Privacy policy of Heise Medien GmbH & Co. KG

Heise Medien takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the supplementary provisions of the Federal Data Protection Act (FDPA-new/BSDG-neu). We have taken appropriate technical and organisational measures to ensure that both we and our external service providers comply with data protection regulations.

This general data protection declaration applies to all online offers of Heise Medien. This includes websites, functions and content as well as external online presences such as our social media profiles. In addition to the following general information and mandatory information, we have compiled additional individual data protection information for individual online offers for you. There we inform you about offer-specific data processing procedures and in particular about the cooperation with external service providers who provide services such as web tracking, range measurement or advertising services for us under our strict control.

Individual data protection information must be observed for the following online offers.

heise online
heise shop and subscriptions
hot events
Mobile Apps

1. Responsible party

The party responsible pursuant to Art. 4 para. 7 GDPR and other national data protection laws of the member states of the European Union and other data protection provisions is

Heise Medien GmbH & Co. KG
Karl-Wiechert-Allee 10
30625 Hannover
P.O. Box 61 04 07
30604 Hannover

Phone +49 [0]511 5352-0
Fax +49 [0]511 5352-129

2. Data protection officer

If you have any questions, suggestions or comments regarding data protection and the enforcement of your rights, please contact our data protection officer:

Joerg Heidrich
Data protection
Heise Medien GmbH & Co. KG
Karl-Wiechert-Allee 10
30625 Hannover


3. Definitions

In our privacy policy, we use terms that are used and defined in the GDPR. So that you know what is meant by this, we would like to explain the most important terms.

3.1 Personal Data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

3.2 Processing

Processing means any operation carried out with or without the aid of automated procedures, or set of operations, relating to personal data. This basically includes any handling of personal data such as the collection, storage, modification, use, transmission, dissemination, deletion or destruction, etc. of personal data.

3.3 Responsible person

The controller is a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The person responsible must ensure the permissibility of data processing through the use of technical and organisational measures to be regularly reviewed.

3.4 Pseudonymisation

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

3.5 Order processors

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.6 Receiver

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.

3.7 Third parties

Third party means any natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

3.8 Consent

Consent is an expression of data protection self-determination. It is the voluntary expression of intention, in the specific case, in an informed and unequivocal manner, in the form of a statement or other unequivocal affirmative act by which the data subject indicates his or her consent to the processing of his or her personal data. A given consent can be revoked at any time.

4. General information on data processing

4.1 Scope of the processing of personal data

In principle, we only process your personal data insofar as this is necessary for the provision of our online offers, contents and services. The collection and use of your personal data is regularly only carried out with your consent or if the processing of the data is permitted by legal regulations.

4.2 Legal basis for the processing of personal data

In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is in principle unlawful unless the data subject has given his consent or unless it is legitimised by a legally regulated reason for permission. We are obliged to inform you about the legal basis of data processing.

If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

Art. 6 para. 1 lit. b GDPR serves as a legal basis for processing operations which are necessary for the fulfilment of a contract concluded between you and us or for the implementation of pre-contractual measures.

If the processing of personal data is necessary to fulfil a legal obligation to which we are subject, such as statutory storage and retrieval obligations, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

Art. 6 para. 1 lit. d GDPR is the legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.

If the processing is necessary to protect our or the legitimate interests of a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the first mentioned interest, the processing of personal data is legitimized by Art. 6 para. 1 lit. f GDPR.

4.3 Disclosure of personal data to third parties and contract processors

In principle, we do not pass on any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties in the course of processing, transfer them to them or otherwise grant them access to the data, this shall also be done exclusively on the basis of one of the aforementioned legal bases. We transmit data e.g. to payment service providers if this is necessary for the fulfilment of the contract. If we are obliged to do so by law or by court order, we must transfer your data to bodies entitled to receive such information.

In some cases, we use carefully selected external service providers to process your data. Should data be passed on to service providers within the scope of so-called order processing, this is done on the basis of Art. 28 GDPR. Our contract processors are carefully selected, bound by our instructions and regularly inspected by us. We only commission contract processors who offer sufficient guarantees that suitable technical and organisational measures will be taken in such a way that the processing takes place in accordance with the requirements of GDPR and FDPA-new (BDSG-neu) and guarantees the protection of your rights.

4.4 Transfer of data to third countries

The GDPR guarantees an equally high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely as far as possible on European partners if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area as part of the use of third-party services.

