Data privacy statement

Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, especially with the EU General Data Protection Regulation (GDPR - available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679).

Contents

I. General information
      1. Definition of main terms
      2. Scope of validity
      3. Controller
      4. Data protection officer

II. Itemisation of data processing operations
      1. General Information about the data processing operations
      2. Accessing our services
      3. Newsletter subscriptions
      4. Data for the application process
      5. Sending press releases and information
      6. Customer feedback
      7. Data processing on our Instagram fan page
      8. Data processing on our Facebook fan page
      9. Data processing on our YouTube channel (shared responsibility)
      10. Burda bewegt Challenge 2021
      11. Tracking & usage analysis
      12. Embedded content

III. Rights of data subjects
      1. Right to object
      2. Right to access
      3. Right to rectification
      4. Right to erasure ("right to be forgotten")
      5. Right to restriction of processing
      6. Right of data portability
      7. Right to withdraw consent
      8. Right to lodge a complaint

 

I. General Information

This section of the privacy statement contains information on the scope of validity, the person responsible for data processing, the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.

1. Definition of main terms

Browser: Computer program used to display websites (e.g., Chrome, Firefox, Safari)

Cookies: Text files which the web server places on the user's computer by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under "Options" or "Settings"). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Services: Our offers to which this data privacy statement applies (cf. Scope of validity).

Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.

Tracking technologies: Actions can be tracked either via the activity records (log files) stored on our web servers or by collecting data from end devices via pixels, cookies or similar tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.

2. Scope of validity

This data privacy statement applies to the following offers:

- our website Burda Corporate Website, most notably available at www.burda.com

- whenever reference is made to this data privacy statement from one of our offers (e.g., websites, subdomains, mobile applications, web services or integrations in third-party websites), regardless of the way in which it is accessed or used

All these offers are also collectively referred to as "services".

3. Controller

The following party is responsible for the processing of data in relation to the services, i.e., this is the person who determines the purposes and means of processing personal data:

Hubert Burda Media Holding Kommanditgesellschaft
Arabellastraße 23
81925 Munich, Germany

4. Data protection officer

Our data protection officer can be contacted under the data given in paragraph 3, for the attention of the data privacy department or via

Emailhbm@datenschutzanfrage.de

Phone: +49 (89) 9250 3252

II. ltemisation of data processing operations

This section of the data privacy statement contains detailed information about the processing of personal data in the context of our services. The information is subdivided for greater clarity into certain functions in connection with our services. In case of the normal use of the services, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.

1. General information about the data processing operations

The following applies to all the processing operations listed below, unless stated otherwise:

a. No obligation to provide personal data & consequences of failure to provide such data

The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information needs to be provided for the relevant service (e.g., by indicating "mandatory fields"). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.

Online application portal: If you do not provide the data required, you will not be able to submit an online application. All other information is voluntary and has no effect on the selection of applicants.

b. Consent

In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and about the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13, subs. 4, GDPR).

c. Transfer of personal data to third countries

When we send data to third countries, i.e., countries outside the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.

If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for the establishment, exercise or defence of legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate safeguards under Art. 46 GDPR.

One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield" for the USA. The level of data protection is generally considered to be appropriate according to Art. 45 GDPR for transfers to companies which are certified under the EU-US Privacy Shield.

Alternatively or additionally, safeguards under Art. 46 subs. 2 c) GDPR through the conclusion of the EU standard data protection clauses adopted by the European Commission with the receiving body provide appropriate safeguards and an adequate level of data protection. Copies of the standard EU data protection clauses are available on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

d. Hosting at external service providers

Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. These service providers process data either exclusively in the EU or subject to guaranteed levels of data protection which we have put in place based on the standard EU data protection clauses (cf. subsection c.).

e. Transmission to government authorities

We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6, subs. 1 c), GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6, subs. 1 f), GDPR).

f. Period of storage

The time specified in the "period of storage" paragraph indicates how long we use the data for the purposes in any given case. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage are required by law (in particular, because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.

Online application portal: To ensure the application process is conducted proficiently, we require a reasonable time to evaluate applications, select applicants, conduct interviews, etc. You will be informed of the status of the application procedure via letters of confirmation that we will send by email.

