests. As the user, you benefit by receiving advertising that is more likely to appeal to your particular interests and by receiving less random advertising on the whole. To record your usage behaviour, a cookie is stored on your device, although this does not allow you to be identified personally.



11. Social networks

You can also find us on the social networks of external companies such as Facebook and Twitter. We have also integrated certain functions of these networks into our own online services. However, it is only possible to use either of them if you are registered and logged in to the relevant social network. Please note that use of each of the social networks is governed by the relevant terms of service and privacy policies of the respective companies and we have no influence over these. However, we will be happy to explain how such networks process your personal data in this connection.

On smartphones and tablets, the aforementioned services are frequently implemented not in the form of plug-ins, but through the use of the device’s integrated “share” function. Depending on how this is configured, it may also be possible to transmit information to other social media service providers. Please refer to your device’s manual for more details on this.



12. Payment service providers

Should you make use of a paid service or purchase something through our website / app, we offer a variety of payment methods. If you choose to make use of one of these payment service providers, you will leave our website, meaning that all data from that point will be collected and processed by that payment service provider. We do not receive any personal data in this connection; in particular, we do not receive any bank account or credit card details. We only receive notification that the payment was successful.



13. Storage duration

We only store personal data as long as we are authorised to do so, as long as the purpose of processing is still relevant and provided that you have not objected to processing. Statutory retention periods govern how long personal data is stored for. Once this period has expired, the corresponding data is routinely erased.



14. Contact details and your rights as a data subject

Should you have any queries or comments on data protection and privacy or wish to exercise your rights as a data subject, please contact our data protection officer at any time:

Axel Springer SE
Data Protection Officer
Axel-Springer-Strasse 65
10888 Berlin, Germany
datenschutz@axelspringer.de

• Information and rectification

You can receive information at any time and at no charge about whether we are processing personal data related to you and also about which information we are specifically storing about you. You are also entitled to receive a copy of the stored information. You can also have errors in your data corrected and missing information completed.

• Erasure, restriction of processing and “right to be forgotten”

You can request that your data be erased and its processing restricted. Please note that statutory retention obligations are in effect for contracts relating to paid services (such as the purchase of a subscription to [SERVICE]) and that we will therefore not always be able to fully erase your data completely in all cases. In this case, your data will be labelled to the effect that future processing should be restricted.



15. Data portability

Where applicable, you also have the right to have your personal data transmitted to you or to another data controller in a structured, standardised and machine-readable format, as long as processing is performed on the basis of consent or contract using automated procedures. You also have the right to have the personal data transmitted directly from one data controller to another, provided that it is technically feasible to do so and does not infringe upon the rights and freedoms of other persons.

• Withdrawal of consent, objecting to processing

You can withdraw your previously-given consent at any time with effect for the future by contacting the aforementioned address. In particular, you may express your objection in writing or via electronic text communication media at [email address and postal address for newsletter unsubscription] regarding the use of your email address for the purpose of newsletter delivery with effect for the future without incurring any transmission costs beyond the base costs imposed by your provider.
Moreover, you have the right to object to the processing of your personal data at any time (where such processing is based on a legitimate or public interest) for reasons arising from your particular circumstances. This also applies to profiling activities based on these provisions. If such an objection is received, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, of if the processing is for the establishment, exercise or defence of legal claims.

If we are processing personal data for the purpose of direct marketing, you have the right to object to the processing of your personal data at any time for the purpose of such marketing by contacting the aforementioned address. This also applies to profiling insofar as it is connected with such direct marketing. You also have the right to file an objection for reasons arising from your particular circumstances against processing of your personal data that we are engaged in for scientific, historical research or statistical purposes, unless such processing is required to perform a task that is in the public interest.

• Right of complaint

You also have the right to submit a complaint to the competent supervisory authority and to seek legal remedies. The supervisory authority to whom the complaint was submitted will notify the complainant about the status and result of their complaint, including the option of seeking a legal remedy through a court of law.
Existence of automated decision-making processes

Do not use in unreviewed form -> Is a credit check performed? No: We do not perform any automated decision-making or profiling. Yes: Where we agree to advance performance without immediate payment on your part, credit scoring will be performed. This means that a credit check will be performed (for instance by Schufa Holding AG) in order to enable us to assess the risks involved with such advance performance. Specific information on how the scoring works is available here: https://www.schufa.de/en/data-privacy/

We only perform credit checks where necessary for the conclusion or fulfilment of a contract or if you have expressly consented to them during conclusion of the contract. We always take suitable measures in this connection to preserve the rights, freedoms and legitimate interests of the data subject, which includes at the very least the right to invoke the involvement of a human being on behalf of the data controller, to represent their own point of view and to appeal against the decision. You have the right to request information about the applied logic and the expected consequences of processing for you.