We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. of the GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the official recognition by the EU Commission of a level of data protection equivalent to that of the EU or the observance of officially recognised specific contractual obligations, the so-called “standard contractual clauses”. We require US service providers to use these standard clauses or to comply with the Privacy Shield, the data protection agreement negotiated between the European Union and the United States (

4.5 Deletion of data and storage duration

As soon as the purpose for storage no longer applies, we will delete or block your personal data. In addition, however, a storage can take place if this was provided for by the European or national legislator in EU regulations, laws or other regulations to which we are subject. This concerns, for example, data that must be stored for commercial or tax reasons, i.e. invoice data for subscriptions. Your data will be blocked or deleted when a storage period prescribed by these regulations expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

4.6 Existence of automated decision making

We do without automatic decision making or profiling.

5. Rights of data subjects

If personal data are processed by you, you are affected in the sense of the GDPR. You have the following rights vis-à-vis us as the person responsible:

5.1 Right to revoke a declaration of consent under data protection law

If the processing of personal data is based on a given consent, you have the right to revoke this consent at any time. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.

5.2 Right to information

You have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you can request information about the following information:

Within one month of receiving your request for information, we will provide you with a copy of the personal data that is the subject of the processing. For any further copies you request, we may charge a reasonable fee based on the administrative costs. If you submit the application electronically, we will provide you with the information in a common electronic format, unless you indicate otherwise.

5.3 Right to rectification

You have the right to demand that we correct your personal data immediately if it is incorrect. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

5.4 Right to cancellation (“right to be forgotten”)

You have the right to request that we delete any personal information about you immediately and we are obligated to delete any personal information immediately if any of the following reasons apply:

If we have made the personal data concerning you public and we are obliged to delete it, we shall take reasonable measures, including technical measures, to inform the data controllers processing the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data, taking into account the available technology and implementation costs.

The right to deletion (“right to be forgotten”) does not exist insofar as processing is necessary:

5.5 Right to limitation of processing

You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:

If processing has been restricted in accordance with the above conditions, such personal data shall not be processed, except for their storage, without your consent or for the purpose of asserting, exercising or defending a right or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above requirements, we will notify you before the restriction is lifted.

5.6 Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer such data to another controller without our interference, provided that the processing is based on consent or a contract and is carried out using automated procedures.

By exercising your right to data transfer, you can have your personal data transferred directly from us to another person responsible, as far as this is technically feasible. The exercise of the right to data transfer does not affect the right to cancellation (“right to be forgotten”). This right shall not apply to processing which is necessary for the performance of a task assigned to us in the public interest or in the exercise of official authority.

5.7 Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions. We will then no longer process the personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

Notwithstanding the ePrivacy Directive, you may exercise your right to object to the use of Information Society services through automated procedures using technical specifications.

5.8 Automated decisions in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision:

We will take reasonable steps to protect your rights and freedoms and your legitimate interests, including, as a minimum, the right of the person responsible to obtain intervention, to state his or her point of view and to challenge the decision.

5.9 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State in which you reside, your place of work or the location of the alleged infringement, if you believe that the processing of your personal data is in breach of the GDPR.

6. Use of our online offers

In principle, you can use our online offer without disclosing your identity. In this section, we explain to you when and in what context we process data when using our online services, which services we have implemented by service providers and cooperation partners, how these work and what happens to your data.

6.1 Data collection when visiting our websites

If you use our websites for purely informational purposes, i.e. if you do not register, enter into a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers. When you access our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to guarantee stability and security.

This data is temporarily stored in the log files of our system for a maximum period of seven days. Storage beyond this is possible, but in this case the IP addresses are partially deleted or alienated so that an assignment of the calling client is no longer possible. The log files are not stored together with other personal data relating to you in this context. The legal basis for these processing operations is Art. 6 para. 1 lit. f GDPR.

Since the collection of data for the display of the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no right of objection in this respect.

6.2 Use of Cookies

In addition to the aforementioned data, cookies are stored on your terminal device when you use our websites during or after your visit to our online services. These are small text packages that can be sent from a website to the browser and stored and returned by the browser. Cookies can be used to store various data that can be read by the location that sets the cookie. They usually contain a characteristic character string (ID) that enables the browser to be uniquely identified when the website is called up again or a page is changed. Their primary purpose is to make our online offerings more user-friendly and effective overall. The user data collected in cookies are pseudonymised by technical precautions, which means that it is generally no longer possible to assign the data to the calling user. As far as an identifiability is given, as for example with a Login Cookie, whose session ID is necessarily linked with the account of the user, we point it out to you at the appropriate place.

