Heise Medien takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the supplementary provisions of the Federal Data Protection Act (FDPA-new/BSDG-neu). We have taken appropriate technical and organisational measures to ensure that both we and our external service providers comply with data protection regulations.
This general data protection declaration applies to all online offers of Heise Medien. This includes websites, functions and content as well as external online presences such as our social media profiles. In addition to the following general information and mandatory information, we have compiled additional individual data protection information for individual online offers for you. There we inform you about offer-specific data processing procedures and in particular about the cooperation with external service providers who provide services such as web tracking, range measurement or advertising services for us under our strict control.
Individual data protection information must be observed for the following online offers.
1. Responsible party
The party responsible pursuant to Art. 4 para. 7 GDPR and other national data protection laws of the member states of the European Union and other data protection provisions is
GmbH & Co. KG
P.O. Box 61 04 07
Fax +49 511 5352-129
2. Data protection officer
If you have any questions, suggestions or comments regarding data protection and the enforcement of your rights, please contact our data protection officer:
Heise Medien GmbH & Co. KG
3.1 Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Processing means any operation carried out with or without the aid of automated procedures, or set of operations, relating to personal data. This basically includes any handling of personal data such as the collection, storage, modification, use, transmission, dissemination, deletion or destruction, etc. of personal data.
3.3 Responsible person
The controller is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The person responsible must ensure the permissibility of data processing through the use of technical and organisational measures to be regularly reviewed.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
3.5 Order processors
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.
3.7 Third parties
Third party means any natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent is an expression of data protection self-determination. It is the voluntary expression of intention, in the specific case, in an informed and unequivocal manner, in the form of a statement or other unequivocal affirmative act by which the data subject indicates his or her consent to the processing of his or her personal data. A given consent can be revoked at any time.
4. General information on data processing
4.1 Scope of the processing of personal data
In principle, we only process your personal data insofar as this is necessary for the provision of our online offers, contents and services. The collection and use of your personal data is regularly only carried out with your consent or if the processing of the data is permitted by legal regulations.
4.2 Legal basis for the processing of personal data
In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is in principle unlawful unless the data subject has given his consent or unless it is legitimised by a legally regulated reason for permission. We are obliged to inform you about the legal basis of data processing.
If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as a legal basis for processing operations which are necessary for the fulfilment of a contract concluded between you and us or for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation to which we are subject, such as statutory storage and retrieval obligations, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR is the legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to protect our or the legitimate interests of a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the first mentioned interest, the processing of personal data is legitimized by Art. 6 para. 1 lit. f GDPR.
4.3 Disclosure of personal data to third parties and contract processors
In principle, we do not pass on any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties in the course of processing, transfer them to them or otherwise grant them access to the data, this shall also be done exclusively on the basis of one of the aforementioned legal bases. We transmit data e.g. to payment service providers if this is necessary for the fulfilment of the contract. If we are obliged to do so by law or by court order, we must transfer your data to bodies entitled to receive such information.
In some cases, we use carefully selected external service providers to process your data. Should data be passed on to service providers within the scope of so-called order processing, this is done on the basis of Art. 28 GDPR. Our contract processors are carefully selected, bound by our instructions and regularly inspected by us. We only commission contract processors who offer sufficient guarantees that suitable technical and organisational measures will be taken in such a way that the processing takes place in accordance with the requirements of GDPR and FDPA-new (BDSG-neu) and guarantees the protection of your rights.
4.4 Transfer of data to third countries
The GDPR guarantees an equally high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely as far as possible on European partners if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area as part of the use of third-party services.
We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. of the GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the official recognition by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognised specific contractual obligations, the so-called “standard contractual clauses”. We require US service providers to use these standard clauses or to comply with the Privacy Shield, the data protection agreement negotiated between the European Union and the United States (privacyshield.gov).
4.5 Deletion of data and storage duration
As soon as the purpose for storage no longer applies, we will delete or block your personal data. In addition, however, a storage can take place if this was provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. This concerns, for example, data that must be stored for commercial or tax reasons, i.e. invoice data for subscriptions. Your data will be blocked or deleted when a storage period prescribed by these regulations expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
4.6 Existence of automated decision making
We do without automatic decision making or profiling.
