Website data protection policy and at the same time information of data subjects pursuant to Article 13 and Article 14 of Regulation (EU) 2016/679 General Data Protection Regulation (GDPR)
1) General information
Information about the controller:
|
Company: |
B2B Media Group GmbH |
|
Legal representative: |
Fabian Jung |
|
Address: |
Bahnhofstr. 5 |
Contact details of data protection officer:
The external data protection officer (DPO) of B2B Media Group GmbH is designated as follows:
Dr. Sebastian Kraska
IITR Datenschutz GmbH
Office: Marienplatz 2, 80331 Munich
Seat: Eschenrieder Str. 62c, 82194 Gröbenzell
Phone: +49 89 18917360
Mail: email@iitr.de
2) General data processing information
Data concerned:
As a matter of principle, we only process personal data insofar as this is necessary to provide a functional website, our content and services. The processing of personal data of our users is regularly only carried out after their consent. An exception applies to those cases in which obtaining prior consent is not possible based on matters of law or fact.
Legal basis:
If we obtain the consent of the data subject for processing involving personal data, Article 6 (1) point (a) GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) point (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6 (1) point (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) point (d) GDPR serves as the legal basis. If processing personal data is necessary for the purpose of a legitimate interest of our company or a third party and if these interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) point (f) GDPR serves as the legal basis for the processing.
Categories of recipients:
Your personal data will only be passed on to third parties in the manner described in this data protection policy. In this context, third parties are public bodies in the event of overriding legal provisions, external service providers or other contractors, insofar as the data subject has given his or her consent or a transfer is permissible for reasons of overriding interest. We may transfer your personal data to companies that support us with providing services in the course of our business ("processors"). These companies are authorised to use your personal data only to the extent necessary for that purpose. We always carefully select and monitor the processors we commission. You will be informed in detail about the respective processes below.
Data storage and deletion:
We delete or block personal data of our users as soon as the purpose of the storage no longer applies. Storage beyond this may take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject to. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract. The duration of data storage is based on the statutory retention obligations and is limited to a maximum of 10 years.
Third-country transfers:
Within the scope of contract implementation with service providers, processors outside the European Union (EU) or the European Economic Area (EEA) may also be used. Processors from a third-country are obliged to comply with the GDPR. If our service providers or partners are based in such a third-country, we will inform you about this circumstance in the description of the implemented technologies below.
3) Specific information about the website
Usage data
a) Description and scope of data processing
When you visit our website, you transmit technically necessary data to our web server via your internet browser. This general data and information is stored in server log files. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system
- IP adress
- amount of data transferred
b) Purpose of the data processing
We collect this data for reasons of technical security and optimisation, in particular to prevent attempted attacks on our web server, to ensure that our website is displayed correctly and to enable us to determine the cause of any technical problems. It is neither possible nor desirable for us to draw conclusions about individual persons on the basis of this data. The data is anonymised by shortening the IP address at domain level, making it impossible to relate it to individual users. The data is processed in anonymised form for statistical purposes; this data is not compared with other data or passed on to third parties, even in extracts.
c) Legal basis for data processing
For these purposes, the data processing is based on Article 6 (1) point (f) GDPR.
d) Duration of storage
Personal data is deleted as soon as the purpose of it ceases to exist.
4) Email or contact form enquiries
a) Description and scope of data processing
When contacting us by email or via our contact form, the data only provided by you will be stored by us. When using the form, the content of the data fields is transmitted to us, usually the following data: Name, first name, company and email address. Without this data, your request transmitted via the contact form cannot be processed. Additional personal data is only processed if you provide it voluntarily. This includes, for example, address, data within the framework of the contractual relationship (e.g. position and department in the company/an authority, superior, order data, payment data) and other data comparable with these categories. In addition, the system collects the IP address of the requesting computer as well as the date and time of the contact.
b) Purpose of the data processing
We use the data from the contact form to be able to respond to your enquiry. In the case of contacting us by email, this constitutes the necessary legitimate interest in processing the data. Any other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
c) Legal basis for data processing
When using the contact form and if the user has given their consent the legal basis for the processing of their data is Article 6 (1) point (a) GDPR. The legal basis for processing the data transmitted in sending an email is Article 6 (1) point (f) GDPR. If the email is intended for the conclusion of a contract, the legal basis for this processing is Article 6 (1) point (b) GDPR.
d) Duration of storage
We delete the data processed in this context, if the request is assigned to a contract, after the time limits for the term of the contract, otherwise after the storage is no longer necessary, or restrict the processing if there are statutory retention obligations.