Should an employment relationship be established, we are permitted to store your data on a longer-term basis in accordance with Art. 6, subs. 1 b) GDPR.

g. Data categories

The category names listed below are used for specific types of data in the following sections:

  • Account data: Login/user ID and password
  • Personal master data: Title, salutation/gender, forename, surname, date of birth
  • Adress data: Street, house number, additional address lines (where applicable), postcode, city, country
  • Contact data: Telephone number(s), fax number(s), email address(es)
  • Registration data: Information about the service via which you signed up; times and technical information on signing up, authentication and signing off; data entered by you when signing up
  • Press mailing list usage data: Accreditation subject, accreditation time, approval of usage restriction/consent form, downloads of press materials
  • Newsletter user profile data: Opening of newsletter (date and time), contents, selected links, as well as the following information relating to the computer system accessing the newsletter: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.
  • Access data: Date and time of visit to our service; the page from which the system accessed our site; pages visited during the session; session identification data (session ID), as well as the following information relating to the computer system accessing the service: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.
  • Application documents: Information about your education and/or professional development and qualifications (e.g. CV or references), application letter
  • Mileage: Information on distance completed by participants ("Burda bewegt Challenge")
  • Image and sound recordings: Image and sound recordings at e.g. events or shootings

2. Accessing our services

The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile app and navigating within the app). We would point out, in particular, that it is impossible not to send access data to external content providers (cf. subsection b.) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Access data

Intended purposes

Establishing connection, presenting contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis

Legal basis

Art. 6, subs. 1 f), GDPR

Legitimate interest, where applicable 

Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems

Storage period

4 weeks

Data category

Account data

Intended purposes

Identification, checking authorisation to call up the service

Legal basis

Art. 6, subs. 1 f), GDPR

Storage period

Until application documents are transmitted

b. Recipients of personal data

Recipient category

External content providers who provide content which is needed to display the service (e.g., images, videos, embedded postings from social networks, banner ads, fonts, update information)

Data concerned

Access data

Legal basis

Art. 6, subs. 1 f), GDPR; in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield”

Legitimate interests, where applicable 

Proper functioning of services, (accelerated) display of content

Recipient category

IT security services providers

Data concerned

Access data

Legal basis

Art. 6, subs. 1 f), GDPR

Legitimate interests, where applicable  

Prevention of attacks through exploitation of security gaps/vulnerabilities

3. Newsletter subscriptions

In addition to using our website for purely informational purposes, you have the option to subscribe to our newsletters. If you subscribe to one of our free newsletters, we will send you regular updates on developments in the world of Burda.

When you subscribe to the newsletter, you will receive an additional confirmation message containing a final registration link (“double opt-in process”). This ensures that the newsletter has been requested by you and not by a third party. When you subscribe, your data will initially be stored on our servers or on the servers of the service provider used. A confirmation message containing a final registration link will be generated and sent to the specified email address. If you do not confirm registration using the link in this email, the data will be deleted after 30 days. Your data will only be permanently saved for the purpose of sending the newsletter if you use the confirmation link. If you no longer agree to your data being stored for this purpose and no longer wish to use our service, you can unsubscribe from our newsletter at any time. You can do this using the link included in every newsletter.

We would like to make you aware that your interactions with the newsletter will be measured (“opening and click-through behaviour”). To perform this measurement, the emails sent contain tracking pixels or relevant links that can be used to measure the opening and click-through rates within the newsletter, allowing us to optimise our future newsletters. On the basis of your consent, we may also connect the click-through behaviour with an individual ID in order to assign your clicks specifically to you. This is used to personalise the newsletter and tailor it to your interests.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Personal master data; registration data; newsletter user profile data; access data; contact data, particularly your email address

Intended purposes

Verifying the registration process ("double opt-in") including traceability of registrations and deregistrations ("logging"); sending the newsletter and tailoring it to the recipient's interests; measuring opening and click-through rates to optimise our newsletter service

Legal basis

Art. 6, subs. 1 a) and f), GDPR

Our legitimate interests: Logging the registration and deregistration process for our newsletter and designing and distributing our newsletters using additional performance measurements

Period of storage

Personal data is deleted as soon as its further processing is no longer required to achieve the relevant purpose and deletion is not prevented by statutory storage periods. This situation regularly occurs when you withdraw your consent. However, if you withdraw your consent, we reserve the right to store your email address in order to prove that consent was previously given. In this case, it is stored solely for the purpose of countering potential legal claims.

b. Recipients of personal data

Recipient category

Service providers for newsletter dispatch

Data concerned

All data stated in point a) of this section

Legal basis

Art. 28 GDPR

4. Data for the application process

For detailed information on how your personal data is processed when you submit an electronic job application via the Careers section of our services, please click here.