We use different types of cookies:

In addition to so-called “first party cookies”, which are set by us as responsible for data processing, we also use “third party cookies”, which are offered by other providers. We will inform you about the use of “third-party cookies” and the cooperation with external service providers who provide services such as web tracking or range measurement for us within the individual data protection information of the respective online offers. There you will also be informed about the possibility to object to individual cookies.

A general objection to the use of cookies for advertising purposes may be raised for a variety of services via the EU website or the US website . In addition, you can configure your browser settings accordingly and, for example, refuse the acceptance of “third-party cookies” or all cookies. However, you may no longer be able to use all the functions of our online services.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

6.3 Registration function / Customer account

You can optionally create user accounts for our online services in order to use certain contents and services of our online services.
Which personal data is transmitted and stored to us in this process is determined by the respective input mask and the information provided during registration. The data entered during registration will be used for the purpose of using our offers. You will receive offer or registration-relevant information, such as changes to the scope of the offer or technical circumstances, by e-mail. You have the possibility to cancel your user account at any time. In this case your data will be deleted, unless we are obliged to store them for commercial or tax reasons.

If you have given your consent, the legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR. If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.

When using our registration and login functions as well as the user account, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, and serves to protect against misuse and other unauthorized use. These data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation. The legal basis for this recording and storage is Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.

6.4 Contact forms and email contact

On our online offers you will find contact forms and e-mail links (mailto) which can be used for electronic contact. Among other things, this enables us to comply with the legal requirement to enable rapid electronic contact with us. If you make use of this option, your data will be processed and automatically stored for the purpose of answering the enquiry pursuant to Art. 6 para. 1 lit. c GDPR. We will delete the requests if they are no longer necessary and no legal archiving obligations apply.

6.5 User comments and contributions

As a registered user you have the possibility to leave comments on individual contents of our online offers and contributions in our forum. We will then collect your IP addresses and the date of publication based on our legitimate interests under Art. 6(1)(f). Save GDPR for seven days. This takes place for security reasons, if the rights of third parties are violated in comments and contributions or illegal contents are left behind (insults, slander, people inciting contents etc.). In this case, we ourselves can be prosecuted for the comment or contribution and are therefore interested in the author’s identity. These data will not be passed on to third parties unless such a passing on is legally prescribed or serves our legal defence.
Keep in mind that comments and contributions are accessible to everyone. You should carefully check your contributions before publication to ensure that they contain information that is not intended for the public. You must reckon with the fact that your contributions in search machines are seized and also without purposeful call of our offer world-wide callably become.

6.6 Newsletter

In some areas of our online offers we offer you the possibility to subscribe to one of our free e-mail newsletters. We send these newsletters only with your consent or on the basis of a legal permission. When registering for a newsletter, the data from the input mask (name and e-mail address) are transmitted to us and stored as long as the subscription to the newsletter is active.

For the processing of these data for the purpose of the newsletter dispatch your consent is obtained and referred to this data security explanation. We use the so-called double opt-in procedure for the registration process. Once you have registered, you will receive an e-mail in which you must click on a link to confirm your registration. In this way, we prevent unauthorised third parties from registering using your e-mail address. We log the registration process in order to be able to prove the process according to the legal requirements. The IP address of the calling terminal, date and time of registration are stored. The data you provide will be stored as long as the newsletter subscription is active. You can cancel your subscription at any time. For this purpose there is a corresponding unsubscribe link in every newsletter. This will also enable you to revoke your consent. The legal basis for the processing of your data with given consent for the receipt of newsletters is Art. 6 Para. 1 lit. a GDPR.

If you purchase goods or services on our online offers and provide your e-mail address, we reserve the right to use these for the dispatch of newsletters with direct advertising for our own similar goods or services. This serves to protect our predominantly legitimate interests in advertising to our users within the scope of a weighing of interests. You can object to this use of your data at any time by sending a message to the above-mentioned contact options or via the unsubscribe link in the advertising mail, without incurring any costs other than the transmission costs according to the basic tariffs. As far as the newsletter dispatch takes place due to the sale of goods or services, we refer to § 7 Abs. 3 Law Against Unfair Competition (UWG).