5) Details on further data processing procedures
a) Application procedure
|
Data concerned |
Contact details (such as name, address, telephone number, email address); application documents (such as data on suitability for the position, data on professional and personal qualifications). |
|
Purpose of the data processing |
Conducting the application procedure; recruiting personnel |
|
Location of Processing |
European Union Processors outside the EU or EEA, such as email providers, may also be used in the performance of the contract. |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR, Article 6 (1) point (b) GDPR, Section 26 Para. 1 BDSG |
|
Duration of storage |
The data of applicants who don't get employed will be deleted 6 months after the end of the application procedure at the latest. |
b) Processing of employee data
|
Data concerned |
Application data; data provided for the performance of the contract; if applicable, any additional data for processing on the basis of express consent. |
|
Purpose of the data processing |
Contractual performance within the scope of the employment relationship. |
|
Location of Processing |
European Union Processors outside the EU or EEA, such as email providers, may also be used in the performance of the contract. |
|
Legal basis for data processing |
Article 6 (1) point (b) GDPR, Section 26 Para. 1 BDSG |
|
Duration of storage |
The data will be deleted after termination of the employment relationship. |
c) Processing of customer data/prospect data
|
Data concerned |
Data provided for the performance of the contract, such as name, company affiliation, email address, payment information and other data that you may provide us with in the course of the business relationship or for the performance of pre-contractual measures. |
|
Purpose of the data processing |
Contract initiation and execution. |
|
Location of Processing |
EEuropean Union, United Kingdom Processors outside the EU or EEA, such as email providers, may also be used in the performance of the contract. |
|
Legal basis for data processing |
Article 6 (1) point (b) GDPR |
|
Duration of storage |
The data is deleted as soon as it is no longer required for the performance of a contract or for the implementation of pre-contractual and contractual measures. |
d) Processing of supplier data
|
Data concerned |
Data provided for the performance of the contract, such as name, company affiliation, email address, payment information and other data that you may provide us with in the course of the business relationship or for the performance of pre-contractual measures. |
|
Purpose of the data processing |
Contract initiation and execution. |
|
Location of Processing |
European Union, United Kingdom Processors outside the EU or EEA, such as email providers, may also be used in the performance of the contract. |
|
Legal basis for data processing |
Article 6 (1) point (b) GDPR |
|
Duration of storage |
The data is deleted as soon as it is no longer required for the performance of a contract or for the implementation of pre-contractual and contractual measures. |
6) Cookies and tracking technologies
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether to generally allow or reject the setting of cookies or which individual functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view before going into more detail about your individual choices by describing technically necessary cookies and cookies that you can optionally select or deselect.
Cookies:
Cookies are text files or information in a database that can be stored on your hard drive and assigned to the browser you are using so that certain information can flow to the unit that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis we will explain below:
Mandatory, technically necessary cookies:
The technical structure of the website requires us to use these techniques. Without this technology, our website cannot be displayed correctly or at all, or support functions could not be enabled. These are basically transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the cookie consent manager. Legal basis of this processing is Article 6 (1) point (f) GDPR.
Optional cookies when giving your consent:
We only set various cookies after you have given your consent, which you can select via the cookie consent tool on your first visit to our website. The functions are only activated in the event of your consent and may serve in particular to enable us to analyse and improve visits to our website, to make it easier for you to use it via different browsers or terminal devices, to recognise you when you visit it again or to serve advertising. Also to measure the effectiveness of ads or to show interest-based advertising. Legal basis of this processing is Article 6 (1) point (a) GDPR. You have the right to revoke your consent at any time, without this affecting the admissibility of the processing until revocation.
The technologies we use are described below.