5. Sending press releases and information

The tables below show how your personal data are processed in connection with the sending of press releases and information:

Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Personal master data, contact data, address data

Intended purposes

Identification, establishment of contact

Legal basis

Art. 6, subs. 1 b), GDPR

Legitimate interests, where applicable

Informing media representatives, maintaining contact with PR/journalists

Period of storage

Duration of registration

Data category

Role, medium represented, contact topics

Intended purposes

Checking qualification when distributing press materials

Legal basis

Art. 6, subs. 1 b), GDPR

Legitimate interests, where applicable

Informing media representatives, maintaining contact with PR/journalists

Period of storage

Duration of communication measures

6. Customer Feedback

The tables below show how your personal data are processed when you contact us via our feedback channels:

Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Personal master data, contact data, contents of enquiries/complaints

Intended purposes

Processing of customer enquiries and user complaints

Legal basis

Art. 6, subs. 1 f), GDPR

Legitimate interests, where applicable

Improvement of our service

Period of storage

During the processing of the enquiry

7. Data processing on our Instagram fan page

We operate this fan page on the “Instagram.com” platform, which is registered to Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) (Instagram privacy policy). Every visit to and interaction on our fan page leads to data processing, regardless of whether you have an Instagram or Facebook account. If you have an account and are logged in, the operators of Instagram and/or their associated companies will, where applicable, link the information about the visit to the fan page with your account information and may use this to form profiles. If you do not want such a profile to be formed, please log out before visiting our fan page.

We use “Instagram insights” to process statistical data from our fan page such as gender, age range, location, page views, interactions and information on paid activities, reach, accounts reached, impressions and impressions per day. This is based on our legitimate interest (Art. 6, subs. 1 f), GDPR) to make articles on the site more attractive or to determine the right time for publication.

You have the right of access, the right to erasure and the right to rectification of your data, the right to restriction of processing, the right to object to processing, the right to data portability and the right to submit objections to a regulatory body. You may assert these rights both towards Facebook Ireland Ltd. [contact form] and our company (hbm@datenschutzanfrage.de); in accordance with our agreement with Facebook queries will be forwarded to their address.

As we are jointly responsible for processing your data, we have a Page Controller Addendum with Facebook.

8. Data processing on our Facebook fan page

We operate this fan page on the platform registered to Facebook Inc., 1601 S. California Avenue, Palo Alto, CA, 94304, USA (Facebook privacy policy). Every visit to and interaction on our fan page leads to data processing, regardless of whether you have a Facebook account. If you have an account and are logged in, Facebook Inc. links the information about the visit to the fan page with your account information and may use this to form profiles. If you do not want such a profile to be formed, please log out before visiting our fan page.

We use “Facebook insights” to process statistical data from our fan page such as the total number of page views, “likes”, page activities, post interactions, video views, post reach, comments, shared content, responses, the proportion of male and female visitors to our website, their country and city of origin, languages, visits and clicks in the shop, clicks on route planners and clicks on phone numbers. This is based on our legitimate interest (Art. 6, subs. 1 f), GDPR) to make articles on the site more attractive or to determine the right time for publication.

You have the right of access, the right to erasure and the right to rectification of your data, the right to restriction of processing, the right to object to processing, the right to data portability and the right to submit objections to a regulatory body. You may assert these rights towards both Facebook Inc. [contact form] and our company (hbm@datenschutzanfrage.de); in accordance with our agreement with Facebook queries will be forwarded to their address.

As we are jointly responsible for processing your data, we have a Page Controller Addendum with Facebook.

