Privacy policy

We, Ströer Core GmbH & Co. KG, are pleased that you visit our website. The protection of your personal data is our top priority - both in the provision of our services and when you access our website.

This privacy policy applies to the processing of so-called personal data. This is information on the basis of which a person can be clearly identified, either directly or by linking it to other data, e.g. the name or e-mail address.

In the following, we list the data processing that takes place on our website and present the details of the respective processing. In each case, this includes information primarily on the categories of data used, the purposes of the data processing, the legal basis and the storage period (sections 2 et seq.). In addition, we explain how we use your personal data when you visit our social media sites (e.g. on Facebook or Instagram) (section 12).

If we pass on your personal data to external service providers, these are usually so-called order processors (section 15). They are contractually obligated to process the data exclusively to the extent specified by us and resulting from this privacy policy.

In principle, the processing of your personal data takes place at our registered office, at a location of another Ströer Group company in Germany or an external service provider within the European Union. This means that a very high data protection standard applies to the use of your data, which is specified by the European General Data Protection Regulation ("GDPR"). Insofar as we use providers outside the European Union, e.g. to create statistical analyses of our website views, it is possible that a lower data protection standard is implemented in the recipient country and, for example, that no comparably effective legal remedies are available against government agencies accessing the data. In these cases, we also additionally mention the respective data protection guarantees (Art. 44 et seq. GDPR) that the providers are obliged to comply with, in particular the inclusion of so-called EU Standard Contractual Clauses in the contractual relationship with the recipient.

If we process personal data in connection with your visit to our website for other purposes which are not mentioned in this privacy policy, we will point this out separately at the relevant point on our site and ask you for additional consent if this further processing is not legally permitted on another basis (e.g. a contractual relationship with us).

There is no legal, contractual or other obligation to provide us with personal data when calling up the website. However, please note that certain data processing is technically required (e.g. collection of log data, section 2), may be necessary for the conclusion and performance of a contract (section 5, section 6) or may require consent in order to use a certain function of our website (e.g. our contact form, section 3).

At the end of this privacy policy (section 17) you will find an overview of your legal rights regarding data protection, which arise from Articles 12 et seq. GDPR. These include in particular the rights to information, correction and deletion as well as the right to object to data processing.

1. Responsible body, Data Protection Officer

If you have any questions about data protection or would like to exercise your legal rights (section 17), you can contact us directly as the data controller or our data protection officer at any time.

You can reach us at the following contact details.
For questions about data protection regarding Ströer Core:

Ströer Core GmbH & Co. KG
Marie-Curie-Straße 8 . 51377 Leverkusen / Germany
kontakt(at)stroeer.de

For questions about data protection regarding Ströer Group:

Konzerndatenschutz
Ströer SE & Co. KGaA
Ströer Allee 1 . 50999 Köln
E-Mail: datenschutz(at)stroeer.de

As the responsible party within the meaning of data protection law, it is our responsibility to process personal data only to the extent permitted by law and to safeguard the processing with the aid of appropriate protective measures.

You can reach our data protection officer at:

Dr. Georg F. Schröder, LL.M.
legal data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstraße 1 . 80333 Munich / Germany
Phone: +49 89 . 954 597 520
E-mail: datenschutz(at)legaldata.law

2. Processing of log data when visiting the page

When you visit our website, your browser sends certain technical data to us in order to enable a connection of your terminal device to our server and the retrieval of our page.

We process the following categories of personal data in the process:

• IP address (this is anonymized immediately after collection),
• Date and time of the page view,
• URLs called from our subpages,
• Referral URL (URL of the page from which you came to our site),
• http status code (e.g. successful page request),
• Language settings in the browser,
• Operating system, browser type, terminal device model.

This data is only retained for the duration of the session in order to be able to recognize it for the purpose of consistent presentation of our site while it is still active and to ward off attacks on our website. For verification purposes (e.g. for an assertion of or defense against legal claims), this data is also stored for a period of up to 7 days after the end of the session.

This also applies to the use of our planning tools (e.g. poster cost planner, print cost planner), in the context of which no additional personal data is collected.

The legal basis for data processing is our legitimate interest in publishing a website of our company (Art. 6 para. 1 lit. f) GDPR). Since the transmission of the above-mentioned data categories is technically necessary and cannot be prevented, there is no possibility for users to object in this respect.

3. Contact form

We offer a separate form on our website for quick contact with us. In doing so, we process the data you provide in the form, including a free text (content of the message). If certain categories of data are not absolutely necessary for processing your inquiry, but are helpful for further personalization of our response (e.g., the function in your company) or for contacting you by alternative means (e.g., on the phone), we mark such fields as "voluntary".

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR). If we need the data you provide for the preparation or fulfillment of a contract with you, the legal basis is Art. 6 para. 1 lit. b) GDPR (section 5).

If the data you provide is not required for the preparation or fulfillment of a contractual relationship with you, we will delete it without undue delay after completing the processing of your request (section 16).

4. Contact by e-mail

In addition, you can also contact us by e-mail at any time. If you send us a message to an e-mail address provided on our website, the legal basis for data processing is our legitimate interest in processing your request (Art. 6 para. 1 lit. f) GDPR).

Please note that e-mails are generally not sent fully encrypted. This means that - despite extensive technical security precautions - there is a risk of unauthorized access to the e-mail contents by third parties, e.g. during transmission.