7) Implemented technologies
a) Adform
|
Data concerned |
Cookie ID; Mobile Advertising ID; Cross-Device IDs; pseudonymised Partner IDs; the type of browser used by a user, and its settings; information about the device operating system; information about Cookie IDs and other IDs assigned to a device; (truncated or encrypted) IP addresses; information about a user's interaction and activity on web pages and mobile apps, including time of the interaction or activity, the internet addresses involved, and search terms entered into a search engine; information about the approximate geographic location; Adform does not collect, use, or allow its clients to transfer to or use on the Platform, data that, by itself, directly identifies an individual, such as name, address, phone number, email address, or government identifier and prohibits certain categories of sensitive data from being collected, used, or transferred on the Platform, and uses technical solutions to detect directly identifiable data in the Service and take appropriate action. |
|
Purpose of the data processing |
Marketing, remarketing, analytics: The Information is processed so that user actions can be attributed to campaigns, targeting data, publishers, and specific advertisements; to improve online advertising experience and efficiency; to limit advertising exposure for consumers and facilitate more relevant advertising; to satisfy end user opt-out requests; to prevent fraudulent activities; to synchronize our Service with other online advertising services; to facilitate the process of buying and selling online advertising; internal research and development, i.e. to analyze the use of Adfrom’s services; to design new, and improve existing, features and functionality of their services; and to develop and train the computer algorithms |
|
Location of Processing |
European Union |
|
Recipient of the data |
Adform, Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes, at the latest after 13 months. |
b) B2B Media Group GmbH
(1) B2BIQ - Adserver
|
Data concerned and purpose of the data processing |
We offer an AdServer via B2BIQ, which we and our customers can use to display advertisements via various Demand Side Platforms (DSP) such as Google’s Service DV360, The Trade Desk, or AdForm. Different advertising IDs or cookie information are transmitted to the B2BIQ AdServer depending on the DSP. These may include the IP address, longitudes and latitudes, as well as other user data. However, this data is stored by the B2BIQ AdServer solely for reporting purposes. This data is not processed for any other purposes, for example the creation of personal profiles. |
|
Availability and legitimate interest |
By using B2BMG's advertising and tracking tools, we can target our web offering more effectively to the interests and needs of our customers. |
|
Location of Processing |
European Union |
|
Recipient of the data |
B2B Media Group GmbH, Bahnhofstr. 5, 91245 Simmelsdorf, Germany |
|
Legal basis for data processing |
These cookies are not essential for the operation of the site and are therefore only set with given consent pursuant to Article 6 (1) point (a) GDPR via the Consent Manager (Cookie Banner). |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes. |
(2) B2BIQ - DSP/DMP
|
Data concerned and purpose of the data processing |
We use B2BIQ, an advertising integration service provided by B2B Media Group GmbH (‘B2BMG’). B2BMG uses cookies, a text file that is stored in the browser on your computer and that collects anonymous usage data. B2BIQ also uses so-called web beacons (invisible graphics). These web beacons permit the evaluation of information such as visitor traffic on the web pages of this website. The information generated by cookies and web beacons about the use of this website and the delivery of advertising formats is transferred to a B2BMG server in Germany and stored there. B2BMG is only permitted to share this information with B2BMG contractual partners. Usage profiles under a pseudonym can be created from this data. However, no personal data will be collected without the consent of the data subject. B2BMG uses this data to evaluate the use of the website by visitors and for the purpose of usage-based online advertising (OBA). If IP addresses are collected, they are rendered anonymous by deleting the last number block. If available, information about longitude and latitude is also processed. The cookies are either B2BMG cookies or cookies from service providers who are also required to comply with B2BMG’s privacy policy (a list of connected service providers including opt-out option can be found here: https://www.b2biq.net/tcp). |
|
Availability and legitimate interest |
By using B2BMG's advertising and tracking tools, we can target our web offering more effectively to the interests and needs of our customers. |
|
Location of Processing |
European Union |
|
Recipient of the data |
B2B Media Group GmbH, Bahnhofstr. 5, 91245 Simmelsdorf, Germany |
|
Legal basis for data processing |
These cookies are not essential for the operation of the site and are therefore only set with given consent pursuant to Article 6 (1) point (a) GDPR via the Consent Manager (Cookie Banner). |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes. |
c) Bombora
|
Data concerned |
Visitors: website traffic data collected via Bombora Tag, which may include: IP address and information derived from the IP address, such as city and state; cookie ID; (hashed) email addresses; behavioral data (e.g. frequency of identifiers visiting and viewing Subscriber Properties and the actions they take on such properties; dwell time, scroll depth, scroll velocity, and time between scrolls); page URL and information derived therefrom such as content, context and topics; referrer URL; browser type and operating system; HTTP header. |