5. Rights of data subjects
If personal data are processed by you, you are affected in the sense of the GDPR. You have the following rights vis-à-vis us as the person responsible:
5.1 Right to revoke a declaration of consent under data protection law
If the processing of personal data is based on a given consent, you have the right to revoke this consent at any time. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
5.2 Right to information
You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you can request information about the following information:
- the processing purposes;
- the categories of personal data to be processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, with the additional right to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer to a third country or to an international organisation;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to correction or deletion of the personal data concerning you or to limitation of the processing by us or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the existence of automated decision making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
Within one month of receiving your request for information, we will provide you with a copy of the personal data that is the subject of the processing. For any further copies you request, we may charge a reasonable fee based on the administrative costs. If you submit the application electronically, we will provide you with the information in a common electronic format, unless you indicate otherwise.
5.3 Right to rectification
You have the right to demand that we correct your personal data immediately if it is incorrect. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
5.4 Right to cancellation (“right to be forgotten”)
You have the right to request that we delete any personal information about you immediately and we are obligated to delete any personal information immediately if any of the following reasons apply:
- Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- They revoke their consent on which the processing was based and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate reasons for the processing, or you object to the processing.
- Personal data have been processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If we have made the personal data concerning you public and we are obliged to delete it, we shall take reasonable measures, including technical measures, to inform the data controllers processing the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data, taking into account the available technology and implementation costs.
The right to deletion (“right to be forgotten”) does not exist insofar as processing is necessary:
- on the exercise of freedom of expression and information;
- to fulfil a legal obligation which requires processing under the laws of the Union or the Member States to which we are subject, or to perform a task in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
- for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right to deletion presumably makes the realisation of the objectives of such processing impossible or seriously impairs them, or
- to assert, exercise or defend legal claims.
5.5 Right to limitation of processing
You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:
- You dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you demand the restriction of the use of the personal data instead of the deletion;
- we no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims, or
- You have lodged an objection against the processing as long as it is not yet certain whether our justified reasons outweigh your reasons.
If processing has been restricted in accordance with the above conditions, such personal data shall not be processed, except for their storage, without your consent or for the purpose of asserting, exercising or defending a right or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction on processing has been restricted in accordance with the above requirements, we will notify you before the restriction is lifted.
5.6 Right to data transferability
You have the
right to receive the personal data concerning you that you have provided to us
in a structured, common and machine-readable format, and you have the right to
transfer such data to another controller without our interference, provided
that the processing is based on consent or a contract and is carried out using
By exercising your right to data transfer, you can have your personal data transferred directly from us to another person responsible, as far as this is technically feasible. The exercise of the right to data transfer does not affect the right to cancellation (“right to be forgotten”). This right shall not apply to processing which is necessary for the performance of a task assigned to us in the public interest or in the exercise of official authority.
5.7 Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions. We will then no longer process the personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Notwithstanding the ePrivacy Directive, you may exercise your right to object to the use of Information Society services through automated procedures using technical specifications.
5.8 Automated decisions in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision:
- is necessary for the conclusion or performance of a contract between you and us,
- is permitted by the laws of the Union or the Member States to which we are subject and such laws contain reasonable measures to protect your rights and freedoms and your legitimate interests; or
- with your explicit consent.
We will take reasonable steps to protect your rights and freedoms and your legitimate interests, including, as a minimum, the right of the person responsible to obtain intervention, to state his or her point of view and to challenge the decision.
5.9 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State in which you reside, your place of work or the location of the alleged infringement, if you believe that the processing of your personal data is in breach of the GDPR.
6. Use of our online offers
In principle, you can use our online offer without disclosing your identity. In this section, we explain to you when and in what context we process data when using our online services, which services we have implemented by service providers and cooperation partners, how these work and what happens to your data.
6.1 Data collection when visiting our websites
If you use our websites for purely informational purposes, i.e. if you do not register, enter into a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers. When you access our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to guarantee stability and security.
- IP address of the user
- Date and time of the request
- Contents of the request (concrete page)
- Access status/HTTP status code
- amount of data transferred in each case
- Website from which the request originates
- Operating system of the user
- Language and version of the browser software.