If your e-mail is not required for the preparation or fulfillment of a contractual relationship with you, we delete it without undue delay after completing the processing of your request (section 16).

5. Contract performance

If we need the personal data provided by you for the fulfillment of a contractual relationship that is concluded between you and us, the legal basis for data processing is Art. 6 para. lit. b) GDPR. The same applies to such personal data which is provided to us by you for the preparation of the conclusion of the contract.

In addition to your name and contact details, this may include in particular financial information such as bank details, tax number or VAT ID, which you provide to us, for example, in preparation for a contract via our contact form (section 3). We store this data for the duration of the existence of the contractual relationship and until the expiry of the statutory retention periods (section 16).

6. Applications

In this section, we would like to inform you about the extent to which we process your personal data when you contact us via our careers page and submit an application form.

We use SmartRecruiters GmbH as an external service provider. SmartRecruiters GmbH, Wilhelmstr. 118, 10963 Berlin (hereinafter "SmartRecruiters"), operates an e-recruiting system (hereinafter "career portal") on which we can place job advertisements and receive and manage applications.

The Ströer career site is the central platform for our applicant management within the Ströer group of companies. The career page can be accessed via the following link: https://karriere.stroeer.com/

When using our career portal, your personal data is recorded directly in the e-recruiting system. Your data may also be transferred to the e-recruiting system of our careers portal in the event of a postal or e-mail application (section 4).  

All relevant information on data processing in the context of an application can be found under the following link to the data protection information on the Ströer careers page.

7. Newsletter

On our website you can subscribe to our newsletters. In our newsletters we inform you about our current products and services, invite you to our events and provide an overview of interesting articles (e.g. blog entries) and relevant topics.

For the registration we usually need your first and last name (for the purpose of salutation/personalization) and your e-mail address.

The registration for our newsletters takes place in the so-called double opt-in process. After entering your email address and name on our website (1st step), we will send you a confirmation link in the first email. After calling up this link (2nd step), you will regularly receive our newsletter. This procedure serves to confirm that the e-mail address has not been entered into our newsletter distribution list by unauthorized persons. If the confirmation link is not called within a certain period of time, the newsletter will not be sent.

You can unsubscribe from our newsletters at any time. To do so, you can, for example, follow the unsubscribe link contained in each of our newsletter emails or contact us, for example, as mentioned in section 1. If no legal retention periods are relevant for your personal data (e.g. from a contractual relationship with us), we will remove you from the respective newsletter distribution list without undue delay after receiving your unsubscription and delete your personal data.

The processing of your personal data serves the personalized creation of the newsletter as well as the regular dispatch to the e-mail address you have provided. The legal basis of the processing is your consent (Art. 6 para. 1 lit. a) GDPR). You can register for individual topic-related newsletters as well as give general cross-topic consent to receive our newsletters.

8. Studies and Whitepaper

At various points on our website, you can receive topic-related information (studies, white papers) from us. For this purpose, you will be asked to provide your first and last name, your company and your e-mail address. We use your data in the further course to contact you and to send you information about our services, products and events. In this respect, the provision of your contact data for the purpose of sending you promotional information constitutes consideration for the download of the white papers, which is otherwise free of charge.

The legal basis for the processing of your data is your consent (Art. 6 para. 1 lit. a) GDPR).

You can revoke your consent at any time or object to the processing of your data for the purpose of direct marketing at any time, e.g. by following the unsubscribe link in the respective e-mail, or also by contacting us directly (section 1).

9. Sweepstakes

From time to time, we offer sweepstakes on our website or on our social media presences (section 12). As part of participation, it is necessary to process certain personal data, in particular name, address, date of birth, telephone number and e-mail address. The purpose of providing your date of birth is to check your eligibility to participate (from the age of 18). We require your telephone number or e-mail address in order to be able to inform you about the progress of the prize draw. If a non-cash prize is raffled, we also need your address in order to be able to send it to you if you win (e.g. voucher card). The specific categories of data processed result from the respective competition.

The processing of your personal data serves the fulfillment of the sweepstakes contract (conditions of participation), in particular the determination of the winners and the sending of the prizes. The legal basis of the data processing is Art. 6 para. 1 lit. b) GDPR (necessity for the fulfillment of a contract). If participation in the competition is linked to registration for a newsletter or similar, the legal basis is your consent (Art. 6 para. 1 lit. a) GDPR). In this case, you can revoke your advertising consent at any time without this having any effect on your chances of winning, e.g. by unsubscribing from the newsletter.

As a matter of principle, we do not pass on your personal data to third parties. An exception may be service providers commissioned by us and obligated to confidentiality, which support us in the organization of competitions (e.g. media agencies).

In all other respects, the conditions of participation of the respective competition shall apply.

10. Cookies

General

We use cookies on our website. Cookies are small text files that are stored on your terminal device and contain personal data, e.g. a cookie ID or data on surfing behavior on our site. With the help of cookies, it is possible to recognize visitors to our site, both during the same session and across sessions. This serves primarily to improve the user-friendliness of our site and the interest-based display of advertisements. The types of cookies we use are described in detail in this section 10. An overview of the third-party tools and plugins used on our site that can set cookies can be found in section 11. Cookies cannot contain viruses or cause any other damage to your end device.