Some newsletters are not sent to you directly by us, but by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, which we have commissioned to process an order and which has a server location in Germany. However, Inxmail does not use your data to write to you itself.
Data will not be passed on to third parties in connection with data processing for the dispatch of newsletters.

Our newsletters may contain so-called “tracking pixels”, which are pixel-sized files that are retrieved from our server or the Inxmail server when the newsletter is opened. These tracking pixels do not contain any personal data and are only used for statistical purposes to determine whether and which links contained in the newsletters are clicked. This information cannot be assigned to individual newsletter recipients.

6.7 Social Media Buttons

To share the content of our online services via social networks, we offer so-called social media buttons. For this purpose, we use the “c’t Shariff” solution we developed ourselves, which provides data protection-compliant social media buttons.
The buttons offered directly by the operators of social networks impermissibly transmit personal data such as the IP address or entire cookies already when loading a website on which they are integrated, and thus provide unsolicited precise information about your surfing behaviour to the social services. You do not need to be logged in or a member of the respective network. In contrast, a Shariff button establishes direct contact between the social network and the visitor only when the latter actively clicks on the Share button. Shariff thus prevents you from leaving a digital trail on every page you visit and improves data protection. By using Shariff, we can protect your personal information and still integrate Butttons for social sharing. Further information about c’t Shariff can be found at .

6.8 External Links

Our online offer contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.

6.9 InfOnline

Our website, our mobile website ( and our applications (apps) use the “Scalable Central Measurement Method” (SZMnG) of INFOnline GmbH to determine statistical parameters for the use of our services.

The aim of the usage measurement is to statistically determine the number of visits to our website, the number of website visitors and their surfing behaviour – on the basis of a uniform standard procedure – and thus to obtain market-wide comparable values.

For all digital offers made by members of the Information Association for the Determination of the Distribution of Advertising Media (Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., IVW – or the studies of the Working Group for Online Research (Arbeitsgemeinschaft Online-Forschung e.V., AGOF –, the usage statistics are regularly compiled by AGOF and the Media Analysis Working Group (Arbeitsgemeinschaft Media-Analyse e.V., agma – and published with the performance value “Unique User” as well as by the IVW with the performance values “Page Impression” and “Visits”. These ranges and statistics can be viewed on the respective websites.

Measurement using the SZMnG measurement method by INFOnline GmbH is carried out with justified interest pursuant to Art. 6 para. 1 lit. f) GDPR.

The purpose of processing personal data is to compile statistics and create user categories. The statistics serve to trace and document the use of our offer. The user categories form the basis for an interest-oriented orientation of advertising media or advertising measures. In order to market this website, it is essential to measure its usage in order to ensure comparability with other market participants. Our justified interest results from the economic usability of the knowledge resulting from the statistics and user categories and the market value of our website – also in direct comparison with websites of third parties – which can be determined on the basis of the statistics.

In addition, we have a legitimate interest in making the pseudonymised data available to INFOnline, AGOF and IVW for market research (AGOF, agma) and statistical purposes (INFOnline, IVW). Furthermore, we have a legitimate interest in making the pseudonymised data available to INFOnline for the further development and provision of advertising media in line with our interests.

INFOnline GmbH collects the following data, which according to EU-GDPR have a personal reference:

The INFOnline GmbH measurement method used on this website collects usage data. This is done in order to collect the performance values of page impressions, visits and clients and to form further key figures (e.g. qualified clients). In addition, the measured data are used as follows:

The complete IP address is not stored by INFOnline GmbH. The shortened IP address is stored for a maximum of 60 days. The usage data in conjunction with the unique identifier are stored for a maximum of 6 months.
The IP address and the shortened IP address are not passed on. For the preparation of the AGOF study, data with client identifiers are passed on to the following AGOF service providers:

If you do not wish to participate in the measurement, you can object by clicking on the following link: In order to guarantee an exclusion from the measurement, it is technically necessary to set a cookie. If you should delete the cookies in your browser, it is necessary to repeat the opt-out process under the above link.

If you are using one of our apps, you can object to the measurement by selecting the following setting: Settings -> “Send data” -> Deactivate

6.10 VG WORT

On some pages and contributions, counting pixels of the collecting society WORT (VG WORT) are installed. This function is offered by the collecting society WORT, legal association by award, Goethestraße 49, 80336 Munich, Germany. VG WORT administers royalties from secondary exploitation rights to language works for authors. The distribution of royalties for online texts is linked to certain criteria (e.g. text length, minimum number of visitors per year).