|
Purpose of the data processing |
To (i) facilitate the provision of the Services by Bombora following purposes: and/or the use of the Services by Subscriber; and (ii) in the case of Bombora, for the purposes described in the Bombora Privacy Policy, namely to store and/or access information on a device, to create a personalized ads profile, for measure ad performance, to apply market research to generate audience insights, to develop and improve products, to ensure security, prevent fraud, and debug, to match and combine offline data sources, to receive and use automatically-sent device characteristics for identification. |
|
Location of Processing |
European Union |
|
Recipient of the data |
Bombora, Inc., 102 Madison Avenue, Floor 5, New York, NY 10016, USA Information on data protection: Cookie policy: Contact to exercise your rights of rectification, erasure or restriction: Opt-out information: |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR, Article 6 (1) point (f) GDPR |
|
Duration of storage |
Bombora will not retain personal data for longer than the period during which Bombora has a legitimate need to retain such information for purposes it was collected or transferred in accordance with Bombora's data privacy and data retention policies. The data will be deleted as soon as they are no longer needed for the processing purposes. |
d) Cookies
|
Data concerned |
Logfile data, such as Date and time of the request; name of the requested file; page from which the file was requested; access status (file transferred, file not found, etc.); web browser and operating system; IP address; amount of data transferred |
|
Purpose of the data processing |
Functionality and optimization of the website; security; user behavior |
|
Location of Processing |
European Union |
|
Recipient of the data |
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany Information on data protection: |
|
Legal basis for data processing |
Article 6 (1) point (f) GDPR |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes. |
e) Google Advertising Products
|
Data concerned |
Browser language; browser type; ads clicked; cookie ID; cookie information; date and time of visit; IP address; referrer URL; usage data; web request. |
|
Purpose of the data processing |
Advertising; conversion tracking; analytics |
|
Location of Processing |
European Union |
|
Recipient of the data |
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Information on data protection: Cookie policy: Opt-out information: |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes. |
f) PubMatic
|
Data concerned |
Browser and Device information, such as the device type and model, manufacturer, operating system type and version, web browser type and version, user-agent, carrier name, time zone, network connection type, IP address, general location inferred from IP address (e.g. country, region postal or zip code), hardware-based identifiers (e.g. MAC address), information about our Publisher Client’s apps and versions currently active on a device (but not any other apps), and identifiers assigned to a device, such as its iOS Identifier for Advertisers (IDFA), Android/Google Advertising ID (AAID or GAID), CTV identifier or OTT Device Identifier or other unique device identifier; Information about an End User’s behavior on our Publisher Clients’ Digital Properties, such as information about the activities or actions on those Digital Properties, session start/stop time, and geolocation (including latitude and longitude coordinates, but only if the Publisher Client’s Digital Property has enabled location services on the device and the End User has granted the Publisher Client permission to collect and share this information for advertising purposes); Information about ads served, viewed, or clicked on, such as the type of ad, where the ad was served, whether the End User clicked on it, the number of times an End User has seen the ad, and whether the End User visited the Media Buyer’s website or relevant app store and/or purchased or installed the product or service advertised |
|
Purpose of the data processing |
Providing our services; serving ads; ad reporting and conversions; frequency capping; customizing ads; performance analytics; interest-based advertising; location-based advertising; fraud detection and prevention and security; providing, managing, and improving PubMatic’s ad services and developing new services; service usage and support |
|
Location of Processing |
European Union |
|
Recipient of the data |
Attn: EEA Representative, PubMatic GmbH, Barbara Strozzilaan 101, 1083 HN Amsterdam, Netherlands Information on data protection: Contact to exercise your rights of rectification, erasure or restriction: Opt-out information: |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR |
|
Duration of storage |
The data will be deleted as soon as they are no longer required for the processing purposes, unless a longer retention period is required or permitted by law, otherwise for a maximum of 45 days. |
g) The ADEX
|
Data concerned |
Information about your Internet connection; information about your browser; information about your device; information about the website/app you visit; information about your behaviour on websites; information about advertising materials; information about your decisions; location information |