9. Data processing on our YouTube channel (shared responsibility)

We also draw on social media platforms to ensure our online services are up-to-date, informative and attractive. In particular, we use a separate YouTube channel that is ultimately operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereafter referred to as “Google”). YouTube is a video platform that people can use to upload videos and make them available to the public.

Here we explain how we process your personal data jointly with Google during the operation of the YouTube platform:

Shared responsibility relates to the provision of our YouTube channel. In particular, we process your personal data to ensure that our YouTube channel is attractive, appealing and ultimately user-friendly. We process your personal data within our YouTube channel only as far as this is required for the provision of the YouTube channel. We also process personal data within the scope of the YouTube channel for potential communication processes with users of and people interested in our YouTube channel. In this case, your personal data is processed solely on the basis of your voluntary declaration of consent.

You can find additional information on the processing of your personal data by Google here:

The YouTube general terms of service can be found here:

We have no direct influence on the type and scope of processing of your personal data by Google within the framework of our YouTube channel. When you use the YouTube channel, your personal data is also processed by Google and may be transferred to and subject to additional processing in the United States of America, Ireland or any other country in which Google does business, regardless of your country of residence.

You may assert your data protection requests towards all responsible parties. To make it easier for you to exercise your data protection rights and claims, we have established a central point of contact at the address specified in point I.3; the email address is hbm@datenschutzanfrage.de. Your requests will be processed centrally here. In addition, we inform one another of requests received to ensure that we can deal with them together and take the best possible approach.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Operating system; region and location of visit; age and gender of persons involved; play list; device type; YouTube product; live/on demand; subtitles; language settings and translations; element type; info card type; info card

Intended purposes

Tailoring service to user interests; processing customer requests

Your personal data is processed, in particular, to ensure that our online services, particularly our YouTube channel, are attractive, up-to-date, topical and meet users’ needs. Your personal data is also processed in order to deal with and respond to your requests regarding the YouTube channel in a timely manner. In doing so, we aim to expand and strengthen our relationship with our customers and with interested parties.

Legal basis

Art. 6, subs. 1 a), GDPR

Your consent as given when establishing the relevant form of contact via our YouTube channel

Art. 6, subs. 1 f), GDPR

Our legitimate interest is justified, in particular, by our interest in maintaining, optimising, configuring and consistently updating our YouTube channel. In this case, the processing of our users’ personal data is required, in particular, to align the content of our YouTube channel with the interests and needs of our users.

Period of storage

Personal data is deleted as soon as its further processing is no longer required to achieve the relevant purpose and deletion is not prevented by statutory storage periods. This situation regularly occurs when you withdraw your consent or object to processing. You also have the option to restrict the processing of your personal data by configuring the individual settings within your YouTube account. More information on this option is provided here: https://support.google.com/accounts?hl=en#topic=3382296

b. Companies participating in shared responsibility

Participating companies

The company specified under I.3; Google Ireland Limited, Gordon House, Barrow St, Dublin, Ireland

Data concerned

All data stated in point a) of this section

Legal basis

Art. 6, subs. 1a), f), GDPR

c. Recipients of personal data

Recipient category

Google Ireland Limited, Gordon House, Barrow St, Dublin, Ireland

Data affected

All data stated in point a) of this section

Legal basis

Art. 6, subs. 1 f), GDPR

Our legitimate interests: Configuring and optimising our YouTube channel to meet user needs

10. Burda bewegt Challenge 2021

The tables below show how your personal data are processed in connection with your participation in the “Burda bewegt Challenge 2021”.

Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Personal master data, contact data

Intended purposes

Identification, contact, communication with the participants, registration

Legal basis

Art. 6, subs. 1 b), f), GDPR

Legitimate interests, where applicable

Informing our employees about the event

Period of storage

Up to one year after the event (limited)

Data category

Content of the enquiries

Intended purposes

Communication with the participants

Legal basis

Art. 6, subs. 1 f), GDPR

Legitimate interests, where applicable

Processing of participants' enquiries

Period of storage

Up to one year after the event (limited) 

Data category

Mileage, registration data

Intended purposes

Calculation of the distance completed by the participants, traceability of registration

Legal basis

Art. 6, subs. 1 b), GDPR

Period of storage

Up to one year after the event (limited)

Data category

Image and sound recordings

Intended purposes

Communication of the event in Burda's media outlets as well as external channels (e.g. Facebook, LinkedIn, Instagram, Flickr)

Legal basis

Art. 6, subs. 1 a), GDPR

Period of storage

Until withdrawal of consent by participants

11. Tracking & usage analysis

Here we explain the situations in which, when you use our services, your personal data will be processed to analyse the use of our services, and when tracking technologies will be used to track and analyse user behaviour, for example to show you tailored advertising.