The so-called tracking pixels of VG WORT are invisible graphics (beacons). In addition, “cookies” are used in the measurement process and stored on your computer in the form of a text file. This allows information about visitor traffic on these pages to be evaluated. VG WORT uses the anonymous data thus determined to determine whether the respective text has reached distribution-related thresholds in the calendar year. In this way, we enable our authors to participate in the distributions of VG Wort, which guarantee the statutory remuneration for the use of copyrighted works in accordance with § 53 German Copyright Law (UrhG).

6.11 Webtrekk

Some of the data collected during visits to our online services are used for statistical evaluation. For this purpose we use the technology of Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany, within the scope of order processing, with which data is automatically collected and stored and pseudonymous user profiles are created. Webtrekk uses these to create reports on user activity for us and to provide other services in connection with the use of our online services. This serves to safeguard our predominantly legitimate interests in an optimised presentation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR within the scope of a weighing of interests.

Within the scope of using our online services, some information transmitted by your browser is collected and evaluated for our web controlling. The collection takes place by a pixel, which is integrated on each website. The following data is collected:

Within the scope of Webtrekk’s web analysis, your IP address is only stored in a shortened and thus anonymous form and is only used for session recognition, for geolocalization (up to city level) and for defence against attacks. The IP address is then immediately deleted again, so that the collected data is then anonymous and even via the detour of the ISP (Internet Service Provider) no allocation to the identity of the user is no longer possible.

The following cookies are set within the framework of web analysis:

Data will not be passed on to third parties. The data collected in this context will be deleted after the end of the use of Webtrekk by us.

You have the opportunity to object to the collection and processing of data generated by Webtrekk cookies and to prevent such collection and processing. To do this, you must click on the following link, which sets an opt-out cookie:

The opt-out cookie is stored on the system you are using and must be set again if it is deleted via the specified link.

The valid data protection regulations of Webtrekk can be found at .

6.12 Kameleoon

We use the test and web analysis service Kameleoon of Kameleoon SAS, 12 rue de la Chaussée d’Antin 75009 Paris, France. The program enables an analysis of user behavior based on user segmentation. We can evaluate how individual user segments visit the website and which landing pages are visited.

Cookies that are linked to a pseudonymised ID are used for the analyses. Your IP address will be completely anonymized and will not be saved. The information generated by the cookie about the use of our website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with other data from Kameleoon.

The use of Kameleoon serves to safeguard our predominantly legitimate interests in the evaluation and optimised presentation of our online offers in accordance with Art. 6 Para. 1 lit. f GDPR. The data collected is evaluated over a maximum period of 380 days.

You have the opportunity to object to the collection and processing of data generated by the Kameleoon cookie and to prevent such collection and processing. To do this, you must click on the following link, which sets an opt-out cookie: – kameleoonOptout=true

7. Online offers on social media platforms

We offer online services on various social media platforms in order to provide you with information and to get in touch with you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, cookies are stored in your browser by the platform operator when you visit our social media services. These cookies are used for market research and advertising purposes to store your usage behaviour or your interests. The user profiles obtained in this way – mostly across all devices – are used by the platform operators to display personalised advertising. Data processing may also affect persons who are not registered as users with the respective social media platform. Your data may be processed outside the territory of the European Union, which may make it more difficult to enforce your rights. When selecting such social media platforms, however, we make sure that the operators undertake to comply with EU data protection standards.

The processing of your personal data when you visit one of our social media services is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR. Under certain circumstances you have also given a platform operator your consent to data processing, in which case Art. 6 para. 1 lit. a GDPR is the legal basis.

Detailed information on data processing in connection with the use of our social media services, opt-out options and the assertion of information rights can be obtained from the data protection declaration of the relevant platform operator.

7.1 Facebook

Supplier: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
 Data processing is based on an agreement on the joint processing of personal data pursuant to Art. 26 GDPR.
Privacy policy:

7.2 Google+/ YouTube

Supplier: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:

7.3 Instagram

Supplier: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy policy:

7.4 Twitter

Supplier: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy:

7.5 LinkedIn

Supplier: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Privacy policy:

7.6 Xing

Supplier: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy Policy:

8. Children

Our offer is basically aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.

9. Changes

The rapid development of the Internet makes it necessary to adapt our data protection declaration from time to time. You will be informed about the innovations here.

Hanover, 12 June 2018