This data is temporarily stored in the log files of our system for a maximum period of seven days. Storage beyond this is possible, but in this case the IP addresses are partially deleted or alienated so that an assignment of the calling client is no longer possible. The log files are not stored together with other personal data relating to you in this context. The legal basis for these processing operations is Art. 6 para. 1 lit. f GDPR.
Since the collection of data for the display of the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no right of objection in this respect.
In addition to the aforementioned data, cookies are stored on your terminal device when you use our websites during or after your visit to our online services. These are small text packages that can be sent from a website to the browser and stored and returned by the browser. Cookies can be used to store various data that can be read by the location that sets the cookie. They usually contain a characteristic character string (ID) that enables the browser to be uniquely identified when the website is called up again or a page is changed. Their primary purpose is to make our online offerings more user-friendly and effective overall. The user data collected in cookies are pseudonymised by technical precautions, which means that it is generally no longer possible to assign the data to the calling user. As far as an identifiability is given, as for example with a Login Cookie, whose session ID is necessarily linked with the account of the user, we point it out to you at the appropriate place.
We use different types of cookies:
- Transient cookies, which are also referred to as temporary or “session cookies”, are cookies that are deleted after you leave our website and close your browser. Such cookies are used, for example, to store language settings or the contents of a shopping basket.
- Persistent or permanent cookies remain stored even after closing the browser. For example, the login status or entered search terms can be saved. We use such cookies among other things for range measurement or marketing purposes. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. However, you can delete these cookies at any time in the security settings of your browser.
In addition to so-called “first party cookies”, which are set by us as responsible for data processing, we also use “third party cookies”, which are offered by other providers. We will inform you about the use of “third-party cookies” and the cooperation with external service providers who provide services such as web tracking or range measurement for us within the individual data protection information of the respective online offers. There you will also be informed about the possibility to object to individual cookies.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
6.3 Registration function / Customer account
optionally create user accounts for our online services in order to use certain
contents and services of our online services.
Which personal data is transmitted and stored to us in this process is determined by the respective input mask and the information provided during registration. The data entered during registration will be used for the purpose of using our offers. You will receive offer or registration-relevant information, such as changes to the scope of the offer or technical circumstances, by e-mail. You have the possibility to cancel your user account at any time. In this case your data will be deleted, unless we are obliged to store them for commercial or tax reasons.
If you have given your consent, the legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR. If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.
When using our registration and login functions as well as the user account, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, and serves to protect against misuse and other unauthorized use. These data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation. The legal basis for this recording and storage is Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.
6.4 Contact forms and email contact
On our online offers you will find contact forms and e-mail links (mailto) which can be used for electronic contact. Among other things, this enables us to comply with the legal requirement to enable rapid electronic contact with us. If you make use of this option, your data will be processed and automatically stored for the purpose of answering the enquiry pursuant to Art. 6 para. 1 lit. c GDPR. We will delete the requests if they are no longer necessary and no legal archiving obligations apply.
6.5 User comments and contributions
registered user you have the possibility to leave comments on individual
contents of our online offers and contributions in our forum. We will then
collect your IP addresses and the date of publication based on our legitimate
interests under Art. 6(1)(f). Save GDPR for seven days. This takes place for
security reasons, if the rights of third parties are violated in comments and
contributions or illegal contents are left behind (insults, slander, people
inciting contents etc.). In this case, we ourselves can be prosecuted for the
comment or contribution and are therefore interested in the author’s identity.
These data will not be passed on to third parties unless such a passing on is
legally prescribed or serves our legal defence.
Keep in mind that comments and contributions are accessible to everyone. You should carefully check your contributions before publication to ensure that they contain information that is not intended for the public. You must reckon with the fact that your contributions in search machines are seized and also without purposeful call of our offer world-wide callably become.
In some areas of our online offers we offer you the possibility to subscribe to one of our free e-mail newsletters. We send these newsletters only with your consent or on the basis of a legal permission. When registering for a newsletter, the data from the input mask (name and e-mail address) are transmitted to us and stored as long as the subscription to the newsletter is active.
