Privacy

NOTES ON DATA PROTECTION

A. We are responsible for your data

As a visitor to our website, you expect not only the offers and services of our company, but also a high level of quality and competence in the processing of your personal data.

We are responsible for handling your personal data, which we process in accordance with the requirements of the European General Data Protection Regulation (GDPR) and other applicable European and German data protection laws and in accordance with your specifications and wishes. Personal data is data by which you can be identified or are identifiable. Your personal data will only be processed by us if a legal provision permits this or if you have given your prior consent.

Name and address of the responsible person

DDV Saxony GmbH
Ostra avenue 20
01067 Dresden

In addition to the above postal address, you can also reach us by e-mail at [email protected]. You can also find further contact information, contact persons and mandatory data in the Imprint.

It is important to us that you can find out at any time from the following information which personal data is collected during your visit to our website and when you use our services, and how we process it afterwards.

B. Our Data Protection Officer

If you have a question about data protection or data security, you can reach our data protection officer by e-mail at [email protected] or by mail at DDV MEDIENGRUPPE GMBH & CO. KG, Data Protection Officer, Ostra-Allee 20, 01067 Dresden.

C. Transfer of personal data to third parties

General

In order to provide our service, selected personal data may be communicated within our company to certain departments, but also to affiliated companies or external service providers who are commissioned by us to process data for us in accordance with instructions. Such service providers are contractually obligated by us as processors in accordance with Art. 28 DSGVO, insofar as this is standardized by law, and may not further use your data for any other purposes. The use of our own and third-party services may include, among others, the areas of registration and payment services, customer service/subscription management, marketing/lettershop/ newsletter dispatch, accounting/collection/receivables management, product management, IT/hosting/maintenance/support, sales and logistics, web analysis, content recommendation, survey/comment services, printing services, logistics and dispatch or premium dispatch. If you have a newspaper subscription, logistics, in particular shipping or delivery, is handled by various delivery partners.

Transfer of personal data to third countries

In cases where we transfer data to service providers in third countries outside the EU, this transfer takes place in compliance with the legally regulated permissibility requirements. The transfer is permissible for the performance of a contract, with consent, if this is necessary for the assertion, exercise or defense of legal claims, if there is another exemption pursuant to Art. 49 DS-GVO, if there is an adequacy decision pursuant to Art. 45 DS-GVO or if there are suitable guarantees pursuant to Art. 46 DS-GVO. If there is no other legal basis, we conclude the EU standard data protection clauses issued by the European Commission with our service providers in accordance with Art. 46 (2) c) DS-GVO, examining an appropriate level of data protection in the third country in each individual case.

D. Which data are processed and how long are they stored

I. Calling up the website and creation of log files

1. Description and scope of data processing

Each time you visit our website, the following data and information is processed:

• Information about the so-called user agent (e.g. browser type, operating system, end device)
• IP address of the caller
• Date and time of access
• Website/URL from which the system of the caller reaches our website (so-called referrer)
• URL of the called page

2. Purpose of data processing/legal basis

We collect this data and information to establish the connection so that our website and its content can be displayed correctly and we can determine the causes of any technical problems. Furthermore, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks, in particular to detect attacks on our website based on unusual activities.

Legal basis is our legitimate interest (Art. 6 para. 1 lit. f. DSGVO) to process data about accesses to the website and store them as " log files" on the server of the website.

3. Storage duration

Log files are stored for a maximum of 7 days and then deleted. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.

II. contact form and e-mail contact

1. Description and scope of data processing

If you have any questions or requests, we are at your disposal. To facilitate communication between you and us, a contact form is available on our website. The following data will be processed:

• Name
• E-mail address
• Comment text

The communication of data marked as mandatory in our contact forms is necessary in order to process and respond to your request. The voluntary provision of further data facilitates the processing of your request.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

III. redirection to epaper.wirtschaft-in-sachsen.com

In order to use the digital offerings of the Sächsische Zeitung, you need an online account. The Sächsische Zeitung has switched to a so-called single sign-on procedure ("SSO"). When you call up the "Login" function, you will be redirected to our SSO with the DDV login (consisting of e-mail address and password). The SSO enables access to our online portals, including saechsische.de, wirtschaft-in-sachsen.de and other offerings of DDV Mediengruppe and its subsidiaries, via a single authentication process. The SSO replaces individual login procedures, each with separate registration and different user names and passwords. We call the registration and login function DDV Login. If you already have this, please enter your access data. Otherwise perform the registration and read our epaper.

All information about the registration or login function as well as the already connected online portals of DDV Mediengruppe can be found by calling the DDV Login.