Some cookies are set directly by us and transmit personal data exclusively to us (so-called first party cookies), e.g. to store your user settings on our site. Otherwise, mainly such cookies are set which originate from third party providers and can also transmit data to them (so-called third party cookies). Third-party cookies can be set in particular by third-party tools which we integrate on our site, e.g. by analysis and tracking tools or by plugins such as video players or social media buttons.

You can manage cookies on our site via our so-called consent tool (cookie banner). This is displayed when you first visit our site and can be called up again at any time in the further course. In the consent tool, only those cookies are preset as active which are absolutely necessary for the operation of the site. These cookies cannot be deselected. All other cookies are assigned to the categories "Preferences", "Statistics" and "Marketing" and can be accepted either individually, or by category. These cookies are not preselected and are only set after explicit user consent. In part, the duration of the cookies corresponds only to that of the session, i.e. such cookies are deleted when the browser or our website is closed (so-called session cookies). In addition, cookies are also set whose duration exceeds the duration of the session (so-called persistent cookies). With the help of these cookies, your browser can also be recognized during a new session. The duration of the respective cookies is specified in our Consent Tool.

In addition to not giving your consent via our consent tool, you can also prevent cookies from being set by configuring your browser in such a way that it prevents cookies from being used to track your visit to the website (do-not-track setting) or does not accept cookies in general. You can find more information on this in the help function of your browser.

Categories of cookies on our website

We divide cookies into the following categories in our Consent Tool:

Necessary: These are those cookies that are necessary for the operation of the core functionality of our website. These are, for example, cookies that enable automated recognition of a contiguous session by our servers and consistent display of our website, or cookies that serve to manage user consent on our site. Cookies set in our career portal (section 6) for the uncomplicated display of current job offers and provision of a direct application option are also included in this category. The legal basis for data processing in these cases is our legitimate interest in providing our website (Art. 6 para. 1 lit. f) GDPR).

Preferences: This category of cookies is used to integrate additional functions into our website, which are not absolutely necessary for its operation, but optimize the operation of our site. This includes, for example, the recording of which view settings users have selected in order to be able to maintain these throughout our website. The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

Statistics: Statistics cookies enable us to track the use of our website by users. For this purpose, we use third-party tools that record, for example, the duration of the visit to the subpages or the location and language settings of the users and process them for us in statistical form. This serves to continuously improve the user-friendliness of our site. The legal basis for the data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

Marketing: With the help of marketing cookies, we can play personalized advertising content and measure its effect. For this purpose, the activities on our site, the affiliation to a target group (so-called personas) as well as characteristics of the user devices are evaluated in pseudonymized form (i.e. by assignment to cookie IDs) in order to enable a targeted approach and, for example, to display advertising banners with our or other interest-based content on other websites. The legal basis for the data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

Revocation of your consent, advertising objection

You can withdraw your consent to the use of cookies at any time by calling up our Consent Tool again and deselecting individual tools or tool categories there.

In addition, you can also delete the cookies set on your device at any time in the settings of your browser. If an advertising objection is stored in separate cookies, it may be necessary to set these so-called opt-out cookies again.

Please note that this procedure only affects the respective end device on which you manage your consent or delete the cookies set. If you access our website with different devices, these settings are not automatically transferred to each device and may have to be made manually on all devices.

Cookies set on our website

We use the cookies listed below on our site. A detailed overview of the tools and plugins we use, of which the cookies listed below are used, can be found in section 11.

11. Tools and plugins used on our site

We incorporate the following analytics and tracking tools and plugins into our website:

Cookiebot

On our site we use the consent management tool "Cookiebot" from the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

With the help of Cookiebot, you will be shown a so-called cookie banner when you first access our site, in which you can manage your consent to the setting of cookies or the use of cookie categories. You can also access the cookie banner at any time later and change your cookie settings.

The settings you make are stored in separate cookies, and personal data is also transmitted to Cookiebot. These are the following categories of data:

• Anonymized IP address,
• Date and time of consent,
• Browser details,
• the URL of our subpage from which you gave your consent,
• a random and encrypted key,
• the consent status, which serves as proof of consent.

Cookie consents given with the help of Cookiebot are stored for a period of 12 months.

The legal basis of the data processing is our legitimate interest in the data protection-compliant management of user consent to the setting of cookies on our site (Art. 6 para. 1 lit. f) GDPR).

For more information, please see Cookiebot's privacy policy at:  https://www.cookiebot.com/en/privacy-policy/

Google Analytics

We use the analysis and statistics tool "Google Analytics" of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland(at)google.com ("Google") on our website.

With the help of Google Analytics, the use of our website can be evaluated in statistical form. This allows us to track how users access our website, which content and areas there are of particular interest to them, and what actions they take on our site.

The following data categories in particular are collected by Google:

• Abbreviated (anonymized) IP address,
• the requested web page,
• the website from which the user accessed the page (so-called referral URL) and the type of referrer (e.g. search engine, social network, link),
• Search terms with which users found our website,
• the subpages that are opened from the accessed page,
• the duration of visits to the website,
• the frequency with which the website is accessed,
• Information about the target group (so-called persona),
• Location data (geographic region, country, city),
• Language settings,
• Browser, operating system, end device, screen resolution,
• predefined actions (conversions), e.g. clicking on advertising banners, downloading information material,
• Click path on the page, e.g. entry and exit points, order in which users access page content.

Google deletes the user data collected using Google Analytics after 14 months at the latest.

