Search
Search

NOTES ON DATA PROTECTION

A. We are responsible for your data

As a visitor to our website, you expect not only the offers and services of our company, but also a high level of quality and competence in the processing of your personal data.

We are responsible for handling your personal data, which we process in accordance with the requirements of the European General Data Protection Regulation (GDPR) and other applicable European and German data protection laws and in accordance with your specifications and wishes. Personal data is data by which you can be identified or are identifiable. Your personal data will only be processed by us if a legal provision permits this or if you have given your prior consent.

Name and address of the responsible person

DDV Saxony GmbH
Ostra avenue 20
01067 Dresden

In addition to the above postal address, you can also reach us by e-mail at [email protected]. You can also find further contact information, contact persons and mandatory data in the Imprint.

It is important to us that you can find out at any time from the following information which personal data is collected during your visit to our website and when you use our services, and how we process it afterwards.

B. Our Data Protection Officer

If you have a question about data protection or data security, you can reach our data protection officer by e-mail at [email protected] or by mail at DDV MEDIENGRUPPE GMBH & CO. KG, Data Protection Officer, Ostra-Allee 20, 01067 Dresden.

C. Transfer of personal data to third parties

General

In order to provide our services, selected personal data may be disclosed within our company to certain departments, but also to affiliated companies or external service providers who are commissioned by us to process data for us in accordance with our instructions. Such service providers are contractually obliged by us as processors in accordance with Art. 28 GDPR, insofar as this is legally standardized, and may not use your data for any other purposes. The use of our own and third-party services may include the areas of registration and payment services, customer service/ subscription management, marketing/ lettershop/ newsletter dispatch, accounting/ collection/ receivables management, product management, IT/ hosting/ maintenance/ support, sales and logistics, web analysis, content recommendation, survey/ commentary services, printing services, logistics and dispatch or premium dispatch. If you have a newspaper subscription, the logistics, in particular the dispatch or delivery, is carried out by various delivery partners.

Transfer of personal data to third countries

In cases in which we transfer data to service providers in third countries outside the EU, this transfer takes place in compliance with the statutory admissibility requirements. The transfer is permitted for the performance of a contract, with consent, if this is necessary for the assertion, exercise or defense of legal claims, if there is another derogation pursuant to Art. 49 GDPR, if there is an adequacy decision pursuant to Art. 45 GDPR or if there are suitable guarantees pursuant to Art. 46 GDPR. For companies from the USA in particular, certification in accordance with the "EU-US Data Privacy Framework" (DPF) is a prerequisite for a data transfer. The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can find further information on this under the following link: https://www.dataprivacyframework.gov/s/participant-search. Insofar as no other legal basis is given, we conclude the EU standard data protection clauses issued by the European Commission with our service providers in accordance with Art. 46 para. 2 lit. c) GDPR, checking an appropriate level of data protection in the third country in each individual case.

D. Which data are processed and how long are they stored

I. Calling up the website and creation of log files

  1. Description and scope of data processing

Each time you visit our website, the following data and information is processed:

  • Information about the so-called user agent (e.g. browser type, operating system, end device)
  • IP address of the caller
  • Date and time of access
  • Website/URL from which the system of the caller reaches our website (so-called referrer)
  • URL of the called page
  1. Purpose of data processing/legal basis

We collect this data and information to establish the connection so that our website and its content can be displayed correctly and we can determine the causes of any technical problems. Furthermore, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks, in particular to detect attacks on our website based on unusual activities.

The legal basis is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f. GDPR) to process data about access to the website and store these as "log files" on the website server.

  1. Storage duration

Log files are stored for a maximum of 7 days and then deleted. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.

II. contact form and e-mail contact

  1. Description and scope of data processing

If you have any questions or requests, we are at your disposal. To facilitate communication between you and us, a contact form is available on our website. The following data will be processed:

  • Name
  • E-mail address
  • Comment text

The communication of data marked as mandatory in our contact forms is necessary in order to process and respond to your request. The voluntary provision of further data facilitates the processing of your request.

  1. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

  1. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact.

  1. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

  1. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

III. redirection to epaper.wirtschaft-in-sachsen.com

In order to use the digital offerings of the Sächsische Zeitung, you need an online account. The Sächsische Zeitung has switched to a so-called single sign-on procedure ("SSO"). When you call up the "Login" function, you will be redirected to our SSO with the DDV login (consisting of e-mail address and password). The SSO enables access to our online portals, including saechsische.de, wirtschaft-in-sachsen.de and other offerings of DDV Mediengruppe and its subsidiaries, via a single authentication process. The SSO replaces individual login procedures, each with separate registration and different user names and passwords. We call the registration and login function DDV Login. If you already have this, please enter your access data. Otherwise perform the registration and read our epaper.

All information about the registration or login function as well as the already connected online portals of DDV Mediengruppe can be found by calling the DDV Login.

IV. Product information, newsletter, e-mail advertising

1. e-mail advertising

We use your e-mail address collected in the course of registration or as part of the execution of the contract to inform you by e-mail about our own similar goods or services and about existing subscriptions (product information) or generally about our online services, provided that we have informed you of this when collecting the e-mail address and you have not objected to this. In this case, the e-mail address is processed on the basis of our legitimate interest in advertising our goods and services, Art. 6 para. 1 sentence 1 lit. f) GDPR, Art. 95 GDPR in conjunction with § 7 para. 3 UWG). You have the option at any time to object to the sending of this information about further product and service offers at basic rates, e.g. by clicking on the unsubscribe link provided for this purpose in each of these emails.