IV. Newsletter

If you have ordered one of our mailings or newsletters, we will use your e-mail address to send you the newsletter you ordered. Legal basis for data processing Art. 6 para. 1 a) DS-GVO. You have the option at any time to revoke your consent with effect for the future or to unsubscribe from the ordered newsletter, e.g. by clicking on the unsubscribe link provided for this purpose in each newsletter.

We also process your first and last name for a customer-friendly approach. All other fields are optional, but help us to address you more specifically.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DS-GVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

E. Analyses and evaluations on the website

We participate in the Interactive Advertising Bureau Europe ("IAB Europe") Transparency & Consent Framework ("TCF") and follow the IAB Europe TCF 2.0 specifications and guidelines.

CMP Didomi

We use the consent management tool (CMP) Didomi, of the company Didomi SAS, 32 Avenue de l'Opera, 75002 Paris, France with the identification number 7. The CMP supports us in the transparent presentation of data processing processes and enables the storage and retrieval, for the respective data processing, of the consent decision of the users, so that the data protection accountability according to Article 5 (2) DS-GVO can be fulfilled. Didomi processes as a processor for the purpose of storing and making retrievable the user's consent profile date and time of visit, device information, browser information, CookieID and DeviceID, consent profile "consent" or "refusal". The legal basis is the fulfillment of a legal obligation, Art. 6 para. 1 c) DS-GVO. Proof of revocation of a previously given consent is kept for 13 months. The retention is based on our accountability according to Art. 5 (2) DS-GVO and the regular limitation periods. You can find Didomi's privacy policy at https://privacy.didomi.io/

All further information on the partners integrated on our website and the cookies that may be used (IAB partners as well as non-IAB providers; both integrated with consent iSv § 25 para. 1 TTDSG or Art. 6 para. 1 s. 1 lit. a) DS-GVO or absolutely necessary iSv § 25 para. 2 no. 2 TTDSG), which are controlled via the Consent Management Platform (CMP), can be found under Cookie Settings.

F. Third party plugins/widgets (social media)

Share function - Share Buttons

The content on our pages can be shared on social media.

We use the Safe Sharing Tool from eRecht24 for this purpose. This means that direct contact between the networks and users is only established when the user actively clicks on one of these buttons. If the user is logged into one of the social networks, an information window appears when the social buttons are used, in which the user can edit the text before sending it.

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

You can call up each video individually on your own responsibility. You declare the optout by reloading the website.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

G. Company presences in social media

Facebook– and InstagramPages

When you visit our Facebook or Instagram-pages through which we inform you about our company, events or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU - "Meta"). For further information about the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation.

Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and insights for our Facebook and Instagram page that help us gain insights about the types of actions people take on our page (known as "page insights"). These Page Insights are created based on certain information about individuals who have visited our Page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 (1) lit. f DSGVO. We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. Meta is used to (automatically) establish a connection with us as the operator of a fan page with Page Insights. "Page Insights Supplement Regarding the Person Responsible". the operator of a fan page. Details about the processing of personal data for the creation of page insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data as well as https://www.facebook.com/legal/terms/page_controller_addendum.

With regard to this data processing, you have the possibility to assert your data subject rights (see "Your rights") also against Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to the Meta Privacy Policy, user data is also processed in the USA or other third countries. Meta transfers user data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 of the GDPR or on the basis of appropriate safeguards in accordance with Art. 46 of the GDPR.

H. Your rights as a data subject

I. Information

If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you.

II. Right to rectification, erasure, right to restriction of processing and right to data portability

In addition, you have the right to rectification, erasure, restriction of processing and objection to processing if the legal requirements are met. You have the right, if the legal requirements are met, to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format.

III. Your contact person

In all these cases, please contact our data protection officer (see section B. above) at the communication addresses listed there.

IV. Right to complain to a competent data protection supervisory authority

Finally, you have the right to complain to a competent data protection supervisory authority.

For our offer, this is the Saxon Data Protection and Transparency Commissioner:

Devrientstraße 5, 01067 Dresden

V. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

VI. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

VII. Advertising blacklist

After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this purpose (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently - only for this purpose - and to use it for matching with our future advertising files. In this way, compliance with your advertising objection or revocation of your consent can be permanently ensured.

VIII. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

IX. Change of the purposes of processing

If we change the purposes of the processing over time, we will inform you in advance by updating this privacy notice.

I. Amendment of the data protection notices

From time to time it is necessary to adapt the content of this privacy notice for data collected in the future. We therefore reserve the right to change this notice at any time. We will also publish the amended version of the data protection information here. When you visit us again, you should therefore read through the data protection information again.

Status: May 2023