On the basis of so-called EU standard contractual clauses, Google contractually undertakes, when transferring personal data out of the European Economic Area (i.e., in particular, to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to ensure that the recipients observe a data protection standard that essentially corresponds to the European one. Please note, however, that we cannot ensure that Google will be able to comply with these contractual obligations in every case.

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

In addition to making the appropriate settings in your browser (section 10), you can also prevent the collection of data by Google Analytics cookies by using the browser plugin provided by Google for this purpose: https://tools.google.com/dlpage/gaoptout?hl=en

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Google Campaign Manager (Google Doubleclick)

We use the "Google Campaign Manager" tool of the Google Marketing Platform. This is a service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland(at)google.com ("Google").

Google Campaign Manager uses cookies to serve ads that are relevant to users, optimize ad campaign performance, or prevent a user from seeing the same ads more than once.

In addition, Google Campaign Manager can use cookie IDs to record conversions that relate to advertisements that have been played. This includes, for example, the case when a user sees an ad in the Google advertising network and later calls up the advertiser's website with the same browser and performs a certain action there.

Due to the marketing tool used, your browser automatically establishes a direct connection to Google servers. By integrating Google Ads into our website, Google receives the information that you have called up the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account if you are logged into it. Even if you are not registered with Google or have not logged in, it is possible that Google collects and stores your IP address.

On the basis of so-called EU standard contractual clauses, Google contractually undertakes, when transferring personal data out of the European Economic Area (i.e., in particular, to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to ensure that the recipients observe a data protection standard that essentially corresponds to the European one. Please note, however, that we cannot ensure that Google will be able to comply with these contractual obligations in every case.

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Google Ads (Google AdWords)

We use "Google Ads" to show you advertisements on websites of Google and other third parties. Google Ads is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland(at)google.com ("Google").

The advertising is delivered by Google via so-called "ad servers". For this purpose, we use cookies, through which certain parameters for measuring the success of ads, such as the number of insertions or clicks by users, can be recorded. If you access our website via a Google ad, Google Ads will store a cookie on your terminal device. The cookie ID, the number of ad impressions, the last impression and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain subpages of the website of a Google Ads customer and the cookie stored on his end device has not yet expired, Google and the customer can recognize that the user clicked on a certain ad and was redirected to the customer's page. A different cookie is assigned to each Google Ads customer. We ourselves do not collect and process any personal data due to the aforementioned advertising measures. Google only provides us with statistical evaluations. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.

We may also display advertisements on other websites in the Google advertising network after you have visited our website (so-called retargeting). This is done by means of cookies stored in your browser, via which your usage behavior is recorded by Google when you visit our site.

Due to the marketing tool used, your browser automatically establishes a direct connection to Google servers. By integrating Google Ads into our website, Google receives the information that you have called up the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account if you are logged into it. Even if you are not registered with Google or have not logged in, it is possible that Google collects and stores your IP address.

On the basis of so-called EU standard contractual clauses, Google contractually undertakes, when transferring personal data out of the European Economic Area (i.e., in particular, to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to ensure that the recipients observe a data protection standard that essentially corresponds to the European one. Please note, however, that we cannot ensure that Google will be able to comply with these contractual obligations in every case.

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Google reCAPTCHA

We use the tool "reCAPTCHA" of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland(at)google.com ("Google") on our website.

This serves to detect abusive calls to our website or input attempts by automated computer programs (so-called bots). For this purpose, the tool analyzes in the background whether the user's interaction on our site suggests automation and, if necessary, integrates simple tasks that usually cannot be solved without error by bots. If the tool's evaluation shows that a human initiated the request, it will be further processed by us (e.g. your message sent to us via contact form). Otherwise, the respective action is rejected due to inadmissible automation.

In particular, the following categories of data may be processed:

• IP address,
• Date, time,
• visited subpage,
• Duration of visit,
• Surfing and clicking behavior on our website.

On the basis of so-called EU standard contractual clauses, Google contractually undertakes, when transferring personal data out of the European Economic Area (i.e., in particular, to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to ensure that the recipients observe a data protection standard that essentially corresponds to the European one. Please note, however, that we cannot ensure that Google will be able to comply with these contractual obligations in every case.

The legal basis for data processing is our legitimate interest in protecting our website from automated retrievals and entries by bots (Art. 6 para. 1 lit. f) GDPR).

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Google Tag Manager

We use the tool "Google Tag Manager" on our website, a service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland(at)google.com ("Google"), with which advertisers can manage website tags and thus the setting of cookies.

Google Tag Manager is designed as a cookie-less domain and only implements tags. Tags are small code elements on the website that are used, among other things, to measure traffic and visitor behavior, to measure the impact of online advertising and social channels, to determine the target groups of our site and to test and optimize the website. Using Google Tag Manager, we can control the setting of such cookies on our site.

No additional cookies are set by Google Tag Manager and no personal data is collected. Google Tag Manager triggers other tags which may collect personal data, but does not access this data itself. If a deactivation has been made or an objection has been declared at domain or cookie level, it remains in place for all tracking tags insofar as these are set with the help of Google Tag Manager.

The legal basis of the data processing is our legitimate interest in the integration and management of the cookies set on our site (Art. 6 para. 1 lit. f) GDPR).

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Realperson chat

We integrate the tool "Realperson Chat" of the company optimise-it GmbH, Kehrwieder 9, 20457 Hamburg ("optimise-it") on our site.