Hubert Burda Media Holding Kommanditgesellschaft participates in the IAB Europe Transparency & Consent Framework and complies with its specifications and guidelines. Hubert Burda Media Holding Kommanditgesellschaft uses the Consent Management Platform with identification number 3.

a. Usage analysis for the purposes of legitimate interests (Art. 6 subs. 1 f) GDPR)

We perform usage analyses on the basis of Art. 6 subs. 1 f) GDPR. This means that we perform analyses following a weighing of interests. You can find an overview of the technologies and services used here. There you will also find an explanation of how each service works and which data is collected for processing.

In doing so, we pursue the legitimate interests of:

  • Reviewing and optimising our services, adapting them to the needs of users and rectifying errors.
  • Determining statistical values on the use of our services (reach, intensity of use, user surfing behaviour) – based on standardised procedures – and thus obtaining values that can be compared with the market as a whole to enable optimal marketing of our services.
  • Measuring the success of advertising campaigns, optimising our adverts for the future and allowing marketers and advertisers to optimise their adverts accordingly.

Can I opt out of data collection and analysis?

Yes. You can find out how to opt out of the relevant processing here.

b. Tracking on the basis of consent (Art. 6 subs. 1 a) GDPR)

We perform tracking provided that you have given consent. We explain the type and scope of tracking in the consent dialogue box. To clarify: if consent is not requested, this means that no tracking is performed on this basis.

Consent is voluntary. You give consent by choosing the relevant button in the consent dialogue box in our services. There you will find all necessary information about the type and scope of data processing.

Can I withdraw consent?

Once you have given consent, you can withdraw it at any time with future effect. You can find out about withdrawal options here. This does not affect the lawfulness of all processing performed up to the point at which consent was withdrawn.

12. Embedded content

External content is embedded in this website (e.g. content from social networks such as Facebook, Twitter, LinkedIn and XING). The following list provides an overview of the embedded content used. This content is operated by third parties, whereby personal data may also be transferred to the relevant social network via the respective embedded content. This personal data is transferred for the purpose of displaying content and/or to give you the opportunity to rate, recommend or share the relevant content. In this way, we aim to raise awareness of our websites and enrich them with content relevant to specific target groups. We configure our websites in such a way that data is only transferred if you interact with the relevant embedded content (e.g. Like button or video).

In this case, the legal basis for data transfer is your voluntary consent in accordance with Art. 6, subs. 1 a), GDPR. We have no direct influence on the type and scope of processing of your personal data by the relevant social network. If you interact with the relevant content, your personal data will also be processed by the operator of the social network and may also be transferred to and subject to additional processing in the United States of America, regardless of your country of residence.

XING

Provider

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

Data protection information from the provider:

https://privacy.xing.com/en/privacy-policy

Facebook

We incorporate content from the social media platform Facebook.com (“Facebook”). The Facebook platform is operated by the provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereafter referred to as “Meta”). Facebook content is incorporated via “extended data protection mode”. Personal data is only transferred to Facebook/Meta if you have agreed to the incorporation of relevant Facebook content. You can give or withdraw your consent to the incorporation of Facebook content at any time via our consent management platform.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Usage data; technical data; profile information; user content; further contact data and contact information; location data; analysis data

If you are logged into your Facebook account when accessing the content, this data can also be assigned to your membership account.

Intended purposes

Configuring the service to meet users' interests

The incorporation of Facebook content and/or the associated processing of your personal data is used to ensure that our websites are attractive, up-to-date, topical and meet users' needs.

Legal basis

Art. 6, subs. 1 a), GDPR

Your consent within the framework of interaction with the Facebook content.