|
Purpose of the data processing |
Store and/or access information on a device; basic selection of ads or content; creation of a personalised ads or content profile; selection of personalised ads or content; measure performance; apply market research to generate audience insights; development and improvement of products; ensure security, prevent fraud and debug; technically deliver ads; match offline and online data; linking different devices; receive and use of automatically-sent device characteristics for identification; use of precise geolocation data |
|
Location of Processing |
European Union |
|
Recipient of the data |
The ADEX GmbH, Torstr. 19, 10119 Berlin, Germany |
|
Legal basis for data processing |
Article 6 (1) point (a) GDPR |
|
Duration of storage |
The data will be deleted as soon as they are no longer needed for the processing purposes, unless legal regulations require otherwise. Information that is not stored in connection with the cookie ID assigned to your device is regularly deleted after three days. |
h) Usercentrics Consent Management Platform
|
Data concerned |
Opt-in and opt-out data; referrer URL; user agent; user settings; consent ID; time of consent; consent type; template version; banner language |
|
Purpose of the data processing |
Compliance with legal obligations; consent storage |
|
Location of Processing |
European Union |
|
Recipient of the data |
Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany Information on data protection: Contact to exercise your rights of rectification, erasure or restriction: |
|
Legal basis for data processing |
Article 6 (1) point (c) GDPR |
|
Legal basis for data processing |
The data will be deleted as soon as they are no longer needed for the processing purposes. |
8) Minors
Our services are aimed at companies, not at persons under the age of 18. Therefore, we do not request personal data from minors. If you have not yet reached this age limit, do not use the services and do not submit any personal data to us. If you are a parent of a child under this age limit and you become aware that your child has provided us with personal data, contact us at datenschutz@b2bmg.net and insist on exercising your rights of access, rectification, erasure and/or object.
9) Information on data subject rights
If your personal data is processed by us, you are a "data subject" within the meaning of the GDPR. You are entitled to the following rights towards our company as the data controller, subject to any legal restrictions and exceptions to the contrary, such as in particular according to Sections 34-36 of the German Federal Data Protection Act (BDSG):
a) Right of access, Article 15 GDPR
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to the personal data and other information relating to the processing.
b) Right to rectification, Article 16 GDPR
In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request a correction and, if necessary, completion of this data.
c) Right to erasure or restriction, Articles 17, 18 GDPR
You may request the deletion of your personal data (Article 17 GDPR) or the restriction of the processing of this data (Article 18 GDPR) if the legal requirements are met.
d) Right to data portability, Article 20 GDPR
You have the right, under the conditions of Article 20 GDPR, to receive the personal data concerning you back in a structured, common and machine-readable format.
e) Right to object, Article 21 GDPR
For reasons arising from your particular situation, you may also object to the processing of personal data relating to you by us at any time. This right exists if your personal data is processed on the basis of Article 6 (1) point (e) and point (f) GDPR, for direct advertising, for scientific or historical research or for statistical purposes. If these legal requirements are met, we will no longer process your personal data.
f) Right to revoke the declaration of consent under data protection law
If you have consented to the processing of your data (Art. 6 (1) point (a) GDPR), you have the right to revoke your consent at any time. To do so, please send an email to datenschutz@b2bmg.com.. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
g) Right of complaint to the supervisory authority
Without affecting any other administrative or judicial remedy, a data subject shall have the right to file a complaint with a supervisory authority - in particular in the Member State of your residence - if you consider that the processing of your personal data by us violates the GDPR. The competent supervisory authority is as follows
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany
Postal address:
Postfach 1349, 91504 Ansbach
Phone: +49 981180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de
10) Security and Integrity
Responsible handling of personal data is a high priority for B2B Media Group GmbH. We want you to know when this data is collected and how it is used. We have taken technical and organizational measures to ensure that the regulations on data protection are observed. As we continue to develop and implement new technologies, changes to this Privacy Policy may become necessary. We encourage you to periodically review this Privacy Policy for changes. In the event that we make significant changes that limit your rights under this Privacy Policy, we will post a prominent notice in this section of this Privacy Policy.
B2B Media Group Privacy Code
In March 2022
Featured content
Tre motivi per cui è giunto il momento di ripensare la rete
Oggi, la tecnologia sta rimodellando tutti i settori. I data center tradizionali assumono la...