With the help of the tool, we can offer a chatbot on our website. This means that you can ask a selection of frequently asked questions directly to the chat tool, which in turn can display a selection of pre-created answers in the chat window. The chat is based on an outline we have designed in advance and no personal data is requested in the process.

The following data categories are collected via the tool and also transmitted to optimise-it for the purpose of providing the chat function:

• IP address,
• Date and time of the call,
• Operating system, browser,
• volume of data transferred,
• individual chat ID,
• Chat content (text, video chat if applicable).

The contents and circumstances of the chat are secured against unauthorized access via transport encryption (TLS) during transmission.

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

For more information, please see optimise-it's privacy policy at: https://optimise-it.de/datenschutz

Shares plugin

We include an external stock plugin on our website.

This enables us to display content on our current share price made available by external providers on our site without having to call up an external page. Technically, this is realized by the fact that your end device also establishes a connection to external servers when loading our corresponding Investor Relations subpage and obtains the share price information from them.

The following categories of data are collected in the server log files to provide the service:

• IP address (will be anonymized after max. 24 hours),
• Date and time of the call,
• Access status/http status code,
• URL of the accessed subpage,
• Referrer URL,
• Operating system, browser,
• Language settings.

The course data is retrieved from the provider ARIVA.DE AG, Neufeldtstraße 9, 24118 Kiel ("Ariva"), to which the above-mentioned data categories may also be transmitted (for technical reasons).

The legal basis for data processing is our legitimate interest in providing our current share price in the Investor Relations section of our website (Art. 6 para. 1 lit. f) GDPR).

For more information, please see Ariva's privacy policy at: https://www.ariva.de/datenschutz

YouTube

On our website, we embed videos that are stored on "YouTube". YouTube is a platform of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel.: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland(at)google.com ("Google").

Google collects your IP address, the date and time of the call, as well as information about the subpage of our offer that you visited and the video you called up. This takes place regardless of whether you are logged into a YouTube user account. In addition, a connection to the Google advertising network is established.

As long as you merely call up one of our web pages with an embedded YouTube video without playing the video, no data is transmitted to Google. A transmission takes place only when you start a video.

Cookies are set in order to save your desired settings regarding the playback of videos and the data transfer to Google. These cookies contain pseudonymous data (e.g. cookie ID) for the purpose of recognizing the browser.

If you are logged into YouTube at the same time, Google can associate your video call on our site with your YouTube account and use it for the purpose of personalized advertising. If you do not want your YouTube profile to be associated with your visit to our site, you must log out of your YouTube account before activating the YouTube plugin.

The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

For more information, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Cloudflare

We use the services of the company "Cloudflare" (Cloudflare, Inc. , 101 Townsend St, San Francisco, CA 94107, USA) to increase the availability and security of our website.

Cloudflare provides a so-called Content Delivery Network (CDN). This means that website operators can make certain page content available not only on their own servers, but also on servers of CDN providers. If the CDN servers are located closer to the user than the website operator's servers, the use of a CDN regularly results in faster loading times for the user. When users call up the page of such a website operator, they therefore establish a connection not only to the website operator, but also to the CDN operator.

In addition, Cloudflare provides website operators with security functions that can be used, in particular, to fend off automated attacks on the website. Due to the use of these functions, the availability of our website and the offers contained therein can be ensured.

Cloudflare sets cookies for the purposes outlined above and may process the following categories of data in particular as a result:

• IP address,
• End device of the user,
• Traffic data between user and website operator, e.g. pages accessed, date and time of access.

You can completely prevent the processing of your personal data by Cloudflare by disabling the execution of script code in your browser settings or by integrating a so-called script blocker into your browser.

Cloudflare contractually undertakes, on the basis of so-called EU standard contractual clauses, when transferring personal data out of the European Economic Area, to ensure that the recipients observe a data protection standard that is substantially equivalent to the European one. Please note, however, that we cannot ensure that Cloudflare will be able to comply with these contractual obligations in every case.

The legal basis for data processing is our legitimate interest in the continuous and secure operation of our website and the defense against hacker attacks (Art. 6 para. 1 lit. f) GDPR).

For more information, please see Cloudflare's privacy policy at: https://www.cloudflare.com/de-de/privacypolicy/

LinkedIn Insight Tag 

The so-called Insight Tag of the social network LinkedIn is used on our site. This is offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn"). 

The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our website. This enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views.

LinkedIn does not share any personally identifiable information with us, but only provides aggregate reports on website audience and ad performance. It also provides retargeting for website visitors, so we can use this data to display targeted ads outside of our website without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. 

Details on data processing as well as your rights and configuration options can be found in LinkedIn's privacy policy at:
https://www.linkedin.com/legal/privacy-policy.

The LinkedIn Insight tag is used for the purpose of enabling detailed campaign reports and obtaining information about visitors to our website and thus serves our advertising and marketing interests.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a) GDPR, i.e. your consent.

The data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days.

However, as a user, you can also decide yourself at any time about the execution of the Java Script code required for the tool via your browser settings. By changing the settings in your Internet browser, you can deactivate or restrict the execution of Java Script and thus also prevent its storage. In this case, however, it may no longer be possible to fully use all functions of the website. 

LinkedIn Marketing Solutions

We use "Marketing Solutions (formerly LinkedIn Ads)" on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: "Marketing Solutions").