Period of storage

Personal data is deleted as soon as its further processing is no longer required to achieve the relevant purpose and deletion is not prevented by statutory storage periods. This situation regularly occurs when you withdraw your consent or object to processing. 

You can find additional information on the processing of your personal data by Facebook here:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

b. Recipients of personal data

Recipient category

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Twitter

We incorporate content from the social media platform Twitter.com (“Twitter”). The Twitter platform is operated by the provider Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland (hereafter referred to as “Twitter International”). Twitter content is incorporated via “extended data protection mode”. Personal data is only transferred to Twitter/Twitter International if you have agreed to the incorporation of relevant Twitter content. You can give or withdraw your consent to the incorporation of Twitter content at any time via our consent management platform.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Usage data; technical data; profile information; user content; further contact data and contact information; location data; analysis data

If you are logged into your Twitter account when accessing the content, this data can also be assigned to your membership account.

Intended purposes

Configuring the service to meet users' interests

The incorporation of Twitter content and/or the associated processing of your personal data is used to ensure that our websites are attractive, up-to-date, topical and meet users' needs.

Legal basis

Art. 6, subs. 1 a), GDPR

Your consent within the framework of interaction with the Twitter content.

Period of storage

Personal data is deleted as soon as its further processing is no longer required to achieve the relevant purpose and deletion is not prevented by statutory storage periods. This situation regularly occurs when you withdraw your consent or object to processing. 

You can find additional information on the processing of your personal data by Twitter/Twitter International here: https://twitter.com/en/privacy

b. Recipients of personal data

Recipient category

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

LinkedIn

We incorporate content from the professional network LinkedIn.com (“LinkedIn”). The LinkedIn professional network is operated by the provider LinkedIn Ireland Unlimited Company Limited, Wilton Place, Dublin 2, Ireland (hereafter referred to as “LinkedIn Unlimited”). LinkedIn content is incorporated via “extended data protection mode”. Personal data is only transferred to LinkedIn/LinkedIn Unlimited if you have agreed to the incorporation of relevant LinkedIn content. You can give or withdraw your consent to the incorporation of LinkedIn content at any time via our consent management platform.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category

Usage data; technical data; profile information; user content; further contact data and contact information; location data; analysis data

If you are logged into your LinkedIn account when accessing the content, this data can also be assigned to your membership account.

Intended purposes

Configuring the service to meet users' interests

The incorporation of LinkedIn content and/or the associated processing of your personal data is used to ensure that our websites are attractive, up-to-date, topical and meet users' needs.

Legal basis

Art. 6, subs. 1 a), GDPR

Your consent within the framework of interaction with the LinkedIn content.

Period of storage

Personal data is deleted as soon as its further processing is no longer required to achieve the relevant purpose and deletion is not prevented by statutory storage periods. This situation regularly occurs when you withdraw your consent or object to processing. 

You can find additional information on the processing of your personal data by LinkedIn/LinkedIn Unlimited here: https://www.linkedin.com/legal/privacy-policy?

b. Recipients of personal data

Recipient category

LinkedIn Ireland Unlimited Company Limited, Wilton Place, Dublin 2, Ireland

III. Rights of data subjects

1. Right to object

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing.

You also have the right, at any time with future effect and for reasons relating to your particular situation, to object to the processing of personal data concerning you which is based on Art. 6, subs. 1 e) or f), GDPR, including profiling based on these provisions.

The right to object may be exercised free of charge. In order to be able to process your request faster, please preferably use the form available at the following link:

Data privacy enquiry

Alternatively, you may reach us, for example, using the contact information provided in paragraph I.3:

Via Mail to: hbm@datenschutzanfrage.de

Via Phone: +49 (89) 9250 3252

2. Right of access

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the other information listed in Art. 15 GDPR.

3. Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17, subs. 1, GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17, subs. 3, GDPR.

5. Right to restriction of processing

You are entitled to obtain from us the restriction of the processing of personal data if one of the conditions laid down in Art. 18, subs. 1 a) to d) GDPR is met.

6. Right to data portability

Under the conditions set out in Art. 20, subs. 1, GDPR, you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance on our part. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.

7. Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:

Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, http://www.lda.bayern.de