For the processing of these data for the purpose of the newsletter dispatch your consent is obtained and referred to this data security explanation. We use the so-called double opt-in procedure for the registration process. Once you have registered, you will receive an e-mail in which you must click on a link to confirm your registration. In this way, we prevent unauthorised third parties from registering using your e-mail address. We log the registration process in order to be able to prove the process according to the legal requirements. The IP address of the calling terminal, date and time of registration are stored. The data you provide will be stored as long as the newsletter subscription is active. You can cancel your subscription at any time. For this purpose there is a corresponding unsubscribe link in every newsletter. This will also enable you to revoke your consent. The legal basis for the processing of your data with given consent for the receipt of newsletters is Art. 6 Para. 1 lit. a GDPR.
If you purchase goods or services on our online offers and provide your e-mail address, we reserve the right to use these for the dispatch of newsletters with direct advertising for our own similar goods or services. This serves to protect our predominantly legitimate interests in advertising to our users within the scope of a weighing of interests. You can object to this use of your data at any time by sending a message to the above-mentioned contact options or via the unsubscribe link in the advertising mail, without incurring any costs other than the transmission costs according to the basic tariffs. As far as the newsletter dispatch takes place due to the sale of goods or services, we refer to § 7 Abs. 3 Law Against Unfair Competition (UWG).
newsletters are not sent to you directly by us, but by Inxmail GmbH,
Wentzingerstr. 17, 79106 Freiburg, Germany, which we have commissioned to
process an order and which has a server location in Germany. However, Inxmail
does not use your data to write to you itself.
Data will not be passed on to third parties in connection with data processing for the dispatch of newsletters.
Our newsletters may contain so-called “tracking pixels”, which are pixel-sized files that are retrieved from our server or the Inxmail server when the newsletter is opened. These tracking pixels do not contain any personal data and are only used for statistical purposes to determine whether and which links contained in the newsletters are clicked. This information cannot be assigned to individual newsletter recipients.
6.7 Social Media Buttons
To share the
content of our online services via social networks, we offer so-called social
media buttons. For this purpose, we use the “c’t Shariff” solution we
developed ourselves, which provides data protection-compliant social media
The buttons offered directly by the operators of social networks impermissibly transmit personal data such as the IP address or entire cookies already when loading a website on which they are integrated, and thus provide unsolicited precise information about your surfing behaviour to the social services. You do not need to be logged in or a member of the respective network. In contrast, a Shariff button establishes direct contact between the social network and the visitor only when the latter actively clicks on the Share button. Shariff thus prevents you from leaving a digital trail on every page you visit and improves data protection. By using Shariff, we can protect your personal information and still integrate Butttons for social sharing. Further information about c’t Shariff can be found at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html .
6.8 External Links
Our online offer contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.
Our website, our mobile website (m.heise.de) and our applications (apps) use the “Scalable Central Measurement Method” (SZMnG) of INFOnline GmbH to determine statistical parameters for the use of our services.
The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behaviour – on the basis of a uniform standard procedure – and thus to obtain market-wide comparable values.
For all digital offers made by members of the Information Association for the Determination of the Distribution of Advertising Media (Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., IVW – http://www.ivw.eu) or the studies of the Working Group for Online Research (Arbeitsgemeinschaft Online-Forschung e.V., AGOF – https://www.agof.de/en/), the usage statistics are regularly compiled by AGOF and the Media Analysis Working Group (Arbeitsgemeinschaft Media-Analyse e.V., agma – http://www.agma-mmc.de/) and published with the performance value “Unique User” as well as by the IVW with the performance values “Page Impression” and “Visits”. These ranges and statistics can be viewed on the respective websites.
Measurement using the SZMnG measurement method by INFOnline GmbH is carried out with justified interest pursuant to Art. 6 para. 1 lit. f) GDPR.
The purpose of processing personal data is to compile statistics and create user categories. The statistics serve to trace and document the use of our offer. The user categories form the basis for an interest-oriented orientation of advertising media or advertising measures. In order to market this website, it is essential to measure its usage in order to ensure comparability with other market participants. Our justified interest results from the economic usability of the knowledge resulting from the statistics and user categories and the market value of our website – also in direct comparison with websites of third parties – which can be determined on the basis of the statistics.
In addition, we have a legitimate interest in making the pseudonymised data available to INFOnline, AGOF and IVW for market research (AGOF, agma) and statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in making the pseudonymised data available to INFOnline for the further development and provision of advertising media in line with our interests.