We use Marketing Solutions for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. 
Further information on data protection can be found at:
https://www.linkedin.com/legal/privacy-policy

The legal basis is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full.

You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on the website linked below:
https://www.linkedin.com/psettings/guest-controls

Please note that this setting will be deleted when you delete your cookies.

You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java Script code altogether by installing a Java Script blocker. We would like to point out that in this case you may not be able to use all functions of our website to their full extent.

12. Social media

General

You can find us in various social media with our own presence. In this way, we would like to provide you with a broad range of information and exchange views with you on topics that are potentially important to you. In addition to the respective provider of the social networks, we also collect and process personal user data on our profile pages.

We refer to our presence in social networks on this website. For this purpose, we include a graphic of the respective network, which links to our profile page. When loading our website, no data is transmitted to the operators of the social networks, but only when you actively follow the link to our profile on the respective social network.

Depending on the operator, the following data categories in particular may be processed:

• IP address,
• Date and time of the call,
• visited page in the social network,
• Referral URL (page from which the user reached a profile page of the social network),
• URLs of internal and external pages accessed from the social network,
• End device of the user (desktop, smartphone, tablet),
• Language settings of the user,
• Region of the user.

When you access our profile page on a social network, the operator of the social network may set cookies on your terminal device, regardless of whether you have an account with the network or whether you are logged in there. Cookies are data packets that mark the user's terminal equipment with a specific identifier (section 10). Cookies are set primarily in order to be able to display personalized advertising to visitors to the social networks, including our profile pages.

This is done, for example, by showing users on the pages of the social network ads from advertising partners of the network whose websites they have previously visited. In addition, cookies enable statistics to be compiled on the use of the respective profile page (e.g. number of page views, target groups).

If we receive such statistical analyses from the operator of the social network, the data is anonymized by the operator beforehand, i.e. it is not possible for us to assign usage data to an individual user. If you are logged in to the social network, however, the operator of the social network may be able to assign the visit to our profile on the social network to your account there. If you want to prevent the collected data from being directly assigned to your user account, you must log out of the respective social network before clicking on the graphic.

We have no influence on which data is collected and transmitted by the operator of the social network, to which third-party recipients a transmission is made by the operator of the social network and how long the data is stored by the operator of the social network. In this regard, we refer to the privacy policy of the respective social network.

We operate our social media presences to inform about our offers and services and to provide an additional contact option. The legal basis for the processing is our legitimate interest in public relations (Art. 6 para. 1 lit. f) GDPR). The legal basis for the use of social plugins such as "share" buttons is your consent (Art. 6 para. 1 lit. a) GDPR).

We delete private messages that you send to us via social networks within one year of the last communication with you. We leave public posts from you (e.g. in our timeline) published permanently until you explicitly request their deletion, or delete the relevant posts yourself.

We reserve the right to delete illegal content published on our profile page, e.g. copyright infringements or criminally relevant statements. In addition, we store usernames and comments that are deleted due to violation of netiquette. These will only be kept for possible proof in case of legal disputes within the statute of limitations.

According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure as well as the website of the social network and is the primary contact when it comes to processing your data on the pages of the social network (e.g. information or deletion). With regard to data processing on social networks, we therefore recommend that you contact the respective social network directly for information requests or other questions regarding user rights, such as a deletion request, as only the operators of the social networks have full access to your user data. However, you can also assert your legal rights against us. In this case, we will forward your requests to the operator of the social network if necessary.

We operate profile pages on the social networks listed below.

Facebook

If you access our Facebook fan page, Facebook Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 D02 X525, Ireland, collects, stores and processes your personal data in accordance with Facebook's privacy policy. You can find the privacy policy here:  https://www.facebook.com/policy.php

As part of the "Facebook Insights" function, Facebook may provide us with the following data categories, among others, in anonymized (statistical) form for the purpose of performance measurement and optimization of our Facebook presence:

• Predefined interactions on our fan page (conversions),
• Timestamp,
• Country/city of the user,
• http status code,
• Age group, gender,
• previously visited website (so-called referral URL),
• End device of the user,
• Facebook user ID (if logged in).

With regard to the processing of Insights data, there is a joint responsibility between Facebook and us, under which Facebook has assumed primary responsibility. This concerns the data processing as such and the implementation of the data subject rights. Therefore, please contact Facebook directly regarding all claims arising from the GDPR with regard to the processing of Insights data. We may forward your inquiries received by us in this regard to Facebook. Further details on this are governed by the Joint Controller Addendum between Facebook and Profile Page Operators, which you can find here: www.facebook.com/legal/terms/page_controller_addendum

You can find more information about Facebook Insights here: https://analytics.facebook.com/features/list#automated_insights www.facebook.com/legal/terms/information_about_page_insights_data

Twitter

When you visit our Twitter profile, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"), as operator, stores and processes personal data. You can find Twitter's privacy policy here: https://twitter.com/en/privacy

For the purpose of demand-oriented design and continuous optimization of our profile, we use the statistics service Twitter Analytics. This service records your activity on our profile and makes it available to us in anonymized statistics. This provides us with information about, among other things, so-called impressions (how often a certain ad was viewed by Twitter users and by which target groups), conversions (e.g. website visits, registration) and other interactions (e.g. retweets, hashtag clicks). Conclusions about individual users and access to individual user profiles by us are not possible.