2. newsletters and e-mail advertising

If you subscribe to our newsletter, we will use your e-mail address to send you the newsletter(s) you have ordered. All other voluntary fields help us to get to know our subscribers better and to design the newsletter better for them. The legal basis for data processing is your consent Art. 6 para. 1 sentence 1 lit. a) GDPR. If you do not activate the double opt-in link that we send to the email address you provided when you subscribe to the newsletter within 14 days, your registration data will be deleted. If you have successfully subscribed to the newsletter, you have the option at any time to revoke your consent with effect for the future or to unsubscribe from the newsletter, e.g. by clicking on the unsubscribe link provided for this purpose in each newsletter.

3. e-mail tracking (personal user profile)

So-called tracking pixels are integrated into the emails for the purpose and in our interest of being able to send and optimize our newsletter. Tracking and profiling take place when advertising agreements are accepted. We use the tracking of clicks on links (or the tracking of opening rates) in particular to determine whether they interact with the content of the newsletter. In addition, we recognize whether the email has been read and whether the link integrated in the email has subsequently been clicked and the respective website visited via this IP address. We also receive the following information: which browser and operating system are used, which IP address is currently being accessed and who the provider is. In addition, the number of visits to the website is counted and the time of day when the email was retrieved and accessed is recorded. The approximate location of the user is also transmitted. You can object to the creation of a personal user profile at any time and thus arrange for your user data to be deleted. Corresponding links are provided in every issue of our newsletter.

4. storage period/recipient categories

We store your data collected for advertising purposes for as long as the advertising purpose exists or until we receive a revocation of your consent or your objection to the processing of your data for advertising purposes.

E. Analyses and evaluations on the website

We participate in the Interactive Advertising Bureau Europe ("IAB Europe") Transparency & Consent Framework ("TCF") and adhere to the IAB Europe TCF specifications and guidelines.

CMP Didomi

We use the consent management tool (CMP) Didomi, of Didomi SAS, 137 Bd de Sébastopol, 75002 Paris, France with the identification number 7. The CMP supports us in the transparent presentation of data processing processes and enables the storage and retrievability of the user's consent decision for the respective data processing, so that the data protection accountability according to Art. 5 para. 2 GDPR can be fulfilled. Didomi processes the date and time of the visit, device information, browser information, CookieID and DeviceID, consent profile "consent" or "refusal" as a processor for the purpose of storing and retrieving the user's consent profile. The legal basis is the fulfillment of a legal obligation, Art. 6 para. 1 sentence 1 lit. c GDPR. Proof of revocation of previously granted consent is stored for 13 months. The retention is based on our accountability pursuant to Art. 5 para. 2 GDPR and the regular limitation periods. You can find Didomi's privacy policy at https://privacy.didomi.io/

We have activated Google Consent Mode V2 in "Basic Mode" and only transfer data to Google if you have consented to this.

All further information on the partners integrated on our website and any cookies used (IAB partners and non-IAB providers; both integrated with consent within the meaning of Section 25 (1) TDDDG or Art. 6 (1) sentence 1 lit. a) GDPR or absolutely necessary within the meaning of Section 25 (2) no. 2 TDDDG), which are controlled via the Consent Management Platform (CMP), can be found under Cookie Settings.

F. Third party plugins/widgets (social media)

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

You can call up each video individually on your own responsibility. You declare the optout by reloading the website.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

G. Company presences in social media

FacebookPage

When you visit our Facebook page, which we use to inform you about our company, events or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Technologies Ireland Limited, MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND (Meta). For more information about Meta's processing of personal data, please visit https://www.facebook.com/privacy/explanation.

Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with statistics and insights for our Facebook page in anonymized form, which help us gain insights into the types of actions people take on our page (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. Meta (automatically) establishes a relationship with us as the operator of a fan page with Page Insights. "Page Insights Supplement Regarding the Person Responsible". the operator of a fan page. Details about the processing of personal data for the creation of page insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data as well as https://www.facebook.com/legal/terms/page_controller_addendum.

With regard to this data processing, you have the possibility to assert your data subject rights (see "Your rights") also against Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that, in accordance with Meta's privacy policy, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail.

LinkedIn company page

When you visit our LinkedIn company page, which we use to inform you about our company, events or individual products from our range, certain information about you is processed. Further information about the processing of personal data by LinkedIn Corporation can be found at https://www.linkedin.com/legal/privacy-policy.

H. Your rights as a data subject

I. Information

If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you.

II. Right to rectification, erasure, right to restriction of processing and right to data portability

In addition, you have the right to rectification, erasure, restriction of processing and objection to processing if the legal requirements are met. You have the right, if the legal requirements are met, to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format.

III. Your contact person

In all these cases, please contact our data protection officer (see section B. above) at the communication addresses listed there.

IV. Right to complain to a competent data protection supervisory authority

Finally, you have the right to complain to a competent data protection supervisory authority.

For our offer, this is the Saxon Data Protection and Transparency Commissioner:

Devrientstraße 5, 01067 Dresden

V. Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

VI. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

VII. Advertising blacklist

After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this purpose (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently - only for this purpose - and to use it for matching with our future advertising files. In this way, compliance with your advertising objection or revocation of your consent can be permanently ensured.

VIII. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

IX. Change of the purposes of processing

If we change the purposes of the processing over time, we will inform you in advance by updating this privacy notice.

I. Amendment of the data protection notices

From time to time it is necessary to adapt the content of this privacy notice for data collected in the future. We therefore reserve the right to change this notice at any time. We will also publish the amended version of the data protection information here. When you visit us again, you should therefore read through the data protection information again.

Status: June 2024