INFOnline GmbH collects the following data, which according to EU-GDPR have a personal reference:
- IP address: In the Internet, every device needs a unique address to transmit data, the so-called IP address. The at least short-term storage of the IP address is technically necessary due to the functioning of the Internet. The IP addresses are shortened by 1 byte before any processing and only processed anonymously. There is no storage or further processing of the unabridged IP addresses.
- A randomly generated client identifier: For the recognition of computer systems, range processing alternatively uses either a cookie with the identifier “ioam.de”, a “local storage object” or a signature that is created from various automatically transmitted information of your browser. This identifier is unique to a browser as long as the cookie or local storage object is not deleted. A measurement of the data and subsequent assignment to the respective client identifier is therefore also possible if you call up other websites that also use the INFOnline GmbH measurement method (“SZMnG”). The validity of the cookie is limited to a maximum of 1 year.
- When using apps, a device
identifier: The range measurement uses unique identifiers of the end
device or a signature created from various automatically transmitted
information of your device to recognize devices. A measurement of the data
and subsequent assignment to the respective identifier may also be
possible if you call up other applications that also use the INFOnline
GmbH measurement method (“SZMnG”). The following unique device
identifiers can be transmitted to INFOnline GmbH as a hash:
- advertising identifier
- installation ID
- Android ID
- vendor ID
The INFOnline GmbH measurement method used on this website collects usage data. This is done in order to collect the performance values of page impressions, visits and clients and to form further key figures (e.g. qualified clients). In addition, the measured data are used as follows:
- A so-called geolocalization, i.e. the assignment of a website call to the location of the call, takes place exclusively on the basis of the anonymous IP address and only up to the geographical level of the federal states / regions. In no case can the geographical information obtained in this way be used to draw conclusions about the actual whereabouts of a user.
- The usage data of a technical client (e.g. a browser on a device) is merged across websites and stored in a database. This information is used for the technical assessment of the socio-information on age and gender and transferred to AGOF’s service providers for further coverage processing. The AGOF study uses a random sample to technically assess socio-characteristics that can be assigned to the following categories: Age, gender, nationality, occupation, marital status, general household information, household income, place of residence, Internet use, online interests, place of use, user type.
IP address is not stored by INFOnline GmbH. The shortened IP address is stored
for a maximum of 60 days. The usage data in conjunction with the unique
identifier are stored for a maximum of 6 months.
The IP address and the shortened IP address are not passed on. For the preparation of the AGOF study, data with client identifiers are passed on to the following AGOF service providers:
- Kantar Germany GmbH (https://www.tns-infratest.com/)
- Ankordata GmbH & Co KG (http://www.ankordata.de/homepage/)
- Interrogare GmbH (https://www.interrogare.de/)
If you do not wish to participate in the measurement, you can object by clicking on the following link: https://optout.ioam.de. In order to guarantee an exclusion from the measurement, it is technically necessary to set a cookie. If you should delete the cookies in your browser, it is necessary to repeat the opt-out process under the above link.
If you are using one of our apps, you can object to the measurement by selecting the following setting: Settings -> “Send data” -> Deactivate
6.10 VG WORT
On some pages and contributions, counting pixels of the collecting society WORT (VG WORT) are installed. This function is offered by the collecting society WORT, legal association by award, Goethestraße 49, 80336 Munich, Germany. VG WORT administers royalties from secondary exploitation rights to language works for authors. The distribution of royalties for online texts is linked to certain criteria (e.g. text length, minimum number of visitors per year).
The so-called tracking pixels of VG WORT are invisible graphics (beacons). In addition, “cookies” are used in the measurement process and stored on your computer in the form of a text file. This allows information about visitor traffic on these pages to be evaluated. VG WORT uses the anonymous data thus determined to determine whether the respective text has reached distribution-related thresholds in the calendar year. In this way, we enable our authors to participate in the distributions of VG Wort, which guarantee the statutory remuneration for the use of copyrighted works in accordance with § 53 German Copyright Law (UrhG).
Some of the data collected during visits to our online services are used for statistical evaluation. For this purpose we use the technology of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany, within the scope of order processing, with which data is automatically collected and stored and pseudonymous user profiles are created. Webtrekk uses these to create reports on user activity for us and to provide other services in connection with the use of our online services. This serves to safeguard our predominantly legitimate interests in an optimised presentation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR within the scope of a weighing of interests.