For more information about Twitter Analytics, please visit: https://business.twitter.com/en/advertising/analytics.html

YouTube

When you access our YouTube channel, personal data is stored and processed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google") as the operator of YouTube in accordance with Google's privacy policy. The privacy policy can be found here:  https://policies.google.com/privacy?hl=en

With the help of YouTube's Analytics functions, it is possible for us to perform certain statistical evaluations to optimize our channel. This includes, in particular, details on the most popular videos (e.g. user visit duration, ranking of videos), target groups (e.g. countries, language settings, age and gender, activity times) and the reach of our channel (e.g. from where users were redirected to our videos) and impressions (e.g. how many users have seen a certain ad). Conclusions about individual users as well as access to individual user profiles by us are not possible.

For more information about YouTube's Analytics features, please visit: https://support.google.com/youtube/answer/9002587?hl=en

LinkedIn

When you visit our LinkedIn page, personal user data is processed by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn").

We use the analytics functions provided by LinkedIn to optimize the performance of our LinkedIn page. LinkedIn provides us with a statistically processed, i.e. anonymized, compilation of certain data. This includes, among others, the following data categories: Conversions (achievement of certain targets such as registrations for events, leads), user actions (e.g. clicks, views of certain ads) and target groups (e.g. professional position, industry). Conclusions about individual users and access to individual user profiles by us are not possible.

For more information about LinkedIn's Analytics features, please visit: https://business.linkedin.com/de-de/marketing-solutions/reporting-analytics

In addition, we can also search for suitable candidates for vacancies based on certain characteristics (e.g. current position, skills, professional experience, salary expectations). In this way, we can be shown specific LinkedIn profiles, which we can contact directly.

You can find LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

XING

When you access our XING profile, personal user data is processed by New Work SE, Dammtorstraße 30, 20354 Hamburg ("XING").

We use the "Recruiter Insights" function from XING. This enables us to find suitable candidates for vacancies based on certain targets (e.g. current position, knowledge, professional experience, salary expectations) and to contact them directly. The categories of data processed may include all information provided by the user on his or her own profile page. In addition, statistical, i.e. anonymized, evaluation functions of "Recruiter Insights" enable us to measure the effectiveness of our candidate search, e.g. with the help of information on how candidates were included in our applicant pool (i.e. via job advertisements, projects, recommendations or in other ways) or on the response rate. XING users can influence the extent to which their user behavior may be recorded when visiting our XING site in the settings for advertising preferences in their account.

You can find XING's privacy policy at: https://privacy.xing.com/en/privacy-policy

13. Social plugins

Shariff

We use the "Shariff" plugin from Heise-Verlag (Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany) on our website. With the help of the plugin, we can integrate share buttons of the social networks Facebook, Twitter, LinkedIn and XING (section 12) into our website without personal data already being transmitted to the operators of the social networks when the page is called up, e.g. date and time of the call-up and the sub-page opened. A connection to the social network is only established when the respective share button is clicked and the respective subpage can be shared there.

Plugins from LinkedIn and XING

We include a button on our site to import the data from your LinkedIn or XING profile into our career portal. In this way, you do not have to fill out the application form completely manually and certain data from your profile is transferred, e.g. name, contact data and resume details. In this process, personal data is also transmitted to LinkedIn or XING and can be assigned to your profile by the social media provider. This applies in particular with regard to the call of our job advertisements, the date and time of the call and your IP address. The legal basis for data processing is your consent (Art. 6 para. 1 lit. a) GDPR).

For more information on our corporate presences on LinkedIn and XING, please refer to section 12.

14. Other categories of data

The offer on our website and in our presences in social media is not designed to process special categories of personal data within the meaning of Art. 9 GDPR, e.g. information on health, origin or religion. As a rule, we therefore do not process such special categories of data unless they are provided to us on our own initiative, e.g. in a contact form (Art. 9 para. 2 lit. a) GDPR).

15. Other recipients

If we involve external service providers who come into contact with the personal data provided to us, they usually act as so-called processors for us. This means that we conclude a contract with them for commissioned processing in accordance with Art. 28 GDPR, on the basis of which they are obliged to use the data exclusively in accordance with our specifications. We select our service providers carefully and oblige them to maintain confidentiality. We may use external service providers, for example, in the areas of IT (hosting, cloud services), customer administration (so-called customer relationship management systems) and marketing (mailing tools, analysis and tracking tools on our website).

If personal data is required for the preparation or implementation of a legal dispute or action against legal violations, it may also be processed to the extent necessary for this purpose (e.g. forwarding to lawyers). In this case, the legal basis for data processing is the exercise of our legitimate interest in legal action (§ 24 para. 1 No. 2 BDSG, Art. 6 para. 1) lit. f) GDPR).

In addition, personal data may also be transferred to competent state authorities (e.g. for the purpose of criminal prosecution) on the basis of legal obligation, enforceable official order or court decision (Art. 6 para. 1 lit. c) GDPR).

16. Storage period

Depending on the legal basis of the processing, we store your personal data for the following periods:

• Consent (Art. 6 para. 1 lit. a) GDPR): For the duration of the existence of your consent, i.e. until the complete completion of the purpose for which you have consented (e.g. for the duration of a cookie, section 10), or until you revoke your consent. We store data that we collect for the purpose of personalized advertising for a maximum of 12 months from the time we last contacted you.
• Preparation or execution of a contract (Art. 6 para. 1 lit. b) GDPR): For the duration of the contractual relationship and the relevant statutory retention obligations, which may be up to 10 years.
• Legal obligation (Art. 6 para. 1 lit. c) GDPR): For the duration of the existence of the legal obligation, e.g. until the fulfillment of a law enforcement order.
• Art. 6 para. 1 lit. f) GDPR: For the duration of the existence of our legitimate interests (e.g. until your request is fully processed) or until you object to the data processing (section 17).

Statutory retention obligations may arise primarily from commercial law (German Commercial Code) and tax law (German Fiscal Code) and may last up to 10 years from the end of the year in which the data accrued (§ 257 HGB, § 147 AO). If we retain your data solely for the purpose of fulfilling legal retention obligations, we will block them for any other use and delete the data without undue delay after the retention periods have expired.

If you revoke your consent to receive advertising or object to direct advertising in general (section 17), we will block your data for any advertising use and store your name, address and, if applicable, your e-mail address in corresponding blocking lists, which we take into account in our advertising measures. This ensures that you do not receive any unsolicited advertising.

17. Your legal rights

Right of access (Art. 15 GDPR): You have a right of access to your personal data. This includes, first of all, information about whether we process personal data about you. If this is the case, you have the right to be informed about the data processed and additionally about: a) the purposes of the processing, b) the categories of data processed, c) the recipients of the data, d) the applicable data protection safeguards in case of transfer of the data to recipients outside the European Union, e) the storage period, f) your legal rights regarding data protection, g) the origin of the data and h) the existence of automated decision-making. In addition, you have the right to be provided with a copy of your personal data, provided that this does not affect the rights of third parties.

Right to rectification (Art. 16 GDPR): You have a right to rectification if the data processed concerning you is inaccurate. If incomplete data is processed, you have a right to completion if this is necessary to achieve the purpose of the processing.

Right to erasure (Art. 17 GDPR): You have a right to erasure of your personal data if a) it is no longer necessary for the purposes of its processing, b) you withdraw your consent to processing and there is no other legal basis for processing, c) you object to processing and there are no overriding legitimate grounds for further processing, d) you object to the processing for the purpose of direct marketing, e) the personal data has been processed unlawfully in the past, f) we are legally obliged to erase it, or g) personal data of minors which is processed in the course of an offer directly addressed to children is concerned. If we have made your personal data public and are obliged to delete it, we will also inform the other recipients that you have asserted your right to deletion. There is no right to erasure if the processing of the data is necessary for compliance with a legal obligation or for the exercise or defense of legal claims.

Right to restriction of processing (Art. 18 GDPR): You have the right to restrict the processing of your data a) for the period of the review if you dispute the accuracy of the data, b) the processing was carried out without a legal basis, but you do not request a deletion but a restriction of the processing, c) we no longer need your data for the original purposes, but you need it for the exercise or defense of legal claims or d) for the period of the review if you have objected to the processing and it is not yet clear whether your legitimate reasons outweigh our legitimate interests in the processing. In the event of a restriction of processing, we may only process your data in addition to the purposes set out in this paragraph if you i) separately consent thereto, the processing ii) serves the exercise or defense of legal claims or iii) serves the protection of the rights of another person or iv) the processing is necessary due to an important public interest.

Right to data portability (Art. 20 GDPR): You have the right to receive the personal data about you that you have provided to us yourself. The handover of the data to you must be in a structured, common and machine-readable format. If you have provided us with your data on the basis of consent or a contract and your data is processed automatically, you can both transfer this data yourself to another data controller and assert your right to have the data transferred by us to the other data controller without undue delay. The exercise of the right to data portability does not exclude the assertion of the right to erasure. The right to data portability does not apply to such processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your data on grounds relating to your particular situation, where the processing is necessary on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) or for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 lit. e) GDPR). This also applies to any profiling. After you have declared your objection, we will no longer process your personal data, unless we can demonstrate compelling and overriding reasons for further processing, or the processing serves the exercise or defense of legal claims. In the case of direct marketing, you may object at any time to processing for such purposes, including for profiling.

Right to revoke consent (Art. 7 para. 3 GDPR): You may revoke a granted consent under data protection law (Art. 6 para. 1 lit. a) GDPR), e.g. regarding the sending of a newsletter, at any time for the future. This means that without undue delay upon receipt of your revocation, we will cease the data processing in question and any data processing that took place prior to your revocation on the basis of consent will remain lawful (for the past). You do not need to provide any reasons for your revocation and you can send it to us via any contact channel indicated on our website. In addition, there are separate simplified revocation options, e.g. via unsubscribe link in newsletters.

If you are of the opinion that the data processing does not comply with data protection regulations, in particular the General Data Protection Regulation and the Federal Data Protection Act, you can file a complaint with a data protection supervisory authority. In particular, you can contact the supervisory authority at your place of residence, at your place of work or at the place of the suspected data protection violation. This does not preclude any further legal remedies, e.g. before the courts.

18. Update of this privacy policy

We may update this privacy policy from time to time, for example, to incorporate new online services from us, or to conform the statement to a new legal situation.

If new processing purposes are added and if such data of yours is affected which you provided to us before the respective update of this declaration, we will obtain a separate consent from you with regard to the new processing operations if this is required by law or inform you, e.g. by e-mail, about such material changes to this privacy policy.

Status: November 2023