Within the scope of using our online services, some information transmitted by your browser is collected and evaluated for our web controlling. The collection takes place by a pixel, which is integrated on each website. The following data is collected:
- Request (file name of the requested file)
- Browser type/ version (e.g. Firefox 60.0)
- Browser language (Example: German)
- Operating system used (e.g. Windows XP)
- Inner resolution of the browser window screen resolution
- Java On / Off
- Cookies On / Off
- Colour depth
- Referrer URL (the previously visited page)
- IP address – will be anonymised immediately and deleted after processing
- Time of access
- Form contents (with free text fields, e.g. name and password, only “filled in” or “not filled in” is transmitted)
Within the scope of Webtrekk’s web analysis, your IP address is only stored in a shortened and thus anonymous form and is only used for session recognition, for geolocalization (up to city level) and for defence against attacks. The IP address is then immediately deleted again, so that the collected data is then anonymous and even via the detour of the ISP (Internet Service Provider) no allocation to the identity of the user is no longer possible.
The following cookies are set within the framework of web analysis:
- Session cookie for session detection, lifetime: one session [Webtrekk].
- Long-term cookie for the recognition of new and regular customers: 6 months/ 0.5 years without opt-in and 12 months/ 1 year with opt-in
- Opt-out cookie in case of objection to tracking, minimum service life: 60 months/ 5 years
- Opt-in cookie to extend the long-term cookie, lifetime: 12 months / 1 year
not be passed on to third parties. The data collected in this context will be
deleted after the end of the use of Webtrekk by us.
You have the opportunity to object to the collection and processing of data generated by Webtrekk cookies and to prevent such collection and processing. To do this, you must click on the following link, which sets an opt-out cookie:
The opt-out cookie is stored on the system you are using and must be set again if it is deleted via the specified link.
The valid data protection regulations of Webtrekk can be found at https://www.webtrekk.com/de/warum-webtrekk/datenschutz/ .
We use the test and web analysis service Kameleoon of Kameleoon SAS, 12 rue de la Chaussée d’Antin 75009 Paris, France. The program enables an analysis of user behavior based on user segmentation. We can evaluate how individual user segments visit the website and which landing pages are visited.
Cookies that are linked to a pseudonymised ID are used for the analyses. Your IP address will be completely anonymized and will not be saved. The information generated by the cookie about the use of our website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with other data from Kameleoon.
The use of Kameleoon serves to safeguard our predominantly legitimate interests in the evaluation and optimised presentation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR. The data collected is evaluated over a maximum period of 380 days.
You have the
opportunity to object to the collection and processing of data generated by the
Kameleoon cookie and to prevent such collection and processing. To do this, you
must click on the following link, which sets an opt-out cookie:
http://www.heise.de/ – kameleoonOptout=true
7. Online offers on social media platforms
online services on various social media platforms in order to provide you with
information and to get in touch with you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, cookies are stored in your browser by the platform operator when you visit our social media services. These cookies are used for market research and advertising purposes to store your usage behaviour or your interests. The user profiles obtained in this way – mostly across all devices – are used by the platform operators to display personalised advertising. Data processing may also affect persons who are not registered as users with the respective social media platform. Your data may be processed outside the territory of the European Union, which may make it more difficult to enforce your rights. When selecting such social media platforms, however, we make sure that the operators undertake to comply with EU data protection standards.
processing of your personal data when you visit one of our social media
services is based on our legitimate interests in a diverse external
presentation of our company and the use of an effective information opportunity
and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
Under certain circumstances you have also given a platform operator your
consent to data processing, in which case Art. 6 para. 1 lit. a GDPR is the
Detailed information on data processing in connection with the use of our social media services, opt-out options and the assertion of information rights can be obtained from the data protection declaration of the relevant platform operator.
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,
Data processing is based on an agreement on the joint processing of personal data pursuant to Art. 26 GDPR.
7.2 Google+/ YouTube
Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Our offer is basically aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.
The rapid development of the Internet makes it necessary to adapt our data protection declaration from time to time. You will be informed about the innovations here.
Hanover, 12 June 2018